1. General
For us, Österreichische Gesellschaft für Nachhaltige Immobilienwirtschaft („ÖGNI“, „we„, „us„), the protection of your personal data is a matter of utmost importance. Thus, ÖGNI complies with all the applicable provisions on data protection, in particular the General Data Protection Regulation („GDPR„), the Austrian Data Protection Act (Datenschutzgesetz, „DSG„) and the Austrian Telecommunications Act (Telekommunikationsgesetz, „TKG„).
This privacy policy informs you about the type, scope and purpose of collection and processing of your personal data through ÖGNI in connection with visiting and using our website www.ogni.at („Website„).
2. Name and address of the data controller
The data controller responsible for processing your personal data in accordance with data protection regulations is:
Österreichische Gesellschaft für Nachhaltige Immobilienwirtschaft
Mayerhofgasse 1, Top 22
1040 Vienna
The contact details of the data protection officer are office@ogni.at.
3. What is personal data?
Personal data refers to information about data subjects (natural persons) whose identity is determined or at least identifiable (e.g., name, email address, or IP address).
4. What data do we collect from visitors and users of our website?
4.1. Access data when visiting our website
During your visit of our website, we automatically process the following data:
- date and time of your access to a (sub-)page on our website as well as data on interactions with the website (number of visits and duration of stay and chosen language)
- data about your device (screen resolution, ISP and operating system)
- IP address and IP location
- referrer URL
- name and version of your web browser
- session ID
- search engines and keywords you have used to find us
- logfiles (with the help of necessary cookies)
We process your data in connection with your visit to our website for the following purposes:
- to make our website available to you and to further improve and develop this website;
- to detect, prevent and investigate attacks on our website and online services;
- to compile usage statistics for statistical analysis in an anonymous form.
We base the justification for the processing on our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR, which consist of offering our website securely and protecting it from attacks as well as collecting usage statistics.
We generally store your data in connection with your visit to the website for a period of one year.
4.2. Get in contact
If you contact us via the contact e-mail address provided on our website, by telephone or by post, we will process the personal data you provide (e-mail address, name, telephone number, postal address and your inquiry or the associated documents) for the purpose of processing your inquiry and responding to you accordingly.
For the processing and responding, we rely on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR, which is to process and respond to your request quickly and, if necessary, to respond to further queries. If your request results in the conclusion of a contract, we also process the personal data from your request on the basis of our (pre-)contractual obligations in accordance with Art. 6 para. 1 lit. b GDPR.
We store your data for a period of six months to process your contact/enquiry so that we can respond appropriately to follow-up questions. Data will only be stored for longer if a contract is subsequently concluded, due to statutory retention periods or for defense in the event of any legal disputes.
4.3. Newsletter
When you register voluntarily for our newsletter, we process your email address for the purpose of sending you our newsletter, invitations to our events, publications and other information material about projects or about the DGNB System.
We process your personal data in connection with the sending of our newsletter only on the basis of your express voluntary consent in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with § 174 TKG. However, if you do not provide the data, no newsletter can be sent to you. You can revoke your consent at any time with effect for the future (e.g. by e-mail to office@ogni.at or via the „unsubscribe link“ in every newsletter).
Your data for receiving the newsletter will be processed as long as you have not revoked the voluntary consent given for the respective purpose or delete your consent after a maximum of three years of inactivity on your part.
4.4. Registration to events
When you register for events that we organise, we process the personal data you provide (email, name, company) for the purpose of preparing the event and controlling access on the day of the event.
We process this data to fulfil our (pre-)contractual obligations towards the participants in the event pursuant to Art. 6 para. 1 lit. b GDPR and on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR, which lie in being able to organise and hold events.
Your data in connection with the registration for events will be stored as long as it is necessary for the organisation of the event, beyond that only as long as it must be processed within the framework of statutory retention obligations.
4.5. Social Media
You can interact with us on our social media pages by commenting on our posts, reacting to them (eg using the „Like“ button), sharing them, or sending them to other users. We process your interactions, your username and personal data of invited third parties. These data may also be processed by the social media platforms. In this case, we and the respective platform are joint controllers according to Art 26 GDPR. For more information about data processing carried out by the platforms, please refer to the following links:
- Facebook: https://de-de.facebook.com/privacy/policy/
- Instagram: https://de-de.facebook.com/help/instagram/155833707900388
- LinkedIn: https://de.linkedin.com/legal/privacy-policy
- Spotify: https://www.spotify.com/de/legal/privacy-policy/
- XING: https://privacy.xing.com/de/datenschutzerklaerung
- YouTube: https://www.youtube.com/intl/ALL_at/howyoutubeworks/user-settings/privacy/
We process your personal data to answer your questions, give you the opportunity to express yourself, respond to your opinions or feedback and to promote our services. Therefore, the processing is based on both our and your legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR or the fulfilment of our (pre-)contractual obligations pursuant to Art. 6 para. 1 lit. b GDPR.
We retain your personal data for as long as we need it to fulfil the stated purposes. Your data will then be deleted.
4.6. Job Application
Should you submit your application documents to the e-mail office@ogni.at for the purpose of applying to ÖGNI, we will process your e-mail address, your message as well as the content of your application documents in order to determine whether a suitable position is available for you at ÖGNI. The processing is based on our precontractual obligations according to Art. 6 para. 1 lit. b GDPR.
In case a job application does not lead to employment, we store your data for a period of six months from the conclusion of the unsuccessful application process for (i) defending against potential claims under the Austrian Equal Treatment Act (Gleichbehandlungsgesetz, „GlBG“) and (ii) subsequent communication related to your application. The data processing is based on your and our legitimate interests in appropriate staff selection. The legal basis is Art 6 para 1 lit f GDPR. After this storage period, your personal data will be deleted.
If we shall keep your applicant data in evidence for a period of up to 3 years, this will be based on your explicit and voluntary consent pursuant to Art 6 para 1 lit a GDPR. You can revoke this consent at any time without giving reasons with effect for the future.
In case of a successful application process, the data collected will be stored until the end of the employment relationship as long as there are statutory retention periods or any legal claims have not become time-barred.
5. How does the website use cookies?
Cookies are small text files that are stored on the device of a website visitor, provided the visitor’s browser settings allow it. These text files contain domain-bound information that may be read again at a later time. Cookies enable our website to store important data to provide you with our services and make the use of our website more comfortable. For more information on the use of cookies, please refer to our cookie policy here.
6. Do we share your data shared?
We will not pass on your collected personal data mentioned above to third parties unless this is necessary to fulfil our obligations or is required by law/authorities.
However, your personal data will also be processed by our service providers (processors) in order to operate our website and to manage our newsletter and our communication channels. These processors are, in particular, providers of marketing tools, IT service providers, providers of other tools and software solutions, IT maintenance services and other providers of similar services. All our processors process your data only on our behalf and on the basis of our instructions for the purposes described above in accordance with the agreement concluded pursuant to Art 28 GDPR.
Moreover, we may disclose your personal data to the following recipients:
- to external third parties to the extent necessary based on our legitimate interests (eg auditors, collection agencies, insurance companies in case of insurance claims, legal representatives in case of legal matters, etc);
- to courts, authorities and other public bodies to the extent legally required (eg tax authorities, courts, etc.).
Your personal data will not be disclosed to any other third parties for their purposes without your consent.
7. Will your data be transferred to countries outside the EU/EEA?
Your personal data may be transferred to countries outside the European Union (EU) or the European Economic Area (EEA) that provide an adequate level of data protection as determined by adequacy decisions of the European Commission (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en).
The transfer of your personal data to countries that are not part of the EU/EEA and that do not ensure an adequate level of protection will only take place if the controller and the recipients of the data have concluded the European Commission’s Standard Contractual Clauses (SCCs) as appropriate safeguards for the protection of your personal data and have implemented additional security measures or if you have given your express voluntary consent.
8. How do we protect your data?
We do our best to make your visit and use of our website as secure as possible. Thus, we comply with the provisions of Art 32 GDPR to ensure the confidentiality and security of your personal data and have implement appropriate technical and organizational security measures.
9. What are your rights?
You have the right to access the personal data we process about you as data controller (Art 15 GDPR). Moreover, you have the right to rectify incorrect data (Art 16 GDPR) and delete your data („right to be forgotten“; Art 17 GDPR). You may also have the right to restrict the processing of your personal data (Art 18 GDPR) and the right to receive the data you have provided to us in a structured, commonly used and machine-readable format („data portability“, Art 20 GDPR). Furthermore, you can revoke your voluntary given consent to the processing of personal data at any time with effect for the future (Art 7 para 3 GDPR GDPR).
Moreover, you have the right to object to the processing of personal data at any time if there are reasons arising from your particular situation and if we process your data based on our legitimate interest (Art 21 GDPR).
You also have a right to lodge a complaint with the competent supervisory authority (art 77 GDPR). In Austria, this is the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, e-mail: dsb@dsb.gv.at, phone: +43 1 52 152-0.
If you have any questions regarding your personal data, please contact us at office@ogni.at.