Data protection declaration according to DSGVO or GDPR
last Edited: 04.03.2021
For us, Audio Tuning Vertriebs GmbH, the protection of your personal data is a special concern. Therefore, we process your data exclusively on the basis of the legal regulations (DSGVO, TKG 2003). In this privacy policy we inform you about the most important aspects of data processing in our company.
Contact us
If you contact us via the form on the website or by e-mail, your data will be stored for six months to process the request and in case of follow-up questions. These data will be forwarded directly to our responsible local partner if the respective country is selected. If there is no local partner for the selected country, we will receive this data, which we will not pass on without your consent.
Newsletter
With your consent, you can subscribe to our newsletter, which we use to inform you about our current offers. The advertised goods and services are named in the declaration of consent.
We use the so-called double opt-in procedure to register for our newsletter. This means that after you have registered, we will send you an e-mail to the e-mail address provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and deleted at your request. In addition, we save the IP addresses you use and the times of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.
The only mandatory information for sending the newsletter is your email address. The provision of further, separately marked data is voluntary and is used in order to be able to address you personally. After your confirmation, we will save your email address for the purpose of sending you the newsletter. The legal basis is Art. 6 Para. 1 S. 1 lit. GDPR.
You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in every newsletter email or by sending an email to marketing@project-audio.com.
We would like to point out that we evaluate your user behaviour when sending the newsletter. For this evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which represent single-pixel image files that are stored on our website. Links received in the newsletter also contain this ID. The data is only collected in pseudonymised form, i.e. the IDs are not linked to your other personal data, and direct personal reference is excluded.
Data storage
In addition, the following data is also stored with us for the purpose of contract execution: first and last name, e-mail address and telephone number. The data provided by you are required for the transaction, fulfillment of contract or for the execution of pre-contractual measures. Without this data we cannot conclude the contract with you. A transfer of data to third parties, with the exception of credit card and bank data to the transacting bank / payment service provider for the purpose of payment, to the transport company / shipping company commissioned by us to deliver the goods and to our tax advisor to fulfill our tax obligations. In the case of a contract, all data from the contractual relationship are stored until the expiry of the tax retention period (7 years). In addition, the data name, address, purchased goods and date of purchase are stored until the end of product liability. Data processing takes place on the basis of the statutory provisions of § 96 (3) TKG and Art. 6 para. 1 lit a (consent) and / or lit b (necessary for fulfilment of the contract) of the GDPR.
Collection of personal data when you visit our website:
If you only use the website for informational purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you would like to view our website, we collect the following data, which is technically necessary for us to display our website to you and to guarantee stability and security (the legal basis is Art. 6 Para. 1 S. 1 lit. GDPR ): IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status / HTTP status code, amount of data transferred, website from which the request comes, browser operating system and its interface, language and version of the browser software.
In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive and assigned to the browser you are using and through which certain information flows to the place that sets the cookie (in this case by us). Cookies cannot run programs or transmit viruses to your computer. They serve to make the Internet offer more user-friendly and effective overall.
Use of cookies:
a) This website uses the following types of cookies, the scope and functionality of which are explained below:
– Transient cookies (see b)
– Persistent cookies (see c).
b) Transient cookies are automatically deleted when you close the browser. This includes in particular the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.
c) Persistent cookies are automatically deleted after a specified period, which can differ depending on the cookie. You can delete the cookies at any time in the security settings of your browser.
d) You can configure your browser settings according to your wishes and for example reject the acceptance of third-party cookies or all cookies. We would like to point out that you may not be able to use all functions of this website.
e) We use HTML5 storage objects that are stored on your device. You can prevent the use of HTML5 storage objects by using the private mode in your browser. We also recommend that you regularly delete your cookies and browser history manually.
You can manage the settings of your cookies here: Cookie Settings
Further functions and offers on our website
In addition to the purely informational use of our website, we offer various services that you can use if you are interested. To do this, you usually have to provide additional personal data that we use to provide the respective service and for which the aforementioned data processing principles apply.
In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are checked regularly.
Furthermore, we can pass on your personal data to third parties if we offer participation in campaigns, competitions, contracts or similar services together with partners. You will receive more information on this when you provide your personal data or below in the description of the offer.
If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you of the consequences of this fact in the description of the offer.
Job processing contract
Our business partners (retailers) who purchase goods for the purpose of doing business with the end customer are responsible for the lawful compliance with the GDPR, the protection of personal data. By storing this personal information on our servers, we will be the processor of this personal information. The obligation to conclude a contract processing contract between the two parties can be fulfilled by the persons responsible by e-mail or by contact form. The contract processing contract is intended for the subjects who do not process the personal data for their own purposes. The processing of personal data by individuals for personal or family activities is not governed by the rules governing the protection of personal data, is not governed by the Regulation and also does not apply to the contract processing contract.
Your rights
In principle, you have the rights to information, correction, deletion, restriction, data portability, revocation and opposition. If you believe that the processing of your data violates data protection law or if your data protection claims have otherwise been violated in a way, you can complain to the supervisory authority. In Austria, this is the data protection authority.
Changes
Changes to the Privacy Policy will be communicated to our Affiliates with a notice of the change in question and updated on our Website at the same time – so that each Affiliate and Visitor can understand that we continue to comply with the Basic Data Protection Regulation (also known as “GDPR”) work.
You can reach us under the following contact details:
Tel. :+43 1 5448580 or +43 1 544 858 0400
E-Mail: gdpr@audiotuning.at
Coordinated Vulnerability Disclosure (CVD) Policy
last Edited: 03.04.2024
This vulnerability disclosure policy applies to any vulnerabilities you are considering reporting to Audio Tuning Vertriebs GmbH. We recommend reading this vulnerability disclosure policy fully before you report a vulnerability and always acting in compliance with it. We value those who take the time and effort to report security vulnerabilities according to this policy. However, we do not offer monetary rewards for vulnerability disclosures.
Reporting
If you believe you have found a security vulnerability, please submit your report to us using the following link:
https://tools.project-audio.com/contact.aspx?lang=en&site=project
In your report please include details of:
* The website, IP or page or product where the vulnerability can be observed.
* A brief description of the type of vulnerability, for example; “XSS vulnerability”.
* Steps to reproduce. These should be a benign, non-destructive, proof of concept. This helps to ensure that the report can be triaged quickly and accurately. It also reduces the likelihood of duplicate reports, or malicious exploitation of some vulnerabilities, such as sub-domain takeovers.
What to expect
After you have submitted your report, we will respond to your report within 5 working days and aim to triage your report within 10 working days. We’ll also aim to keep you informed of our progress. Priority for remediation is assessed by looking at the impact, severity and exploit complexity. Vulnerability reports might take some time to triage or address. You are welcome to enquire on the status but should avoid doing so more than once every 14 days. This allows our teams to focus on the remediation. We will notify you when the reported vulnerability is remediated, and you may be invited to confirm that the solution covers the vulnerability adequately. Once your vulnerability has been resolved, we welcome requests to disclose your report. We’d like to unify guidance to affected users, so please do continue to coordinate public release with us.
Guidance
You must NOT:
* Break any applicable law or regulations.
* Access unnecessary, excessive or significant amounts of data.
* Modify data in Audio Tuning Vertriebs GmbH’s systems, services or products.
* Use high-intensity invasive or destructive scanning tools to find vulnerabilities.
* Attempt or report any form of denial of service, e.g. overwhelming a service with a high volume of requests.
* Disrupt Audio Tuning Vertriebs GmbH’s systems, services or products.
* Submit reports detailing non-exploitable vulnerabilities, or reports indicating that the services do not fully align with “best practice”, for example missing security headers.
* Submit reports detailing TLS configuration weaknesses, for example “weak” cipher suite support or the presence of TLS1.0 support.
* Communicate any vulnerabilities or associated details other than by means described in the published security.txt.
* Social engineer, ‘phish’ or physically attack Audio Tuning Vertriebs GmbH’s staff or infrastructure.
* Demand financial compensation in order to disclose any vulnerabilities.
You must:
* Always comply with data protection rules and must not violate the privacy of Audio Tuning Vertriebs GmbH’s users, staff, contractors, services or systems. You must not, for example, share, redistribute or fail to properly secure data retrieved from the systems or services.
* Securely delete all data retrieved during your research as soon as it is no longer required or within 1 month of the vulnerability being resolved, whichever occurs first (or as otherwise required by data protection law).
Legalities
This policy is designed to be compatible with common vulnerability disclosure good practice. It does not give you permission to act in any manner that is inconsistent with the law, or which might cause the Audio Tuning Vertriebs GmbH or partner organisations to be in breach of any legal obligations.