Manuel Siri informs in accordance with EU Directive No. 679/2016 (hereinafter referred to as GDPR), and with reference to personal and sensitive data, of which they will become aware, about the nature, scope, and purpose of their data processing.
1. Data Controller:
The data controller is Manuel Siri.
The responsible person for data processing is Manuel Siri and can be contacted via email at manuel@outofthebox-media.com.
2. Types of processed data and data subjects:
Personal data of customers and suppliers, as well as data of individuals who voluntarily provide their personal information to our company (in person, by telephone, by fax, or by email), as well as by registering on our website, and data of individuals whose data have been obtained by third parties, for example, when collecting external data for business information, public directories, etc., whereby in the latter case, it exclusively concerns simple personal data.
3. Purpose of data processing:
Data processing is exclusively carried out for the following purposes:
a. Fulfillment of obligations provided by applicable regulations and laws, including tax and accounting purposes.
b. Fulfillment of contractual obligations towards data subjects.
c. Exercise of activities related to the business operations of our company, such as drafting internal statistics, invoicing, maintaining customer and supplier accounts, preparing quotations, sending newsletters, and creating internal statistics.
4. Legal basis for data processing:
Data processing is carried out in compliance with legal requirements and is based on the following legal bases according to Art. 6 and 7 GDPR: Data processing is carried out to fulfill the agreed services, to carry out contractual measures and to respond to inquiries, to fulfill legal obligations and safeguard legitimate interests, as well as based on the consent of the data subjects.
5. Data processing modalities:
Data processing may be carried out with or without the aid of electronic, in any case, automatic means and includes collection, storage, organization, retention, retrieval, processing in the strict sense, modification, selection, extraction, comparison, use, linking, blocking, transmission, deletion, and storage of data. Data processing is carried out both by the data controller and by data processors and third parties, whom the data controller has commissioned to process the data to fulfill the purposes provided for under point 3 or in cases where this is regulated by law. The data controller has ensured that data processors and third parties also process personal data in accordance with the GDPR. The data are disclosed to domestic and/or foreign natural and/or legal persons as necessary, provided that this serves the exercise of the activities and purposes provided for under point 3. However, there is no general dissemination of personal data. Specifically, data processing is carried out with the following modalities:
a. User account:
Personal data is collected during registration and processed for the provision of a user account. The IP address and the time of the respective user action are also stored during the registration and login process. This data is deleted immediately upon termination of the user account, unless retention is necessary for tax or accounting purposes.
b. Contact:
When contacting the company via contact form, email, or social media, the user's information is processed to handle the contact inquiry and its processing. The information may be stored in a customer relationship management system or a similar inquiry organization. Inquiries are deleted once they are no longer necessary, unless data retention is required to fulfill legal obligations.
c. Newsletter:
This website offers the option to subscribe to a newsletter. By subscribing to the newsletter, the data subject agrees to receive emails and other electronic notifications containing promotional information. Newsletter subscription occurs by (e.g., booking a room and then expressly consenting, registering separately, etc.). The registration and confirmation time, as well as the IP address and necessary personal registration data, are stored. Unsubscribing or withdrawing from the newsletter can be done by (as above, deletion must be as quick/easy as subscribing). From this point on, the relevant personal data is deleted unless its retention is necessary to fulfill legal obligations.
d. Google Tag Manager:
Google Tag Manager is a solution used on this website to manage website tags through an interface to incorporate Google marketing services into the online offering. The Tag Manager itself does not process personal data. For more detailed information, refer to the usage policies of Google services: https://www.google.com/intl/en/tagmanager/use-policy.html
e. Google Analytics:
This website uses analysis tools from Google Inc. for marketing and optimization purposes. Data is collected and stored in anonymized form. Google Analytics uses cookies, which are text files stored on the computer and which enable analysis of website usage by the data subject. This data is transmitted to a Google server in the USA and stored there. The IP address transmitted by the data subject's browser as part of Google Analytics is not merged with other Google data. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. The data collected is not used to personally identify visitors to this website; individual users remain anonymous, and no data is passed on to third parties. Google creates various reports on website activities on behalf of the website operator based on this information. In this context, data subjects are informed of their right to object by installing the browser plug-in to deactivate Google Analytics at https://tools.google.com/dlpage/gaoptout?hl=en.
f. Google Adwords and Conversion Tracking:
This website also uses the services of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Google is certified under the Privacy Shield Agreement and guarantees compliance with European data protection law. This website uses the online marketing process Google AdWords to place ads in the Google advertising network that are displayed to users who may have an interest in the ads. This allows ads to be displayed more specifically for and within the online offering of this website to show users only ads that potentially match their interests. For this purpose, when visiting websites where the Google advertising network is active, Google immediately executes a code from Google and incorporates so-called marketing tags into the website, which help store an individual cookie, i.e., a small file, on the user's device. This file records which websites the user visits, what content they are interested in, as well as technical information about the browser and operating system and time of visit. In addition, Google creates statistics using conversion cookies to determine the total number of users who have viewed the ad. However, users cannot be personally identified; Google processes only cookie-related data within anonymized user profiles, unless a user expressly allows Google to process the data without anonymization. Further information on this can be found in Google's privacy policy (https://policies.google.com/technologies/ads).
g. Twitter:
A Twitter widget is integrated into the website's customer management to display tweets from the company's Twitter account. This establishes a connection with Twitter, and log data is transmitted to Twitter, while a cookie is set on the user's computer. Twitter begins deleting, lifting identification, or collecting this data after a maximum of ten days. Further information can be found in Twitter's privacy policy (https://twitter.com/en/privacy).
h. Facebook:
This website integrates plugins from the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA. Facebook plugins are recognizable by the Facebook logo or the "Like" button. This plugin establishes a direct connection between the user's browser and the Facebook server. Facebook thereby receives information that the affected person has visited this website, and there is the possibility
to link the content of this website to the user's Facebook profile using the "Like" button. Further information can be found in Facebook's privacy policy (https://www.facebook.com/policy.php).
i. Instagram:
This website uses social plugins from Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025 USA. These plugins are marked with an Instagram logo. These plugins establish a direct connection between the user's browser and the Instagram server, located in the USA, and Instagram receives information that the affected person has accessed the corresponding page. If the affected person is logged into Instagram, Instagram can directly associate the respective data with the respective account. Further information on the purpose and scope of data collection by Instagram, as well as the further processing of the data, can be found in Instagram's privacy policy (https://help.instagram.com/519522125107875?helpref=page_content).
j. Social media presences:
Out Of The Box Media maintains online presences within social networks and platforms to communicate with active customers, prospects, and users and to inform them about its own services. When accessing the respective networks, the privacy policies of the respective operators apply.
k. Transfer of data to domain registrars:
For the registration of the respective domains of the data subjects, their data must be forwarded to the respective national and international domain registration authorities. Only absolutely necessary personal data is transferred to the registrars. The data transmitted to the registrars can be queried and viewed by internet users. The registration authorities prohibit commercial and abusive use.
l. Transfer of data to certificate authorities:
For the issuance of an SSL certificate, personal data is transmitted to the certificate authority. Only absolutely necessary data is transferred. The data subject consents to this data being automatically transferred to the certificate authority when the certificate is issued.
m. Business analyses and market research:
To identify market trends as well as the wishes of contractual partners and users, the available data on business transactions, inquiries, contracts, etc., are analyzed. Inventory data, communication data, contract data, payment data, usage data, and metadata of contractual partners, interested parties, customers, and visitors to the online offering are processed. The analyses serve to increase user-friendliness, optimize offerings, and enhance business efficiency and are not disclosed externally.
n. Cookies:
Session cookies are generated when visiting this website, which are valid only during the visit to the website. It is not possible to evaluate these cookies across domains, as advertising networks do, and the cookies do not serve to analyze user behavior.
6. Disclosure of data and refusal to disclose:
Disclosure of personal data is essential for the fulfillment of the purposes provided for under point 3, and any refusal by data subjects to disclose data results in the inability to fulfill the purposes provided for under point 3.
7. Data storage:
Processed data will be deleted, unless otherwise stated in this privacy policy, as soon as they are no longer needed for the purposes provided for under point 3 and no longer subject to legal retention requirements. In general, personal data is not stored for more than two years. If deletion is not possible for legal reasons, data processing is restricted, i.e., the data is blocked and not used for other purposes.
8. Rights of the data subject:
The GDPR allows the data subject to exercise specific rights:
a. Right to information from the data controller about the relevant personal data, as well as the right to correction or deletion or restriction of processing, and the right to object to processing;
b. Right to receive one's own data from the data controller in a structured and understandable format, if possible, also for the purpose of transferring data to another controller;
c. Right to revoke consent to data processing at any time, provided that the legality of the processing based on the consent of the data subject is not affected, and without affecting the lawfulness of processing based on consent before its revocation;
d. Right to lodge a complaint with the supervisory authority for data processing.