top of page

Data protection

Privacy Policy of Main Management

​

1. General Information

The protection of your personal data is a particularly important concern for us. We process your data exclusively on the basis of the legal provisions (GDPR, TKG 2003). In these data protection notices, we inform you about the most important aspects of data processing.

2. Introduction and Overview

We have written this privacy policy (version 02.08.2021-111793304) to explain to you, according to the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (short: data) we as controllers – and the processors we have commissioned (e.g., providers) – process, will process in the future, and what legal options you have. The terms used are intended to be gender-neutral.

In short: We inform you comprehensively about the data we process about you.

Privacy policies usually sound very technical and use legal terms. This privacy policy, on the other hand, aims to describe the most important things to you as simply and transparently as possible. Where it is conducive to transparency, technical terms are explained in a reader-friendly manner, links to further information are provided, and graphics are used. We thereby inform in clear and simple language that we only process personal data when a corresponding legal basis exists. This is certainly not possible if one provides the shortest, unclear, and legally technical explanations, as is often the standard on the internet when it comes to data protection. We hope you find the following explanations interesting and informative and perhaps there is some information you were not aware of. If you still have questions, we ask you to contact the responsible office mentioned below or in the imprint, follow the available links, and read further information on third-party websites. Our contact details can also be found in the imprint.

3. Scope of Application

This privacy policy applies to all personal data processed by our company and all personal data processed by companies commissioned by us (processors). By personal data, we mean information within the meaning of Art. 4 No. 1 GDPR, such as the name, email address, and postal address of a person. The processing of personal data ensures that we can offer and invoice our services and products, whether online or offline. The scope of this privacy policy includes:

  • all online presences (websites) we operate

  • social media presences

  • email communication

In short: The privacy policy applies to all areas in which personal data is processed in a structured manner within the company through the mentioned channels. Should we enter into legal relationships with you outside these channels, we will inform you separately where necessary.

4. Legal Bases

In the following privacy policy, we provide you with transparent information on the legal principles and regulations, i.e., the legal bases of the General Data Protection Regulation, which allow us to process personal data. Regarding EU law, we refer to the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016. You can read this EU General Data Protection Regulation online at EUR-Lex, the access point to EU law, at https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=celex%3A32016R0679.

We only process your data if at least one of the following conditions applies:

  • Consent (Article 6 Paragraph 1 lit. a GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of your entered data from a contact form.

  • Contract (Article 6 Paragraph 1 lit. b GDPR): To fulfill a contract or pre-contractual obligations with you, we process your data. For example, if we conclude a purchase contract with you, we need personal information in advance.

  • Legal Obligation (Article 6 Paragraph 1 lit. c GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally obliged to keep invoices for accounting purposes. These usually contain personal data.

  • Legitimate Interests (Article 6 Paragraph 1 lit. f GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we must process certain data to operate our website securely and economically efficiently. This processing is therefore a legitimate interest.

Other conditions such as the perception of tasks in the public interest and the exercise of official authority as well as the protection of vital interests usually do not apply to us. If such a legal basis should apply, it will be indicated at the appropriate point.

In addition to the EU regulation, national laws also apply:

  • In Austria, this is the Federal Act on the Protection of Natural Persons in the Processing of Personal Data (Data Protection Act), abbreviated as DSG.

  • In Germany, the Federal Data Protection Act, abbreviated as BDSG, applies.

If further regional or national laws apply, we will inform you in the following sections.

5. Contact Details of the Controller

If you have questions about data protection, you will find the contact details of the responsible person or office below:

Hong Mai Nguyen
Belghofergasse 40
1120 Vienna
Phone: +43 68 1818 11 075
Email: Office@mainmanagement.at
www.mainmanagement.at

6. Storage Duration

As a general criterion, we store personal data only as long as necessary for the provision of our services and products. This means that we delete personal data as soon as the reason for data processing is no longer applicable. In some cases, we are legally obligated to store certain data even after the original purpose has ceased to exist, for example, for accounting purposes.

If you request the deletion of your data or revoke your consent to data processing, the data will be deleted as soon as possible and provided there is no obligation to retain it.

We inform you about the specific duration of the respective data processing further below, provided we have more information on this.

7. Rights According to the General Data Protection Regulation

According to Article 13 GDPR, you have the following rights to ensure fair and transparent processing of data:

  • Right of access (Article 15 GDPR): You have the right to know whether we process data from you. If this is the case, you have the right to obtain a copy of the data and the following information:

    • the purpose for which we perform the processing;

    • the categories, i.e., the types of data that are processed;

    • who receives these data and if the data is transmitted to third countries, how the security can be guaranteed;

    • how long the data will be stored;

    • the existence of the right to rectification, deletion, restriction of processing, and the right to object to processing;

    • that you can lodge a complaint with a supervisory authority (links to these authorities can be found below);

    • the origin of the data, if we did not collect it from you;

    • whether profiling is conducted, whether data is automatically evaluated to arrive at a personal profile of you.

  • Right to rectification (Article 16 GDPR): You have the right to have your data corrected if you find errors.

  • Right to erasure (Article 17 GDPR): You have the right to request the deletion of your data, which specifically means you may request your data be deleted.

  • Right to restriction of processing (Article 18 GDPR): You have the right to restrict the processing of your data, meaning we may only store the data but not use it further.

  • Right to data portability (Article 20 GDPR): You have the right to receive your data in a common format upon request.

  • Right to object (Article 21 GDPR): You have the right to object to data processing, which, when enforced, brings a change in processing.

If the processing of your data is based on Article 6 Paragraph 1 lit. e (public interest, exercise of official authority) or Article 6 Paragraph 1 lit. f (legitimate interest), you can object to the processing. We will then review as quickly as possible whether we can legally comply with this objection.

If data is used to conduct direct advertising, you can object to this type of data processing at any time. We may no longer use your data for direct marketing thereafter.

If data is used to conduct profiling, you can object to this type of data processing at any time. We may no longer use your data for profiling thereafter.

  • Right not to be subject to automated decision-making (Article 22 GDPR): You have the right, under certain circumstances, not to be subject to a decision based solely on automated processing (including profiling).

In short: You have rights – do not hesitate to contact the responsible office listed above!

If you believe that the processing of your data violates data protection law or your data protection rights have been violated in another way, you can lodge a complaint with the supervisory authority. In Austria, this is the Data Protection Authority, whose website you can find at https://www.dsb.gv.at/. In Germany, each federal state has a data protection officer. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI).

bottom of page