Data protection policy in accordance with Art. 13, 14 GDPR – fulfilment of information obligations

Thank you for visiting our website! The protection of your data is a top priority for us. In this privacy policy, we inform you in detail about how we process your data.

This declaration applies both to data processing within smaXtec animal care GmbH and to the use of our website. The legal basis for this data processing is the General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG).

1 General data processing

1.1 Controller

The controller pursuant to Art. 4 (7) of the EU General Data Protection Regulation (GDPR) is

smaXtec animal care GmbH
Sandgasse 36/2
8010 Graz
Austria
Email: info@smaxtec.com
Phone: +43 316 46 15 88

1.2 Data processing in accordance with Art. 13 GDPR

We process the data provided to us by a wide variety of people, for example as part of an enquiry by email, to initiate and conclude a contract or a business relationship. We also process data from people who take part in events or attend training courses.

1.3 Data processing in accordance with Art. 14 GDPR

In addition, we also process data that is not provided directly by the data subject. This is the case, for example, when management and supervisory bodies provide us with the names and contact details of their employees as part of projects or business relationships.

1.4 Data subjects

We process the following data from interested parties: Company, name of contact person and professional contact and address data.

We process the following data from customers: Company, title and names of contact persons, names of customers, professional address data and contact details, bank details, contract data including creditworthiness data. We also process image data for publication in print media and on our website on the basis of consent.

We process the following data from suppliers and business partners: Company, title and names of contact persons, professional address data and contact details, bank details, contract data.

We process the following data from event participants: Company, title and name of the registered person, professional contact details and address data, bank details for chargeable events.

1.5 Legal basis

The legal basis for data processing is:

Consent (e.g. when processing your email address for advertising purposes) pursuant to Art. 6 para. 1 lit. a GDPR
Contract initiation and fulfilment pursuant to Art. 6 (1)(b) GDPR
Legal obligations (e.g. statutory retention and documentation obligations, publication obligations under copyright law) pursuant to Art. 6 (1)(c) GDPR
Legitimate interests of our company (e.g. use of software) pursuant to Art. 6 (1)(f) GDPR

We will inform you separately about the legal basis and the purpose of the processing for each data processing operation described below.

1.6 Transfer of data

Data is transmitted exclusively for the purpose of contract fulfilment in accordance with Art. 6 (1)(b) GDPR in order to provide you with our services.

Transfer within the Group: If necessary, the personal data collected is transferred within the Group to parent companies and subsidiaries. This is necessary because various Group companies provide IT services, among other things. The transfer takes place on the basis of internally concluded contracts.
Transfer to processors: We work with processors to whom personal data is transferred in order to provide services efficiently. These include companies that perform tasks such as contract fulfilment, payment processing, account management, sending newsletters and IT services.
Other transfers: In certain cases, such as legal obligations or in the context of a legal dispute, personal data may be passed on to authorities or lawyers.

1.7 Storage/deletion/anonymisation of data

Contractual retention obligations: After termination of a contractual relationship or after the end of contractually agreed periods, your data will be deleted or anonymised as soon as there are no statutory retention obligations (Austrian Business Code – UGB and Austrian Federal Fiscal Code – BAO) to the contrary.
Withdrawal of consent: If consent to the processing of personal data is withdrawn, the data will be deleted or anonymised unless there is another legal basis for the processing.
Statutory retention obligations: In order to comply with statutory retention obligations, personal data must be retained for a legally prescribed period even after the end of the contract or withdrawal of consent. After these periods have expired, the data will be deleted or anonymised.

2 Contact us

If you contact us by email, telephone, contact form (enquiries and callback requests) or via social media, the data transmitted will be stored in order to process your enquiry.

Legal basis: Art. 6 (1)(f) GDPR (legitimate interest)

3 Application management

General: If you send us your application documents, we will process your personal data contained therein for the purpose of personnel selection and recruitment.

Legal basis: Art. 6 (1)(b) GDPR (contract initiation and fulfilment)

Deletion: In the event of rejection, we will delete your documents 7 months after sending the rejection to you.

Legal basis: Art. 6 (1)(f) GDPR (legitimate interest)

Keeping records: If we wish to keep you on record for the purpose of contacting you at a later date, we will approach you with a separate request for your consent. If you explicitly give us this consent, we will store your application documents. If there is no further opportunity to fill a position with us within one year of receiving your consent, we will delete all of your application documents.

Legal basis: Art. 6 (1)(a) GDPR (consent)

Applicant portal: All applications are processed via our application portal.

Application platforms: We use various online application platforms to recruit employees for our company. People who are interested in working for our company have the opportunity to apply directly via a form provided by the operator of the application platform. Applicants decide for themselves which data they make available when using such an online portal. Personal data entered and documents uploaded are forwarded to us by the operator of the application platform. Both the application platform and we process this data as the controller within the meaning of the GDPR. Please note the data protection declarations of the respective operators of the application platforms.

Legal basis: Art. 6 (1)(b) GDPR (contract initiation and fulfilment)

4 Registration for events

You have the opportunity to register for one of our events on our website. For this, we require the following data: company, title and name, professional contact details, address details and bank details for paid events. We process your data for the registration, realisation and invoicing of the booked event. The data will be deleted by us when statutory retention obligations have expired.

Legal basis: Art. 6 (1)(b) GDPR (contract initiation and fulfilment)

5 smaXtec App, smaXtec Web and Messenger

As one of our customers, you have access to the smaXtec app, smaXtec Web and messenger. These are tools that enable you to monitor the health of your herd in real time. Functions such as push notifications when action is required, to-do lists and detailed overviews make your and your team’s daily work easier.

Your login details consist of your email address and a password. After you have signed a contract with us, you will receive an access link by email. The first time you log in, you will be asked to set a password.

You also have the option of granting third parties (e.g. a vet) access to the data via the smaXtec app, smaXtec Web or the messenger. To do this, we need the email address of the person concerned. They will then receive an email with an access link to your data.

Your data and your account will be stored for as long as you are our customer and will be deleted if there are no legal obligations to retain it.

Legal basis: Art. 6 para. 1 lit. b GDPR (contract initiation and fulfilment)

6 smaXtec Academy

As a smaXtec customer, you have exclusive access to the smaXtec Academy – our digital learning platform. You can access it conveniently via our website or the sX Academy app.

The smaXtec Academy offers in-depth knowledge in the areas of cattle health, agricultural science, feeding management and herd management. You also have the opportunity to exchange ideas with other farmers and share valuable practical experiences.

To register, we need your email address and a password. After the contract has been concluded, we will send you an access link by email. When you log in for the first time, you will be asked to set an individual password.

Your data and your account will be stored for as long as you are a customer with us and will be deleted if no statutory retention requirements exist.

Legal basis: Art. 6 (1) (b) GDPR (contract initiation and fulfilment)

7 Social media presence

We operate social media pages on X (Twitter), Instagram, TikTok, LinkedIn, Xing and Facebook as well as a YouTube channel. When you visit our social media presence or our YouTube channel, personal data, including the IP address of the respective provider, is processed and cookies are used for data collection. You can find out exactly what information is transmitted in the privacy policy of the respective service. There you will also find information about contact options and ways to restrict the processing of this data.

We would also like to point out that you use the respective services and their functions on your own responsibility. This applies in particular to the use of interactive functions (e.g. sharing, commenting or rating).

The providers of the social media services have provided us with corresponding agreements – in most cases these are agreements on joint responsibility for data processing. The use of social media platforms is based on our legitimate business interests.

If we are obliged to fulfil data subject rights (see 16), you can contact us as well as the provider of the respective social media platform.

Legal basis: Art. 6 (1)(f) GDPR (legitimate interest)

8 Whistleblower system

We have set up a whistleblowing online portal on our website. The whistleblowing system makes it possible to contact us and report compliance and legal violations without fear of reprisals. Further information is available at https://app.loupe.link/whistleblowing/239b26b8-2815-4537-88ec-2ea35f3a1bec.

Legal basis: Art. 6 (1)(c) GDPR (legal obligation)

9 Data processing when using our website

9.1 Informational use of the website

When using the website for information purposes only, we only collect the personal data that your browser transmits to our server (server log files). If you wish to view our website, we collect the data that is technically necessary for us to display our website to you and to ensure stability and security:

IP address
Date and time of the enquiry
Time zone difference to Coordinated Universal Time (UTC)
Content of the request (specific page)
Access status/HTTP status code
Website from which the request comes
Browser
Operating system and its interface
Language and version of the browser software

This data is not merged with personal data sources. We reserve the right to check this data retrospectively if we become aware of specific indications of unlawful use and – if there has been a cyber attack – to pass the data on to the law enforcement authorities. The data will not be passed on to third parties beyond this.

Legal basis: Art. 6 (1)(f) GDPR (legitimate interest)

9.2 Cookies

Cookies are stored on your device when you visit our website. Cookies are small text files that are assigned to the browser you are using and stored on your hard drive. They enable us or third-party providers to collect certain information. Cookies cannot execute programmes or transfer viruses to your computer.

The information contained in the cookies is used, for example, to determine whether you are logged in or what data you have already entered, or to recognise you as a user when a connection is established between our web server and your browser.

We distinguish between technical cookies, which are used exclusively to ensure the operation of a website, and cookies requiring consent, which are set by us or third-party providers for the purpose of statistical analyses, tracking or advertising/marketing.

Legal basis: Art. 6 (1)(f) GDPR (legitimate interest; for technical cookies), Art. 6 (1)(a) GDPR (consent; for all other cookies)

9.3 Data transfer to a third country

It cannot be ruled out that personal data may be transferred to an insecure third country (countries outside the EEA without an adequate level of data protection) when you visit our website. If this is the case, we will point this out directly in the description of the external service in this privacy policy.

The GDPR requires so-called suitable guarantees in accordance with Art. 46 GDPR for a data transfer to an insecure third country or to an international organisation.

In the case of data processing of personal data in a third country or in the case of data processing by US data recipients who have not submitted to the regulations of the EU-US Data Privacy Framework, , the following risks in particular cannot currently be ruled out for you as a data subject:

Your personal data could possibly be passed on to other third parties by the respective service provider beyond the actual purpose of order fulfilment.
You may not be able to assert or enforce your rights to information against the respective service provider in the long term.
There may be a higher probability that incorrect data processing may occur because the technical organisational measures for the protection of personal data do not fully meet the requirements of the GDPR in terms of quantity and quality.

By giving your consent via the consent banner to the use of external services and to the setting of the corresponding cookies, you expressly consent to the possible transfer of your personal data to insecure third countries.

Legal basis: Art. 6 (1)(a) GDPR (consent)

10 Data processing for Google services

We use the services of Google Ireland Limited (“Google”), a company incorporated and operated under Irish law with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland, on our website.

Further information can be found in Google’s privacy policy at https://policies.google.com/privacy?hl=en.

The integration of Google leads to the reloading of other Google services on our website, in particular Google APIs, Google Photos, Google Static and Google Fonts.

10.1 Google Analytics

We use Google Analytics on our website, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables us to analyse the behaviour of visitors to our website in order to draw conclusions for the improvement of our offer and user-friendliness. Information such as pages viewed, length of visit, user origin, device type, operating system and interactions with certain content is recorded and analysed by Google on our behalf.

The data collected is processed with a truncated IP address so that a direct personal reference is excluded. In addition, we only use Google Analytics with IP anonymisation activated.

The information collected may also be processed on Google LLC servers in the USA. Google is certified under the EU-U.S. Data Privacy Framework, which guarantees an adequate level of data protection.

Further information on data processing by Google can be found at: https://policies.google.com/privacy?hl=en.

Legal basis: Art. 6 (1)(a) GDPR (consent)

10.2 Google Ads Conversion Tracking (formerly Google Adwords Conversion)

This website uses Google Conversion Tracking. Google Ads places a cookie on your computer if you have reached our website via a Google advert. These cookies lose their validity after 30 days and are not used for personal identification. The information collected using the conversion cookie is used to create conversion statistics for us. We find out the total number of users who clicked on our advert and were redirected to our page with a conversion tracking tag. However, we do not receive any information with which users can be personally identified. If you do not wish to participate in the tracking process, you can also reject the setting of a cookie required for this – for example, by changing your browser settings to generally deactivate the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser to block cookies from the domain “www.googleadservices.com”.

If you use SSL search, Google’s encrypted search function, the search terms are usually not sent as part of the URL in the referral URL. However, there are some exceptions to this, for example if you use certain less common browsers. You can find more information about SSL search here: https://support.google.com/websearch/answer/173733?hl=en.

Search queries or information in the referral URL could possibly also be viewed via Google Analytics or an Application Programming Interface (API). In addition, advertisers may receive information about the exact search terms that triggered a click on an advert.

For more information, please refer to the Google FAQ: https://policies.google.com/faq?hl=en.

Legal basis: Art. 6 (1)(a) GDPR (consent)

10.3 Google DoubleClick

This website uses the online marketing tool DoubleClick. The Google advertising network and certain Google services may be used to support advertisers and publishers in placing and managing ads on the web. DoubleClick uses cookies to deliver ads that are relevant to users, to improve campaign performance reports, or to prevent a user from seeing the same ads more than once. Google uses a cookie ID to record which ads are displayed in which browser and thus prevent them from being displayed multiple times. In addition, DoubleClick can use cookie IDs to capture so-called conversions that are related to ad requests. This is the case, for example, when a user sees a DoubleClick ad and later visits the advertiser’s website with the same browser and makes a purchase. According to Google, DoubleClick cookies do not contain any personal information. Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the extent and further use of the data collected by Google through the use of this tool and therefore inform you according to our level of knowledge: Through the integration of DoubleClick, Google receives the information that you have accessed the corresponding part of our website or clicked on one of our ads. If you are registered with a Google service, Google can associate the visit with your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider will find out your IP address and store it.

Legal basis: Art. 6 (1)(a) GDPR (consent)

10.4 Google Tag Manager

We use Google Tag Manager on our website, which enables us to integrate and manage website tags such as tracking codes or conversion pixels. This collects data on the website and forwards it to associated analysis tools, which store and analyse this data. Although the Google Tag Manager collects data (e.g. IP address), it does not store it and has no access to it. It merely acts as an interface between the website and the analytics software.

You can find more detailed information here: https://support.google.com/tagmanager/?hl=en#topic=15191151.

Legal basis: Art. 6 (1)(f) GDPR (legitimate interest)

10.5 YouTube

We operate a YouTube channel and have integrated YouTube videos into our website, which are stored on http://www.YouTube.com. The operating company of YouTube is YouTube, LLC, 901 Cherry Ave, San Bruno, 94066 California, USA. YouTube, LLC is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube videos in extended data protection mode. With this setting, YouTube does not store any cookies when you visit our website. A connection to YouTube’s servers is only established when you start playing the embedded videos. YouTube uses cookies for data collection and statistical data analysis. YouTube is informed which pages you visit. If you are logged in to YouTube, your data will be assigned directly to your account. YouTube uses your data for advertising and market research purposes.

By using this service, personal data is transferred to the USA or such a transfer cannot be ruled out. Google has certified itself in accordance with the adequacy decision for the transfer of personal data to the USA. The European Commission concludes that there is an adequate level of protection for personal data transferred from the EU to a company certified under the EU-US data protection framework in the USA, which is why data transfer is permitted under Art 45 GDPR.

The integration of YouTube leads to the reloading of Google services on our website, in particular Google Doubleclick, Google APIs, Google Video, Google Photos, Google Static and Google Fonts.

Further information on data protection at “YouTube” can be found in the provider’s privacy policy at: https://www.google.de/intl/en/policies/privacy/.

Legal basis: Art. 6 (1)(a) GDPR (consent)

11 Other external services

11.1 consentmanager

We use the tool consentmanager from the provider consentmanager AB, Håltegelvägen 1b, 72348 Västerås, Sweden, to obtain data protection-compliant consent for the use of cookies and services requiring consent on our website.

The consent management tool records and stores the selection of cookies and services requiring consent of the respective user of our website. The explicit consent of the website visitor ensures that statistical and marketing cookies and services requiring consent are only then set.

The tool records, logs and saves the website visitor’s settings. The consent tool collects, transmits and stores certain user information (including the IP address) so that the selected settings can be clearly assigned to the respective website visitor.

Further information can be found in the privacy policy of consentmanager AB at https://www.consentmanager.net/en/privacy/.

Legal basis: Art. 6 (1)(f) GDPR (legitimate interest)

11.2 Datadog

To ensure the stability, security, and performance of our smaXtec Web and smaXtec App systems, we use the monitoring and analytics platform Datadog, provided by Datadog, Inc., 620 8th Avenue, Floor 45, New York, NY 10018, USA. Datadog helps us monitor technical processes in real time, detect system errors at an early stage, and better understand how our applications are used. This involves the analysis and evaluation of performance metrics, log data, and usage information. For this purpose, Datadog uses a session cookie. All data is processed exclusively on servers located within the European Union.

For more information, please refer to Datadog’s privacy policy at https://www.datadoghq.com/legal/privacy/.

Legal basis: Art. 6 (1)(f) GDPR (legitimate interest)

11.3 HubSpot

Our website uses the services of HubSpot, Inc. (25 First Street, Cambridge, MA 02141, USA) to analyse, optimise and automate marketing and sales processes. HubSpot enables us to analyse website visitors and deliver targeted marketing measures, such as personalised emails or advertisements. Data such as IP address, visitor behaviour and transmitted form data can be recorded and stored.

Further information can be found in HubSpot’s privacy policy at https://legal.hubspot.com/privacy-policy.

Legal basis: Art. 6 (1)(a) GDPR (consent)

11.4 Meta pixel

Our website uses the so-called meta pixel of the provider Meta Platforms Ireland Ltd (“Meta”), a company registered and operated under Irish law with its registered office in Merrion Road, Dublin 4, Ireland, for the analysis and optimisation of advertisements of our online offer.

Meta can use the pixels to determine the website visitors as the target group for the display of adverts (so-called meta ads). Accordingly, we use them to display the ads placed by us on Meta platforms (Facebook and Instagram) only to those Meta users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain artists or events determined on the basis of the websites visited) that we transmit to Meta (so-called “custom audiences”). The aim is to ensure that our ads correspond to the user’s interests and are not annoying. With the help of pixels, we can also track the effectiveness of Meta adverts for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Meta advert (so-called “conversion”).

Your actions are stored in one or more cookies. These cookies enable Meta to match your user data (such as IP address, user ID) with the data in your Meta account. The data collected is anonymous and cannot be viewed by us and can only be used in the context of adverts. If you wish to prevent the link to your Meta account, you have the option of logging out before taking any action. 

For more information, please refer to the Facebook/Meta data policy at https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0.

For specific information on Facebook Pixels, please refer to https://www.facebook.com/business/help/742478679120153?id=1205376682832142.

Legal basis: Art. 6 (1)(a) GDPR (consent)

11.5 WordPress

Our website uses the services of WordPress.com, a content management platform provided by Automattic Inc, 60 29th Street 343, San Francisco, 94110 California, USA, for the provision and optimisation of static files (e.g. CSS files, JavaScript files, images). This enables us to improve the loading times of our website and offer a better user experience. When using WordPress, personal data such as IP addresses and usage data may be processed.

Aut O’Mattic A8C Ireland Ltd, Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland is responsible for the European region.

When retrieving the static files, your IP address is transmitted to WordPress. This is necessary in order to deliver the files to your browser. WordPress can collect information about the use of the files provided, e.g. which files are accessed how often and from which region.

Further information can be found in the privacy policy of Automattic Inc. at https://automattic.com/en/privacy/.

Legal basis: Art. 6 (1)(f) GDPR (legitimate interest)

11.6 Jetpack

Our website uses Jetpack, a plugin from Automattic Inc, 60 29th Street 343, San Francisco, 94110 California, USA, which provides various functions to improve security, optimise performance and perform statistical analyses. Among other things, IP addresses, browser data and user behaviour are recorded.

Further information can be found in the privacy policy of Autommic Inc. at https://automattic.com/en/privacy/.

Legal basis: Art. 6 (1)(a) GDPR (consent)

12 Your rights

You have the following rights regarding your personal data:

Right to information, rectification and erasure
Right to restriction of processing
Right to object to the processing
Right to data portability
Right to lodge a complaint with the Austrian data protection authority
Barichgasse 40 – 42, 1030 Vienna, Telephone: +43 1 52 152-0
Email: dsb@dsb.gv.at

If you are of the opinion that we have violated Austrian or European data protection law when processing your data and thereby infringed your rights, please contact us so that we can clarify any questions you may have.

Please send your enquiries and requests by email to info@smaxtec.com or contact us using the contact details provided.

13 Changes to this privacy policy

We reserve the right to make changes to our privacy policy from time to time. We will publish all changes to the privacy policy on this page. Please refer to the latest version of our privacy policy in this regard.