Privacy policy

of baningo GmbH
Status: 02.02.2023

1) Overview

baningo GmbH processes data in accordance with the provisions of the European General Data Protection Regulation (GDPR), the Data Protection Act (DSG) and the Telecommunications Act 2021 (TKG 2021).

This data protection declaration describes how baningo GmbH, Sechskrügelgasse 2/7, 1030 Vienna (“we”) processes your personal data.

2) What is personal data?

Personal data is all information that relates to an identified or identifiable natural person (e.g. name, contact data, address data, billing data, IP addresses and much more).

3) How are your personal data processed by us?

Depending on whether you visit our websites (point 4.1), subscribe to our newsletter (point 4.2), use our social media presence (point 4.3), are our customers, prospects or business partners (point 4.4), yourself apply to us as potential employees (point 4.5), are visitors to one of our locations (point 4.6) or if we contact you via online meetings and telephone conferences (point 4.7), we process your data in the various ways described below.

3.1) Scope and purpose of data processing when visiting our websites

The information in this section 3.1 applies to our following websites and their sub-sites:

baningo.com

The operation of our website serves as an information medium for new and existing customers. The purpose is to provide:

information offers in the form of texts, videos or images for users,
Information, presentation of content and offers regarding baningo GmbH,
Contact options for interested parties to get in touch with baningo GmbH, including answering contact requests and communicating with users,
the collection of user numbers to document the reach,
the provision of the online offer, its functions and content,
Reach measurement/marketing and
Presentation of profiles of contact persons of our cooperation partners.

3.1.1) Log data on the web servers

Our website providers automatically collect and temporarily store information in so-called server log files on their web servers, which your browser automatically transmits to us. This is done on the basis of our predominantly legitimate interest (Art 6 Para 1 lit f GDPR) for the purpose of system security and operational stability, and includes the following data categories:

domain names
browser type and browser version used
operating system used
Referrer URL
Host name and IP address of the accessing computer
Time and date of server request
http response code
Number of data volumes transferred as part of the connection

Every time a user accesses our site and every time a file is called up, data about this process is stored in a log file. We reserve the right to evaluate this log file anonymously and to use it on the basis of our predominantly legitimate interest (Art 6 Para 1 lit f GDPR) for the purpose of improving our website. Furthermore, the accesses are anonymized and used for statistical evaluations. This data is not merged with other data sources. The above personal data in log files are stored for up to one year.

3.1.2) Operation of the Websites

For the operation of our website it may be necessary for us to disclose your data to the following recipients:

recipient	task	legal basis	place of business
Amazon Web Services, Inc. 410 Terry Avenue North Seattle WA 98109	Server hosting for baningo.com including all databases	Art 6 para 1 lit f GDPR	deer
“Google Analytics”, services of Google Inc., 1600 Amphitheater Park-way, Mountain View, CA 94043	Google reCaptcha service to increase the security of our service & Google Maps to display maps	Art 6 para 1 lit f GDPR	deer

3.1.3) Technical and personal data in cookies

When you visit our website, the following data can be processed in cookies:

Land,
domain names,
browser type and browser version used,
operating system used,
Referrer URL
Host name and IP address and pages visited on our website including entry and exit pages and
Date, time and duration of access.

The "technical" cookies used or cookies based on our legitimate interest are activated as soon as you visit our homepage. Cookies based on consent are activated as soon as you have given your consent to do so. Cookies serve to make our offer more user-friendly and effective. Cookies are small text files that are stored on your computer and saved by your browser.

You can either deactivate the storage of cookies in your browser or activate a notification as soon as cookies are sent. If you do not use cookies, the use of our websites may be impaired. Cookies enable an analysis of the use of the website. They serve to recognize and store temporary data of website visitors. In principle, we only use cookies to the minimum extent necessary to communicate with you via the homepage.

3.1.4) Which cookies do we use?

First party cookies:

These are placed by the website itself (same domain as in the browser's address bar) and can only be read by that particular website. These cookies are normally used to store information (e.g. your settings) for use the next time you visit the website.Third party cookies:

Third-party cookies come from parties other than the website operator.

They can be used to collect information for advertising, customized content and web statistics, for example.

Technically necessary cookies:

Technically necessary cookies are often necessary or at least useful for basic functions of the website such as selecting the preferred language, adjusting page settings or saving the contents of your shopping cart.

Optional cookies (cookies that are not technically necessary):

Optional cookies go beyond the functionality of technically necessary cookies and are used to collect information for advertising purposes, user-defined content and web statistics.

The following first-party cookies (first party) are used on our website on the basis of our predominantly legitimate interest (Art 6 Para 1 lit f GDPR):

Cookie	Purpose; Description legitimate interest	storage duration	Recipient, place of business
_lfa	technical cookie; Functionality website	2 years	baningo GmbH, Austria
borlabs-cookie	technical cookie; Functionality website	1 year	baningo GmbH, Austria
pll_language	technical cookie; Functionality website	1 year	baningo GmbH, Austria
cconsent	technical cookie; Functionality website	1 year	baningo GmbH, Austria
_csrf	technical cookie; Functionality website	Session	baningo GmbH, Austria
_tz	technical cookie; Functionality website	Session	baningo GmbH, Austria
cookiesAccepted	technical cookie; Functionality website	1 year	baningo GmbH, Austria
PHPSESSID	technical cookie; Functionality website	Session	baningo GmbH, Austria

The following third-party cookies are used on our website based on your consent (Article 6 (1) (a) GDPR):

Cookie	purpose	storage duration	Service/product, recipient, place of business and data protection information of the provider
just	This cookie remembers the language setting of a user.	Session	Authentication LinkedIn Corporation, USA https://www.linkedin.com/legal/privacy-policy
lidc	This cookie is used to correctly select the LinkedIn data center responsible for the user.	1 Tag	Preferences/Features/Services LinkedIn Corporation, USA https://www.linkedin.com/legal/privacy-policy
bcookie	Browser identification cookie used to uniquely identify devices accessing LinkedIn to detect abuse on the platform.	2 years	Security LinkedIn Corporation, USA https://www.linkedin.com/legal/privacy-policy
AnalyticsSyncHistory	Used to store information about the time at which a sync took place using the lms_analytics cookie for users in the intended countries	30 Take	LinkedIn Corporation, USA https://www.linkedin.com/legal/privacy-policy
UserMatchHistory	Synchronization of LinkedIn Ads IDs	30 Take	LinkedIn Corporation, USA https://www.linkedin.com/legal/privacy-policy
bscookie	Used to store 2FA status of a logged in user.	2 years	LinkedIn Corporation, USA https://www.linkedin.com/legal/privacy-policy
GOES	Used by Google DoubleClick Contains a randomly generated user ID. Using this ID, Google can recognize the user across different websites and display personalized advertising.	1 year	Google Tag Manager (Universal Analytics) Google Ireland Limited, Irland https://policies.google.com/privacy
1P_JAR	This Google cookie is used to optimize advertising, to provide ads that are relevant to users, to improve reports on campaign performance or to prevent a user from seeing the same ads more than once.	1 month	Google Analytics Google Ireland Limited, Irland https://policies.google.com/privacy
CONSENT	This Google cookie is used to optimize advertising, to provide ads that are relevant to users, to improve reports on campaign performance or to prevent a user from seeing the same ads more than once.	forever	Google Analytics Google Ireland Limited, Irland https://policies.google.com/privacy
DV	Once you have ticked the "I'm not a robot" checkbox in Google reCAPTCHA, this cookie will be set. The cookie is used by Google Analytics for personalized advertising. DV collects information in an anonymous form and is further used to make user distinctions.	10 mins	Google reCAPTCHA Google Ireland Limited, Irland https://policies.google.com/privacy
NOT	NID is used by Google to match advertisements to your Google search. With the help of the cookie, Google “remembers” your most frequently entered search queries or your previous interaction with ads. So you always get tailor-made advertisements. The cookie contains a unique ID to collect the user's personal settings for advertising purposes.	6 Fun	Google general
__Secure-3PSIDCC	This service is used for spam prevention	1 year	Google reCAPTCHA Google Ireland Limited, Irland https://policies.google.com/privacy
_GRECAPTCHA	This service is used for spam prevention.	6 Fun	Google reCAPTCHA Google Ireland Limited, Irland https://policies.google.com/privacy
SIDCC-3PSIDCC	This service is used for spam prevention	1 year	Google reCAPTCHA Google Ireland Limited, Irland https://policies.google.com/privacy
_gat_gtag_ varies between websites, so "**" is a wildcard	Certain data is sent to Google Analytics at most once per minute. The cookie has a lifetime of one minute. As long as it is set, certain data transmissions are prevented.	Session	Google Tag Manager (Universal Analytics) Google Ireland Limited, Irland https://policies.google.com/privacy
_ga	Contains a randomly generated user ID. Using this ID, Google Analytics can recognize recurring users on this website and merge the data from previous visits.	2 years	Google Tag Manager (Universal Analytics) Google Ireland Limited, Irland https://policies.google.com/privacy
_gid	Contains a randomly generated user ID. Using this ID, Google Analytics can recognize recurring users on this website and merge the data from previous visits.	1 Tag	Google Tag Manager (Universal Analytics) Google Ireland Limited, Irland https://policies.google.com/privacy
__hssc	This cookie tracks sessions. It is used to determine if HubSpot needs to increase the session count and timestamps in the __hstc cookie.	30 minutes	HubSpot Ireland Limited, Irland https://legal.hubspot.com/de/privacy-policy
__hssrc	Whenever the HubSpot software changes the session cookie, this cookie is also set. This is used to determine whether the visitor has restarted the browser. If this cookie isn't present when HubSpot manages cookies, it's considered a new session.	Session	HubSpot Ireland Limited, Irland https://legal.hubspot.com/de/privacy-policy
__hstc	The main cookie for visitor tracking. It contains the domain, the user token (utk), the first timestamp (of the first visit), the last timestamp (of the last visit), the current timestamp (for this visit), and the session count (increments with each subsequent session).	13 Fun	HubSpot Ireland Limited, Irland https://legal.hubspot.com/de/privacy-policy
hub spot	This cookie stores the identity of a visitor. This cookie is passed to HubSpot when a form is submitted and used when de-duplicating contacts. It contains a non-visible GUID to identify the current visitor.	13 Fun	HubSpot Ireland Limited, Irland https://legal.hubspot.com/de/privacy-policy
even	Necessary for the implementation of video content on the website	12 Fun	Unsplash, Inc., Canadahttps://unsplash.com/privacy
test_cookie	Is set as a test to check whether the browser allows the setting of cookies. Contains no identifiers.	15 minutes	Google Ads (Remarketing und Conversion Tracking) Google Ireland Limited, Irland https://policies.google.com/privacy

The following third-party inquiries (third-party) are used on our website on the basis of your consent (Art 6 Para 1 lit a GDPR):

Host	purpose	Destination country of transmission, recipient, place of business and data protection information of the provider	Service/product, recipient, place of business and data protection information of the provider
fonts.googleapis.com	Google CDN (Content Delivery Network; fonts)	Ireland Google Ireland Limited, Irland https://policies.google.com/privacy	Authentication LinkedIn Corporation, USA https://www.linkedin.com/legal/privacy-policy
fonts.gstatic.com	Google CDN (fonts)	Ireland Google Ireland Limited, Irland https://policies.google.com/privacy	Preferences/Features/Services LinkedIn Corporation, USA https://www.linkedin.com/legal/privacy-policy
maps.google.com	Google Maps	Ireland Google Ireland Limited, Irland https://policies.google.com/privacy	Security LinkedIn Corporation, USA https://www.linkedin.com/legal/privacy-policy
maps.googleapis.com	Google Maps	Ireland Google Ireland Limited, Irland https://policies.google.com/privacy	LinkedIn Corporation, USA https://www.linkedin.com/legal/privacy-policy
px.ads.linkedin.com	Marketing campaigns tracking	deer LinkedIn Corporation, USA https://www.linkedin.com/legal/privacy-policy	LinkedIn Corporation, USA https://www.linkedin.com/legal/privacy-policy
px4.ads.linkedin.com	Marketing campaigns tracking	deer LinkedIn Corporation, USA https://www.linkedin.com/legal/privacy-policy	LinkedIn Corporation, USA https://www.linkedin.com/legal/privacy-policy
s.w.org	Wordpress CDN	deer WordPress Foundation https://wordpress.org/about/privacy	Google Tag Manager (Universal Analytics) Google Ireland Limited, Irland https://policies.google.com/privacy
snap.licdn.com	Marketing campaigns tracking	Sweden LinkedIn Corporation, USA https://www.linkedin.com/legal/privacy-policy	Google Analytics Google Ireland Limited, Irland https://policies.google.com/privacy
snap.licdn.com	Marketing campaigns tracking	Sweden LinkedIn Corporation, USA https://www.linkedin.com/legal/privacy-policy	Google Analytics Google Ireland Limited, Irland https://policies.google.com/privacy
stats.g.doubleclick.net	Traffic analytics, marketing campaigns tracking	Finland Google Ireland Limited, Irland https://policies.google.com/privacy	Google reCAPTCHA Google Ireland Limited, Irland https://policies.google.com/privacy
www.google-analytics.com	Traffic analytics	Ireland Google Ireland Limited, Irland https://policies.google.com/privacy	Google general
www.google.com	Traffic analytics	Ireland Google Ireland Limited, Irland https://policies.google.com/privacy	Google reCAPTCHA Google Ireland Limited, Irland https://policies.google.com/privacy
www.google.de	Traffic analytics	Ireland Google Ireland Limited, Irland https://policies.google.com/privacy	Google reCAPTCHA Google Ireland Limited, Irland https://policies.google.com/privacy
www.googletagmanager.com	Traffic analytics, tag manager	Ireland Google Ireland Limited, Irland https://policies.google.com/privacy	Google reCAPTCHA Google Ireland Limited, Irland https://policies.google.com/privacy
www.gstatic.com	Google CDN	Ireland Google Ireland Limited, Irland https://policies.google.com/privacy	Google Tag Manager (Universal Analytics) Google Ireland Limited, Irland https://policies.google.com/privacy
www.linkedin.com	Marketing campaigns tracking	deer LinkedIn Corporation, USA https://www.linkedin.com/legal/privacy-policy	Google Tag Manager (Universal Analytics) Google Ireland Limited, Irland https://policies.google.com/privacy
images.unsplash.com	Unsplash CDN (graphics)	deer Unsplash, Inc., Canadahttps://unsplash.com/privacy	Google Tag Manager (Universal Analytics) Google Ireland Limited, Irland https://policies.google.com/privacy
polyfill.io	Polyfill CDN (javascript)	deer The Financial Times Limited, Großbritannien https://polyfill.io/v3/security-policy/	HubSpot Ireland Limited, Irland https://legal.hubspot.com/de/privacy-policy
use.fontawesome.com	Fontawesome CDN (fonts, stylesheets)	deer Fonticons, Inc.https://fontawesome.com/privacy	HubSpot Ireland Limited, Irland https://legal.hubspot.com/de/privacy-policy
www.google-analytics.com	Traffic analytics	Ireland Google Ireland Limited, Irland https://policies.google.com/privacy	HubSpot Ireland Limited, Irland https://legal.hubspot.com/de/privacy-policy
stats.g.doubleclick.net	Traffic analytics, marketing campaigns tracking	Ireland Google Ireland Limited, Irland https://policies.google.com/privacy	HubSpot Ireland Limited, Irland https://legal.hubspot.com/de/privacy-policy
pagead2.googlesyndication.com	Traffic analytics, marketing campaigns tracking	Ireland Google Ireland Limited, Irland https://policies.google.com/privacy	Unsplash, Inc., Canadahttps://unsplash.com/privacy
maxcdn.bootstrapcdn.com	Bootstrap CDN (stylesheets)	deer jsdelivr.com https://www.jsdelivr.com/terms/privacy-policy-jsdelivr-net	Google Ads (Remarketing und Conversion Tracking) Google Ireland Limited, Irland https://policies.google.com/privacy
l.neqty.net	Marketing campaigns tracking	Germany Netzeffekt GmbHhttps://www.financequality.net/datenschutz
a.neqty.net	Marketing campaigns tracking	Germany Netzeffekt GmbHhttps://www.financequality.net/datenschutz
googleads.g.doubleclick.net	Traffic analytics, marketing campaigns tracking	Ireland Google Ireland Limited, Irland https://policies.google.com/privacy

3.1.5) Links to external providers

Individual pages may contain links to other providers outside of baningo GmbH, to which the data protection declaration does not extend, i. H. we cannot assume any liability for this content. We select the linked content carefully, but if a link is incorrect, please let us know. We will remove or update it immediately.

3.2) Scope and purpose of data processing when using our newsletter

If you register for our newsletter, we use the data required for this or separately provided by you in order to regularly send you our e-mail newsletter for the purpose of information about the services we offer in accordance with your consent. Our newsletter can only be received if the person concerned has a valid e-mail address and the person concerned registers for the newsletter. For legal reasons, the person concerned receives an email after registering for our newsletter with the request to confirm this registration again (double opt-in). This serves to check whether the owner of the e-mail address, as the data subject, has authorized receipt of the newsletter.

The processing takes place on the basis of your consent to the processing of the personal data concerning you (Art 6 Para 1 lit a DSGVO). Unsubscribing from the newsletter and thus deletion from the mailing list is possible at any time and can be done either by sending a message to the contact option described below or via a link provided for this purpose in the newsletter.

In order to operate our newsletter, it is necessary for us to disclose your data to the following recipient:

recipient	task	legal basis	place of business
The Rocket Science Group, LLC 675 Ponce de Leon Ave NE Suite 5000 Atlanta, GA 30308 USA	Hosting of the newsletter tool and maintenance of the newsletter tool	Art 6 para 1 lit a GDPR	deer

3.3) Use of social media appearances of baningo GmbH

We maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to be able to inform them about our services there. When calling up the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.

In order to use social media sites, you must agree to the provider's terms of use and data protection notices. We use the following providers:

recipient	task	legal basis	place of business
Twitter, Inc. 1355 Market Street, Suite 900 San Francisco, CA 94103	Marketing activities of baningo GmbH	Art 6 Para 1 lit a GDPR or Art 6 Para 1 lit b GDPR	deer
Facebook Inc. 1 Hacker Way Menlo Park, CA 94025	Marketing activities of baningo GmbH	Art 6 Para 1 lit a GDPR or Art 6 Para 1 lit b GDPR	deer
YouTube, LLC 901 Cherry Ave., San Bruno, CA 94066	Marketing activities of baningo GmbH	Art 6 Para 1 lit a GDPR or Art 6 Para 1 lit b GDPR	deer
LinkedIn LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043	Marketing activities of baningo GmbH	Art 6 Para 1 lit a GDPR or Art 6 Para 1 lit b GDPR	deer
px.ads.linkedin.com	Marketing campaigns tracking	deer LinkedIn Corporation, USA https://www.linkedin.com/legal/privacy-policy	LinkedIn Corporation, USA https://www.linkedin.com/legal/privacy-policy
px4.ads.linkedin.com	Marketing campaigns tracking	deer LinkedIn Corporation, USA https://www.linkedin.com/legal/privacy-policy	LinkedIn Corporation, USA https://www.linkedin.com/legal/privacy-policy
s.w.org	Wordpress CDN	deer WordPress Foundation https://wordpress.org/about/privacy	Google Tag Manager (Universal Analytics) Google Ireland Limited, Irland https://policies.google.com/privacy
snap.licdn.com	Marketing campaigns tracking	Sweden LinkedIn Corporation, USA https://www.linkedin.com/legal/privacy-policy	Google Analytics Google Ireland Limited, Irland https://policies.google.com/privacy
snap.licdn.com	Marketing campaigns tracking	Sweden LinkedIn Corporation, USA https://www.linkedin.com/legal/privacy-policy	Google Analytics Google Ireland Limited, Irland https://policies.google.com/privacy
stats.g.doubleclick.net	Traffic analytics, marketing campaigns tracking	Finland Google Ireland Limited, Irland https://policies.google.com/privacy	Google reCAPTCHA Google Ireland Limited, Irland https://policies.google.com/privacy
www.google-analytics.com	Traffic analytics	Ireland Google Ireland Limited, Irland https://policies.google.com/privacy	Google general
www.google.com	Traffic analytics	Ireland Google Ireland Limited, Irland https://policies.google.com/privacy	Google reCAPTCHA Google Ireland Limited, Irland https://policies.google.com/privacy
www.google.de	Traffic analytics	Ireland Google Ireland Limited, Irland https://policies.google.com/privacy	Google reCAPTCHA Google Ireland Limited, Irland https://policies.google.com/privacy
www.googletagmanager.com	Traffic analytics, tag manager	Ireland Google Ireland Limited, Irland https://policies.google.com/privacy	Google reCAPTCHA Google Ireland Limited, Irland https://policies.google.com/privacy
www.gstatic.com	Google CDN	Ireland Google Ireland Limited, Irland https://policies.google.com/privacy	Google Tag Manager (Universal Analytics) Google Ireland Limited, Irland https://policies.google.com/privacy
www.linkedin.com	Marketing campaigns tracking	deer LinkedIn Corporation, USA https://www.linkedin.com/legal/privacy-policy	Google Tag Manager (Universal Analytics) Google Ireland Limited, Irland https://policies.google.com/privacy
images.unsplash.com	Unsplash CDN (graphics)	deer Unsplash, Inc., Canadahttps://unsplash.com/privacy	Google Tag Manager (Universal Analytics) Google Ireland Limited, Irland https://policies.google.com/privacy
polyfill.io	Polyfill CDN (javascript)	deer The Financial Times Limited, Großbritannien https://polyfill.io/v3/security-policy/	HubSpot Ireland Limited, Irland https://legal.hubspot.com/de/privacy-policy
use.fontawesome.com	Fontawesome CDN (fonts, stylesheets)	deer Fonticons, Inc.https://fontawesome.com/privacy	HubSpot Ireland Limited, Irland https://legal.hubspot.com/de/privacy-policy
www.google-analytics.com	Traffic analytics	Ireland Google Ireland Limited, Irland https://policies.google.com/privacy	HubSpot Ireland Limited, Irland https://legal.hubspot.com/de/privacy-policy
stats.g.doubleclick.net	Traffic analytics, marketing campaigns tracking	Ireland Google Ireland Limited, Irland https://policies.google.com/privacy	HubSpot Ireland Limited, Irland https://legal.hubspot.com/de/privacy-policy
pagead2.googlesyndication.com	Traffic analytics, marketing campaigns tracking	Ireland Google Ireland Limited, Irland https://policies.google.com/privacy	Unsplash, Inc., Canadahttps://unsplash.com/privacy
maxcdn.bootstrapcdn.com	Bootstrap CDN (stylesheets)	deer jsdelivr.com https://www.jsdelivr.com/terms/privacy-policy-jsdelivr-net	Google Ads (Remarketing und Conversion Tracking) Google Ireland Limited, Irland https://policies.google.com/privacy
l.neqty.net	Marketing campaigns tracking	Germany Netzeffekt GmbHhttps://www.financequality.net/datenschutz
a.neqty.net	Marketing campaigns tracking	Germany Netzeffekt GmbHhttps://www.financequality.net/datenschutz
googleads.g.doubleclick.net	Traffic analytics, marketing campaigns tracking	Ireland Google Ireland Limited, Irland https://policies.google.com/privacy

3.4) Data protection information regarding the use of baningo cards / digital business cards under Art. 13/14 GDPR.

Scope and purpose of data processing when using baningo cards

If you exchange your baningo card with customers, suppliers and other interested parties, your professionally relevant personal data will be processed.

Your data is processed for the purpose of initiating, maintaining and processing our business relationships and is based on your employment contract within the meaning of Art 6 Para 1 lit b GDPR in conjunction with our legitimate interest within the meaning of Art 6 Para 1 lit f GDPR, whereby this interest is based on a professional and representative External appearance of our company and customer loyalty is justified.

We process your personal data either for the duration of the employment relationship or until it is deleted from the baningo card pool (in the event that you change internally to a position where baningo cards are no longer necessary professionally).

The processed personal data consists, among other things, of first and last name, profile picture, e-mail address(es), employer (company), postal address(es), telephone number(s), password, Pass Type ID for the wallet and technical Log data in IT systems together.

In the course of processing for baningo cards, it is necessary for us to transmit your data to the following recipients:

recipient	legal basis	Place of business, place of processing
baningo GmbH	Art 6 para 1 lit b GDPR processor	EU/EUR
customers, suppliers and other interested parties	Art 6 para 1 lit b GDPR “recipient” of the baningo card	depending on the recipient
Wallet App operator	independent responsible person	depending on the wallet app operator chosen by the recipient

The transmission to the wallet app operator is necessary so that the baningo card is stored on the recipient's end device and can also be updated or deleted later via push notifications.

3.5) Data protection information for employees in accordance with Article 13/14 GDPR

Purpose:

Sharing professional employee contact information with our customers, suppliers and other interested parties in digital form

Categories of data subjects:

Employees or equivalent internal and external persons

Categories of personal data:

first and last names,
Email address(es),
employer (company),
postal address(es),
Telephone number(s),
Password,
Pass Type ID for the wallet and
technical log data in IT systems

Categories of recipients:

Customers,
Delivery,
other interested parties
Wallet app operators of the above recipients

Transfers of personal data to a third country:

Depending on the wallet app operator of the recipients listed above

Deadlines for deletion:

The processing of the personal data of the employees concerned ends at the end of the employment relationship. The processing of the personal data of the employees concerned ends if they are deleted from the baningo card pool prematurely, for example if you change internally to a position where the above-mentioned purpose is obsolete will.

Technical and organizational measures according to Article 32 paragraph 1:

Compliance with the "need to know principle" in the creation, maintenance and deletion of the baningo card
Remote deletion of their personal data of all baningo cards recipients, if this is supported by the wallet app operator
Best possible encrypted transmission of the data, as far as this is supported by the wallet app operator
Encrypted storage in the baningo cards database
Pseudonymization of personal data (Pass Type ID) for the user, this corresponds to

3.6) Scope and purpose of data processing of customers, potential prospects and business partners

In the course of our business relationship with customers, potential prospects and business partners, we process your personal data on the basis of contractual (pre-contractual obligations, processing of the contractual relationship with you, billing of services, communication and dispatch of digital materials in the course of processing the contract ; Art 6 Para 1 lit b GDPR) and legal obligations (legally required storage within the meaning of § 132 BAO and § 190 and 212 UGB; Art 6 Para 1 lit c GDPR) as well as due to our legitimate interests or due to legitimate interests of third parties (Art 6 Paragraph 1 lit f GDPR), whereby these interests are lawfully processed in the following positions to the required extent:

for the internal administration and management of your business case to the required extent (e.g.: processing your business case, forwarding your business case to various departments, filing, archiving purposes, correspondence with you) and
for the assertion and defense of legal claims.

The processing of your data serves the purpose of initiating, maintaining and processing our business relationships. The specific details of the types of data to be recorded can be found in the respective contract documents. If you do not provide us with this data, we cannot process your business case.

We will only store your data for as long as is necessary for the purposes for which we collected your data. In this context, statutory storage obligations must be taken into account (e.g. for tax reasons, contracts and other documents from our contractual relationship must be stored for a period of seven years (§ 132 BAO)). In justified individual cases, for example to assert and defend against legal claims, we can also store your data for up to 30 years after the end of the business relationship.

In the course of our business relationship, it may be necessary for us to transfer your data to the following recipients:

recipient	legal basis	place of business	place of business
Accounting, payroll accounting, tax advice	Art 6 para 1 lit c and f GDPR	Austria	deer
IT-Provider, IT-Support	Art 6 para 1 lit f GDPR	Austria	deer
Telekom Austria (telephone provider)	Art 6 para 1 lit f GDPR	Austria	deer
Banks to process payment transactions	Art 6 para 1 lit b GDPR	Austria, possibly worldwide	deer
Courts, notaries, experts, legal representatives	Art 6 para 1 lit c and f GDPR	Austria, possibly worldwide	LinkedIn Corporation, USA https://www.linkedin.com/legal/privacy-policy
Insurance on the occasion of the occurrence of the insured event	Art 6 para 1 lit a and c GDPR	Austria	LinkedIn Corporation, USA https://www.linkedin.com/legal/privacy-policy
Contract or business partners who are or should be involved in the service (e.g. intermediaries)	Art 6 para 1 lit b GDPR	Austria, possibly worldwide	Google Tag Manager (Universal Analytics) Google Ireland Limited, Irland https://policies.google.com/privacy
Federal agency "Statistics Austria" for the preparation of the legally required (official) statistics	Art 6 para 1 lit c GDPR	Austria	Google Analytics Google Ireland Limited, Irland https://policies.google.com/privacy
Accounting and auditing companies (for audit purposes)	Art 6 para 1 lit c GDPR	Austria	Google Analytics Google Ireland Limited, Irland https://policies.google.com/privacy
Service companies (Post, DHL, UPS, TNT, FedEx)	Art 6 para 1 lit b GDPR	Austria possibly worldwide	Google reCAPTCHA Google Ireland Limited, Irland https://policies.google.com/privacy
Third-party funds or sponsors	Art 6 para 1 lit b and c GDPR	Austria, possibly worldwide	Google general
www.google.com	Traffic analytics	Ireland Google Ireland Limited, Irland https://policies.google.com/privacy	Google reCAPTCHA Google Ireland Limited, Irland https://policies.google.com/privacy
www.google.de	Traffic analytics	Ireland Google Ireland Limited, Irland https://policies.google.com/privacy	Google reCAPTCHA Google Ireland Limited, Irland https://policies.google.com/privacy
www.googletagmanager.com	Traffic analytics, tag manager	Ireland Google Ireland Limited, Irland https://policies.google.com/privacy	Google reCAPTCHA Google Ireland Limited, Irland https://policies.google.com/privacy
www.gstatic.com	Google CDN	Ireland Google Ireland Limited, Irland https://policies.google.com/privacy	Google Tag Manager (Universal Analytics) Google Ireland Limited, Irland https://policies.google.com/privacy
www.linkedin.com	Marketing campaigns tracking	deer LinkedIn Corporation, USA https://www.linkedin.com/legal/privacy-policy	Google Tag Manager (Universal Analytics) Google Ireland Limited, Irland https://policies.google.com/privacy
images.unsplash.com	Unsplash CDN (graphics)	deer Unsplash, Inc., Canadahttps://unsplash.com/privacy	Google Tag Manager (Universal Analytics) Google Ireland Limited, Irland https://policies.google.com/privacy
polyfill.io	Polyfill CDN (javascript)	deer The Financial Times Limited, Großbritannien https://polyfill.io/v3/security-policy/	HubSpot Ireland Limited, Irland https://legal.hubspot.com/de/privacy-policy
use.fontawesome.com	Fontawesome CDN (fonts, stylesheets)	deer Fonticons, Inc.https://fontawesome.com/privacy	HubSpot Ireland Limited, Irland https://legal.hubspot.com/de/privacy-policy
www.google-analytics.com	Traffic analytics	Ireland Google Ireland Limited, Irland https://policies.google.com/privacy	HubSpot Ireland Limited, Irland https://legal.hubspot.com/de/privacy-policy
stats.g.doubleclick.net	Traffic analytics, marketing campaigns tracking	Ireland Google Ireland Limited, Irland https://policies.google.com/privacy	HubSpot Ireland Limited, Irland https://legal.hubspot.com/de/privacy-policy
pagead2.googlesyndication.com	Traffic analytics, marketing campaigns tracking	Ireland Google Ireland Limited, Irland https://policies.google.com/privacy	Unsplash, Inc., Canadahttps://unsplash.com/privacy
maxcdn.bootstrapcdn.com	Bootstrap CDN (stylesheets)	deer jsdelivr.com https://www.jsdelivr.com/terms/privacy-policy-jsdelivr-net	Google Ads (Remarketing und Conversion Tracking) Google Ireland Limited, Irland https://policies.google.com/privacy
l.neqty.net	Marketing campaigns tracking	Germany Netzeffekt GmbHhttps://www.financequality.net/datenschutz
a.neqty.net	Marketing campaigns tracking	Germany Netzeffekt GmbHhttps://www.financequality.net/datenschutz
googleads.g.doubleclick.net	Traffic analytics, marketing campaigns tracking	Ireland Google Ireland Limited, Irland https://policies.google.com/privacy

3.7) Scope and purpose of data processing by applicants

We process your personal data either to initiate and carry out pre-contractual measures (conclusion of a (free) service contract, Art 6 Para 1 lit b GDPR), based on your express consent (Art 6 Para 1 lit a GDPR), if we use you as an applicant* would like to continue to keep on record, or to fulfill our legal obligations (registration as an employee with social security, Art 6 Para 1 lit c GDPR).

The processing of your personal data serves to process the application process and register with social security if we hire you. If you do not provide us with your data, we cannot process your application. The specific details of the types of data to be recorded can be found in the respective application documents that you have provided or filled out.

We store your personal data either for the duration of the application process or until you revoke your consent (in the event that you have given your consent for us to keep your application on record). Irrespective of this, we store your data as long as there are statutory retention requirements or any legal claims for which the personal data are required to be asserted or defended have not yet become statute-barred.

In the course of the application process, it may be necessary for us to transmit your data to the following recipients:

recipient	legal basis	place of business
social security agency	Art 6 Abs 1 lit c DSGVO	Austria
IT-Provider, IT-Support	Art 6 Abs 1 lit f DSGVO	Austria
Accounting, tax advice, payroll accounting	Art 6 para 1 lit b GDPR	Austria
Tax office	Art 6 Abs 1 lit c DSGVO	Austria
Lawyer	Art 6 Abs 1 lit c und f DSGVO	Austria

3.8) Scope and purpose of visitor data processing due to the COVID-19 pandemic in offices in Vienna

If you visit our office in Vienna, due to the COVID-19 pandemic we process your data for the purpose of contact tracing in connection with the recording in a visitor list. This processing serves our legitimate interest, namely the control and administration of visitors within the framework of our house rules (Art 6 Para 1 lit f GDPR), or due to legal obligations in the course of Corona regulations (Art 6 Para 1 lit c GDPR) in the latest and valid version.

The following personal data are subject to processing:

User information: first name, last name
Email address
phone number
Date and time of visit

We will keep your data for 28 days.

3.9) Scope and purpose of data processing in the course of online meetings, telephone conferences with baningo

baningo uses the communication tool Google Meet to conduct telephone conferences, online meetings and video conferences (hereinafter: "online meetings"). Google Meet is a service provided by Google Ireland Ltd., Ireland, which is based in Ireland.

3.9.1) What data is processed?

Various types of data are processed when using Google Meet. The scope of the data also depends on what information you provide before or when you participate in an "online meeting".

The following personal data are subject to processing:

User information: first name, last name, phone (optional), email address, password (if "single sign-on" is not used), profile picture (optional), department (optional)
Meeting metadata: topic, description (optional), participant IP addresses, device/hardware information
For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of online meeting chat.
When dialing in with the telephone: information on the incoming and outgoing phone number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be saved.
Text, audio and video data: You may have the option of using the chat, question or survey functions in an "online meeting". In this respect, the text you enter will be processed in order to display it in the "online meeting" and, if necessary, to log it. In order to enable the display of video and the playback of audio, the data from the microphone of your end device and from any video camera on the end device are processed accordingly for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time via the Google Meet applications.

In order to take part in an "online meeting" or to enter the "meeting room", you must at least provide information about your name.

3.9.2) Storage of data

The data of meeting participants (name provided, email address provided, length of time attended meetings, meeting metadata and telephone dial-in data) who are registered as users on Google Meet will be stored for a period of 6 months.

3.9.3) Scope of Processing

baningo uses Google Meet to conduct "online meetings". If we want to record "online meetings", we will inform you transparently in advance and - if necessary - ask for your consent. The fact of the recording is also displayed to you.

If necessary for the purposes of logging results of an online meeting, we will log the content discussed and presented. A logging of the content will be announced at the beginning of the session.

3.9.4) Legal bases for data processing

Insofar as personal data is processed by applicants or employees of baningo GmbH, this is necessary to fulfill a contractual obligation (employment contract) in accordance with Article 6 Paragraph 1 lit b GDPR and is therefore the legal basis for data processing. If, in connection with the use of Google Meet, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary part of the use of Google Meet, Art 6 Para 1 lit f DSGVO is the legal basis for data processing. In these cases, our interest is in the effective implementation of "online meetings".

For customers, partners, suppliers and third parties, the legal basis for data processing when conducting “online meetings” is Art. 6 Para. 1 lit b GDPR, insofar as the meetings are held within the framework of contractual relationships. If there is no contractual relationship, the legal basis is Art 6 Para 1 lit f GDPR. Here, too, we are interested in the effective implementation of "online meetings".

3.9.5) Recipients / disclosure of data

Personal data processed in connection with participation in "online meetings" are generally not passed on to third parties unless they are intended to be passed on. Please note that content from "online meetings" as well as from personal meetings often serves to communicate information with customers, interested parties or third parties and is therefore intended to be passed on.
Other recipients: The provider of Google Meet necessarily receives knowledge of the above data, insofar as this is provided for in the context of our order processing contract with Google Meet.

4.) Data processing outside the European Union

baningo GmbH also uses services provided by providers from the USA or providers whose services are provided in the EU/EEA but whose owners are headquartered in the USA. Processing of personal data thus takes place in a third country. We have concluded order processing contracts with these providers to ensure an appropriate level of data protection.

On the one hand, an appropriate level of data protection is guaranteed by the conclusion of the so-called EU standard contractual clauses (2010/87/EU) of the European Commission. As additional protective measures, we have also made our configurations in such a way that, if possible, only data centers in the EU, the EEA or safe third countries are used for the processing and storage of personal data. In individual cases, additional measures to ensure a level of protection that is essentially equivalent to that in the EU will be examined and concluded.

The Commission Implementing Decision (EU) 2021/914 of June 4, 2021 on standard contractual clauses for the transfer of personal data to third countries in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council will be communicated to the data subjects in a timely manner and within the legally defined period implemented by processors.

5.) Collection of personal data from sources other than the data subject himself (Art. 14 GDPR)

In the course of a business relationship, or a related initiation, it is naturally necessary to conduct research about business partners. This is only done to the minimum extent necessary for the initiation and implementation of pre-contractual measures (conclusion of a contract, Art 6 Para 1 lit b GDPR). In this context, data may be retrieved and processed from the following public sources:

source of information	data types	Purpose/Justification
company register	Contact data, address data, status of the company	Checking the business address and creditworthiness
Website of your company or the institution you work for	Contact data, address data, curriculum vitae	Contact for Business Purposes
Various online business directories	Contact data, address data	Contact for Business Purposes

6.) What rights do you have with regard to data processing?

Provided the legal requirements are met, you have the right to

free information about your personal data processed by us (Article 15 GDPR).
Correction or completion of incorrect or incomplete data concerning you (Article 16 GDPR).
Deletion of your data (Art 17 GDPR) as well as
Restriction of the processing of your personal data if you

dispute the accuracy of the data for the period we need to check the accuracy, whether our data processing is unlawful, but you do not want it deleted,
the data is no longer required by us for the intended purpose,
However, you could still need this data to assert or defend legal claims or
you exercise your right to object. (Art 18 GDPR)

In the case of processing activities that are necessary to protect our legitimate interests or those of a third party, you have the right to object if you have an interest in your data being kept secret, which outweighs our interest in further processing your data. (Art 21 GDPR)

You also have the right to receive the data you have provided in a structured, common and machine-readable format. (Art 20 GDPR) If we process your data on the basis of your consent, you have the right to revoke this consent at any time by email. This does not affect the legality of the data processing that has taken place up to this point in time. (Art 7 para 3 GDPR)

7.) What rights of appeal do you have?

If, contrary to expectations, your right to the lawful processing of your data is violated, please contact us by email or post. We will endeavor to process your request immediately. However, you also have the right to lodge a complaint with the supervisory authority responsible for you for data protection matters. The competent supervisory authority in Austria is the data protection authority, see www.dsb.gv.at for contact information.

8.) How can you contact us?

If you have any further questions about the processing of your data, please feel free to contact our data protection coordinator at

baningo GmbH
Data Protection Officer: Martin Meinl
Registered office: Sechskrügelgasse 2/7,
1030 Wien
E-Mail: datenschutz@baningo.com

9.) Responsible within the meaning of the GDPR and the DSG

The person responsible within the meaning of Art 4 Z 7 DSGVO for the processing of your data in the processing activities listed under point 3 is:

baningo GmbH
Sechskrügelgasse 2/7,
1030 Wien
Tel.: 01 / 712 44 43
E-Mail: info@baningo.com