Privacy Policy

Introduction and overview
We have written this Privacy Statement (version 25.08.2024) to explain to you in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (short data) we are responsible – and the processors commissioned by us (e.g. B. Providers) – will be processed in the future and what legitimate possibilities you have. The terms used are to be understood as a gender-neutral manner.
In short: We will provide you with comprehensive information about the data we process about you.

Data protection declarations usually sound very technical and use legal terms. This privacy policy, however, is intended to describe the most important things as simple and transparent as possible. As far as transparency is conducive to transparency, technical terms are explained in a reader-friendly manner, links are provided for further information and graphics are used. We shall therefore inform in clear and simple language that we process personal data within the scope of our business activities only if there is an appropriate legal basis. This is certainly not possible if you make as brief, unclear and legal-technical statements as possible, as they are often standard on the Internet when it comes to data protection. I hope you will find the following explanations interesting and informative and perhaps there is one or two information you did not know yet.
If you still have any questions, please contact the responsible body mentioned below or in the imprint, to follow the existing links and to view further information on third-party sites. Of course, you will also find our contact details in the imprint.

Scope of application
This privacy policy applies to all personal data processed by us in the company and to all personal data that processes our companies (processors) commissioned by us. By means of personal data we mean information in the sense of Art. 4 No. 1 GDPR such as the name, e-mail address and postal address of a person. The processing of personal data ensures that we offer and can settle our services and products, whether online or offline. The scope of this privacy policy includes:

all online appearances (websites, online shops) that we operate
Social Media Performances and Email Communications
Mobile Apps for Smartphones and Other Devices
In short, the privacy policy applies to all areas in which personal data is processed in the company in a structured manner via the channels mentioned. If we enter into legal relationships with you outside these channels, we may inform you separately.

Legal bases
In the following privacy policy, we provide you with transparent information on the legal principles and regulations, i.e. the legal bases of the General Data Protection Regulation, which enable us to process personal data.
As regards EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 July 69. April 2016. Of course, you can read this EU General Data Protection Regulation online on EUR-Lex, access to EU law, at https://eur-lex.europa.eu/legal-content/DE/?uri-celex%3A32016R0679.

We process your data only if at least one of the following conditions applies:

Consent (Article 6 (1) (a) GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of your entered data of a contact form.
Contract (Article 6 (1) (b) GDPR): In order to fulfill a contract or pre-contractual obligations with you, we process your data. For example, if we conclude a purchase contract with you, we need personal information in advance.
Legal obligation (Article 6 (1) (c) GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally obliged to cancel invoices for accounting. These usually contain personal data.
Legitimate interests (Article 6 (1) (f) GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data in order to operate our website securely and economically efficiently. This processing is therefore a legitimate interest.
Other conditions such as the perception of recordings in the public interest and exercise of official authority as well as the protection of vital interests usually do not appear in our country. If such a legal basis is to be relevant, it will be shown at the appropriate place.

In addition to the EU regulation, national laws also apply:

In Austria, this is the Federal Act on the Protection of Natural Persons in the Processing of Personal Data (Data Protection Act), or DSG for short.
In Germany, the Federal Data Protection Act applies, or BDSG for short.
If further regional or national laws are applied, we will inform you in the following sections.

Contact details of the responsible person
If you have any questions about data protection or the processing of personal data, you will find the contact details of the person responsible below. Position:

Peter Meisterhofer
Augasse 115/2, 2640 Enzenreith, Austria
E-mail: info.xfans24.com
Phone: +43 67762476166
Impressum: https://xfans24.com/p/Impressum

Storage duration
The fact that we store personal data only as long as is absolutely necessary for the provision of our services and products is considered to be a general criterion for us. This means that we delete personal data as soon as the reason for the data processing is no longer available. In some cases, we are legally obliged to store certain data even after the original purpose has lapsed, for example for accounting purposes.

If you wish to have your data deleted or withdraw your consent to data processing, the data will be deleted as soon as possible and as far as no obligation to store it.

We will inform you below if we have further information about the specific duration of the respective data processing.

Rights according to General Data Protection Regulation
In accordance with Article 13, 14 GDPR, we will inform you about the following rights to which you are entitled so that the fair and transparent processing of data occurs:

According to Article 15 GDPR, you have a right to information as to whether we process your data. If this is true, you have the right to receive a copy of the data and to know the following information:
for what purpose we carry out the processing;
the categories, i.e. the types of data that are processed;
who receives this data and when the data is transmitted to third countries, how security can be guaranteed;
how long the data is stored;
the existence of the right to rectification, erasure or restriction of processing and the right to object to processing;
that you can complain to a supervisory authority (see below links to these authorities);
the origin of the data if we have not collected them from you;
whether profiling is carried out, i.e. whether data is automatically evaluated in order to reach a personal profile of you.
According to Article 16 GDPR, you have a right to correct the data, which means that we need to correct data if you find an error.
According to Article 17 GDPR, you have the right to erasure (“right to be forgotten”), which concretely means that you may request the deletion of your data.
According to Article 18 GDPR, you have the right to restriction of processing, which means that we may only store the data but no longer use it further.
According to Article 20 GDPR, you have the right to data portability, which means that we provide you with your data in a common format on request.
According to Article 21 GDPR, you have a right to object, which entails a change in the processing after enforcement.
If the processing of your data is based on Article 6 para. 1 lit. e (public interest, exercise of official authority) or Article 6 para. 1 lit. f (legitimate interest) based, you can object to the processing. We then examine as soon as possible whether we can legally comply with this objection.
If data is used to direct marketing purposes, you can object to this type of data processing at any time. We may no longer use your data for direct marketing.
If data is used to operate profiling, you can object to this type of data processing at any time. We may no longer use your data for profiling.
In accordance with Article 22 GDPR, you may have the right not to be subjected to a decision based exclusively on automated processing (for example, profiling).
You have the right to complain according to Article 77 GDPR. This means that you can complain to the data protection authority at any time if you believe that the data processing of personal data violates the GDPR.
In short: You have rights – do not hesitate to contact the responsible party listed above!

If you believe that the processing of your data violates data protection law or your data protection claims have otherwise been violated, you can complain to the supervisory authority. For Austria, this is the data protection authority whose website you can find at https://www.dsb.gv.at/ . In Germany, there is a data protection officer for each federal state. For more information, please contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company:

Austria Data Protection Authority
Head: Dr. Matthias Schmidl
Address: Barichgasse 40-42, 1030 Vienna
Telephone no.: +43 1 52 152-0
E-mail address: dsb-dsb.gv.at
Website: https://www.dsb.gv.at/

Explanation of terms used
We always try to write our privacy policy as clearly and comprehensibly as possible. However, this is not always easy, especially with technical and legal issues. It often makes sense legal terms (such as e.g. personal data) or certain technical terms (e.g. B. Cookies, IP address). We do not want to use them without explanation. Below you will find an alphabetical list of important terms used, which we may not have been sufficiently discussed in the previous privacy policy. If these terms have been taken from the GDPR and these are definitions, we will also cite the GDPR texts and, if necessary, add their own explanations.

Contract processors
Definition according to Article 4 of the GDPR

For the purposes of this regulation, the expression shall be:

"Contract processor" is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller;

Explanation: As a company and website owner, we are responsible for all data we process from you. In addition to those responsible, there may also be so-called processors. This includes every company or person who processes personal data on our behalf. As a result, in addition to service providers such as tax consultants, hosting or cloud providers, payment or newsletter providers or large companies such as Google or Microsoft can also be processors.

Consent
Definition according to Article 4 of the GDPR

For the purposes of this regulation, the expression shall be:

Any freely given, specific, informed and unambiguously stated, notable, given, "consent" by the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Explanation: Usually, such consent is done for websites via a cookie consent tool. You know this certainly. Whenever you visit a website for the first time, you are usually asked via a banner whether you agree or agree to the data processing. In most cases, you can also make individual settings and decide for yourself which data processing you allow and which you do not. If you do not consent, no personal data may be processed by you. In principle, of course, consent can also be given in writing, i.e. not via a tool.

Personal data
Definition according to Article 4 of the GDPR

For the purposes of this regulation, the expression shall be:

“Personal data” any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”); an identifiable natural person is considered to be identifiable who may be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more characteristics, the expression of the physical, physical, physical, genetic, psychological, psychological, economic, or cultural, or cultural identity, or cultural, or cultural identity, or cultural, or cultural identity;

Explanation: Personal data is therefore all those data that you can identify as a person. These are usually data such as:

Name
Address
E-mail address
Postal address
Telephone number
Date of Birth
Identification numbers such as social security number, tax identification number, identity card number or matriculation number
Bank details such as account number, credit information, account balances and much more.
According to the European Court of Justice (ECJ), your IP address is also personal data. Based on your IP address, IT experts can at least determine the approximate location of your device and subsequently you as the connection owner. Therefore, the storage of an IP address also requires a legal basis for the sense of the GDPR. There are also so-called “special categories” of personal data, which are also particularly worthy of protection. These include:

racial and ethnic origin
political opinions
religious or ideological beliefs
the union membership
genetic data such as data taken from blood or saliva samples
Biometric data (that is information on mental, physical or typical characteristics that can identify a person).
Health data
Data on sexual orientation or sex life
Profiling
Definition according to Article 4 of the GDPR

For the purposes of this regulation, the expression shall be:

"Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

Explanation: During profiling, various information about a person is collected to learn more about that person. In the web area, profiling is often used for advertising purposes or for credit checks. Web or For example, advertising analysis programs collect data about your behavior and your interests on a website. This results in a special user profile, with the help of which advertising can be delivered to a target group.


Responsible person
Definition according to Article 4 of the GDPR

For the purposes of this regulation, the expression shall be:

"Controller" means the natural or legal person, authority, agency or other body which, alone or jointly with others, decides on the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union law or the law of the Member States, the controller or the specific criteria for his appointment may be provided for under Union law or the law of the Member States;

Explanation: In our case, we are responsible for the processing of your personal data and consequently the “controller”. If we pass on collected data to other service providers for processing, these are “processors”. For this, a “order processing contract (AVV)” must be signed.



Processing
Definition according to Article 4 of the GDPR

For the purposes of this regulation, the expression shall be:

Any operation or series of operations carried out with or without the aid of automated procedures in connection with personal data, such as collection, recording, organisation, sorting, storage, adaptation or modification, reading, retrieval, use, disclosure by transmission, dissemination or any other form of provision, comparison or linking, restriction, deletion or destruction;

Note: When we speak of processing in our privacy policy, we mean any kind of data processing. As mentioned above in the original GDPR declaration, this includes not only collecting but also storing and processing data.