Privacy Policy

This Privacy Policy describes the collection, use, disclosure, storage, and protection of your personal data by MGN Investment GmbH. In order to ensure the security of the processed data and to make sure that such data is processed properly and not made accessible to unauthorized persons, appropriate data security measures are implemented. In processing your data, we comply with the provisions of the Austrian Data Protection Act (DSG), the EU General Data Protection Regulation (GDPR), as well as the Telecommunications Act 2003 (TKG 2003). Below you will find an explanation of how we use your personal data.

A quick explanation of the most important data protection terms

The Privacy Policy we have prepared is based on terminology used by the European legislator when adopting the General Data Protection Regulation (GDPR). Our Privacy Policy is intended to be easy to read and understand for everyone. To ensure this, we would first like to briefly explain the most important terms.

1. Personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”). A natural person is considered identifiable if they can be identified directly or indirectly, in particular by reference to an identifier such as a name. In short, personal data is information that can be linked to a natural person.

2. Data subject
A data subject is any identified or identifiable natural person whose personal data is processed by the controller.

3. Processing
Processing means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

4. Controller
The controller responsible for the processing of personal data is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

5. Processor
A processor is a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

6. Recipient
A recipient is a natural or legal person, public authority, agency, or other body to which personal data is disclosed, regardless of whether it is a third party or not.

7. Consent
Consent is any freely given indication of the data subject’s wishes in the form of a statement or other clear affirmative action by which the data subject signifies agreement to the processing of personal data relating to them.

Who we are: our name and address as controller

The controller within the meaning of the General Data Protection Regulation (Art. 4 no. 7 GDPR) is:

MGN Investment Gesellschaft mit beschränkter Haftung (GmbH)
Ringmauergasse 3, 9500 Villach, Austria

Tel.: +43 (0) 4242 29191
E-mail: office@mgninvest.at

Which personal data we process

First of all, in many cases the processing of your data is based on a legal obligation or is necessary for the performance of a contract or in the context of pre-contractual measures. In addition, the processing of your personal data often also takes place on the basis of a declaration of consent.

Depending on whether you visit our website, subscribe to our newsletter, or use our contact form, we process your data in different ways.

When the processing of your data requires your consent

Some of our services require your consent. If consent is required for processing, it is obtained from you actively and voluntarily.

How you can withdraw your consent
If you have given us your consent to process your personal data for certain purposes, processing will take place on the basis of this consent in accordance with the purposes specified in the declaration of consent and within the agreed scope.

Any consent given may be withdrawn at any time with effect for the future in writing or by e-mail to office@mgninvest.at. This does not affect the lawfulness of the data processing carried out up to that point.

Your data protection rights

You have the right to information, rectification of inaccurate data, the right to restriction of processing and deletion of unlawfully processed data, as well as the right to data portability. Furthermore, the GDPR also provides for a right to object to the processing of personal data where this takes place for the purposes of our overriding legitimate interests. If you have consented to the processing of your data, you may withdraw this consent at any time. Please note that rights under the General Data Protection Regulation may in some cases be subject to statutory restrictions where the exercise of these rights would impair the fulfilment of legal obligations.

How can you exercise your rights under the GDPR?

To assert your rights under the General Data Protection Regulation, please contact us as follows:

  • by e-mail at office@mgninvest.at

Please provide appropriate proof of your identity or provide us with information that enables us to identify you clearly. To enable us to process your request as efficiently and quickly as possible, please indicate in your request the context in which you believe your personal data is being used.

Information on the right to lodge a complaint with the Data Protection Authority

If, contrary to expectations, you believe that the processing of your data violates data protection law or that your data protection rights have otherwise been infringed, you may lodge a complaint with the Austrian Data Protection Authority.

The current contact details of the Austrian Data Protection Authority can be found here:

Contact – Data Protection Authority (dsb.gv.at)

Data security

As MGN Investment GmbH, we implement appropriate technical and organizational measures within the meaning of Art. 32 GDPR, taking into account the state of the art, the implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the likelihood and severity of the risk to the rights and freedoms of natural persons.

The following measures are taken, among others, to protect your data and to secure it against loss, destruction, access, alteration, and dissemination by unauthorized persons:

  • Pseudonymization and encryption of personal data;
  • Ensuring the confidentiality, integrity, availability, and resilience of systems and services related to processing;
  • Ensuring the rapid restoration of the availability of personal data in the event of a physical or technical incident;
  • Implementation of procedures for regularly reviewing, assessing, and evaluating the effectiveness of technical and organizational measures to ensure the security of processing.

Please also ensure that you always treat your access data for our services confidentially and protect your computer against unauthorized access.

Internet services
Our website also contains cross-references (links) to websites of other providers. MGN Investment GmbH is not responsible for third-party content accessible through such cross-references (links). The external content was checked for unlawful content when the link was first created. Only if we determine or are informed that an offer contains unlawful content will this cross-reference (link) be removed, insofar as this is technically possible and reasonable.

Warranty
The information on our website is prepared with the utmost care. However, MGN Investment GmbH does not guarantee its completeness or suitability for specific purposes. Use of the content made available on the website is at the user’s own risk.

To provide you with a better overview, we have structured our processing as follows:

  • Website
  • Online marketing
  • Newsletter
  • Contact form

Data processing when visiting our website

When you visit our website, we store access data in so-called web server log files. The following data is collected from you:

  • Date and time of access
  • Directory protection user
  • Protocols
  • Referrer
  • Accessed website
  • Amount of data transferred
  • Status code
  • User agent
  • Retrieved host name
  • IP address

Purpose of data processing
The processing of this data is necessary for technical reasons. In addition, access to our website is evaluated statistically in order to further improve the offering on the website and make it more user-friendly, to find and correct errors more quickly, and to manage server capacities. Only where there is a concrete indication of unlawful use of our website will we use this data in a personal form for the purpose of legal prosecution.

Legal basis
The legal basis for the processing of access data (web server log files) is Art. 6 para. 1 lit. f GDPR, legitimate interest (online service offering & data security).

Storage period
Information on username and IP address is stored for a maximum of 14 days. Error logs documenting faulty page accesses are deleted after a maximum of 14 days. In addition to error messages, these include the accessing IP address and, depending on the error, the website accessed.

Your personal data is stored for the duration of the entire business relationship (from initiation through processing to termination of a contract) and beyond, in accordance with statutory retention and documentation obligations. These arise, among other things, from: GDPR – General Data Protection Regulation (immediately after withdrawal), GDPR – General Data Protection Regulation (3 years), BAO – Federal Fiscal Code (7 years), UGB – Austrian Commercial Code (7 years). In addition, statutory limitation periods must be taken into account when determining the storage period, which, for example under the Austrian Civil Code (ABGB), may amount in certain cases to up to 30 years (the general limitation period is 3 years).

Recipients of data transfers
In order to achieve the purposes stated above, it may occasionally be necessary for us to disclose your data to certain recipients. Such disclosure may take place by transmission, dissemination, or another form of making available. Furthermore, in the event of a cyberattack, the information will also be made available to law enforcement authorities.
Detailed information on transferred data and recipients, the related purposes, legal bases, and storage periods can be found in the detailed description of the tools we use.

List of third-party providers (tools) used and detailed data protection information at the end:

  • Facebook
  • Google Analytics
  • Google Maps
  • Instagram
  • TikTok

Cookies and tracking tools on our website

We use various cookies and similar technologies (“cookies”) in order to improve the usability of our website and online services. These cookies include strictly necessary cookies, performance cookies used for analysis and statistics, and marketing cookies for personalization and advertising, which enable you to use our website and online services in the best possible way and help us optimize our online and advertising offering.

Strictly necessary or functional cookies are always stored. All other cookies are only activated after your consent.

With these cookies, personal data may also be processed by us and by third-party providers. These third-party providers, including Google LLC, are based in the USA and other third countries and process data there. The European Court of Justice has not certified the USA as having an adequate level of data protection. In particular, there is a risk that your data may be accessed by US authorities for control and surveillance purposes without effective legal remedies being available against this.

By clicking “Accept all cookies,” you consent to our full use of the aforementioned technologies and to the transfer of your data to third-party providers in third countries (including the USA). Under “Cookie Preferences” you can obtain further information and also edit your cookie settings and decide whether and to which cookies you would like to consent (this excludes functional cookies required for correct display and security, which cannot be deselected).

This allows you to decide whether you wish to consent to the transfer of data to a third country (including the USA). Please note that, depending on the settings you choose, not all functionalities of our website and online services may remain available.

You may withdraw your consent at any time with effect for the future. The use of cookies (statistics, tracking, marketing) can be deactivated via “Cookie Preferences”.

Overview of strictly necessary cookies:
TABLE

Overview of functional cookies:
TABLE

Overview of performance cookies:
TABLE

Overview of marketing cookies:
TABLE

Data processing in connection with online marketing

We process data of prospective customers and/or users or customers of our services for customer retention and customer acquisition.

Purpose of data processing

Through marketing activities, we would like to attract new customers and interested parties to our offers, win back former customers, and build long-term customer relationships by maintaining and further improving customer satisfaction. Furthermore, we want to address our existing customers and interested parties in a needs-based, interest-based, targeted, and therefore individualized manner. For this purpose, we want to understand and know our customers as well as possible.

We therefore infer certain interests or needs from our customers’ usage behavior with regard to our products, which we take into account in our marketing activities.

Legal basis

The processing of your personal data is based on the legitimate interest in carrying out direct advertising (Art. 6 para. 1 lit. f GDPR in conjunction with recital 47 GDPR, last sentence). In addition, we process personal data from your activities relating to our offers, in particular those that make you personally identifiable as a user, together with your online user behavior only if you have given us your consent for this and previously also consented to cookies.

You may withdraw your voluntarily given consent to cookies at any time without stating reasons.

Storage period

Detailed information on storage periods can be found in the detailed description of the tools we use.

Recipients of data transfers

In order to achieve the purposes stated above, it may occasionally be necessary for us to disclose your data to certain recipients. Such disclosure may take place by transmission, dissemination, or another form of making available. Detailed information on transferred data and recipients, the related purposes, legal bases, and storage periods can be found in the detailed description of the tools we use.

Furthermore, in the event of a cyberattack, the information will also be made available to law enforcement authorities.

List of third-party providers (tools) used and detailed data protection information at the end:

  • Facebook
  • Google Analytics
  • Google Maps
  • Instagram
  • TikTok

Data processing when you use our newsletter service

When you subscribe to our newsletter, we process your e-mail address and your IP address.

Purpose of data processing

The personal data you provide when subscribing to the newsletter is processed for the purpose of sending/providing information about our products and current offers, as well as evaluating the click behavior of e-mail recipients in order to optimize our editorial offering. This enables us to determine how our newsletters are opened and used (e.g. clicks on links in a newsletter), so that we can record and measure the success of certain marketing measures.

This information is used to improve our website and our newsletter and related marketing measures, in particular to tailor offers and information on other websites to the interests and wishes of users.

Legal basis

Your data is processed exclusively on the basis of your subscription to the newsletter (consent pursuant to Art. 6 para. 1 lit. a GDPR). If you no longer wish to receive newsletters, you may unsubscribe at any time.

Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

Storage period

The data processed for the aforementioned purposes is generally stored until you withdraw your consent to receive the newsletter. Beyond that, only the absolutely necessary data is stored on the basis of the applicable legal provisions and retention obligations for the purpose of proving your consent or your withdrawal.

Recipients of data transfers

In order to achieve the purposes stated above, it may occasionally be necessary for us to disclose your data to certain recipients. Such disclosure may take place by transmission, dissemination, or another form of making available. Furthermore, in the event of a cyberattack, the information will also be made available to law enforcement authorities.

Detailed information on transferred data and recipients, the related purposes, legal bases, and storage periods can be found in the detailed description of the tools we use.

List of third-party providers (tools) used and detailed data protection information at the end:

[no entries listed in the source text]

Data processing when you use our contact form

A contact form is available on our website which can be used for electronic contact. If this option is used, the data entered into the input form is transmitted to us and stored. This data is limited to: first and last name, e-mail address, and telephone number. In addition, our e-mail address is available for contacting us. In this case, your personal data transmitted by e-mail will be stored in your own interest.

Purpose of data processing

The processing of personal data from the input form serves solely to handle the contact request or your concerns.

Legal basis for data processing

The legal basis for data processing is Art. 6 para. 1 lit. a GDPR.

Storage period

Your data will be deleted as soon as it is no longer required for the purpose for which it was originally collected. For your personal data from the input form of the contact form, this is the case when the conversation has ended or the matter has been conclusively clarified.

Right to object and deletion option

You have the option at any time to withdraw your consent to the processing of your personal data. In this case, all personal data stored in the course of contacting us will be deleted.

Facebook Ads / Facebook Custom Audience

Used in: Website, Online Marketing

Operator:
Meta Platforms Ireland Limited, 4 Grand Canal Harbour, Dublin 2, Ireland

Place of processing:
Ireland, EU, USA

Transfer to third countries:
Yes (adequacy decision)

Operator’s privacy policy:
https://www.facebook.com/privacy/explanation/

Purpose of processing:
If our newsletter subscribers are registered with Facebook, we can display our advertisements specifically on Facebook. This enables us to advertise specifically to persons who have already expressed interest in our products or our company.

Legal basis:
Art. 6 para. 1 lit. a GDPR (consent)

Transferred data:
Your hashed e-mail address and telephone number

Data subjects:
Users of the website, online marketing

Storage period:
180 days per website visit and membership in a Custom Audience. The storage period of the data stored by the operator is described in more detail in its privacy policy.

Note:
Your data is transmitted to Facebook in hashed and encrypted form. The SHA-256 encryption method is used for hashing. Facebook compares the hash values of the customer list with the hash values of its own user data already available. Facebook then checks the matching data to determine whether someone has not yet liked our Facebook page and displays our advertising to those Facebook users.

Google Analytics

Used in: Website, Online Marketing

Operator:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Place of processing:
Ireland, EU, USA

Transfer to third countries:
Yes (adequacy decision)

Operator’s privacy policy:
https://policies.google.com/privacy?hl=de

Purpose of processing:
We use Google Analytics to analyze website usage. The data thereby obtained is used to optimize our website and advertising measures.

Legal basis:
Art. 6 para. 1 lit. a GDPR (consent)

Transferred data:
Google cookies contain a randomly generated user ID that allows you to be recognized during future visits to the website.

Data subjects:
Users of the website, online marketing

Storage period:
Google Analytics stores cookies in your web browser for a period of two years since your last visit. The storage period of the data stored by the operator is described in more detail in its privacy policy.

Note:
Google processes data relating to website use on our behalf and contractually undertakes measures to ensure the security and confidentiality of the processed data.

Google Maps

Used in: Website

Operator:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Place of processing:
Ireland, EU, USA

Transfer to third countries:
Yes (adequacy decision)

Operator’s privacy policy:
https://policies.google.com/privacy?hl=de

Purpose of processing:
We use both the API of the Google Maps map service and Google Maps maps on our website in order to display interactive maps with information on partners. The use of Google Maps serves the interest of an appealing presentation of our online and offline offerings and the easy location of places indicated by us on the website.

Legal basis:
Art. 6 para. 1 lit. a GDPR (consent)

Transferred data:
To use the functions of Google Maps, it is necessary to store the IP address.

Data subjects:
Users of the website

Storage period:
2 years to unlimited. The storage period of the data stored by the operator is described in more detail in its privacy policy.

Note:

Instagram

Used in: Website, Online Marketing

Operator:
Meta Platforms Ireland Limited, 4 Grand Canal Harbour, Dublin 2, Ireland

Place of processing:
Ireland, EU, USA

Transfer to third countries:
Yes (adequacy decision)

Operator’s privacy policy:
https://privacycenter.instagram.com/policy

Purpose of processing:
Integration is carried out to enable you to view Instagram content and to promote our social media presence.

Legal basis:
Art. 6 para. 1 lit. a GDPR (consent)

Transferred data:

  • IP address
  • Browser information
  • Usage data (e.g. interactions with embedded content)
  • if applicable, cookies and similar technologies

Data subjects:
Users of the website, online marketing

Storage period:
Data processing is carried out by Meta. Information on storage duration can be found in Instagram’s privacy policy.

Note:

TikTok

Used in: Website, Online Marketing

Operator:
Beijing ByteDance Technology Ltd., Beijing, China

Place of processing:
EU, USA, China

Transfer to third countries:
Yes (no adequacy decision)

Operator’s privacy policy:
https://www.tiktok.com/legal/page/global/privacy-policy/de

Purpose of processing:
Integration is carried out to enable you to view TikTok content and to promote our social media presence.

Legal basis:
Art. 6 para. 1 lit. a GDPR (consent)

Transferred data:

  • IP address
  • Browser information
  • Usage data (e.g. interactions with embedded content)
  • if applicable, cookies and similar technologies

Data subjects:
Users of the website, online marketing

Storage period:
The storage period of the data stored by the operator is described in more detail in its privacy policy.

Note:

Deutsch English Italiano
Deutsch English Italiano