Processing activities
1. Website usage
Purpose and scope
Each time our website www.cancom.at is accessed, our system automatically collects data and information from the computer system of the accessing device. The following data is automatically collected via log files:
- Browser type and version
- The user’s operating system
- User’s internet service provider
- IP address
- Date and time of access
- Websites from which the user’s system accesses our website
- Websites accessed by the user’s system via our website
We process your personal data in order to detect, prevent and investigate attacks on our website. The system needs to store the IP address to enable the website to be delivered to the user’s computer. To this end, the user’s IP address must be stored for the duration of the session. Data is also stored in log files to ensure the website functions properly and to enable its optimisation
For information on the cookies we collect via the website, please refer to our Cookie Policy.
Legal basis
On the one hand, the temporary storage of certain data is necessary for the security of our IT systems, and, on the other hand, allows us to offer you a user-friendly browsing experience; therefore, the legal basis for the processing is our legitimate interest within the meaning of Article 6(1)(f) of the GDPR.
The collection of data for the purpose of providing the website and the storage of data in log files is strictly necessary for the operation of the website. The user therefore has no right to object under Article 21 of the GDPR.
Recipients of data
We use IT service providers to operate and administer the website; depending on the circumstances, these providers may have access to personal data in accordance with our instructions and on our behalf, in order to be able to provide the commissioned IT services.
Your data will not be passed on to other third parties for their own purposes without your consent.
Duration of storage
Data relating to your visit to the website is deleted or anonymised once your visit has ended. Further storage of anonymised data is possible. This means that, in this case, users’ IP addresses are obfuscated so that it is no longer possible to identify the client making the request and, consequently, no personal reference is possible.
2. Contact form or email
Purpose and scope
You have the option of requesting information about our company, our products, activities or events via a contact form on our website or by email. When you contact us, the data you provide (title, first name and surname, contact details, the content of your enquiry, and any other information you may have provided) will be processed by us in order to answer your questions and deal with your enquiry.
You are free to choose whether to provide us with your data for your enquiry. However, if you do not provide us with this data, we may not be able to deal with your enquiry appropriately.
Legal basis
Data processing following your contact with us is carried out in accordance with Article 6(1)(b) of the GDPR in order to process your enquiry.
Recipients of data
We use Flownative GmbH, Arnimstraße 19C, 23566 Lübeck, Germany, to store and host personal data; they therefore have access to personal data in accordance with our instructions and on our behalf in order to provide the commissioned IT services.
Duration of storage
The data will be retained for as long as contact with the data subject continues, but for no longer than one year after your last contact with us.
3. Newsletter subscription
Purpose and scope
You can subscribe to our newsletter and other mailings to receive information on the latest topics relating to our company, our services, events and other information material.
In addition to your email address, some forms also require your name so that we can address you personally in the newsletter. You may also provide further data on a voluntary basis in some registration forms (e.g. your address).
In addition, the following data is collected upon registration: the IP address of the accessing computer, as well as the date and time of registration. The collection of this data as part of the registration process serves to prevent misuse of the services or of the email address provided.
Legal basis
The legal basis for the aforementioned data processing is Article 6(1)(a) of the GDPR. When using the data for this purpose, the requirements of communications law, in particular Section 174 of the Telecommunications Act 2021 (TKG 2021), are complied with.
Recipients of data
We use IT and marketing service providers to send out the newsletter; these providers only have access to personal data on our behalf and in accordance with our instructions, in order to be able to provide the services commissioned.
Withdrawal of consent
You may cancel your subscription to the newsletter at any time. With every subsequent mailing, you have the option to opt out of receiving future newsletters and email communications free of charge and with ease via electronic means.
Duration of storage
The data processed in this context will be stored for as long as you remain subscribed to the newsletter and, therefore, until you withdraw your consent.
4. Direct marketing
This processing activity also includes customer satisfaction surveys.
Purpose and scope
We use your personal data, insofar as you provide it when making an enquiry via a contact form or email, or to receive the newsletter, for the purposes of direct marketing, namely to send you general information about CANCOM’s activities and products, and to tailor our marketing strategies accordingly, provided you have not previously objected to the use of your data for this purpose.
Legal basis
Carrying out direct marketing is a legitimate interest on our part, enabling us to reach prospective customers and business partners as effectively as possible. The legal basis for the processing is therefore the existence of a legitimate interest pursuant to Article 6(1)(f) of the GDPR.
When using the data for this purpose, we comply with the requirements of communications law, in particular Section 171 of the Telecommunications Act 2021 (TKG 2021).
Recipients of data
For the storage and hosting of personal data, we use Flownative GmbH as an IT service provider, which, on our behalf and in accordance with our instructions, may also have access to personal data in order to provide the commissioned IT services.
We also use service providers to carry out marketing services, conduct marketing campaigns and, in particular, to send out mailings.
Duration of storage
We store your data for up to three years after your last contact with us, unless you object to the processing of your data before then.
5. Event management
Purpose and scope
We process your personal data, whether as a prospective attendee or an actual participant in events, for the organisation and administration of events and participation therein, as well as for managing the dispatch of invitations and other related documents. During events, photographs and/or video recordings may be taken for internal and public reporting purposes. Where personal data is collected as part of a lead scan – for example, when partner companies record your details by scanning your badge or code – this data will be passed on to the relevant partner companies so that they can process the leads collected for their own contact and marketing purposes. If the lead scan takes place in connection with a prize draw, the data collected will also be used to organise and administer the prize draw.
Legal basis
As we process the data solely in connection with your enquiry regarding or participation in an event, we rely on Article 6(1)(b) of the GDPR as the legal basis, namely the fulfilment of an enquiry or a contract. Where photographs and/or video recordings are made, the resulting processing (collection and any publication) of personal data constitutes a legitimate interest in documentation on our part as the organiser (Article 6(1)(f) of the GDPR).
Recipients of data
We engage third parties to provide services in connection with the organisation of events. In this context, access to personal data is necessary. However, this is done exclusively in accordance with our instructions.
Duration of storage
We store the data until the end of the event or until consent to receive event information (invitations, registration confirmations, reminders, follow-ups) is withdrawn.
6. CANCOM software products
Purpose and scope
We process your personal data as a customer of one of our software solutions (for example, Calleague) solely to enable the licence holder to use the product. In this context, CANCOM processes the licence holder’s data as a user in connection with the provision of the product.
Legal basis
As we process the data solely for the purpose of fulfilling a software supply and/or software maintenance contract, we rely on Article 6(1)(b) of the GDPR as the legal basis, namely the performance of a contract.
Recipients of data
We store this data securely and do not transfer it to third parties. The legal basis for this storage and processing is the performance of a contract or the implementation of pre-contractual measures in accordance with Article 6(1)(b) of the GDPR.
Duration of storage
We store your data at least until the end of the contract and for any longer statutory retention period that may apply.
7. Video surveillance at CANCOM
Purpose and scope
We process personal data as part of a video surveillance system to enforce our right to manage our premises, to prevent and investigate criminal offences, to protect persons, buildings and property, and to preserve evidence in the event of incidents. Surveillance takes place across the entire private premises of our company that are not accessible to the public. Appropriate signs are displayed to draw attention to the presence of video surveillance.
Legal basis
The processing of personal data in the context of video surveillance is carried out on the basis of Article 6(1)(f) of the GDPR – legitimate interest. Our legitimate interest lies in the protection of our property, the safety of our employees and customers, and in the prevention and investigation of criminal offences.
Recipients of data
The recorded data is not, as a rule, disclosed to third parties. Disclosure to law enforcement authorities for the purpose of investigating criminal offences takes place only on a case-by-case basis, where necessary. No further disclosure takes place.
Duration of storage
The recordings are stored for a maximum of 10 days at CANCOM’s office locations or for a maximum of 90 days at CANCOM’s data centre locations, unless events require longer storage (e.g. to preserve evidence in a specific incident). They are then automatically deleted.
8. WhatsApp Business channel
Purpose and scope
You have the option to subscribe to our WhatsApp channel to receive regular information about our company, our services, events and other relevant topics (e.g. product updates, exclusive promotions, special offers and much more). As part of this service, we process your mobile phone number, your WhatsApp profile and, where applicable, your name, provided this forms part of your profile. You can also send us messages via the channel; these are handled by our staff.
Legal basis
Your data is processed on the basis of your consent in accordance with Article 6(1)(a) of the GDPR. You may withdraw your consent at any time with future effect by simply typing the word ‘STOP’ in our WhatsApp chat.
Recipients of the data
Messages are sent via the WhatsApp Business service, operated by WhatsApp Ireland Limited, a company of Meta Platforms, Inc. based in the USA. This may involve the transfer of metadata (e.g. communication times, IP address) to the USA, over the processing of which we have no control.
Note on processing by WhatsApp
WhatsApp acts as an independent data controller when using this channel. According to its own statements, WhatsApp does not have access to the content of communications via this channel. Further information on data processing by WhatsApp can be found at: https://www.whatsapp.com/privacy
Duration of storage
Your data will be stored for as long as you remain subscribed to the WhatsApp channel. Upon leaving the channel or withdrawing your consent, your data will be deleted, provided this does not conflict with any statutory retention obligations.
9. Cisco AI Agent chatbot
This system uses artificial intelligence to process your enquiries and provide relevant information. Please note that the content consists of machine-generated text, which may not always be error-free or complete. We ask that you refrain from providing any personal data where possible, as this is not required for the chatbot to function and enables us to comply with the data minimisation principle under Article 5(1)(c) of the GDPR. No automated decision-making with legal effect within the meaning of Article 22 of the GDPR takes place.
Purpose and scope
The Cisco AI Agent is used in the Webex Contact Centre to process enquiries more efficiently, understand customer concerns more quickly and improve service quality. The AI-powered assistant supports our staff in communicating with you.
When using the Cisco AI Agent, the following personal data may be processed:
- Communication content (e.g. chat messages, conversation content)
- Metadata (e.g. date, time, duration of the interaction)
- Customer master data (e.g. name, email address, customer number), where provided by you
- Usage data (e.g. interaction history with the assistant)
Legal basis
Processing is carried out on the basis of Article 6(1)(b) of the GDPR (performance of a contract or implementation of pre-contractual measures) or in accordance with Article 6(1)(f) of the GDPR (legitimate interest in efficient customer service and support).
Recipients of the data
The data is generally hosted within the European Union, in Ireland. Cisco Systems, Inc., as the technical service provider, has its headquarters in the USA. A transfer of personal data to a third country outside the EU/EEA cannot therefore be ruled out. This takes place on the basis of appropriate safeguards, such as the European Commission’s Standard Contractual Clauses in accordance with Article 46 of the GDPR or the currently valid Data Privacy Framework Agreement (adequacy decision pursuant to Article 45 of the GDPR).
Retention period
Personal data is stored only for as long as is necessary to fulfil the purposes for which it was collected, or is deleted after a maximum of 90 days.
10. B2B website visits
Purpose and scope:
When our website is accessed, data is collected and stored for marketing, market research and optimisation purposes in order to identify the companies visiting our website.
The data collected using this technology is encrypted using a one-way function that cannot be reversed (known as hashing). The data is immediately pseudonymised and is not used to personally identify visitors to this website. The following data is processed in this context:
- Name, origin and sector of the visiting company
- Source/referrer of the visiting company
- Search terms (keywords) used
- Visitor behaviour (e.g. subpages visited, time of visit, duration of visit)
Legal basis:
Processing is carried out on the basis of the website operator’s legitimate interests in accordance with Article 6(1)(f) of the GDPR. Our legitimate interest lies in carrying out marketing, market research and optimisation measures.
You may object to the collection and storage of data at any time with future effect by clicking on the following link https://www.salesviewer.com/opt-out to prevent SalesViewer® from collecting data on this website in future. In doing so, a technically necessary opt-out cookie for this website will be stored on your device. If you delete your cookies in this browser, you will need to click this link again.
Recipients of the data:
SalesViewer® GmbH’s technology is used for the purposes stated. SalesViewer® GmbH acts as an IT service provider which, on our behalf and in accordance with our instructions, may also have access to this data in order to provide the commissioned services. Your data will not be passed on to other third parties for their own purposes without your consent.
Duration of storage:
Data stored via SalesViewer® will be deleted as soon as it is no longer required for its intended purpose and provided that there are no statutory retention obligations preventing its deletion.
Information on your rights as a data subject
In accordance with Article 13 of the GDPR, you have the following rights regarding your personal data:
- Right of access under Article 15 of the GDPR: You have the right at any time to request information from us regarding which of your data we process in connection with your enquiry or registration.
- Right to rectification under Article 16 of the GDPR: You may request the rectification or completion of inaccurate or incomplete data.
- Right to erasure under Article 17 of the GDPR: You have the right to have your data erased under certain circumstances, for example if it is not being processed in accordance with data protection requirements.
- Right to restriction of processing under Article 18 of the GDPR: You have the right, in certain cases, to request that the processing of your data be restricted. A restriction means that your data will continue to be stored, but we will not carry out any further processing operations in relation to your data. You may request restriction if: (i) you have contested the accuracy of the personal data, or (ii) the processing is unlawful and you object to erasure, or (iii) although the data is no longer required for the purpose of processing, it may still be required to establish, exercise or defend legal claims.
- Right to data portability pursuant to Article 20 of the GDPR: You also have the right to receive your data in a structured, commonly used and machine-readable format. Upon your request, and provided this is technically feasible, your data will also be transferred directly to other providers.
- Right to object under Article 21 of the GDPR: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) of the GDPR.
Right to lodge acomplaint and supervisory authority
Notwithstanding the possibility of bringing an action before the Regional Court pursuant to Section 29(2) of the Data Protection Act 2018 and any other legal remedies, you have the right to lodge a complaint with the national supervisoryauthority in your place of residence, if you believe that your personal data is being processed unlawfully. In Austria, the Data Protection Authority is the competent authority.
Contact
For data protection matters, as well as to exercise your right to withdraw consent, your right to access your data, your right to data portability and your right to restrict processing, or to request the rectification or erasure of your data, please contact us at the following email address: datenschutz@cancom.com
You can contact our Data Protection Officer at the following email address: datenschutz@cancom.com
Should your requests under this privacy policy not be dealt with within one month, you have the right to lodge a complaint with the data protection authority.
Updates and amendments
We may amend or update parts of this Privacy Policy for technical or legal reasons without giving you prior notice. Please check the current Privacy Policy from time to time to ensure you are up to date with any changes or updates.