Privacy policy for the use of Scanulator, a product of Reichl und Partner eMarketing GmbH, FN 198032
1. Preamble
This privacy policy relates to the use of the Scanulator portal at the address https://www.scanulator.com.
The privacy policy contains information on this in particular,
- which personal data Scanulator processes or does not process under any circumstances;
- the purposes for which Scanulator processes personal data;
- the legal bases on which Scanulator is authorized to process personal data;
- to whom and to which bodies Scanulator transmits personal data;
- how long Scanulator stores personal data;
- which external tools and plugins Scanulator uses;
- what rights data subjects have in relation to their personal data;
- such as Scanulator in connection with data protection issues
- and the exercise of data subject rights can be achieved.
With this privacy policy, Scanulator fulfills its data protection information obligations within the meaning of Articles 12 to 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as “General Data Protection Regulation” or “GDPR“).
The definitions used in this Privacy Policy refer exclusively to this Privacy Policy and have no effect on the definitions in Scanulator’s General Terms and Conditions (GTC).
For the sake of readability, personal designations that refer to both men and women are only used in the masculine form in this privacy policy (e.g. “user” instead of “female user”). This is not intended to express gender discrimination or a violation of the principle of equality.
2. Definitions
2.1. General
- Privacy Policy: This is Scanulator’s privacy policy in accordance with Articles 12 to 14 GDPR.
- Scanulator: A tool which is operated by Reichl und Partner eMarketing GmbH.
- Scanulator portal: This refers to the Internet platform operated by Reichl und Partner eMarketing GmbH, FN 198032 under the web address https://www.scanulator.com.
2.2. Rolles
User: This refers to any natural or legal person (e.g. bloggers, influencers, public figures, entrepreneurs, marketing managers of a company, the company) who uses the Scanulator portal.
3. Data controllers under data protection law
Reichl und Partner eMarketing GmbH, company register number FN 198032z v, Promenade 25b, 4020 Linz, is the sole controller within the meaning of Article 4(7) GDPR for the processing of personal data in connection with the Scanulator portal.
4. Scanulator collects the following categories of data
Data that Scanulator collects from the user:
- Basic information of the user: Scanulator processes personal data or data categories of users. Scanulator collects this data from the respective user itself.
This includes:
- Sign-in data: This includes the first and last name, the user name, the e-mail address, the user name, the password, as well as the date, time and IP address of the last login.
- Master data: This refers to personal data required for the creation of a user account and billing. Depending on the case, this includes the name, address (street, postcode/city, country, town), account data, other payment data or information and optionally the tax number.
- Correspondence data: In the event of direct contact between the user and Scanulator (e.g. support requests), Scanulator collects and processes the personal data that the user discloses to Scanulator.
Data generated automatically by the Scanulator portal:
- Sessiondata: This includes the session ID.
- Log data: This includes, for example, the URL accessed by the user, the timestamp (date/time), browser type/browser version, the operating system used, the referrer URL and the IP address.
- Usage data: This includes data related to the use of the Scanulator portal by the user, in particular for which workspaces, the user has created and which subscription the user has.
In principle, there is no obligation to provide the aforementioned data. However, this may result in Scanulator not being able to provide all the services of the Scanulator portal. For example, the non-disclosure of correspondence data may mean that inquiries cannot be answered.
5. Purposes and legal bases of the processing
Scanulator processes the personal data mentioned under point 4 in order to be able to offer, operate and provide the Scanulator portal. As a result, Scanulator respects the principle of data minimization in accordance with Article 5 (1) (c) GDPR. In particular, this means that Scanulator only processes the personal data that is necessary to achieve the respective purposes. The purposes of the processing include:
- Registration, setting up a user account: Scanulator processes the user’s master data to enable the user to register for the Scanulator portal for the first time and to set up a user account.
- Sign-in and provision of Scanulator portal content: Scanulator processes the user’s sign-in data and session data to enable the user to log in to the Scanulator portal and subsequently use it as intended. The overriding legitimate interest of Scanulator is to enable the user to log in and use the Scanulator portal.
- Personalization of the Scanulatorportal: Scanulator processes usage data in order to personalize the Scanulator portal for the respective user. Such personalization includes in particular the storage of the name provided by the user. The legal basis for the processing is the overriding legitimate interest of Scanulator, which lies in enabling such personalization for the user.
- Communication: Scanulator processes master data of the user as well as correspondence data in order to be able to contact and correspond with the user or in relation to the Scanulator portal and its range of services, in particular by means of the contact form provided on the Scanulator portal or by e-mail. The legal basis for the processing is – depending on the reason for this contact and in compliance with Section 174 TKG 2021 (unsolicited messages) – consent, contract fulfillment or initiation or the overriding legitimate interest of Scanulator, which lies in handling the communication.
- Newsletter: Scanulator processes the user’s master data (name, e-mail address) in order to send them a newsletter by e-mail based on their prior registration. However, Scanulator only processes this personal data for this purpose if the user has given his or her prior consent. This consent can be revoked at any time without giving reasons. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
- Ordering services, billing and debt collection: Scanulator processes the user’s master data and usage data in order to bill for services used on the Scanulator portal and, if necessary, to pursue them (also in court). The legal basis – in the case of billing users – is the fulfillment of the contract. Insofar as personal user data must be included in this billing, the legal basis lies in Scanulator’s overriding legitimate interest in ensuring proper billing of the contractual partner. In the event of (judicial) debt collection, the legal basis is Scanulator’s overriding legitimate interest, which lies in being able to enforce the claim for payment.
- IT security: Scanulator processes all information (including user data and automatically generated data) to ensure the security and functionality of the Scanulator portal. This includes, in particular, processing in connection with technical and organizational measures taken to detect, prevent and track attacks on the Scanulator portal. The legal basis for the processing is the overriding legitimate interest of Scanulator, which lies in being able to achieve the aforementioned objective.
- Prevention of fraud and misuse: Scanulator processes all information (including user data and automatically generated data) in order to detect, prevent and prosecute misuse of the Scanulator portal and user data (in particular use of the Scanulator portal contrary to the General Terms and Conditions, data and credit card fraud). The legal basis for the processing is the overriding legitimate interest of Scanulator, which lies in being able to achieve the aforementioned objective.
- Compliance with legal obligations: Scanulator processes master data of users in order to comply with statutory information, recording and retention obligations (in particular those pursuant to Section 132 of the Federal Fiscal Code [BAO] and Section 212 of the Austrian Commercial Code [UGB]) and the rights of data subjects (in particular those pursuant to Art 15 et seq. of the GDPR).
- Purposes that require consent: Scanulator may process personal data for other purposes, which are communicated to the user in this data protection declaration or otherwise in the event of an incident. Processing will only take place if the user has given their prior consent. This consent can be revoked at any time without giving reasons. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
- Other purposes: Scanulator may also process personal data for the purposes and on the basis of the legal grounds set out in Section 6 (Transfer of personal data to third parties) and Section 7 (Cookies and web tools).
6. Transfer of personal data to third parties
Personal data will only be disclosed to third parties or transferred to third parties in accordance with the following statements:
Scanulator uses processors to fulfill its business activities. Scanulator ensures that agreements on commissioned data processing in accordance with Article 28 GDPR have been concluded with these processors before the start of the respective processing operations. These processors are:
- The Rocket Science Group LLC d/b/a Mailchimp, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA (operator of the “Mailchimp” service): Scanulator uses this service to manage and send newsletters. The privacy policy of Rocket Science Group LLC as a company of the Intuit Group is available here: https://www.intuit.com/privacy/statement/.
- MailerSend, Inc. 228 Park Ave S, PMB 54955, New York, New York 10003-1502, US: Scanulator uses this service to send transactional emails (e.g. to reset the password) The privacy policy of Mailersend Inc. Can be accessed here: https://www.mailersend.com/legal/privacy-policy
- Stripe Payments Europe Limited, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland (operator of the “Stripe” service): Scanulator uses this service to process the payment transfer. The privacy policy of Stripe Payments Europe Limited is available here: https://stripe.com/de/privacy.
- Cloudways” (Cloudways Ltd (C 55975) of 52 Springvale Pope Pius XII Street, Mosta, Malta) (operator of the “Cloudways” service): Scanulator uses this service to store our website files and database and to operate our website. Data and operation of the website takes place on servers within the EU. The privacy policy of Cloudways Ltd is available here https://www.cloudways.com/en/terms.php#privacy
- Objectis Ltd, Laisves st. 60, LT-05120 Vilnius, Lithuania (operator of the “Cookie-Script.com” service): Scanulator uses this service to manage cookies and obtain consent from users to set cookies. The data protection declaration of the Objectis Ldt. is available here: https://cookie-script.com/privacy-policy.html
- Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (operator of the “Google Tag Manager” and “Google Analytics” services). Further information on the individual services can be found in section 8.
Personal data is transferred to banks, tax consultants (e.g. to carry out proper accounting), lawyers and debt collection agencies (e.g. to collect outstanding debts), courts and authorities (e.g. to report and clarify legally relevant facts or assert claims) for the purposes stated in point 5. Transmission also takes place in those cases in which Scanulator is legally obliged to transmit data.
Some of the recipients mentioned above are located outside the European Economic Area or process personal data there. The level of data protection in other countries may not correspond to that of the European Economic Area. In particular, for data recipients in the USA, it cannot be ruled out that US authorities will request access to the data and that such access will be granted by a recipient.
However, Scanulator only transfers personal data to countries for which the EU Commission has decided that they have an adequate level of data protection, or Scanulator takes measures to ensure that all recipients have an adequate level of data protection. For example, standard contractual clauses (in accordance with Implementing Decision (EU) 2021/914) are concluded for this purpose. Scanulator will make these standard contractual clauses available on request (point 12).
7. Cookies and web tools
7.1. Essential cookies
Scanulator uses the following essential cookies, which are necessary for the proper functioning of the Scanulator portal:
The following information is required for the functioning of the Scanulator portal:
- Name
- Domain
- Expiration date
- Explanation
- CookieScriptConsent
- scanulator.com
- 1 month
- Consent to the setting of cookies granted or not granted
- authorizationToken
- scanulator.com
- End of the session
- Session cookie
7.2. Google Analytics
Scanulator uses Google Analytics on the Scanulator portal, which is offered by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. The purpose of the use is to analyze the use of the Scanulator portal by users.
Cookies are used to ensure the proper functioning of this service. The information collected by these cookies about the use of the Scanulator portal is generally transferred to a Google server in the USA and stored there.
IP anonymization has been activated for the Scanulator portal. This means that the IP address of users within the European Economic Area is shortened in such a way that the personal reference is omitted. Based on the anonymized data, Scanulator creates an evaluation of the use and activity of the Scanulator portal via its processor Google Ireland Limited. This evaluation is used to analyze the performance of the Scanulator portal.
The usage data includes, among other things, page views, the first visit to the website, the start of the session, interactions with the Scanulator portal, scrolls, clicks on external links, internal search queries, interactions with videos, downloads of files, ad interactions and language settings. In addition, the approximate location, the abbreviated IP address, technical information on the browser and end device used, the Internet provider and the referrer URL are recorded.
This data is automatically deleted after two months. Data that has reached the end of its retention period is automatically deleted once a month.
The legal basis for this processing is the consent given by the user in accordance with Article 6 (1) (a) GDPR and Article 49 (1) (a) GDPR. This consent can be revoked at any time without giving reasons. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. A revocation can be made here:
Cookie settings
Alternatively, the storage of cookies can also be prevented from the outset by a corresponding setting in the browser software used. However, if the browser software is configured to reject all cookies, this may limit the functionality of the Scanulator portal. In addition, the collection of data generated by the cookie can be prevented by the user not giving consent to the setting of the cookie or (ii) by downloading and installing the browser add-on to deactivate Google Analytics at this link: https://tools.google.com/dlpage/gaoptout?hl=de
Possible data recipients are:
- Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor pursuant to Art. 28 GDPR)
- Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
- A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. users or do not have the same rights there as within the EU or EEA. They may not be entitled to any legal remedies against access by the authorities. For the appropriate guarantees provided by Scanulator, see point 7.
[borlabs-cookie type=”btn-consent-preferences” title=”Data protection settings” /]
7.3. Google Tag Manager
The Google Tag Manager is a tag management system with which tracking codes and associated code fragments can be centrally integrated, managed and updated on the Scanulator portal. The service is provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. The Google Tag Manager therefore serves as a mere system for passing through other tools. Information on processing in connection with these other tools can be found under the respective tools in this privacy policy.
8. Storage duration
Scanulator stores personal data for as long as is necessary to achieve the purposes set out in this privacy policy and for the duration of a statutory retention obligation or until the expiry of an official or administrative limitation period. In particular, the following storage and retention periods apply:
- User sign-in data and usage data are stored for the duration of the user relationship with Scanulator and then deleted.
- Session data is stored for the duration of the visit to the Scanulator portal and deleted after logout, but after one month at the latest. Log data is stored for a period of 24 hours; after this time, the IP address is anonymized. If this data is required for IT security and fraud prevention purposes, the data will continue to be stored on a personal basis until the end of the respective purpose.
9. Automated decision-making including profiling
Scanulator does not process personal data for the purpose of automated decision-making, including profiling.
10. Rights of data subjects in connection with personal data
Persons whose data is processed by Scanulator (“data subjects”) are – under the conditions of the applicable law – entitled,
- to request information as to whether and which personal data of the data subject Scanulator processes and to receive further information on this processing; also to receive copies of this data;
- to request the correction or completion of personal data;
- to request the deletion of personal data that is incorrect or not processed in accordance with the law;
- to request Scanulator to restrict the processing of personal data;
- under certain circumstances, to object to the processing of personal data, whereby an objection to processing for direct marketing purposes is possible at any time without giving reasons;
- to demand data portability, provided that the processing is based on the legal basis of consent or the fulfillment or initiation of a contract and is carried out by automated means;
- to know the identity of third parties to whom the personal data is transmitted;
- if the processing is based on the legal basis of consent, to revoke the consent, whereby such revocation does not affect the legality of the processing carried out on the basis of the consent until revocation;
- to the competent authority (Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, dsb@dsb.gv.at) to lodge a complaint.
11. Contact details of the person responsible
For data protection inquiries or the exercise of data subject rights, please contact us exclusively:
Reichl and Partner eMarketing GmbH
Company register number FN 198032z
Promenade 25b, 4020 Linz
Tel: +43 664 5439139
E-mail: support@Scanulator.com
Valid from: 19.10.2023