Privacy Policy Last updated May 20, 2024
-
What do we do?
-
What do we inform you about?
-
Definitions
-
Contact
-
Data security
-
Rights of data subjects
-
General principles
-
Individual data processing procedures
-
Does our privacy policy remain unchanged?
What do we do? Gyerak Tamas (4/1/3 Kornmühlengasse, 2700 Wiener Neustadt) operates the website www.ellanaia.com (hereinafter referred to as "we").
We highly prioritize the protection of your personal data. This privacy policy transparently and understandably informs you about the data we collect via our website and how we handle it.
We use the icons from PRIVACY ICONS to help you quickly understand how we process your data.
What do we inform you about?
-
Who is responsible for data processing;
-
What data is collected;
-
The purpose of data collection;
-
The legal basis for data collection;
-
To whom we disclose this data;
-
How you can object to data processing;
-
Your rights and how to exercise them.
Definitions What is personal data? Personal data refers to any information related to an identified or identifiable natural person, such as name, address, date of birth, email address, telephone number, and IP address. It also includes data about personal preferences like hobbies or memberships.
What are special categories of personal data? Special categories of personal data include:
-
Data on religious, ideological, political, or trade union views or activities;
-
Data on health, private life, racial or ethnic origin, and sexual life or orientation;
-
Data on administrative or criminal proceedings and sanctions, and social welfare measures;
-
Genetic and biometric data that uniquely identify a person.
We may process special categories of personal data if you voluntarily disclose them to us. Such data processing is subject to stricter confidentiality requirements.
What is processing personal data? Processing (or handling) personal data includes any operation performed on personal data, regardless of the means and procedures used, especially collecting, storing, using, altering, disclosing, archiving, deleting, or destroying personal data.
What is disclosing personal data? This refers to transmitting or making personal data accessible, e.g., publishing or disclosing it to a third party.
Contact For questions or concerns about our data protection practices, you can contact our data protection officer:
Tamas Gyerak tamas@ellanaia.com
Data security We will securely store your data and take all reasonable measures to protect it from loss, access, misuse, or alteration.
Our contractors and employees with access to your data are obligated to comply with data protection laws. In some cases, it may be necessary to forward your requests to affiliated companies. In these cases, your data will also be treated confidentially.
Within our website, we use the SSL (Secure Socket Layer) protocol in conjunction with the highest encryption level supported by your browser.
Rights of data subjects Right of access You can request information about the data we have stored about you at any time. Please send your request for information along with credible proof of identity to tamas@ellanaia.com.
The information will be provided in writing or electronically. If you wish, we can also provide the information orally, provided you prove your identity in another way. If you submit the request electronically, we will provide the information in a common electronic format unless you specify otherwise.
The information is usually free of charge. If additional copies are requested, a reasonable fee may be charged.
The right to obtain a copy of the processed data must not adversely affect the rights and freedoms of others.
In the case of manifestly unfounded or excessive requests, we reserve the right to refuse information within the legal limits or to charge a reasonable fee.
Processing your request is subject to the statutory period of one month. We may extend this period by two further months due to the complexity and number of requests. You will be informed of the extension within one month of submitting the request, along with the reasons for the extension.
Deletion and correction You can request the deletion or correction of your data at any time, provided there are no legal retention obligations or other legal grounds to the contrary.
Please note that exercising your rights may conflict with contractual agreements and have corresponding effects on contract execution (e.g., premature contract termination or cost consequences).
Restriction of processing You also have the right to request a restriction of processing if you dispute the accuracy of the data, the processing is unlawful, the data is no longer needed, or you have objected to the processing.
If data processing is restricted, the data may only be stored. Further processing may only occur with your consent, for the assertion, exercise, or defense of legal claims, to protect the rights of another person, or for reasons of important public interest. You will be notified if the restriction is lifted.
Right to data portability You have the right to receive your personal data, which you have provided to us, in a structured, commonly used, and machine-readable format and to transfer this data to another controller without hindrance, provided the processing is based on consent per Article 6(1)(a) or Article 9(2)(a) GDPR or on a contract per Article 6(1)(b) GDPR and the processing is carried out by automated means. You also have the right to request the direct transfer of your data to another controller where technically feasible.
Right to object If you have consented to data processing, you can withdraw this consent at any time. Such withdrawal affects the lawfulness of processing your personal data after you have notified us of your withdrawal.
If we process your personal data based on a balance of interests, you can object to the processing. This is the case if the processing is not necessary to fulfill a contract with you, which we explain in the subsequent description of the functions. When exercising such an objection, we ask you to explain why we should not process your personal data as we do. If your objection is justified, we will review the situation and either stop or adjust the data processing or show you our compelling legitimate grounds for continuing the processing.
You can object to the processing of your personal data for advertising and data analysis purposes at any time. You can contact us about your advertising objection using the contact details provided in this privacy policy.
Right to lodge a complaint You also have the right to lodge a complaint with a data protection supervisory authority regarding our processing of your personal data.
General principles What data do we process from you, and from whom do we receive this data? Primarily, we process personal data that you provide to us or that we collect during the operation of our website. Occasionally, we may receive personal data about you from third parties. These can include:
-
Personal master data (name, address, date of birth, etc.);
-
Contact details (mobile number, email address, etc.);
-
Financial data (e.g., account information);
-
Online identifiers (e.g., cookie identifiers, IP addresses).
These data can come from the following sources:
-
Information from publicly accessible sources (e.g., media, internet);
-
Information from public registers (e.g., commercial register, debt collection register, land register);
-
Information in connection with official or judicial proceedings;
-
Information regarding your professional functions and activities (e.g., professional networks);
-
Information about you in correspondence and meetings with third parties;
-
Credit reports (if we conduct personal business with you);
-
Information about you provided by people from your environment to conclude or execute contracts with you;
-
Data related to the use of the website.
Under what conditions do we process your data? We process your data in accordance with applicable data protection laws, particularly the GDPR. Processing is carried out for the purposes specified in this privacy policy. We ensure transparency and proportionality in processing.
Processing your data is lawful if a legal basis of the GDPR is met. These legal bases include:
-
Your consent (Art. 6(1)(a) GDPR);
-
Fulfillment of a contract or pre-contractual measures (Art. 6(1)(b) GDPR);
-
Compliance with legal obligations (Art. 6(1)(c) GDPR);
-
Protection of vital interests of the data subject or another natural person (Art. 6(1)(d) GDPR);
-
Performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (Art. 6(1)(e) GDPR);
-
Our legitimate interests, provided your interests do not override (Art. 6(1)(f) GDPR).
In some cases, it is necessary for you to provide certain personal data to fulfill contractual obligations. Without such data, we are usually unable to execute a contract.
The website generally cannot be used if certain information, such as your IP address, is not disclosed to ensure data traffic.
In what cases can we disclose your data to third parties? a. Principle
We may need to use third-party services or affiliated companies and task them with processing your data (so-called processors). Categories of recipients include:
-
Accounting, fiduciary, and auditing firms;
-
Consulting firms (legal advice, taxes, etc.);
-
IT service providers (web hosting, support, cloud services, website design, etc.);
-
Payment service providers;
-
Providers of tracking, conversion, and advertising services.
We ensure that these third parties and our affiliated companies comply with data protection requirements and treat your personal data confidentially.
We may also be required to disclose your personal data to authorities.
b. Disclosure to partners and cooperating companies
We work with various companies and partners who publish their offers on our website. It is recognizable to you that this is a third-party offer (marked as "advertising").
If you take advantage of such an offer, we will transmit your personal data to the corresponding partner or cooperating company (e.g., name, function, communication, etc.) whose offer you wish to use. These partners and cooperating companies are independently responsible for the personal data they receive. After data transfer, the respective partner's privacy policies apply.
c. Disclosure abroad
In some cases, your personal data may be transmitted to companies abroad as part of order processing. These companies are obliged to comply with the same data protection requirements as we are. Transfers can take place worldwide.
If the level of data protection does not match that of the EEA, we will conduct a prior risk assessment and contractually ensure the same level of protection as in the EEA (e.g., using the EU Commission's standard contractual clauses or other legally prescribed measures). If our risk assessment is negative, we take additional technical measures to protect your data. You can access the EU Commission's standard contractual clauses at the following link.
How long do we retain your data? We store personal data only as long as necessary to fulfill the purposes for which the data was collected.
We store contractual data longer because we are legally obliged to do so. Specifically, we must retain business communication, concluded contracts, and booking records for up to 10 years. If we no longer need such data to provide services, we restrict its further processing and use it only for accounting and tax purposes.
Individual data processing procedures Providing the website and creating log files By merely visiting www.ellanaia.com without registering or providing other information, we collect only the data your browser automatically transmits to our server. This data is technically necessary for the operation of the website.
What data do we process?
To provide the website and create log files, we process the following data:
-
Name of the internet service provider
-
IP address
-
Technical information such as browser, operating system, or screen resolution
-
Date and time of access
-
Referrer URL
This data cannot be attributed to a specific person, and we do not combine this data with other data sources.
For what purpose do we process the data?
Log files are processed to ensure the functionality of the website and the security of our IT systems.
On what basis do we process the data?
The legal basis for this data processing is our legitimate interest according to Art. 6(1)(f) GDPR. Our legitimate interests arise from the purpose of data processing.
To whom do we disclose the data?
Data disclosure by us is based on our data disclosure provisions.
How can you prevent data processing?
Data is stored only as long as necessary to achieve the purpose of its collection. Accordingly, the data is deleted at the end of each session. The storage of log files is essential for the operation of the website; therefore, you cannot object to it unless you stop visiting our website.
Contact You can contact us in various ways. When you contact us and provide personal data, data processing occurs. This includes any oral, written, or other form of contact with us.
What data do we process?
When you contact us, we process all the data you provide, including:
-
Name
-
Email address
-
Content and time of your contact
-
Contact details
In some cases, you may need to provide certain data to contact us, such as through a contact form or if you request a callback.
For what purpose do we process the data?
The purpose for which we use the data arises from the nature of the contact. We do not use the data for unforeseen or unexpected purposes. Common purposes include communication and feedback, customer service, and processing business inquiries.
On what basis do we process the data?
The legal basis for this data processing is our legitimate interest according to Art. 6(1)(f) GDPR. Our legitimate interests arise from the purpose of data processing.
To whom do we disclose the data?
Data disclosure by us is based on our data disclosure provisions. If the purpose of your contact requires disclosure to third parties, we will disclose the data to the necessary extent.
How can you prevent data processing?
If you contact us, data processing is unavoidable. Therefore, you must refrain from contacting us if you do not want your data processed.
Cookies Our website uses cookies. Cookies are text files stored on your device's operating system through the browser when you visit our website. Cookies do not harm your computer and do not contain viruses. Some cookies are technically necessary for the website to function. Most cookies we use are so-called "session cookies," which are automatically deleted after your visit. Other cookies remain on your device until you delete them or their lifespan expires.
For what purpose do we process the data?
We use cookies to make our website more user-friendly, effective, and secure. We use cookies to store your preferences (e.g., language and location settings), quickly provide and display website content attractively (e.g., using fonts and content delivery networks), and analyze website usage for statistical evaluation and continuous improvement (usually using third-party cookies). The specific purposes for which we use cookies (not technically necessary) are explained in the following sections of this privacy policy.
On what basis do we process the data?
The legal basis for this processing is your consent according to Art. 6(1)(a) GDPR. For technically necessary cookies, our legitimate interest according to Art. 6(1)(f) GDPR forms the legal basis.
To whom do we disclose the data?
Data disclosure by us is based on our data disclosure provisions. Additionally, the following sections of this privacy policy provide information on individual data processing.
How can you prevent data processing?
When you visit the website, a cookie banner is displayed. Cookies that require your consent according to Art. 6(1)(a) GDPR are activated only if you consent. If you refuse consent, no data collection occurs through these cookies.
You cannot prevent data collection by cookies based on our legitimate interest according to Art. 6(1)(f) GDPR using the cookie banner. These technically necessary cookies are stored on your device. You can delete them or disable their transmission through your browser settings. Instructions for the most common browsers are provided here:
-
For Google Chrome
-
For Apple Safari
-
For Microsoft Edge
-
For Mozilla Firefox
For cookies used for performance and reach measurement or advertising, a general opt-out is possible through services like the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
Newsletter You can subscribe to our newsletter via our website. The newsletter provides information about new posts, events, and offers. We measure the success and reach of our newsletter.
What data do we process?
To send the newsletter and measure its success and reach, we collect the following data:
-
IP address
-
Contact details
-
Date and time of registration
-
Technical information such as browser, operating system, or screen resolution
-
Interactions with the newsletter
The IP address is usually anonymized, making it no longer possible to link it to a person.
For what purpose do we use the data?
We use the collected data to send the newsletter, verify registration, and address you correctly. We store your data, especially the IP address and the date and time of registration, to document and detect any misuse. We store this data for the duration of your newsletter subscription. We use the IP address to determine your approximate location.
Based on this information, we can measure the relevance of our offers in different regions and segment advertising campaigns. We use technical information to display the newsletter properly on each device. We collect interactions, time, and date to evaluate and optimize our marketing campaigns and offers. This data also helps us understand how subscribers interact with our newsletter.
On what basis do we process the data?
The legal basis for this processing is your consent according to Art. 6(1)(a) GDPR. By entering your data to subscribe to the newsletter, you consent to data processing.
To whom do we disclose the data?
We disclose your data to service providers tasked with the technical processing and measurement of the newsletter's success and reach. These service providers may have servers worldwide, meaning the collected data may be transferred worldwide. Additionally, our data disclosure provisions apply.
How can you prevent data processing?
You can unsubscribe from the newsletter at any time by clicking the unsubscribe link in any email you receive from us. Alternatively, you can unsubscribe by emailing us.
Comments You can comment on certain content on our website.
What data do we process?
To publish a comment, you must provide the following information:
-
Comment content
-
Name
-
Email address (not published)
For what purpose do we process the data?
We collect the comment content to enable the comment. We collect the name to associate the comment with a specific user. If you do not want your name published, please use an alias. We use the email address to verify your identity, contact you if your comment is replied to, or contact you if a third party challenges your comment as unlawful. To prevent unauthorized use of email addresses and ensure the security of your data, we use the double opt-in procedure, meaning you receive an email to confirm your ownership of the email address and your desire to receive notifications. You can unsubscribe from notifications at any time by clicking the link in the email. We store your personal data, including your email address, registration times, and IP address, until you unsubscribe from the notification service.
On what basis do we process the data?
The legal basis for this processing is your consent according to Art. 6(1)(a) GDPR. By publishing a comment, you consent to data processing.
To whom do we disclose the data?
Data disclosure by us is based on our data disclosure provisions.
How can you prevent data processing?
You can only prevent data processing via the comment function by not publishing a comment. If you publish a comment, data processing is unavoidable.
Web Beacons We may use web beacons on our website or in our emails. Web beacons are also known as tracking pixels. They are small, usually invisible images automatically retrieved when visiting our website or opening our emails.
What data do we process?
Web beacons can collect the same information as log files. They can also record movement profiles for the entire session. Third parties, whose services we use, particularly use web beacons. Information about these third-party services is provided later in this privacy policy.
For what purpose do we process the data?
Web beacons are used by various tracking services to analyze website usage, for statistical evaluation, and for continuous improvements. Web beacons can also be used for email tracking.
On what basis do we process the data?
The legal basis for this processing is your consent according to Art. 6(1)(a) GDPR.
To whom do we disclose the data?
Data disclosure by us is based on our data disclosure provisions. Additionally, see the information about specific tracking services in this privacy policy.
How can you prevent data processing?
To prevent data processing using web beacons, you can install appropriate browser extensions such as uBlockOrigin and block external graphics in your email program.
Google Web Fonts How do Google Web Fonts work?
We use Google Web Fonts on our website for uniform font display. When you visit one of our pages, your browser loads the necessary web fonts into your browser cache to display texts and fonts correctly.
What information do you share with us, and how is it used?
Your browser connects to Google's servers, and Google learns that our website was accessed via your IP address. If your browser does not support web fonts, a default font from your computer is used.
Why are we allowed to use Google Web Fonts?
The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online offerings. For more information about Google Web Fonts, see the Google Web Fonts FAQs: https://developers.google.com/fonts/faq.
PrivacyBee We use PrivacyBee, a service provided by PrivacyBee AG, Laupenstrasse 1, 3008 Bern, Switzerland, on our website. PrivacyBee is used to identify all data protection-relevant services and generate an individual privacy policy for the website.
What data do we process? PrivacyBee is a service for generating privacy policies, which are then integrated into our website via JavaScript. The following data is processed to provide this service:
-
IP address
-
Browser type and version
-
Operating system
-
Date and time of access to our privacy policy
For what purpose do we process the data? Collecting this data allows us to display the privacy policy correctly on your device configuration and ensure that the content is accurate and up-to-date.
To whom do we disclose the data? Data disclosure by us is based on our data disclosure provisions. The data collected through PrivacyBee remains with PrivacyBee.
How can you prevent data processing? To prevent data processing by PrivacyBee, you can disable JavaScript in your browser. However, please note that if JavaScript is disabled, not all functions of our website may be fully usable. We do not offer a specific opt-out for the PrivacyBee service, as it is essential for providing our privacy policy.
Does our privacy policy remain unchanged? We may change this privacy policy at any time. Changes will be published on www.ellanaia.com. You will not be separately notified.
Let's work
Together
+36 30 160 81 82
Kornmühlengasse 4/1/3,
2700 Wiener Neustadt AT
© 2024 ELLANAIA Email Marketing Agency