Welcome to the privacy policy of our website. As the operator of the homepage https://www.citrocasa.com/ we take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations, your selection in the cookie banner and this privacy policy.
Name and address of the responsible body
The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is the:
Citrocasa GmbH
Industriezeile 47
4020 Linz
Austria
Phone: +43 732 750 173 - 0
Fax: +43 732 750 173 - 24
E-Mail:office@citrocasa.com
If you have any questions about data protection, please contact our external data protection officer at Prico GmbH. Please address your request to Sebastian Feldmann, s.feldmann@prico.de.
General information on data processing
Scope of the processing of personal data
We only process our users' personal data to the extent necessary to provide a functional website and the content and services. As a rule, personal data is only processed with the user's consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.
Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a) EU General Data Protection Regulation (GDPR) serves as the legal basis.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c) GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d) GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f) GDPR serves as the legal basis for the processing.
Data erasure and storage duration
Your personal data will be deleted or blocked as soon as the purpose of storage no longer applies and there are no legal retention periods or other requirements to the contrary.
Provision of the website and creation of log files
Description and scope of data processing
Each time our website is accessed, data and information is automatically collected by the computer system of the accessing computer. The following data is collected:
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
Legal basis for data processing
The legal basis for the temporary storage of data and log files is Article 6(1)(f) GDPR.
Purpose of data processing
Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.
Data is stored in log files to ensure the functionality of the website. We also use the data to optimize the website and to ensure the security of our information technology systems. The data is not analyzed for marketing purposes in this context.
These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f) GDPR.
Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymized so that it is no longer possible to identify the accessing client.
Possibility of objection and removal
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user has no option to object.
Contact form and e-mail contact
Description and scope of data processing
It is possible to contact us via the e-mail address office@citrocasa.com or by post. If a website visitor makes use of this option, the data transmitted will be stored by us.
Legal basis for data processing
The legal basis for the processing of data transmitted in the course of sending an e-mail or by post is Art. 6 para. 1 lit. f) GDPR. If the contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b) GDPR.
Purpose of data processing
The processing of personal data serves us solely to process the contact, which also constitutes the necessary legitimate interest in the processing of the data.
Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by email or post, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
Possibility of objection and removal
The user can object to the processing of their data by e-mail or by post. All personal data stored in the course of making contact will then be deleted. In such a case, the conversation cannot be continued.
Newsletter
Nature and purpose of processing
We send out newsletters with current information about our products and offers. Personal data is processed for this purpose. Your consent is obtained for the processing of the data as part of the registration process and reference is made to this privacy policy. The purpose of collecting your e-mail address is to send you the newsletter. The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used. Data will not be passed on to other third parties. The data is used exclusively for sending the newsletter.
Legal basis
The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para. 1 lit. a) GDPR if the user has given consent.
Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. The user's e-mail address is therefore stored for as long as the subscription to the newsletter is active. The other personal data collected during the registration process is generally deleted after a period of seven days.
Revocation
You can unsubscribe from the newsletter at any time. For this purpose, each newsletter contains a corresponding unsubscribe link. This also enables you to withdraw your consent to the storage of the personal data collected during the registration process.
Data transfer to third countries
Among other things, tools from companies based in so-called third countries (i.e. outside the European Union (EU), the European Economic Area (EEA)) may be integrated on our website. If these tools are active, your personal data may be forwarded to the servers of the respective companies. We have no influence on this data processing.
If we process data in a third country or if the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, bodies or companies, this will only take place in accordance with the following legal requirements pursuant to Art. 44 et seq. GDPR:
Use of cookies
Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on your computer system. When a user accesses a website, a cookie may be stored on the user's operating system. These cookies contain a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.
We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change.
We also use cookies on our website that enable an analysis of the user's surfing behavior.
Legal basis for data processing
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f) GDPR.
Insofar as cookies are set to analyze user behavior, this is done on the basis of consent in accordance with Art. 6 para. 1 lit. a) GDPR.
Purpose of data processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary for the browser to be recognized even after a page change. As the website operator, we have a legitimate interest in the storage of cookies for the technically error-free and optimized provision of our services.
The user data collected by technically necessary cookies is not used to create user profiles.
Analysis cookies are used for the purpose of improving the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimize our offer.
Duration of storage, objection and removal options
Cookies are stored on the user's device and transmitted by it to our website. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.
Cookie consent
Cookiebot
Description and purpose
Our website uses the cookie consent technology "Cookiebot" to obtain your consent to the storage of certain cookies in your browser and to document this in compliance with data protection regulations.
When you visit our website, you will be shown a banner in which you can actively select various cookies and thus give your consent to their use. So that the cookie consent tool can assign your visit to you as a user and individually record, log and store the consent settings you have made for a session duration, certain user information (including the IP address) is collected and stored by the cookie consent tool when you visit our website.
Legal basis
The legal basis for the processing of your personal data is Art. 6 para. 1 lit. c) GDPR.
Receiver
The recipient of your personal data is Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark.
Transfer to third countries
Data may be transferred to a third country. We are aware of our responsibility for the security of your personal data and in this case ensure the existence of suitable guarantees within the meaning of Art. 45 f. GDPR.
Duration of data storage
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In addition, the data will be deleted if you assert your right to deletion within the meaning of Art. 17 para. 1 GDPR.
Contractual and legal obligation
There is a legal obligation to provide your personal data. This arises from Art. 5 para. 2 GDPR.
Further data protection information
Further information on data protection can be found here: https://www.cookiebot.com/de/privacy-policy/?utm_source=bing&utm_medium=cpc&utm_campaign=de-brand&utm_device=c&utm_term=coockie%20bot&utm_content=de-de-cookiebot-brand&matchtype=p&campaign_id=425888781&adset_id=1169881442242958&ad_id=73117827727162&geoloc=130527&msclkid=8369f97d120b19551f139e498f38cd17.
Cookies used, services and other functions of the website
Google Ads
Description and purpose
This website uses "Google Ads", an online advertising service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Google Ads enables us to place advertisements in Google search results and in the Google Display Network. We can use conversion tracking and remarketing campaigns to track how users respond to our ads and interact with our website. For this purpose, cookies are stored on your device when you access our website via a Google ad. These cookies do not contain any personal data and do not allow users to be identified. By using remarketing, we can show targeted ads on other websites in the Google network to users who have visited our website.
Legal basis
The legal basis for the processing of your personal data is Art. 6 para. 1 lit. a) GDPR.
Receiver
The recipient of your personal data is Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.
Transfer to third countries
The personal data will be transferred to the United States. The transfer is subject to appropriate safeguards in accordance with Art. 46 GDPR. In addition, we are aware of our responsibility and, where necessary, take further measures to protect the rights and freedoms of natural persons to ensure the protection of personal data.
Duration of data storage
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In addition, the data will be deleted if you assert your right to deletion within the meaning of Art. 17 para. 1 GDPR.
Revocation
You have the right to withdraw your consent at any time, see Art. 7 para. 3 sentence 1 GDPR. This can be done informally and without giving reasons and is effective for the future. Withdrawal of consent does not affect the lawfulness of the processing carried out prior to withdrawal. Further information on this can be found in our privacy policy under "Rights of data subjects".
Contractual and legal obligation
There is no contractual or legal obligation to provide your personal data. However, failure to do so may mean that you will not be able to use our website or will not be able to use it to its full extent.
Further data protection information
Further information on data processing by Google can be found here: Google Privacy Policy.
Piwik Pro (Matomo)
Description and purpose
This website uses the software "Piwik PRO", a web analysis tool, to analyze website usage by visitors. Piwik PRO enables us to evaluate the behavior of users on our website in order to improve our offer. In contrast to other analysis tools, Piwik PRO places great emphasis on data protection and data security by offering flexible hosting options and allowing complete control over the data. The data collected includes information such as the IP address, user behavior on the website (e.g. pages visited, time spent on the site) and technical information about the device used (e.g. operating system, browser type). This data can be used to compile reports on website activity and thus optimize our offering. The IP addresses of users are anonymized by default so that no conclusions can be drawn about individual persons.
Legal basis
The legal basis for the processing of your personal data is Art. 6 para. 1 lit. a) GDPR.
Receiver
The recipient of your personal data is Piwik PRO GmbH, Knesebeckstraße 62/63, 10719 Berlin.
Transfer to third countries
Data may be transferred to a third country. We are aware of our responsibility for the security of your personal data and in this case ensure the existence of suitable guarantees within the meaning of Art. 45 f. GDPR.
Duration of data storage
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In addition, the data will be deleted if you assert your right to deletion within the meaning of Art. 17 para. 1 GDPR.
Revocation
You have the right to withdraw your consent at any time, see Art. 7 para. 3 sentence 1 GDPR. This can be done informally and without giving reasons and is effective for the future. Withdrawal of consent does not affect the lawfulness of the processing carried out prior to withdrawal. Further information on this can be found in our privacy policy under "Rights of data subjects".
Contractual and legal obligation
There is no contractual or legal obligation to provide your personal data. However, failure to do so may mean that you will not be able to use our website or will not be able to use it to its full extent.
Further data protection information
Further information on data protection can be found here: https://piwikpro.de/datenschutz-sicherheit/.
YouTube
Description and purpose
This website uses plugins from the "YouTube" platform operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, YouTube can assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
We use YouTube to embed videos on our website and to provide you with multimedia content. YouTube sets cookies that analyze user behavior and can be used for various purposes, such as to improve video usage or for advertising.
Legal basis
The legal basis for the processing of your personal data is Art. 6 para. 1 lit. a) GDPR.
Receiver
The recipient of your personal data is YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.
Transfer to third countries
The personal data will be transferred to the United States. The transfer is subject to appropriate safeguards in accordance with Art. 46 GDPR. In addition, we are aware of our responsibility and, where necessary, take further measures to protect the rights and freedoms of natural persons to ensure the protection of personal data.
Duration of data storage
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In addition, the data will be deleted if you assert your right to deletion within the meaning of Art. 17 para. 1 GDPR.
Revocation
You have the right to withdraw your consent at any time, see Art. 7 para. 3 sentence 1 GDPR. This can be done informally and without giving reasons and is effective for the future. Withdrawal of consent does not affect the lawfulness of the processing carried out prior to withdrawal. Further information on this can be found in our privacy policy under "Rights of data subjects".
Contractual and legal obligation
There is no contractual or legal obligation to provide your personal data. However, failure to do so may mean that you will not be able to use our website or will not be able to use it to its full extent.
Further data protection information
Further information on data protection can be found here: https://policies.google.com/privacy?hl=de.
Social media plug-ins Facebook, Instagram, LinkedIn
Social plugins from the social media Facebook, Instagram and LinkedIn are used on our website to enable content to be shared or liked. You can usually recognize the plugins by the respective social media logos.
To protect your privacy, we use the Shariff solution on our website. With Shariff, the connection between you and the server of the social network is only established when you actually click on the respective button ("button") of the social network. Your browser then establishes a direct connection to the respective social network and the social network receives the information that and when you have accessed the corresponding page of our online offering, as well as your IP address, details of the browser used, the operating system and the language settings. Activating the plugin constitutes consent within the meaning of Art. 6 para. 1 lit. a) GDPR. You can revoke this consent at any time with effect for the future.
If you do not want the social network to collect data about you through this online service, you must not click on the buttons. If you are logged into the social network, the social network can also assign the information directly to your social network account after the button has been activated.
You can find an overview of the Facebook plugins here: https://developers.facebook.com/docs/plugins/?locale=de_DE. You can find more information about Facebook's data processing and settings options to protect your privacy at http://www.facebook.com/about/privacy/. For Instagram, you can find this information at https://instagram.com/about/legal/privacy/. For LinkedIn, you can find this information at https://de.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.
Applicant data protection
If you apply to us electronically, i.e. by e-mail or via our web form, we will collect and process your personal data for the purpose of handling the application process and implementing pre-contractual measures.
By submitting an application, you are expressing your interest in taking up employment with us. In this context, you provide us with personal data that we use and store exclusively for the purpose of your job search/application. In particular, the following data will be collected: First and last name, e-mail address, telephone number, LinkedIn profile if applicable.
You also have the option of sending documents such as a cover letter, your CV and references. These may contain further personal data such as date of birth, address, etc.
The legal basis for the processing of your applicant data is Art. 6 para. 1 lit. b) GDPR and Art. 9 para. 2 lit. b) GDPR. Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR are voluntarily communicated as part of the application process, their processing is also carried out in accordance with Art. 9 para. 2 lit. b) GDPR (e.g. health data, such as severely disabled status).
Only authorized employees from the HR department or persons involved in the application process have access to your data.
Personal data is stored exclusively for the purpose of filling the vacant position for which you have applied.
Your data will be stored for a period of 6 months after the end of the application process. This is usually done to fulfill legal obligations or to defend against any claims arising from legal regulations. We are then obliged to delete or anonymize your data.
Integration of additional services and content from third parties
Third-party content, such as videos, fonts or graphics originating from other websites, may be integrated into this online offering. In order for this content to be displayed, it is necessary for the respective providers of this content (hereinafter referred to as "third-party providers") to collect the IP address of the user. Without the IP address, it would not be possible to transmit the content to the user's browser, as this is necessary for the display. We endeavor to only integrate content whose providers use the IP address exclusively to provide the content. Nevertheless, we have no influence on whether third-party providers store the IP address for statistical purposes, for example. If we are aware of this, we will inform users accordingly. We would like to provide and optimize our online offering through these integrations.
The legal basis for the integration of additional third-party services and content is Art. 6 (1) (f) GDPR. Our overriding legitimate interest lies in the best possible presentation of our online presence and in the user-friendly and economically efficient provision of our services. Please check the respective data protection conditions before you transmit personal data to these websites.
Other data recipients
If the legal requirements are met (e.g. your consent has been obtained), we may share your personal data with other recipients who provide services for us. Taking into account the principle of data minimization, we limit the disclosure of your personal data to what is necessary. The service providers used receive your personal data as processors (data processing agreement pursuant to Art. 28 GDPR) or as independent data processors. The following categories of service providers or data recipients may receive your data
Access to your data is only granted under strict conditions (confidentiality requirements).
Data security
Unfortunately, the transmission of information via the Internet is not completely secure, which is why we cannot guarantee the security of data transmitted to and via our website via the Internet. However, we take the best possible technical and organizational measures to protect our website and other systems against loss, destruction, access, modification or dissemination of your data by unauthorized persons.
We take precautions to ensure the security of your personal data. Your data is conscientiously protected against loss, destruction, falsification, manipulation and unauthorized access or unauthorized disclosure.
Rights of the data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following "data subject rights" vis-à-vis the controller:
Right to information pursuant to Art. 15 GDPR
You can request confirmation from the controller as to whether personal data concerning you is being processed by us. If such processing is taking place, you can request the following information from the controller:
You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.
Right to rectification pursuant to Art. 16 GDPR
You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you is incorrect or incomplete. The controller must make the correction without delay.
Right to restriction of processing pursuant to Art. 18 GDPR
You may request the restriction of the processing of your personal data under the following conditions:
If the processing of your personal data has been restricted, this data - apart from its storage - may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
Right to erasure pursuant to Art. 17 GDPR
a) Obligation to delete
You may request us to delete the personal data concerning you immediately and we are obliged to delete this data immediately if one of the following reasons applies:
b) Information to third parties
If we have made the personal data concerning you public and we are obliged to delete it in accordance with Art. 17 para. 1 GDPR, we will take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that you, as the data subject, have requested them to delete all links to this personal data or copies or replications of this personal data.
c) Exceptions
The right to erasure does not exist if the processing is necessary
Right to information pursuant to Art. 19 GDPR
If you have asserted the right to rectification, erasure or restriction of processing, we are obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed about these recipients by the controller.
Right to data portability pursuant to Art. 20 GDPR
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons must not be impaired by this.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Right to object pursuant to Art. 21 GDPR
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR.
We will no longer process the personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such marketing.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
Notwithstanding Directive 2002/58/EC, you have the option of exercising your right to object in connection with the use of information society services by means of automated procedures using technical specifications.
Right to revoke the declaration of consent under data protection law pursuant to Art. 7 para. 3 GDPR
You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. To withdraw your consent or to object, simply send us an e-mail.
Right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
Automated decision in individual cases including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a) or g) applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.
Changes to the data protection provisions
We reserve the right to amend this privacy policy at any time with effect for the future so that it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g. when introducing new services.