This privacy policy applies to all persons who use the services of Come in OG – hereinafter referred to as come in. We inform you about the nature, scope and purpose of the collection and use of your personal data by our company. The protection of your personal data is of particular concern to us - we respect your privacy and strive to comply with the legal requirements for the processing of your personal data. To this end, we have implemented organizational and technical protective measures, which we adapt if necessary.

1. General provisions
This privacy policy applies to all persons who use the services of Come in OG – hereinafter referred to as come in. We inform you about the nature, scope and purpose of the collection and use of your personal data by our company. The protection of your personal data is of particular concern to us - we respect your privacy and strive to comply with the legal requirements for the processing of your personal data. To this end, we have implemented organizational and technical protective measures, which we adapt if necessary.

1.1. Personal data:

Your personal data voluntarily provided directly, by telephone, e-mail, in person or by a third party (group coordinator, employer, family members or other travel organizers) will be collected, stored and processed in accordance with the most recent data protection legislation (EU GDPR). This is done both automation-supported and in the form of archived text documents (correspondence, booking confirmations, personalized invoices, manual files).

Flight bookings, hotel bookings and additional travel services: A booking with come in is not possible without the collection, storage, and processing of your personal data. This is done exclusively for the purpose of organizing and carrying out the travel booking. Your data will only be passed on to third parties who are directly involved in the booking process and if the organizational process makes this necessary – according to the requirements of your bookings (airline, hotel, transport company, travel insurance, etc.).

1.2. Images/films:

By signing the contract, you grant come in permission to use photos/films taken by you or your company presence during the event by our official photographer (team) for marketing purposes (event reports, promotion of follow-up events & own marketing) for an indefinite period. If you do not want any photos/films in which you have been photographed to be published, you can contact us at any time:  welcome@come-in.at

1.3. Links to other websites:
Links provided by come in (program booklets, invitation management, travel documents, travel information, travel insurance, entry formalities, etc.) may contain links to other websites. come in is not responsible for the data you enter on other websites. Like us, our partner companies are subject to the EU GDPR, but the implementation of this is the responsibility of each company itself. Our Privacy Policy applies only to data for which we (come in) are responsible.

2. Obligation to provide information in accordance with Articles 12-14 of the EU GDPR

We are happy to provide you with all information describing the type, purpose, and scope of the processing activities of your personal data.

2.1. Controller:

come in OG

1090 Wien, Alserstrasse 32/20

Mag(FH) Ronald Prohazka

Managing Director

2.2. Purposes of data processing:

Depending on the scope of the booking of the data subjects, their data will be required, stored, and processed for one or more of the purposes listed below.

2.3. Legal basis of the data processing purposes:

2.4. Third party data recipients - categories:

Your data will only be forwarded if the organisational process or a legal obligation makes this necessary - in accordance with the requirements of your bookings - and if a valid legal basis exists. The recipients only receive the data details necessary for them, not full data sets. In the context of service contracts with companies, this may also be your employer or its service partner in order to comply with travel policies.

2.5. Transfer of data to third countries:

Based on Art 49, 1b: transfer is necessary for the performance of a contract between the data subject and the controller or for the performance of pre-contractual measures at the request of the data subject. Only data that are actually needed for the stated purpose can be collected and processed.

2.6. Storage period of personal data:

The duration of storage is measured according to the duration of the business relationship and, in addition, according to the statutory retention obligations applicable to us. We emphasise that in the case of regular cooperation, we strive to know your customer requirements already communicated to us so well that we can continue to offer our best possible customer service on an ongoing and permanent basis.

Sensitive data (special dietary requirements) which must be collected for the purpose of carrying out the booking will be irretrievably deleted at the End of the event follow-up.

All other data will be kept for 7 years in order to comply with the legal retention period according to the Value Added Tax Act 1994, or according to any further legal retention obligations that apply beyond this. After expiry of the retention periods, the corresponding data will be routinely deleted if it is no longer required for the fulfillment or initiation of the contract.

3. Rights of the data subjects

We are happy to inform you about your rights according to the EU Data Protection Regulation:

3.1. Data subject rights according to Art. 15-21 EU-DSGVO:

• Right to information
• Right to rectification
• Right to erasure/right to be forgotten
• Right to restriction of processing
• Right to data portability
• Right to object (in case of legitimate interest of the data controller)

Detailed descriptions can be found here:

http://eur-lex.europa.eu/legal-ontent/DE/TXT/HTML/?uri=CELEX:32016R0679&from=DE

© European Union, http://eur-lex.europa.eu/,  1998-2018'

https://www.wko.at/service/wirtschaftsrecht-gewerberecht/EU-Datenschutz-Grundverordnung:-Betroffenenrechte.html

3.2. Right of withdrawal pursuant to Art. 7 EU GDPR:  

Depending on your category of person, we ask you for various declarations of consent. These will be requested in the course of a travel booking, a possible online registration or directly from the person concerned/group coordinator/company representative. The declarations of consent are not obligatory according to the EU Data Protection Regulation. Every data subject has the right to revoke his/her given consent(s) at any time. The revocation of the declaration of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

3.3. Right to lodge a complaint with a supervisory authority pursuant to Art. 77 EU GDPR

Any data subject has the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data concerning him or her infringes the EU GDPR.

4. Description of other purposes

Legitimate interests of the controller pursuant to Art. 6 (1) f) EU GDPR

4.1. Advertising/Marketing:

Processing of personal data of the data subject in order to inform him/her about the above mentioned travel bookings, as well as about similar products and services.

4.2. Maintaining high standards of customer service  

e.g. frequent flyer information / travel preferences / informing customers of changes / customer feedback.