The protection of your personal data is of utmost importance to us. We process your personal data (“data”) exclusively in accordance with legal requirements. This privacy policy provides you with comprehensive information about how we process your data and your rights under data protection law.

Who is Responsible for Data Processing, and Who Can You Contact?

Controller: SimplyTokenized GmbH
Address: Salzgries 21/16, 1010 Vienna, Austria
Phone: +43 664 406 72 52
Email: [email protected]

Which Data is Processed and What Are Its Sources?

We process data obtained from you during business initiation and transactions. Additionally, we process data obtained lawfully from credit agencies, creditor protection associations, publicly available sources (e.g., company register, land register, media), and other companies with which we have ongoing business relationships.

Categories of Personal Data:

1. Basic/Contact Data:
   • For private customers: Name, address, contact details (email, phone, fax), date of birth, identification data (e.g., ID copies), bank details.
   • For corporate customers: Company name, registration number, VAT ID, business ID, address, contact person details (email, phone, fax), bank details.
2. Other Personal Data:
   • Information on the type and content of the business relationship, such as contract details, order data, transaction history, customer and supplier data, consultation records, financial status (e.g., creditworthiness).
   • Marketing and sales data, documentation (e.g., consultation logs), image data, and data from your electronic communication with us (e.g., IP address, login data).
   • Additional data provided during business interactions (e.g., customer meetings) and data generated by analyzing customer needs and potential.

For What Purposes and on What Legal Basis Are Data Processed?

We process your data in compliance with the GDPR and Austrian data protection laws as follows:

1. To Fulfill (Pre-)Contractual Obligations (Art. 6(1)(b) GDPR):
   Data processing is carried out for the sale and distribution of our goods and services, procurement and logistics purposes, and customer management and analysis. Data are processed specifically during business initiation and contract execution.
2. To Fulfill Legal Obligations (Art. 6(1)(c) GDPR):
   Data processing is necessary to comply with various legal requirements, such as those under the Commercial Code (UGB), the Federal Fiscal Code (BAO), anti-money laundering regulations, and product-specific laws (e.g., chemical regulations).
3. To Safeguard Legitimate Interests (Art. 6(1)(f) GDPR):
   Data processing may occur beyond contract fulfillment to protect our or third-party legitimate interests, including:
   • Consulting and exchanging data with credit agencies and creditor protection associations to determine creditworthiness.
   • Advertising or marketing.
   • Business management and the development of services and products.
   • Measures to protect against contractual or legal violations, such as access controls and video surveillance.
   • Legal enforcement.
4. Based on Your Consent (Art. 6(1)(a) GDPR):
   If you have given us consent to process your data, processing will occur only for the purposes specified in your consent. You may withdraw your consent at any time with future effect by contacting us at the email address provided above. Withdrawal does not affect the lawfulness of data processing prior to the withdrawal.

Who Receives Your Data?

If we engage a processor, we remain responsible for protecting your data. All processors are contractually obliged to keep your data confidential and process it solely within the scope of their service provision. Processors we engage receive your data only as required to fulfill their respective services, such as IT service providers for the operation and security of our IT systems or advertising and address publishers for our marketing campaigns.

For corporate and individual advertising or customer care purposes, your data may be shared with our affiliated companies or other companies with which we have a long-term business relationship, provided you have given your consent.

To protect creditors, we may share basic data and financial status information with credit insurers, creditor protection associations, and credit agencies.

In cases of legal obligations or during legal proceedings, authorities, courts, or external auditors may receive your data.

For contract initiation and fulfillment, recipients may also include insurance companies, banks, credit agencies, and service providers.

For a better understanding of the categories of recipients listed above, a selection of individual companies can be found at the following link: [Insert Link].

How Long Is Your Data Stored?

We process your data until the end of our business relationship or until the expiration of applicable warranty, guarantee, limitation, or statutory retention periods (e.g., under the Austrian Commercial Code (UGB) or the Federal Fiscal Code (BAO)). Data may also be retained until the conclusion of any legal disputes where it is required as evidence.

What Are Your Data Protection Rights?

You have the following rights under data protection law:

1. Right to Access:

You can request information about whether and to what extent we process your data.

2. Right to Rectification:

If your data is incomplete or incorrect, you can request its rectification or completion at any time.

3. Right to Erasure:

You can request the deletion of your data if we are processing it unlawfully or if the processing disproportionately interferes with your legitimate interests. Please note that there may be reasons preventing immediate deletion, such as statutory retention requirements.

4. Right to Restriction of Processing:

You may request restricted processing of your data if:

• You dispute the accuracy of the data for a period allowing us to verify its accuracy.
• The processing is unlawful, but you oppose deletion and request restricted use instead.
• We no longer need the data for its original purpose, but you require it for legal claims.
• You have objected to the processing, and it is under review.

5. Right to Data Portability:

You can request that we provide the data you have given us in a structured, commonly used, and machine-readable format and transmit it to another controller, provided:

• The processing is based on your consent or a contract.
• The processing is carried out by automated means.

If technically feasible, you can request the direct transfer of your data to another controller.

6. Right to Object:

If we process your data based on legitimate interest, you can object to the processing at any time due to reasons related to your specific situation. This includes profiling based on these provisions. We will then stop processing your data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is necessary for asserting, exercising, or defending legal claims.

You may object to the processing of your data for direct marketing purposes at any time without providing reasons.

7. Right to Lodge a Complaint:

If you believe we have violated Austrian or European data protection laws in processing your data, we encourage you to contact us to address any concerns. You also have the right to file a complaint with the Austrian Data Protection Authority or a supervisory authority in the EU.

Who Can You Contact to Exercise Your Rights?

To exercise any of your data protection rights, please contact us via the email address provided in Section 1. For verification purposes, we may request additional information to confirm your identity. This measure protects your rights and privacy.

Are You Required to Provide Data?

The processing of your data is necessary to conclude or fulfill a contract with us. If you do not provide the required data, we may be unable to enter into a contract or execute the requested service and might have to terminate an existing agreement. However, you are not obliged to consent to the processing of data that is not relevant to contract fulfillment or required by law.

Is Your Data Transferred to a Third Country?

In principle, we do not transfer data to a third country. Transfers occur only in specific cases based on:

• An adequacy decision by the European Commission.
• Standard contractual clauses.
• Appropriate safeguards.
• Your explicit consent.

Application Data

If you submit an application, your data will be accessible only to authorized persons involved in the recruitment process. Application data will be stored for a maximum of two years to consider you for alternative positions if applicable.

Cookies and Tracking Tools

1. Cookies

Our website uses cookies, which are small text files stored on your device via your browser. These cookies help us make our services user-friendly. Some cookies remain stored on your device until you delete them and allow us to recognize your browser during your next visit.

You can configure your browser to notify you before setting cookies, allowing you to accept them on a case-by-case basis. If cookies are disabled, the website’s functionality may be limited.

2. Tracking Tools and Google Analytics

Our website uses analytics tools to collect general information about visitor behavior, such as pages visited, time spent, referring pages, and general system data (e.g., operating system, screen resolution, browser). All data is anonymized and cannot be traced back to you.

If you do not wish to allow this anonymized tracking, you can disable cookies in your browser.

We also use Google Analytics, a web analytics service by Google, which utilizes cookies to analyze your use of the website. Information generated by these cookies, including your IP address, is transferred to Google servers in the USA and stored there. Google uses this data to analyze website usage, compile reports, and provide related services. Google may share this data with third parties if legally required or if third parties process this data on Google’s behalf.

You can prevent the installation of cookies by adjusting your browser settings; however, this may limit some website functionalities. By using this website, you consent to the processing of your data by Google as described above.

Our website uses Google Analytics with the “_anonymizeIp()” extension, ensuring that your IP address is anonymized and cannot identify you.

To opt out of Google Analytics tracking, you can install the browser add-on provided by Google: Google Analytics Opt-Out Add-on. This add-on prevents your data from being transmitted to Google Analytics.

Without your explicit consent, tracking tools will not be used to:

• Collect personal data about you.
• Transmit data to third parties or marketing platforms.
• Link data with your personal details (e.g., name, address).

Use of Social Sharing

Our social sharing functionality does not use plugins from respective social media platforms. Instead, we utilize text or image links, ensuring that no data (e.g., IP address, browser, screen resolution, visited page, date, time) is transmitted to the social media services.

For example, such links may appear as: www.facebook.com/sharer/sharer.php.

If you click on a social-sharing link while logged into your social media account, you can share the content from our site on your profile. This allows the social media service to associate your visit to our site with your account. Please note that we, as the website provider, have no knowledge of the content or use of the transmitted data by these social media platforms.

Contact Options via the Website

Our website includes information that facilitates quick electronic contact with our company and direct communication with us, including a general email address. If you contact us via email or a contact form, any personal data voluntarily provided will be automatically stored for processing your request or for follow-up communication. These personal data will not be shared with third parties.

Embedding YouTube Videos

We embed videos using YouTube’s “Enhanced Privacy Mode.” A cookie is only placed on your device when you play the video. According to YouTube, no personal cookie data is stored for playback of embedded videos in Enhanced Privacy Mode. For more information on YouTube’s official privacy policy, visit: YouTube Privacy Policy.

If you wish to prevent YouTube from storing any data about you, do not click on the embedded videos.

Use of Google reCAPTCHA

To protect our online forms, we use Google Inc.’s reCAPTCHA service. This service differentiates between human input and automated/machine processing. The query involves transmitting your IP address and possibly other data required by Google for the reCAPTCHA service. This input is sent to Google and processed there. By using reCAPTCHA, you agree to your input being used to assist in the digitization of old works.

If IP anonymization is enabled on this website, your IP address will be shortened within EU member states or other EEA agreement states. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google processes this information on behalf of the website operator to evaluate your use of the service. The IP address transmitted by your browser via reCAPTCHA will not be merged with other Google data.

For more information on Google’s privacy policy, visit: Google Privacy Policy.

Use of Google Maps

This website uses Google Maps API by Google Inc. to visually display map material. Google collects, processes, and uses data about the use of map functions by website visitors.

For Google Maps terms of use, visit: Google Maps Terms.
For Google’s privacy policy, visit: Google Privacy Policy.

Google Tag Manager

This website uses Google Tag Manager to manage website tags via an interface. Google Tag Manager itself does not use cookies or collect personal data. However, it triggers other tags that may collect data. Google Tag Manager does not access this data.

If a deactivation has been set at the domain or cookie level, it remains in effect for all tracking tags implemented via Google Tag Manager.