Skip to Content

Privacy Policy

Protection of Your Data Is Very Important to Us

Customer satisfaction is our highest priority. This naturally includes the secure handling of your data and the protection of your privacy.

The following information is intended to give you an overview of how we process your personal data and your rights under data protection law. Which specific data is processed and how it is used depends largely on the services requested or agreed upon. In addition, we use personal data for customer support and marketing purposes. Specifically, personal data is used to fulfill and process the creation of quotations, to process orders, and to store such data in accordance with statutory retention requirements.

Who Is Responsible for Data Processing and Whom Can I Contact?

KINAMU Business Solutions GmbH

Technical and Organisational Measures Implemented

For What Purpose Do We Process Your Data and on What Legal Basis?

a) For the performance of contractual obligations (Art. 6 para. 1(b) GDPR)

Data is processed for the provision of services within the scope of performing our contracts with customers or to carry out pre-contractual measures taken at your request (e.g., from prospective customers). The purposes of data processing primarily depend on the specific product or service (e.g., consulting, support, procurement of licences) and may include needs analyses, consulting, and the execution of transactions. Further details on the purposes of data processing can be found in the relevant contractual documents and terms and conditions.

b) Within the scope of legitimate interests (Art. 6 para. 1(f) GDPR)

Where necessary, we process your data beyond the actual performance of the contract in order to protect our legitimate interests or those of third parties. Examples include:

  • Reviewing and optimising procedures for needs analysis for direct customer engagement
  • Advertising or market and opinion research, unless you have objected to the use of your data
  • Establishing, exercising, or defending legal claims
  • Ensuring IT security and IT operations
  • Preventing and investigating criminal offences
  • Measures for building and facility security (e.g., access controls)
  • Measures to secure property rights
  • Measures for business management and further development of services and products

c) Based on your consent (Art. 6 para. 1(a) GDPR)

If you have given us consent to process your personal data for specific purposes (e.g., evaluating your data on the website for marketing purposes or subscribing to our newsletter), the lawfulness of such processing is based on your consent. Consent given can be withdrawn at any time. This also applies to the withdrawal of consent given before the GDPR came into force on 25 May 2018. Withdrawal of consent does not affect the lawfulness of data processed before the withdrawal.

d) Due to legal obligations (Art. 6 para. 1(c) GDPR) or in the public interest (Art. 6 para. 1(e) GDPR)

We are also subject to various legal obligations (e.g., banking regulations, anti-money laundering laws, tax laws). The purposes of processing include, among others, creditworthiness checks, identity verification, fraud and money laundering prevention, compliance with tax reporting and control obligations, as well as assessing and managing risks for KINAMU.

Who Receives My Data?

Within KINAMU, those departments or employees that require your data to fulfill our contractual and legal obligations will have access to it. Service providers and agents engaged by us may also receive data for these purposes, provided they comply with applicable data protection laws (GDPR, national data protection acts) and are bound by confidentiality obligations. These include companies in the categories of IT services, logistics, printing services, telecommunications, debt collection, consulting, and marketing/sales. 

Regarding the transfer of data to recipients outside our company, please note that as an IT service provider we are obliged to maintain confidentiality regarding all customer-related facts and assessments we learn about. We may only share information about you if required by law, if you have given consent, or if we are otherwise entitled or obliged to do so. Possible recipients of personal data include:

  • Public bodies and institutions (e.g., tax authorities, law enforcement agencies) where there is a legal or official obligation
  • Other credit or financial institutions or comparable entities to which we transmit personal data in order to conduct the business relationship with you (depending on the contract, e.g., payment transfers under invoices)
  • Any other recipients for whom you have given us consent or released us from confidentiality obligations in accordance with agreements or declarations of consent

Will Data Be Transferred to a Third Country or International Organisation?

Data will be transferred to entities in countries outside the European Economic Area (EEA), so-called third countries, if:

  • It is necessary to execute your orders (e.g., payment transactions)
  • It is required by law (e.g., tax reporting obligations)
  • You have given your consent

How Long Will My Data Be Stored?

We process and store your personal data as long as it is necessary to fulfill our contractual and legal obligations. Please note that our business relationship is designed for the long term.

If the data is no longer required for the performance of contractual or legal obligations, it will be deleted regularly unless temporary further processing is required for:

  • Compliance with commercial and tax retention obligations: e.g., under the Austrian Commercial Code (UGB), the Federal Fiscal Code (BAO), the E-Money Act 2010, and the Anti-Money Laundering and Terrorist Financing Ordinance 2016. The retention periods range from two to ten years.
  • Preservation of evidence under statutory limitation periods: e.g., under §§ 933 et seq. of the Austrian Civil Code (BGB), these periods can be up to 30 years, though the standard limitation period is 3 years.

What Data Protection Rights Do I Have?

Under the applicable data protection laws and the GDPR, each data subject has the right to:

  • Access (Art. 15 GDPR – free of charge at reasonable intervals, approx. once per year)
  • Rectification (Art. 16 GDPR)
  • Erasure(Art. 17 GDPR – unless prohibited by legal obligations, e.g., statutory retention requirements)
  • Restriction of processing (Art. 18 GDPR)
  • Object (Art. 21 GDPR)
  • Data portability (Art. 20 GDPR)

Restrictions apply for access and erasure rights as set out in §§ 26 and 27 of the Austrian Data Protection Act 2000 (DSG 2000). You also have the right to lodge a complaint with a competent data protection supervisory authority (Art. 77 GDPR in conjunction with § 31 DSG).

Consent to the processing of personal data may be withdrawn at any time, including for consents given before 25 May 2018. Withdrawal applies only for the future; processing prior to withdrawal remains unaffected.

Automated Decision-Making

We generally do not use fully automated decision-making pursuant to Art. 22 GDPR to establish or conduct the business relationship. Should we do so in individual cases, we will inform you separately as required by law.

Profiling

We partially process your data automatically to evaluate certain personal aspects (profiling). We use profiling, for example, to:

Inform and advise you about products in a targeted manner using analysis tools that enable needs-based communication and advertising, including market and opinion research.

Information on Your Right to Object Under Art. 21 GDPR

Right to object on a case-by-case basis:

You have the right, on grounds relating to your particular situation, to object at any time to the processing of your personal data carried out on the basis of Art. 6 para. 1(e) GDPR (data processing in the public interest) and Art. 6 para. 1(f) GDPR (data processing based on a balancing of interests), including profiling based on these provisions. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defence of legal claims.

Right to object to processing for direct marketing purposes:

If we process your personal data for direct marketing purposes, you have the right to object at any time to such processing, including profiling insofar as it is related to such direct marketing. If you object, we will no longer process your personal data for these purposes. The objection can be made informally and should preferably be addressed to:

KINAMU Business Solutions GmbH

Newsletter 

To subscribe to the KINAMU newsletter, we require your first name, last name, and email address. We also require your consent and confirmation of your email address. This process is known as “double opt-in” and ensures that no unsolicited advertising is sent.

The data provided will be used exclusively for our own marketing purposes and will not be shared with third parties. You can withdraw your consent and unsubscribe from the newsletter at any time, either via the unsubscribe link included in each newsletter or by contacting us directly.

Cookies

Plug-ins

Our website contains links to the social networks YouTube, Twitter, LinkedIn, Xing, and Facebook, offering the voluntary option to share or view interesting information. When using these services, a direct connection is established between your browser and the servers of the respective provider. This transmits information about your visit to the above-mentioned providers.