Privacy Policy
Our organisation, AQUA PEARLS For You and Planet Blue Gemeinnützige Privatstiftung (hereinafter referred to as AQUA PEARLS - contact details can be found below) thanks you for visiting our website and for your interest in our activities.
The processing of personal data is always carried out in accordance with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to AQUA PEARLS. By means of this data protection declaration, our organisation would like to inform the public about the type, scope and purpose of the personal data we collect, use and process and to inform you about the rights to which you are entitled.
We have taken appropriate technical and organisational measures to protect your data against loss, manipulation or unauthorised access. The measures taken are subject to regular review and are continuously adapted to the state of the art.
The data protection declaration applies only to AQUA PEARLS and the associated services, but not to data processing that is controlled and operated by third parties.
1. General information
The AQUA PEARLS data protection notice is based on the terminology of the GDPR.
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. "Non-personal data" is anonymised and is information that cannot be traced back to the data subject under any circumstances. For this reason, non-personal data is not subject to data protection law.
"Data subject" means any identified or identifiable natural person whose personal data is processed by the controller.
"Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
"Controller" or "controller responsible for the processing" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
"Third party" means a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorised to process the personal data.
"Consent" means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. Personal data will only be processed by us in accordance with the applicable data protection regulations. When you correspond with us, you acknowledge that the data you provide will be processed for the purposes described below.
2. Name and address of the controller and contact person
The controller within the meaning of the GDPR, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is
AQUA PEARLS For You and Planet Blue Gemeinnützige Privatstiftung
Walter-Simmer-Str. 4
A-5310 Mondsee
For enquiries relating to data protection, please use the above postal address or contact us via email to info@aquapearls.org
3. Processing of personal data
Your personal data will be processed exclusively for the purposes stated in this privacy policy and to the extent necessary to achieve these purposes. This data will not be passed on without your consent, except in the cases described in this privacy policy and in the case of mandatory national legislation.
3.1. Websitevisit aquapearls.org / RoPA-1088
In the context of hosting and visiting our website aquapearls.org, we process technically necessary personal data of visitors.
Responsible company within the BWT Group: BWT Sports & Digital Services GmbH
The data is processed by: Microsoft Azure Website Hosting, Cloudflare Website Protection, Cookiebot, Website Storage, Cybersecurity and Cookie-Management
The processed data are: Browser agent and IP address
Legal basis for processing: Art. 6 para. 1 lit. b (contract/contract fulfilment), Art. 6 para. 1 lit. f (legitimate interest) and Art. 49 para. 1 lit. b (contract/contract fulfilment)
Purpose of processing: Technically necessary processing of IP address and browser agent (Microsoft Azure Website Hosting, Cloudflare Website Protection), cookie management (Cookiebot)
The data is transferred to a processor in the USA that is certified under the EU-U.S. Data Privacy Framework.
The details of data processing are described in the data processing agreement between BWT and the processor in accordance with Art. 28 GDPR.
3.2. Google Analytics 4 / RoPA-1089
If you have given your consent, Google Analytics 4, a web analytics service provided by Google LLC, is used on this website. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
Google Analytics uses cookies that enable us to analyse your use of our website. The information collected by the cookies about your use of this website is usually transferred to a Google server in the USA and stored there.
We use the User ID function. With the help of the user ID, we can assign a unique, permanent ID to one or more sessions (and the activities within these sessions) and analyse user behaviour across devices
We use Google Signals. This allows Google Analytics to collect additional information about users who have activated personalised ads (interests and demographic data) and ads can be delivered to these users in cross-device remarketing campaigns.
In Google Analytics 4, the anonymisation of IP addresses is activated by default. Due to IP anonymisation, your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. During your visit to the website, your user behaviour is recorded in the form of "events". Events can be- Page views
- First visit to the website
- Start of the session
- Visited web pages
- Your "click path", interaction with the website
- Scrolls (whenever a user scrolls to the bottom of the page (90%))
- Clicks on external links
- Internal search queries
- Interaction with videos
- file downloads
- Ads viewed / clicked on
- language setting
Also recorded:
- Your approximate location (region)
- Date and time of your visit
- Your IP address (in truncated form)
- Technical information about your browser and the end devices you use (e.g. language setting, screen resolution) -
- Your internet provider
- the referrer URL (via which website/advertising medium you came to this website)
Responsible company within the BWT Group: BWT Sports & Digital Services GmbH
The data is processed by: Recipients of the data are/may be Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor pursuant to Art. 28 GDPR)
Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
The data processed are: Browser agent, IP address and cookies Legal basis of the processing: Art. 6 para. 1 lit. a (Consent)
Purpose of processing: On behalf of the operator of this website, Google will use this information to analyse your pseudonymous use of the website and to compile reports on website activity. The reports provided by Google Analytics are used to analyse the performance of our website.
The data is transmitted to a processor in the USA that is certified under the EU-U.S. Data Privacy Framework.
The storage of the data ends with the option to delete your data independently.
The details of data processing are described in the data processing agreement between BWT and the processor in accordance with Art. 28 GDPR.
3.3. Payment Service / RoPA-1098
We use the payment service provider Mollie B.V., Keizersgracht 126, 1015 CW Amsterdam, Netherlands (hereinafter referred to as "Mollie") to control payments. As part of the fulfilment of contracts, we use Mollie on the basis of Art. 6 para. 1 lit. b. GDPR. Otherwise, we use Mollie on the basis of our legitimate interests in accordance with Art. 6 para. 1 lit. f. GDPR. GDPR in order to offer our users effective and secure payment options. The data you enter as part of payment processing is controlled directly by Mollie and is not transmitted to us. Further information on Mollie's data protection can be found in Mollie's privacy policy.
Responsible company within the BWT Group: BWT Sports & Digital Services GmbH
The data is controlled by: Mollie B.V., Keizersgracht 126, 1015 CW Amsterdam, The Netherlands, Mollie processes the data as controller, not as processor.
The processed data are: Payment data, Name and Address. Date of birth, E-Mail Address Legal basis for processing: Art. 6 para. 1 lit. a (Consent), Art. 6 para. 1 lit. b (Contract fulfilment) and Art. 6 para. 1 lit. f (legitimate interest)
Purpose of processing: realisation of donation payments
The storage of the data ends after your cancellation.
4. Storage duration
Unless otherwise stated, we store your personal data, if necessary, for the duration of the entire business relationship (from the initiation, processing to the termination of a contract) and beyond, in accordance with the statutory retention and documentation obligations or for the defence of legal claims. The retention period therefore results from the statutory retention periods or limitation periods. According to the Austrian Commercial Code (UGB) and the Austrian Federal Fiscal Code (BAO), these are 7 7 years and according to the Equal Treatment Act (GIBG) six months. In certain cases, a longer retention period may also be required for the defence of legal claims or due to limitation periods.
5. Rights of data subjects
With regard to the data processing described in more detail below, users and data subjects have the right
- to confirmation as to whether data concerning them is being processed, to information about the processed data, to further information about the data processing and to copies of the data (cf. also Art. 15 GDPR);
- to rectification or completion of incorrect or incomplete data (see also Art. 16 GDPR);
- the immediate erasure of the data concerning them (see also Art. 17 GDPR) or, alternatively, if further processing is required in accordance with Art. 17 para. 3 GDPR, the restriction of processing in accordance with Art. 18 GDPR;
- to receive the data concerning them and provided by them and to transfer this data to other providers/controllers (cf. also Art. 20 GDPR)
- to lodge a complaint with the supervisory authority if they are of the opinion that the data concerning them is being processed by the provider in breach of data protection regulations (see also Art. 77 GDPR). In Austria, this is the data protection authority
- In addition, the provider is obliged to inform all recipients to whom data has been disclosed by the provider of any correction or deletion of data or the restriction of processing that takes place on the basis of Art. 16, 17 para. 1, 18 GDPR. However, this obligation does not apply if this notification is impossible or involves a disproportionate effort. Notwithstanding this, the user has a right to information about these recipients.
- Users and data subjects also have the right to object to the future processing of data concerning them in accordance with Art. 21 GDPR, provided that the data is processed by the provider in accordance with Art. 6 para. 1 lit. f) GDPR. In particular, you have the right to object to data processing for the purpose of direct marketing.
- You can assert these rights at any time in writing directly to AQUA PEARLS, [email protected].
- Please note that we can only provide information about personal data if you can provide appropriate proof of your identity.
08/07/2024