Data protection
We take the protection of our website users' data very seriously and are committed to protecting the information that users provide to us in connection with the use of our website. Furthermore, we undertake to protect and use your data in accordance with applicable law.
This Privacy Policy explains our practices regarding the collection, use and disclosure of your information through the use of our digital assets (the ‘Services’) when you access the Services through your devices.
Please read the Privacy Policy carefully and make sure you fully understand our practices with respect to your information before using our Services. If you have read and fully understand this policy and do not agree with our practices, you must stop using our digital assets and services. By using our Services, you accept the terms of this Privacy Policy. Your continued use of the Services constitutes your acceptance of this Privacy Policy and any changes to it.
In this privacy policy you will learn
-
How we collect data
-
What data we collect
-
Why we collect this data
-
Who we share the data with
-
Where the data is stored
-
How long the data is retained
-
How we protect the data
-
How we deal with minors
-
Updates or changes to the privacy policy
What data do we collect?
Below is an overview of the data we may collect:
-
Non-identified and non-identifiable information that you provide during the registration process or that is collected through the use of our services (‘non-personal data’). Non-personal data does not allow any conclusions to be drawn about who it was collected from. Non-personal data that we collect consists mainly of technical and summarised usage information.
-
Individually identifiable information, i.e. any information by which you can be identified or could reasonably be identified (‘personal data’). The Personal Data we collect through our Services may include information that is requested from time to time, such as names, email addresses, addresses, phone numbers, IP addresses and more. If we combine personal data with non-personal data, we will treat it as personal data for as long as it is combined.
How do we collect data?
Below are the main methods we use to collect data:
-
We collect data when you use our services. So when you visit our digital assets and use services, we may collect, record and store usage, sessions and related information.
-
We collect data that you provide to us yourself, for example when you contact us directly via a communication channel (e.g. an email with a comment or feedback).
-
We may collect data from third party sources as described below.
-
We collect data that you provide to us when you log in to our services via a third-party provider such as Facebook or Google.
Why do we collect this data?
We may use your data for the following purposes:
-
To provide and operate our Services;
-
to develop, customise and improve our Services;
-
to respond to your feedback, enquiries and requests and to provide assistance;
-
to analyse request and usage patterns;
-
for other internal, statistical and research purposes;
-
to improve our data security and fraud prevention capabilities
-
to investigate violations and enforce our terms and policies and to comply with applicable law, regulation or governmental request;
-
to send you updates, news, promotional material and other information related to our services. In the case of promotional emails, you can decide for yourself whether you wish to continue receiving them. If not, simply click on the unsubscribe link in these emails.
Who do we share this data with?
We may disclose your data to our service providers in order to operate our services (e.g. storing data via third party hosting services, providing technical support, etc.).
We may also disclose your data in the following circumstances:
(i) to investigate, detect, prevent or take action regarding unlawful activities or other misconduct;
(ii) to establish or exercise our rights of defence;
(iii) to protect our rights, property or personal safety, or the safety of our users or the public
(iv) in the event of a change of control of us or any of our affiliates (by way of merger, acquisition or purchase of substantially all of our assets, etc.)
(v) to collect, hold and/or manage your information using authorised third party service providers (e.g. cloud service providers) as appropriate for business purposes
(vi) to work with third parties to improve your user experience. For the avoidance of doubt, please note that we may transfer, disclose or otherwise use non-personal data to third parties at our discretion.
Cookies and similar technologies
When you visit or access our services, we authorise third parties to use web beacons, cookies, pixel tags, scripts and other technologies and analytics services (‘Tracking Technologies’). These Tracking Technologies may enable third parties to automatically collect your data in order to improve the browsing experience on our digital assets, optimise their performance and ensure a tailored user experience, as well as for security and fraud prevention purposes.
To find out more, please read our Cookie Policy.
CMS and web hosting
We use World4You, a web hosting provider, for our website. The service provider is the Austrian company World4You Internet Services GmbH, Hafenstraße 35, 4020 Linz, Austria. You can find out more about the data processed through the use of World4You in the privacy policy at https://www.world4you.com/de/unternehmen/datenschutzerklaerung.html.
For our website, we also use Wix.com, a product of Wix HQ, Nemal Tel Aviv St 40, Tel Aviv-Yafo, Israel (‘Wix’) for the purpose of displaying the website on the basis of processing on our behalf. In addition to the headquarters in Tel Aviv, there are other company offices in Berlin, Dublin, Vancouver and New York. All data collected on our website is processed on Wix's servers. As part of the aforementioned services provided by Wix, data may also be transmitted to Wix Inc, 500 Terry A. Francois Boulevard, San Francisco, California 94158, USA, as part of further processing on behalf of Wix. In the event that data is transferred to Wix in Israel, the appropriate level of data protection is guaranteed by an adequacy decision of the European Commission. Further information on data protection at Wix can be found on the following website: https://de.wix.com/about/privacy.
Online survey ‘OKR self assessment’
If you take part in the online survey on the OKR self assessment and would like to receive the results by email, you will be asked to read and accept the separate data protection provisions for this purpose.
For the sake of simplicity, we have also included these data protection provisions here:
We use a tool from the Austrian company stereosense GmbH, Gußhausstraße 15/8, 1040 Vienna, for the online survey.
Your personal data will be processed in compliance with the applicable data protection regulations.
1. Name and contact details of the data controller and the company data protection officer:
The data controller is: Sokrates Consulting OG, Mühlwiesengasse 169, A-2640 Köttlach, Austria, e-mail: office@sokrates-consulting.at, Internet: www.sokrates-consulting.at. You can contact us directly at any time if you have any questions about data protection law or your rights as a data subject. Management: Florian Haid
2. Processing of your personal data and purposes of processing:
Participation in the self-assessment is voluntary and free of charge. All information will be treated confidentially.
-
Processing for the purpose of sending the results: By entering your e-mail address, we can send you the results of your self-assessment by e-mail. The processing of your e-mail address is based on Art. 6 para. 1 sentence 1 lit. f GDPR. It is used to send interested participants the evaluation of their self-assessment after the survey has been analysed. We can also send participants information about the services of Socrates Consulting. This constitutes a legitimate interest within the meaning of the aforementioned regulation.
-
Processing of responses: As a rule, no personal data is collected when answering the questions in our survey. If it is possible to draw conclusions about the person of the participant through the choice or formulation of the answers, the data processing is carried out to safeguard our legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. The survey serves to analyse the potential of OKR in companies with the help of a self-assessment and to determine recommendations for action. This constitutes a legitimate interest within the meaning of the aforementioned provision. We store the questions and answers from the survey. Your answers will be anonymised or deleted as soon as we have completed the evaluation. Unless there are reasons that justify longer storage (for example, if you have given your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR). The documentation and possible publication of the survey results will be carried out exclusively in anonymised form, without naming you and without providing information that would allow conclusions to be drawn about your person.
3. Passing on the data:
As a matter of principle, we do not pass on your data!
Disclosure to third parties may only be considered if you have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR; if this is necessary for the fulfilment of a contract with you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR or in the event that there is a legal obligation for disclosure in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR. The transfer of personal data to a third country (outside the EU) or an international organisation is excluded.
4. Rights of data subjects:
You have the right:
-
in accordance with Art. 7 para. 3 GDPR to revoke your consent once given to us at any time. As a result, we may no longer continue the data processing based on this consent in the future;
-
to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information on its details;
-
in accordance with Art. 16 GDPR, to demand the immediate correction of incorrect or incomplete personal data stored by us
-
in accordance with Art. 17 GDPR, to demand the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims
-
in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it for the assertion, exercise or defence of legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;
-
in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request the transfer to another controller and in accordance with Art. 77 GDPR to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.
Right to object
If your personal data are processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation. If you wish to exercise your right to object, simply send an email to office@sokrates-consulting.at.
5. Data security:
We use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.
Where do we store the data?
Non-personal data:
Please note that our companies and our trusted partners and service providers are located around the world. For the purposes set out in this Privacy Policy, we store and process all non-personal data that we collect in different jurisdictions.
Personal data:
Personal data may be maintained, processed and stored in the United States, Ireland, South Korea, Taiwan, Israel and, to the extent necessary for the proper provision of our Services and/or required by law (as further explained below), in other jurisdictions.
How long will the data be retained?
Please note that we will retain the data we collect for as long as necessary to provide our services, to comply with our legal and contractual obligations to you, to resolve disputes and to enforce our agreements.
We may correct, amend or delete inaccurate or incomplete data at any time at our discretion.
How do we protect the data?
The hosting service for our digital assets provides us with the online platform through which we can offer you our services. Your data can be stored via our hosting provider's data storage, databases and general applications. They store your data on secure servers behind a firewall and provide secure HTTPS access to most areas of their services.
Notwithstanding the measures and efforts taken by us and our hosting provider, we cannot and do not guarantee absolute protection and security of the data you upload, publish or otherwise disclose to us or others.
For this reason, we encourage you to set strong passwords and, whenever possible, not to provide us or others with confidential information that you believe could cause you significant or lasting harm if disclosed. As email and instant messaging are not considered secure forms of communication, we also ask that you do not disclose confidential information via either of these communication channels.
We will only use your personal data for the purposes set out in the Privacy Policy and only where we reasonably believe that:
-
the use of your personal data is necessary to perform or enter into a contract (for example, to provide you with the Services themselves or customer care and technical support);
-
the use of your personal data is necessary to comply with relevant legal or regulatory obligations; or
-
it is necessary to use your personal data to support our legitimate business interests (provided that it is always carried out in a way that is proportionate and respects your privacy rights).
As an EU resident, you may:
-
Request confirmation as to whether or not personal data concerning you is being processed and request access to your stored personal data and to certain additional information.
-
Request to receive personal data that you have provided to us in a structured, commonly used and machine-readable format.
-
Request the correction of your personal data stored by us.
-
request the deletion of your personal data;
-
object to the processing of your personal data by us;
-
request the restriction of the processing of your personal data; or
-
file a complaint with a regulatory authority.
Please note, however, that these rights are not absolute and may be subject to our own legitimate interests and regulatory requirements. If you have general questions about the personal information we collect and how we use it, please contact us as indicated below.
In the course of providing the Services, we may transfer data across borders to affiliated companies or other third parties and from your country/jurisdiction to other countries/jurisdictions worldwide. By using the Services, you consent to the transfer of your data outside of the EEA.
If you are located in the EEA, your personal data will only be transferred to locations outside the EEA where we are satisfied that an adequate or similar level of personal data protection is in place. We will take appropriate steps to ensure that we have adequate contractual arrangements with our third parties to ensure that appropriate safeguards are implemented so as to minimise the risk of unlawful use, alteration, deletion, loss or theft of your personal information and that such third parties act in accordance with applicable law at all times.
To exercise your right to access and delete your information, please see below for how to contact us.
Updates or changes to the Privacy Policy
We may revise this Privacy Policy from time to time in our sole discretion, but the version published on the Website is always up to date (see ‘Last Updated’ legend). Please check this Privacy Policy periodically for changes. If the changes are significant, we will post a notice on our website. If you continue to use the services after we have notified you of changes on our website, this will be deemed to be your confirmation and consent to the changes to the data protection guidelines and your agreement to be bound by the terms of these changes.
Contact
If you have any questions about data protection or the processing of personal data, you will find the contact details of the responsible person or office below:
Sokrates Consulting OG
Mühlwiesengasse 169
A-2640 Köttlach
Authorised to represent: Florian Haid
E-mail: f.haid@sokrates-consulting.at
Telephone: +43 2662 44244
The following local data protection authority is responsible for our company:
Austrian Data Protection Authority
Address: Barichgasse 40-42, 1030 Vienna
Telephone: +43 1 52 152-0
Email address: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/