Privacy Policy LEXIKA Translation Agency

General
As the “data controller” within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations, we take the protection of your personal data very seriously. We hereby inform you about the processing of your personal data and the data protection rights and claims to which you are entitled.

The data controller in accordance with the General Data Protection Regulation (GDPR) is:
LEXIKA Translation Agency

Mag. Maja Galler
Schröttergasse 8
A-8010 Graz, Austria
UID no.: ATU28180704

You can always contact the following e-mail address for any questions concerning data protection: lexika@lexika.at

The use of the services we offer is not possible without providing personal data. According to Art. 4a GDPR, personal data is all information relating to an identified or identifiable natural person, such as name, address, email addresses and user behaviour.

Please note that data transmission via the Internet (e.g. communication by email) may be subject to security risks. It is not possible to fully protect data against access by third parties. We have put technical and operational safeguards in place to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security procedures are regularly reviewed and adapted in line with technological advances.

We only process the personal data that we receive having been voluntarily given by you when using our offers or through your other information.

Processing this data allows us to offer and send invoices for our services, both online and offline. The scope of this privacy policy includes:

all online presences (websites) operated by us
all of our social media presences
email communication and
mobile apps for smartphones and other devices.

If your personal data is processed outside the aforementioned channels, in particular those in connection with the provision of the services we offer, you will be informed additionally and – if necessary – separately as part of this privacy policy.

Data processed

When using our website for information purposes only, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is

technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 para. 1 clause 1f GDPR):

IP address
date and time of request
time zone difference to Greenwich Mean Time (GMT/UTC)
content of the request (specific site)
access status/http status code
the quantity of data transferred in each case
website from which the request originates
browser
operating system and its interface
language and version of the browser software
software and hardware information about the user terminal

We collect and process personal data that you provide to us electronically or physically in order to provide our services. This includes:

first name and surname
address
telephone number
email address
payment data
content data
contractual data

Purposes of the data processing

We will process your personal data for the following purposes:

to perform the services we offer
for the purposes of customer support
for marketing and advertising purposes
to fulfil our contractual obligations with you
to meet our legitimate interests
to follow up on your requests via a contact form

Legal basis for data processing

We process your data for the fulfilment of contractual obligations, including the implementation of pre-contractual measures in accordance with Art. 6 para. 1b GDPR, within the scope of your consent in accordance with Art. 6 para. 1a GDPR and, where applicable, for the fulfilment of legal obligations in accordance with Art. 6 para. 1c GDPR. Furthermore, we may process your data to safeguard legitimate interests in accordance with Art. 6 para. 1f GDPR, insofar as you have not objected to its use in accordance with Art. 21 GDPR.

If the processing is underpinned by Art. 6 para. 1f GDPR, our legitimate interest is based on the following:

when processing for advertising purposes, informing you about our offers and to maintain a customer relationship
the technically necessary requirement to display our website you have accessed and ensuring the stability and security of it.

If you have already given your consent to the processing of your personal data in accordance with Art. 6 para. 1a GDPR, you can also address such an objection to lexika@lexika.at.

Duration of data storage

The LEXIKA Translation Agency processes and stores personal data of the data subject only for the period necessary to achieve the purpose for which it was stored, or if this is provided for in regulations or laws. If the purpose of storage no longer applies or if a storage period prescribed by the European authority issuing directives and regulations or another permissible legislator expires, the personal data will be blocked or erased routinely and in accordance with the statutory provisions. After expiry of this period, the corresponding data will be routinely erased unless it is no longer required for the performance of the contract. In the event of conclusion of a contract, all data from the contractual relationship will be stored until the expiry of the retention periods provided for in the Austrian Commercial Code and the Federal Tax Code (seven years) and until the end of any legal dispute. Data of interested parties due to enquiries (e.g. by email or online form) will be stored with us for six months for the purpose of processing and answering the enquiry and for any follow-up questions.

Data use and disclosure

We take the protection of customers’ personal data and the requirements for data security very seriously and strictly adhere to the rules of Austrian and European data protection law. We use a variety of structural, infrastructural, organisational and IT security measures to ensure the confidentiality and integrity of customer data. Any data transfer or data transmission takes place exclusively on the basis of legal regulations.

Within the LEXIKA Translation Agency, the bodies or employees who receive your data need it to fulfil contractual, consented and legal obligations or legitimate interests. In addition, processors commissioned by us receive your data if they need the data to perform their respective contractual services. All processors are contractually obliged to treat your data confidentially and to process it only within the agreed scope. As a rule, we process your personal data within the European Union and the EEA. Nevertheless, it may happen that we store your data in globally located systems and have it processed by third parties acting on our behalf, which may be located in areas where the level of data protection required there by law does not comply with the data protection applicable in the EU. In this case, we will implement appropriate technical and organisational measures and have concluded appropriate contracts (such as the European Commission’s standard contractual clauses) to protect your personal data and to ensure that the level of data protection granted is comparable to that of the country of origin. Should these standard contractual clauses be annulled in the future and/or revised by the European Commission, we will adopt other applicable and/or approved instruments to provide adequate guarantees necessary for the third country transfers and conclude these agreed instruments in a written and legally binding form. As part of our business activities, we regularly work with external service providers who can access your personal data in the course of their activities, if necessary. These are in particular hosting providers, homepage maintenance services and IT security specialists. All collaboration partners used by us are contractually obliged by us to comply with data protection regulations before starting their activities, insofar as they are to be regarded as processors within the meaning of the GDPR.

Contact form

Through the contact form provided on our website, we collect:

name
email address
telephone number
content of the request
language

The information collected through our contact form is used solely to respond to your enquiries and to communicate with you. We store this information to ensure effective and continuous communication with you. The data is stored exclusively for the purpose of transmitting enquiries and responding to them. The mandatory information is used to assign and answer your request. The legal basis is the implementation of pre-contractual measures (business initiation) as well as our legitimate interest in accordance with Art. 6 paras. 1b and 1f GDPR.

Categories of recipients

For the purposes set out above, we disclose your information to the following recipients: IT service providers, debt collection companies, financial service providers, tax advisors, lawyers, collaboration and agency partners, advertising partners, providers of customer loyalty programmes and authorities.

Categories of processors

Processors commissioned by us (e.g. IT and back office service providers) receive your data if they need the data to fulfil their respective contractually agreed service. All processors and partners are contractually obliged to treat your data confidentially and to process it only as part of the provision of services. If there is a legal or regulatory obligation, public bodies and institutions may be recipients of your personal data.

The following categories of processors exist: hosting providers, IT service providers, newsletter service providers, advertising and graphics agencies, telecommunications companies, collaboration and distribution partners, other social media and Internet service providers.

Cookies

Our website uses so-called cookies. These are small text files that are stored on your terminal device with the help of the browser. They do not do any harm.

We use cookies to make our website user-friendly. Some cookies remain stored on your terminal device until you delete them. They enable us to identify your browser during your next visit. If you do not wish this to happen, you can set up your browser so that it informs you about the placing of cookies and you then only allow this in individual cases. If cookies are disabled, the functionality of our website may be restricted.

Almost all websites use cookies, more specifically HTTP cookies. HTTP cookies are small files that are stored on your computer by our website. These files are automatically stored in the cookie folder. A cookie consists of a name and a value. In addition, one or more attributes must be specified when defining a cookie.

Cookies store certain user data, such as language settings or personal page settings. When you visit our website again, your browser transmits this user-related information back to our site. Thanks to cookies, our website recognises who you are and offers you the usual settings. In some browsers, each cookie has its own file, while in others, such as Firefox, all cookies are stored in a single file.

There are both first-party cookies created directly from our site and third-party cookies originating from partner websites. Each cookie stores different data and has an individual rating. The lifetime of a cookie

can range from a few minutes to several years. Cookies are not software programs and do not contain viruses, Trojans or other malware. Furthermore, they cannot access information from your computer.

Storage period of cookies

As already mentioned, the storage period depends on the respective cookie. They also have an influence on the storage duration themselves. You can delete all cookies manually at any time via your browser. Furthermore, cookies based on consent will be deleted at the latest after your consent has been revoked, the lawfulness of storage remaining unaffected until then.

Right to object – delete cookies?

Regardless of which service or website the cookies originate from, you always have the option to delete, disable or only partially allow cookies. For example, you can block third-party cookies and allow all other cookies.

To determine which cookies are stored in your browser or to change or delete cookie settings, visit the forwarding links listed below:

If you generally do not want to accept cookies, you can set your browser to notify you as soon as a cookie is to be set. This allows you to decide individually whether to allow or reject each individual cookie. The exact procedure varies depending on the browser. It is advisable to find instructions via a search engine, for example with the search terms “delete cookies Chrome” or “disable cookies Chrome” if you are using this browser.

Web hosting

When you visit a website, personal data – among other things – is also automatically created and stored. The term website refers to the totality of all web pages on a domain, i.e. everything from the home page to the very last subpage.

If you want to view a website on a screen, you use a web browser. Web browsers include Google Chrome, Microsoft Edge, Mozilla Firefox and Apple Safari. This web browser must connect to another computer on which the code of the website is stored, the so-called web server. The operation of a web server is usually undertaken by professional providers, who offer web hosting and ensure reliable and error-free storage and functioning of the website data.

Personal data may be processed when the browser is connected to your device and during data transmission to and from the web server. On the one hand, your device stores data; on the other hand, the web server must also store data for a time to ensure proper operation.

Personal data may be processed when connecting your browser on your device and during data transmission to and from our web server. Your device stores certain data, but the web server also stores data for a period of time to ensure proper operation.

The purposes of this data processing are:

professional website hosting and secure operation
for operational and IT security
anonymous evaluation of access behaviour to improve our offer and possibly to prosecute or pursue any claims

How long is data stored?

As a rule, the above data is only stored for a few weeks and then erased automatically. We do not share this data, but we cannot exclude it from being viewed by authorities in the event of unlawful behaviour.

Legal basis

The lawfulness of the processing of personal data in the context of web hosting results from our legitimate interest in accordance with Art. 6 para. 1f GDPR, since the use of professional hosting by a provider is necessary in order to present the company securely and in a user-friendly way on the Internet and to be able to pursue attacks and any resulting claims if necessary.

As a rule, there is a contract between us and the hosting provider for order processing in accordance with Art. 28 GDPR, which ensures compliance with data protection and guarantees data security.

Cloudflare

We use Cloudflare from the company Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA on our website to make it faster and more secure. Cloudflare uses cookies and processes user data. Cloudflare, Inc. is an American company that provides a content delivery network and various security services. These services are located between the user and our hosting provider.

A Content Delivery Network (CDN) is nothing more than a network of connected servers. Cloudflare has distributed such servers around the world to bring websites to your screen faster. Simply put, Cloudflare creates copies of our website and places them on their own servers. When you visit our website now, a load sharing system ensures that most parts of our website are delivered by the server that can show you our website the fastest. The distance of data transmission to your browser is significantly shortened by a CDN. Thus, the content of our website is delivered to you by Cloudflare not only from our hosting server, but from servers around the world. The use of Cloudflare is particularly helpful for users from abroad, as the site can be delivered from a nearby server here. In addition to the fast delivery of websites, Cloudflare also offers various security services, such as DDoS protection or a web application firewall (WAF).

Cloudflare generally only forwards data controlled by website operators. The content is therefore not determined by Cloudflare, but always by the website operator itself. In addition, Cloudflare may collect certain information about your use of our website and process data sent by us or for which Cloudflare has received instructions. In most cases, Cloudflare receives data such as IP address, contact and log information, security fingerprints and website performance data. Log data helps Cloudflare detect new threats, for example. This allows Cloudflare to ensure a high level of security protection for our website.

Cloudflare stores your information primarily in the United States and the European Economic Area. Cloudflare may transmit and access the information described above from around the world. In general, Cloudflare stores user-level data for domains in Free, Pro, and Business versions for less than 24 hours. For enterprise domains that have Cloudflare logs (formerly Enterprise Log Share or ELS) enabled, data can

be stored for up to 7 days. However, if IP addresses trigger security alerts on Cloudflare, exceptions to the retention period listed above may occur.

Cloudflare only keeps data logs for as long as necessary and this data is also erased within 24 hours in most cases. Cloudflare also does not store any personal information, such as your IP address. However, there is information that Cloudflare stores indefinitely as part of its permanent logs to improve the overall performance of Cloudflare Resolver and identify any security risks.

You can find out exactly which permanent logs are stored at https://www.cloudflare.com/application/privacypolicy/.

All data that Cloudflare collects (temporarily or permanently) is cleared of all personal data. All permanent logs are also anonymised by Cloudflare.

You can also completely prevent Cloudflare from collecting and processing your data by disabling the execution of script code in your browser or by including a script blocker in your browser.

The legal basis for the corresponding data processing is our legitimate interest in the secure and stable presentation of our websites in accordance with Art. 6 para. 1f GDPR. Cloudflare also processes data about you in the USA. Cloudflare is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. The legal basis for the transfer of data to the USA is our legitimate interest pursuant to Art. 45 para. 1 in conjunction with Art. 6 para. 1f GDPR. For more information, please visit https://commission.europa.eu/document/fa09cbad-d070-4684-ae60-be03fcb0fddf_en

In addition, Cloudflare uses so-called standard contractual clauses within the meaning of Art. 46 paras. 2 and 3 GDPR. Standard contractual clauses are templates provided by the EU Commission and are designed to ensure that your data complies with European data protection standards, even if it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and standard contractual clauses, Cloudflare is committed to complying with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision by the EU Commission. You can find the resolution and the corresponding standard contractual clauses here:

https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

You can find out more about the standard contractual clauses and data processed through the use of Cloudflare in the privacy policy at:

https://www.cloudflare.com/en-en/privacypolicy/

Server log files

Connection data is processed for the purpose of monitoring the technical function and increasing the operational reliability of our web host. The duration of processing is limited to 7 days.

The legal basis for data processing is our legitimate interest in accordance with Art. 6 para. 1f GDPR.

Hosting provider
The technical providers of our sites and services are:

Host Europe GmbH

Friesenplatz 4

D-50672 Cologne, Germany

They automatically collect and store information that your browser automatically transmits to us in so-called server log files.

These are:

browser type/version
operating system used
referrer URL (the page previously visited)
host name or IP address of the accessing computer
time of the server request

This data cannot be used to identify specific persons. It will not be merged with other data sources. We reserve the right to subsequently check this data if concrete evidence for unlawful use becomes known to us.

Connection data is processed for the purpose of preparing and delivering the website. For the mere purpose of preparing and delivering the website, the data will not be stored beyond the access.

In order to operate the website, the connection data and other personal data is additionally processed as part of various other functions or services. Detailed information is given about this for the individual functions or services within the scope of this privacy policy.

Google reCaptcha

We process your personal data together with the service Google reCaptcha, Google Inc., 600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”), as joint data controllers, for the purpose of avoiding non-human and automated input. In doing so, we enable the service to set cookies, collect connection data and data from its web browser. We also enable the service to calculate a user ID to uniquely identify the user as part of the advertising network operated by Google. Data is stored on your device for up to two years.

The legal basis for data processing is our legitimate interest in accordance with Art. 6 para. 1f GDPR. The Google Group transfers your personal data to the USA. The legal basis for the transfer of data to the USA is our legitimate interest pursuant to Art. 45 para. 1 in conjunction with Art. 6 para. 1f GDPR. Google is included in the EU-US Data Privacy Framework list and thus guarantees compliance with European data protection law (https://www.dataprivacyframework.gov/s/participant-search).

Google also uses so-called standard contractual clauses within the meaning of Art. 46 paras. 2 and 3 GDPR. Standard contractual clauses are templates provided by the EU Commission and are designed to ensure that your data complies with European data protection standards, even if they are transferred to and stored in third countries. Through the EU-US Data Privacy Framework and standard contractual clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision by the EU Commission. You can find the resolution and the corresponding standard contractual clauses here:

https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en.

Google Fonts

Together with our processor Google Fonts, Google Inc., 600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”), we process connection data and browser data for the purpose of providing the fonts required by the web browser to display the website. This data will only be processed for the duration required to select and transmit the fonts.

The legal basis for the processing of your personal data in connection with the use of Google Fonts is our legitimate interest in accordance with Art. 6 para. 1f GDPR.

The Google Group transfers your personal data to the USA. The legal basis for the transfer of data to the USA is our legitimate interest pursuant to Art. 45 para. 1 in conjunction with Art. 6 para. 1f GDPR. Google is included in the EU-US Data Privacy Framework list and thus guarantees compliance with European data protection law (https://www.dataprivacyframework.gov/s/participant-search).

https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en.

Insofar as Google Fonts carries out further independent processing of the data, Google is solely responsible for this. Details can be found in the Google Fonts privacy policy at: https://policies.google.com/privacy?gl=AT&hl=en#intro.

Right to information, correction, erasure, restriction

You have the right, inter alia (subject to applicable law), (i) to verify whether and what personal data we hold about you and to obtain copies of such data, (ii) to request the correction, addition or erasure of your personal data that is incorrect or is not processed in accordance with the law, (iii) to request us to restrict the processing of your personal data, and (iv) to object in certain circumstances to the processing of your personal data or to withdraw the consent previously given for the processing, (v) to request data portability, (vi) to know the identity of third parties to whom your personal data is transferred and (vii) to lodge a complaint with the competent authority.

You can contact us at any time at lexika@lexika.at for further questions about personal data. Furthermore, you have a right to complain to the Austrian Data Protection Authority, Barichgasse 40-42, A-1030 Vienna, Austria or to the data protection authority in your respective country.

Adaptation of these conditions

We may revise these privacy terms as necessary. The binding and current information in each case is available at https://www.lexika.at/datenschutz/.