Data Protection

Preamble and scope

With this privacy policy, we, Upperverse of Skills GmbH (hereinafter referred to as “we/us”), inform visitors to our website at https://www.join-mint.at (hereinafter referred to as “you”) about the processing of your personal data, including your rights, in accordance with Articles 13 and 14 of the General Data Protection Regulation (GDPR).

Responsible for the processing of personal data

The controller within the meaning of Article 4(7) GDPR for the processing of your personal data is Upperverse of Skills GmbH, FN 640328 i, Europaplatz 9, 4020 Linz, Austria. If you have any questions or concerns regarding data protection, please feel free to contact us at the above address or using the following contact details:
Email: joinmint@ams.at
Phone: +43 50 904 400 119

Basic functions of the website
Provision and proper display of the website

When you visit our website, we process certain personal data that you transmit to us via your web browser so that we can ensure a smooth connection to our website and its proper display. For example, we collect your IP address, the name and URL of the file accessed, the operating system used, the browser type and version, the host name of the accessing computer, and the date and time of the server request. The legal basis for processing is our legitimate interest (Article 6(1)(f) GDPR), which is to be able to display our website without errors. The collection of this data is necessary for technical reasons. We process the aforementioned personal data only for the duration of establishing and maintaining the connection between your device and our website. When you close your browser, no further processing takes place. In order to provide you with this website, we use an external hosting service provider, Kinsta, Inc., 8605 Santa Monica Blvd #92581, West Hollywood, CA 90069, USA, as our processor.

Ensuring security, preventing misuse

We process certain personal data that you transmit to us via your web browser in order to detect and, if necessary, prosecute misuse of our website (including attacks). In particular, we collect the following data for this purpose: browser type and browser version, operating system used, referrer URL, host name of the accessing computer, time of the server request, IP address. This data is stored in a log file on our server and is generally deleted after 72 hours on a rolling basis. The legal basis for this is our legitimate interest (Article 6(1)(f) GDPR), which lies in being able to detect such attacks and, if necessary, prosecute them. Only in justified cases (e.g., in the event of a detected hacker attack) may we transfer this data to authorities, public prosecutors, courts, and law firms commissioned by us. The basis for this is our legitimate interest (Article 6(1)(f) GDPR), which lies in being able to assert legal claims against the perpetrator or prosecute possible criminal offenses. In such a case, the personal data will only be deleted once the underlying proceedings have been legally concluded or discontinued.

Extended website functionalities
General explanations about cookies and web beacons
Cookies

We use cookies on our website. You can find a description of the cookies and the data stored in connection with the individual services in the cookie box (gray circle at the bottom left of the website). Cookies can be used to collect information that is created by a website and stored via the user’s browser. These are small files or text information (usually less than one kilobyte) that a website stores on the hard drive of the user’s computer or mobile device. These cookies enable the website to “remember” the user’s activities and preferences for a short period of time or permanently.
Most browsers support cookies, but users can set their browsers to reject cookies or delete them at any time. Many users configure their browsers to automatically remove cookies when the browser window is closed. Websites use cookies to identify users, remember their preferences, and allow them to complete tasks without repeatedly entering information when they change pages or return to the website. Cookies can also be used to collect information for personalized advertising and marketing based on online behavior. Companies use cookies to analyze user behavior and create personal profiles. This allows them to display targeted advertising to users based on their previous searches. Further information on cookies can be found here: https://allaboutcookies.org/.

Web beacons

We use “web beacons” (also known as “tracking pixels”) on our website. These are small, usually invisible graphics—mostly 1×1 pixel transparent image files—that are embedded in a web page or email via HTML code from an external server. As soon as a user visits the website or opens the email, this graphic is loaded from the external server, which transmits the user’s IP address to the web server. The information transmitted in this process is then stored in a log file on the service provider’s server. Web beacons are primarily used for statistical analysis and online marketing. They make it possible to track a user’s behavior during a session, to identify which browser and operating system are being used, or to track when and how often a page or email has been accessed. Further information on web beacons can be found here: https://allaboutcookies.org/what-is-a-web-beacon.

Use of Google Analytics (web analysis)

Google Analytics is a web analysis tool offered and operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). We use Google Analytics to perform statistical analyses of how you use our website. However, this only occurs if you have given us your prior consent (“consent mode”).

Google Analytics uses cookies that enable an analysis of your use of our website. The information collected by the cookies about your use of this website is usually transferred to a Google server in the USA and stored there. You can find a description of the cookie and the stored data in the cookie box (gray circle at the bottom left of the website).

In Google Analytics, the anonymization of IP addresses is enabled by default. IP anonymization shortens the IP address by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there. According to Google, the IP address transmitted by the user’s browser within the scope of Google Analytics is not merged with other Google data.

During the user’s visit, user behavior is recorded in the form of “events.” Events can include: page views; first visit to the website; start of the session; web pages visited; your “click path,” i.e., interaction with the website; scrolls (when a user scrolls to the end of the page (90%);
clicks on external links; internal search queries; interaction with videos; file downloads; ads viewed/clicked; or language settings.

We may also record: your approximate location (region); date and time of your visit; IP address (in abbreviated form); technical information about your browser and the devices you use (e.g., language setting, screen resolution); internet service provider; referrer URL (the website/advertisement through which you arrived at this website). Google also uses a web beacon.

Google uses this information on our behalf to evaluate the user’s use of the website and to compile reports on the user’s activities on our website. The reports provided by Google Analytics are used to analyze the performance of our website and the success of our marketing campaigns.

Recipients of the data are/may be: (i) Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as a processor pursuant to Art. 28 GDPR); (ii) Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA; (iii) Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

For the USA, there is an adequacy decision by the European Commission (“EU-US Data Privacy Framework” – “EU-US DPF”). Google LLC has been certified under the EU-US DPF. Since Google’s servers are distributed worldwide and data export to third countries cannot be completely ruled out, Google additionally refers to the European Commission’s Standard Contractual Clauses (SCC) for the admissibility of data export.

The personal data transmitted by us and linked to the cookies is automatically deleted after 14 months. The maximum lifetime of Google Analytics cookies is 2 years. Data whose retention period has been reached is automatically deleted once a month.

The storage of Google Analytics cookies and the use of this analysis tool are based on your prior consent (Article 6(1)(a) GDPR), which you voluntarily give us in our cookie banner (tab “Statistics”). You can revoke this consent at any time. Revoking your consent does not affect the lawfulness of the processing carried out on the basis of your consent until revocation. You can revoke your consent by deactivating the respective field in the cookie box.

For more information on the terms of use of Google Analytics and data protection, please visit: https://marketingplatform.google.com/about/analytics/terms/ and https://policies.google.com/.

Use of Borlabs Cookie Box (storage and management of your consent)

We use a cookie tool from the provider Borlabs on our website, which is operated locally. This tool serves to ensure proper consent management. When you load our website, we therefore ask you whether you consent to us setting certain cookies on your device or loading certain external tools on our website. We then store your consent. To do this, we set a cookie on your device so that we can check which consents you have given us while you are using our website or when you visit again.
You can find a description of the cookie and the stored data in the cookie box (gray circle at the bottom left of the website). The legal basis for the processing of personal data is our overriding legitimate interest (Article 6(1)(f) GDPR), which lies in achieving the aforementioned purpose.

Use of Google Tag Manager (tag management system)

Google Tag Manager is an external service offered and operated by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google Tag Manager is a tag management system that allows tracking codes and associated code fragments to be centrally integrated, managed, and updated. The service is provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Google Tag Manager serves only as a system for forwarding other tools, is hosted locally, and does not transfer any personal data to Google. Information on processing in connection with these other tools can be found under the respective tools in this privacy policy. Google provides further information on Google Tag Manager at the following address: https://www.google.com/analytics/terms/tag-manager/.

In certain cases, an additional, non-local instance of Google Tag Manager may be loaded when another Google product is activated (e.g., Google Analytics, see section 4.1). In this case, Google Manager may process the IP address of your device and set a web beacon. In such cases, we refer to the legal basis of consent (Article 6(1)(a) GDPR), which can be revoked at any time by deactivating the Google product in the cookie box (gray circle at the bottom left). Revoking consent does not affect the lawfulness of processing based on consent before revocation.

Communication between you and us in specific cases

When you contact us (e.g., via the email address provided, by mail, or by phone), we collect, store, and process the personal data that you yourself disclose to us in the course of this correspondence in order to respond to your inquiry or process your request. Depending on the purpose of the contact, we base the processing of your personal data on your at least conclusively given consent, which can be revoked at any time without giving reasons (Article 6(1)(a) GDPR), the performance or initiation of a contract at your initiative (Article 6(1)(b) GDPR) or our legitimate interest (Article 6(1)(f) GDPR), which lies in responding to your request or otherwise processing your concern in the best possible way. We process your personal data at least for the period of time necessary for the proper handling of communication between you and us. Once this has been completed, we store your personal data for documentation and verification purposes on the basis of our overriding legitimate interest (Article 6(1)(f) GDPR) for a period of three years, unless a longer storage period is required by law depending on the specific content of the communication.

Links to social media pages

We do not integrate social network plug-ins on our website, but merely link to our presence there. If you click on one of these links, you will leave our website and visit the website of the respective social network. Your personal data will then be processed by the respective operator of the social network. We have included the respective privacy policies of the providers. The respective privacy policies also describe the settings available to protect your personal data: (i) Instagram: The service provider is Meta Platforms Ireland Limited, Merrion Road Dublin 4, Dublin, D04 X2K5, Ireland. Instagram’s privacy policy can be accessed here: https://privacycenter.instagram.com/policy; (ii) LinkedIn: The service provider is LinkedIn Ireland Unlimited Company, based in Wilton Place, Dublin 2, Ireland. LinkedIn’s privacy policy can be accessed here: https://de.linkedin.com/legal/privacy/eu?.

Storage period

Unless otherwise specified in this privacy policy for the respective processing purposes, we store your personal data for as long as is necessary to fulfill the respective purpose, beyond that, until the expiry of a statutory retention obligation applicable to us (e.g., Article 6(1)(c) GDPR in conjunction with Section 212 of the Austrian Commercial Code or Section 132 of the Austrian Federal Tax Code) or, in the case of possible legal claims, until the conclusion of the underlying proceedings.

No automated decision-making, including profiling

We do not intend to use automated decision-making, including profiling, nor do we carry it out.

Your rights as a data subject

Subject to the conditions and restrictions of applicable law, you have the following rights as a data subject. You are entitled to (i) request information about whether and which personal data we process about you, and to receive further information about this processing as well as a copy of this data (Article 15 GDPR); (ii) request the rectification or completion of your personal data (Article 16 GDPR); (iii) request the erasure of your personal data (Article 17 GDPR); (iv) request that we restrict the processing of your personal data (Article 18 GDPR); (v) to know the identity of third parties to whom your personal data is transferred (Article 19 GDPR); (vi) to request data portability, provided that the processing is based on the legal basis of consent or the performance or initiation of a contract and is carried out by automated means (Article 20 GDPR); (vii) object to the processing of your personal data in certain circumstances, whereby an objection to processing for direct marketing purposes is possible at any time and without giving reasons (Article 21 GDPR); Finally, (viii) if the processing is based on consent, to withdraw this consent at any time without giving reasons, whereby such withdrawal does not affect the lawfulness of the processing carried out on the basis of the consent until withdrawal (Article 7(3) GDPR).

If you wish to exercise one or more of these rights against us, please feel free to contact us by mail or email.

If you believe that we have violated data protection regulations, you also have the right to lodge a complaint with the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, dsb@dsb.gv.at.

Changes to this privacy policy

We may change this privacy policy at any time. We will notify you of any changes by publishing them on this website.