In the following, we will provide you with information about the processing of your personal data by us and the claims and rights to which you are entitled in accordance with data protection regulations, in particular the European General Data Protection Regulation (GDPR).

This privacy policy shall provide you with information regarding the nature, scope and purpose of the processing of personal data within our website (hereinafter "website"), in the case of video surveillance and when using our public WiFi access points. This privacy policy shall apply regardless of the domains, platforms and devices used (e.g. desktop, mobile, etc.).

In the context of GDPR, personal data is any data that can be personally related to you, e.g. name, address, email addresses, user behaviour. Which data is processed in detail and how it is used depends largely on the services used by us.

We use various other terms in our data protection declaration in the context of GDPR. This includes terms such as processing, restriction of processing, profiling, pseudonymisation, controller, processor, recipient, third party, consent, supervisory authority and international organisation. You can find corresponding definitions for these terms in Article 4 of the GDPR.

  1. Who is responsible for data processing and whom can I contact?
    The responsible body is:
    Objekt Office Center Handelskai Immobilienerrichtungs
    S.à r.l. & Co OG
    Handelskai 92
    1200 Vienna
    Austria
    Phone: +43 (0) 190431-900
    Email: kontakt@rivergate.at

You can contact us with regard to any data protection issues in writing or by telephone using the above contact details, or by sending an email to datenschutz@officefirst.com.

  1. What sources and data do we use?
    We process personal data that we receive from you in the course of our business relationship, in particular through the rental agreements concluded and, where applicable, when you use our website or our WiFi access points.

If you only use the website for the purpose of obtaining information, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. When you access our website, we collect the following access data, which is technically necessary for us to display our website to you and to ensure stability and security. The access data includes the IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (i.e. name of the specific website accessed), access status/HTTP status code, amount of data transferred in each case, referrer URL (previously visited page), operating system and its interface, language and version as well as type of browser software, notification of successful retrieval.

When you use our publicly accessible WiFi access points, we collect the following data: Date, time and duration of use, MAC address of your user device, IP address of your user device, IP address of the Internet pages used, type of Internet services used (e.g. http, ftp, smtp etc.) and the volume of data exchanged via the Internet service.
Furthermore, we receive your personal data if you contact us by email. Personal data here is, for example, name, address, email address, telephone number and, if applicable, the data you send us as a message (hereinafter referred to as “contact data”).

  1. What do we process your data for (purpose of processing) and on what legal basis?

We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Data Protection Act (DSG) for the following purposes and on the basis of the following legal grounds:

Purposes and legal basis
Consent

If you have given us your consent to process personal data for certain purposes, in particular for contacting you (e.g. by email in order to process and deal with your enquiry, or for the purpose of sending newsletters, advertising by telephone, email, SMS, etc.), this processing is lawful on the basis of your consent.

If consent is given, it can be revoked at any time. Please note that any revocation of consent is only effective for the future. Processing that took place before your consent was revoked is not, therefore, affected by the revocation. Revocation of consent can be sent to the contact details above or to datenschutz@officefirst.com.

Consent, Article 6(1)(a) of the GDPR
Email contact

When contacting us by email, your information will be processed for the purpose of processing the contact request and handling this request, and on the basis of the implementation of pre-contractual measures, Article 6(1)(b) of the GDPR – in addition to any other consent given. Carrying out pre-contractual measures at the request of the person, Article 6(1)(b) of the GDPR

Applications

When you contact us (via contact form or email) in connection with your application, we process your data in order to check your suitability for the position (or other open positions in our companies, if applicable) and to carry out the application process. Your applicant data will be viewed by the HR department after receipt of your application. Suitable applications are then forwarded internally to the department heads for the vacancy in question. There, a decision will be made on the further course of action. In principle, only those people in the company who need access to your data in order to for the application procedure to proceed properly will have access to it. Establishment of an employment relationship, Section 26 of the Federal Data Protection Act (BDSG) and after completion of the application procedure in case of rejection to protect legitimate interests, Article 6(1)(f) of the GDPR (defence against claims), if applicable consent given, Article 6(1)(a) of the GDPR

Website access data

We process your access data (see data listed above under point 2) to protect our own legitimate interests or those of third parties. In particular, we pursue the following legitimate interests:
Ensuring IT security, in particular the security of the website;
Advertising or market and opinion research if you have not objected to the use of your data;
Asserting legal claims and defence in legal disputes.
Within the framework of the balancing of interests for the protection of legitimate interests, Article 6(1)(f) of the GDPR

Use of the public WiFi network

We process your access data (see data listed above under point 2) within the framework of the user relationship concluded with you at the start of use for the following purposes
Ensuring IT security, in particular the security of the public WLAN access network;
Limiting the use of the public WiFi access point to the duration specified in the usage agreement;

Asserting legal claims and defence in legal disputes.
WiFi usage contract, Article 6(1)(b) of the GDPR

Tenants' festival

We use the data you provide in your response (e.g. by email) to our invitation for the planning and organisation of the Tenants' Festival, in particular to be able to estimate the number of participants. The name and email address of the person who registers will be stored by us. We need the data of the person making the registration for any queries.
Photographs of the event will be taken at the Tenants' Festival by photographers commissioned or accredited by us and published on our website www.rivergate.at. It is possible that it may be possible to recognise you in these photographs. We collect and use this data out of our legitimate interest of presenting our activities and services for public relations purposes. Within the framework of the balancing of interests for the protection of legitimate interests, Article 6(1)(f) of the GDPR

Video surveillance

Video surveillance is carried out at the Rivergate Office Center, Handelskai 92, 1200 Vienna for the following purposes: Exercising domiciliary rights, increasing security in areas with poor visibility, protection against vandalism and theft, and investigating possible criminal offences. Legitimate interest in accordance with Article 6(1)(f) of the GDPR

  1. Who gets my data?

Within the company, access to your data is granted to those departments that need it to fulfil our contractual and legal obligations.

Processors used by us (Article 28 of the GDPR) may also receive data for the above-mentioned purposes. These are companies in the categories of IT services, telecommunications, consultation, and sales and marketing. Where we use processors to provide our services, we take appropriate legal precautions and technical and organisational measures to ensure the protection of personal data in accordance with the relevant legal requirements.

Data is only passed on to third parties within the framework of legal requirements. We only pass on user data to third parties if this is necessary for contractual purposes, e.g. on the basis of Article 6(1)(b) of the GDPR, for the economic and effective operation of our business operations, or if you have consented to the transfer of data on the basis of legitimate interests in accordance with Article 6(1)(f) of the GDPR. If you only use the website for the purpose of gaining information, we do not pass on any data to third parties.

  1. How long will my data be stored?

For security reasons (e.g. to clarify acts of abuse or fraud), log file information from the website is stored for a maximum period of 9 months and then deleted (see point 2 above). Data which must be retained for use as evidence is exempt from deletion until the respective incident has been finally clarified.

Where necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation and processing of a contract via contact form or by email.

Applicant data will be deleted after 6 months in the event of rejection. In the event that you have agreed to further storage of your personal data, we will transfer your data to our applicant pool. There, the data will be deleted if you revoke your consent or, at the latest, after a period of 5 years. If we fill the advertised position with you, your data will be stored in our personnel management system.

We will delete personal data from your event registration for the Tenants' Festival within 4 weeks of the end of the event, unless this personal data is already available to us as part of our business relationship and is therefore stored for the duration of our business relationship. The photos taken at the event will be deleted after 12 months at the latest.

The data recorded as part of video surveillance operations in the Rivergate Office Center will be deleted no later than 72 hours after recording unless there is a specific reason for longer recording – particularly if the recordings are necessary to solve specific criminal offences.

In addition, we are subject to various storage and documentation obligations within the scope of the data stored on the basis of our business relationship. These obligations are the result of the Austrian Commercial Code (UGB) and the Federal Fiscal Code (BAO), among others. The time limits specified there for storage and documentation are five to seven years. Due to these legal requirements, we are obliged to carry out a correspondingly limited further storage on the basis of Article 6(1)(c) or Article 9(1)(g) of the GDPR.

Finally, the storage period is also assessed according to statutory limitation periods, which can, according to Sections 1478 et seq. of the General Civil Code (Allgemeines Bürgerliches Gesetzbuch, ABGB), usually be 30 years, but in certain cases also up to three years.

The correspondingly limited further storage takes place on the basis of Article 6(1)(f) of the GDPR for the protection of our legitimate interests or Article 9(1)(f) of the GDPR for the assertion, exercise or defence of legal claims.

  1. Is data transferred to a third country or to an international organisation?

The data provided will be processed within the European Union and in the UK and/or the USA. Please note that with recipients of your data for states without a Commission adequacy decision under Article 45 of the GDPR, as is the case with the USA, we ensure that they are certified under the EU-US Privacy Shield (such as Google). This is against the background of protecting your data and achieving an appropriate level of protection for your personal data.
Data collected as part of video surveillance operations at the Rivergate Office Center is not transferred to third countries.

  1. What data protection rights do I have?

Each data subject has

the right to obtain information as per Article 15 of the GDPR (i.e. you have the right to request information about your personal data stored by us at any time),
the right to rectification as per Article 16 of the GDPR (i.e. in the event that your personal data is inaccurate or incomplete, you may request that it is rectified),
the right to erasure as per Article 17 of the GDPR and the right to restriction of processing as per Article 18 of the GDPR (i.e. you may have the right to request the erasure or restriction of the processing of your personal data if, for example, there is no longer a legitimate business purpose for such processing and legal retention obligations do not require continued storage),
the right to data portability under Article 20 of the GDPR (i.e. you may have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format and to transfer this data to another controller without hindrance).
Furthermore, you can revoke consent, in principle with effect for the future.
In addition, you also have a right appeal to a data protection supervisory authority (Article 77 of the GDPR in conjunction with Section 19 of the BDSG).
We would also like to point out your right of objection according to Article 21 of the GDPR:

Information about your right of objection according to Article 21 of the GDPR:
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) of the GDPR (data processing in the public interest) and Article 6(1)(f) of the GDPR (data processing on the basis of a balance of interests); this also applies to profiling based on this provision within the meaning of Article 4(4) of the GDPR which we use for questionnaire evaluation or advertising purposes.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
In individual cases, we process your personal data in order to carry out direct advertising. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.
The objection can be made without any formalities and without incurring any costs other than transmission costs at basic rates.

The objection should, if possible, be addressed to:

Objekt Office Center Handelskai Immobilienerrichtungs
S.à r.l. & Co OG
Handelskai 92
1200 Vienna
or by email to: datenschutz@officefirst.com

  1. To what extent is there automated decision-making in individual cases, including profiling?

In accordance with Article 22 of the GDPR, we do not use any fully automated decision-making when you access our website or contact us via contact form or email. Should we use these procedures in individual cases, we will inform you of this separately, insofar as this is required by law. We do not process your data automatically with the aim of evaluating certain personal aspects (profiling).

  1. Is there an obligation for me to provide data?

When it comes to our website, you must provide the personal data that is required for the use of our website for technical or IT security reasons. If you do not provide the aforementioned data, you will not be able to use our website.

For the use of the public WiFi network, we also require the data mentioned under point 2 for the purposes mentioned under point 3. If you do not provide this data, you cannot use our public WiFi network.

When contacting us by form or email, you only need to provide the personal data that is required to process your enquiry. Otherwise we will not be able to process your request.

If you enter our Rivergate Office Center property, video recordings will be made in accordance with the signs posted there. These recordings are not required by law or contract. However, you can only avoid them by not entering the property.

  1. Cookies

Cookies are pieces of information that are transmitted from our web server or third-party web servers to the users' web browsers and stored there for later retrieval. Cookies are small files or other types of information storage. Cookies are used for security purposes, or are necessary for the operation of our website (e.g. in order to display our website properly on different end devices) or to save your decision when you confirm our cookie banner.

We use “session cookies”, which are only stored for the duration of the current visit to our website and partly enable the use of our website in the first place. A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. In addition, a cookie contains information about its origin and the storage period. The latest point at which session cookies are deleted is when you have finished using our website and close the browser.

We do not use cookies as part of website tracking.

If you do not want cookies to be stored on your computer, you can deactivate the corresponding option in the system settings of your browser. Stored cookies can be deleted in the system settings of your browser. Please note that the deactivation of cookies may lead to functional limitations of this website.