Introduction and overview
- All online presences (websites, online shops) that we operate
- Social media appearances and email communication
- Mobile apps for smartphones and other devices
In short: The data protection declaration applies to all areas in which personal data is processed in a structured manner in our company via the channels mentioned. If we enter into legal relationships with you outside of these channels, we will inform you separately if necessary.
We only process your data if at least one of the following conditions applies:
- Consent (Article 6 Paragraph 1 lit. a GDPR): You have given us your consent to process data for a specific purpose. An example would be the disclosure of your data in the course of an inquiry.
- Contract (Article 6 Paragraph 1 lit. b GDPR): We process your data in order to fulfill a contract or pre-contractual obligations with you. For example, if we conclude a sales contract with you, we need personal information in advance.
- Legal Obligation (Article 6 Paragraph 1 lit. c GDPR): If we are subject to a legal obligation, we process your data. For example, we are required by law to keep invoices for accounting purposes. These usually contain personal data.
- Legitimate Interests (Article 6 Paragraph 1 lit. f GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data in order to be able to operate our website securely and economically. As soon as you access or visit our website as a user, your IP address as well as the beginning and the end of the session are recorded. This is due to technical reasons and thus represents a legitimate interest within the meaning of Article 6 Paragraph 1 lit. f GDPR.
triscon IT-Services GmbH encourages you to review the privacy statements of websites linked from triscon IT-Services GmbH so that you can understand how those websites collect, use and share your information. triscon IT-Services GmbH is not responsible for the data protection declarations of other websites outside of triscon IT-Services GmbH.
Contact details of the person responsible
If you have any questions about data protection or the processing of personal data, you will find the contact details of the person or body responsible below:
triscon IT-Services GmbH
Roman Alexander Ferstl
Handelskai 94 – 96 (Millenium Tower)
1200 Vienna, Austria
Authorized to represent: Roman Alexander Ferstl
Phone: +43 120 57 76 0040
Contact details of data protection officer
Below you will find the contact details of our data protection officer:
triscon IT-Services GmbH
Roman Alexander Ferstl
Handelskai 94 – 96 (Millenium Tower)
1200 Vienna, Austria
Phone: +43 120 57 76 0040
Duration of data storage
The fact that we only store personal data for as long as is absolutely necessary for the provision of our services and products is a general criteria for us. This means that we delete personal data as soon as the reason for data processing no longer exists. In some cases, we are legally obliged to store certain data even after the original purpose has ceased to exist, for example for accounting purposes.
If you wish your data to be deleted or if you would like to revoke your consent to data processing, the data will be deleted as quickly as possible, so far there is no obligation to store it.
Your rights according to the General Data Protection Regulation
In principle, you have the right of information, correction, deletion, restriction, data transferability, revocation and objection. If you believe that the processing of your data violates data protection law or your data protection rights have otherwise been violated in any way, you can complain to the supervisory authority. In Austria, this is the data protection authority, whose website you can access at https://www.dsb.gv.at/.
We use software on our website to evaluate the behavior of website visitors, referred to as web analytics or web analysis. In doing so, data is collected, which the respective analytical tool provider (also called tracking tool) stores, manages and processes. With the help of the data, analyses of user behavior on our website are made and made available to us as the website operator.
Which data will be processed?
What is saved is which content you view on our website, which buttons or links you click on, when you call up a page, which browser you use, which device (PC, tablet, smartphone, etc.) you use to visit the website or which operating system you use. If you agree that location data may also be collected, these can also be processed by the web analytics tool provider.
Your IP address will also be saved. According to the General Data Protection Regulation (GDPR), IP addresses are personal data. However, your IP address is usually stored in pseudonymised form (i.e. in an unrecognizable and shortened form). For the purpose of testing, web analysis and web optimization, no direct data such as your name, age, address or email address is stored. All of this data, if collected, is stored pseudonymised. This way you cannot be identified as a person.
Usage of Dynatrace monitoring
triscon IT-Services GmbH uses the “Dynatrace” software from Dynatrace GmbH for analysis and optimization purposes. The objective of using Dynatrace is to provide an end-to-end performance measurement. The data determined is used to ensure stable operation and to support application development and to provide support to affeced users in the event of disruptions. Dynatrace collects basic information needed to detect, analyse and diagnose technical errors and abnormal response times, including the origin of visitors and the pages accessed. The data processing purposes are as follows:
- Statistical evaluation of website operation
- Website performance optimization
- Error detection and analysis
- Support for visitors in the event of an error
- Improving the usability of the website
Data is collected, such as:
- User name
- IP address
- Browser information
- Device information (PC, tablet, smartphone)
- Operating system
- Usage data (pages accessed, response time of the website, frequency of function usage, …)
The use of Dynatrace Monitoring requires your consent, which we have obtained with our cookie popup. According to Art. 6 Para. 1 lit. a GDPR (consent), this consent represents the legal basis for the processing of personal data, as it may occur when it is collected by web analytics tools.
In addition to consent, there is a legitimate interest on our part in analyzing the behavior of website visitors and thus improving our offer technically and economically. With the help of Dynatrace Monitoring, we can identify errors on the website, identify attacks and improve profitability. The legal basis for this is Article 6 Paragraph 1 lit. f GDPR (legitimate interests).
A corresponding contract for order data processing was concluded with Dynatrace GmbH.
Server log files
In order to optimize this website in terms of system performance, user-friendliness and the provision of useful information about our services, the website provider automatically collects and stores information in so-called server log files. Your browser automatically transmits this information to us. This includes your internet protocol address (IP address), browser and language settings, operating system, referrer URL, your internet service provider and date/time. A combination of this data with personal data sources is not carried out. We reserve the right to subsequently check this data if we become aware of specific indications of illegal use.
The legal basis for such processing is Art. 6 Para. 1 lit. b GDPR, insofar as these cookies are used to collect data to initiate or process contractual relationships. If processing does not serve to initiate or process a contract, our legitimate interest lies in improving the functionality of our website. The legal basis is then Art. 6 Para. 1 lit. f GDPR.
When you close your browser, these session cookies are deleted.
Change cookie settings
If you prevent or restrict the installation of cookies, not all of the functions on our site may be fully usable.
If you contact us by email, we store this correspondence and your data for the purpose of processing the request and any subsequent follow-up questions. We use the Microsoft Outlook mail service and the CRM solution from Hubspot for this and have concluded a corresponding contract for order data processing with these providers.
If you call us, the call data will be stored pseudonymously on the respective end device and with the telecommunications provider used. In addition, data such as name and telephone number can then be sent to us by e-mail and stored to answer inquiries. The data will be deleted as soon as the business case has ended and legal requirements permit.
Job application process at triscon IT-Services GmbH
In case of digital applications we receive from you, we collect your application data electronically in order to process your application. The legal basis for this processing is §26 Para. 1 S. 1 BDSG in conjunction with Art. 88 Para. 1 GDPR.
If you are hired as a result of the application process, we will store the data you provide during the application process in your personnel file for the purpose of the usual organizational and administrative process, naturally in compliance with further legal obligations. The legal basis for this processing is §26 Para. 1 S. 1 BDSG in conjunction with Art. 88 Para. 1 GDPR.
If we do not hire you, we will automatically delete the data submitted to us two months after the final decision is made. We will not delete the data, however, if we must store the data for legal reasons such as evidence of equal treatment of applicants, until any legal action is concluded, or four months. In this case, the legal basis is Art. 6 Para. 1 lit. f GDPR and §24 Para. 1 No. 2 BDSG. Our legitimate interest lies in any legal defense we may have to mount .
If you expressly consent to a longer storage of your data, e.g. for your inclusion in a database of applicants or interested parties, the data will be processed further on the basis of your consent. The legal basis is then Art. 6 Para. 1 lit. a) GDPR. You may withdraw your consent at any time per Art. 7 Para. 3 GDPR with future effect.
Social media links
We integrate the social media sites mentioned below into our website. The integration takes place via a linked graphic of the respective site. The use of these graphics stored on our own servers prevents the automatic connection to the servers of these networks for their display. Only by clicking on the corresponding graphic you will be forwarded to the service of the respective social network.
Once you click, that network may record information about you and your visit to our site. It cannot be ruled out that such data will be processed outside of the EU / outside the GDPR-scope (eg. in the United States).
Initially, this data includes such things as your IP address, the date and time of your visit, and the page visited. If you are logged into your user account on that network, however, the network operator might assign the information collected about your visit to our site to your personal account. If you interact by clicking Like, Share, etc., this information can be stored your personal user account and possibly posted on the respective network. To prevent this, you need to log out of your social media account before clicking on the graphic. The various social media networks also offer settings that you can configure accordingly.
The following social networks are integrated into our site by linked graphics:
We maintain the following online presence on Twitter to present our company and our services and to communicate with customers/prospects:
Twitter is a service provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
We would like to point out that this might cause user data to be processed outside the European Union or outside the GDPR-scope, particularly in the United States. This may increase risks for users that, for example, may make subsequent access to the user data more difficult. We also do not have access to this user data. Access is only available to Twitter.
We maintain the following online presence on LinkedIn to present our company and our services and to communicate with customers/prospects:
LinkedIn is a service of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA.
We would like to point out that this might cause user data to be processed outside the European Union or outside the GDPR-scope, particularly in the United States. This may increase risks for users that, for example, may make subsequent access to the user data more difficult. We also do not have access to this user data. Access is only available to LinkedIn.
We maintain the following online presence on XING to present our company and our services and to communicate with customers/prospects:
XING is a service of New Work SE, Am Strandkai 1, 20457 Hamburg, Germany.
We maintain the following online presence on YouTube to present our company and our services and to communicate with customers/prospects:
YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google USA.
We would like to point out that this might cause user data to be processed outside the European Union or outside the GDPR-scope, particularly in the United States. This may increase risks for users that, for example, may make subsequent access to the user data more difficult. We also do not have access to this user data. Access is only available to YouTube.
We maintain the following online presence on Github to present our company and to communicate with customers/prospects:
Github is a service of Microsoft, San Francisco, California, USA.
We would like to point out that this might cause user data to be processed outside the European Union or outside the GDPR-scope, particularly in the United States. This may increase risks for users that, for example, may make subsequent access to the user data more difficult. We also do not have access to this user data. Access is only available to Github.
Our website uses Google Maps to display our location and to provide directions. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (hereinafter: Google). To enable the display of certain fonts on our website, a connection to the Google server in the USA is established whenever our website is accessed.
If you access the Google Maps components integrated into our website, Google will store a cookie on your device via your browser. Your user settings and data are processed to display our location and create a route description. We cannot prevent Google from using servers in the USA. The legal basis is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in optimizing the functionality of our website.
By connecting to Google in this way, Google can determine from which website your request has been sent and to which IP address the directions are transmitted. If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your browser. Further details can be found in the section about cookies above.
Our website uses Google Ads (formerly Google AdWords) and conversion tracking. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (hereinafter: Google). We use conversion tracking to provide targeted promotion of our site. The legal basis is Art. 6 Para. 1 lit. f GDPR. Our legitimate interest lies in the analysis, optimization, and economic operation of our site.
If you click on an ad placed by Google, the conversion tracking we uses stores a cookie on your device. These so-called conversion cookies expire after 30 days and do not otherwise identify you personally. If the cookie is still valid and you visit a specific page of our website, both we and Google can evaluate that you clicked on one of our ads placed on Google and that you were then forwarded to our website.
The data collected in this way is in turn used by Google to provide us with an evaluation of visits to our website and what visitors do once there. In addition, we receive information about the number of users who clicked on our advertisement(s) as well as about the pages on our site that are subsequently visited. Neither we nor third parties who also use Google Ads will be able to identify you from this conversion tracking.
You can also prevent or restrict the installation of cookies by making the appropriate settings in your browser. Likewise, you can use the browser to delete cookies that have already been stored. However, the steps and measures required vary, depending on the browser you use. If you have any questions, please use the help function or consult the documentation for your browser or contact its maker for support.
In addition, Google provides further information with regard to its data protection practices at
We use Google Fonts on our website. Google Fonts (formerly Google Web Fonts) is a directory of over 800 fonts that Google makes available to users free of charge. Many of these fonts are released under the SIL Open Font License, while others are released under the Apache License. Both are free software licenses. The company Google Ireland Limited (hereinafter “Google”; Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services in Europe.
You do not need to register or enter a password to use Google fonts. Furthermore, no cookies are stored in your browser.
Why we use Google Fonts on our website
Google Fonts is an important component in keeping the quality of our website high. All Google fonts are automatically optimized for the web and this saves data volume and is a great advantage especially for use with mobile devices. When you visit our site, the small file size ensures fast loading times.
Furthermore, Google Fonts are secure web fonts. Different image synthesis systems (rendering) in different browsers, operating systems and mobile devices can lead to errors. Such errors can partially distort texts or entire websites. Thanks to the fast Content Delivery Network (CDN), there are no cross-platform problems with Google Fonts.
Google Fonts supports all major browsers (Google Chrome, Mozilla Firefox, Apple Safari, Opera) and works reliably on most modern mobile operating systems, including Android 2.2+ and iOS 4.2+ (iPhone, iPad, iPod). So we use Google Fonts so that we can present our entire online service as beautifully and uniformly as possible.
Data saved by Google
In terms of data protection, we have integrated the used Google Fonts locally on our website. This means that they are loaded from our own server and not via Google servers. Therefore there is no communication with Google, i.e. no data is sent to third parties.
Legal basis for using Google Fonts
The legal basis for the use of the Google Fonts integrated locally on our website is Article 6 Paragraph 1 Letter f GDPR (legitimate interest).
Video conferencing and streaming
We use software programs that enable us to hold video conferences, online meetings, webinars, display sharing and/or streaming. In a video conference or streaming, information is transmitted simultaneously via sound and moving images. With the help of such video conferencing or streaming tools, we can communicate quickly and easily with customers, business partners, clients and employees over the Internet. Of course, we pay attention to the given legal framework when selecting the service provider.
In principle, third parties can process data as soon as you interact with the software program. Third-party providers of video conferences or streaming solutions use your data and metadata for different purposes. The data helps, for example, to make the tool more secure and to improve the service. In most cases, the data may also be used for the third party’s own marketing purposes.
If you participate in our video conference or in a streaming, your data will also be processed and stored on the servers of the respective service provider. What data is exactly stored depends on the solution used. Each provider stores and processes different and varying amounts of data. As a rule, however, your name, address, contact details such as your e-mail address or your telephone number and your IP address are stored by most providers. Furthermore, information about the device you are using, usage data such as which websites you visit, when you visit a website or which buttons you click can be stored. Data that is shared within the video conference (photos, videos, texts) can also be saved.
If you have agreed that your data can be processed and stored by the video or streaming solution, this consent is the legal basis for data processing (Article 6 Paragraph 1 lit. a GDPR). In addition, we can also offer a video conference as part of our services if this has been contractually agreed with you in advance (Article 6 Paragraph 1 lit. b GDPR). In principle, your data will also be stored and processed on the basis of our legitimate interest (Article 6 Paragraph 1 lit. f GDPR) in quick and good communication with you or other customers and business partners, but only if you have at least given your consent.
Microsoft Teams Data Protection
We use Microsoft Teams, a service for online meetings and video conferences, as a video conferencing tool. Service provider is the American company Microsoft Corporation (hereinafter Microsoft), One Microsoft Way, Redmond, WA 98052-6399, USA.
Microsoft processes your data in the USA, among other places. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can be associated with various risks for the legality and security of data processing.
Microsoft uses so-called standard contractual clauses (= Art. 46 Para. 2 and 3 GDPR) as the basis for data processing by recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or data transfer there. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data also comply with European data protection standards if they are transferred to third countries (such as the USA) and stored there. Through these clauses, Microsoft undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementation decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en
More information about the standard contractual clauses at Microsoft can be found at https://docs.microsoft.com/en-us/compliance/regulatory/offering-eu-model-clauses.
You can find out more about the data processed by using Microsoft in the data protection declaration via https://privacy.microsoft.com/en-us/privacystatement.
Zoom Data Protection
We use Zoom from the American software company Zoom Video Communications (hereinafter Zoom) as video conferencing tool. Corporate headquarters are in San Jose, California, 55 Almaden Boulevard, 6th Floor, CA 95113, USA.
If you use Zoom, data will also be collected from you so that Zoom can provide its services. On the one hand, this is data that you consciously make available to the company. This includes, for example, your name, telephone number or your e-mail address. However, data is also automatically transmitted to Zoom and stored. This includes, for example, technical data from your browser or your IP address. Below we go into more detail about the data that Zoom may collect and store from you:
If you provide data such as your name, user name, email address or telephone number, this data will be stored at Zoom. Content that you upload while using Zoom is also saved. This includes, for example, files or chat logs.
In addition to the IP address mentioned above, the technical data that Zoom automatically saves also includes the MAC address, other device IDs, device type, which operating system you are using, which client you are using, camera type and microphone and speaker type. Your approximate location is also determined and saved. Furthermore, Zoom also stores information about how you use the service. For example, whether you are “zooming” via desktop or smartphone, whether you are using a phone call or VoIP (Voice over IP), whether you are participating with or without video, or whether you are requesting a password. Zoom also records so-called metadata such as the duration of the meeting/call, start and end of meeting participation, meeting name and chat status.
Zoom does not announce a specific time frame for how long data will be stored, but emphasizes that the data collected will be stored for as long as is necessary to provide the services or for its own purposes. The data will only be stored longer if this is required for legal reasons.
In principle, Zoom stores the data collected on American servers, but data can arrive at different data centers worldwide. If you do not want data to be saved during the Zoom meeting, you must not participate in the meeting. However, you always have the right and the opportunity to have all your personal data deleted. If you have a Zoom account, see https://support.zoom.us/hc/en-us/articles/201363243-How-Do-I-Delete-Terminate-My-Account for instructions on how to delete your account.
We have concluded an order processing contract (AVV) with Zoom in accordance with Article 28 of the General Data Protection Regulation (GDPR). This contract is required by law because Zoom processes personal data on our behalf. This clarifies that Zoom may only process data that you receive from us according to our instructions and must comply with the GDPR. The link to the order processing contract (AVV) can be found under https://explore.zoom.us/docs/doc/Zoom_GLOBAL_DPA.pdf.
Changes of this declaration
triscon IT-Services GmbH reserves the right to update this declaration if necessary in order to adapt it to customer feedback, legal and social changes. triscon IT-Services GmbH will inform you about these changes on the website. The changes will become effective if you do not object in writing to triscon IT-Services GmbH (firstname.lastname@example.org) within four weeks.