Data Protection Declaration
NIGHTFALL GMBH places great importance on protecting your personal data. Since data protection at NIGHTFALL GMBH is thus also a high priority, your personal data is handled in accordance with the valid data protection regulations (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR), Data Protection Act 2018 (DPA 2018), Austrian Telecommunications Act 2003 (TKG 2003)).
In the following, we will inform you about the processing operations related to your personal data within the framework of our online content and our website.
Contact Details of the Individual Responsible
The data protection officer for the websites
Riederstraße 35 / Halle 1 / Tor 4
Company register number: FN 509438 z
Should you have any questions regarding how NIGHTFALL GMBH processes your data, please do not hesitate to contact us as follows:
By post to the address listed above, for the attention of the data protection officer
by tel.:+43/ 660 7400671
Using the contact details listed above, you can contact our data protection officer who will be happy to help you with any questions relating to data protection and rights of the affected.
Data Processing – General Information
We process your personal data in a responsible manner and in accordance with the relevant data protection regulations.
Personal data is only collected if you provide it, for example, over the course of an online order, an inquiry form, or a registration.
Personal data is only passed on to third parties in accordance with legal regulations. We will only pass on users’ personal data to third parties if this takes place, for example, on the basis of your consent in accordance with Art. 6 Sec. 1 Clause a GDPR, if it is necessary for contractual purposes on the basis of Art. 6 Sec. 1 Clause b GDPR, if it is necessary on the basis of legal obligations in accordance with Art. 6 Sec. 1 Clause c GDPR, or if it takes place on the basis of legitimate interests in accordance with Art. 6 Sec. 1 Clause f GDPR (economic and effective business operation).
Processing Personal Data during a Visit to our Website
You can always visit our websites without providing personal information. When you access our website, the following information is collected and temporarily stored in a web server logfile:
- The IP address of the requesting web-enabled device
- The time and date of access
- The quantity of transferred data in bytes
- The name and the URL of the file retrieved
- The website/application from which our website was accessed (referrer URL)
- Your browser and potentially the operating system of your web-enabled device
We have no influence on automated data storage. The data collected will not allow for any direct conclusions about your identity, and we will not draw any conclusions.
We use the data mentioned above for the following purposes:
- Establishing a smooth connection
- Ensuring the website is convenient to use
- Assessing the system security and stability
- Statistical assessment of the data to optimize our online presence and the associated technology
The data mentioned above is stored for 120 weeks and backed up for another six months.
According to Art. 6 Sec. 1 Clause f GDPR, the legal basis for processing the listed data is our legitimate interest which results from the purposes listed above.
When you contact us (via the contact form or email), the personal data you provide to process and handle the contact inquiry or to initiate and fulfill a contract is processed to carry out pre-contractual measures according to the legal basis of Art. 6 Sec. 1 Clause b GDPR.
When you contact us using the contact forms on the website, we process the following personal data:
- Form of address
- Title (optional), First name, Surname
- Email address
- Telephone number, fax
- Your individual message
Your details are stored in our customer relationship management system (CRM system) or a similar inquiry set-up.
The data is processed for the duration of the business relationship initiation. Should the business relationship end, the data shall be stored even after the end of the business relationship in accordance with the applicable legal provisions and retention requirements.
If we receive your personal data, for example over the course of an order, it will be encrypted using the SSL process (secure socket layer). The SSL process distorts your data before it is sent to the NIGHTFALL GMBH server so that a third party is unable to reconstruct it. This encryption process also ensures that your data is only sent to the server from which it was requested. You can find additional information under SSL Encryption.
For that matter, we will provide you with appropriate technical and organizational security measures to protect the personal data we store and to secure against loss, destruction, access, modification, and distribution by unauthorized persons, taking into account the state of the art, the implementation costs, as well as the nature, scope, circumstances and purposes of the processing and the likelihood and severity of the risk to the rights and freedoms of individuals. Our security measures are continuously improved according to technological advancements.
You can configure your browser to inform you about cookie usage so you can make individual decisions about accepting cookies, or prevent the acceptance of cookies in specified cases or in general. However, disabling cookies may lead to a limitation of our website’s functionality.
We will inform you about the usage or setting of cookies using a cookie banner. You can accept all cookies or only selected cookies under "Cookie settings". If you wish to change your cookie settings at a later date, you can do so under "Cookie settings" in the footer of the website.
The legal basis for the setting of cookies is our legitimate interest in offering online services and optimizing our website in accordance with Art. 6 Sec. 1 Clause f GDPR, as well as, where appropriate, your consent in accordance with Art. 6 Sec. 1 Clause a GDPR.
Web Analyses – Google Analytics
This website uses Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, (“Google”), for the purpose of analyzing users’ website usage. Google is certified under the European Commission’s adequacy resolution (“Privacy Shield Agreement”), thus providing a guarantee to comply with European data protection law.
Google Analytics uses “cookies”, which are text files stored in your device and which enable an analysis of your website usage. The information gathered via the cookie about your usage of this website is generally transferred to a Google server in the USA and stored there. Activating IP anonymization on our website results in your IP address being shortened by Google within Member States of the European Union or in other states party to the Agreement on the European Economic Area before processing continues. Your IP address is only sent to a Google server in the USA and shortened there in exceptional cases. Google will use this information on our behalf to analyze your use of the website, to create reports about website activities, and to provide additional services related to website activity and internet usage to the website operator. The IP address communicated by your browser over the course of Google Analytics is not combined with other Google data.
You can prevent the storage of cookiesby means of a corresponding setting in our cookie banner, or by configuring your browser software accordingly. However, please note that as a result, you may be unable to make full use of all the functions on this website. In addition, you can prevent Google’s collection and processing of data generated by the cookie related to your website usage (including your IP address) by downloading the browser add-on under the following Google deactivation link (http://tools.google.com/dlpage/gaoptout?hl?=de). You can find additional information about the security and general principles of data protection related to Google Analytics on the following website: https://support.google.com/analytics/answer/6004245?hl=de.
The data is stored for 50 months.
The legal basis for our use of Google Analytics is our legitimate interest according to Art. 6 Sec. 1 Clause f GDPR. The analysis of website usage and the statistical evaluation is carried out to improve website content and make it more user friendly.
This website uses the Retargeting technology from Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, (“Google”). Google is certified under the European Commission’s adequacy resolution (“Privacy Shield Agreement”), thus providing a guarantee to comply with European data protection law.
Google AdWords and Conversion Tracking
This website uses the online advertising program Google AdWords as well as Google Conversion Tracking, an analysis service provided by Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, (“Google”). Google is certified under the European Commission’s adequacy resolution (Privacy Shield Agreement), thus providing a guarantee to comply with European data protection law.
Integration of Third-Party Services and Content
On the basis of our legitimate interests according to Art. 6 Sec. 1 Clause f GDPR (interest in the analysis, optimization, and economical operation of our online content), we use social plugins (“plugins”) for the social network facebook.com operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, (“Facebook”). The plugins include interaction elements and content (e.g., videos, graphics, or text posts) and can be recognized by one of the Facebook logos (white “f” on a blue tile, the term “Like” or a “thumbs up” symbol), or are marked with the phrase “Facebook Social Plugin”. The list and appearance of the Facebook Social Plugins can be seen here: https://developers.facebook.com/docs/plugins/.
Facebook is certified under the Privacy Shield Agreement, thus providing a guarantee to comply with European data protection law.
If a user activates a function of this online content which contains such a plugin, their device will establish a direct connection with the Facebook servers. The content of the plugin is directly transmitted from Facebook to the user’s device and integrated in the online content. During this process, user profiles can be created for the users using the processed data. We therefore have no influence on the scope of the data collected by Facebook using this plugin and thus inform users according to our knowledge base.
By integrating these plugins, Facebook receives the information that a user has accessed the respective site of the online content. If the user is logged onto Facebook, then Facebook can allocate the visit to their Facebook account. If users interact with the plugins, for example, to click the Like button or to leave a comment, the corresponding information is directly transmitted from their device to Facebook and stored there. Even if a user is not a member of Facebook, Facebook may still learn and save their IP address. According to Facebook, only an anonymized IP address is saved in Germany.
Information regarding the purpose and scope of the data collection as well as further processing and usage of the data by Facebook, as well as the related rights and configuration options to protect the user’s privacy can be found in Facebook’s data protection notice: https://www.facebook.com/about/privacy/.
If a user is a Facebook member and does not wish for Facebook to collect data about them through this online content and link it to their member data stored by Facebook, then they must log out of Facebook before using our online content and delete their cookies. Further settings and objections regarding the use of data for advertising purposes can be made via the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the American site http://www.aboutads.info/choices/ or via the EU sitehttp://www.youronlinechoices.com/. These settings are independent of the platform, i.e., they are adopted for all devices such as desktop computers and mobile devices.
Facebook pixel – extended data synchronization
Within our online environment, the "Facebook pixel" from the social network Facebook is used in extended data synchronization mode, which is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook").
On the basis of his or her express consent, when a user clicks on an advertisement placed by us and displayed on Facebook, a suffix is added to the URL of our linked page by the Facebook pixel. Then, after the user is redirected, this URL parameter is written into the user's browser by a cookie that is set by our linked page itself. In addition, this cookie records specific customer data, such as the email address that we collect on our website linked to the Facebook advertisement during transactions such as purchases, account login, or registrations (extended data synchronization). The cookie is then read by the Facebook pixel and enables the data, including the specific customer data, to be forwarded to Facebook.
With the help of the Facebook pixel with extended data synchronization, Facebook is able to precisely determine the visitors to our online environment as a target group for the presentation of ads (so-called "Facebook ads"). Accordingly, we use the Facebook pixel with extended data synchronization in order to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offering or who exhibit certain characteristics (for example, interests in certain topics or products determined on the basis of the websites visited), which we send to Facebook (referred to as "custom audiences"). With the help of the Facebook pixel with extended data synchronization, we also wish to ensure that our Facebook ads match the potential interest of users and are not annoying. This allows us to further evaluate the effectiveness of Facebook advertisements for statistical and market research purposes, by tracking whether users were redirected to our website after clicking on a Facebook ad (what is known as "conversion"). Compared to the standard version of the Facebook pixel, the advanced data synchronization feature helps us to better measure the effectiveness of our advertising campaigns by capturing more assigned conversions.
All transmitted data is stored and processed by Facebook such that a link to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with Facebook's data policy (https://www.facebook.com/about/privacy/). The data may enable Facebook and its partners to serve advertisements both on Facebook and outside it.
These processing operations are carried out only if express consent is granted in accordance with Art. 6 Sec. 1 Clause a GDPR.
The information generated by Facebook is usually transferred to a Facebook server and stored there; it may also be transferred to the servers of Facebook Inc. in the USA. Facebook Inc., with registered offices in the USA, is certified in line with the US-European "Privacy Shield" data protection agreement, which guarantees compliance with the data protection level applicable in the EU.
Our website uses Google Maps to display maps and create route plans. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, (“Google”). Google is certified under the European Commission’s adequacy resolution (Privacy Shield Agreement), thus providing a guarantee to comply with European data protection law.
By using this website, the user consents to the gathering, processing, and usage of automatically collected data as well as the data provided by the user (including the IP address) by Google, one of their representatives, or a third party.
Google Tag Manager
On the basis of our legitimate interests according to Art. 6 Sec. 1 Clause f GDPR (interest in the analysis, optimization, and economical operation of our online content), our website uses the Google Tag Manager. Website tags can be managed on one interface using this service. The Google Tag Manager only implements tags. It does not set cookies or gather personal information. The Google Tag Manager activates other tags which may gather data. The Google Tag Manager does not access this data. If a deactivation has been configured at the domain or cookie level, then this remains in place for all tracking tags insofar as these are implemented with the Google Tag Manager. You can find more information about the Google Tag Manager via the following link: http://www.google.de/tagmanager/use-policy.html
The user has the option to prevent the Google Tag Manager from sending any tags. To do this, the user must set up the deactivation browser add-on within their browser: https://tools.google.com/dlpage/gaoptout?hl=de
On the basis of our legitimate interests according to Art. 6 Sec. 1 Clause f GDPR (interest in the analysis, optimization, and economical operation of our online content), functions of the YouTube service are integrated in our website to display and replay videos. These functions are provided by YouTube, LLC 901 Cherry Ave. San Bruno, CA 94066 USA. You can find additional information in the YouTube data protection guidelines.
We will naturally be happy to inform you about the processing of your personal data. According to the data protection regulations, you have the following rights and remedies as an affected person:
- The right to informationabout your personal data which we have stored according to Art. 15 GDPR. To provide this information, we may require you to verify your identity in a suitable manner.
- Right to the correctionof incorrect personal data or the completion of incomplete personal data according to Art. 16 GDPR.
- Right to the deletionof your personal data according to Art. 17 GDPR insofar as the reasons outlined in Art. 17 Sec. 1 Clause a to f GDPR (e.g. cessation of the reason for processing) exist and the processing of your personal data is not required according to Art. 17 Sec. 3 GDPR.
- Right to the limitationof the processing of your personal data according to Art. 18 GDPR.
- Right to data portabilityaccording to Art. 20 GDPR.
- Right to the objection against the processing of your personal data according to Art. 21 GDPR.
- Right to the revocation of the consent declarations grantedaccording to Art. 7 GDPR.
- Right to appeal: You have the right to appeal to a regulatory authority. You can generally contact the regulatory authority of your usual place of residence or work, or our company headquarters. In Austria, this is:
Austrian data protection authority
Tel: +43 1 52 152-0
In order to assert your rights against NIGHTFALL GMBH , or in the event of any questions, please contact us:
by letter to the above address, for the attention of the data protection officer.
by tel.: +43/ 660 7400671
Should you take action to enforce your GDPR-related rights as listed above, NIGHTFALL GMBH must respond to the application (or, if the legal requirements are met, comply with the application) no later than one month after receipt of your application for the requested measure.
Scope of application / links
This data protection declaration applies exclusively to NIGHTFALL GMBH websites. We have no influence on the layout or content of websites connected to our website via links and we are unable to control how the operators of the linked websites handle your information. As a result, our data protection declaration and our area of responsibility does not include their websites.