Privacy Policy for the Products and Services of Hilfy GmbH (Privacy Policy)

Hilfy GmbH attaches great importance to the protection of your personal data. We respect and protect your privacy. Our company attaches particular importance to the security of your personal data. We are committed to protecting your personal data and processing it in accordance with data protection laws (DSGVO).

The following data protection information provides you with an overview of the personal data we collect from you and how we use your data. In addition, we inform you about your rights under applicable data protection laws and, of course, tell you who to contact if you have any questions. At the same time, we are fulfilling our obligation according to Art. 13 DSGVO.

1. Introduction 

1.1 This Privacy Policy (hereinafter referred to as “Privacy Policy“) governs the relationship between Hilfy GmbH, registration number FN 488463d, a company incorporated under the laws of Austria with its registered office at: Rosenbursenstraße 2/21, 1010 Vienna, Austria, represented by its director Oleksii Rogozhnykov – the “Company” or “We”, “Our” and its customers and website visitors – the “Data Subjects” or “Data Subjects” or “You”, “Your” in connection with the processing of personal data of the Data Subjects obtained in the context of (1) requesting and using the Company’s services by placing the order either on the website by filling in the order form or by calling; Company’s provision of the ordered services, Customer’s payment for the services and performance of other related actions either by Company or Customer (the “Services“); (2) accessing and browsing Company’s website at: https://hilfy.at(the “Landing“); or (3) otherwise and as part of other services subsequently developed and implemented by Company.

1.2 “General Data Protection Regulation” or “GDPR” means the Regulation of the European Parliament and of the Council (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (General Data Protection Regulation).

1.3 “Personal Data”, “Processing”, “Controller”, “Processor”, “Pseudonymization”, “Profiling”, “Restriction of Processing”, “Consent” and other definitions, if used in the Privacy Policy, shall have the meanings given them by the GDPR.

1.4 “Customer”, “Craftsman”, “Administrator” are ascribed the meanings assigned to them by the Terms of Use.

1.5 “Landing Visitor” means the Data Subject who randomly or intentionally accesses and browses the Landing to place the order, familiarize with the Services, explore features and functions of the Landing, view the landing pages and click buttons on the Landing, scroll, etc.

1.6 By providing the Services and the Landing to the Customers and the Landing Visitors, the Company acts as a controller of the Personal Data received from the Customers and the Landing Visitors. Subject to applicable rules and laws, the Company may engage third parties to process the Personal Data and, if necessary, obtain the consent of the Customer or the Landing Visitor to such processing.

2. Categories of personal data collected, purposes and bases of processing

Note: We do not intentionally collect and process the personal data of minors (persons who have not reached the age of majority in their country of residence). If you are aware of such cases, please report them to us.

2.1 In offering and providing the Services and landing, the Company may process certain personal data in relation to the following data subjects to the following extent and for the following purposes:

2.1.1 Personal data received in person:

1) When you access the Landing as a Landing visitor and/or customer, the Company automatically receives what is called “User Agent Data”, including but not limited to your IP address, location, session ID, device type and operating system , screen resolution, browser IDs, preferred language, timestamp, referral source (from where you were directed to the Landing) and other online IDs that are typically received via HTTP requests.

Purpose of processing and legal basis for processing: Processing is necessary for you to access and browse our landing, place the order, communicate with us through our communication tool and interact with us for other purposes of your choice. The processing is also necessary for the performance of the contract in accordance with the Terms of Use. This information is mandatory for the use of the landing and for the provision of services. Legal bases for processing are contract performance and our legitimate interests to prevent possible attacks, fraud, unconscious behavior patterns and to keep our software infrastructure and systems healthy and secure.

2.1.2. personal data obtained in communication with you:

1) By using our communication tool added to the Landing – Jivosite, or the email address of our support team or other contact channel accessible on the Landing, you may voluntarily provide us with your name and contact information (such as email, phone number). , information on the subject of your request and other data that may be necessary to answer your questions and queries.

Purpose of processing and legal basis for processing: Processing may be necessary for you to communicate with us through our communication tool and to interact with us for other purposes of your choice, including the fulfillment of your orders. Processing may also be necessary for the performance of a contract in accordance with the Terms of Use. This information may be mandatory for the provision of services. Legal bases for processing are contract performance, consent where applicable, and our legitimate interests in preventing possible attacks, fraud, unconscious behavior patterns, and keeping our software infrastructure and systems healthy and secure.

2.1.3. personal data necessary to place, accept, execute your orders, process your payments and deliver the services to you:

1) In order to place and accept your order and deliver the Services to you, you may be required to provide us with your first and last name, email address, telephone number, the subject of your order and the address of your premises where you would like our Handyman to arrive to fulfill your order, the preferred date and time for the Handyman’s arrival, payment details for us to process payments and other transactions related to the Services, and other information requested by our Administrator or Handyman. Depending on the current functionality of the Landing, our decision and your preferences, we may choose not to request or accept any of the above information from you. For example, if you choose to be served only by telephone, we may not ask for your email address. Please note that we do not currently accept pictures or photos of bugs, breakages, breakdowns, or videos related to your order and the like. If you send us any of the above, please be informed these materials will not be processed – they will be permanently deleted.

Purpose of the processing and legal bases for the processing:

(1) Your first and last name is usually required to legally identify you, process your order, address you, issue you an invoice and / or receipt for the services provided to you, and identify you in our internal databases and administrative systems. The processing is necessary for the performance of a contract in accordance with the Terms of Use. The information provided is usually mandatory for the provision of services.

(2) Your email address and / or phone number need to be in contact with you, process your order, respond to your inquiries and request additional information from you. The processing is necessary for the performance of a contract under the terms of use. The information provided is mandatory for the provision of services.

(3) The address of your premises, private house, apartment or other type of apartment (street, building number, section, unit, floor, apartment number, etc.) is necessary for our craftsman to come to the place where the breakage or breakdown occurs or a fault you specified has occurred and carry out your order. The processing is necessary for the performance of a contract in accordance with the Terms of Use. The information provided is mandatory for the provision of services.

(4) Subject of your order: You must describe the subject of your request and explain the nature and details of the breach, failure or breakdown in sufficient detail and be prepared to respond to further questions from our administrator. The processing is necessary for the performance of a contract in accordance with the Terms of Use. The information provided is mandatory for the provision of services.

(5) Preferred date and time of arrival of the artisan: Depending on your case and our availability, you may request the arrival of the artisan as soon as possible, set the date and time of the visit of the artisan in advance or our administrator may ask you to set this the preferred date and time of arrival of the artisan or reschedule the visit (for more information on our terms of availability, see the Terms of Use). The processing is necessary for the performance of a contract in accordance with the Terms of Use. The information provided is mandatory for the provision of services.

(6) Payment Details and Transactions: You may use the means of payment permitted under the Terms of Use. Depending on the selected and / or available means of payment, we process, together with our payment processor and banking institution, a certain pool of data Necessary to issue invoices to you, to carry out the payment transactions, to maintain our internal accounting, to resolve any payment disputes, etc., such as. Your bank card number and type, the validity period of the card, the card issuer and the amount due to us the services provided, date of issuance of the invoice, payment period indicated in our invoice, date payment is due, information on payment delays, accrued interest on the amount due, date of full payment of the invoice and other data related to the processing of payments and transactions in connection with the provision of services to you. The processing is necessary for the performance of a contract in accordance with the Terms of Use. The information provided is mandatory for the provision of services.

2.1.4 Customer feedback on the services:

1) You are free at any time to leave or not to leave comments about your satisfaction, the quality of the services on the Landing or other properties of the Company, provided that you allow it.

Purpose of processing and legal basis for processing: We would like to hear your thoughts and feedback on our Services in order to measure customer satisfaction and improve the Services for you. The processing of this information is based on consent. By leaving or sending us your feedback and comments, you are giving us that consent. The information provided is not mandatory for the provision of the Services.

2.1.5. personal data created as a result of your use of the services for promotion:

1) Your use of our Services, the fulfillment of your orders by us, and the delivery of the Services to you obviously result in the creation of a new pool of personal information about you, which may include, but is not limited to , order and payment history , preferred dates and times for artisan visits, the nature and type of your requests, transactions related to the Services provided to you, and other information.

Purpose of processing and legal basis for processing: We may use this data for analytical and statistical purposes to resolve conflicts and inquiries, maintain our internal customer relationship databases without limiting the foregoing, and we will seek to aggregate this data on the Website depersonalization basis when disclosed to third parties such as our potential business partners, investors, stakeholders or anonymized as appropriate. We do not create your profiles for further marketing purposes. By processing this information, we rely on contract performance. The information provided is not mandatory for the provision of the services.

2.1.6. your use of social media on the landing:

1) The landing may contain links and buttons leading to the sharing functions of social networks such as Facebook, Instagram and other social and digital platforms and properties on which the Company may hold and operate its business pages and accounts. Please note that such social media have their own terms and policies. Before following, accessing and using the links and buttons, please familiarize yourself with their documentation. We are not responsible for nor do we control the collection and processing of personal data by such social media. Please do not follow the links to social media or click on their buttons if you do not wish to provide them with personal data.

Purpose of processing and legal basis for processing: Please refer to the terms and policies of the respective social media. The information provided is not mandatory for the provision of the services.

2.1.7 Personal data collected and processed by our processors: Cookie providers and other providers:

1) We use certain cookie providers – third parties on the landing to make it more customizable and improve your user experience, as well as the hosting provider, the mail service provider and the office document provider. Currently, the list of such processors includes:

• Jivosite Inc. (1811 Silverside Road, Wilmington, Delaware, 19810, USA);
• Cybot A / S (Havnegade 39, 1058 Copenhagen, Denmark);
• Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) (provider of Google Ads, Google Analytics, Google Tag Manager, Gmail service, and Google Drive (G Suite));
• Hotjar Ltd (Level 2, St. Julians Business Center, 3, Elia Zammit Street, St. Julians STJ 3155, Malta, Europe);
• Facebook Inc. (1601 Willow Road, Menlo Park, CA 94025, USA);
• EMEA SARL of Amazon Web Services (38 Avenue John F. Kennedy, L-1855, Luxembourg).

We also use our own cookies on the landing. You can find more information about this below.

2) Some cookies are functionally important to allow you to properly access, browse and use the landing and communicate with us as intended. This category includes cookies set by Jivosite Inc. and Cybot A / S. Some cookies are optional and are subject to your consent, namely cookies from Hotjar Ltd and Facebook Pixel from Facebook Inc. Another category of cookies are cookies set by Google Ads and Google Analytics. Below you will find an explanation of what cookies and personal data these third parties collect and process.

1.     Hilfy Own Cookies and Cookies from Cybot A/S and Jivosite Inc.

Purpose of processing and legal basis for processing: Our own cookies and cookies set by JivoChat ensure the correct loading, display, navigation and functioning of the landing. We use the Cookiebot provided by Cybot A / S as a cookie consent tool that allows you to record and capture your cookie choices on the landing. You can not disable this category of cookies, they are mandatory. Below is a list of cookies set by us, Cybot A / S and Jivosite Inc:

Jivosite Inc. may also use and set other cookies for your browser. For more information, see here: https://www.jivochat.com/cookies/.  Data such as your name, city, contact phone numbers and emails may be collected See: https://www.jivochat.com/privacy-notice/.

 Jivosite Inc. may transfer the personal data to the USA. The company is the EU-USA. Privacy Shield participant: https://www.privacyshield.gov/participant?id=a2zt00000008TXvAAM&status=Active.

All data collected by Cybot A / S is stored in databases and file repositories hosted in an Azure data center at Cybot’s cloud provider Microsoft Ireland Operations Ltd in Dublin.

1. Cookies used by Google Ads and Google Analytics; Google Tag Manager

Purpose of the processing and legal basis for the processing: We use the Google Ads campaign to attract the customers. In order for the Google Ads campaign to run properly and deliver our ads offered by Google Ads to the right audience searching for our services. We need to use conversion tags set by Google Ads. For more information on how conversion tracking works, please see the following link: https://support.google.com/google-ads/answer/1722022?hl=de.  In order to achieve the above goal, Google Ads must optimize its algorithms by using the statistical data obtained through Google Analytics cookies set to your browser (https://support.google.com/google-ads/answer/2401634?hl=de). In collecting and processing this personal data, we rely on legitimate interests justified by our legitimate interest assessment.

Google LLC may transfer personal data processed at our direction and on our behalf to the US on an EU-US basis. Privacy Shield certification: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

1) Google Ads:

Google Ads stores a record of the ads it serves in its logs. These server logs typically include your web request, IP address, browser type, browser language, date and time of your request, and one or more cookies that may uniquely identify your browser. For more information, please see the following link: https://policies.google.com/technologies/ads?hl=de-US.

Below you can find a list of cookies set by Google Ads:

2) Google Analytics:

Google Analytics collects certain information about you, such as a range of sessions, session duration, operating systems, device models, geography, and other statistical and analytical data: https://support.google.com/analytics/topic/2919631?hl=en&ref_topic=1008008. 

We use Google Analytics to optimize the Google Ads algorithms and get the most fruitful effect from the advertising campaigns and data obtained through Google Analytics to measure your use of the Landing and our services. Identifiers such as cookies are used to measure your interactions with Landing, while IP addresses are used to ensure the security of our infrastructure and give us a sense of where you are coming from. We may use data collected by Google Analytics to personalize ads, but only with your consent see below how we use Facebook Pixel.

Below you will find a list of cookies set by Google Analytics: 

3) Google Tag Manager: Google Tag Manager is used by us to organize tags from other cookie providers, including tags related to Google Analytics, Google Ads, and Facebook Pixel.

To monitor system stability and performance, Google Tag Manager may collect some aggregate tag triggering data. This data does not include your IP addresses or any specific identifiers that could be associated with you. Other than data in standard HTTP request logs, all of which is deleted within 14 days of receipt, Google Tag Manager does not collect, store, or share any information about you, including page URLs visited. Google Tag Manager decides and controls when to enable or disable certain cookies and collects aggregate, nearly anonymized data about the performance of other cookies.

Our legitimate interests in the use Google Ads and Google Analytics

By processing your personal data using Google Ads, Google Analytics and Google Tag Manager, which are necessary to run our Google Ads advertising campaign that leads you to the landing and services and to set the relevant cookies in your browser, we rely on legitimate information interests as the legal basis for processing based on our legitimate interests assessment. The results of our legitimate interests assessment show that we have a legitimate interest in processing the personal data to facilitate the acquisition of new customers through online advertising campaigns and that these interests do not override your fundamental rights and interests. Otherwise, we would not be able to reach you in the digital age. You can, of course, delete these cookies (see instructions below). However, we ask you not to do so. If you leave them in your browser, you will help us deliver to you and others who seek our services.

You can exercise your right to object to the processing of your personal data that we process on the basis of our legitimate interests and disable / delete the cookies set by Google Ads and Google Analytics for your browser. Please see the following links for the relevant instructions on how to implement the deletion process in different browsers:

(1) For information about the Google Chrome browser, see: https://support.google.com/accounts/answer/32050?co=GENIE.Platform%3DDesktop&hl=en;

(2) For the Firefox browser, please see: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox;

(3) For Safari browser, please visit: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac;

(4) For information on Internet Explorer, see: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies.

III Hotjar Ltd

Purpose of processing and legal basis for processing: We use Hotjar to better understand your needs and optimize landing and services. Hotjar is a technology service that helps us better understand your experience (e.g., how much time you spend on which pages, which links you click, what you do and don’t do, etc.) and allows us to create and maintain Our Landing and Services with your feedback.

Hotjar uses cookies and other technologies to collect data about your behavior and devices. This includes a device’s IP address (processed during your session and stored in an unidentified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and preferred language for viewing the landing. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually prohibited from selling the data collected on our behalf. For more information, please see the “About Hotjar” section on the Hotjar support website. Hotjar also creates a unique user identifier – the UUID assigned to each user. By collecting and processing this personal data, we rely on your consent.

Provided you have given us your consent, recorded using our cookie consent tool, Hotjar Ltd sets the following list of cookies on your browser:

All data collected by Hotjar is stored electronically in Ireland, Europe, in Amazon Web Services infrastructure, eu-west-1 data center. Hotjar application servers and database servers run in an Amazon VPC, Virtual Private Cloud.

1. Facebook Inc.

Purpose of processing and legal basis for processing: we use Facebook Pixel to obtain information about actions taken on landing to make our Facebook ads more relevant to our audience. Facebook Pixel allows us to:

(1) Create target groups;

(2) Set up bidding;

(3) Check events;

(4) Gain Insights;

(5) Analyze behavior;

(6) Capture events with the pixel.

Personal data that may be collected and processed by Facebook Pixel can be found at the following link: https://developers.facebook.com/docs/facebook-pixel/implementation/gdpr/.  We also use certain “additional values”:

(1) Visiting and leaving the landing;

(2) Filling out the form;

(3) Press the call key;

(4) The landing visit lasted more than 30 seconds;

(5) The visitor has sent a request in the chat.

By collecting and processing this personal data, we rely on your consent.

Provided you have given us your consent, recorded using our cookie consent tool, Facebook Inc. sets the following list of cookies on your browser:

Facebook Inc. may transfer personal data to the U.S. and is certified under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks to collect and process personal data of advertisers, customers, or business partners in the European Union or Switzerland in connection with the products and services described in its Privacy Shield Notice (Partner Services). More information: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

1. Amazon Web Services EMEA SARL

Purpose of the processing and legal basis for the processing: We use Amazon Web Services to store, process and host our content in connection with the Landing and the Services. The content is stored on the server in Germany. Amazon Web Services complies with ISO 27018, a code of conduct focused on protecting personal data in the cloud. It is based on ISO Information Security Standard 27002 and provides implementation guidelines for ISO 27002 controls that apply to personally identifiable information (PII) processed by public cloud service providers. For more information or to learn more about AWS ISO 27018 certification, visit the AWS ISO 27018 compliance webpage. For more information, please visit: https://aws.amazon.com/compliance/data-privacy-faq/.

We rely on the contractual performance basis for processing and storing content and personal data with Amazon Web Services EMEA SARL Cloud Hosting.

1. Gmail service from G Suite (Google LLC)

Purpose of processing and legal basis for processing: We use Gmail from Google LLC to receive, process your orders, respond to you in relation to your orders and requests, invoice you for the services provided, send you receipts and other information and materials necessary and / or required to provide you with the landing and services. Please see what personal data Google LLC may collect and process about you in connection with our use of Gmail: https://policies.google.com/privacy#intro. Google LLC may transfer the personal data processed at our direction and on our behalf to the US based on its EU-US. Privacy Shield certification: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. We rely on contract performance as the legal basis for processing personal data with Gmail.

VII. Google Drive from G Suite (Google LLC)

Purpose of processing and legal basis for processing: We use Google Docs and other Google Drive instruments and tools to store, manage and process your orders through the administrators, track your payment obligations to us for the services provided and determine the timing you prefer of our craftsman’s visit, document the nature and description of your order for further review and evaluation of the craftsmen, manage our artisan’s schedule and assign the correct artisan to your order, share information about your order with other parties involved in the delivery of your orders (we will share personal information with such third parties if required arrangements have been made with them), and for other related purposes reasonably expected to be necessary to provide the landing and services to you. Please see what personal data Google LLC may collect and process about you in connection with our use of Google Drive: https://policies.google.com/privacy#intro.

Google LLC may transfer personal data processed at our direction and on our behalf to the US based on its EU-US. Privacy Shield Certification: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. We rely on contract performance as the legal basis for processing personal data with Google Drive.

3. your rights in relation to the processing of personal data

3.1 In connection with accessing, browsing Landing and using the Services, you are entitled to exercise certain rights set forth by the GDPR and described below. However, the exercise of some of these rights may not be possible in relation to the Services Landing and Services taking into account the nature, type, form and other applicable circumstances of the Services.

3.2 Right of access: You may request all personal data processed about you by sending the right of access to the following address: privacy@hilfy.at. The subject line of such request must read “ACCESS TO PERSONAL DATA REQUEST”, with all letters capitalized, otherwise we will ignore it. Please note that at the time of your request, we may not be able to adequately identify you in our systems. Therefore, we may ask you to provide us with additional evidence and information confirming that the personal information belongs to you. If we are still unable to properly identify you, we will send you the rejection. Please give us sufficient time to process your request. This may even take several months.

3.3 Right to rectification: The exercise of the given right depends directly on the category of data concerned: If they are online identifiers that the company receives automatically, their rectification is not possible, but categories of personal data such as your name and surname, phone number, email address and password, address can be corrected either directly at the landing (if the customer cabinet is available) or by sending the appropriate request to: privacy@hilfy.at. If the landing equipped the customer cabinet with the appropriate functionality, your payment data can be corrected to the extent permitted in the customer cabinet.

3.4 Right to erasure (right to be forgotten): Subject to compliance with the obligations set out in the Terms of Use, you may send us a request to erase all personal data that we currently process about you to the following address: privacy@hilfy.at. The subject line of such a request must read: “ERASE ALL DATA REQUEST”, with all letters capitalized, otherwise we will ignore it. Please note that at the time of your request, we may not be able to adequately identify you in our systems. Therefore, we may ask you to provide us with additional evidence and information confirming that the personal information belongs to you. If we are still unable to properly identify you, we will send you the rejection. Please give us sufficient time to process your request. This may even take several months.

3.5 Restriction of processing: You are entitled to request us to restrict processing if you contest the accuracy of the personal data or object to the processing of the personal data for direct marketing. However, exercising the right to restrict processing in relation to certain personal data may not be possible.

3.6 Objection to processing: Please note above your right to disable cookies. We process them depending on our legitimate interests. This right may also apply to the information used for direct marketing, for which the company is obliged to obtain your consent.

3.7 Right to data portability: Unfortunately, the Company does not currently offer the possibility to import your personal data into another program or platform. However, you may still exercise your right to access data as provided above.

3.8 Right to withdraw consent: You have the right to withdraw consent to the processing of personal data provided by you. In particular, you can change your cookie selection by using our cookie consent tool integrated in Landing.

3.9 Automated decision making, profiling: The Company does not currently perform either of these steps. Your consent will be obtained before such activities are carried out.

3.10 Storage period or criteria for the storage of personal data: Your personal data will be stored until:

(1) You are required to provide the Services to you and to make the Landing available to you with all supported features.

(2) Your personal data has been deleted after your “DELETE ALL DATA REQUEST”.

(3) We have received a court order or request from a lawful authority to permanently delete all personal information we have received about you; or

(4) Under other circumstances prescribed by applicable law.

3.11 You have the right to file a complaint with a competent data protection authority.

4. recipients of personal data and transfer of personal data 

4.1 For the purposes of providing the Services to you and operating the Landing, the Company may disclose your Personal Data to certain categories of recipients and in the circumstances set out below:

4.1.1 Vendors, consultants, advisors, suppliers and partners who may act as processors for the Company and provide hosting services, accounting services, software development and support services, advertising campaign services, cookie setting and processing and other functions to run and operate the system landing, maintenance, provision and improvement of the Services. With all these parties, we enter into data processing agreements required by the GDPR to be concluded between controllers and processors to protect and secure personal data through appropriate technical and organizational measures.

4.1.2 Owners, employees of the Company, such as craftsmen, administrators, software development and technical support personnel, or other types of workers that may be contracted by the Company on a case-by-case basis, whether they are employees or not acting on behalf of the Company under service contracts. When contracting employees to support the Services, the Company shall enter into confidentiality and data protection agreements, in addition to any other agreements that may have been entered into with such employees, to ensure adequate safeguards in accordance with the provisions of the GDPR. Regardless of whether the appropriate agreements are in place with employees, we seek to conduct regular training and consultation with our employees who access Personal Data on a regular, daily basis.

4.1.3 Only in strict compliance with the GDPR provisions, the Company may also disclose the Personal Data to governmental authorities after their decision, if there are court orders requiring the Company to disclose the Personal Data. In such a case, the Company will endeavor to disclose only a part of the Personal Data that is strictly necessary to be disclosed, while the rest of the data will continue to be kept confidential.

4.1.4 with other third parties if expressly requested to do so by you and as long as this does not violate the GDPR.

4.2 The technical operation and support of the landing, as well as the technical processing and management of your orders and requests usually involve a regular and permanent transfer of your personal data to a third country, without ensuring an adequate level of data protection for the above purposes .

4.3 The transfer to a third country referred to in paragraph 4.2 is subject to adequate safeguards, namely standard contractual clauses adopted by a supervisory authority and approved by the Commission in accordance with the review procedure referred to in Article 93(2) of the GDPR. You may obtain a copy of the aforementioned adequate safeguards upon prior written request to: privacy@hilfy.at.  We may direct you to take further steps to obtain such copy, including your obligation to undertake confidentiality obligations in connection with the disclosure of the Company’s proprietary and personal information to third parties and the terms of their relationships with the Company .

4.4 Pursuant to paragraph 4.3, the subject of the Customer’s request to obtain a copy of the appropriate safeguards shall be conspicuously marked and highlighted in bold so that it can be noticed without effort and shall have the following content: “REQUEST TO OBTAIN A COPY OF THE APPROPRIATE SECURITIES RELATING TO THE TRANSMISSION OF PERSONAL DATA “. Requests that do not comply with the above instructions will be ignored and left without consideration. The processing of your request to obtain a copy of the relevant safeguards relating to the transfer of personal data may require internal consultation and action. You are therefore requested to allow some time and not to send the request twice, unless we specifically ask you to do otherwise.

4.5 If the Company intends to disclose the Personal Data to another category of recipients not conspicuously listed herein, it will provide you with information about such recipients prior to disclosing the Personal Data.

5. processing security and data breaches

5.1 Taking into account the nature of the services, the scope, context and purposes of the processing, as well as the risk to your rights and freedoms, the cost of implementation and the state of the art, the Company uses appropriate data protection mechanisms to protect your personal data when it is in transit and at rest.

5.2 The data protection mechanisms used by the Company include:

5.2.1 Data encryption (pseudonymization) used at all stages and phases of processing;

5.2.2 Multi-level secured access to Personal Data, including storage of encrypted data on reliable and fail-safe servers that provide access systems only to specifically authorized individuals, including implementation of check-out procedures, entry of electronic access codes and passwords;

5.2.3 Securing our premises where we store our hardware and software for operations and landing support, process your orders and perform other activities necessary to provide the Services to you, with alarm systems and providing specific access badges and access keys, cards and codes to our authorized personnel in all areas where we have our operating facilities;

5.2.4 Teach and instruct our employees on data protection issues. Where possible, we endeavor to conduct internal training and provide data protection instructions to our craftsmen and administrators.

5.2.5 Execution of the data processing agreements required by the GDPR as well as the contractual standard clauses in the circumstances of the transfer of personal data to processors established in third countries that do not ensure an adequate level of data protection with processors contracted by the Company;

5.2.6 The Company will endeavor, where possible, to pursue a range of Processors and recipients of Personal Data only from countries that ensure an adequate level of data protection. However, if such engagement does not appear possible, the Company will enter into a contract with the Processor waived exclusively in accordance with the relevant GDPR provisions requiring adequate safeguards.

5.3 We will make every effort to prevent and avoid personal data breaches. However, if we become aware of the personal data breach despite the technical and organizational measures applied, we will promptly assess the risks to your rights and freedoms and if the risks change Since these risks are high and cannot be mitigated by technical and organizational safeguards, we will notify you of the personal data breach as soon as possible in accordance with the GDPR. In the meantime, all reasonable measures will be taken and every effort will be made to mitigate them Consequences.

6. contacts and requests; changes to the privacy policy

6.1 Please send all your requests and questions related to your rights and freedoms in relation to the protection and processing of personal data carried out by the Company in the context of the provision of the Landing and the provision of the Services to you to: privacy@hilfy.at

6.2 Changes to the Privacy Policy will be displayed in the form of the updated document published on the landing. We may also arrange for updates to the Privacy Policy by archiving the previous versions of the document, which may be accessed in electronic form on the Landing. Please check the Privacy Policy periodically to stay up to date.

Last updated: November 13th, 2020.