(Information pursuant to Articles 13 and 14 GDPR)
We, Riddle & Code (also referred to as "RIDDLE&CODE" or "we" in this Data Protection Notice), are committed to personal data protection. As a rule, the use of our website and our business activities involve the processing of personal data. In order to make these data processing operations comprehensible, we would like to inform you in our data protection notice about how we process personal data and what rights you have. Should you have any further questions, please find our contact details below.
I. Who we are and how you can contact us if you have any questions:
The controller responsible within the meaning of the General Data Protection Regulation (GDPR) is:Riddle & Code GmbHAdresse c/o Spaces Icon Central Station, Gertrude-Fröhlich-Sandner-Straße 2-4/Tower 9, 1100 Vienna, Austria, EuropeE-Mail: email@example.comTelefon: +43 1 2051907139
II. Our data processing - for what purpose and on what legal basis we process personal dataII.
We process personal data in compliance with the relevant data protection regulations, in particular the General Data Protection Regulation (GDPR, Regulation [EU] 2016/679) and the Austrian Data Protection Act (DSG). Any data processing by us will therefore only take place within the scope of a legal basis (in particular pursuant to Art. 6 Para. 1 lit a - f GDPR), which will be stated below for the individual data processing operations. All of our employees entrusted with the processing are obliged to maintain the confidentiality of your data (data confidentiality). We do not carry out any automated decision making.In principle, we collect personal data directly from the data subject. In individual cases, we collect and store personal data (in particular name and contact information) on the basis of correspondence with our customers and business partners or from publicly accessible sources (e.g. telephone directory, websites, company register) on the basis of Art 6 para. 1 lit f GDPR (and in this case not directly from the data subject) if this is necessary for providing our service or for contacting and administering the data, which also mirrors our legitimate interests.
II.2 Operation of our website:
Every time you access our website (www.riddleandcode.com), your computer (device) or browser automatically transmits certain information to enable you to visit our website and vice versa enable us to operate the website.Services of Squarespace are used to manage and deliver the website ( https://www.squarespace.com/privacy
;). Further information on the purpose and scope of data collection and its processing by these third parties can be found in the respective data protection declarations of these providers (https://www.squarespace.com/privacy
;). There you will also find further information on your rights in this regard and setting options for protecting your privacy.
Legal basis and purpose of data processing
The legal basis for the processing of data and their temporary storage in log files is Art 6 Paragraph 1 lit f GDPR. Temporary storage of the listed data by the system is necessary to enable delivery of the website to the user's computer. The storage in log files is done to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems, in particular to guarantee the integrity, confidentiality and availability of the data processed via our website. These purposes also include our legitimate interest in data processing pursuant to Art 6 Paragraph 1 lit f GDPR.
The data will be deleted as soon as they are no longer necessary for the purpose of their collection. This is the case when collecting data for the purpose of providing the website when the respective session is ended. When the data is stored in log files, this is the case after fourteen days at the latest, unless further processing is necessary to clarify a (suspected) attack.Personal data that is collected during the operation of the website will only be transmitted by us to third parties (in particular to expert persons and competent public authorities) in the event of a (suspected) data security incident or a criminal act (e.g. an attack) for the purposes ending the respective attack, of clarification, prosecution and the assertion of legal claims.
- are going to be deleted again when you close your browser (session cookies),
- remain stored on your end user device even after you close your browser (permanent cookies),
- originate from us (first party cookies) or from third parties (third party cookies).
Legal basis and purpose for data processing
We use all other cookies on the basis of your consent pursuant to Art 6 Paragraph 1 lit a GDPR.
In order to withdraw your consent or to restrict it to certain cookies, you can use the settings of your browser. Details can be found in the help function of your browser (usually accessible via the F1 key on your keyboard). Withdrawing your consent does not affect the lawfulness of processing based on your consent before your withdrawal.
Retention period, objection and removal possibility
II.4 Social Media
We use social media to present our work through widely used communications channels.Each social media channel has its own policy on the way they process your personal data when you access their sites. For example, if you choose to visit LinkedIn, you will be asked for explicit consent to accept LinkedIn cookies; if you look at our Twitter activity on Twitter, you will be asked for explicit consent to accept Twitter cookies; the same applies for LinkedIn.If you have any concerns or questions about their use of your personal data, you should read their privacy policies carefully before using them:https://www.linkedin.com/legal/privacy-policyhttps://twitter.com/privacy
The data you publish on Twitter, in particular your handle (user name) and the content accessible under your account, are processed by us to the extent that we retweet or reply to these ("tweets") or write tweets from us that refer to your account.
II.5. provision of services as well as customer care and information in this context (distribution and offer of our services as well as administration of these services):
We process personal data for the purpose of providing our services, customer support and information including internal documentation and administration. The legal basis for the processing of the data is the fulfilment of the contract or the implementation of pre-contractual measures (Art 6 Paragraph 1 lit b GDPR), if the data subject is directly party of the contract (B2C); the fulfilment of legal obligations (Art 6 Paragraph 1 lit c GDPR) as well as our legitimate interests (Art 6 Paragraph 1 lit f GDPR), in particular the interests of asserting or defending our own legal claims as well as internal administration within the company.In order to conclude a contract, the provision of certain personal data is required by law or contract, to which the person concerned is obliged; otherwise, no contract can be concluded (and therefore no service provided).
II.6 Establishing contact
When contacting us (e.g. via contact form or e-mail), the information provided by the inquirer (name, contact data, other details) will be processed for documentation, processing and answering the enquiry. We offer a contact form on our website. We have marked the mandatory data required to answer an inquiry as mandatory fields. The provision of further data is voluntary.The basis for this is our legitimate interest in the proper documentation, processing and answering of the enquiry (Art 6 Paragraph 1 lit f GDPR); in the event of contact being made in an upright customer relationship or the initiation of a business relationship, we rely on the fulfilment of the contract or the implementation of pre-contractual measures (Art 6 Paragraph 1 lit b GDPR).If you contact us in order to fulfil your obligations under labour or civil law as an employee for your employer or other client, we also have a legitimate interest in the proper documentation, processing and answering of the enquiry (Art 6 Paragraph 1 lit f GDPR), which also includes your data as an external contact person; in the case of contacting us in an upright client relationship or the initiation of a business relationship, we rely on the fulfilment of the contract or the implementation of pre-contractual measures (Art 6 Paragraph 1 lit b GDPR).
II.7. Job applications
We process the data of applicants on the basis of Art 6 Paragraph 1 lit b GDPR (pre-contractual measures) and Art 6 Paragraph 1 lit f GDPR for the purpose of carrying out the application procedure and contacting the applicant.If you apply for an open position and you are not recruited, we will store the personal data for seven months from the end of the application procedure (deadline for asserting claims under Sections 15 (1) and 29 GlBG) on the basis of Art 6 (1) lit f GDPR. If the applicant consents to this in each individual case (Art 6 (1) lit a GDPR), we will keep the specific application documents in evidence for a further period of up to three years.If it is a spontaneous/speculative application, we process the application documents for a maximum of three years on the basis of Art 6 Paragraph 1 lit f GDPR in order to be able to contact the applicant in the event of suitable positions - an informal objection to the processing can be lodged at any time.In any case, proof of qualification is required for the conclusion of a contract. In individual cases, depending on the requirements for filling a vacancy, it may also be necessary to submit further data (e.g. extract from the criminal register). If the required data is not submitted, such an application cannot be considered. If we contact references provided by the applicant, data and information on a previous employment relationship may be collected. In the event that an employment relationship is established, the application documents will be used for the purpose of personnel administration and formation of or performance under a contract.
II.8 To whom do we transmit personal data?
We transmit your personal data only to the extent necessary and only in the following cases:with your consent;for the processing of contractual relationships or for the implementation of pre-contractual measures;insofar as we are legally obliged to do so;to companies that support us in providing our services; these service providers act as processors, who may only process the data pursuant to our instructions (within the framework of a Data Processing Agreement);insofar as this is necessary to protect our legitimate interests (e.g. to assert, exercise or defend legal claims) or those of a third party and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data.In the cases mentioned above, the following third parties may come into consideration: contractual and business partners who are involved in the delivery or service (e.g. logistics companies), banks (for handling payment transactions), legal representatives, courts, auditors / tax consultants, administrative authorities, self-governing bodies (social insurance carriers), insurance companies.In principle, we have no intention to transfer personal data to recipients in third countries or international organizations. Such a transfer is possible if a data subject or, in the specific case, a party involved is domiciled in a third country (e.g. in the case of a customer with headquarters outside the EU). If we transfer data to a country without adequate data protection legislation, we ensure an adequate level of protection by using suitable guarantees in the form of appropriate contracts (standard contractual clauses) or binding internal data protection regulations (Binding Corporate Rules) or rely on the exceptional circumstances otherwise provided for in the GDPR (consent, execution of a contract, establishment, exercise or enforcement of legal claims, overriding public interests, already published personal data or to protect the integrity of data subjects). For a copy of the above-mentioned contractual guarantees regarding p-country processing, please contact us using the contact details provided.In this context, we would also like to point out that any data voluntarily published by users of our services themselves is public and potentially accessible worldwide.
II.9 Website AnalyticsGoogle Analytics
).You can also refuse the use of Google Analytics on this website by clicking on the following link. An opt-out cookie will be set on the computer, which prevents the future collection of your data when visiting this website:Click here to opt-out of Google Analytics
II.10. Integration of third-party technologies
Services or libraries of third parties, such as Squarespace, Typeform, Stripe, Paypal und Google (e.g. hosting, surveys, forms, web fonts, maps, payment systems), are integrated into our website in order to optimise loading speeds and page presentation and to offer services. This involves using resources of these providers from external servers (and thus also the transfers of data such as the IP address), which may be located outside the European Union. Further information on the purpose and scope of data collection and its processing by these third parties can be found in the respective data protection declarations of these providers ( https://www.squarespace.com/privacy
). There you will also find further information on your rights in this regard and setting options for protecting your privacy.
In the course of your visit of our webshop and the processing of your orders we will collect the categories of personal data (names, titles, birth date, contact data, language, delivery address, terms of delivery or service, payment method, bank account details, credit card numbers and credit card company, delivery or service insurance data and related financing data, tax liability and tax calculation data, date and time of your visit of this webshop, IP address, name and version of your web browser, the website (URL) you have visited before you accessed this webshop, information that you provide us with by filling out any contact form, by registering in this webshop, and by ordering products.You are under no obligation to provide us with the data we ask you for. However, if you do not provide your personal data, you will not be able to make use of all the functions of this webshop, including the possibility to order goods or services via our webshop.We use “cookies” to improve the functionality of our website and webshop, please see Section II.3 above.
for which we process your data: We will process your personal data to make this webshop available to you and to offer goods and services; process your order; create usage statistics and be able to recognize, prevent and investigate attacks on this webshop.
of the processing: We process the categories of your personal data listed above either on the basis of the performance of the contract we have concluded with you, or the necessity to take steps at your request prior to entering into such an agreement, insofar as it is necessary (Article 6 paragraph 1 lit b GDPR), or our overriding legitimate interest according to Article 6 paragraph 1 lit f GDPR to achieve the purposes set out above, or the necessity to comply with legal obligations to which we are subject (Article 6 paragraph 1 lit c GDPR).Transfer of your personal data: To achieve the purposes set out above, we will transfer your personal data to the following categories of recipients: IT service providers that we use as processors; distributors, logistic companies and postal service providers that we use and Payment Service Providers.
III How long do we store personal data?
Unless otherwise specified in the respective processing, we store personal data for as long as it is necessary to ensure the fulfilment of the aforementioned purposes or as long as we are legally obliged to do so.This means for business letters, contracts, bookings, orders etc. according to § 212 para. 1 UGB and § 132 para. 1 BAO: Until the end of the business relationship or until the expiry of the limitation and statutory retention periods applicable to us (in particular at least 7 years to prove compliance with tax, duty and company law retention obligations); furthermore until the end of any legal disputes in which the data is required as evidence. In the case of services where claims for damages or other titles are asserted, for the required period (between 3 and 30 years).For inquiries (contacting): Personal data that you voluntarily provide us with will be stored by us for the purpose of providing the associated processing and keeping records (up to 3 years after completion or termination), except for a longer storage period is also required for the purpose of fulfilling a legal obligation or for the assertion or defense of legal claims.If you register on our webshop we will retain your data at least for as long as your account is active.
IV. Rights of the data subject
Provided that the respective legal requirements are met, you can assert the following rights of data subjects:Right to information: You can request confirmation as to whether personal data concerning you is being processed and request information about this data and the information pursuant to Art 15 GDPR.Right of rectification if we process incorrect or incomplete data about you (Art 16 GDPR).Right to have personal data concerning you deleted if the conditions of Art 17 GDPR are met.Right to limit the processing of your data (Art 18 GDPR).The right to transfer the data you have provided to us, provided that the processing is based on consent (Art 6 Paragraph 1 letter a) or on a contract (Art 6 Paragraph 1 letter b) to which you are party and that the processing is carried out using automated procedures (Art 20 GDPR).In the case of processing operations carried out on the basis of legitimate interests (pursuant to Art. 6 para. 1 lit f GDPR), you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are reasons for doing so arising from your particular situation. In the case of processing for the purpose of direct marketing, this right is unrestricted.You can revoke your consent to the processing of personal data at any time, please contact us (see our contact details). Revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.Right of complaint: You have the right to complain to a supervisory authority responsible for you (in Austria: Data Protection Authority, Barichgasse 40-42, 1030 Wien, www.dsb.gv.at) if you believe that the processing of personal data relating to you has violated the GDPR or your rights as a data subject have been infringed. In cases in which you were not completely satisfied with our services, we kindly ask you to contact us first so that have an opportunity to quickly rectify any mistakes.
Changes to our Data Protection Notice
The german version of the Riddle &Code GmbH Data protection notice can be found here