Data Protection Declaration
The love2care AG, Orbi Tower, Thomas-Klestil-Platz 13, 1030 Vienna, Austria ("we") is the operator of the website www.love2care.cc ("Website") and controller of all data processing operations, which are conducted when accessing our Website or navigating on it.
Thank you for your interest in our Website. Below you will find comprehensive information on the extent to which we process your data and the rights you have in this regard. The protection of your privacy is very important to us and we would like to inform you accordingly about your rights and options in order to effectively support a trusting business relationship. Our data protection practice is in accordance with the General Data Protection Regulation of the European Union ("GDPR") in conjunction with the Austrian Data Protection Act ("DSG"), the Austrian Telecommunications Act 2003 ("TKG") and other relevant legal provisions.
Data protection laws are generally relevant in case any processing of personal data is concerned. The scope of this Data Protection Declaration is based on the understanding of the GDPR. Thus, the term "processing" of personal data essentially includes any handling of such data. Insofar as data processed by us are human-related and – even if only via third parties, in a synopsis or by means of additional knowledge – make you identifiable as a person (in particular by letting us know your full name), they are to be considered personal data.
1. Data Processing Operations
1.1 Processing of Access Data when visiting our Website
You can visit our Website without providing any personal information. When you access our Website, only certain access data, in particular for purposes of technical security, improvement of website quality and statistical purposes, are processed automatically in so called server logfiles; this processing is based on our overriding legitimate interests (Art 6 para 1 lit f GDPR), which consist in achieving the aforementioned purposes.
In particular, the following data are processed in this context:
(i) name of visited website;
(ii) browser type/version used;
(iii) operating system of the user;
(iv) previously visited website (referrer URL);
(v) time of the server request;
(vi) data volume transferred;
(vii) host name of the accessing computer (IP address used).
This information does not allow us to identify you personally; however, IP addresses are considered personal data within the meaning of the GDPR. As a mere website visitor, you can inform yourself about our offers and activities without any obligation and without the possibility for us to link such data to your person. The logfiles are in general automatically deleted after fourteen (14) days, at the latest.
1.2 Contact Requests
(a) Type and extent of data processing: When contacting us, we will use your data as indicated in order to process your contact request and deal with it. The data processing involved is necessary to issue a response in respect of your request, as we would otherwise not be able to contact you.
(b) Legal basis and purpose: Purpose of the data processing is to enable us an exchange with users as well as potential future contractual partners. We answer your request on the basis of our overriding legitimate interests in maintaining a properly functioning contact system, which is a prerequisite for the provision of any services. In case of repeated contact requests, we may also store your data for the purpose of cultivating existing/returning contacts.
(c) Storage period: We delete your requests as well as your contact data, if the request has been answered conclusively and deletion is not hindered by any legal retention period. Possibly, a processing of your data for other purposes might be necessary with regard to a future contractual relationship; we shall separately inform you about such cases in detail commensurate with the requirements of data protection law. We will erase your data in any case, if there has been no contact with you for a period of one (1) year.
1.3 Email Applications
(a) Type and extent of data processing: Via our Website, you have the opportunity to apply for a job in our company by means of sending a video message per email to email@example.com. The application video and the email correspondence will solely be used to gain a (personal) impression of the applicant as well as to potentially invite him for an interview.
(b) Legal basis and purpose: The purpose of this data processing operation is to display vacant positions via our Website. We process your data within this context on the basis of our legitimate interests (Art 6 para 1 lit f GDPR) in advertising vacant positions in an easy and cost-efficient manner and to gain quick but sound impressions of online applicants. In case an applicant is considered suitable and categorised for closer examination, we will also process said data for the purpose of executing the application procedure.
(c) Storage period: If a concrete application procedure does not take place and no legal retention periods demand otherwise, we shall erase your data collected for the abovementioned purposes within seven (7) months.
(a) Type and extent of data processing: You may subscribe to our newsletter via the Website. To do so, you must provide your name and email address. The love2care newsletter provides you with news about our company and services; it will solely be sent to email addresses having been indicated by interested users themselves. If you no longer wish to receive the newsletter, you can of course unsubscribe at any time by clicking on the "unsubscribe newsletter" button at the end of each newsletter or by notifying us of your wish via the contact address specified under point 5. We also use the newsletter for statistical evaluations in connection with your personal data and assess the performance of the newsletter by analysing opening and click behavior as well as information on the technical deliverability of the newsletter.
For delivery of the newsletter we use the newsletter service "Mailchimp", which is operated by The Rocket Science Group LLC d/b/a Mailchimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA. Hence, your voluntarily provided data will be saved on servers of The Rocket Science Group LLC; in particular, that might entail a processing of your data in the USA. The Rocket Science Group LLC participating in the EU-US Privacy Shield is thus obligated to constantly maintain a level of data protection, which is comparable to European standards. The certification can be viewed at: https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active. Your data will solely be used to deliver the newsletter you have subscribed to. The Rocket Science Group LLC acts as our processor in this context and is strictly bound to our instructions.
(b) Legal basis and purpose: The data mentioned above are processed in the form of a newsletter for the purpose of direct marketing and are necessary to send the newsletter and contact you in the correct manner. A newsletter or other electronic advertisements will in no case be sent without your prior approval, which we obtain via the registration mask on our Website. Each and every analysis of the newsletter's performance is conducted for the purpose of evaluating success and reach on the legal basis of our overriding legitimate interests in producing newsletter statistics that are easy to handle and effective in marketing terms in a cost-efficient manner (Art 6 para 1 lit f GDPR).
(c) Storage period: All data having been collected for the delivery of the newsletter shall be erased within seven (7) days after a potential cancellation of the subscription, as long as no legal retention periods demand otherwise and the data are not lawfully processed for other purposes as well.
On our Website, we use so-called "cookies". Cookies are small data sets that are stored on your end device. They help us to make our offer more user-friendly, attractive and secure. They are placed by a web server and sent back to it as soon as a new connection is established in order to recognise the user and his settings. In this sense, a cookie is a small local text file that assigns a specific identity consisting of numbers and letters to your end device. Under no circumstances can cookies access or interact with data stored locally on your device. Different types of cookies have different functions. For example, cookies can enable you to access and navigate websites faster and more efficiently. Cookies help to maintain the functionality of websites with regard to state of the art functions and user experience (e.g. by saving the resolution of a requesting device so that a website can be displayed correctly); on the other hand, they are also used for targeted and cost-saving marketing measures. Cookies that are stored on your end device due to your visit of our Website (on the basis of your express consent) can be set either directly by us or by third parties who provide services for us (third-party cookies). The data processed in this way are normally at least encrypted, which is why they cannot be read by any third party having access to the cookie folder of your browser. The actual content of a specific cookie is always determined by the website that created it.
Cookies always contain the following information:
name of the cookie;
name of the server the cookie originates from;
ID number of the cookie;
an end date at the end of which the cookie is automatically deleted.
As an example, Cookies can be differentiated according to type and purpose as follows:
Necessary/essential cookies: Such cookies are required for the operation of the Website and are essential to navigate the Website and to use its full range of functions (e.g. to access protected areas of the digital appearance). Furthermore – from a legal point of view – all cookies, which are absolutely necessary for us for other reasons in order to be able to provide our services, may be categorised essential if the respective services were expressly requested by you. Necessary cookies are always first-party cookies. They can only be deactivated in the settings of your browser by rejecting all cookies without exception (see below).
Functionality cookies: These cookies can be helpful for the use of websites and their functions. They allow, for example, the storage of your user settings / data during registration so that you do not have to enter them repeatedly. The information collected by functionality cookies relates solely to the website you have visited and no information about your surfing behavior is collected. Information contained in such cookies is usually anonymised. The use of these cookies requires your prior express consent. These cookies can also be deactivated via the settings of your browser (see below).
Performance cookies: Such cookies are used to collect information about the user behavior on websites. In particular, the following information may be stored: accessed sub-pages (duration and frequency); order of pages visited; search terms used having led to the visit of the respective website; mouse movements (scrolling and clicking); country and region of access. These cookies allow to determine what a user is interested in and thereby adapt the content and functionality of the website to individual user needs. They cannot be used to trace back the individual user. The use of these cookies requires your prior express consent. The cookies can be deactivated via your browser settings (see below).
Tracking cookies: These cookies are used to analyse user behavior and display personalised advertising based on the interests determined. Among other things, they collect information about previously visited websites. They are usually third-party cookies. The use of these cookies requires your prior express consent. The cookies can be deactivated via the settings of your browser (see below).
With regard to the storage period cookies can be further differentiated as follows:
Session cookies: Such cookies will be deleted without any action on your part as soon as you close your current browser session. Such cookies, for example, allow you to remain logged in to your password-protected customer account during navigation on websites by assigning you a specific session ID.
Persistent cookies: Such cookies (e.g. to save your language settings) remain stored on your end device until a previously defined expiration date or until you have them manually removed. Among other things, they enable cross-session user tracking.
Furthermore, cookies may be differentiated by their subject of attribution:
First-party cookies: Such cookies are used by ourselves and placed directly from our Website. Browsers generally do not make them accessible across domains, which is why the user can only be recognised by the page from which the cookie originates.
Third-party cookies: Such cookies are not placed by us, but by third parties when visiting our Website, in particular for advertising purposes (e.g. to track surfing behavior). They allow us, for example, to evaluate different page views as well as their frequency.
Most browsers automatically accept cookies. However, you have the option to customise your browser settings so that cookies are either generally declined or only allowed in certain ways (e.g., limiting refusal to third party cookies). However, if you change your browser's cookie settings, some websites may no longer be fully usable. The setting options for the most common browsers can be found under the following links:
1.6 Third-Party Services
The following third-party services respectively tools or plugins, which integrate third-party services into our Website, are concretely used with respect to our web presence. They help us to extend the website functionality for our users and/or to perform evaluations regarding our offerings/services. Such implementation requires the processing of no less than your IP address, as being necessary to have the desired contents delivered to your browser. As far as we make further references to the EU-US Privacy Shield, please note that this is an agreement between the European Union and the USA, with the purpose of ensuring the compliance with European data protection standards also in the USA. The transfer of data to companies being certified under the framework of the EU-US Privacy Shield is subject to an adequacy decision of the European Commission and hence lawful pursuant to Art 45 GDPR.
1.6.1 Instagram Feed
On our Website, we implement a feed of the social network, which is operated by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA ("Instagram"). This enables us to continuously retrieve and display certain information and contents from the social network by establishing a connection to the API of Instagram. This serves the purpose of optimising and distributing our services on the basis of our overriding legitimate interests (Art 6 para 1 lit f GDPR) through the supply of our users with interactive information. Instagram only registers accesses, which might lead to the processing of client data besides your IP address by the third-party provider. The processing of said data may potentially be executed in the USA. In this context, please note that Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA as parent company of Instagram is participating in the EU-US Privacy Shield, wherefore the company is obligated to conduct any data processing activities in the USA in accordance with the agreement and to continuously maintain a level of data protection comparable to European standards. Within this context, Instagram is to be attributed to Facebook Inc.
The Privacy Shield certification can be viewed at https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active. Please also review the data protection declaration of Instagram (https://help.instagram.com/155833707900388/) as well as additional notes from Facebook Inc. with respect to the Privacy Shield certification (https://www.facebook.com/about/privacyshield).
1.6.2 Google Analytics
Our Website uses the web analysis tool Google Analytics of Google Ireland Limited, Barrow Street, Dublin 4, Ireland ("Google Ireland") for analysation of user behavior and optimisation of our web presence. Therefore, your IP address as well as other client data, namely information about your use of our Website, for example, browser type/version, operating system, the previously visited website or the time of the server request, are transferred to and stored on servers of Google Ireland. For this purpose and as controller of the processing of your data, we have concluded a data processing agreement pursuant to Art 28 GDPR with Google Ireland in this respect. Based on our instructions, Google Ireland will use the information collected to analyse the use of our Website, draft reports on website activities and provide us with further services connected to the use of our Website and the Internet. The IP-address transmitted by your browser in the context of Google Analytics is not merged with other Google data. In order to protect you as comprehensive as possible, we utilize IP anonymisation by extending the code of our website by "anonymizeIP". This ensures masking of your IP address, wherefore all data concerned are collected anonymously. Only in exceptional cases will the full IP address be transmitted to a Google server and shortened there. Google intends to process data of users of the European Economic Area, where possible, in data centres situated in Europe; however, an outsourcing of processing activities to group companies may take place, wherefore a processing of your data in the USA by Google Ireland's parent company Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google LLC") is possible.
An overview of Google Ireland's respectively Google LLC's data centres can be viewed at: https://www.google.com/about/datacenters/inside/locations/?hl=en. As far as Google Ireland is processing data in the USA, please note that Google LLC is participating in the EU-US Privacy Shield, wherefore the company is obligated to conduct any data processing activities in the USA in accordance with the agreement and to continuously maintain a level of data protection comparable to European standards. Within this context, Google Ireland is to be attributed to Google LLC. The Privacy Shield certification can be viewed at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. Such data concerning the use of our Website are deleted automatically after the retention period of fourteen (14) months, which we provided for, has expired. The processing of your data by means of Google Analytics is based on our legitimate interests (Art 6 para 1 lit f GDPR) in producing easy-to-use website access statistics in a cost-efficient manner and evaluating other statistically relevant for future optimisation. You can also prevent the collection of your data by downloading a browser plugin (available for Microsoft Internet Explorer 11, Google Chrome, Mozilla Firefox, Apple Safari and Opera) and installing it (https://tools.google.com/dlpage/gaoptout?hl=en). Alternatively, you can also click here to set an opt-out-cookie, which is stored on your device and also prevents Google Analytics from collecting your data. If you delete your saved cookies, however, this step is required again. Further information on data usage by Google and your setting and objection options in this regard can be found at https://policies.google.com/privacy?hl=en.
1.6.3 Google Maps
On our Website we have implemented the service "Google Maps" of Google Ireland, in order to provide you with interactive geographical indications. This concerns, in particular, the presentation of our location. In this context, Google Ireland can collect and process data about the use of Google Maps, which is further used for statistical analysation and, where applicable, the display of interest-based advertisements. If you access a site on our Website, where Google Maps is implemented, a connection to the servers of Google Ireland will be established. Thus, online-identifiers and your IP address may be processed. Any processing of your data takes place on the basis of our legitimate interests (Art 6 para 1 lit f GDPR) in designing our Website attractively for users and visually illustrate geographical information. Google intends to process data of users of the European Economic Area, where possible, in data centres situated in Europe; however, an outsourcing of processing activities to group companies may take place, wherefore a processing of your data in the USA by Google Ireland's parent company Google LLC (cf. point 1.6.2) is possible.
An overview of Google Ireland's respectively Google LLC's data centres can be viewed at: https://www.google.com/about/datacenters/inside/locations/?hl=en. As far as Google Ireland is processing data in the USA, please note that Google LLC is participating in the EU-US Privacy Shield, wherefore the company is obligated to conduct any data processing activities in the USA in accordance with the agreement and to continuously maintain a level of data protection comparable to European standards. Within this context, Google Ireland is to be attributed to Google LLC. The Privacy Shield certification can be viewed at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. Your data will in general not be stored longer than two (2) years. Please also review the data protection declaration of Google LLC and its group companies at https://policies.google.com/privacy?hl=en.
1.7 Links to Third-Party Sites
On our Website we use links to the websites of third parties. These are, in particular, links to social networks (e.g. Facebook). If you click on one of these links, you will be forwarded directly to the respective page. For the website operators it is only evident that you have accessed our Website. Accordingly, we refer you to the separate privacy policies of these websites.
2. Transfer of your Personal Data; Recipients
For the purposes explained in this Data Protection Declaration, we will transfer your (personal) data to the following recipients or make them available to them:
Within our organisation, your data will be provided to those entities or employees who need them to fulfil their contractual or legal obligations and for data processing that is based on our legitimate interests.
Furthermore, (external) processors deployed by us receive your data if they need such data to provide their respective services (whereby the mere possibility to access personal data is sufficient). All processors are contractually obliged to keep your data confidential and to process it only within the scope of service provision. This includes the following categories of recipients:
(i) marketing management
(ii) website management
(iii) website evaluation/analysis
Currently deployed processors are referenced in the course of the description of the different data processing operations conducted under point 1. Furthermore, we deploy Wix.com Luxembourg S.a.r.l, 5, rue Guillaume Kroll, L-1882 Luxembourg with the management and administration of our Website as a processor.
All deployed processors are bound to our data protection practice and will treat your personal data strictly confidential. Under no circumstances will processors – without your express consent – transfer your data to third parties or use it for any other purpose than to fulfil their obligations to us or to comply with our explicit instructions.
3. Data security; Erasure Concept
We take all appropriate technical and organisational measures to ensure that only those personal data that are absolutely necessary for the business purpose are processed by default. The measures taken by us concern the amount of data collected, the scope of processing as well as its storage period and accessibility. We use these measures to ensure that personal data are only made available to a limited and necessary number of persons through default settings. Other persons will under no circumstances be granted access to personal data without the explicit consent of the data subject. In addition, we use various protection mechanisms (backups, encryption) to safeguard the Website and other systems. This is intended to provide the best possible protection for your (personal) data against loss or theft, destruction, unauthorized access, alteration and distribution.
All of our employees have been sufficiently informed of all applicable data protection regulations, internal data protection regulations as well as data security precautions and are required to keep confidential all information entrusted or made available to them in the course of their professional activities. The requirements of the GDPR are strictly observed and personal data are only made available to individual employees insofar as this is necessary regarding the purpose of data collection and our obligations arising therefrom. If we deploy processors, these are obliged to act in accordance with our data protection practice on the basis of specific framework agreements concluded with us.
In accordance with the provisions of the GDPR, all (personal) data collected by us via the Website will only be stored for as long as it is required with regard to the legal basis of the processing operation, unless long-term storage is provided for by law. We comply with our obligation to delete data on the basis of our specific internal deletion concept, wherefore we can provide you with further information on request.
4. Rights of the Data Subjects
4.1 Rights of the Data Subjects in a narrow sense
A central aspect of data protection regulations is the implementation of adequate options allowing you to dispose of your own personal data, even after processing of said personal data has already commenced. For this purpose, a series of rights of the data subject are set in place. We shall comply with your corresponding requests to exercise your rights without undue delay and in any event within one (1) month of receipt of the request. Please direct your request to the following email address: firstname.lastname@example.org.
Specifically, the following rights are stipulated:
Should you exercise your right of access, we shall confirm whether we are processing your personal data and provide you with all relevant information in this regard, to the extent permitted by law. For this purpose, we will send you (i) copies of the data (emails, database excerpts, etc.), as well as information on (ii) concretely processed data, (iii) processing purposes, (iv) categories of processed data, (v) recipients, (vi) the storage period or the criteria for determining it, (vii) the origin of the data and (viii) any further information depending on the individual case. Please note, however, that we cannot hand over any documents that could impair the rights of other persons.
With the right to rectification you may request that we rectify wrongly recorded data, data that have become inaccurate or incomplete (for the purpose of the respective processing). Your request will then be examined and the data processing affected may be restricted for the duration of the examination upon request.
The right to erasure may be exercised (i) in the absence of a need with regard to the purpose of processing, (ii) in the event of revocation of a consent given by you, (iii) in the event of an objection with regard to your particular situation, insofar as the data processing concerned is based on the legitimate interests of us (balance of interests), (iv) in the event of unlawful data processing, (v) in the event of a legal obligation to erase, and (vi) in the event of processing data of minors under the age of 14.
A right to restriction of processing, after the exercise of which affected data may only be stored, exists (only) in special cases. In addition to the possibility of restricting the duration of data corrections, (i) unlawful data processing (unless deletion is required) and (ii) the duration of the examination of a particular objection request are also covered.
You also have the right to object to data processing at any time on grounds relating to your particular situation. This applies to all cases of data processing based on our legitimate interests pursuant to Art 6 para 1 lit f GDPR (balance of interests).
You have the right to lodge a complaint with the relevant national supervisory authority (see point 4.2).
A right to data portability, after the exercise of which the data concerned may be obtained in a structured, common and machine-readable format or upon request directly communicated to another controller. However, such right only covers those of your personal data, which we process due to your consent given on the basis of Art 6 para 1 lit a GDPR.
Please also note that we may be unable to comply with your request due to compelling reasons worthy of protection for the processing (balance of interests) or a processing due to the assertion, exercise or defense of legal claims (on our part). The same applies in the case of excessive requests, whereby here as well as in the case of descendants of manifestly unfounded requests a fee may be charged.
4.2 Right to lodge a Complaint
If you take the view that we violate applicable data protection laws when processing your data, you have the right to file a complaint with the competent national supervisory authority. The concrete requirements for such a complaint are based on Section 24 DSG. However, we would ask you to contact us in advance in order to clarify any questions or problems.
The contact details of the Austrian Data Protection Authority are as follows:
Austrian Data Protection Authority, Barichgasse 40–42, 1030 Vienna, Austria
Phone: +43 1 521 52-25 69
5. Contact Details regarding Data Protection Issues
For data protection questions, messages or requests, please use the following contact address:
Phone: 01 / 9346051