1. INTRODUCTION
ETR Betriebsmanagement &Personalservices GmbH (Grabenstraße 28, 8010 Graz), hereinafter referred to as service provider, data processor - undertakes to comply with and observe all activities in connection with data processing in accordance with the rules and established legal provisions.
If data protection instructions apply, the data processing service provider can always be reached at http://etrbusiness.at/datenschutz and in English at http://etrbusiness.com/privacy.
The service provider reserves the right to change this information.
ETR GmbH treats personal data confidentially and does everything to ensure its security, e.g. technical measures that serve to keep the data safe.
Data protection principles are consistent with existing data protection legislation.
2. PERSONAL DATA AREA, PURPOSE OF DATA PROCESSING, LEGAL REASON AND PERIOD
The data processing service is based on voluntary consent.
Since the voluntary consent of the individual participants is the responsibility of the ordering company, this is taken as given when booking a company / institution / club / etc.
In some cases, however, various information may require storage and forwarding due to data protection law, about which we inform customers separately.
3. GAME VENUE AND INTERNET DATA PROCESSING
3.1 CUSTOMER DATA FROM THE GAME VENUES
Purpose of data processing: purchasing in the venue, ordering, issuing invoices, registering customers to distinguish them from each other, making bookings, documenting purchases and payments, fulfilling accounting obligations, customer service, analyzing purchasing habits, more targeted services.
The legal basis for data management: voluntary consent.
The area of managed data: order number, date, time, name, address, email address, name of the services ordered, quantity, purchase price; Name of the invoice recipient, invoice address, tax number, photographs taken from the venue, behavior during the game, signature; in the case of a payment transfer, fax number and account number.
Data management period: All information mentioned above for eight years.
3.2 CUSTOMER ACCIDENTS IN THE GAME VENUES
Accidents that occur in the arcade area must be documented and logged by the service provider.
Purpose of data processing: Documentation of the accident that occurred in the arcade area.
The legal basis for data management: voluntary consent.
The area of managed data: order number, name of the accident customer, address, telephone number, the date of the accident, time, the exact location, a brief description of the incident, name and address of the witness, information about medical care, written comments.
Data management period: five years.
3.3. VISITOR DATA FROM THE ETRBUSINESS.AT and ETRBUSINESS.COM WEBSITES
Purpose of data processing: while visiting the website, the service provider can check the service areas for functionality, provide personal, individual service and, in order to prevent misuse, collect visitor data.
The legal basis for data management: voluntary consent.
The area of managed data: order number, date, time, the address of the page visited, as well as the user's device and data about the browser, IP address of the computer user, as well as the geographical location of the user.
Data management period: one month.
The provider will not associate any information with others when analyzing the log files, and the user will not be identified with other persons.
The website code was inserted for ETR GmbH on Facebook, using YouTube Video, Hotjar and Google Analytics code page, through the management of this data www.facebook.com and www.youtube.com detailed information and addresses can be requested.
Online payment is made by an external service provider – PayPal Services.
For further information: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
3.4. COOKIE MANAGEMENT FOR THE ETRBUSINESS.AT and ETRBUSINESS.COM WEBSITES
In the interest of the computer user, the site operator of etrbusiness.at and etrbusiness.com with individual service has inserted a small data package, called cookies, on the back for reading purposes.
When the browser sends back a previously stored cookie, the cookie management service provider gives the user the opportunity to connect his current visit with previous ones, but only for his own content.
Purpose of data processing: identification of the user to distinguish them from each other, identification of the current user during the workflow, storage of the data provided during the course, prevention of data loss (surveySessionCookie, device cookie), identification of users, monitoring, the web analysis data is collected (s_vi, s_sess, s_pers cookies).
The legal basis for data management: voluntary consent.
The area of managed data: order number, date, time.
Data management period: - until the completion of the work history (surveySessionCookie, device cookie, s_sess cookie), - s_vi cookie by two years, - for s_pers cookie is five years.
The user can delete cookies from their computer or deactivate the use of cookies in their browser.
3.5 MARKETING, NEWSLETTER AND MARKET INFORMATION
The provider sends customers e-newsletters.
Purpose of data management: register customers to distinguish them from each other, maintain contact, analyze purchasing habits, provide targeted services, provide discounts, special offers and send other items, provide current information, contain requests for direct marketing, create a personalized offer.
The legal basis for data management: voluntary consent.
The area of managed data: order number, selection of venue, name, e-mail address, selected date, request for newsletter/direct marketing.
Data management period: -with regard to contributions for direct marketing purposes, the user's consent to withdraw, - other information concerning five years, - with regard to information about purchases, eight years.
For the purpose of direct marketing messages regarding revocation of consent and personal data and the deletion or change of the following contacts can be obtained at: http://exittheroom.de Privacy statement.
3.6. PROMOTION, ACTIVITY, COMPETITIONS ORGANIZATION (IF APPLICABLE):
Purpose of data management: activities organized by the service provider in the games, in promotions, participation in the competitions, the use of discounts, getting to know the services and trying them out, giving an opinion on them, drawing the winner, notification, publication, compliance with accounting obligations, marketing advertising is attached to interested parties by newsletters by e-mail, notification of current information, special offers, contain requests for direct marketing, creating a personal offer, maintaining contact.
The legal basis for data management: voluntary consent.
The area of managed data: order number, name, e-mail address, address, photo, the set game rules or other information is made available to the participant, data or content and direct marketing require consent.
Period of data management: applications for direct marketing purposes, concerning the consent and consent of the user to withdraw, but not more than - 24 months after the last update of the user's data, - the data of the non-winner after 30 days from the end of the game, - concerns invoice documents of winnings that arise up to eight years.
Publication: name of the winner (information specified for the rules of the game, e.g. photo) and prize on the website http://etrbusiness.at and http://etrbusiness.com.
Messages to direct marketing regarding the withdrawal of consent and personal data and the deletion or modification can be entered at the following: http://etrbusiness.at/datenschutz and http://etrbusiness.com.
3.7. VENUE PROPERTY SECURITY SYSTEM
A monitoring and recording system operates in the playing area.
Purpose of data management: on the course of the game in a specific room, active contact with the game leader, observation for company development, human life, physical integrity, protection of property, prevention of legal violations, perceptions, catching the perpetrator in the act, as well as proof of legal violations, documenting the activities of unauthorized persons, an examination of the conditions at work and accidents that occur.
The legal basis for data management: consent of the service provider to enter the relevant gaming area.
The area of managed data: when people enter the play area, the image capture shows facial resemblance and other personal data.
Data management period: thirty days in the absence of use.
3.8. USE OF THE RECORDINGS
The cameras see the current image and recordings are displayed.
The following are authorized to store the data media: the employees authorized by the service provider.
Camera surveillance is operated by the service provider during the game.
Only the recordings of the current game will be saved and preserved to ensure human life, physical well-being and proof of committed violations of property and this must be permitted by authorized persons in order to identify the perpetrator.
The parties whose rights and legitimate interests are affected by the video recordings can provide proof that they have a right or legitimate interest not to have those data destroyed by the service provider within three working days from the date of recording.
It is not possible to request copies of the recorded persons from the electronic surveillance system.
Data forwarding: Violations or criminal proceedings may be forwarded to the authorities and courts.
The scope of the data provided: recordings made by the camera system, recordings of relevant information.
3.9. CUSTOMER LETTER
If problems arise while using the service, contact information is stated in the information sheet and on the website, and the form for contacting the data processor can be found at http://etrbusiness.at and http://etrbusiness.com.
The service provider will delete all received emails containing the sender's name, email address, date, time and other information specified in the notification together with other personal data after a maximum period of five years from the date of transmission of the data.
3.10. APPLICATION FOR THE JOB VACANCY (IF APPLICABLE)
On the http://etrbusiness.at and http://etrbusiness.com pages it is sometimes possible to apply and contact us online.
In connection with the tender requirements, the emails can be sent to the email address info@etrbusiness.at, which the service provider takes over.
Purpose of data management: in order to apply for a position, an application must be submitted to the service provider in order to actually take part in the selection process.
The legal basis of data management: voluntary consent
The area of managed data: order number, name, address, telephone number, accessible e-mail address, the applicant can openly provide information on social networks, LinkedIn, Facebook and Twitter, upload cover letters, CVs with dates, as well as the application, CV and other personal data specified in the cover letter.
The data deletion period: with regard to the job seeker's profile data, from the date of the last data refresh after 12 months.
3.11. OTHER DATA MANAGEMENT
The service provider only releases to the authorities - if the authority marks the exact purpose and scope of the data - as much personal data and to the extent that is essential to achieve the purpose of the application.
4. METHOD OF STORAGE OF PERSONAL DATA, SECURITY OF DATA
The service provider computer systems and other data storage locations in the headquarters, premises, branches and data processing can be found in the service central server.
The service provider processes the personal data using IT assets to manage them securely and to protect them with appropriate measures against unauthorized access, disclosure, modification, transmission and accidental destruction.
5. DATA CONTROLLER DATA
Name: ETR Betriebsmanagement & Personalservices GmbH
Company headquarters: Grabenstrasse 28. 8010 Graz, Austria
Tax number: ATU69001812
E-mail: info@etrbusiness.at
6. DATA PROCESSING DATA
Name: ETR Betriebsmanagement & Personalservices GmbH
Company headquarters: Grabenstrasse 28. 8010 Graz, Austria
Tax number: ATU69001812
E-mail: info@etrbusiness.at
The activity of the data processors: data storage, evaluation, analysis, organization, selection, archiving, technical and other organizational tasks, and securing website operations, communication with those involved, processing complaints.
The service provider reserves the right to continue using data processing; when the latest data processing begins, the information about the person will be made available.
7. LEGAL ACTION OPTIONS
The participant can request relevant information about the handling of personal data and request correction of personal data, - with the exception of mandatory data processing - deletion or blocking of data collection, and the specified availability of the data processor.
The data processor will respond to the information in writing within 30 days of submitting the request.
This information is free if the person has not yet made a request for information about the same data connections to the person responsible for data processing in the current year.
In other cases, the provider may set a fee.
The service provider corrects the personal data if it does not correspond to reality and corrects the data available.
The service provider will delete the personal data if their processing is unlawful, the question is whether the data managed is incomplete or incorrect, provided that the right of cancellation does not exclude this, the purpose of the processing ceases or the period of the data specified for storage has expired, if the court or the national data protection and freedom of information authority so orders.
The data processors still have 30 days to correct the deletion of personal data before it is blocked.
If the data processor notices during the correction that blocking or deleting does not meet the requirements, the reasons for rejecting the application will be communicated in writing within 30 days.
The provider cannot delete the data concerned if data processing has been ordered by law.
The service provider is released from liability for data processing if the damage is caused by unavoidable reasons outside the scope of data management.
In this respect, no compensation will be charged if there was intentional damage or grossly negligent behavior.
If you have any questions or concerns regarding the provider's privacy policy, please contact the data protection office: http://etrbusiness.at/datenschutz or http://etrbusiness.com/privacy Privacy statement Data protection declaration.
01/01/2025