VEGA - unmistakably
We are VEGA
English

Data Protection Statement

This website is operated by VEGA International Car-Transport and Logistic Trading GmbH (FN 41599a), hereinafter referred to as "we", "us" and "VEGA", with its registered office in 5020 Salzburg, Schmiedingerstraße 67. In this data protection declaration, we as the responsible party according to Art. 4 Para. 7 GDPR describe which data we collect when you visit our website and for what purpose we process it. In addition, we inform you about how we generally process data of our customers, suppliers and interested parties and finally explain what rights and safeguards we offer in the course of data processing. Please refer to point 11. of this data protection declaration for all relevant contact details.

Since the protection of your personal data is of particular concern to us, we strictly adhere to the legal requirements of the DSG and the GDPR when collecting and processing your personal data.

In the following, we inform you in detail about the scope and purpose of our data processing as well as your rights as a data subject. Therefore, please read our privacy policy carefully before you continue to use our website and, if necessary, give your consent to data processing.

I. Personal data

The use of our website is generally possible without providing personal data. For the use of individual services, however, different rules may apply, to which we will refer you separately.

Therefore, apart from the cookies described in detail below, we only collect and store the data that you yourself provide to us by entering it in our input masks or by actively interacting with our website in any other way.

Personal data is any information relating to an identified or identifiable natural person. This includes, for example, your name, your address, your telephone number or your date of birth, but also your IP address or geolocation data that allow a conclusion to be drawn about you.

II. Use of cookies

a. If you use our website for information purposes only, i.e. if you do not register for a service or otherwise transmit information to us - for example, via a contact form - we only collect the (personal) data that your browser transmits to our server. If you wish to visit our website, we collect the following data, which is technically necessary for us to display the website and to ensure its stability and security in accordance with Art. 6 (1) p. 1 lit. f GDPR:

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request
  • Access status / http status code
  • Amount of data transferred
  • Website from which the request came
  • Browser used
  • Operating system and its interface
  • Language and version of the browser software

However, this data is not processed beyond the purpose of displaying our website.

b. In addition to the data mentioned above, first and third-party cookies are stored on your computer when you use our website; these are small text files that are stored on your hard drive in the browser you are using. The body that sets a cookie (this is done either by us or an explicitly stated third party) thereby receives certain information.

We need these cookies on the one hand to recognise you as a user of the website and on the other hand to be able to track the use of our services. Finally, we may use cookies for marketing purposes in order to analyse your usage behaviour and, if necessary, to send you targeted advertising.

c. A basic distinction can be made between first party cookies, third party cookies and third party requests.

  • First Party Cookies

First party cookies are stored in your browser by us or our website itself in order to offer you the best possible user experience.These are in particular functional cookies, such as shopping cart cookies. We may also use cookies to identify you for subsequent visits if you have an account with us - otherwise you will need to log in each time you visit.

  • Third Party Cookies

Third party cookies are stored in your browser by a third party provider. These are usually tracking or marketing tools that on the one hand evaluate your user behaviour and on the other hand offer the third-party provider the possibility to recognise you on other websites visited. In principle, retarget marketing, for example, is based on the function of such cookies.

  • Third Party Requests

Third party requests are all requests that you, as a site user, make to third parties via our site - for example, if you use plug-ins from social networks or use the services of a payment provider. In this case, no cookies are stored in your browser, but it cannot be ruled out that personal data is sent to this third-party provider through the interaction. For this reason, we also inform you in detail about the tools & applications we use in our privacy policy.

d. In order to inform you comprehensively about the cookies we use, we have designed a cookie banner in accordance with the case law of the ECJ of 01.10.2019, C-673/17 (Planet 49) as well as other relevant decisions, which is displayed to you when you first access our website. This cookie banner shows all cookies used, including their function, storage period and origin. Only if you consent to the use of some or all cookies will they be stored by us; an exception to this may be technically mandatory cookies, without whose use our website could not be displayed correctly.

e. It is possible for you to change your browser settings at any time so that, for example, you refuse to accept third-party cookies or all cookies. In this case, however, we must inform you that you may no longer be able to use all the functions of our website

III. Collection and processing of personal data

a. Website

Personal data beyond the information stored by cookies will only be processed by us in the context of the operation of our website if you voluntarily provide it to us, for example when you register with us, enter into a contractual relationship with us or otherwise contact us. This only involves contact data and information about the concerns with which you approach us.

We use the personal data you provide only to the extent necessary to fulfil the purpose of the processing (e.g. registration, sending newsletters, processing an order, sending information material and advertising, processing a competition, answering a question, enabling access to certain information) and as required by law (in particular Art. in accordance with Art. 6 or Art. 9 GDPR) (e.g. sending advertising and information material to existing customers in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR).

The purpose of processing your data is the operation of our website and the targeted provision of company-specific information including the presentation of the range of our goods and services (marketing).

Any further use of your data will only take place if you have expressly consented to this beforehand, if we need your data to fulfil a contract concluded with you or if we are obliged by law to retain it. You can revoke any consent you have given - as explained in detail below - at any time for the future.

b. Contract processing, marketing and more

In general, we use personal data of our customers, suppliers and other contractual and cooperation partners, e.g. contact persons, their contact details and marketing-relevant information, for the purpose of contract processing and within the scope of legal retention obligations (e.g.: accounting), and also for legitimate interest, such as for marketing and customer care purposes.

We also collect personal data from interested parties (e.g. contact persons, their contact details and marketing-relevant information) in the course of our acquisition and sales activities. We are always on the lookout for potential contractual partners on the Internet, at trade fairs and other events and maintain a marketing database for this purpose in order to enable targeted advertising for our products and services. We carry out all of the measures listed here in the legitimate interest of marketing purposes in accordance with Art. 6 Para. 1 Sentence 1 lit. f GDPR in conjunction with Recital 47 for a period of three years from the end of a contractual relationship (customers & suppliers) or our initial (fruitless) contact (interested parties), unless the person concerned has given his or her express consent.

If we do not collect personal data ourselves from the data subject for marketing purposes, we will also inform the data subject where we have collected his or her data in accordance with Article 14 of the GDPR when contacting him or her for the first time.

Due to tax and administrative considerations, we have founded various companies in Germany and abroad, with which we partly act as joint controllers within the meaning of Art. 26 GDPR, partly as joint data processors within the meaning of Art. 26 GDPR. Art. 26 GDPR, partly within the framework of order processing relationships iSd. Article 28 of the GDPR. One example of this is the joint marketing database.

You can find a complete list of our affiliated companies at www.vegatrans.com. If, in the context of an ongoing business relationship or as a result of an explicit request from an interested party, we are to provide products and services that other companies affiliated with us offer, we pass on the interested party's personal data for marketing purposes to the companies affiliated with us that offer the products and services of interest to the specific data subject for legitimate interest.

c. Application management

We collect data from applicants for job offers open with us for the purpose of initiating a possible employment relationship Art. 6 para. 1 p. 1 lit. b GDPR or, if applicable, on the basis of explicit consent for record purposes.

IV. Duration of storage

Data that you have made available to us exclusively for customer care or for marketing and information purposes will be stored for a period of three years after our last contact. However, if you so wish, we will also delete your data before this period expires, provided that there is no legal obstacle to this.

In the event of a contract being initiated or concluded, we will process your personal data after the contract has been fully processed until the expiry of the guarantee, warranty, limitation and statutory retention periods applicable to us, and furthermore until the end of any legal disputes in which the data is required as evidence.

Data that you may provide to us as part of an application process will only be stored for a period of 6 months without separate consent.

If retention is required by law, we will comply with the period standardised there. If we process your personal data - e.g. for legitimate interest - for purposes other than those described in this data protection declaration, we will inform you separately before the start of the processing.

V. Data transfer

a. General

As a matter of principle, your data will not be transferred to third parties unless we are legally obliged to do so, the transfer of data is necessary for the performance of a contractual relationship concluded between us or you have expressly consented to the transfer of your data in advance.

External order processors or other cooperation partners will only receive your data insofar as this is necessary for the execution of the contract, we have a legitimate interest in doing so, which we always disclose separately in the event of an occasion, or insofar as this is necessary due to special standards, with your consent.

We do not sell or otherwise market your personal data to third parties. If our contractual partners or processors are based in a third country, i.e. a country outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the offer.

If one of our processors comes into contact with your personal data, we will ensure that they comply with the provisions of the data protection laws in the same way as we do.

b. Data transfer to the USA?

We occasionally offer some services in the course of which data is or may be transferred to the USA. In recent years, the transfer of data to the USA has always led to legal challenges. There are several legal bases for a legally compliant data transfer to the USA, whereby we basically rely on two different legal bases:

  • Data transfer based on the existence of an adequacy decision.

On 10 July 2023, a new adequacy decision pursuant to Art. 45 GDPR was adopted by the European Commission for the USA - namely the EU-U.S. Data Privacy Network.

However, this adequacy decision only applies to those data importers in the U.S. that are registered on the Data Privacy Framework List (https://www.dataprivacyframework.gov/s/participant-search).

We check for each of our service providers who are to receive personal data in the USA as a data importer whether they are registered on the Data Privacy Framework List. If this is the case, this is indicated in our privacy policy for the respective service provider.

The EU Commission's press release on the EU-U.S. Data Privacy Network can be found at: https://ec.europa.eu/commission/presscorner/detail/en/ip_23_3721.

  • Consent

If a data importer is not registered in the Data Privacy Framework List, it is necessary - unless there is another justification such as the fulfilment of contractual obligations - that you consent to the use of your data collected via these services, if applicable also in the USA (Art. 49 para. 1 lit. a GDPR).

This is because we are currently unable to assess how case law will develop as a result of the EU-U.S. Data Privacy Network. We record this consent - depending on the service - via our cookie banner or separately by means of a corresponding declaration of consent directly before the use of a service offered.

Your consent is required because, according to recent official and court decisions and the case law of the ECJ, the USA is not certified as having an adequate level of data protection in the processing of personal data (C-311/18, Schrems II). In particular, these decisions by authorities and courts critically point out that access by US authorities (FISA 0702) is not comprehensively restricted by law, does not require approval by an independent authority and no relevant legal remedies are available to the data subjects in the event of such interventions.

Apart from the contracts concluded with US service providers, we have no direct influence on the access of US authorities to personal data transferred to service providers in the USA when using these services. Even if we assume that our service providers take the necessary steps to ensure the promised level of protection in accordance with the contractual agreements concluded with us, access by US authorities to data processed in the USA is still conceivable.

We therefore request your consent to the processing of data in the USA before using such services. We will point out separately for each service or application that there is a possibility of data transfer to the USA.

VI. Tools and applications used

a. We use Google Analytics, which is a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This service uses cookies, the functionality of which has already been explained in detail. The information generated by these cookies about your use of this website is generally transferred to a Google server and stored there.

Google uses this information on our behalf to evaluate your use of our website, to compile reports on website activity and to provide other services to the website operator relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) as well as its transmission and processing by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

If you would like further information on the type, scope and purpose of the data collected by Google, we recommend that you read their privacy policy https://support.google.com/analytics/answer/6004245?hl=de.

Google also processes your data in the USA. Before you give your consent to the storage of cookies through the use of Google Analytics, please read the relevant information in our privacy policy.

Google LLC is registered on the Data Privacy Framework List.

b. On our website, we also use the services of Google Maps. This allows us to display interactive maps directly on our website and enables you to conveniently use the map function to find our location and facilitate your journey.

When you visit our website, Google receives the information that you have called up the corresponding subsite of our website and the personal data listed under 2. This takes place regardless of whether you are logged in via a Google account or not. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish this, you must log out of Google before using this service. Google will use your data for the purposes of advertising, market research and website design tailored to your needs. You have the right to object to the use of your data in this way, which you must address directly to Google.

For further information on the purpose and scope of data collection, please refer to Google's privacy policy, which can be found at http://www.google.de/intl/de/policies/privacy. Google also processes your data in the USA. Before you give your consent to the storage of cookies through the use of Google Analytics, please read the relevant information in our privacy policy.

Google LLC is registered on the Data Privacy Framework List.

c. We also provide links to other websites on our website for information purposes only. These websites are not under our control and are therefore not covered by the terms of this privacy policy. However, if you activate a link, it is possible that the operator of this website will collect data about you and process it in accordance with its data protection declaration, which may differ from ours. Please always inform yourself about the current data protection regulations on the websites linked by us.

d. Our website also offers the option of interacting with various social networks via plugins. These are:

  • Facebook, operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The parent company, Meta Platforms Inc, Menlo Park, California, is registered on the Data Privacy Framework List.
  • Twitter, operated by Twitter Inc, 795 Folsom Street, Suite 600, San Francisco, CA 94107, USA.
  • Google+, operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google LLC is registered in the Data Privacy Framework List.
  • LinkedIn, operated by LinkedIn Inc, 2029 Stierlin Court, Mountain View, CA 94043, USA.
  • YouTube, operated by YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066 USA
  • XING, operated by XING SE, Dammtorstraße 30, 20354 Hamburg, Germany
  • Instagram, operated by Meta Platforms Ireland Limited, 44 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The parent company, Meta Platforms Inc., Menlo Park, California, is registered on the Data Privacy Framework List.

When you click on a plugin of one of these social networks, it is activated and a connection to the respective server of this network is established as described before.

If you activate these plugins, you consent to the use of your data collected via these plugins also in the USA, if applicable.

We have no influence on the scope and content of the data that is transmitted to the respective operator of this social network by clicking on the plugin or which may subsequently be subject to access by US authorities.

Should you wish to inform yourself about the type, scope and purpose of the data collected by the operators of these social networks, we recommend that you read the privacy policy of the respective social network.

VII. Shared responsibilities according to Art. 26 GDPR

a. Facebook fan page

We operate a Facebook fan page at https://www.facebook.com/VEGALogistik. The purpose of this fan page is to share information about our company's activities, to set marketing measures and to provide another communication channel with us.

In this context, we are "joint controllers" with Facebook, operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, which provides this service to us. In principle, Facebook allows you to select in your settings which personal data is shared with us. If you do not wish this, we will receive all information regarding the use of our fan page and personal data about visitors in anonymised form.

For this purpose, we have concluded a so-called Art. 26 GDPR agreement with Facebook, which regulates the mutual rights and obligations of us and Facebook. You can find this at https://www.facebook.com/legal/EU_data_transfer-_addendum/update. In this context, we also ask you to read Facebook's privacy policy, which can be found at https://www.facebook.com/policy.php.

b. Linked In - Profile/Fan Page

We operate a Linked In fan page/profile at www.linkedin.com/company/vega-international-car-transport-and-logistic-trading-gmbh/. The purpose of this fan page is to share information about our company's activities, to set marketing measures and to provide another communication channel with us. With this profile we want to set marketing measures and draw attention to our products and services.

Also in this context, we are "joint controllers" with Linked In, operated by LinkedIn Inc, 2029 Stierlin Court, Mountain View, CA 94043, USA, which provides this service to us. In principle, Linked In allows you to select in your settings which personal data is shared with us. If you do not wish to do so, we will receive all information regarding the use of our fan page or profile and personal data about visitors in anonymised form.

For this purpose, we have concluded a so-called Art. 26 GDPR agreement with LinkedIn, in which the mutual rights and obligations of us and Linked In are regulated. This can be found at https://de.linkedin.com/legal/l/dpa. In this context, we also ask you to read the data protection provisions of LinkedIn, which can be found at https://de.linkedin.com/legal/privacy-policy?trk=con-tent_footer-privacy-policy.

In the Art. 26 agreement we have concluded, Linked In undertakes to be the first point of contact for data subjects regarding the processing of In-sights data and to fulfil the related obligations and tasks.

You can therefore assert your data subject rights both against us in accordance with point 9 of this privacy policy and against LinkedIn Inc, 2029 Stierlin Court, Mountain View, CA 94043, USA.

VIII. Security

We use numerous technical and organisational security measures to protect your data against manipulation, loss, destruction and against access by third parties. Our security measures are continuously improved in line with technological developments on the Internet. Should you require more detailed information on the type and scope of the technical and organisational measures we have taken, please do not hesitate to contact us in writing at any time.

IX. Your rights

In accordance with the General Data Protection Regulation and the Data Protection Act, you as the person affected by our data processing have the following rights and legal remedies:

  • Right to information (Art. 15 GDPR).

As a data subject of the data processing described above and other data processing, you have the right to request information about whether and, if so, which personal data about you are being processed. For your own protection - so that no unauthorised person receives information about your data - we will verify your identity in an appropriate form before providing information.

  • Right to rectification (Art. 16) and deletion (Art. 17 GDPR)

You have the right to request the rectification of inaccurate personal data or - taking into account the purposes of the data processing - the completion of incomplete personal data as well as the deletion of your data without undue delay, provided that the criteria of Art. 17 GDPR are met.

  • Right to restriction of processing (Art. 18 GDPR)

You have the right to restrict the processing of all personal data collected under the legal conditions. As of the restriction request, this data will only be processed with your individual consent or for the assertion and enforcement of legal claims.

  • Right to data portability (Art. 20 GDPR)

You may request the unimpeded and unrestricted transfer of personal data that you have provided to us to you or to a third party.

  • Right to object (Art. 21 GDPR)

You may object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is necessary for the purposes of protecting our legitimate interests or those of a third party. Your data will no longer be processed after objection, unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims. You may object to data processing for the purpose of direct advertising at any time with effect for the future.

  • Revocation of consent

If you have separately given your consent to the processing of your data, you may revoke this consent at any time. Such a revocation will affect the permissibility of processing your personal data after you have expressed it to us.

If you take a measure to enforce your rights under the GDPR as listed above, VEGA must respond to the requested measure or comply with the request without undue delay, but no later than one month after receiving your request.

We will respond to all reasonable requests within the legal framework free of charge and as promptly as possible.

The data protection authority is responsible for requests concerning violation of the right to information, violation of the rights to confidentiality, to rectification or to deletion. Their contact details are:

Austrian Data Protection Authority
Barichgasse 40-42
1030 Vienna
dsb@dsb.gv.at

X. Contact information / contact person

a. Contact information of the responsible person

VEGA International Car-Transport and Logistic-Trading GmbH
zH Data Protection Officer
Schmiedingerstrasse 67
5020 Salzburg
Austria

E-mail: datenschutz@vegatrans.com.

b. Contact information of the contact person for data protection matters

Mag. Toni Brnada
Summereder Pichler Wächter Rechtsanwälte GmbH
Dr. Herbert-Sperl-Ring 3, A - 4060 Leonding
dsb@spwr.at | +43 732 272887 | www.spwr.at
FN 441762a LG Linz | ADVM-Code P430533

As of: October 2023