1. GENERAL PROVISIONS
1.1. Superstring Solutions AG (hereinafter “Superstring Solutions AG“, “we“, “us”) is aware of the importance of the personal data trusted to it.
1.2. Superstring Solutions AG provide a platform that includes the current and any further development, update and version of the application for virtual / augmented reality headsets, a mobile application, as well as a website located at https://www.anasaea.com / (hereinafter “platform”), on which an person using the platform can view and exhibit their works of art in virtual galleries.
- Personal data: Any information relating to an identified or identifiable natural person (“data subject“); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- Processing: Any operation or set of operations which is performed on personal data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- Data subject: The person whose personal data is processed.
- Controller: The natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
- Processor: The natural or legal person, public authority, agency or other body that processes personal data on behalf of the Controller.
- Consent (of the data subject): any freely given specific, informed and unambiguous indication of his or her wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.
- Personal Data Breach: The breach of security that, whether accidentally or unlawfully, results in the destruction, loss, alteration, or unauthorized disclosure of, or access to, personal data that has been transmitted, stored, or otherwise processed.
- WHO IS RESPONSIBLE FOR DATA PROCESSING AND WHOM CAN I CONTACT?
Superstring Solutions AG is the responsible person in the sense of Article 4 (7) GDPR. You can reach us under
Superstring Solutions AG
Unterägeri, ZUG, Switzerland
Our contact for data protection is Superstring Solutions AG.
- FOR WHAT PURPOSES DO WE PROCESS YOUR PERSONAL DATA?
3.1 Using the platform
- Description: When you visit a platform, certain information is created and stored automatically, including on our platform. To make it easier for you to contact us, Superstring Solutions AG provides you with an interactive contact form on the website. Without the processing of the following categories of data, a reliable operation of the platform cannot take place.
- Data categories: We process contact data (first name, last name, email address, company), as well as additional personal data that you voluntarily provide to us through an input mask in order to contact you. In addition, the address (URL) of the visited website, the browser and browser version, the operating system used, the address (URL) of previously visited pages (link URL), the host name and IP address of the device from which access is made, the date and time are stored in the log files of the web server, as well as data tracking in virtual / augmented reality, including location in virtual space.
- Legal basis: We process the mentioned personal data on the basis of legitimate interests (Article 6(1)(f) GDPR), such as the proper functioning of our application.
- Storage period: We store the mentioned personal data for a period of 30 days. After 30 days, the web server log files are automatically deleted. We process your data, which is provided to us via the contact form, for the duration of the processing of your request.
3.2. Processing of personal data to send information about our products and services
- Description: Upon request, we will send you information about our products and services by e-mail. For this purpose we process your personal data. Without this data, we cannot send you this information.
- Data categories: We process your first and last name, e-mail address and company for this purpose.
- Legal basis: We process the mentioned personal data on the basis of your consent (Article 6 (1) (a) GDPR).
- Storage period: We store the mentioned personal data until the time of your revocation, while you have the option to revoke your mentioned consent at any time. This allows you to refuse the future sending of information about our products and services to your specified e-mail address at any time, free of charge and without complications. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
3.3. Transer of application documents
- Description: Applicants can submit their resume and other application documents to Superstring Solutions AG. No application can be made without this data.
- Data categories: The personal data mentioned under this point a. or contained in the application documents will be processed. In addition, personal data, which you provide to us voluntarily in this context are processed too.
- Legal basis: We process the mentioned personal data on the basis of our legitimate legal interests (Article 6 (1) (f) GDPR) in order to be able to evaluate applicants.
- Storage period: We store the mentioned personal data for a period of 7 months for the purpose of defence against any claims asserted by applicants pursuant to sections 15 (1) and 29 of the Austrian Equal Treatment Act (GlBG) on the grounds of discrimination in job applications. If applicant data is to be kept on record beyond this period, we will obtain your consent for this.
3.4. Law enforcement
- Description: In the event of a legal dispute, the data required for the appropriate prosecution is transmitted to legal representatives and courts.
- Data categories: Contact data (e.g. first and last name, acad. title, address), data related to the litigation in question (e.g. your behavior in relation to the use of the website);
- Legal basis: We process the mentioned personal data on the basis of legitimate legal interests (Article 6 (1) (f) in connection with Article 9 (2) (f) GDPR) for the purpose of legal prosecution.
- Storage period: We store the mentioned personal data for the purpose of pursuing or defending legal claims for as long as this is necessary for the potential conduct of proceedings or until the expiry of the statutory limitation periods, whereby the statutory limitation period for claims arising from the breach of contracts is three years.
- TO WHICH RECIPIENTS WILL YOUR PERSONAL DATA BE TRANSFERRED?
4.1. In the course of our data processing, we transfer your personal data to the following recipients to the extent necessary: service partners, service providers, legal representatives, courts and administrative authorities as well as companies that are commissioned to support our internal IT infrastructure (software, hardware).
- WHAT RIGHTS DO YOU HAVE?
5.1. You have the right of access information under Art 15 GDPR, the right to rectification under Art 16 GDPR, the right to erasure under Art 17 GDPR, the right to restriction of processing under Art 18 GDPR, the right to object under Art 21 GDPR, the right not to be subject to automated decision-making in individual cases, including profiling, and the right to data portability under Art 20 GDPR. In addition, you have the right to lodge a complaint with a competent data protection supervisory authority (Art 77 GDPR). You can find more information about your rights at: https://www.dsb.gv.at/rechte-der-betroffenen.
5.2. The competent supervisory authority is the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna (https://www.dsb.gv.at/).
- PURPOSES OF PROCESSING PERSONAL DATA
6.1. We may process your personal data solely for use for the following purposes:
- Identification for granting access to the platform;
- Establishing feedback, including sending notifications, requests regarding the use of the platform, processing requests and wishes;
- Location detection for security and fraud prevention;
- Confirmation of the accuracy and completeness of the personal data provided;
- Providing effective customer and technical support in case of problems related to the use of the platform;
- Providing, with the data subject’s consent, platform updates, special offers, pricing information, newsletters and other information on our behalf by e-mail and other types of mailings;
- Implementation of advertising activities with the consent of the data subject.
6.2. We do not publish personal data in publicly available sources. We do not make decisions affecting the rights and legitimate interests of the user based solely on automated processing of personal data.
- EMBEDDING OF SOCIAL MEDIA PLUG-INS AND SIMILAR INSTRUMENTS
7.1. We use the following social media plug-ins and similar tools as part of the operation of the platform. In particular, we include elements of social media services on our platform to display images, videos and texts. By visiting pages that display these elements, data may be transmitted from your browser to the respective social media service and stored there. We do not have access to this data. A description of the respective service and the personal data processed can be found below.
7.2. The legal basis for embedding the following services is your consent according to Article (6) (1) (a) GDPR.
7.3. Storage period: We process your personal data until your valid consent is revoked at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. You can partially prevent the usage of the following services by setting the internet browser used accordingly and thus permanently prevent such data processing.
7.4. Google Maps
- We use Google Maps by the company Google Inc. on our platform. For the European area the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. Google Maps allows us to show you locations better and thus adapt our platform to your needs.
- Superstring Solutions AG has integrated components of the service Instagram on this platform. Instagram is a service that qualifies as an audiovisual platform and allows users to share photos and videos and also to redistribute such data in other social networks.
- The operating company of the Instagram services is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.
- By calling up one of the individual pages of this website, which is operated by the controller who is responsible for the processing, and which integrates an Instagram component (Insta button), the internet browser on the information technology system of the data subject is automatically caused to download a representation of the corresponding component from Instagram by the respective Instagram component. Within the scope of this technical procedure, Instagram receives notice about which specific subpage of our website is visited by the data subject.
- If the data subject is logged in to Instagram at the same time, Instagram recognizes which specific subpage the data subject is visiting each time the data subject opens our platform as well as for the entire duration of the respective stay on our platform. This information is collected by the Instagram component and assigned by Instagram to the respective Instagram account of the data subject. If the data subject activates one of the Instagram buttons integrated on our platform, the data and information transmitted will be assigned to the personal Instagram user account of the data subject and stored and processed by Instagram.
- Instagram always receives information via the Instagram component that the data subject has visited our platform, if the data subject is simultaneously logged into Instagram at the time of calling up our platform. This takes place regardless of whether the data subject clicks on the Instagram component or not. If the data subject does not want this information to be transmitted to Instagram, he or she can prevent the transmission by logging out of his or her Instagram account before accessing our platform.
- Superstring Solutions AG has integrated components of the LinkedIn Corporation on our platform. LinkedIn is a social network that allows users to connect with existing business contacts and make new business contacts.
- With each individual call-up of our platform that is equipped with a LinkedIn component (LinkedIn plug-in), this component causes the browser used by the data subject to download a corresponding representation of the component from LinkedIn. Further information on LinkedIn plug-ins can be found at https://developer.linkedin.com/plugins. As part of this technical procedure, LinkedIn receives knowledge of about specific subpage of our platform is visited by the data subject.
- If the data subject is logged in to LinkedIn at the same time, LinkedIn recognizes which specific subpage of our platform the data subject is visiting each time the data subject calls up our website and for the entire duration of the respective stay on our platform. This information is collected by the LinkedIn component and assigned by LinkedIn to the respective LinkedIn account of the data subject. If the data subject activates a LinkedIn button integrated on our platform, LinkedIn assigns this information to the personal LinkedIn user account of the data subject and stores this personal data.
- LinkedIn always receives information via the LinkedIn component that the data subject has visited our platform if the data subject is logged into LinkedIn at the same time as calling up our platform; this takes place regardless of whether the data subject clicks on the LinkedIn component or not. If the data subject does not want this information to be transmitted to LinkedIn, he or she can prevent the transmission by logging out of his or her LinkedIn account before accessing our platform.
- Superstring Solutions AG also uses videos of the company Vimeo on the platform. The video portal is operated by Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA. With the help of a plug-in, we can show you interesting video material directly on our platform. In the process, certain data may be transferred from you to Vimeo. You can find more information on data processing by Vimeo at https://vimeo.zendesk.com/hc/de/sections/203915088-Datenschutz.
- When you visit our platform that has a Vimeo video embedded, your browser connects to the servers of Vimeo. This results in a data transmission. This data is collected, stored and processed on the servers of Vimeo. Vimeo collects data about you, regardless of whether you have a Vimeo account or not. This includes your IP address, technical info about your browser type, operating system or very basic device information. Furthermore, Vimeo stores information about the website, from which you use the Vimeo service and which actions (web activities) you perform on our platform. These web activities include, for example, session duration, bounce rate or which button you clicked on our platform with built-in Vimeo function.
- If you are logged in to Vimeo as a registered member, more data can usually be collected, as more cookies may have already been set in your browser. In addition, your actions on our platform are directly linked to your Vimeo account. To prevent this, you must log out of Vimeo while “surfing” our platform.
7.8. Google Fonts
- On our platform we use Google Fonts. These are the “Google Fonts” by the company Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. You can also find more information on data processing by Google at https://www.google.com/intl/de/policies/privacy/.
- You do not need to log in or enter a password to use Google Fonts. Furthermore, no cookies are stored in your browser. The files (CSS, fonts) are requested via the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, the requests for CSS and fonts are completely separate from all other Google services. If you have a Google account, you do not need to worry that your Google account information, while using Google Fonts, will be transmitted to Google. Google records the usage of CSS (Cascading Style Sheets) and the fonts used and stores this data securely.
- When you visit our platform, the fonts are reloaded via a Google server. Through this external call, data is transmitted to the Google servers. In this way, Google also recognizes that you or your IP address is visiting our website.
- Google Fonts stores CSS and font requests securely at Google and is therefore protected. Through the collected usage figures, Google can determine how well the individual fonts are received. Google publishes the results on internal analysis pages, such as Google Analytics. In addition, Google also uses data from its own web crawler to determine which websites are using Google fonts.
- Through each Google Font request, information such as language settings, IP address, browser version, browser screen resolution, and browser name are also automatically transmitted to the Google servers. Whether this data is also stored cannot be clearly determined or is not clearly communicated by Google.
- Google stores requests for CSS assets for one day on its servers, which are mainly located outside the EU. This allows us to use fonts with the help of a Google stylesheet. A stylesheet is a format template that can be used to easily and quickly change the design or font of a website, for example. The font files are stored by Google for one year.