No personal user data are collected on the Axess website, unless the user has voluntarily disclosed them, has otherwise consented, or this is permitted by data protection legislation.
When you visit our site, so-called usage data are temporarily stored as a log on our web server for statistical purposes to improve the quality of our website. This data set consists of:
We use this information to allow you access our website, for control and administration of our systems and to improve the design of our web pages. The data are stored anonymously in accordance with the current data protection law. The creation of personal user profiles is thus excluded. Data relating to persons or their individual behavior are not collected.
Our website can normally be used without providing any personal data. Insofar as any personal information (such as names, addresses, or email addresses) is collected on our website, this will always be done on a voluntary basis as far as possible. This data will not be disclosed to third parties without your explicit consent.
We hereby give notice that data transmitted via the Internet (e.g. via email communication) may be subject to security breaches. It is not possible to protect data completely from third-party access.
The purpose of using cookies is to provide the best possible user experience. We use the data collected in cookies only in anonymous form, we do not create an individual profile of your online activity. You can disable the storage of cookies in your browser, limit the storage to specific websites or adjust your browser so that it notifies you whenever a cookie is sent.
If you send us questions via the contact form, we collect the data requested and the contact details you provide in order to answer your question and any follow-up questions. We do not share this information without your permission.
If you would like to receive our newsletter, we require a valid email address as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive this newsletter. No additional data is collected. We only use this data to send the requested information and do not pass it on to third parties.
You can revoke consent to the storage of your data and email address as well as their use for sending the newsletter at any time, e.g. through the "unsubscribe" link in the newsletter.
You have, at any time, the right to gain knowledge of the data stored concerning your person, the origin and the recipient of the data as well as the purpose of the storage. Please contact us in writing to the address listed in the Legal Notice. In order for us to send you information, you must identify yourself as the person (about which the information is to be provided), or prove that you are authorized to obtain information on a third person..
Our website has integrated plugins ("Plugins") of the social media network facebook.com, operated by Facebook Inc, 1601 South California Avenue, Palo Alto, CA 94304, USA, google.com, operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043,USA (“Google”) and twitter.com, operated by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (“Twitter”). You can recognize the plugins by the Facebook button (http://developers.facebook.com/docs/plugins/), the Google +1 button (https://developers.google.com/+/web/+1button/) and the Twitter button (https://about.twitter.com/resources/buttons).
By clicking on a button above, you agree to use this plugin to and activate it. You will not be connected to a social network without your consent.
If one or more plugins are active, the respective social network will receive the information that you have visited the Axess website with your IP address. If you click the button while you are logged into your user account, you can link the content of the Axess website to your profile. This allows the social media network to assign your visit of the Axess website to your user account.
You can find information about the purpose and details of the data collection, the further use and analysis of the data by the social networks, as well as your relevant rights, control functions and settings for protection of your privacy on the websites of Facebook (www.facebook.com/policy.php), Google (https://www.google.com/policies/privacy/) and Twitter (https://twitter.com/privacy). Detailed information about type, purpose, and use of your personal data can be found under the following links:
If you are a member of Facebook, Google or Twitter and do not want these platforms to collect your data via our website and associate it to your user account, you must disable the plugin or log out of your account before you visit the website. You may also have to delete any cookies locally stored on Facebook, Google and Twitter.
This website uses functions of Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses so-called "cookies", text files that are stored on your computer and that allow an analysis of your use of the website. As a rule, the cookie-generated data regarding your use of this website will be forwarded to a Google server in the USA and stored there. In case IP anonymization is activated on this website, your IP address will be truncated within the area of Member States of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases is the complete IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Internet usage to the website operator.
You may object to the compilation of pseudonymous user profiles at any time. To do so, there are several options:
1.) One way to refuse a web analysis by Google Analytics is to set an opt-out cookie that instructs Google to neither store nor use your data for the purposes of web analysis. Please keep in mind that in this solution the web analysis is only disabled as long as the opt-out cookie is stored on your browser. If you want to set an opt-out cookie now, please click here.
2.) You may refuse the storage of cookies used for the creation of profiles by selecting the appropriate settings in your browser.
3.) Depending on the browser you are using, you have the possibility to install a browser plugin that prevents the tracking. To do this, please click here and install the downloaded browser plugin.
You can prevent data collection by Google Analytics by clicking on the link below. This sets an opt-out cookie which prevents the future collection of your data when visiting this website: Deactivate Google Analytics
You can stop these cookies from being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) for Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de
We have entered into a contract with Google for the processing of data, and are in complete adherence with the strict regulations of the Austrian and European data protection authorities in terms of our use of Google Analytics.
We use the "Activation of IP anonymization" function on this website. In case IP anonymization is activated on this website, your IP address will be truncated within the area of Member States of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases is the complete IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.
Technical and organizational security measures
Axess undertakes, respectively in its contract with the external computer center commissioned by Axess, to take the special requirements of data protection into account. Both the internal as well as the external computer centers are located in Austria. In this context Axess always makes an effort to take all measures, which are necessary for the execution of the order for the processing of the provided data on the data processing systems according to the GDPR as well as to design the inhouse organization so that the requirements of data protection are satisfied. It is ensured that security zones and the group of authorized persons or persons with access authorization are stipulated, access routes are protected accordingly as well as that data carriers are controlled and stored in a secured manner.
It currently particularly concerns the following necessary measures:
1. Admission control:
Unauthorized persons are prohibited from gaining admission to data processing systems, with which data are processed or used. The computer rooms are located in an office building of a mixed region that is classified as earthquake- proof. The admission control – only employees of the IT, Facility and the management – is guaranteed by one of the following measures:
> Authorization /chip card
The presence in the security zone is recorded. Non-authorized personnel and persons who do not belong to the company (service technicians, consultants, cleaning staff, etc.) may only enter the rooms when accompanied by authorized persons. The admission control is supported by the following further organizational/technical measures:
> Alarm system
> Building surveillance
> Video technology
2. Entry control
A use of the data processing systems by unauthorized persons is prevented by the following measures:
Each authorized person has an own password that is only known to him/ her, which must be changed at regular intervals. Automatic protocols (log files) are created with regard to all activities on the data processing and telecommunication system. The use of data processing systems with the help of equipment for data transmission by unauthorized persons is prevented by the following measures:
> VPN (Virtual Private Network)
3. Access control
It is guaranteed that the persons authorized to use a data processing system can exclusively access their data that are subject to access authorization and that data cannot be read, copied, changed or removed without authorization during the processing, use as well as storage. The restriction to the access possibility of the authorized person exclusively to the data subject to his access authorization is guaranteed by the following measures:
> Automatic examination of the access authorization (in the system)
4. Intended use control
It is guaranteed by the following measures that data collected for different purposes are processed separately:
> Software- based (e.g. client segregation)
> Segregation through access regulation (database principle)
> Segregation of test and current data
> Segregation of test and current systems (technology, programs)
Insofar as possible for the respective data processing the primary identification features of the personal data will be removed in the respective data application and stored separately.
6. Transfer control:
It is guaranteed that personal data with the electronic transmission or during their transport or their storage on data carriers cannot be read, copied, changed or removed without authorization and that it can be checked and determined, at which point a transmission of personal data by equipment for the data transmission is envisaged. The shipment of data carriers is documented and controlled by registration and accompanying documents. It is not permitted to bring and use private data carriers into the rooms. Data carriers are destroyed in the following manner:
> Magnetic data carriers by write-over and physical destruction (external service provider) Insofar as the internet is used to forward personal data the following security measures will be used:
> Virtual Private Network (VPN)
7. Input control
It is guaranteed that it can be subsequently checked and determined whether and by whom personal data are entered in, changed or removed from data processing systems. The contractor will document or record inputs for this purpose.
8. Availability control
It is guaranteed by the following measures that personal data are protected against accidental destruction or loss:
> Daily/weekly/monthly/annual data backup
> Storage Area Network (SAN)
> Disk mirroring (RAID among others)
> Uninterruptible power supply (UPS)
> Overvoltage filter
> Emergency generator
> Outsourcing of data
> Fire prevention devices
9. Data protection management
It is ensured that a data protection management is set up and implemented. The data protection management is broken down into the following points:
> List of processing activities
> Contract data processing
> Data protection impact assessment
> Incident response management
> Report of breaches of data protection
> PDCA (Plan, Do, Check, Act): regular checks
10. Incident response management
Measures were taken concerning how the responsible persons should react to potential scenarios. These include data security breaches, DoS (Denial of Service), DDoS (Distributed Denial of Service), gaps in the firewall, outbreaks of viruses or malware and also threats by insiders. The incident response management is divided into six important phases:
> Preparation: Both the users as well as the IT employees are trained or informed that potential incidents happen and which steps have to be initiated.
> Identification: Determination whether an event actually concerns a data protection incident.
> Containment: To limit the damages caused by the incident and isolate the affected systems in order to avoid further damages.
> Eradication: To find the cause or what triggered the incident off and to remove the affected systems from the productive environment.
> Recovery: To integrate affected systems into the productive environment again, after it has been ensured that no further threats exist.
> Gained knowledge: Completion of the incident documentation and analysis what the team or the company can learn from the incident. This way future responses can be improved under certain circumstances.
11. Privacy by Design & Privacy by Default
It is guaranteed that suitable technical and organizational measures were taken, which ensure that by corresponding pre-settings principally only personal data are processed of which the processing is necessary for the respective determined processing purpose:
> Personal data will only be collected if they are necessary for the processing of the contract (season tickets, etc.).
> The setting of cookies in web-shops is only possible with the consent of the user.
> The use of the personal data for marketing purposes is only permitted by the active consent of the user.
12. Order control
It is guaranteed that personal data, which are processed by order, are only processed in line with the instructions of the client. Contracts exist for the following types of contract data processing:
> Data processing by external parties
> Data carrier destruction / disposal by external parties
> Maintenance and remote maintenance by external parties
> Administration / remote administration by external parties
The processing of personal data by order – only in line with the instructions of the client – is guaranteed by the following measures:
> Written instructions
> Offer and confirmation of order
13. Sub-contract data processor
> CN Group CZ s.r.o.
> Agentur LOOP New Media GmbH