Privacy Policy

Document Owner: Robert Duy, Data Privacy Officer

Privacy Policy  

General

At PowerBot, the lawful protection of personal data is of absolute priority and takes precedence over economic success or productivity in our operations. We recognize that the protection and lawful processing of personal data is a fundamental principle and right in our society. Your privacy as a user of our products and services as well as visitor to our website is protected in line with the General Data Protection Regulation (“GDPR”) and the applicable national law, which is the Austrian Data Protection Act (“Datenschutzgesetz”, “DSG”).

Unfortunately, these subjects sound rather technical due to their nature, but we have put much effort into describing the most important things as simply and clearly as possible.

Definitions  

Before stating the types of personal data we process, its legal bases, our role as data controller and details on how we protect your data, we need to set the scene and introduce some definitions, which are taken from the European Data Protection Board (https://www.edpb.europa.eu/system/files/2023-06/Key%20GDPR%20Definitions%20Infographic.pdf) and the GDPR:

We or PowerBot refers to the legal entity PowerBot GmbH, Gersthofer Strasse 29-31, 1180 Vienna, Austria; company registration number: 535495v, Vienna Commercial Court.

PowerBot products and services means all services, software and other products that are PowerBot-branded and/or offered via PowerBot as websites, API services, cloud services and mobile solutions.  

Personal Data: Information relating to a living individual who is, or can be, identified, including data that can be combined with other information to identify an individual. This can be a very wide definition, depending on the circumstances, and can include data which relates to the identity, characteristics or behaviour of an individual or influences the way in which that individual is treated or evaluated.  

Processing: Processing means performing any operation or set of operations on personal data, including:  

  • Obtaining, recording or keeping data
  • Organising or altering the data
  • Retrieving, consulting or using the data
  • Disclosing the data to a third party (including publication) and
  • Erasing or destroying the data.

Data Controller: A Data Controller is the person or organisation who decides the purposes for which, and the means by which, personal data is processes. The purpose of processing data involves ‘why’ the personal data is being processed and the ‘means’ of the processing involves ‘how’ the data is processed.  

Data Processor: A person or organisation that processes personal data on behalf of a data controller.

Data Subject: A Data Subject is the individual the personal data relates to.  

Legal Basis for Processing: In order to process personal data, you must have a legal basis to do so. The legal bases (or justifications) for processing personal data are set out in Art. 6 GDPR. These are the consent of the individual or where it is necessary for: performance of a contract; compliance with a legal obligation; protection of the vital interests of a person; the performance of a task carried out in the public interest; or in pursuit of the legitimate interests of the company/organisation or another (except where those interests are overridden by the interests or rights and freedoms of the data subject.

Contact Details

For any questions, comments and inquiries regarding PowerBot’s Privacy Policy or processing of Personal Data, please feel free to contact us at any time:  

  • E-Mail: office@powerbot-trading.com  
  • Tel.: +43 720 9000 18

The Austrian supervisory authority, to which PowerBot reports potential data breaches according to Art. 32 GDPR, and to which you can appeal to lodge a complaint, is Österreichische Datenschutzbehörde, Barichgasse 40-42, 1030 Vienna, Austria. Its contact details are:

Types of Personal Data  

PowerBot collects the following personal information of its customers and their employees:

  • Names
  • Business email addresses
  • Business phone numbers
  • Payment Information
  • Consent information regarding marketing and technical communication
  • IP addresses of customers connecting to PowerBot ser

PowerBot also collects personal information of potential customers, that either  

  • Contact us via email to receive more information on PowerBot products and services,
  • Visit us at our booth at industry events and voluntarily hand over their contact details for further communication,
  • Voluntarily hand over their contact details for further communication when engaging with a PowerBot employee or subcontractor or
  • Visit a public or non-public PowerBot webinar and accept our privacy policy when registering.

For all these potential customers, the legal basis for processing is ‘legitimate interest’, which is in line with GDPR, as the data subjects can reasonably expect that processing for the purpose of PowerBot marketing & sales may take place.

Additionally, PowerBot collects personal information of all applicants that wish to work at PowerBot as well as personal information of all its employees for legal reasons. Applicant personal information is generally stored seven months after the final decision of the HR department. It can be stored for a longer period only when an applicant consents to be held in evidence for future job openings.  

Data Controller & Data Processor

When you hand over data to PowerBot, PowerBot is the Data Controller in respect of its processing. As we do not process personal data on your behalf, PowerBot does not qualify as Data Processor according to this definition. Therefore, Data Processing Agreements are not needed between PowerBot and its customers.

Whenever PowerBot contracts any third-party services that process personal data on PowerBot’s behalf, a data processing agreement (“DPA”) is signed between PowerBot and the third party.

Data Processing Agreements

PowerBot uses third-party services such as vendors of IT hosting services, cloud services or other IT hosting services:

  • Microsoft for Microsoft 365 Business and Microsoft Entra  
  • Zoho Software Suite for CRM, software support, business accounting, human resources and marketing

In accordance with Art. 28 GDPR PowerBot has entered respective Data Processing Agreements with both Microsoft and Zoho, which is required because Microsoft and Zoho process personal data on our behalf.

PowerBot will not transfer or give access to Personal Data outside the EU/EEA, except in accordance with transfer agreements based on the EU Standard Contractual Clauses for the transfer of Personal Data to data processors established in outside the territory of the EU/EEA or other countries which the European Commission has found to guarantee an adequate level of data protection.

Purposes

PowerBot only processes your personal data for the following purposes:

  • To provide the contracted services to you and your company, and to maintain and improve the operability of the services.
  • To manage the customer relationship between you, your company and PowerBot, including by providing relevant information to you and communicating with you regarding the services, e.g. by informing you about your licensing, security updates and product information and to contact you for marketing purposes (from which you can easily opt-out at any time).
  • To fulfill any obligations that PowerBot has towards you and your company according to agreements between you and PowerBot, and to document such agreements.
  • To comply with the legal requirements that apply for power trading in particular, and to comply with the general retention obligation for all accounting documents and records.

Legal Bases

The legal bases for PowerBot’s processing of your personal data, as listed in ‘Types of Personal Data’, are  

  • ‘consent’ (Art. 6 para. 1 lit. a GDPR),    
  • ‘contractual or pre-contractual requirements’ (Art. 6 para. 1 lit. b GDPR),    
  • ‘legal compliance’ (Art. 6 para. 1 lit. c GDPR) and
  • ‘legitimate interests’ (Art. 6 para. 1 lit. f GDPR).

Rights of the data subject

Art. 12-23 GDPR define basic rights of each data subject. At PowerBot

  • the right of access by the data subject,
  • the right to rectification,
  • the right to erasure (‘right to be forgotten’),
  • the right to restriction of processing,
  • the right to data portability and
  • the right to object

are lawfully implemented and all obligations are met upon your written request to PowerBot (office@powerbot-trading.com) within one month. Before handing out data, please be aware that we will require for you to verify your identity.

Concerning Art. 22 GDPR, PowerBot does not use automated processes to make decisions about data subjects, including profiling, and therefore does neither produce legal effects concerning the data subject nor affects the data subject similarly.  

If a data subject believes that the processing of its PII data violates applicable data protection laws or its data protection rights have been violated in any other way, it may complain to the supervisory authority. For Austria, this is the data protection authority (https://www.dsb.gv.at/).  

Storage of Personal Data

Any personal data you electronically submit to us on this website using the contact form, such as your name, email address, or other personal information you provide are solely used for the specified purpose of answering to your request and get stored securely along with the respective submission times and IP-address. These data do not get passed on to third parties.

Therefore, we use personal data for the communication with only those users, who have explicitly requested being contacted, as well as for the execution of the services and products offered on this website. We do not pass your personal data to others without your approval, but we cannot exclude the possibility this data will be looked at in case of illegal conduct.

If you send us personal data via email – and thus not via this website – we cannot guarantee any safe transmission or protection of your data. We recommend you to never send confidential data via email.

Storage Period

We will only process personal data for as long as necessary in order to pursue the purposes for which the data is collected or to facilitate the contracted services, unless we are obligated by law to store or process personal data for a longer period of time, e.g., to ensure legal compliance. Any personal data that we do not need to fulfil our legal obligations will be deleted without undue delay after your customer relationship with PowerBot has ended.

Protection

At PowerBot an ISO/IEC 27001-certified Information security management system is in place and covers all our business activities, including the protection of your personal data. ISO/IEC is an approved certification mechanism pursuant to Art. 42 GDPR and used at PowerBot to comply with ‘Data protection by design and by default’ as required by Art. 25 GDPR.  

What is ISO/IEC 27001?

ISO/IEC 27001 is the world's best-known standard for information security management systems (ISMS). It defines requirements an ISMS must meet.

The ISO/IEC 27001 standard provides companies of any size and from all sectors of activity with guidance for establishing, implementing, maintaining and continually improving an information security management system.

Conformity with ISO/IEC 27001 means that an organization or business has put in place a system to manage risks related to the security of data owned or handled by the company, and that this system respects all the best practices and principles enshrined in this International Standard.

Why is ISO/IEC 27001 important?

With cyber-crime on the rise and new threats constantly emerging, it can seem difficult or even impossible to manage cyber-risks. ISO/IEC 27001 helps organizations become risk-aware and proactively identify and address weaknesses.

ISO/IEC 27001 promotes a holistic approach to information security: vetting people, policies and technology. An information security management system implemented according to this standard is a tool for risk management, cyber-resilience and operational excellence.

TLS encryption with https

We use https to transfer information on the internet in a tap-proof manner (data protection through technology design Art. 25 GDPR). With the use of TLS (Transport Layer Security), which is an encryption protocol for safe data transfer on the internet, we can ensure the protection of confidential information. You can recognise the use of this safeguarding tool by the little lock-symbol, which is situated in your browser’s top left corner, as well as by the use of the letters https (instead of http) as a part of our web address.

Newsletter Privacy Policy

When you subscribe to our newsletter you submit your personal data and give us the right to contact you via email. We use the data that is stored for the registration for the newsletter exclusively for our newsletter and do not pass them on. If you unsubscribe from the newsletter, we will delete all data that was saved when you registered.

Log-Files & Cookies

Log-Files

Every time you visit a website, certain information is automatically created and saved, just as it happens on this and other PowerBot websites. When visiting, our webservers (which are computers on which websites are saved/stored) automatically save data such as

  • the URL address of the accessed website
  • your browser and browser version
  • the used operating system
  • the URL address of the previously visited site (‘referrer-URL’)
  • the hostname and the IP address of your device
  • date and time of the access  

to files (so-called webserver logfiles). Generally, webserver logfiles stay saved for two weeks and then get deleted automatically. We do not pass this information to others, but we cannot exclude the possibility that this data will be looked at in case of illegal conduct.

Cookies

Every time you surf the internet, you use a browser. Common browsers are for example Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites store small text-files in your browser. These files are called cookies.

What should not be dismissed, is that cookies are very useful little helpers. Nearly all websites use cookies. More accurately speaking these are HTTP-cookies, since there are also different cookies for other uses. http-cookies are small files which our website stores on your computer. These cookie files are automatically put into the cookie-folder, which is like the “brain” of your browser. A cookie consists of a name and a value. Moreover, to define a cookie, one or multiple attributes must be specified.

Cookies save certain parts of your user data, such as e.g. language or personal page settings. When you re-open our website, your browser submits these “user specific” information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are familiar to. In some browsers every cookie has its own file, in others such as Firefox, all cookies are stored in one single file.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, while third-party cookies are created by partner-websites (e.g. Google Analytics). Every cookie is individual, since every cookie stores different data. The expiration time of a cookie also varies – it can be a few minutes, or up to a few years. Cookies are no software-programs and contain no computer viruses, trojans or any other malware. Cookies also cannot access your PC’s information.

This is an example of how cookie-files can look:

name: _ga
value: GA1.2.1326744211.152111577435-9
purpose: differentiation between website visitors
expiration date: after 2 years

A browser should support these minimum sizes:

  • at least 4096 bytes per cookie
  • at least 50 cookies per domain
  • at least 3000 cookies in total

Upon your first visit to a website, you are usually asked which of these cookie-types you want to accept. Furthermore, this decision will of course also be saved in a cookie.

How can I delete Cookies?

You yourself take the decision if and how you want to use cookies. Thus, no matter what service or website cookies are from, you always have the option to delete, deactivate or only partially allow them. Therefore, you can for example block cookies of third parties but allow any other cookies.

If you want change or delete cookie-settings and would like to determine which cookies have been saved to your browser, you can find this info in your browser-settings:

Chrome: Clear, enable and manage cookies in Chrome

Safari: Manage cookies and website data in Safari

Firefox: Clear cookies and site data in Firefox

Microsoft Edge: Delete cookies in Microsoft Edge

If you generally do not want to allow any cookies at all, you can set up your browser in a way, to notify you whenever a potential cookie is about to be set. This gives you the opportunity to manually decide to either permit or deny the placement of every single cookie. The settings for this differ from browser to browser. Therefore, it might be best for you to search for the instructions in Google.

Google Analytics Privacy Policy

We use the tracking and analysis tool Google Analytics (GA) of the US-American company Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). Google Analytics collects data on your actions on our website. Whenever you click a link for example, this action is saved in a cookie and transferred to Google Analytics. With the help of reports which we receive from Google Analytics, we can adapt our website and our services better to your wishes. In the following, we will explain the tracking tool in more detail, and most of all, we will inform you what data is saved and how you can prevent this.

What is Google Analytics?

Google Analytics is a tracking tool with the purpose of conducting data traffic analysis of our website. For Google Analytics to work, there is a tracking code integrated to our website. Upon your visit to our website, this code records various actions you perform on your website. As soon as you leave our website, this data is sent to the Google Analytics server, where it is stored.

Google processes this data and we then receive reports on your user behaviour. These reports can be one of the following:

  • Target audience reports: With the help of target audience reports we can get to know our users better and can therefore better understand who is interested in our service.
  • Advertising reports: Through advertising reports we can analyse our online advertising better and hence improve it.
  • Acquisition reports: Acquisition reports provide us helpful information on how we can get more people enthusiastic about our service.
  • Behaviour reports: With these reports, we can find out how you interact with our website. By the means of behaviour reports, we can understand what path you go on our website and what links you click.
  • Conversion reports: A conversion is the process of leading you to carry out a desired action due to a marketing message. An example of this would be transforming you from a mere website visitor into a buyer or a newsletter subscriber. Hence, with the help of these reports we can see in more detail, if our marketing measures are successful with you. Our aim is to increase our conversion rate.
  • Real time reports: With the help of these reports we can see in real time, what happens on our website. It makes us for example see, we can see how many users are reading this text right now.

Why do we use Google Analytics on our website?

The objective of our website is clear: We want to offer you the best possible service. Google Analytics’ statistics and data help us with reaching this goal.

Statistically evaluated data give us a clear picture of the strengths and weaknesses of our website. On the one hand, we can optimise our page in a way, that makes it easier to be found by interested people on Google. On the other hand, the data helps us to get a better understanding of you as our visitor. Therefore, we can very accurately find out what we must improve on our website, in order to offer you the best possible service. The analysis of that data also enables us to carry out our advertising and marketing measures in a more individual and more cost-effective way. After all, it only makes sense to show our products and services exclusively to people who are interested in them.

What data gets stored by Google Analytics?

With the aid of a tracking code, Google Analytics creates a random, unique ID which is connected to your browser cookie. That way, Google Analytics recognises you as a new user. The next time you visit our site, you will be recognised as a “recurring” user. All data that is collected gets saved together with this very user ID. Only this is how it is made possible for us to evaluate and analyse pseudonymous user profiles.

Your interactions on our website are measures by tags such as cookies and app instance IDs. Interactions are all kinds of actions that you perform on our website. If you are also using other Google systems (such as a Google Account), data generated by Google Analytics can be linked with third-party cookies. Google does not pass on any Google Analytics data, unless we as the website owners authorise it. In case it is required by law, exceptions can occur.

The following cookies are used by Google Analytics:

Name: _ga
Value:2.1326744211.152111577435-5
Purpose: By default, analytics.js uses the cookie _ga, to save the user ID. It generally serves the purpose of differentiating between website visitors.
Expiration date: After 2 years

Name: _gid
Value:2.1687193234.152111577435-1
Purpose: This cookie also serves the purpose of differentiating between website users
Expiration date: After 24 hours

Name: _gat_gtag_UA_

Value: 1
Verwendungszweck: It is used for decreasing the demand rate. If Google Analytics is provided via Google Tag Manager, this cookie gets the name _dc_gtm_ .
Expiration date: After 1 minute

Name: AMP_TOKEN
Value: No information
Purpose: This cookie has a token which is used to retrieve the user ID by the AMP Client ID Service. Other possible values suggest a logoff, a request or an error.
Expiration date: After 30 seconds up to one year

Name: __utma
Value:1564498958.1564498958.1564498958.1
Purpose: With this cookie your behaviour on the website can be tracked and the site performance can be measured. The cookie is updated every time the information is sent to Google Analytics.
Expiration date: After 2 years

Name: __utmt
Value: 1
Purpose: Just like _gat_gtag_UA_ this cookie is used for keeping the requirement rate in check.
Expiration date: Afer 10 minutes

Name: __utmb
Value:3.10.1564498958
Purpose: This cookie is used to determine new sessions. It is updated every time new data or information gets sent to Google Analytics.
Expiration date: After 30 minutes

Name: __utmc
Value: 167421564
Purpose: This cookie is used to determine new sessions for recurring visitors. It is therefore a session cookie, and only stays saved until you close the browser again.
Expiration date: After closing the browser

Name: __utmz
Value: m|utmccn=(referral)|utmcmd=referral|utmcct=/
Purpose: This cookie is used to identify the source of our website’s visitor number. This means, that the cookie saves information on where you came to our website from. This could be another site or an advertisement.
Expiration date: After 6 months

Name: __utmv
Value: No information
Purpose: The cookie is used to store custom user data. It gets updated whenever information is sent to Google Analytics.
Expiration date: After 2 years

Note: This list is by no means exhaustive, since Google are repeatedly changing the use of their cookies.

Below we will give you an overview of the most important data that can be evaluated by Google Analytics:

Heatmaps: Google creates so-called Heatmaps an. These Heatmaps make it possible to see the exact areas you click on, so we can get information on what routes you make on our website.

Session duration: Google calls the time you spend on our website without leaving it session duration. Whenever you are inactive for 20 minutes, the session ends automatically.

Bounce rate If you only look at one page of our website and then leave our website again, it is called a bounce.

Account creation: If you create an account or make an order on our website, Google Analytics collects this data.

IP-Address: The IP address is only shown in a shortened form, to make it impossible to clearly allocate it.

Location: Your approximate location and the country you are in can be defined by the IP address. This process is called IP location determination.

Technical information: Information about your browser type, your internet provider and your screen resolution are called technical information.

Source: Both, Google Analytics as well as ourselves, are interested what website or what advertisement led you to our site.

Further possibly stored data includes contact data, potential reviews, playing media (e.g. when you play a video on our site), sharing of contents via social media or adding our site to your favourites. This list is not exhaustive and only serves as general guidance on Google Analytics’ data retention.

How long and where is the data saved?

Google has servers across the globe. Most of them are in America and therefore your data is mainly saved on American servers. Here you can read detailed information on where Google’s data centres are located:  

https://www.google.com/about/datacenters/inside/locations/?hl=en

Your data is allocated to various physical data mediums. This has the advantage of allowing to retrieve the data faster, and of protecting it better from manipulation. Every Google data centre has respective emergency programs for your data. Hence, in case of a hardware failure at Google or a server error due to natural disasters, the risk for a service interruption stays relatively low.

Google Analytics has a 26 months standardised period of retaining your user data. After this time, your user data is deleted. However, we have the possibility to choose the retention period of user data ourselves. There are the following five options:

  • Deletion after 14 months
  • Deletion after 26 months
  • Deletion after 38 months
  • Deletion after 50 months
  • No automatical deletion

As soon as the chosen period is expired, the data is deleted once a month. This retention period applies to any of your data which is linked to cookies, user identification and advertisement IDs (e.g. cookies of the DoubleClick domain). Any report results are based on aggregated information and are stored independently of any user data. Aggregated information is a merge of individual data into a single and bigger unit.

How can I delete my data or prevent data retention?

Under the provisions of the European Union’s data protection law, you have the right to obtain information on your data and to update, delete or restrict it. With the help of a browser add on that can deactivate Google Analytics’ JavaScript (ga.js, analytics.js, dc.js), you can prevent Google Analytics from using your data.  

Google Analytics is an active participant of the EU-U.S. Privacy Shield Framework, which regulates correct and save transfer of personal data. You can find more information on this at this link. We hope we were able to make you more familiar with the most important information on Google Analytics’ data processing.  

jQuery CDN Privacy Policy

We use jQuery CDN services by the jQuery Foundation to deliver our website and our subpages to you quickly and easily on different devices. jQuery is distributed via the Content Delivery Network (CDN) of the American software company StackPath (LCC 2012 McKinney Ave. Suite 1100, Dallas, TX 75201, USA). This service stores, manages and processes your personal data.

A content delivery network (CDN) is a network of regionally distributed servers that are connected to each other via the Internet. Through this network content and especially very large files, can be delivered quickly – even in peak demand periods.

jQuery uses JavaScript libraries to be able to deliver our website content quickly. For this, a CDN server loads the necessary files. As soon as a connection to the CDN server is established, your IP address is recorded and stored. This only happens if the data has not already been saved in your browser during a previous website visit.

StackPath’s privacy policy explicitly mentions that StackPath uses aggregated and anonymised data of various services (such as jQuery) for both, security enhancement and its own services. However, it is impossible for you to be personally identified with the use of this data.

If you want to avoid this data transfer, you always have the option to use JavaScript blockers. You can also simply deactivate the execution of JavaScript codes in your browser. If you decide to deactivate JavaScript codes, the usual functions will also change. For example, websites may no longer load as quickly.

StackPath is an active participant in the EU-U.S. Privacy Shield Framework, which regulates the correct and secure transfer of personal data. You can find more information at this link. Also, you can find more information about StackPath’s data protection here and jQuery’s data protection here.  

Part of this privacy policy has been created with the Datenschutz Generator by AdSimple® Webdesign in cooperation with meinhaushalt.at

By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our privacy policyPrivacy Policy for more information.