Business Partners Privacy Policy

At CyberGrid we attach great importance to the value of your personal data and therefore take their protection very seriously, strictly complying with data protection regulations. In the following we provide more detailed information on how we process your data.

‍
We reserve the right to adapt the Business Partners Privacy Policy at any time in light of legal or technical changes. The version published from time to time in our Privacy Policy and the General Terms and Conditions shall apply.

Who is responsible for processing your data?
Responsibility for data processing lies with:
CyberGrid
Bayerngasse 3 / 1 / Top 5, 1030 Wien, Austria
office@cyber-grid.com
Tel. +43 1 481 2626 11

‍

What data is processed and from which sources does it come?
We process the personal data that we receive from you in the course of a business relationship or that we generate in order to fulfill our contractual obligations. “Personal data" includes any information that directly or indirectly relates to natural persons.

For which purposes and on what legal basis is your data processed?
We process your personal data for the following purposes and on the legal bases indicated:

• Within the scope of the consent given by you (Article 6 (1)(a) GDPR):

If you have consented to our processing of your personal data, we will process these data only for such purposes and to such extent as stipulated and agreed in the declaration of consent. You may revoke your consent at any time, effective as of the revocation date, free of charge. The revocation of your consent does not affect the lawfulness of the processing of your data carried out on the basis of the consent until your revocation.

• To perform our contractual obligations (Article 6 (1)(b) GDPR):

The processing of your data is necessary for our performance of a contract concluded with you or for pre-contractual measures. The purposes of data processing primarily depend on the specific product. As for details on the purpose of data processing, please see the respective contract documents and our General Terms and Conditions.

• To comply with legal obligations (Article 6 (1)(c) GDPR):‍

The processing of your personal data may be necessary to meet our legal obligations.

• To pursue legitimate interests (Article 6 (1)(f) GDPR):

We process your data in our legitimate interest for the following purposes:

· Marketing in connection with own products and services;

· Classification of customers into groups for marketing purposes (incl. development of new products and services);

· Contacting and exchanging data with, and using data from, commercially licensed credit agencies to determine credit and default risks;

· Processing and contacting for the purpose of quality assurance and improvement of our offers and services.

You can object to the processing of your personal data on grounds provided for by Article 21 GDPR. For further information, see the section about your data protection rights below.

Who receives your data?
We only disclose your personal data to third parties if this is necessary for the fulfillment of (pre)contractual or legal obligations, is justified to protect our legitimate interests, or is permissible within the scope of a previous consent. Your data will be passed on to the following recipients:

• Businesses in accordance with the consent given;
• Commissioned service providers for order processing (e.g., service providers for mail delivery, customer satisfaction measurements, debt collection, IT services, as well as commercially licensed credit agencies and address publishers);
• If required by law, authorities and public bodies (e.g. tax authorities).

In all cases in which we pass on your data to recipients inside and outside our company, we always ensure that this only takes place on the basis of legal provisions and that the protection of your data is ensured.

For how long will your data be stored?
In principle, we keep your data for the duration of our business relationship with you. In addition, we must observe wide-ranging retention obligations requiring us to retain data about you, about third parties, about your business cases and about your contractual relationship beyond its termination or even after the completion of your business case, as is the case in light of retention periods under corporate law, for instance. We also retain your data for as long as the assertion of legal claims arising from our contractual and service relationship with you is possible or as is permissible for the protection of our legitimate interests pursuant to Article 6(1)(f) GDPR.

Are you obliged to provide data?
The provision of your personal data and, if applicable, of third parties that you name is necessary for the establishment of our contractual relationship and for the processing of your business cases. If you do not provide us with this data or do not provide it to the extent required, we may not be able to establish the contractual relationship you have requested or process your business case. Please note that this would not be considered a contractual default on our part.

Is there any automated decision-making, including profiling?
We do not use automated decision-making pursuant to Article 22 GDPR to bring about a decision on the establishment and implementation of the business relationship.

What data protection rights do you have?

You have the right to request information about the origin, categories, storage period, recipients, the purpose of the data we process about you and your business case and the nature of our processing.

‍
If we process data about you that is incorrect or incomplete, you have a right to correction or completion. You may also request the erasure of data that has been processed unlawfully. Please note, however, that this only applies to inaccurate, incomplete or unlawfully processed data. If it is unclear whether the data processed about you is inaccurate, incomplete or has been unlawfully processed, you may request that the processing of your data be restricted until final clarification of this issue. Please note that these rights are complementary, so that you can only request either the correction or completion of your data or their erasure.

Even if the data relating to you is correct and complete and has been processed by us on a lawful basis, you may object to the processing of this data in duly substantiated individual cases. Likewise, you may object if you receive direct advertising from us and no longer wish to receive this in the future.

You may receive the data we have processed about you, if we have received this data directly from you, in a machine-readable format determined by us, or instruct us to transfer these data directly to a third party chosen by you, provided this recipient has made such transfer possible for us in technical terms and neither unreasonable expenses nor legal or other obligations of secrecy or confidentiality requirements prevent this from our side or from that of the third parties.

If we have received and process your data on the basis of consent given by you, you may revoke your consent at any time with the effect that we will no longer process your data for the purposes stated in the consent as of receipt of your revocation. Your revocation of consent does not affect the lawfulness of the processing carried out on the basis of your consent until the revocation.

‍

If you have any concerns or questions relating to data protection, please contact us at office@cyber-grid.com or reach out to us at Bayerngasse 3 / 1 / Top 5, 1030 Wien, Austria.

If we have any reasonable doubt as to your identity, we will ask you to provide proof of your identity, for example by submitting an electronic copy of your ID.

While we make every effort to protect your privacy and the integrity of your data, disagreements about the way we use your data can never be ruled out completely. If you believe that we are using your data in an inadmissible manner, you have the right to appeal to the Austrian Data Protection Authority.