Data protection Leadership coaching for Managers

Data protection information

The protection of your personal data is very important to us. We would therefore like to list all the information about the processing and storage of your data when you visit our website and in our companies.
In order to be able to use all the functions and services of our website, it is necessary to collect your personal data. However, the processing and storage only takes place in accordance with the legal guidelines and requirements
the General Data Protection Regulation (GDPR), the Data Protection Act (DSG) and the Telecommunications Act (TKG 2021).

Responsible body

Kilian Christanell
Albertplatz 5/2/10, 1080 Vienna
Contact: office@christanell.net
Further information can be found in the imprint.

COLLECTION AND PROCESSING OF PERSONAL DATA ON THIS WEBSITE WEBSITE

Note: In order to protect your data as comprehensively as possible from unwanted access, we take so-called technical and organisational measures and use an encryption procedure on our website. Your data is
is transmitted from your computer to our computer and vice versa via the Internet using TLS encryption. TLS stands for „Transport Layer Security“ and is an encryption protocol for data transmission on the internet. You can usually recognise „TLS“ by the fact that the lock symbol in the status bar of your browser is closed and the address begins with https://.


1. COLLECTION OF ACCESS AND LOG DATA
This website automatically collects and stores server log file information that your browser transmits to us.

These are:

  • IP address of the user
  • Date and time of access
  • Type of enquiry
  • Customer information such as type and version
  • Operating system of the user (device, OS version of the device),
  • Referrer information (i.e. the source of the access)

The legal basis for this data processing is the legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. The legitimate interest lies in being able to identify indications of unlawful use of our website (e.g. defence against hacker attacks) and to ensure a smooth connection setup.

Your personal data will not be transferred to third parties. We have concluded an order processing contract with the provider of this website, IONOS SE, based in Montabaur (Germany), in accordance with Art. 28 GDPR. This
automatically collects and stores information in so-called server log files, which your browser automatically transmits to us, and stores these for a maximum of 7 days. Only in the event of attacks on our server infrastructure or other
We store the server log files in the event of legal violations. This longer storage period is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR and serves only to preserve evidence.


2. ENQUIRIES BY CONTACT FORM, E-MAIL AND TELEPHONE
Any personal data that you provide to us on a voluntary basis will of course be treated confidentially. We use the personal data you provide exclusively to process and respond to your enquiry.
answer. The legal basis for data processing is our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR. This arises from our interest in responding to enquiries from our customers, business partners and interested parties and
to promote or maintain customer satisfaction. Another legal basis for natural persons is the initiation or fulfilment of a contract in accordance with Art. 6 para. 1 lit. b) GDPR.

All personal data that you send to us with your enquiry will be deleted or anonymised by us no later than 2 years after the final answer has been given to you, unless a contract is concluded. The
The reason for the retention period of 2 years is that you may occasionally contact us again about the same matter after a reply and refer to the previous correspondence. In our experience, we have found that no further queries follow our replies after 2 years.


3. USE OF WEB ANALYSIS TOOLS AND COOKIES
We use cookies to facilitate and improve the use of our website. Cookies are small pieces of text information that are transferred to your computer or smartphone (end device) via the browser when you visit a website.
can be saved.

The data processed by necessary cookies is required for the purposes listed below to safeguard our legitimate interests and those of third parties in accordance with Art. 6 para. 1 lit. f) GDPR. Any use of cookies that is not
is absolutely technically necessary, constitutes data processing that is only permitted with your express and active consent in accordance with Art. 6 para. 1 lit. a) GDPR.

You can use our „Cookie Consent Tool“ to set which cookie categories you wish to consent to when you visit our website. You can also revoke or change your consent at any time.

Once cookies have been saved, you can also delete them at any time via the settings of your web browser. You can also adjust the settings of your web browser so that no cookies are stored. In this case, not all functions of our website may be available.


CONSENT MANAGEMENT VIA „COOKIEYES“
To obtain consent under data protection law, we use the cookie consent technology of „CookieYes“ from the UK-based company CookieYes Limited. This is used to fulfil the legally required
to obtain consent for the use of cookies and other data processing requiring consent. The legal basis for this is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR and the fulfilment of legal obligations pursuant to Art. 6 para. 1 lit. c) GDPR. The legitimate interest is based on the legally compliant documentation and verifiability of consents to fulfil accountability obligations. No personal data is stored.


INTEGRATION OF EXTERNAL CONTENT
We embed content on our websites that is not stored on our servers. To ensure that accessing our web pages with embedded external content does not automatically lead to the third-party provider's content being reloaded, we use a cookie.
we only display locally stored preview images in a first step. This means that the third-party provider does not receive any information.

Only after you click on the preview image or give your consent via the cookie consent banner will the third-party provider's content be reloaded. This provides the third-party provider with the information that you have accessed our site.
as well as the usage data technically required in this context. We have no influence on further data processing by the third-party provider. By clicking on the preview image, you give us your consent to use the content of the
third party provider. The embedding takes place on the basis of your consent in accordance with Art. 6 para. 1 lit. a) GDPR.


Provider of the external service:
Spotify AB, Regeringsgatan 19,
111 53 Stockholm, Sweden


Revocation of consent
If you have clicked on a preview image, the content of the third-party provider will be reloaded immediately. If you do not want such reloading on other pages, please do not click on the preview images or revoke your consent for reloading via the cookie consent banner.


DATA PROCESSING OF BUSINESS PARTNERS AND CUSTOMERS

1. fulfilment of contractual obligations (Art. 6 para. 1 lit. b) GDPR)
The purposes of data processing arise from the implementation of pre-contractual measures and the fulfilment of obligations arising from the contract concluded.

To process the contract with you, we process master data such as your first and last name, your billing address and your billing and payment data. We use your e-mail address for communication purposes.


2. for the fulfilment of legal obligations (Art. 6 para. 1 lit. c) GDPR)
The purposes of data processing arise in individual cases from legal requirements. These legal obligations include the fulfilment of retention and identification obligations, e.g. in the context of requirements for tax control and reporting obligations, and data processing in the context of enquiries from authorities. In this context, data may also be transferred to our authorised tax consultant.


3. for the fulfilment of our legitimate interests (Art. 6 para. 1 lit. f GDPR)
We process the contact details of contact persons at customers, interested parties, suppliers and other business partners for communication by email, telephone and post. The legal basis for data processing is the legitimate interest pursuant to Art. 6 para. 1 f) GDPR. The legitimate interest arises from the interest in conducting or initiating the business relationship with customers, interested parties, suppliers and other business partners as well as personal contact with contact persons.

As a matter of principle, we do not pass on data to third parties. Personal data is stored for the purpose of conducting business relationships for as long as there is a legitimate interest in doing so. It may be necessary to store the personal data provided by you beyond the actual fulfilment of the contract with
business partners. The legitimate interests here are, in particular, the selection of suitable business partners, the fulfilment of compliance measures, the assertion of legal claims, defence against
liability claims, the prevention of criminal offences and the settlement of claims resulting from the business relationship.


4. who receives the personal data you have provided?
As part of the contractual relationship, we may also commission processors or service providers who may have access to your personal data. Compliance with data protection regulations is ensured by contract.

Specifically, we use the processor Microsoft Ireland Limited, based in Ireland. Data transfers to Microsoft Inc. are subject to the adequacy decision between the EU and the USA.


5. storage period
The personal data will be stored for as long as is necessary to fulfil the above-mentioned purposes.


6. data processing to document compliance with the GDPR
Insofar as your data is processed on the basis of consent in accordance with Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR, we process your data exclusively for a specific purpose and after providing separate information in order to fulfil the following purposes
to be able to prove that you have consented to the data processing in question in accordance with Art. 5 para. 2 GDPR.

If you assert your rights as a data subject under the GDPR against us, we will also process and store your data in order to be able to prove that we have complied with the GDPR when processing your enquiry as part of our accountability obligations pursuant to Art. 5 (2) GDPR. If you assert your rights under the GDPR against us, your data may be transferred to our external data protection consultancy (SCALELINE Datenschutz).


OPERATION OF SOCIAL MEDIA PRESENCES
We maintain the following social media presences: LinkedIn: https://www.linkedin.com/company/kilian-christanell/

Data processing by us:


a. Maintaining the above-mentioned social media pages and placing ads („Adverts)
The personal data entered on social media pages such as comments, videos, images, likes, public messages, etc. are published by the respective social media platform. We reserve the right to delete content if necessary. We may share content on our site and contact you via the social media platform, for example via the messengers offered. In addition, we regularly place adverts via our social media pages. The legal basis for this data processing is the legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR, which is in the interest of our public relations and communication.


b. Page Insights
The social media platforms provide anonymised statistics and insights that help us gain knowledge about the types of actions people take on our site (so-called „page insights“). These page
Insights are created on the basis of certain information about people who have visited our site.

The legal basis for this data processing is our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR, which is based on obtaining information about the actions and visitors to our website.

This processing of personal data is carried out by the social media platform and us as so-called joint controllers in accordance with Art. 26 GDPR. In the case of joint responsibility, a separate agreement
to be finalised.

LinkedIn: https://legal.linkedin.com/pages-joint-controller-addendum

If you wish to object to certain data processing over which we have an influence (e.g. deletion of comments), please contact us using the contact details given above.

Note: The provision of your data is neither legally nor contractually required or necessary for the conclusion of a contract. You are not obliged to provide your personal data. The consequence of not providing your data is that you will not be able to communicate with us via our social media pages, interact with us or take part in the competition. Please use the above e-mail address to contact us. Data processing by the operator of the social media platform:

In addition to us, there is also the operator of the social media platforms themselves. From a data protection perspective, this is also regarded as another controller that carries out its own data processing. This means that the operator is also a separate controller under the GDPR. However, we only have limited influence on data processing by the operator. Where we can exert influence (e.g. through parameterisation), we work within the scope of our possibilities to ensure that the operator of the social media platform handles data in compliance with data protection regulations. In many places, however, we cannot influence the data processing by the operator of the social media platform and do not know exactly what data they process. The respective operator will inform you about the processing of personal data in its own privacy policy:

LinkedIn: https://de.linkedin.com/legal/privacy-policy?

When using the platform, your personal data is generally also processed by the respective platform operator on servers in third countries, in particular in the USA. Certain third countries are certified by the European Commission with a so-called adequacy decision. This means that the legal situation for the protection of privacy in these countries is comparable to that in the EU or the EEA. You can find more information on the current countries with an adequacy decision here. Certifications in accordance with the adequacy decision for the USA, the Data Privacy Framework, exist for Meta Platforms Inc (Facebook, Instagram) and Google (YouTube). In all other cases, we conclude so-called standard contractual clauses with the platform operators for the transfer of personal data to third countries.

Note: The operator of the social media platform uses web tracking methods. Web tracking can also take place regardless of whether you are logged in or registered with the social media platform. As already explained, we unfortunately have little influence on the web tracking methods of the social media platform. For example, we cannot switch it off. Please be aware of this: It cannot be ruled out that the provider of the social media platform may use your profile and behavioural data, for example to evaluate your habits or personal relationships and preferences, etc. We have no influence on the processing of your data by the provider of the social media platform.


COMMUNICATION VIA MICROSOFT TEAMS VIDEO CONFERENCING SYSTEM
We use the „Microsoft Teams“ tool to organise telephone conferences, online meetings and video conferences. You will receive access to the agreed appointments via a link provided by e-mail. You can enter the video room by clicking on the link. Before joining, you can decide for yourself whether you want to activate the video or not. You will be muted by default and must manually enable your microphone if you wish. If you switch on your camera and/or microphone, the data from your microphone and video camera will be processed during the meeting.

If you take part in an online meeting as an external participant, you will receive an access link by email from the meeting host. When registering for the online meeting, you must then enter your name and, if applicable, your e-mail address.

The following additional data may also be processed depending on the type and scope of the specific use:

  • Personal details (e.g. first and last name, e-mail address, profile picture)
  • Meeting metadata (e.g. date, time and duration of the communication, name
    of the meeting, participant IP address)
  • Device/hardware data (e.g. IP addresses, MAC addresses, Clint version)
  • Text, audio and video data (e.g. chat histories, video, audio and video files)
    presentation recordings)
  • Connection data (e.g. telephone numbers, country names, start and end times, IP addresses, etc.)
    addresses)

Furthermore, your personal data may be processed. This also depends specifically on your use, such as the use of the chat and the whiteboard.

We would like to explicitly draw your attention to the fact that any information you provide during the meeting will be processed at least for the duration of the meeting.

Legal basis
The legal basis for data processing for direct contractual partners is Art. 6 para. 1 lit. b) GDPR, for business partners or contact persons at external bodies the legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. The legitimate interest
consists of the organisation of virtual communication and web conferencing. Microsoft Teams is a service of the Microsoft Corporation. Further information on the processing of your data when using „Teams“ can be found at: 

https://privacy.microsoft.com/de-de/privacystatement
and
https://news.microsoft.com/de-de/datenschutz-und-sicherheit-in-microsoft-teams-nutzer

We cannot rule out the possibility that data may also be routed via internet servers located outside the EU or the EEA. For data transfers to Microsoft in the USA, the adequacy decision applies to
the USA. You can view Microsoft's certification here. The provider Microsoft necessarily receives knowledge of the above-mentioned data, insofar as this is necessary within the framework of our order processing contract in accordance with Art. 28 GDPR.
is contractually regulated. There are no other recipients. In principle, you are not obliged to communicate with us via Microsoft Teams. Alternatively, meetings can also be held by telephone.
We generally delete personal data when there is no need for further storage.


INFORMATION ON DATA PROCESSING IN THE CONTEXT OF VIDEO CONFERENCING VIA ZOOM
We use the Zoom tool from Zoom Video Communications Inc. to hold telephone conferences, online meetings and video conferences.

You will receive access to the agreed appointments via a link provided by e-mail. You can enter my video room by clicking on the link. Before joining, you can decide for yourself whether you want to activate the transmission of your video. You are muted by default and you must manually enable your microphone if you wish. If you switch on your camera and/or microphone, this data will be processed during the meeting.

The following additional data may also be processed depending on the type and scope of the specific use:

  • Personal details (e.g. first and last name, e-mail address, profile picture)
  • Meeting metadata (e.g. date, time and duration of the communication, name of the meeting, participant IP address)
  • Device/hardware data (e.g. IP addresses, MAC addresses, client version)
  • Text, audio and video data (e.g. chat histories, video, audio and presentation recordings)
  • Connection data (e.g. phone numbers, country names, start and end times, IP addresses)

Furthermore, your personal data may be processed. This also depends specifically on your use, such as use of the chat or the whiteboard. We explicitly draw your attention to the fact that
information that you provide during the meeting is processed at least for the duration of the meeting.


Legal basis
The legal basis for data processing for direct contractual partners is Art. 6 para. 1 lit. b) GDPR, for business partners or contact persons at external bodies the legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. The legitimate interest
is the organisation of virtual communication.


Receiver
The provider Zoom necessarily receives knowledge of the above-mentioned data insofar as this is contractually regulated within the framework of our order processing contract in accordance with Art. 28 GDPR. There are no other recipients. We cannot rule out the possibility that data may also be routed via Internet servers located outside the EU or the EEA. Zoom Voice Communications, Inc. is certified in accordance with the Data Privacy Act
as an adequacy decision for the USA.

You are not obliged to communicate with us via Zoom. Alternatively, you can also communicate by e-mail or telephone. We always delete personal data when there is no requirement for
further storage exists.


RIGHTS OF DATA SUBJECTS
YOU HAVE THE RIGHT UNDER ART. 15 ABS. 1 GDPR TO RECEIVE INFORMATION ABOUT THE PERSONAL DATA STORED ABOUT YOU FREE OF CHARGE UPON REQUEST. YOU ALSO HAVE THE RIGHT TO
IF THE LEGAL REQUIREMENTS ARE MET, YOU HAVE THE RIGHT TO RECTIFICATION (ART. 16 GDPR), ERASURE (ART. 17 GDPR) AND RESTRICTION OF PROCESSING (ART. 18 GDPR) OF YOUR PERSONAL DATA. IF YOU HAVE PROVIDED THE PROCESSED DATA YOURSELF, YOU HAVE THE RIGHT TO DATA PORTABILITY IN ACCORDANCE WITH ART. 20 GDPR.

INSOFAR AS THE DATA PROCESSING IS BASED ON ART. 6 ABS. 1 E) OR F) GDPR, YOU HAVE THE RIGHT TO OBJECT PURSUANT TO ART. 21 GDPR YOU HAVE THE RIGHT TO OBJECT. IF YOU OBJECT TO DATA PROCESSING, THIS WILL NOT TAKE PLACE IN FUTURE UNLESS THE CONTROLLER CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR FURTHER PROCESSING WHICH OVERRIDE THE DATA SUBJECT'S INTEREST IN OBJECTING.

INSOFAR AS THE DATA PROCESSING IS BASED ON CONSENT PURSUANT TO ART. 6 ABS. 1 LIT. A), ART. 9 ABS. 2 LIT. A) OR ART. 49 ABS. 1 LIT. A) GDPR, YOU MAY WITHDRAW YOUR CONSENT AT ANY TIME WITH EFFECT FOR THE FUTURE, WITHOUT AFFECTING THE LAWFULNESS OF PROCESSING BASED ON CONSENT BEFORE ITS WITHDRAWAL.

YOU ALSO HAVE THE RIGHT TO LODGE A COMPLAINT WITH A DATA PROTECTION SUPERVISORY AUTHORITY. THE COMPLAINT MAY IN PARTICULAR BE LODGED WITH A SUPERVISORY AUTHORITY IN THE EU MEMBER STATE OF YOUR PLACE OF RESIDENCE, YOUR PLACE OF WORK OR THE PLACE OF THE ALLEGED INFRINGEMENT.


Contact details of the competent data protection authority:
Austrian Data Protection Authority
Barichgasse 40-42
1030 Vienna
E-mail: dsb@dsb.gv.at


NO AUTOMATED DECISION-MAKING.
We do not carry out automated decision-making or profiling.


PREPARATION
Unless otherwise stated in the previous chapters, the provision of personal data is neither legally nor contractually required or necessary for the conclusion of a contract. The non-provision
If you do not provide us with your personal data, we may not be able to answer your enquiries, for example.

This data protection information was created in cooperation with the consulting firm SCALELINE Datenschutz. The legal texts are subject to copyright.