Data Protection Declaration
Basic details about data processing and legal bases
1.1 This data protection declaration will inform you about the nature, scope and purpose of processing personal data, which we record and process in connection with our “online offer”.
1.2 The terms “Online offer” describes all Websites, functions and forms of our company. Also the communication in electronic form (Mail) and data recorded from telephone conversations (Support hotline) are a part of our online offer within the meaning of this data protection declaration.
1.3 This data protection declaration shall apply regardless of the used communication channel, domains, systems, platforms and used terminal devices (Desktop or Mobile).
1.4 The terms used in this data protection declaration (for example: “personal data”, “processing” “processor” etc.) are legally defined in Art. 4 GDPR.
1.5 Within the framework of our online offer we process personal data, which includes customer data (for example: company, company register number, UID number, address, phone number, Email address, contact person, data of affiliated companies), contract data ( software subscriptions, information about support cases ( Caller, Date, Time of the day, description of the support case, completion date, telephone number and Email address of the caller), invoice data ( date of invoice, data required by the tax law) and content data ( details entered on the contact form, emails). Usage data (for example: visited websites of our online offer) normally does not fall under the category “personal data”, especially because our company records those data in pseudonymized form. However, because we can not exclude the possibility that those data can be traced back to a specific person (for example. Via the IP-address), those usage data are also part of this data protection declaration.
1.6 The term “User” includes both natural and legal persons unless a special action can only be done by a natural person. Usually “Users” are business partners, customers, interested persons and other visitors of our online offer. The used terms (for example: business partner) are gender neutral and refer to both, men and women.
1.7 We process the User´s personal data in compliance with the data protection regulation. This means that the data will only be processed if a legal permission has been granted. A legal permission is granted when the processing of data is necessary in order to fulfill the obligations of the contract (for example: processing an order, access). The data will be processed to the extent that is necessary and legally permitted. In addition, we are only allowed to process the data if the User gives his permission or if we have a “justified interest” in processing the data. Also, in this case it is only allowed to process personal data within the framework of the legal requirements. A “justified interest” exists if we use the User´s data for analysis, optimization, the economical operation and for the security of our online offer within the meaning of Art. 6 Para. 1 lit. f GDPR.
1.8 We would like to point out that the legal base of the permission is Art. 6 Para. 1 lit. a and Art. 7 GDPR, the legal base of processing for the purpose of carrying out our services and implement our contractual measures is Art. 6 Para. 1 lit b. GDPR, the legal base of processing for the purpose of meeting our legal obligations is Art. 6 Para. 1 lit. c GDPR and the legal base of processing for the purpose of guarding our justified interests is Art. 6 Para. 1 lit. f GDPR.
1.9 Snapshot is a group of companies within the meaning of Art. 4 Z 19 GDPR. The User gives permission for the processing of his data by Snapshot and by Snapshot´s subsidiaries. The following companies are subsidiaries:
SnapShot Deutschland GmbH, Kurfürstendamm 212, 10719 Berlin, Germany,
Snapshot Poland Sp. Z.o.o., ul Chrzowska 148, 40-10 Katowice, Poland,
Snapshot USA Inc., 9 East Lockerman Street, Dover, Delaware 19901, EIN 37-1840170
2.1 We take organizational, contractual and technical security measures in accordance with the state of art, to ensure that the provisions of the data protection laws are complied with and to protect the processed data against accidental or deliberated manipulation, loss, destruction or access by unauthorized persons.
2.2 Our security measures include encrypted transmission of the data between your Web browser and our server as well as the protection of our corporate networks against manipulation .
Transmission of Data to third parties and third-party providers
3.1 Data will only transmitted to third parties if the User authorizes it separately or if the transmission is legally permitted. The transmission of data on the basis of Art. 6 Para. 1 lit. b GDPR ( if the transmission is required for the contractual purpose) or Art. 6 Para. 1 lit. f GDPR ( justified interest) is legally permitted.
3.2 If we engage subcontractors to provide services, we will take appropriate legal precautions as well as organizational and technical measures to ensure the security of the personal data in accordance with the relevant statutory regulations.
3.3 If we use contents, tools or other equipment of third-party providers and if those third-party providers are located in a third country, it can be assumed that we transmit the data to the location of the third-party provider (Third country). Third countries are countries in which the GDPR is no applicable law (Countries outside of the EU / EEA). The User herby grants Snapshot his expressed agreement to transmit data to third countries within the framework of GDPR.
4.1 We process the data, described in Point 1.5 for the purpose of fulfilling our contractual obligations and services in accordance with Art. 6 Para. 1 lit. b. GDPR.
4.2 We create a user account for all our corporate customers in the Marketplace. Those employees (actual user), who have the access data, can place new orders, manage subscriptions and see previous orders via this user account. The user will be informed which information are mandatory during the registration. The User accounts are not public and cannot be indexed by search engines. If a User terminates the user account of his company, all data, which are connected to this user account, will be deleted. Exceptions are made for those data which have to be stored due to tax-based reasons or the commercial law (Art. 6 Para 1lit. c GDPR). It is the responsibility of the User to save those business data before the contract ends. The User, as representative of the business customer, notes that we are obligated and entitled to delete all data collected during the duration of the contract, after the end of the contractual relationship.
4.3 We save the IP-address and user name within in the framework of login operations. Those data are stored in order to protect the system against misuse and unauthorized usage. Those data will not be transferred to third parties unless it is necessary in order to pursue our claims or there is a legal obligation pursuant to Art. 6 Para. 1 lit. c GDPR.
4.4Our business customers are able to purchase applications from third-party providers via the Marketplace. Our customers can conclude Contracts with those third-party providers and manage those contracts via the Marketplace. The User acts as the official representative of the business customer. The User, as the official representative of the business customer, gives us permission to transfer his data to third-party providers (for the purpose of fulfilling the contract pursuant to Art.6 Para. 1 lit. b GDPR) if he concludes a contract with this third-party provider via the Marketplace.
The information, provided by the User when contacting us (contact form, phone or Email), will be processed for the purpose of processing and handling the contact request (Art. 6 Para. 1 lit. b GDPR).
Collection of access data and Logfiles
6.1 We create and store log files pursuant to Art. 6. Para. 1 lit f GDPR. Those log files contain the following data: URL of the visited Website, Date and time of access, Data volume transferred, Technical information about the transferred data, Browser type and version, Operating system of the User, the website the user was referred from (Referrer URL), and the IP- address. The Login process will also be recorded (successful login, incorrect password etc.)
6.2 Due to security reasons (clearing up fraud and misuse), those logfile-information will be stored for a minimal required time period and will be deleted thereafter. Those logfile-information, which are necessary for evidentiary purposes, will be excepted from deletion until the misuse or fraud is investigated.
Cookies and measurement of reach
7.1 Cookies are information, which are transferred from our web server or a web server of a third party to the User´s Browser, where they are saved for later retrieval. Cookies can be small data files or other types of information storage.
7.2 We use “Sessions”. Those Sessions are stored on our servers for the duration of the current visit on our Website (for example: to save the login-status or shopping cart function and to make it possible to use our online offer). A randomly produces unique identification number is stored in the Cookie (in the browser of the user to be able to pair the user and the Session). This number is also called Session ID. The Session also contains Information about it´s origin and how long it may be stored. Those Sessions store only data required for the Marketplace to work properly.
7.4 If the User does not want cookies to be stored on his computer, he can deactivate the relevant option in the system setting of his browser. Stored cookies can be deleted in the system settings of the browser at any time. The deactivation of cookies is going to cause functional limitations of the Marketplace.
Integration of services and contents of third-parties
8.1 Within our online offer we use services and contents of third-parties based on our justified interests (interest in data for analysis, optimization and the economical operation of our online offer within the meaning of Art. 6 Para. 1 lit. f GDPR). We integrate those services and contents ( Videos or fonts) into our website. In order to successfully integrate those services and contents into our website, we have to send the IP-address of the user to the third-party provider otherwise the third-party provider will not be able to transmit those services and contents to the browser of the User. We assess the compliance of the third-party provider with the GDPR. In regards of the data protection declaration we refer to the declaration of the respective provider.
8.2 The following table provides an overview of third-party providers (Content, links to the respective data protection declaration and to the appeal procedure for the user) engaged by us:
•Hubspot, Hubspot Inc. 25 First Street, 2nd Floor Cambridge, MA 02141 United States, https://legal.hubspot.com/privacy-policy
External processing of data
9.1 We engage the following providers for storing and processing personal data. The processing and storage of user data and business customer data is performed in compliance with the legal requirements. The list can be find at www.snapshot.travel/list_of_vendors
Rights of the Users
10.1 The user has the right to obtain information, upon request and free of charge, about the personal information which we have saved about the respective user. For this purpose, please contact our data protection officer by email
10.2 The user has the right to obtain deletion, correction and the limitation of data usage of the personal data of the respective user.
10.3 We inform the user about his right of data portability.
10.4 The user has the right to contact our data protection officer if he assumes that the personal data is processed unlawful. The user notes that he is entitled to submit a complaint to the supervisory authorities. Pursuant to Art. 4 Para. 22 lit. a GDPR, the competent supervisory authority is :
Datenschutzbehörde der Republik Österreich
10.5 The user notes that he is entitled to revoke his consents to personal data processing at any time (point 12).
Deletion of data
11.1. Personal data will be stored for the duration which is legally prescribed. The stored data will be deleted as soon as they are no longer required for special purposes. If personal data has to be stored due to statutory storage obligations, we will restrict the access to those category of persons who have to have access to the data pursuant to the respective legal obligation (for example: invoice data, category of persons: employees of the accounting department).
11.2. In accordance with the legal provisions the data will be stored for 7 years ( § 132 Para. 1 Austrian Fiscal Code (BAO), § 190, § 212 Austrian Commercial Code (UGB), § 18 Para. 2 Austrian Law on turnover tax (UStG))
Right of objection
In accordance with the legal regulations the user is entitled to revoke his consents to personal data processing at any time. The user can object to the processing of data for the purpose of direct marketing.
Changes to the Data Protection Declaration
13.1 We reserve the right to change the data protection declaration in order to adjust it to changes in legal situation and to changes to our services or processing.
13.2 We recommend to our users to regularly inform themselves about the current content of the data protection declaration. The current version of the data protection declaration is available at www.snapshot.travel/data-protection-declaration
Company Register Number
Landesgericht Salzburg, FN 391108i