GENERAL data protection
How we work with and protect your personal data is very important to us. We therefore wish to provide you with more transparent information about how we deal with your personal data in our daily business.YOUR CONTACT FOR DATA PROTECTION
At TAA, the IT Security Manager (Data Protection Officer) is the internal and external point of contact for all matters related to data security. Please contact TAA’s IT Security Manager:
- If you have a query in relation to personal data processed, stored or transferred by TAA;
- If you have a query in relation to TAA’s data protection policy;
- If you wish to report a personal data security incident or breach to TAA.
(Alternatively, you can always contact TAA directly via taa@taa.at or via +43 512 22422 with your enquiry and it will be passed on to our IT Security Manager)
DATA SUBJECT RIGHTS REQUEST
If you wish to exercise one of your GDPR rights as a Data Subject under Articles 12 – 26 GDPR, then please send an email to datarights@taa.at with the following information:
- Data Subject Name, Surname, Email, Telephone number, Nature of enquiry / which Data Subject right is being exercised?, copy of ID (valid Passport, Drivers Licence, National Identity Card)
WEBSITE: taa.at
Note: For ease of reading, the term "data" is usually used, although personal data is meant. Statutory provisions without indication refer exclusively to those of the GDPR, unless stated otherwise.
Below, we inform you according to the requirements of the GDPR about the nature, extent, purpose of the data collection and their use:
I. NAME AND ADDRESS OF THE CONTROLLER
The controller responsible for data processing is:
Tyrol Air Ambulance GmbH
Fürstenweg 180
6020 Innsbruck
AUSTRIA
T +43 (0) 512 224 22
F +43 (0) 512 288 888
E taa@taa.at
II. PROVIDING THE WEBSITE AND CREATING LOG FILES
1. Description and extent of data processing
Each time our website is accessed, our system automatically records data and information from the accessing computer’s system.
The following data are collected in this regard:
⦁ Information about the browser type and the version used
⦁ The user’s operating system
⦁ The user’s internet service provider
⦁ The user’s IP address
⦁ Date and time of access
⦁ Websites from which the user’s system accessed our website
⦁ Websites which are accessed by the user’s system via our website
2. Legal basis for data processing
The legal basis for the temporary storage of data and the log files is Art. 6, Para. 1, lit. f. GDPR
3. Purpose of data processing
Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. The user’s IP address must remain stored for the duration of the session for this purpose.
Storage in log files is carried out to guarantee the functionality of the website. Additionally, we also use the data to optimise the website and to ensure the security of our IT systems. Evaluation of data for marketing purposes does not take place in this regard.
In these purposes, we also have a legitimate interest in data processing according to Art. 6, Para. 1, lit. f. GDPR
4. Duration of storage
The data shall be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of data being recorded to provide the website, this is done when the respective session is ended.
If data are stored in log files, this is done seven days afterwards at the latest. Extended storage is possible. In this case, users’ IP addresses are deleted or modified so that they can no longer be allocated to the accessing client.
5. Opportunity to object and remove
Data must be recorded under all circumstances to provide the website and store the data in log files for the purpose of operating the website. As a result, the user has no opportunity to object.
III. Use of cookies
1. Description and extent of data processing
Our website uses cookies. Cookies are text files which are stored in the user’s internet browser or on the user’s computer system by the internet browser. If a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic character string, which enables unique identification of the browser the next time the website is called up.
Technically required cookies:
We use cookies to make our website more user-friendly. Some elements of our website require the accessing browser to also be identifiable after a page change.
The following data are stored and transferred in the cookies:
⦁ Hiding the cookie reference
⦁ Login information
⦁ Language settings
Analysis cookies:
Our website also uses cookies which make it possible to analyse the user's browsing behaviour. The following data can be transferred:
⦁ Entered search terms
⦁ Frequency of page views
⦁ Use of website functions
The user data collected in this way are pseudonymised by technical means. It is therefore no longer possible to assign the data to the accessing user. The data are not stored together with other personal user data. When our website is accessed, users are informed of the use of cookies for analysis purposes by means of an information banner, and reference is made to this privacy policy. In this regard, information is also provided about how storage of cookies can be prevented in the
browser settings.
2. Legal basis for data processing
The legal basis for processing your data using technically necessary cookies is Art. 6 Para. 1 lit. f, GDPR). The legal basis for processing personal data by using cookies for analytical purposes, if the user's consent to this has been obtained, is Art. 6 Para. 1 lit. a.
3. Purpose of data processing
The purpose of using technically necessary cookies is to simplify use of the website for users. Some functions of our website cannot be offered without the use of cookies. To this end, the browser must be recognised even after a page change.
The user data collected by technically necessary cookies is not used to create user profiles. The analysis cookies are used for the purpose of improving the quality of our website and its contents. The analysis cookies allow us to find out how the website is used and therefore allow us to continuously optimise it.
In these purposes, we also have a legitimate interest in personal data processing according to Art. 6, Para. 1, lit. f. GDPR
4. Duration of storage and opportunity to object and remove
Cookies are stored on the user’s computer and are transferred from this to our website. Therefore, you as a user have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transfer of cookies. You can delete cookies that have already been stored at any time. This can also be done automatically. There are several ways of managing cookies. The Help button on most browser toolbars shows you how to stop accepting cookies, how to be notified when a new cookie is set, and how to block cookies. If you block cookies, you may not be able to register, log in or use the services to the full.
IV. NEWSLETTER
1. Description and extent of data processing
On our website, there is the possibility to subscribe to a free newsletter. With the registration for the newsletter, the data from the input mask are transmitted to us: Specifically, we need your email address and, optionally, your first and last name along with the form of address (gender) and company name.
Moreover, the following data are collected with the registration:
⦁ Date and time of registration
For the processing of the data, your consent will be obtained within the scope of the registration process.
The data will not be forwarded to any third parties in connection with the data processing for the despatch of newsletters. The data are only used for sending the newsletter.
2. Legal basis for data processing
The legal basis for the processing of the data after registration for the newsletter by the user with the existence of a consent of the user is Art. 6 Para. 1 lit. a. GDPR
3. Purpose of data processing
The collection of your email address serves to send the newsletter.
4. Duration of storage
The data shall be deleted as soon as they are no longer required to achieve the purpose for which they were collected. The email address of the user will accordingly be stored for as long as the subscription to the newsletter is active.
5. Opportunity to object and remove
The subscription of the newsletter can be terminated by the relevant user at any time. A corresponding link can be found in each newsletter for this purpose.
V. WEB ANALYSIS SERVICES
1. Data protection provisions for the application and use of WEBALIZER
When visiting our website, data about the respective access without personal reference is collected and stored, e.g. browser type, date, the website from which you came to us (referrer) and time of the call. We use the Webalizer program to carry out analyses.
The Webalizer web analysis tool works on our server with a complete anonymisation of IP addresses. The IP addresses are not displayed in the analysis tool so that a personal reference is no longer producible and you remain anonymous for us as a user. The anonymised data records are stored on our web server and evaluated in-house for statistical purposes only.
2. Data protection provisions for the application and use of Google Analytics (with anonymisation function)
On this website, the controller has integrated the component of Google Analytics (with the anonymiser function). Google Analytics is a web analytics service. Web analytics is the collection, gathering, and analysis of data about the behaviour of visitors to websites. A web analysis service collects, inter alia, data about the website from which a person has come (the referrer), which sub-pages were visited, or how often and for what duration a sub-page was viewed. Web analytics are mainly used for the optimisation of a website and in order to carry out a cost-benefit analysis of internet advertising.
The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.
For the web analytics through Google Analytics, the controller uses the application “_gat. _anonymizeIp”. By means of this application, the IP address of the internet connection of the data subject is abridged by Google and anonymised when accessing our websites from a member state of the European Union or another contracting state to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyse the traffic on our website. Google uses the collected data and information, inter alia, to evaluate the use of our website and to provide online reports, which show the activities on our websites, and to provide other services concerning the use of our internet site for us.
Google Analytics places a cookie on the information technology system of the data subject. The definition of cookies is explained above. With the setting of the cookie, Google is enabled to analyse the use of our website. With each call-up to one of the individual pages of this internet site, which is operated by the controller and into which a Google Analytics component was integrated, the internet browser on the information technology system of the data subject will automatically submit data through the Google Analytics component for the purpose of online analysis. During the course of this technical procedure, the enterprise Google gains knowledge of personal information, such as the IP address of the data subject, which serves Google, inter alia, to understand the origin of visitors and clicks, and subsequently create commission settlements.
Cookies are used to store personal information, such as the access time, the location from which the access was made, and the frequency of visits of our website by the data subject. With each visit to our internet site, such personal data, including the IP address of the internet access used by the data subject, will be transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may pass these personal data collected through the technical procedure to third parties.
The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the internet browser used would also prevent Google Analytics from setting a cookie on the information technology system of the data subject. In addition, cookies already in use by Google Analytics may be deleted at any time via a web browser or other software programs.
In addition, the data subject has the possibility of objecting to a collection of data that are generated by Google Analytics, which are related to the use of this website, as well as the processing of these data by Google and the chance to preclude any such. For this purpose, the data subject must download a browser add-on under the link https://tools.google.com/dlpage/gaoptoot and install it. This browser add-on tells Google Analytics through a JavaScript, that any data and information about the visits of internet pages may not be transmitted to Google Analytics. The installation of the browser add-ons is considered an objection by Google. If the information technology system of the data subject is later deleted, formatted, or newly installed, then the data subject must reinstall the browser add-ons to disable Google Analytics. If the browser add-on was uninstalled by the data subject or any other person who is attributable to their sphere of competence, or is disabled, it is possible to execute the reinstallation or reactivation of the browser add-ons.
Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/ and under http://www.google.com/analytics/terms/us.html. Google Analytics is further explained under the following Link https://www.google.com/analytics/.
The data will be deleted as soon as they are no longer needed for our recording purposes. In our case, this is usually 26 months.
3. Data protection provisions for the application and use of GOOGLE DOUBLE-CLICK
Our website uses components from DoubleClick, a product from Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States. This is a special online marketing solution for advertising agencies and publishers.
DoubleClick by Google transmits data to the DoubleClick server with every impression, click, or other activity. Each of these data transfers triggers a cookie request to the data subject's browser. If the browser accepts this request, DoubleClick places a cookie on the information technology system of the data subject. The definition of cookies is explained above. The purpose of the cookie is to optimise and display advertising. The cookie is used, inter alia, to serve and display user-relevant advertisements, and to generate reports on advertising campaigns or to improve them. Furthermore, the cookie is used to avoid multiple impressions of the same advertisement.
DoubleClick uses a cookie ID that is required to complete the technical process. For example, the cookie ID is needed to display an advertisement in a browser. DoubleClick can also use the cookie ID to see which advertisements have already appeared in a browser to avoid duplication. DoubleClick also allows the cookie ID to track conversions. Conversions are captured, for example, when a user has previously shown a DoubleClick advertisement and then, with the same internet browser, makes a purchase on the advertiser's website.
A DoubleClick cookie does not contain any personally identifiable information. However, a DoubleClick cookie may contain additional campaign identifiers. A campaign identifier identifies the campaigns the user has already been in contact with.
Each time you visit any of the pages on our website that incorporate a DoubleClick component, your internet browser on your computer will automatically cause the DoubleClick component to submit data to Google for online advertising and commission billing purposes. As part of this technical process, Google becomes aware of data that Google also uses to create commission billing. Google may trace, inter alia, that you have clicked certain links on our website.
You may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the internet browser used would also prevent Google Analytics from setting a cookie on the information technology system of the data subject. In addition, cookies already in use by Google may be deleted at any time via a web browser or other software programs.
Further information and the applicable data protection provisions of DoubleClick by Google may be retrieved under https://www.google.com/intl/de/policies/.
4. Data protection provisions for the application and use of YOUTUBE
On this website, the processing controller has integrated components of YouTube. YouTube is an internet video portal that enables video publishers to set video clips free of charge and other users to free viewing, reviewing and commenting on them. YouTube allows you to publish all kinds of videos, so you can access both full movies and TV broadcasts, as well as music videos, trailers, and videos made by users via the internet portal.
The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, United States. The YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.
With each call-up to one of the individual pages of this website, which is operated by the controller and on which a YouTube component (YouTube video) was integrated, the internet browser on the information technology system of the data subject is automatically prompted to download a display of the corresponding YouTube component. Further information about YouTube may be obtained under https://www.youtube.com/yt/about/en/. During the course of this technical procedure, YouTube and Google gain knowledge of what specific sub-page of our website was visited by the data subject.
If the data subject is logged in on YouTube, YouTube recognises with each call-up to a sub-page that contains a YouTube video, which specific sub-page of our website was visited by the data subject. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.
YouTube and Google will receive information through the YouTube component that the data subject has visited our website, if the data subject at the time of the call to our website is logged in on YouTube; this occurs regardless of whether the person clicks on a YouTube video or not. If such a transmission of this information to YouTube and Google is not desirable for the data subject, the delivery may be prevented if the data subject logs off from their own YouTube account before a call-up to our website is made.
YouTube's data protection provisions, available at https://www.google.com/intl/en/policies/privacy/, provide information about the collection, processing and use of personal data by YouTube and Google.
VI. FIND FREE CAPACITIES MARKETPLACE - ENQUIRY TOOL
1. Description and extent of data processing
On our website, there is a marketplace for free capacities, which can be used for electronic contact and enquiries. If a user uses this option, the data entered in the input screen shall be transferred to us and stored. These data include:
1. Flight data
a. Date
b. From
c. To
d. Accompanying persons
2. Patient data
a. Reference no.
b. Surname
c. First name
d. Date of birth
3. Contact
a. Address
b. Surname
c. First name
d. Company
e. Telephone
f. Email
4. Comment
5. PDF files
The following data are also stored when the message is sent:
1. The user’s IP address
2. Date and time of registration
Alternatively, you can also contact us on the email address provided. In this case, the user’s personal data which are transferred with the email are stored.
Data are not disclosed to third parties in this regard. The data are only used for processing the conversation.
2. Legal basis for data processing
The legal basis for data processing is Art.6, Para, lit.b GDPR.
3. Purpose of data processing
We process personal data from the input screen for the purpose of processing the enquiry. If the user makes contact by email, there is also a required legitimate interest in data processing.
The other personal data processed during the sending process are used to prevent misuse of the contact form and to ensure the security of our IT systems.
4. Duration of storage
The data shall be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the contact form’s input screen and the data sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the situation concerned has been conclusively clarified.
Additional personal data that has been collected during the transmission process are deleted following a duration no longer than seven days.
5. Opportunity to object and remove
The user has the possibility at any time to revoke his consent to the processing of personal data. If the user contacts us by email, he may object to the storage of his personal data at any time. In such a case, the conversation cannot continue.
If you have any objection, please let us know via our email address mentioned above. All personal data stored in the course of contacting will be deleted in this case.
VII. DATA PROTECTION FOR APPLICATIONS AND APPLICATION PROCEDURES
On our website, users are given the opportunity to apply to advertised positions at TAA. The personal data that are transmitted to the data controller result from the input screen used for this purpose.
If the data controller concludes a contract of employment with an applicant, the data transmitted will be stored for the purposes of the employment relationship in accordance with the statutory regulations. If no employment contract is concluded with the candidate by the data controller, the application documents will be automatically deleted two months following announcement of the rejection decision, unless deletion precludes other legitimate interests of the data controller.
VIII. CONTACT FORM AND EMAIL CONTACT
1. Description and extent of data processing
A contact form is available on our website, which can be used for the electronic contact. If a user uses this option, the data entered in the input screen shall be transferred to us and stored. These data are:
1. Address (gender)
2. Title
3. First name
4. Surname
5. Telephone number
6. Email
7. Message
8. Requested call-back time
The following data are also stored when the message is sent:
1. The user’s IP address
2. Date and time of registration
Alternatively, you can also contact us via the email address provided above. In this case, the user’s personal data which are transferred with the email are stored.
Data are not disclosed to third parties in this regard. The data are only used for processing the enquiry.
2. Legal basis for data processing
The legal basis for data processing, provided that the user has given his consent to this effect, is Art. 6, Para. 1, lit. a GDPR.
The legal basis for processing data transferred in the course of sending an email is Art. 6. Para. 1, lit. f GDPR. If you have contacted us by email with the aim of concluding a contract, Art. 6, Para. 1, lit. b GDPR forms an additional legal basis.
3. Purpose of data processing
We process personal data from the input screen for the purpose of processing contact. If the user contacts us by email, there is also a required legitimate interest in data processing.
The other personal data processed during the sending process are used to prevent misuse of the contact form and to ensure the security of our IT systems.
4. Duration of storage
The data shall be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the contact form’s input screen and the data sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the situation concerned has been conclusively clarified.
Additional personal data that has been collected during the transmission process are deleted following a duration no longer than seven days.
5. Opportunity to object and remove
The user has the possibility at any time to revoke his consent to the processing of personal data. If the user contacts us by email, he may object to the storage of his personal data at any time. In such a case, the conversation cannot continue.
If you have any objection, please let us know via our email address mentioned above. All personal data stored in the course of contacting will be deleted in this case.
IX. DATA PROTECTION FOR APPLICATIONS AND APPLICATION PROCEDURES
If personal data are processed by you, you are the data subject within the meaning of GDPR and we, as the data controller, owe you the following rights:
1. Right to information
You may request confirmation from us as to whether personal information concerning you is processed by us.
If such processing exists, you can request information about the following from us:
The purposes and categories of personal information that are processed, including the recipients/recipient categories to whom your information has been or will be disclosed, as well as the planned duration of your data storage. If we use profiling technologies, we will provide you with meaningful information about the logic involved and the implications and effects of such processing for you. Furthermore, we are obligated to inform you about your right to lodge a complaint with the data protection authority. You also have the right to request information about whether the data concerning you is being transmitted to a third country or an international organisation.
2. Right to rectification
You have a right to rectification and/or completion if your processed personal data are incorrect or incomplete. If applicable, we will make the rectification without delay.
3. Right to limitation to the processing
Under the following conditions, you can request the limitation to the processing of your data:
(1) if you dispute the accuracy of the personal data relating to you for a duration, which enables us to check the accuracy of your data;
(2) the process is unlawful and you refuse the deletion of the personal data and instead request the limitation to the use of your data;
(3) we no longer require your data for the purposes of the processing. However, you require these for the assertion, exercising or defence of legal claims, or
(4) if you have filed an objection against the processing and it has not been determined yet whether our legitimate reasons outweigh compared to your reasons.
If the processing of your data was limited, these data may – apart from their storage – only be processed with your consent or for the assertion, exercising or defence of legal claims or for the protection of the rights of another natural person or legal entity.
If the limitation to the processing was limited according to the aforementioned conditions, you will be informed by us before the limitation is revoked.
4. Right to deletion
We are obligated to delete these data without delay if one of the following reasons applies:
(1) Your data are no longer necessary for the purposes, for which they were collected;
(2) You revoke your consent and there is no legal basis otherwise for the processing.
(3) You file an objection against the processing pursuant to Art. 21 Para. 1 and there are no legitimate reasons for the processing that have precedence or you file an objection against the processing pursuant to Art. 21 Para. 2.
(4) Your data were processed unlawfully.
The right to deletion shall not exist insofar the processing is necessary
(1) to fulfil a legal obligation, which requires the processing (e.g. towards public authorities) or to perform a task, which is in the public interest, which was assigned to us;
(2) to assert, exercise or defend legal claims.
5. Right of objection
You have the right at all times, for reasons, which arise from your special situation, to file an objection against the processing of your data, which are carried out owing to Art. 6 Para. 1 lit. e or f GDPR; this also applies to any profiling supported on this provision.
We will no longer process your data, unless it can prove essential reasons that are worthy of protection for the processing, which outweigh your interests, rights and freedom, or the processing serves to assert, exercise or defend legal claims.
If your data are processed in order to conduct direct advertising, you have the right to file an objection against the processing at all times of your data for the purpose of such advertising; this shall also apply to profiling, insofar as it is associated with such direct advertising.
Should you file an objection against the processing for purposes of direct advertising, then the data relating to you will no longer be processed for these purposes.
6. Right to revocation of the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at all times. By revoking the consent, the legality of the processing carried out owing to the consent until the revocation will not be affected.
7. Right to lodge a complaint at a data protection authority
Irrespective of a legal remedy otherwise under administrative law or in court, you have the right to lodge a complaint at a data protection authority pursuant to Art. 24ff DSG 2018 if you are of the opinion that the processing of your data breaches the GDPR.
The data protection authority will inform the complainant about the status and the results of the complaint including the possibility of a court legal remedy.
Innsbruck, May 2018