Privacy Policy

Rudolf Ölz Meisterbäcker GmbH & Co KG is the data controller for this website and, as a provider of a teleservice, is required to inform you at the start of your visit, in a precise, transparent, comprehensible and easily accessible form, using clear and simple language, about the nature, scope and purposes of the collection and use of personal data. This information must be available to you at all times.

We attach the utmost importance to the security of your data and compliance with data protection regulations. The processing of personal data is subject to the provisions of currently applicable European and national laws.

We would like to use the following privacy notice to explain how we handle your personal data and how you can contact us:

Rudolf Ölz Meisterbäcker GmbH & Co KG 
Achstraße 9
PO Box 150
6850 Dornbirn
Austria

T: +43(0)5572/3840-0
E: info@oelz.com

Contact regarding data protection matters
A Data Protection Officer has not been appointed, as the requirements for such an appointment have not been met.

If you have any questions regarding data protection or other data protection-related matters, you can contact our data protection team by email at info@oelz.com or by post at Rudolf Ölz Meisterbäcker GmbH & Co KG, Achstraße 9, Postfach 150, 6850 Dornbirn, Austria.

A. General
For the sake of clarity, we have omitted gender-specific terminology. In the interests of equal treatment, the relevant terms apply to all genders. The definitions of terms used, such as ‘personal data’ or ‘processing’, can be found in Article 4 of the GDPR.

The personal data processed within the scope of this website includes:

Master data (e.g. names and addresses of customers)

Contract data (e.g. services used, information about products)

Usage data (e.g. pages visited on our website) and

Content data (e.g. entries in online forms). 
 

B. Specific
Privacy Notice
We guarantee that we will process your data solely in connection with the handling of your enquiries, for internal purposes, and to provide the services or content you have requested.

2.1 Legal basis for data processing
We process your personal data only in compliance with the relevant data protection regulations and on the following legal bases:

Processing for the performance of our services and the fulfilment of contractual obligations
Article 6(1)(b) GDPR

Processing to comply with our legal obligations
Article 6(1)(c) GDPR

Consent
Art. 6(1)(a) and Art. 7 GDPR

Processing to safeguard our legitimate interests
Art. 6(1)(f) GDPR

2.2 Data transfer to third parties
Please note that when using our website, data may be transferred if you select services offered via the “Cookie Consent Tool” provided on the website.
The provider of our Cookie Consent Tool sets technically necessary cookies. We have specified which provider we use in this privacy policy.

In the context of website hosting, the service provider used may gain access to your data. We have specified which web host we use in this privacy policy.

Where we engage subcontractors to provide our services, we take appropriate legal precautions as well as corresponding technical and organisational measures to ensure the protection of personal data in accordance with the relevant legal provisions.

2.3 Data transfers to a third country or an international organisation
A third country is defined as a country in which the GDPR is not directly applicable. This generally includes all countries outside the EU or the European Economic Area.

Please note that when using our website, data may be transferred to a third country if you select services offered via the “Cookie Consent Tool” provided on the website. If you do not select any services, no data will be transferred to a third country.

This takes into account the EU Commission’s adequacy decision. This states that the country or organisation in question is a safe third country or international organisation offering an adequate level of protection.

The following applies to data transfers to the USA: Since July 2023, an adequacy decision by the European Commission (Data Privacy Framework) has been in place, which recognises the USA as a third country with a level of data protection comparable to that of the EU. The adequacy decision can now serve as a basis for data transfers to certified organisations in the USA.

The US services used have been certified under the Data Privacy Framework. Details can be found on the individual services’ websites.

2.4 Retention period for your personal data
We adhere to the principles of data minimisation and data avoidance. This means that we only store your data for as long as is necessary to fulfil the aforementioned purposes or as stipulated by the various retention periods prescribed by law. Once the relevant purpose no longer applies or upon expiry of the relevant periods, your data will be routinely blocked or deleted in accordance with legal requirements.
 

2.5 Contacting us
Personal data is processed when you contact us electronically (e.g. via the contact form or by email). The information you provide is stored solely for the purpose of processing your enquiry and for any follow-up questions.

We would like to provide you with the legal basis for this:

Processing for the fulfilment of our services and the performance of contractual obligations
Art. 6(1)(b) GDPR

Please note that emails may be read or altered without authorisation and without your knowledge whilst in transit. Furthermore, we would like to draw your attention to the fact that we use software to filter out unwanted emails (spam filter). The spam filter may block emails if they are incorrectly identified as spam due to certain characteristics.

3.1 What rights do you have?

• Right of access
  You have the right to obtain information about your stored data free of charge. Upon request, we will inform you in writing of the personal data we hold about you. This also includes the source and recipients of your data, as well as the purpose of the data processing.
   
• Right to rectification
  You have the right to have your data stored by us rectified if it is inaccurate. In this context, you may request a restriction on processing, e.g. if you dispute the accuracy of your personal data.
   
• Right to restriction of processing
  Furthermore, you may have your data restricted. To ensure that a restriction on your data can be applied at any time, this data must be retained in a restriction file for verification purposes.
   
• Right to erasure
  You may request the erasure of your personal data, provided there are no statutory retention obligations. Where such an obligation exists, we will restrict your data upon request. If the relevant legal requirements are met, we will delete your personal data even without a request from you.
   
• Right to data portability
  You are entitled to request that we provide you with the personal data you have submitted to us in a format that allows it to be transferred to another party.
   

• Right to lodge a complaint with a supervisory authority
  You have the right to lodge a complaint with one of the data protection supervisory authorities.

  The data protection authority responsible for us:
  Austrian Data Protection Authority
  Wickenburggasse 8
  1080 Vienna
  Telephone: +43 1 521 52-25 69
  Email: dsb@dsb.gv.at

  Note: A complaint may also be lodged with any data protection supervisory authority within the EU.
   

1. Right to object
   You have the right at any time to object, on grounds relating to your particular situation, to the processing of your data pursuant to Article 6(1)(e) and (f); this also applies to profiling based on these provisions.

   We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims.

   Where personal data is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling insofar as it is related to such direct marketing. In the event of such an objection, we will no longer process your personal data for the purposes of direct marketing. To do so, simply send us an email to that effect.
    

2. Right to withdraw consent
   You may withdraw your consent to the processing of your data at any time, with effect for the future, without giving any reason. Withdrawing your consent will not result in any disadvantage to you. To do so, simply send us an email to that effect.

   However, such a withdrawal does not affect the lawfulness of the processing carried out up to the time of withdrawal on the legal basis of Article 6(1)(a) of the GDPR.

   To exercise your data subject rights, please send us an email to one of the email addresses listed above.

3.2 Protection of your personal data

We implement state-of-the-art contractual, technical and organisational security measures to ensure compliance with data protection laws and to protect the data we process against accidental or deliberate manipulation, loss, destruction or access by unauthorised persons.

These security measures include, in particular, the encrypted transmission of data between your browser and our server. For this purpose, 256-bit SSL (AES 256) encryption technology is used.


3.3 Your personal data is protected in accordance with the following points (excerpt):

Safeguarding the confidentiality of your personal data
To safeguard the confidentiality of the data we hold about you, we have implemented various measures to control access and access rights.
 

Safeguarding the integrity of your personal data
To safeguard the integrity of your data stored with us, we have implemented various measures for data transfer and input control.
 

Safeguarding the availability of your personal data
To safeguard the availability of your data stored with us, we have implemented various measures for order and availability control.

The security measures in place are continuously improved in line with technological developments. Despite these precautions, we cannot guarantee the security of your data transmission to our website due to the inherently insecure nature of the internet. Consequently, any data transmission you undertake is at your own risk.

3.4 Protection of Minors
Personal information may only be provided to us by persons under the age of 16 with the express consent of their legal guardians. This data will be processed in accordance with this privacy policy.

3.5 Server log files
The website provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

• Browser type and browser version
• Operating system used
• Referrer URL
• Hostname of the accessing computer
• Time of the server request
• IP address

This data is not merged with other data sources. The basis for data processing is our legitimate interest pursuant to Article 6(1)(f) of the GDPR.

Cookies are small text files that are stored locally in your web browser’s cache. Cookies enable, for example, the recognition of your web browser. The files are used to help the browser navigate the website and to make full use of all its features.
 

4.1 Cookie Consent Tool
To obtain valid user consent for cookies and cookie-based applications that require consent, we use a so-called “Cookie Consent Tool”.

This website uses the Cookie Consent Tool Cookiehub provided by CookieHub ehf, Hafnargata 55, 230 Reykjanesbæ, Iceland.

The “Cookie Consent Tool” is display to users when they visit the page in the form of an interactive user interface, on which consent for specific cookies and/or cookie-based applications can be granted by ticking the relevant boxes. When using the tool, all cookies/services requiring consent are only loaded if the respective user grants the relevant consent by ticking the appropriate boxes. This ensures that such cookies are only set on the user’s device if consent has been granted.
The tool sets technically necessary cookies to save your cookie preferences. Personal user data is not processed in this context.

If, in individual cases, the storage, assigning or logging cookie settings does result in the processing of personal data (such as the IP address), this is carried out in accordance with Article 6(1)(f) of the GDPR on the basis of our legitimate interest in legally compliant, user-specific and user-friendly consent management for cookies and, consequently, in the legally compliant design of our website.

A further legal basis for the processing is Article 6(1)(c) of the GDPR. As the data controller, we are subject to the legal obligation to make the use of technically non-essential cookies dependent on the user’s consent.

Further information about the operator and the settings options of the cookie consent tool can be found directly in the relevant user interface on our website.
 

4.2 Website Hosting
Our website is hosted and its content displayed by MASSIVE ART Deutschland GmbH, Parkstrasse 40, D-88212 Ravensburg. This company uses the following sub-contractor: Hetzner Online GmbH, Industriestr. 25, D-91710 Gunzenhausen.

All data collected on our website is processed on the provider’s servers. We have entered into a data processing agreement with the provider which ensures the protection of our website visitors’ data and prohibits unauthorised disclosure to third parties.
 

4.3 Google reCAPTCHA
We use the reCAPTCHA service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). This service is primarily used to distinguish between input entered by a human user and input generated fraudulently through machine-based or automated processing.

The service involves the transmission of the IP address and any other data required by Google for the reCAPTCHA service to Google and is carried out in accordance with Article 6(1)(f) of the GDPR on the basis of our legitimate interest in establishing individual responsibility on the internet and preventing misuse and spam.

When using Google reCAPTCHA, personal data may also be transferred to the servers of Google LLC in the USA.

Since July 2023, an adequacy decision by the European Commission (Data Privacy Framework) has been in place, which recognises the USA as a third country with a level of data protection comparable to that of the EU. The adequacy decision can now serve as a basis for data transfers to certified organisations in the USA. According to the list of certified companies published by the US Department of Commerce, Google LLC is listed as a certified company.

Further information on Google reCAPTCHA and Google’s privacy policy can be found at: https://www.google.com/intl/de/policies/privacy
 

4.4 Matomo (formerly Piwik) without cookies
This website uses the web analytics software Matomo (www.matomo.org), a service provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, (‘Matomo’), to collect and store certain user information. Pseudonymised user profiles can be created and analysed from this information. The information collected using Matomo technology (including your pseudonymised IP address) is processed on our servers. This website uses Matomo exclusively without the use of cookies, which means that Matomo does not set cookies on your device at any time. Where personal data is also processed in the course of the described operations, such processing is carried out on the basis of our legitimate interest in the statistical analysis of user behaviour for optimisation and marketing purposes in accordance with Article 6(1)(f) of the GDPR.

If you do not consent to the storage and analysis of information from your visit, you can object to the storage and use of such data at any time in future with a single click. In this case, a so-called opt-out cookie will be stored in your browser, with the result that Matomo will not collect any session data. Please note that deleting all your cookies will also delete the opt-out cookie, which may need to be reactivated by you.

4.5 Facebook Pixel for creating Custom Audiences
On our website, we also use the so-called ‘Facebook Pixel’ from the social network Meta, which is operated by Meta Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (‘Facebook’).

When a user clicks on an advertisement displayed on Facebook, an additional parameter is appended to the URL of our linked page by the Facebook Pixel, based on the user’s explicit consent. This URL parameter is then stored in the user’s browser via a cookie set by our linked page itself following the redirection. The cookie is then read by Facebook Pixel and enables the data, including specific customer data, to be forwarded to Facebook.

The Facebook Pixel enables Facebook to identify visitors to our website as a target group for the display of advertisements (so-called “Facebook Ads”).

The data processing associated with the use of the Facebook Pixel takes place exclusively with your express consent in accordance with Article 6(1)(a) of the GDPR in conjunction with Section 25 of the TDDDG. You may withdraw your consent at any time with future effect. To exercise your right to withdraw consent, remove the tick next to the “Facebook Pixel” setting in the “Cookie Consent Tool” integrated into the website.

We use the Facebook Pixel to ensure that the Facebook ads we place are shown only to those Facebook users who have already shown an interest in our online offering or who exhibit certain characteristics (e.g. interests in specific topics or products, determined on the basis of the websites they have visited), which we transmit to Facebook (so-called “Custom Audiences”).

In addition, we also evaluate the effectiveness of our Facebook adverts for statistical or market research purposes by tracking whether users were redirected to our website after clicking on a Facebook advert (so-called “conversion”).

The data collected does not allow us to draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, meaning a link to the respective user profile is possible and Facebook may use the data for its own advertising purposes, in accordance with the Facebook Data Use Policy (https://www.facebook.com/about/privacy).

The data may enable Facebook and its partners to display advertisements on and outside of Facebook.

When you subscribe to our email newsletter, we will send you regular updates about our offers. Personal data is collected for this purpose. Your email address and country are required in order to receive the newsletter. Your email address is needed to deliver the newsletter, and your country is required so that we can send you the country-specific newsletter. The provision of any further data is voluntary and is used to address you personally.

We use this data for our own advertising purposes in the form of the email newsletter and for tracking, provided you have expressly consented to this as set out below: “I would like to receive the Ölz newsletter, I agree to tracking and I have taken note of the privacy policy.” ”

We use the so-called double opt-in procedure to send the newsletter. This means that we will only send you an email newsletter once you have expressly confirmed that you consent to receiving the newsletter. We will then send you a confirmation email asking you to click on the relevant link to confirm that you wish to receive the newsletter in future.

By clicking the confirmation link, you give us your consent to process your personal data in accordance with Article 6(1)(a) of the GDPR. When you subscribe to the newsletter, we store the IP address provided by your Internet Service Provider (ISP), as well as the date and time of your subscription, so that we can trace any potential misuse of your email address at a later date.

You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a message to us at meisterbaecker@oelz.com. Once you have unsubscribed, your email address will be immediately removed from our newsletter distribution list and added to a block list to ensure that your withdrawal is effective.

5.1 Newsletter distribution via Brevo
Our email newsletters are sent via “Brevo”, a service provided by Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, to whom we pass on the data you provided when you subscribed to the newsletter. This transfer is carried out in accordance with Article 6(1)(f) of the GDPR and serves our legitimate interest in using an effective, secure and user-friendly newsletter system. The data you provide for the purpose of subscribing to the newsletter (e.g. email address) is stored on Sendinblue’s servers within the EU.

Sendinblue uses this information to send and analyse the statistics of the newsletters on our behalf. For the purposes of this analysis, the emails sent contain so-called web beacons or tracking pixels, which are single-pixel image files stored on our website. This allows us to determine whether a newsletter has been opened and, where applicable, which links have been clicked. Technical information is also collected (e.g. time of access, IP address, browser type and operating system). The data is collected exclusively in pseudonymised form and is not linked to your other personal data; direct personal identification is ruled out. This data is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses may be used to better tailor future newsletters to the interests of recipients. If you wish to object to the data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.

Furthermore, Sendinblue may use this data itself in accordance with Article 6(1)(f) of the GDPR on the basis of its own legitimate interest in tailoring the service to users’ needs and optimising it, as well as for market research purposes, for example to determine which countries the recipients are from. However, Sendinblue does not use the data of our newsletter recipients to contact them directly or to pass it on to third parties.

We have entered into a data processing agreement with Sendinblue, under which we oblige Sendinblue to protect our customers’ data and not to pass it on to third parties. You can view Sendinblue’s privacy policy here: https://www.brevo.com/de/legal/privacypolicy

In addition to this website, we also maintain a presence on various social media platforms, which you can access via the relevant buttons on our website. When you visit one of these platforms, personal data may be transmitted to the social media provider. It is possible that, in addition to storing the specific data you enter on that social media platform, the social media provider may also process further information.

Further information is available in our Social Media Privacy Policy. 

6.1 Privacy Notice for Social Media
Information on the collection of personal data

Below, we provide information on how we handle your personal data in connection with our social media pages. Personal data refers to any data that can be used to identify you personally.
Please check carefully what personal data you share with us via any of these platforms. As long as you are logged into your respective account and visit one of the platforms, the platform operator can link this to your profile. We expressly point out that the respective provider stores its users’ data (e.g. personal information, IP address, etc.) and may also use this for commercial purposes.

We have no influence over the data collection and further processing carried out by the platforms. Furthermore, we are unable to ascertain the extent to which, the location where, and the duration for which the data is stored; the extent to which the respective provider complies with deletion obligations; what analyses and links are made with the data; and to whom the data is passed on.

Data may be transferred to a third country or an international organisation. Since July 2023, an adequacy decision has been in place from the European Commission (Data Privacy Framework), which recognises the USA as a third country with a level of data protection comparable to that of the EU. The adequacy decision can now serve as a basis for data transfers to certified organisations in the USA. The providers listed here have been certified under the Data Privacy Framework.

Data controller within the meaning of the General Data Protection Regulation (GDPR)
Rudolf Ölz Meisterbäcker GmbH & Co KG
Achstraße 9
PO Box 150 6850 Dornbirn
Austria

Telephone: +43 5572 / 3840-0
Email: info@oelz.com

insofar as we process the data you provide to us via our social media channels exclusively ourselves.

6.2 Data Protection Officer
No Data Protection Officer has been appointed, as the conditions for such an appointment are not met.

If you have any questions regarding data protection or other data protection-related matters, you can contact our data protection team by email at info@oelz.com or by post at Rudolf Ölz Meisterbäcker GmbH & Co KG, Achstraße 9, Postfach 150, 6850 Dornbirn, Austria.

We reserve the right to amend our privacy policy at short notice to ensure it always complies with current legal requirements or to reflect changes to our services. This may, for example, involve the introduction of new services. The new privacy policy will then apply to your next visit.