PRIVACY POLICY

SUPERSTRING SOLUTIONS AG

Status: 28.02.2022

Superstring Solutions AG (hereinafter “Superstring Solutions AG“, “we“, “us”) is aware of the importance of the personal data trusted to it. It is therefore particularly important to us to ensure the confidentiality and lawful processing of your data on our website (the “website“) to provide information on products and services of Superstring Solutions AG.

In this privacy policy you will find information about the data processing carried out by us. We use the terms set forth in the General Data Protection Regulation (“GDPR“). For better comprehensibility, we would like to explain the most important terms according to their legal definition below.

  • Personal data: Any information relating to an identified or identifiable natural person (“data subject“); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Processing: Any operation or set of operations which is performed on personal data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • Data subject: The person whose personal data are processed.
  • Controller: The natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
  • Processor: The natural or legal person, public authority, agency or other body that processes personal data on behalf of the Controller.
  • Consent (of the data subject): any freely given specific, informed and unambiguous indication of his or her wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.
  • Personal Data Breach: The breach of security that, whether accidentally or unlawfully, results in the destruction, loss, alteration, or unauthorized disclosure of, or access to, personal data that has been transmitted, stored, or otherwise processed.

 

 

  1. WHO IS RESPONSIBLE FOR DATA PROCESSING AND WHOM CAN I CONTACT?
    • Superstring Solutions AG is the responsible person in the sense of Article 4 (7) GDPR. You can reach us under

Superstring Solutions AG
Unterägeri, ZUG, Switzerland

Email: info@naf.art

  • Our contact for data protection is Superstring Solutions AG.
  1. FOR WHAT PURPOSES DO WE PROCESS YOUR PERSONAL DATA?
    • Use of the website and contact via the website
      1. Description: When you visit a website, certain information is created and stored automatically, including on our website. To make it easier for you to contact us, Superstring Solutions AG provides you with an interactive contact form on the website. Without the processing of the following categories of data, a reliable operation of the website cannot take place.
      2. Data categories: We process contact data (first name, last name, e-mail address, company) as well as additional personal data that you voluntarily provide us via the input mask for the purpose of contacting you. In addition, the address (URL) of the website accessed, browser and browser version, the operating system used, the address (URL) of the previously visited pages (referrer URL), the host name and IP address of the device, from which access is made, as well as the date and time are stored in web server log files.
      3. Legal basis: We process the mentioned personal data on the basis of legitimate interests (Article 6 (1) (f) GDPR), such as the proper operation of our website and the provision of information about our products and services.
      4. Storage period: We store the mentioned personal data for a period of 30 days. After 30 days, the web server log files are automatically deleted. We process your data, which is provided to us via the contact form, for the duration of the processing of your request.
    • Processing of personal data to send information about our products and services
      1. Description: Upon request, we will send you information about our products and services by e-mail. For this purpose we process your personal data. Without this data, we cannot send you this information.
      2. Data categories: We process your first and last name, e-mail address and company for this purpose.
      3. Legal basis: We process the mentioned personal data on the basis of your consent (Article 6 (1) (a) GDPR).
      4. Storage period: We store the mentioned personal data until the time of your revocation, while you have the option to revoke your mentioned consent at any time. This allows you to refuse the future sending of information about our products and services to your specified e-mail address at any time, free of charge and without complications. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
    • Transer of application documents
      1. Description: Applicants can submit their resume and other application documents to Superstring Solutions AG. No application can be made without this data.
      2. Data categories: The personal data mentioned under this point a. or contained in the application documents will be processed. In addition, personal data, which you provide to us voluntarily in this context are processed too.
      3. Legal basis: We process the mentioned personal data on the basis of our legitimate legal interests (Article 6 (1) (f) GDPR) in order to be able to evaluate applicants.
      4. Storage period: We store the mentioned personal data for a period of 7 months for the purpose of defence against any claims asserted by applicants pursuant to sections 15 (1) and 29 of the Austrian Equal Treatment Act (GlBG) on the grounds of discrimination in job applications. If applicant data is to be kept on record beyond this period, we will obtain your consent for this.
    • Law enforcement
      1. Description: In the event of a legal dispute, the data required for the appropriate prosecution is transmitted to legal representatives and courts.
      2. Data categories: Contact data (e.g. first and last name, acad. title, address), data related to the litigation in question (e.g. your behavior in relation to the use of the website);
      3. Legal basis: We process the mentioned personal data on the basis of legitimate legal interests (Article 6 (1) (f) in connection with Article 9 (2) (f) GDPR) for the purpose of legal prosecution.
      4. Storage period: We store the mentioned personal data for the purpose of pursuing or defending legal claims for as long as this is necessary for the potential conduct of proceedings or until the expiry of the statutory limitation periods, whereby the statutory limitation period for claims arising from the breach of contracts is three years.
  1. TO WHICH RECIPIENTS WILL YOUR PERSONAL DATA BE TRANSFERRED?
    • In the course of our data processing, we transfer your personal data to the following recipients to the extent necessary: service partners, service providers, legal representatives, courts and administrative authorities as well as companies that are commissioned to support our internal IT infrastructure (software, hardware).
  2. WHAT RIGHTS DO YOU HAVE?
    • You have the right of access information under Art 15 GDPR, the right to rectification under Art 16 GDPR, the right to erasure under Art 17 GDPR, the right to restriction of processing under Art 18 GDPR, the right to object under Art 21 GDPR, the right not to be subject to automated decision-making in individual cases, including profiling, and the right to data portability under Art 20 GDPR. In addition, you have the right to lodge a complaint with a competent data protection supervisory authority (Art 77 GDPR). You can find more information about your rights at: https://www.dsb.gv.at/rechte-der-betroffenen.
    • The competent supervisory authority is the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna (https://www.dsb.gv.at/).
  3. EMBEDDING OF SOCIAL MEDIA PLUG-INS AND SIMILAR INSTRUMENTS
    • We use the following social media plug-ins and similar tools as part of the operation of the website. In particular, we include elements of social media services on our website to display images, videos and texts. By visiting pages that display these elements, data may be transmitted from your browser to the respective social media service and stored there. We do not have access to this data. A description of the respective service and the personal data processed can be found below.
    • The legal basis for embedding the following services is your consent according to Article (6) (1) (a) GDPR.
    • Storage period: We process your personal data until your valid consent is revoked at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. You can partially prevent the usage of the following services by setting the internet browser used accordingly and thus permanently prevent such data processing.
    • Google Maps
      1. We use Google Maps by the company Google Inc. on our website. For the European area the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. Google Maps allows us to show you locations better and thus adapt our service to your needs.
      2. Through the usage of Google Maps, data is transmitted to Google and processed on Google servers, including in particular data about the use of the Maps functions by visitors to the website. For more information about data processing by Google, please refer to the privacy policy of Google on https://www.google.at/intl/de/policies/privacy/. There you can also change your settings in the Privacy Center so that you can manage and protect your data.
    • Instagram
      1. Superstring Solutions AG has integrated components of the service Instagram on this website. Instagram is a service that qualifies as an audiovisual platform and allows users to share photos and videos and also to redistribute such data in other social networks.
      2. The operating company of the Instagram services is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.
      3. By calling up one of the individual pages of this website, which is operated by the controller who is responsible for the processing, and which integrates an Instagram component (Insta button), the internet browser on the information technology system of the data subject is automatically caused to download a representation of the corresponding component from Instagram by the respective Instagram component. Within the scope of this technical procedure, Instagram receives notice about which specific subpage of our website is visited by the data subject.
      4. If the data subject is logged in to Instagram at the same time, Instagram recognizes which specific subpage the data subject is visiting each time the data subject opens our website as well as for the entire duration of the respective stay on our website. This information is collected by the Instagram component and assigned by Instagram to the respective Instagram account of the data subject. If the data subject activates one of the Instagram buttons integrated on our website, the data and information transmitted will be assigned to the personal Instagram user account of the data subject and stored and processed by Instagram.
      5. Instagram always receives information via the Instagram component that the data subject has visited our website, if the data subject is simultaneously logged into Instagram at the time of calling up our website. This takes place regardless of whether the data subject clicks on the Instagram component or not. If the data subject does not want this information to be transmitted to Instagram, he or she can prevent the transmission by logging out of his or her Instagram account before accessing our website.
      6. Further information and the applicable privacy policy of Instagram can be found at https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.
    • LinkedIn
      1. Superstring Solutions AG has integrated components of the LinkedIn Corporation on this website. LinkedIn is a social network that allows users to connect with existing business contacts and make new business contacts.
      2. The operating company of LinkedIn is LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. For data protection issues in Europe, LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible.
      3. With each individual call-up of our website that is equipped with a LinkedIn component (LinkedIn plug-in), this component causes the browser used by the data subject to download a corresponding representation of the component from LinkedIn. Further information on LinkedIn plug-ins can be found at https://developer.linkedin.com/plugins. As part of this technical procedure, LinkedIn receives knowledge of about specific subpage of our website is visited by the data subject.
      4. If the data subject is logged in to LinkedIn at the same time, LinkedIn recognizes which specific subpage of our website the data subject is visiting each time the data subject calls up our website and for the entire duration of the respective stay on our website. This information is collected by the LinkedIn component and assigned by LinkedIn to the respective LinkedIn account of the data subject. If the data subject activates a LinkedIn button integrated on our website, LinkedIn assigns this information to the personal LinkedIn user account of the data subject and stores this personal data.
      5. LinkedIn always receives information via the LinkedIn component that the data subject has visited our website if the data subject is logged into LinkedIn at the same time as calling up our website; this takes place regardless of whether the data subject clicks on the LinkedIn component or not. If the data subject does not want this information to be transmitted to LinkedIn, he or she can prevent the transmission by logging out of his or her LinkedIn account before accessing our website.
      6. LinkedIn provides the ability to unsubscribe from email messages, SMS messages, and targeted ads, as well as manage ad settings, at https://www.linkedin.com/psettings/guest-controls. LinkedIn’s applicable privacy policy is available at https://www.linkedin.com/legal/privacy-policy. LinkedIn’s cookie policy is available at https://www.linkedin.com/legal/cookie-policy.
    • Vimeo
      1. Superstring Solutions AG also uses videos of the company Vimeo on the website. The video portal is operated by Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA. With the help of a plug-in, we can show you interesting video material directly on our website. In the process, certain data may be transferred from you to Vimeo. You can find more information on data processing by Vimeo at https://vimeo.zendesk.com/hc/de/sections/203915088-Datenschutz.
      2. When you visit a web page on our website that has a Vimeo video embedded, your browser connects to the servers of Vimeo. This results in a data transmission. This data is collected, stored and processed on the servers of Vimeo. Vimeo collects data about you, regardless of whether you have a Vimeo account or not. This includes your IP address, technical info about your browser type, operating system or very basic device information. Furthermore, Vimeo stores information about the website, from which you use the Vimeo service and which actions (web activities) you perform on our website. These web activities include, for example, session duration, bounce rate or which button you clicked on our website with built-in Vimeo function.
      3. If you are logged in to Vimeo as a registered member, more data can usually be collected, as more cookies may have already been set in your browser. In addition, your actions on our website are directly linked to your Vimeo account. To prevent this, you must log out of Vimeo while “surfing” our website.

Name

Purpose

Storage duration

afUserId

enables the player to work properly and improves the user experience

20 days

_uetvid

enables the player to work properly and improves the user experience

5 days

_gol_au

enables the player to work properly and improves the user experience

20 days

player

enables the player to work properly and improves the user experience

27 days

_ga

enables the player to work properly and improves the user experience

20 days

has_logged in

enables the player to work properly and improves the user experience

16 days

is_logged_in

enables the player to work properly and improves the user experience

16 days

vuid

enables the player to work properly and improves the user experience

27 days

 

  • Google Fonts
    1. On our website we use Google Fonts. These are the “Google Fonts” by the company Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. You can also find more information on data processing by Google at https://www.google.com/intl/de/policies/privacy/.
    2. You do not need to log in or enter a password to use Google Fonts. Furthermore, no cookies are stored in your browser. The files (CSS, fonts) are requested via the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, the requests for CSS and fonts are completely separate from all other Google services. If you have a Google account, you do not need to worry that your Google account information, while using Google Fonts, will be transmitted to Google. Google records the usage of CSS (Cascading Style Sheets) and the fonts used and stores this data securely.
    3. When you visit our website, the fonts are reloaded via a Google server. Through this external call, data is transmitted to the Google servers. In this way, Google also recognizes that you or your IP address is visiting our website.
    4. Google Fonts stores CSS and font requests securely at Google and is therefore protected. Through the collected usage figures, Google can determine how well the individual fonts are received. Google publishes the results on internal analysis pages, such as Google Analytics. In addition, Google also uses data from its own web crawler to determine which websites are using Google fonts.
    5. Through each Google Font request, information such as language settings, IP address, browser version, browser screen resolution, and browser name are also automatically transmitted to the Google servers. Whether this data is also stored cannot be clearly determined or is not clearly communicated by Google.
    6. Google stores requests for CSS assets for one day on its servers, which are mainly located outside the EU. This allows us to use fonts with the help of a Google stylesheet. A stylesheet is a format template that can be used to easily and quickly change the design or font of a website, for example. The font files are stored by Google for one year.