Data privacy policy
Information on data protection
1. General information pursuant to Art. 13 and 14 GDPR
1.1 Status of this information
28.5.2024
1.2 Controller
Amt der Kärntner Landesregierung (Office of the Provincial Government of Carinthia)
Department 15 – Location, Spatial Planning and Energy
Völkermarkter Ring 29
A-9020 Klagenfurt am Wörthersee
Austria
1.3 Rights as a data subject and data protection officer
As a data subject, you have the following rights under the GDPR which arise in particular from Art. 15 to 21 GDPR:
Right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Art. 6 (1) GDPR.
Right to withdraw consent: You have the right to withdraw your consent at any time.
Right of access: You have the right to request confirmation as to whether the data in question is being processed and to request information about this data as well as further information and a copy of the data, in accordance with the statutory provisions.
Right to rectification: In accordance with the statutory provisions, you have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you.
Right to erasure and restriction of processing: In accordance with the statutory provisions, you have the right to demand that data concerning you be erased immediately or, alternatively, to demand that the processing of the data be restricted in accordance with the statutory provisions.
Right to data portability: You have the right to receive the data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format in accordance with the statutory provisions, or to request its transmission to another controller.
Right to lodge a complaint with a supervisory authority: In accordance with the statutory provisions and without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a data protection supervisory authority, in particular a supervisory authority in the Member State of your habitual residence, the supervisory authority of your place of work or the place of the alleged infringement if you consider that the processing of your personal data infringes upon the GDPR.
General information regarding data protection and the GDPR can be found at https://www.ktn.gv.at/Diverses/datenschutz. If you have any questions about data protection, the withdrawal of consent and the assertion of your data protection rights, please contact the data protection officer:
Amt der Kärntner Landesregierung (Office of the Provincial Government of Carinthia)
Department 1 – Landesamtsdirektion
Datenschutzbeauftragter (Data Protection Officer), Arnulfplatz 1, 9021 Klagenfurt
Phone: +43 (0) 50 536
E-mail: datenschutzbeauftragter@ktn.gv.at
You can address data protection complaints to Datenschutzbehörde (Data Protection Authority), 1030 Vienna, Barichgasse 40-42.
1.4 Definition of terms
This section provides you with an overview of the terms used in this data privacy statement. Many of the terms are taken from the law and defined above all in Art. 4 GDPR. The legal definitions are binding. The following explanations, on the other hand, are primarily intended to aid understanding. The terms are sorted alphabetically.
Controller: “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Personal data: “Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing: “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The term is broad and covers practically every handling of data, be it collection, analysis, storage, transmission or deletion.
Reach measurement: Reach measurement is used to evaluate the flow of visitors to an online offer and can include the behaviour or interests of visitors in certain information, such as website content. With the help of reach analysis, website owners can, for example, recognise at what time visitors visit their website and what content they are interested in. This allows them, for example, to better adapt the content of the website to the needs of their visitors.
2. Information pursuant to Art. 13 and 14 GDPR for users of our website
2.1 General information
The information in this section concerns the processing of personal data on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as “online offer”).
In accordance with the statutory provisions and taking into account the state of technological knowledge, the cost of implementation and the nature, scope, context and purposes of processing, as well as the risks of varying likelihood and severity for rights and freedoms of natural persons posed by the processing, we implement appropriate technical and organisational measures in order to ensure a level of protection appropriate to the risk, in particular SSL encryption (https). To protect your data transmitted via our online offer, we use SSL encryption. You can recognise such encrypted connections by the prefix https:// in the address bar of your browser.
2.2 AI-Guide
Under the name “AI-Guide”, our website contains a frontend based on OpenAI/GPT3 and ChatGPT of the “AI-Concierge” of goodguys gmbh, Moeringgasse 20, 5th Floor, Top 2, 1150 Vienna.
Users can ask our AI-Guide questions anonymously. The chat does not require any personal data. The chat window remains open, the technical identifier of the chat and the question are copied. The copy of the question is sent to the AI system servers of goodguys gmbh for answering. The AI systems determine the answer and send it back to the AI-Guide frontend of the controller. The correct chat is assigned via the technical identifier. The answer is made visible in the waiting chat.
When using this “AI-Guide” service, which can be used anonymously, only the identification data required to maintain the chat for the user for the duration of the communication is processed in the system. The chat history is exclusively and confidentially available only to the person using this service. No further storage of the IP address takes place after the end of the chat. Communication and processing end when the chat is closed.
The system is confidential. goodguys gmbh does not know at any time which person has asked which question. The anonymised content of the chat with the questions asked, the date, time and the answers provided are stored and are used for documentation purposes and to improve service quality.
As the content of the chat is saved, we recommend that you do not enter any personal data in the chat; there is also a corresponding note when you enter the chat.
In order to transmit the answer to the question in the correct format and to the correct recipient, the following information is transmitted to the servers of goodguys gmbh: timestamp (time of request), content of the question (and the answer generated from it), country of origin of the browser, chat_session_id (the ID assigned for the chat session to record the chat history), the default browser language and, if available, the region of the browser, end device type according to the browser, operating system according to the browser and the mobile phone provider.
Legal basis: Legitimate interest (Art. 6 para. 1 (f) GDPR) of goodguys gmbh to monitor and improve its system for the benefit of its customers and our legitimate interest to provide our users with a modern chat experience.
2.3 Google Fonts
We use Google Fonts from Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, USA), whereby this is done without authentication and no cookies are sent to the Google Fonts API. If you have an account with Google, no account data will be transmitted to Google when you use Google Fonts. Google only records the use of Cascading Style Sheets and the fonts used and stores this data. When the fonts are loaded, the user’s IP address is transmitted to Google.
You can find out more about these and other questions at https://developers.google.com/fonts/faq. Find out what data Google collects and what it is used for at https://www.google.com/intl/de/policies/privacy/.
Legal basis: Legitimate interest (Art. 6 para. 1 (f) GDPR) in providing our users with a visually appealing information offering.
2.4 Google Ads with conversion tracking
We use the Google Ads and Conversion Tracking tool from Google Ad Manager by Google LLC. We use this to promote our information offering in a targeted manner.
When you click on an ad placed by Google, Conversion Tracking stores a cookie on your device. These conversion cookies lose their validity after 30 days and are not used to identify you.
If the cookie is still valid when you visit our website, both Google and ourselves can evaluate that you have clicked on one of our ads placed on Google and that you have subsequently been redirected to our website. In addition, the conversion of a user on the website can be registered after the conversion has taken place. This measures the effectiveness of an advertisement and ensures that it is tailored to the user.
Based on the information collected, Google provides us with statistics about visits to our website, including the number of users who have clicked on our ads and the pages of our website that were then accessed. Neither we nor third parties who also use Google Ads will be able to identify you in this way.
You can prevent or restrict the installation of cookies and delete cookies that have already been saved by making the appropriate settings in your Internet browser. See the documentation or help function of your browser.
Legal basis: Consent (Art. 6 para. 1 (a) GDPR).
2.5 Google Tag Manager
We use the Google Tag Manager tool from Google LLC to load additional tools. When the Google Tag Manager is loaded, the user’s IP address is transmitted to Google. The Google Tag Manager is required for the rights management of the commissioned agencies.
Legal basis: Legitimate interest (Art. 6 para. 1 (f) GDPR) in ensuring efficient authorisation management.
2.6 Google Analytics
We use Google Analytics from Google LLC for web analytics. In this context, cookies are stored on the user’s computer. The information generated, including users’ IP addresses, is processed by Google in the USA. We use this tool to analyse website usage (e.g. page views and visits) and generate reports.
In doing so, we shorten the IP address. The last two numbers or the last part of the IP address after a dot are removed or replaced by placeholders. The purpose of shortening the IP address is to prevent or make it significantly more difficult to identify a person by their IP address.
Legal basis: Consent (Art. 6 para. 1 (a) GDPR).
2.7 Embedded YouTube videos
We embed YouTube videos on our website. In this context, cookies are set which could also be used by Google for tracking purposes. However, we embed the videos using the “extended data protection mode” so that the cookies cannot be used for profiling.
Legal basis: Consent (Art. 6 para. 1 (a) GDPR).
2.8 Facebook Pixel
If you have registered on facebook.com, you have given your consent to the Conversion Tracking Pixel Service of Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA. This enables Facebook to track the actions of users after they have been redirected to a provider website by clicking on a Facebook ad. This makes it possible to determine the effectiveness of Facebook ads for statistical and market research purposes. The data of individual users is not viewed, but the data collected is stored and processed by Facebook. Facebook can link this data with the data of your Facebook account and uses this data for its own advertising purposes in accordance with the Facebook guidelines – see https://www.facebook.com/about/privacy/. Facebook Conversion Tracking enables Facebook and its partners to show ads on and off Facebook. In addition, a cookie will be stored on your computer for this purpose.
For more information and to withdraw your consent, visit https://www.facebook.com/ads/website_custom_audiences/.
Legal basis: Consent (Art. 6 para. 1 (a) GDPR).
2.9 Taboola
We use visitor pixels and cookies from Taboola Inc. (28 West 23rd St., 5th fl., New York, NY 10010, USA) for conversion measurement. If users are redirected by clicking on a Taboola ad, their behaviour can be tracked. This serves to evaluate the effectiveness of Taboola advertisements for statistical and market research purposes and can help to optimise future advertising measures. The data is anonymous, so it does not allow us to draw any conclusions about the identity of the user.
Legal basis: Consent (Art. 6 para. 1 (a) GDPR)
2.10 Provision of the information offering and web hosting
In order to be able to provide our information offering securely and efficiently, we use the services of one or more web hosting providers from whose servers (or servers managed by them) the online offer can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services, as well as security services and technical maintenance services.
The data processed in the context of providing the information offering may include all data relating to the users of our information offering that is generated in the context of use and communication. This regularly includes the IP address, which is necessary in order to be able to deliver the content of online offers to browsers, and all entries made within our online offer or from websites.
Collection of access data and log files: We ourselves (or our web hosting provider) collect data on every access to the server (“server log files”). The server log files may include the address and name of the websites and files accessed, date and time of access, data volumes transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider.
The server log files can be used for security purposes, e.g. to avoid overloading the servers (especially in the case of abusive attacks, called DDoS attacks), and to ensure the utilisation of the servers and their stability.
Legal basis: Legitimate interests with regard to the security and efficiency of the information offering (Art. 6 para. 1 (f) GDPR).
3. Information pursuant to Art. 13 and 14 GDPR for persons who register on our website via the general contact form or the recruiting form
The information in this section concerns the processing of personal data of data subjects who fill in our online forms for consulting or recruiting processes.
We collect data from the data subjects themselves.
We only process the personal data that the data subjects enter on our website or that they subsequently provide to us and that we need to provide our services as part of the consulting and recruiting processes. We do not process special categories of personal data (“sensitive data”).
We process the data for the purposes of providing our consulting services and achieving recruitment success.
The legal basis for processing is your consent (Art. 6 para. 1 (a) GDPR). You can withdraw this consent at any time. If you withdraw your consent, we will no longer process your data from this point onwards.
Processing is carried out by a web host with a server location in the EU.
We pass on your data to the following recipients:
- IT service providers
- recruitment consultants (Trenkwalder Personaldienste GmbH, CIC Carinthian International Center – CIC Service GmbH)
- members of the Expert Council of the Province of Carinthia (consisting of representatives of the Carinthian Economic Chamber, the Carinthian Chamber of Labour, the Austrian Trade Union Federation, the Carinthian Employment Service, the Federation of Austrian Industries Carinthia and the departments 5 – Health and Care and 15 – Location, Spatial Planning and Energy of the controller)
- institutions of the Province of Carinthia (e.g. business settlement agencies, interest groups)
There is no automated decision-making based on the data.
Your data will be processed exclusively within the EU/EEA; the transfer of personal data to a third country or an international organisation is not intended.
Your data will be deleted as soon as the data is not required for documentation purposes or with regard to possible audits by the Austrian Court of Audit. This is usually the case in 1 to 1.5 years after the completion of the project.