- We try to reduce the amount of collected data to what is necessary for providing our services
- We communicate internally only via encrypted communication
- Unsafe communication (like email) is switched to secure communication as quickly as possible
- All our mobile hard drives are encrypted
- Unencrypted USB-sticks are used sparingly and only for public data (e.g. presentations).
- If technically possible, all our mobile devices are encrypted.
- Anything which cannot be encrypted is locked away and inaccessible to anyone outside of the company.
Controller
PHENOM ECOSYSTEM - FZCO
Dubai Silicon Oasis Park - Office A2
Dubai, UAE
Processor
Ing. Philipp Neurohr, BSc, MSc
Neurohr Bytes Software e.U.
Email: neurohr@bytes.software
Burgenland: Mogersdorf 6, 8382 Mogersdorf, Austria
Tel: +43-680-2311-673
UID: ATU70020158 | FN: 443581a
Court of jurisdiction Graz, Austria
Next to our company internal servers Neurohr Bytes Software e.U. has servers with following providers:
internex GmbH
Alserbachstraße 30
1090 Wien
Österreich
Firmenbuchnummer: 342171v
UID: ATU65604535
Ledl.net GmbH
Domaintechnik.at
Lederergasse 6
5204 Straßwalchen
Österreich
Firmenbuchnummer: FN 258818s
UID: ATU 61529037
In order to defend servers against DDoS attacks selected services and services under attack use Cloudflare, if the sensitivity of the processed data allows this measure.
Cloudflare Germany GmbH
Rosental 7
80331 München
Deutschland
+49 89 25552276
Processor's Data Protection Officer
KITTL4web | Inh. Udo B. S. KITTL
Web: www.kittl4web.at
E-mail: office@kittl4web.at
Öblarn 71
8960 Öblarn
Telephone: +43 660 232 82 27
TEL/Fax: +43 3684 20387
internex GmbH:
dataprotection@internex.at
Ledl.net GmbH:
Franz Reischenböck
Stv: Fabian Ledl
Capture
Your data is captured personally by our employees, or provided by you via this portal.Access and usage
Our employees can access your data via access controlled, two-factor authenticated, portal interfaces.Storage
On production environments your data is stored on servers in our control.
On archival systems your data is stored on encrypted hard drives and locked servers. Our employees have no direct access to these storages during regular operation.
Disposal and archives
In production environments your data is deleted on request.
Your data is automatically deleted if you close your account.
On archival systems data is kept for up to 10 years (see below).
Your individual data cannot be deleted from (database) backups because of technical limitations. Only named individuals of the controller and processors, with a special clearance and after completing an internal data protection training, can access these backups.
Backups are only accessed in order to restore services, find errors, or provide data for reasonable and valid in law demands by public offices and courts of justice. We will never use backups for any form of marketing analysis, or in order to restore data you wanted to be deleted.
If data is provided to courts of justice and public offices, this is only done in accordance with our Data Protection Officer. If we are not prohibited by law, we will always try to contact you to inform you about such data release.
Database backups of the portal are kept for 10 years.
Invoicing data is kept for 10 years.
Log files of the portal are kept for up to 90 days.
IP addresses of failed and successful login attempts are kept for up to 90 days.
Browser platforms, names and versions, which were used during login attempts, are kept for up to 90 days.
Other backups of the portal are kept for up to 90 days.
Transmission within member states of the European Union and countries with an Adequacy decisions on the basis of article 45 of Regulation (EU) 2016/679
Your data is transmitted for following reasons:
Communication: e.g. letters, emails, telephone
Contract fulfilment: e.g. bank account
Demands from public offices and courts of justice if reasonable and valid in law: We will comply with demands valid in law.
If data is provided to courts of justice and public offices, this is only done in accordance with our Data Protection Officer. If we are not prohibited by law, we will always try to contact you to inform you about such data release.
Transmission to non-member countries
There is no planed transmission of your data to non-member countries or international organisations, with the exception of your personal demands (e.g. contact address in a non-member country).
Cookies and external services
Information regarding the EU directive 2009/136/EC
This online tool uses Cookies, Cloudflare and hCaptcha to provide the best possible functionality, to improve the service and to protect the portal from attacks.
When you visit our portal you will receive some cookies necessary for the provision of the portal's services
XSRF-TOKEN: This cookie helps us to battle Cross-Site-Request-Forgery (Wikipedia) .
laravel_token: This cookie is also used to battle Cross-Site-Request-Forgery (Technical reference) .
portal_name_session: This is a secure and encrypted cookie storing all volatile data of your session.
remember_web_random_string: This cookie is set if you check the "Remember login" button during login.
browser_authentication: This cookie is set to reduce the amount of CAPTCHA-challenges in the current browser.
If necessary
Cloudflare: In order to defend servers against DDoS attacks selected services and services under attack use Cloudflare, if the sensitivity of the processed data allows this measure.
Several cookies for hcaptcha.com: These cookies are set by hCaptcha at the latest if the login form is shown. hCaptcha are the picture challenges you have to solve before being able to login. This prevents attackers from accessing your account just by testing random password until one matches. hCaptcha data security notice
Several cookies for vimeo.com: This cookies are set when a Vimeo video or preview is loaded on the page. Vimeo's Cookie Policy
Several cookies for youtube.com: This cookies are set when a YouTube video or preview is loaded on the page. YouTube data security notice
__stripe_mid: Fraud prevention by the payment provider Stripe. Stripe's Cookie Policy
Matomo: On pages which use our Matomo analysis:
- _pk_ref
- _pk_cvar
- _pk_id
- _pk_ses
- _pk_hsr
- matomo_sessid
- mtm_consent, mtm_consent_removed and mtm_cookie_consent
- matomo_ignore, when you exclude yourself from being tracked (opt-out)
Tips for privacy aware browsing
In order to block so-called tracking-cookies we suggest that you use DuckDuckGo, both the app, as well as the browser extention.
As alternative, or in addition, we can recommend the browser extension Privacy Badger, which also sends Do Not Track signals to each website, if requested (see below).
Do Not Track (DNT) policy
Our software respects Do Not Track signals sent by your browser and takes care that external services are only connected with explicit permission. This can lead to limited functionality and additional user interactions: Videos don't autoplay, payment providers are not available, registration is not possible, if an external CAPTCHA-service is required as additional security, etc.
Permission is given per service, i.e. if you allow one video to play then all videos from that external provider are allowed to play in your current session.