Privacy Policy of Cybly GmbH

Cybly processes personal data that falls under the following data (processing) categories:

1. Log files and other technical data

Each time our website is accessed, our system or our host in Austria automatically collects data and information from the computer system of the accessing computer.

The following information is thereby collected:

• Information about the type and version of browser used
• The User’s operating system
• The User’s IP address
• Date and time of access
• Data transmitted
• Websites from which the User’s system accesses our website
• Websites from which the User’s system accesses our website

The log files contain IP addresses or other data that can be associated with a User. This may happen, for example, if the link to the website from which the User accessed the website or the link to the website to which the User goes contains any personal data.

The data is also stored in the log files of our system or our host in Austria. This data is not stored together with other personal data of the User. The data is not shared. Only certain employees with appropriate access rights have access to this data.

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR (legitimate interest in data processing) and Art. 32 GDPR.

The storage in log files is done to ensure the functionality of the website. We also use the data to optimise the website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes.

Duration of storage: Data will be deleted as soon as data is no longer required for the purpose for which it was collected.

In the case of data stored in log files, this will be the case after 24 months at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users will be deleted or made anonymous so that it is no longer possible to identify the client making use of the service.

2. Cookies

Our website uses cookies. These are small text files that are stored on your device using your browser. They do not cause any damage.

We use cookies for technical reasons to be able to offer our information and services in a functional way. Some cookies remain stored on your device until you delete them. They enable us to recognise your browser on your next visit.

The legal basis for cookies that are not required for functional reasons is Art. 6 para. 1 lit. a GDPR (consent to data processing). We ask for your consent in the cookie window. Only if your consent is actively given will your personal data be processed for the purpose indicated in the cookie window, for the period indicated and on the legal basis as stated.
In the case of cookies marked in the cookie window as functionally necessary, we derive our legal basis from Art. 6 para. 1 lit. f GDPR (legitimate interest in data processing) to make the website user-friendly.

If cookies are disabled, the functionality of our website may be limited.

3. Website analytics through Matomo

We use Matomo, an open-source software tool, on our website to analyse our Users’ browsing behaviour.

When individual pages of our website are accessed, the following data is stored:

• Two bytes of the IP address of the User’s calling system
• The web page visited
• The website from which the user came (referrer)
• The sub-pages accessed from the site visited
• The time spent on the website
• The frequency with which the site is accessed

The software runs exclusively on our hosters’ servers. The Users’ personal data is stored only there. The data is not shared with third parties.

The software is set so that IP addresses are not stored in full, but 2 bytes of the IP ad-dress are masked (e.g., 192.168.xxx.xxx). In this way, the IP address is anonymized, and it is no longer possible to trace the shortened IP address back to the calling computer.

The legal basis for the processing of the Users’ personal data is Art. 6 para. 1 lit. f GDPR (legitimate interest in data processing).

The processing of this User data enables us to analyse the surfing behaviour of our Users. By evaluating the data obtained, we can compile information about the use of the individual components of our website. This helps us to continually improve our website and its user-friendliness. These purposes also constitute our legitimate interest in pro-cessing data in accordance with Art. 6 para. 1 lit. f GDPR. By anonymising IP addresses, the Users’ interest in the protection of their personal data is sufficiently taken into account.

Duration of storage: Data will be deleted once data is no longer needed for record-keeping purposes. This will be the case after 24 months at the latest.

4. Newsletters

We process data in connection with the sending of our newsletters.

The following information is collected to send our newsletters:

• The email address of the newsletter subscriber
• The name of the newsletter(s) to which Users have subscribed
• The IP address of the requesting computer
• The date/time of receipt
• Whether the newsletter has been opened
• The date/time of registration

In connection with the processing of data for the sending of newsletters, no data will be disclosed to third parties, with the exception of the processor mentioned below. The data will only be used for sending our newsletters.

The email address is obtained to send our newsletters.

The collection of other personal data as part of the registration process serves to prevent misuse of the services or the email address used.

Subscription to the newsletters may be cancelled by the User at any time. A link to unsubscribe will be included in each newsletter.

The legal basis for data processing is Art. 6 para. 1 lit. b GDPR (processing of data necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures taken at the request of the data subject).

Duration of storage: The data will be deleted as soon as it is no longer needed for the purpose for which it was collected. This will be the case at the latest when you unsubscribe from a newsletter.

We use the following processor for data processing: Rapidmail (rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg im Breisgau, Germany).

Rapidmail’s privacy policy is available at https://www.rapidmail.at/datenschutz.

5. General services

During registration and use, we process the following data:

• Access data (e.g., email address, password)
• Profile data (e.g., name, company name, contact options, language, legal system)
• Usage data (data created by the user while using the service, for instance:
  • Bookmarks
  • Underlining
  • Tags
  • Abbreviations
  • Search history

The data will not be shared with third parties.

The legal basis for data processing is Art. 6 para. 1 lit. b GDPR (processing of data necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures taken at the request of the data subject).

Duration of storage: The data will be deleted as soon as the data is no longer needed to fulfil the purpose for which it was collected. This will be the case at the latest when the profile is deleted. Certain community content, such as tags and ratings, may be stored in an anonymised form beyond this time.

6. Billing data

The following data is processed when using services that require payment:

• Payment data
• Billing data

The legal basis for data processing is Art. 6 para. 1 lit. b GDPR (processing necessary for the performance of a contract to which the data subject is party or for the performance of pre-contractual measures taken at the request of the data subject) and lit. c of the GDPR (processing necessary to comply with a legal obligation to which the controller is subject).

Duration of storage: Data is deleted when the data is no longer needed to achieve the purpose for which it was collected, as determined by legal bookkeeping and record-keeping requirements.

7. Author publications

When publishing authored articles on LawThek, the following author details are processed:

• Content of the article
• Metadata
• Name of the author
• Contact details or professional details of the author, if applicable

The legal basis for data processing is Art. 6 para. 1 lit. b GDPR (processing of data necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures taken at the request of the data subject).

Duration of storage: The data will be deleted as soon as it is no longer needed to fulfil the purpose for which it was collected. In particular, this is the case when the underlying author agreement is terminated and the associated publication rights relating to the contribution and the au-thor’s name expire.

Disclosure of data: The content of the contribution, the name of the author, and any contact or professional details of the author are visible to other LawThek Users.

8. LawThek Pro

For the LawThek Pro function, we process the following data:

• Name or company name of the client
• Logo
• Contact details
• Membership of the User in groups and their members

The legal basis for data processing is Art. 6 para. 1 lit. b GDPR (processing of data necessary for the performance of a contract to which the data subject is party or for the performance of pre-contractual measures taken at the request of the data subject).

Duration of storage: Data is deleted when the data is no longer needed for the purposes for which it was collected.

9. JobThek

9.1 Applicant data

We process the following application-related data:

• Email address
• Optional links to social media profiles
• Data within the application documents, e.g., job/job title, date of birth, contact details (address, telephone number, fax number, email address, etc.)

The legal basis for data processing is Art. 6 para. 1 lit. b DSGVO (data processing necessary for the performance of the contract to which the data subject is a party or for the performance of pre-contractual measures taken at the request of the data subject).

Duration of storage: We store the data for a period of 6 months.

Disclosure of data: We can pass on your data to the following

recipients

or categories of recipients:

• Employers to whom you would like to send your application documents via JobThek

9.2. Employer profile data

We process the following profile data from employers:

• Name or company name
• Logo
• Job profile
• Contact options

The legal basis for the data processing is Art. 6 para. 1 lit. b GDPR (processing of data necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures taken at the request of the data subject).

Duration of storage: We store data until the user account/company profile is deleted.

Disclosure of data: Name or company name, logo, and contact details are visible to LawThek and JobThek Users.

10. Processing site

Your data will be processed by us and our processor exclusively within Austria.

11. Contact details and legal remedies

You can get in touch with us by using the following contact information:

Cybly GmbH
FN 427660m
Strubergasse 28
5020 Salzburg
Austria
Telephone number: +43 1 532 28 70
Email: info@cybly.tech
Website: https://cybly.tech/
You can get in touch with our data protection officer by using the following con-tact information:
DI Christian Sageder
Cybly GmbH
FN 427660m
Strubergasse 28
5020 Salzburg
Austria
dsb@cybly.tech
Phone: +43 1 532 28 70

12. Information on legal remedies

You have a general right of access, rectification, deletion, restriction, data portability, and objection. Please contact us to exercise these rights. If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you may complain to the supervisory authority. In Austria, this is the Austrian Datenschutzbehörde (Data Protection Authority), dsb.gv.at