Privacy Policy

This Privacy Policy informs you about what personal data iSi Wearable Safety GmbH (herinafter: “we”) processes in connection with your visit to our website, your contacting us, the sending of our newsletter, the use of our services and our online presence.

We process your personal data exclusively in accordance with the applicable legal provisions, in particular the General Data Protection Regulation (GDPR), the Austrian Data Protection Act (DSG) and the Austrian Telecommunications Act 2021 (TKG), each as amended from time to time.

If you have any questions regarding the processing of your personal data, please do not hesitate to contact us at any time. Further information about our contact details can be found under Section 1.

1. Name and Contact Details of the Controller

iSi Wearable Safety GmbH

Kürschnergasse 4

1210 Vienna

Email: Info.Wearables@isi.com

2. Personal Data and General Information

Personal data means any data that contains information about personal or factual circumstances, for example your name, address, email address, age or gender. We collect, process and store your personal data in the context of your visit to our website in order to enable you to contact us, in connection with your participation in our loyalty programme and, where applicable, to send you our newsletter.

We process not only data that we collect from you directly, but also data received from involved third parties (Art 14 GDPR). As a principle, such data is only processed and stored by us

· to the extent that is necessary for the performance of contractual or legal obligations pursuant to Art 6(1) (b) and (c) GDPR,

· where your corresponding consent to the processing of your personal data has been given pursuant to Art 6(1)(a) GDPR,

· where the processing is necessary for the purposes of our legitimate interests or the legitimate interests of a third party, in particular our partners, pursuant to Art 6(1)(f) GDPR, and such legitimate interest outweighs your interest in confidentiality, or

Under certain circumstances, "sensitive" data may also be processed, such as data relating to criminal convictions and offences pursuant to Art 10 GDPR, in particular for the establishment, exercise or defence of legal claims in the context of the contractual relationship. Where this is the case, we base the processing on the legal basis of Art 9(2)(f) GDPR.

We store your personal data securely or delete it once the purpose of processing ceases to apply. This is subject to the condition that no legal obligations have been imposed on us that require the storage of data beyond the period of fulfilment of the purpose.

Furthermore, we reserve the right to store your personal data for as long as specific legal claims may be asserted against us.

3. Specific Processing Activities

Your personal data is processed by us for the following processing purposes:

3.1. Visit to Our Website

3.1.1. Scope of the Processing Activity

When you access our website, we automatically collect and store information in so-called server log files, which your browser automatically transmits to us. These are:

· Browser type

· Browser version

· Operating system used

· Referrer-URL

· Date and time of the server request

· Location/language

3.1.2. Purpose of the Processing Activity

We process this data for the purposes of logging system usage, the authorisation process and the analysis of server log files for problem analysis. If you do not provide us with your data, it may be the case that access is not possible under certain circumstances.

3.1.3. Legal Basis of the Processing Activity

The processing of the aforementioned data is based on our legitimate interest as the operator of the website. As a general principle, the individual data sets are not merged, however, we reserve the right to review the data if we become aware of specific indications of unlawful use, in particular malicious attacks.

You may object to the processing of your personal data at any time, stating your reasons, by contacting Info.Wearables@isi.

3.1.4. Recipients of the Data

For the operation of our website, including hosting, and for reasons of ensuring the security of our IT systems, we use the following service provider, who may gain access to your personal data in the course of its activities:

· MnO International AB, reg. no. 556497-9457, Textilgatan 43, 120 30 Stockholm, Sweden

· KMP Online AB, reg. no. 559069-5945, Virkesvägen 1 A, 120 30 Stockholm, Sweden

MnO International AB acts as processor of the data. KMP Online AB, as part of MnO International AB, acts as sub-processor of the data.

The service providers are contractually obliged to always safeguard the protection of your personal data, to implement appropriate technical and organisational measures regarding the security of the data, and under no circumstances to process your data for its own purposes or to forward it to third parties.

Furthermore, we reserve the right, in the event of a substantiated suspicion, to forward the data collected for this purpose to the competent authorities and courts. This is based on our legitimate interest in proper legal proceedings pursuant to Art 6(1)(f) GDPR.

There is no transfer of your personal data to third countries.

3.1.5. Storage Period

The data collected here is rotated daily and, after a one-day retention period, is automatically stored for a period of 90 days.

If we have a substantiated suspicion of abusive behaviour and forward the data to the competent public authorities, such data will be stored on a separate data carrier and deleted upon conclusion of the legal proceedings.

3.1.6. Further Processing of Personal Data

If you have given your consent to conversion tracking, the data collected in the context of your visit to our website may be further processed as part of the processing activity described in Section 3.6. No further processing for purposes other than those stated takes place.

3.1.7. Automated Decision-Making

The data processed in the context of your visit to our website is neither used for automated decision-making nor do we carry out so-called "profiling".

3.2. Contacting Us

3.2.1. Scope of the Processing Activity

For the purpose of contacting us, we process your personal data exclusively to the extent necessary to handle your contact request. This includes in particular the personal data that you provide to us via our various communication channels, or that is necessary to process your enquiry. If you already provide us with information about yourself or your company at this stage, i.e. in the context of initiating a contractual relationship, we collect, generate and store personal data exclusively to the extent necessary to fulfil our legal and contractual obligations. If we obtain data from other sources, this is indicated below.

3.2.2. Purpose of the Processing Activity

We process your data exclusively for the purpose of facilitating communication with us. For this purpose, we use automation-based systems. We have of course taken all technical and organisational measures to ensure the security of your data.

3.2.3. Legal Basis of the Processing Activity

For enquiries in connection with our products, newsletters or promotion of our products, the processing of personal data for this purpose takes place in fulfilment of our (pre-)contractual and/or legal obligations pursuant to Art 6(1)(b) GDPR and Art 6(1)(c) GDPR respectively.

If you direct a general enquiry to us, we process the data on the basis of our legitimate interest pursuant to Art 6(1) (f) GDPR.

3.2.4. Recipients of the Data

We transmit your data for the purpose of handling your contact request to the following recipients:

· MnO International AB, Textilgatan 43, 120 30 Stockholm, Sweden

· Klaviyo Inc., 125 Summer St Ste 600 Boston, MA 02110, United States of America

· Shopify Inc., 151 O’Connor Street, Ground Floor Ottawa, Ontario, K2P 2L8, Canada

· Gorgias Inc. 27 West 24th Street, Suite 600, New York, NY 10010, United States of America

· n8n GmbH, Novalisstraße 10, 10115 Berlin, Germany

· Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

It cannot be excluded that personal data may also be processed on servers outside the European Economic Area. In such cases, the transfer is based on adequacy decisions of the European Commission pursuant to Art 45 GDPR or Standard Contractual Clauses pursuant to Art 46(2)(c) GDPR. For further information regarding the transfer of data, you can contact us at Info.Wearables@isi.com.

The service providers are contractually obliged to always safeguard the protection of your personal data, to implement appropriate technical and organisational measures regarding the security of the data, and under no circumstances to process your data for their own purposes or to forward it to third parties.

3.2.5. Storage Period

The personal data collected in the context of contacting us is stored for the duration of the processing of your enquiry. After completion of the processing, the data is retained for a period of 3 years, unless further statutory retention obligations apply.

3.2.6. Further Processing of Personal Data

The personal data is further processed in the context of the processing activity "Complaint and Claims Management".

3.2.7. Automated Decision-Making

The data processed in the context of contacting us is neither used for automated decision-making nor do we carry out so-called “profiling”.

3.3. Loyalty Programme

3.3.1. Scope of the Processing Activity

If you decide to participate in our loyalty programme in order to receive a voucher for a discounted replacement purchase in the event of an accident, we process the following data:

Surname, first name, form of address, title, contact details (in particular email address), contact language, order number/customer ID, airbag ID, where applicable further information regarding the purchase of our product (in particular proof of purchase, date of purchase and place of purchase), detailed descriptions of the circumstances of the accident.

If you contact our customer support in the context of the loyalty programme, the following data is additionally processed: chat transcripts, support agent notes and device and browser information (the latter only for the duration of the respective session).

3.3.2. Purpose of the Processing Activity

We process your data exclusively for the purpose of your membership in our loyalty programme and to provide you, where applicable, with a voucher for a discounted replacement purchase of our product quickly and efficiently. Furthermore, we process your personal data for the purpose of communication optimisation by using data about accidents – subject to your consent – for promotional purposes.

3.3.3. Legal Basis of the Processing Activity

Your participation in our loyalty programme is based on your consent pursuant to Art 6(1)(a) GDPR. If you apply for a voucher for a discounted replacement purchase in a given case, the processing of personal data takes place in fulfilment of our (pre-)contractual obligations pursuant to Art 6(1)(b) GDPR. The processing of your personal data for advertising purposes is carried out exclusively on the basis of your consent pursuant to Art 6(1)(a) GDPR. Insofar as we process data in connection with customer support (in particular chat transcripts, support agent notes and device/browser information), this is based on our legitimate interest in efficient and quality-assured customer service pursuant to Art 6(1)(f) GDPR.

You may object to this processing at any time, stating your reasons, by contacting Info.Wearables@isi.com. Following a successful objection, we will delete the data without undue delay, unless our legitimate interests outweigh your interest in confidentiality and no statutory retention periods apply.

3.3.4. Recipients of the Data

To process your request and issue a voucher for a discounted replacement purchase of our product, we use the service providers listed below. We transmit your data for the purpose of your participation in our loyalty programme to the following recipients:

· Shopify Inc., 151 O’Connor Street, Ground Floor, Ottowa, Ontario, K2P 2L8, Canada

· Gorgias Inc., 27 West 24^th Street, Suite 600, New York, NY 10010, United States of America

· Klaviyo Inc., 125 Summer St Ste 600 Boston, MA 02110, United States of America

· n8n GmbH, Novalisstraße 10, 10115 Berlin, Germany

· Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

· Consentmo GDPR, Prof. Georgi Bradistilov Straße Nr. 4, 1700 Sofia, Bulgaria.

It cannot be excluded that personal data may also be processed outside the European Economic Area. In such cases, the transfer is based on adequacy decisions of the European Commission pursuant to Art 45 GDPR or Standard Contractual Clauses pursuant to Art 46(2)(c) GDPR are used. For further information regarding the transfer of data, you can contact us at Info.Wearables@isi.com.

The service providers are contractually obliged to always safeguard the protection of your personal data, to implement appropriate technical and organisational measures regarding the security of the data, and under no circumstances to process your data for their own purposes or to forward it to third parties.

3.3.5. Storage Period

The personal data processed in the context of the loyalty programme is stored as a general rule until the withdrawal of your consent, but for a maximum period of 4 years after your registration. In the case of a warranty claim, the required data is retained for a period of up to 7 years in order to comply with our statutory warranty and retention obligations.

Irrespective of the above, we retain data that is required for the establishment, exercise or defence of legal claims. Such data is stored on a separate data carrier and deleted upon expiry of the required storage period.

Device and browser information is stored only for the duration of the respective session.

3.3.6. Further Processing of Personal Data

The personal data is further processed in the context of the processing activities "Complaint and Claims Management", "Marketing" and “Newsletter Distribution”.

3.3.7. Automated Decision-Making

The data processed in the context of the loyalty programme is neither used for automated decision-making nor do we carry out so-called "profiling".

3.4. Webshop

3.4.1. Scope of the Processing Activity

For the sale of our products, we use the Shopify platform. In the event of an order, we process the following data:

· Form of address, first name, surname, company name, email address, password, demand interests, information on orders placed (in particular order number, products ordered, quantities and prices), payment method, transaction data, log data, date of last action in the user account, order status, Shopify Customer ID, telephone number, delivery address and billing address, tracking numbers, shipping status and, where applicable, warranty and return data.

3.4.2. Purpose of the Processing Activity

The data processing serves the purpose of processing your order, performing the contract, shipping, payment processing, customer management and the handling of warranty and return cases. Without this data, an order in our online shop is not possible.

3.4.3. Legal Basis of the Processing Activity

When purchasing our products via the online shop, the processing of personal data takes place in fulfilment of our (pre-)contractual and/or legal obligations pursuant to Art 6(1)(b) GDPR and Art 6(1)(c) GDPR respectively. Insofar as the processing serves customer management, fraud prevention or internal documentation, it is based on our legitimate interest pursuant to Art 6(1)(f) GDPR.

3.4.4. Storage period

The data is stored for the duration of the statutory retention obligations (as a general rule, 7 years in order to fulfil our tax and levy obligations pursuant to Section 132 of the Austrian Federal Fiscal Code [BAO]).

Data that is required for the establishment, exercise or defence of legal claims is retained for the duration of the statutory limitation periods (as a general rule, 3 years, in certain cases up to 30 years pursuant to Section 1478 ABGB). In such cases, the required data is stored on a separate data carrier and deleted upon expiry of the required storage period.

If we have a substantiated suspicion of conduct in breach of the contract or the law and forward the data to the competent public authorities, such data will be stored on a separate data carrier and deleted upon conclusion of the legal proceedings.

3.4.5. Further Processing of the Data

The personal data is further processed in the context of the processing activities "Complaint and Claims Management" and "Marketing", provided that the respective prerequisites are met (in particular your consent or the existence of a customer relationship).

3.4.6. Recipients of the Data

Our online shop is operated by Shopify Inc. The personal data required for payment processing is transferred to Shopify Inc. in accordance with Art 6(1)(b) GDPR for the purpose of fulfilling the contract. Shopify is a Canadian company that also operates servers in the EU. Shopify has committed to complying with European data protection standards. Further information can be found in Shopify's privacy policy at: https://www.shopify.com/legal/privacy.

In addition, your data will be shared with the following recipients as part of the ordering process:

· Gorgias Inc., 27 West 24^th Street, Suite 600, New York, NY 10010, United States of America

· Klaviyo Inc., 125 Summer St Ste 600 Boston, MA 02110, United States of America

· Consentmo GDPR, Prof. Georgi Bradistilov Straße Nr. 4, 1700 Sofia, Bulgaria.

The service providers are contractually obliged to always safeguard the protection of your personal data, to implement appropriate technical and organisational measures regarding the security of the data, and under no circumstances to process your data for their own purposes or to forward it to third parties.

In the event of shipping, the required data (in particular name, address, email address, telephone number, order details and tracking number) is additionally transmitted to the commissioned shipping company, in particular DHL, Postnord and/or Bring. The shipping companies receive this data exclusively for the purpose of delivery, shipment tracking and delivery coordination.

3.4.7. Automated Decision-Making

The data processed in the context of the online shop is neither used for automated decision-making nor do we carry out so-called “profiling”.

3.5. Newsletter

3.5.1. Scope of the Processing Activity

For our marketing activities, we exclusively process data that we have received from you in the context of your registration for our newsletter, namely:

Surname, first name, form of address, title, gender where applicable, email address, contact language, blocking indicators where applicable, information on responses to our emails ("bounces") where applicable, date and time of our marketing activities, information on consent and information on withdrawal of consent where applicable.

Registration for our newsletter takes place via embedded forms of our email marketing service provider Klaviyo. The data collected in the context of registration is therefore received and processed directly by Klaviyo.

In the context of the Klaviyo integration, where you have subscribed to our newsletter, your browsing behaviour on our website (in particular viewed products and page views) as well as e-commerce events are linked to your Klaviyo profile in order to send you behaviour-based and personalised emails.

Our marketing activities take place exclusively in accordance with the provisions of Section 174 of the Austrian Telecommunications Act 2021 (TKG) and Art 21 GDPR. The notice that you may object to our marketing activities at any time is included in each of our communications.

3.5.2. Purpose of the Processing Activity

The purpose of the data processing is to organise our marketing activities smoothly and efficiently and to inform our customers about our product.

3.5.3. Legal Basis of the Processing Activity

The sending of electronic direct marketing by email to existing customers takes place on the basis of Section 174(4) TKG 2021 in conjunction with Art 6(1)(f) GDPR. Where you independently register for the newsletter via our registration form, the processing is based on your consent pursuant to Art 6(1)(a) GDPR in conjunction with Section 174(1) TKG 2021.

3.5.4. Recipients of the Data

For the sending of our newsletter, we use the following service provider for efficient processing, who may gain access to your personal data in the course of its activities:

· Klaviyo Inc., 125 Summer St Ste 600 Boston, MA 02110, United States of America

It cannot be excluded that personal data may be processed by Klaviyo Inc. primarily on servers in the USA. In such cases, the transfer is based on adequacy decisions of the European Commission pursuant to Art 45 GDPR. Klaviyo Inc. is self-certified under the EU-US Data Privacy Framework. In addition, the Standard Contractual Clauses pursuant to Art 46(2)(c) GDPR are used.

The service provider is contractually obliged to always safeguard the protection of your personal data, to implement appropriate technical and organisational measures regarding the security of the data, and under no circumstances to process your data for its own purposes or to forward it to third parties.

3.5.5. Storage Period

The personal data that we process in the context of sending our newsletter is stored as a general rule until your objection. If you object to the data processing, your personal data will be deleted without undue delay, unless statutory retention obligations exist or the data is required in the individual case for the establishment or defence of legal claims.

3.5.6. Further Processing of Personal Data

The personal data is further processed in the context of the processing activity “Complaint and Claims Management”.

3.5.7. Automated Decision-Making

The data processed in the context of sending our newsletter is neither used for automated decision-making nor do we carry out so-called "profiling".

3.6. Conversion Tracking

We use so-called "conversion tracking" to inform you about various offers and, based on your responses such as clicks or conversion rates, to provide you with more relevant promotional content and to measure the success of our online advertising campaigns.

3.6.1. Scope of the Processing Activity

In the context of conversion tracking, the following information in particular is collected and processed

· Cookie information

· Time of visit (timestamp)

· URL of the page accessed

· Referrer-URL (the previously visited page)

· Technical information about your device and browser (browser type, operating system, device type)

· Information about clicked advertisements and your click behaviour, including GCLID and UTM parameters

· User interests

· Conversion Events

· Location data (city/regio)

3.6.2. Purpose of the Processing Activity

We process your personal data in particular for the following purposes:

· Measuring the effectiveness of our online advertising (conversion measurement)

· Limiting the number of times the same advertisement is displayed to you

· Analysing user behaviour to improve our advertising measures

· Displaying interest-based advertising (so-called "remarketing" or "retargeting")

· Planning, management and evaluation of advertising campaigns

· Creating statistical reach and target group analyses

3.6.3. Legal Basis of the Processing Activity

The processing of your personal data takes place exclusively on the basis of your express consent pursuant to Art 6(1)(a) GDPR. You grant this consent via our cookie consent banner when you first visit our website. You may withdraw your consent at any time with effect for the future without affecting the lawfulness of processing carried out on the basis of the consent prior to its withdrawal. You may exercise the withdrawal via the cookie settings on our website or by email to Info.Wearables@isi.com.

3.6.4. Recipients of the Data

In the context of

· Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Google Analytics 4 und Google Ads Conversion Tracking)

· Meta Platforms Ireland Ltd, Merrion Road, Dublin 4, D04 X2K5, Ireland (Meta Pixel)

It cannot be excluded that data may also be processed on the servers of the respective parent companies in the USA. In such cases, the transfer is based on adequacy decisions of the European Commission pursuant to Art 45 GDPR. Google LLC and Meta Platforms Inc. are self-certified under the EU-US Data Privacy Framework. In addition, the Standard Contractual Clauses pursuant to Art 46(2)(c) GDPR are used.

The service providers are contractually obliged to always safeguard the protection of your personal data, to implement appropriate technical and organisational measures regarding the security of the data, and under no circumstances to process your data for their own purposes or to forward it to third parties.

3.6.5. Storage Period

The personal data that we process in the context of conversion tracking is stored for a maximum period of 90 days. The cookies have a storage duration up to a maximum of 2 years.

3.6.6. Further Processing of Personal Data

No further processing of the data by us for purposes other than those stated takes place. However, we point out that Google may link the data collected with other data that you have provided to Google in the context of using other Google services, provided that you have given your consent for this. Further information can be found in Google's privacy policy at https://policies.google.com/privacy.

We also point out that Meta may link the data collected with other data that you have provided to Meta in the context of using other Meta services (in particular Facebook and Instagram). Further information can be found in Meta's privacy policy at https://privacycenter.instagram.com/policy/.

3.6.7. Automated Decision-Making

The data processed in the context of conversion tracking is neither used for automated decision-making within the meaning of Art 22 GDPR nor do we carry out so-called "profiling" that would produce legal effects or similarly significantly affect you.

3.7. Corporate Communications

Your data is processed in joint controllership pursuant to Art. 26 GDPR with the respective platform operator. These are:

· Instagram and Facebook, both operated by Meta Platforms Ireland Ltd, Merrion Road, Dublin 4, D04 X2K5, Ireland;

· LinkedIn, operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland; and

· YouTube, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

We expressly point out that we only have access to the data that you as a user have made available to these platforms. We have no influence, despite the joint controllership, on any analyses, transfers, in particular to the parent companies of the social networks in third countries, or other processing of your data for other purposes. If you have questions regarding the processing of your data that go beyond the purposes stated here and/or wish to exercise your rights, please contact the respective platform operator. We are happy to support you in this regard. Please contact us at Info.Wearables@isi.com.

Further information on the processing of your data and the content of the joint controllership arrangement can be found at https://www.facebook.com/about/privacy and https://privacycenter.instagram.com/policy/ for Facebook and Instagram, https://www.linkedin.com/legal/privacy-policy for LinkedIn and https://policies.google.com/privacy for YouTube.

3.7.1. Scope of the Processing Activity

We operate “fan pages” on various social media platforms for corporate communications. As part of our corporate communications, we process the personal data you provide on these social media platforms when you interact with us via these channels. This usually includes: surname, first name, title, gender, telephone number and other information required for addressing purposes, which arises from modern communication technologies; online identity on the respective social media platform (username, photo, avatar, logo); published and unpublished posts on the social media presence (e.g. comments, enquiries, ratings [e.g. “Like”], photos, videos, etc.), public and non-public reactions to our posts (replies, comments, etc.), logging of enquiries and correspondence via social media channels, content and time of creation of the log, other response behaviour to activities (positive reaction to posts).

Further information on which data is processed when visiting our fan pages, apart from corporate communications, can be found in Section 3.8.

3.7.2. Purpose of the Processing Activity

The purpose of the data processing is to enable simple and straightforward correspondence through our online presences and to inform you about our projects and our company as well as our services. You can contact us via direct messages, the like function or the comment function. In the context of this contact, only the data that you have stored on your profile is displayed to us. We point out that your comments and likes are stored indefinitely unless you arrange for their deletion and that they can be viewed by other users.

3.7.3. Legal Basis of the Processing Activity

We process your personal data on the basis of our legitimate interests pursuant to Art 6(1)(f) GDPR in order to enable rapid and straightforward correspondence as well as efficient community management. Insofar as the processing is based on your active interaction with our content (e.g. comments, likes, direct messages), the processing is additionally based on your consent pursuant to Art 6(1)(a) GDPR. If you do not wish us to process your data, we kindly ask you not to interact with our posts. You may object to the processing of your data at any time, stating your reasons. Please send an email for this purpose to Info.Wearables@isi.com.

3.7.4. Storage Period

The personal data processed in the context of corporate communications is stored until the withdrawal of your consent or up to 1 year after the last contact, whichever occurs first.

In addition, we retain data that is required for the establishment, exercise or defence of specific legal claims in the individual case for the duration of the applicable statutory limitation periods. In such cases, the required data is stored on a separate data carrier and deleted upon expiry of the required storage period.

If we have substantiated suspicion of conduct in breach of the contract or the law and forward the data to the competent public authorities, such data will be stored on a separate data carrier and deleted upon conclusion of the legal proceedings.

3.7.5. Further Processing of the Data

The personal data may be further processed in the context of the following processing activities: communication and ticket handling, customer service documentation and analysis of user sentiment for the creation of more relevant content and CX optimisation.

3.7.6. Recipients of the Data

In the context of corporate communications and community management, we use the following service providers:

· Punkt Gesellschaft für Public Relations mbH, Völckersstraße 44, 22765 Hamburg, Germany

· MnO International AB, Textilgatan 43, 120 30 Stockholm, Sweden

· Gorgias Inc., 27 West 24th Street, Suite 600, New York, NY 10010, United States of America

The aforementioned processors and recipients are contractually obliged to always safeguard the protection of your personal data, to implement appropriate technical and organisational measures regarding the security of the data, and under no circumstances to process your data for their own purposes or to forward it to third parties.

With regard to Gorgias Inc., it cannot be excluded that personal data may also be processed on servers in the USA. In such cases, the Standard Contractual Clauses pursuant to Art 46(2)(c) GDPR are used.

In addition, your data is processed by the respective platform operators in the context of joint controllership (Art 26 GDPR). The extent to which your data is transmitted by the social media platforms depends, among other things, on your privacy settings. Furthermore, we point out that when using social media, even if you are not logged in, data may be processed by the operator of the respective platform and, under certain circumstances, transferred to third parties based in a third country, in particular the USA. In such cases, the transfer is based on adequacy decisions of the European Commission pursuant to Art 45 GDPR. Meta Platforms Inc., Google LLC and LinkedIn Corporation are self-certified under the EU-US Data Privacy Framework. In addition, the Standard Contractual Clauses pursuant to Art 46(2)(c) GDPR are used.

3.7.7. Automated Decision-Making

The processed data is neither used for automated decision-making nor do we carry out so-called "profiling".

3.8. Fan Pages and Company Profiles

To increase our online presence and thus facilitate communication and interaction with visitors to our website and our social media presences, we operate fan pages and company profiles on the following social media platforms:

· Instagram and Facebook, both operated by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland and

· LinkedIn, operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland („LinkedIn“); and

· YouTube, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland („YouTube”)

3.8.1. Instagram and Facebook

Through the operation of the fan page, there is joint processing of data pursuant to Art 26 GDPR by us and by Meta Platforms Ireland Ltd as operator of Instagram and Facebook for the purpose of improving marketing and related analyses by Meta Platforms Ireland Limited. We receive the following information via our Instagram and Facebook channel following statistical analysis by Meta Platforms Ireland Limited:

Information about persons: We receive data about persons who visit our Instagram or Facebook page, including gender, age range and location. Visitor information includes the total number of "likes" and subscribers, the number of new subscribers and demographic information about subscribers by origin (country, city, locality), gender, age and language.

Information about posts: We receive data about the various types of posts and their success, based on average reach, comments and interactions.

Information about video interactions: We receive data about how often a video shared by us was viewed longer than 3 or 30 seconds.

Reach: We receive information about post reach, including the number of persons to whom our post was delivered, broken down by paid and organic reach. In addition, we receive data about positive interactions such as "likes", comments, shared content and recommendations, as well as negative interactions such as hidden posts, content reported as spam and "unlikes". We also receive information about the number of fan page subscribers and the total reach, i.e. the number of persons to whom an action from our page was displayed.

3.8.2. LinkedIn

As with Instagram, there is joint processing of data pursuant to Art 26 GDPR by us and by LinkedIn Ireland Unlimited Company for the purpose of improving marketing and related statistical analyses, regardless of whether you are a registered user of the platform or not. Please note that, despite the joint controllership, we have no influence on the manner of collection, provision and processing of the data, that we receive analyses exclusively in anonymised form and therefore cannot transmit them to third parties. We receive the following information following statistical analysis by LinkedIn:

Information about persons: We receive data about our followers, including information on the location and country of access, career level, industry, company size and area of activity. In addition, we receive information about reached persons for whom our post was served in the last 28 days, as well as interacting persons who liked, commented on, shared or otherwise interacted with our posts on our page in the last 28 days.

Information about followers: We receive data about the total number of followers and the number of new followers in the last 28 days.

Information about visits: We receive information about how often each post was clicked, which device the followers use to access the profile and a percentage comparison to access from the previous day.

Information about posts: We receive data about the online behaviour of followers, including average reach and interaction, broken down by paid and organic reach.

3.8.3. YouTube

Through the operation of our YouTube channel, there is joint processing of data pursuant to Art 26 GDPR by us and by Google Ireland Limited as operator of YouTube for the purpose of improving marketing and related statistical analyses. Please note that, despite the joint controllership, we have no influence on the manner of collection, provision and processing of the data by Google and that we receive analyses exclusively in anonymised or aggregated form. We receive the following information following statistical analysis by YouTube (YouTube Analytics):

Information about viewers: We receive data about persons who view our videos, including gender, age range and geographical location (country, region). In addition, we receive information about the total number of subscribers and the number of new subscribers within a given period.

Information about video interactions: We receive data about the number of views, the average and total watch time, audience retention (at which point viewers leave a video) as well as positive and negative interactions such as "likes", "dislikes", comments and shared content.

Reach and traffic sources: We receive information about how viewers reach our videos (e.g. via YouTube search, external websites, suggested videos or direct links) as well as data about the devices used (desktop, mobile, tablet, smart TV).

Information about posts: We receive data about the performance of individual videos, including impressions, click-through rates on thumbnails and the average watch time per view.

3.8.4. Purpose of the Processing Activity

The purpose of the data processing is to enable simple and straightforward correspondence through our online presences and to inform you about our projects and our company as well as our services. You can contact us via direct messages, the like function or the comment function. In the context of this contact, only the data that you have stored on your profile is displayed to us. We point out that your comments and likes are stored indefinitely unless you arrange for their deletion and that they can be viewed by other users. In addition, the processing serves the analysis of user sentiment and the creation of more relevant content as well as the optimisation of our customer communication.

3.8.5. Legal Basis of the Processing Activity

We process your personal data on the basis of our legitimate interests pursuant to Art 6(1)(f) GDPR in order to enable rapid and straightforward correspondence. Insofar as the processing is based on your active interaction with our content (e.g. comments, likes, direct messages), the processing is additionally based on your consent pursuant to Art 6(1)(a) GDPR. If you do not wish us to process your data, we kindly ask you not to interact with our posts. You may, if already done, object to the processing of your data at any time, stating your reasons. Please send an email for this purpose to Info.Wearables@isi.com.

3.8.6. Storage Period

The personal data processed in the context of operating our fan pages and company profiles is stored until the withdrawal of your consent or up to 1 year after the last contact, whichever occurs first.

3.8.7. Further Processing of the Data

The personal data is not further processed for any other purposes.

3.8.8. Recipients of the Data

Your data is not transmitted by us to any further recipients. The extent to which your data is transmitted by the social media platforms in the context of joint controllership depends, among other things, on your privacy settings. Furthermore, we point out that when using social media, even if you are not logged in, data may be processed by the operator of the respective platform and, under certain circumstances, transferred to third parties based in a third country, in particular the USA. In such cases, the transfer is based on adequacy decisions of the European Commission pursuant to Art 45 GDPR. Meta, LinkedIn and Google are self-certified under the EU-US Data Privacy Framework. In addition, the Standard Contractual Clauses pursuant to Art 46(2)(c) GDPR are used.

3.8.9. Automated Decision-Making

The processed data is neither used for automated decision-making nor do we carry out so-called "profiling".

4. Data Subject Rights

As a data subject within the meaning of the General Data Protection Regulation (GDPR), you are entitled to the following rights:

4.1.1. Right of Access (Art 15 GDPR)

You have the right to obtain information about the processing of your personal data at any time and without any formality requirements. This includes information about:

· The purposes of processing

· The categories of data processed

· The recipients or categories of recipients

· The storage period

· The origin of the data (if not collected from you)

· Any automated decision-making employed including “profiling”

· Appropriate safeguards in the case of data transfers to third countries or international organisations.

4.1.2. Right of Rectification (Art 16 GDPR) and Right to the Restriction of Processing (Art 18 GDPR)

You may request the rectification of inaccurate personal data concerning you or the completion of incomplete personal data. In addition, under certain conditions, you have the right to demand the restriction of the processing of your data.

4.1.3. Right to Data Portability (Art 20 GDPR)

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format, or to request the transmission to another controller, insofar as this is technically feasible.

4.1.4. Right to Erasure (Art 17 GDPR)

Under certain circumstances, you may request the erasure of your personal data without undue delay. Please note that we cannot comply with a request for erasure if the processing is necessary for compliance with legal obligations or for the establishment, exercise or defence of legal claims.

4.1.5. Right to Object (Art 21 GDPR)

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you. We will then no longer process the data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

4.1.6. Right to Withdraw Your Consent (Art 7(3) GDPR)

Where the processing is based on your consent, you have the right to withdraw that consent at any time. The withdrawal shall not affect the lawfulness of processing based on consent before its withdrawal. To exercise your right of withdrawal, an informal notification by email to Info.Wearables@isi.com is sufficient.

4.1.7. Right to Lodge a Complaint (Art 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of personal data concerning you infringes the GDPR. In Austria, the competent authority is:

Austrian Data Protection Authority
Barichgasse 40-42, 1030 Vienna

Without prejudice to the foregoing, the possibility of bringing an action before the Regional Court (Landesgericht) pursuant to Section 29(2) of the Austrian Data Protection Act (DSG) and of any other legal remedies, in particular the assertion of claims for damages in the case of unlawful processing, remains unaffected.

5. Amendment of the Privacy Policy

We reserve the right to amend this Privacy Policy at any time in compliance with the applicable data protection provisions. Users are requested to inform themselves regularly about the content of the Privacy Policy.