ePrivacy and GPDR Cookie Consent by Cookie ConsentData Protection | SUPASO
Data Protection

Privacy Policy

SUPASO GmbH ("SUPASO" or "we") respects your privacy. This privacy policy applies to our website and other data processing by SUPASO.

1. Who is responsible for data processing and whom can I contact?

FN 560156 i
Siebenbrunnengasse 5a/DG2
1050 Vienna

You can reach us at:
Tel: +43 660 5760797
Email: office@supaso.eu

2. What personal data do we process?

By personal data we mean any information relating to an identified or identifiable natural person. We collect personal data from yourself if and when

1. you send us an inquiry via our contact form

If and when you use our contact form, we may collect the following personal data:

  • First and last name

  • Telephone number and e-mail address

  • Company and function

  • Address

The provision of your personal data is voluntary. However, if you do not provide certain data, we may not be able to process your request.

2. you contact us separately, e.g. via e-mail or social media

We may also collect the following personal data if and when you contact us in any other way:

  • First and last name

  • Telephone number and e-mail address

  • Company and function

  • Address

The provision of your personal data is voluntary. However, if you do not provide certain data, we may not be able to process your request.

3. What sources do we use?

We process personal data that we have received or obtained from you. In addition, we process - insofar as this is necessary for the order or enquiry or the processing of the order - personal data that we obtain from publicly accessible sources (e.g. press, internet, social media) in a permissible manner or that are transmitted to us by other companies or other third parties in a permissible manner.

4. Features and links to other websites

For convenience or your information, our website may contain features for which we partner with other companies and links to other websites. These features, which may include social networking and geographic tools, and links to other websites, may be operated independently of Supaso. They may be subject to their own privacy notices or policies, so we strongly recommend that you review them when you visit. To the extent that these features and linked websites you visit are not owned or controlled by SUPASO, we are not responsible for the content of the sites, their use, or their privacy practices.

5. For what purpose and on what legal basis do we process your personal data?

5.1. on the basis of a legitimate interest of SUPASO (Art. 6 para. 1 lit f DSGVO)

Our overriding legitimate interest is that the personal data referred to in section 2 are processed in order to process and respond to your enquiry, order or other contact and, where appropriate, to inform you about our products or to provide to you an offer to order our products.

5.2. with your consent (Art. 6 para. 1 lit a DSGVO)

We process the personal data mentioned under section 2, if necessary, also with your consent (Art. 6 para. 1 lit a DSGVO), which you give to us via our contact form.

You can revoke this consent for the future at any time by sending an e-mail to office@supaso.eu. The revocation of consent does not affect the legality of the data processing carried out on the basis of the consent until the revocation.

6. Who gets my data?

Within SUPASO, your data will be accessed by all those departments that need it to fulfil our contractual and legal obligations. Service providers and vicarious agents used by us may also receive data for these purposes. These are companies in the categories of IT services, logistics, printing services and telecommunications.

Furthermore, in the case of an order, we may pass on your data to external production partners for the purpose of production, who may undertake the manufacture and/or delivery of the products on our behalf.

With regard to the transfer of data to external production or supply partners and other recipients outside SUPASO, it should first be noted that we only transfer necessary personal data in compliance with the applicable data protection regulations. Under these conditions, other recipients of personal data may be, for example:

  • Tax authorities,

  • public bodies and institutions (e.g. tax authorities, law enforcement agencies as well as local supervisory authorities) in the event of a legal or official obligation,

  • Business and income tax auditor,

  • Service providers that we use within the framework of order processing relationships.

Other data recipients may be those bodies for which you have given us your consent to transfer data or to which we are authorised to transfer personal data on the basis of a balancing of interests.

7. Will my data be transferred to a third country?

A data transfer to countries outside the European Union (so-called third countries) takes place, as far as

  • it is required by law (e.g. reporting obligations under tax law),

  • you have given us your consent or

  • this is legitimised by the legitimate interest under data protection law and no notable higher interests of the data subject contravene this transfer.

Your personal data may be transferred to a country outside the European Economic Area (EEA) where data protection laws may be of a lower standard than in the EEA for the reasons set out above. We will ensure that your personal data that may be accessed outside the EEA is treated under appropriate safeguards.

Certain countries outside the EEA, such as Canada and Switzerland, have been recognised by the European Commission as having an adequate level of data protection equivalent to that in the EEA, so no further legal safeguards are required. In countries that do not have an adequate level of data protection, such as India or Japan, we will either request your consent to the transfer or transfer the personal data subject to contractual conditions approved by the European Commission that impose equivalent data protection obligations on the recipient, unless we are entitled under applicable data protection law to make such transfers without such formalities.

8. How long will my personal data be stored?

We process and store your personal data according to the following principles:

  • Based on consent: If you have given your consent in the context of contacting us, we may store your personal data mentioned under section 2 until you revoke your consent for the future. In this case, the personal data will be deleted, unless there are legal storage obligations (these may arise, for example, from corporate law, tax law, federal tax code, etc.) or the personal data are necessary for the preservation of evidence within the framework of the legal statute of limitations.

  • Due to legitimate interests: We store your personal data mentioned in point 2, which we only process on the basis of legitimate interests, only for as long as they are required for the purposes mentioned in section 5. When our legitimate interest has ceased to exist, the personal data will be deleted on a regular basis, unless its - temporary - further processing is necessary to comply with statutory retention obligations, (these may arise, for example, from corporate law, tax law, etc.) or for the preservation of evidence within the scope of statutory limitation provisions. We can store anonymised data indefinitely.

9. What data protection rights do I have?

Under current law, you are entitled to, among other things:

  • review what personal data we hold about you and obtain copies of that data,

  • request the rectification, integration or deletion of your personal data which is incorrect or processed in a way that does not comply with the law,

  • require us to restrict the processing of your personal data,

  • object to the processing of your personal data in certain circumstances or withdraw the consent previously given for the processing,

  • data portability,

  • know the identity of any third party to whom your personal data may be disclosed; and

  • to lodge a complaint with the competent authority. The competent authority for Austria is the Austrian Data Protection Authority (Datenschutzbehörde).