Data Protection

Executive management: Karl Hajek

Data privacy & protection: Roland Rogner
IT services: Franz Neubauer

How to contact them:
privacy@multidata.at
Georg Sigl Straße 14
2384 Breitenfurt
Austria

We process all those personal data which we obtain while doing business with a customer or due to a voluntary registration on our website. In addition, we manage data that we legally obtained via information systems such as Compass or from public sources, such as the trade register, the land register or the register of associations.

The personal data that we store:

• Your personal details (name, address, contact details, date of birth, photo)
• Identification details (e.g. ID details) and authentication data (e.g. signatures)

These data may additionally include the following:

• Order data
• Data from the compliance with our contractual obligations
• Data on financial statuses (creditworthiness)
• Promotion and sales data
• Documentation data (on-site reports, acceptance reports, etc.)
• Registry data
• Images and audio tracks (e.g. from events, photos of contact persons)
• Information from how you used our website Multidata.at (search requests in our help, etc.)
• Processing results obtained by Multidata itself (e.g. the customers serviced by external technicians – cross linking)
• Data required for the compliance with statutory and regulatory requirements (invoicing, employment, etc.)

Legal basis

We process your personal data according to the applicable data protection regulations:

• - According to Article 6, para. 1a GDPR:
  You have given us consent or entered into an active contract with Multidata Software International Vertriebs GmbH
  (e.g. an active registration on www.multidata.at)

• - According to Article 6, para. 1b & 1c GDPR:
  We need to store your data in order to fulfil contractual obligations
  Processing of your data (personal data) is necessary to enable us to first and foremost guarantee the implementation and servicing of our software as well as the processing of orders with partner companies.

• - According to Article 6, para. 1f GDPR:
  Processing is necessary to pursue legitimate interests.

What do we analyse?

Information based on:

• Needs analyses (purchased and used modules)
• Consultancy (new modules and enhancements to existing modules)
• Optimisation of the processes within your company

You are entitled to request and inspect the data that we store for each of the above points at any time.

At Multidata Software International Vertriebs GmbH all those employees have access to your data who need them in order to comply with contractual, statutory and regulatory obligations as well as to pursue legitimate interests. In addition, all those parties who we contract to process your order (especially IT and back office service providers and suppliers) are granted access to your data to the extent that is necessary to fulfil their respective tasks. All these parties are contractually obliged to keep all your data strictly confidential and to exclusively process them for the provision of their services.

We would like to point out in this respect that the data processing sector has always placed utmost importance on the right to data privacy. Since its foundation, Multidata Software International Vertriebs GmbH has taken great care to ensure comprehensive data security.

The following business partners get access to your data

• For hosting: Synaforce, Deutschland
• For customers using MD-Premium.NET FSI: Schmidhuber EDV, Austria
• Upon the purchase of an Oracle product: Oracle International as well as Arrows, Austria (as a distributor)
• Upon the purchase of MD-Premium GEO in combination with a Bing Maps licence: Microsoft
• Upon the purchase of Compass trade register data: Compass, Austria
• When using the book trade interface (VLB/EH2000) data is forwarded to the interface provider
• After RKSV 2017 set-up, we forward your data to Fiskaltrust.at to enable them to render their services.
• Upon implementation of EDI interfaces: TWZ/Winkler (Upper Austria) or Ecosio (Vienna)
• If we develop specialist solutions for and in cooperation with you we request a separate authorisation per e-mail.

For the complete duration of our business relations (from the initial contact and order processing to the termination of a contract) and beyond according to our statutory obligation to preserve and document records. The specific durations depend among others on factors such as the Financial Reporting Act or the retention period for employment contracts.

• Right to transparent processing
• Right to information
• Right to alignment
• Right to erasure
• Right to restriction of processing

We are happy to provide data-related information within the statutory period of four weeks. If we receive an increased number of requests, we reserve the right to a period of grace of up to two months for responding.

According to the law, companies are entitled to levy a freely definable processing charge for repeated requests by the same person. For this reason, we request a processing charge or EUR 140.00 excluding taxes from the third request.

In addition, you need to provide a copy of your photo ID as a proof of identity to enable us to correctly and unambiguously identify you. If such proof of identity/legitimation is not provided, your request may be declined for exactly this reason.

For online support sessions we use the commercial version of RustDesk. Every support session requires your explicit approval, and RustDesk needs to be started manually on your side to enable remote access.

When using a side-by-side tunnel, we have direct data access to your network. In this case, access is controlled by the respective firewalls in Breitenfurt bei Wien (Austria), Groß Gerungs (Austria) and Synaforce (Germany; datacentre).

You need to provide those personal data which are relevant for the initiation and performance of our business agreement and have to be recorded according to the statutory requirements.

IIf you are not prepared to provide the required data, we will have to decline the contract or the execution of the order. In such a case, we will also need to withdraw from an existing contract.

However, you are not obliged to consent to the processing of those data that are irrelevant for the fulfillment of the contract or not required from a legal point of view.

We do not use any automated decision-making according to Art 22 GDPR for entering into or conducting a business relationship.

We use consistent personal master data which allow us to assign one person to several companies. However, no automated profiling is performed based on this data. Thus, the way in which we process personal master data has no effect whatsoever on ongoing business processes.

We use so-called cookies to make our website and our products as user-friendly as possible. These cookies record user behaviour on our website (browsing history, visit duration, search requests, etc.). Cookies are small text files, which enable user identification. You can prevent cookie installation by defining the settings of your browser accordingly.

Through the use of cookies Multidata Software International Vertriebs GmbH obtains statistical evaluation which help us to adjust our web presence to our users' needs.

In order to customise and improve our newsletters, we track them which exclusively serves evaluation and analysis purposes with the date not being forwarded to unauthorised third parties.

You nevertheless have the possibility to object to the tracking and to not use the above mentioned services.

Please not that in case of an objection on your part, we cannot provide the full scope of functionality on our website. By using our website, you agree to the processing of any recorded personal data by us or our service providers.

Multidata Software International Vertriebs GmbH does not forward any personal data to social media service providers.

If you use Skype4Business or a similar program (e.g. LinkedIn, Xing) and provide us with the relevant contact details, we forward these data to our employees and feed them into the relevant solution to enable communication. What is more, we transfer the data via our internal Exchange Server to our employees' mobile phones in order to offer the best and most efficient support services possible. All mobile phones are code-protected.

The privacy of your data is our utmost concern. It is our declared objective to take all the required technical and organisational measure to ensure secure data processing and prevent third parties from gaining access to your personal data.
Our IT infrastructure comprises state-of-the-art data protection, encoding and encryption software and thus corresponds to the highest international security standards.
In addition, we perform a range of risk-minimising and preventive measures to ensure the protection of your personal data.

This website processes the following personal data in a server log file for the purpose of monitoring the technical function and increasing the operational security of the web server on the basis of the legitimate interest of those responsible (technical security measures):

• Page or file accessed
• Time of the server request
• Amount of data sent in bytes
• Browser type / browser version (incl. operating system)
• Referrer URL
• IP-address

The data collected is only used for statistical evaluations and to improve the website. However, the website operator reserves the right to subsequently check the server log files if there are concrete indications of illegal use.

During the development of our products, we always adhere to the following standards:

• Generate modular, reusable and fully customizable code
• Use of state-of-the-art development platforms
• Microsoft .NET
• Oracle
• Node.js
• Angular
• DevExpress / DevExtreme / Ionic
• Use of the MVC pattern
• Use of design patterns such as
• Command
• Observer
• Dependency Injection
• Singletons
• Services
• Factories
• etc.
• Readable code through style guides and formatters
• Prettier, ESLint
• Angular-, Microsoft- and Oracle-guidelines
• Internal guidelines
• Use of state-of-the-art development tools
• Visual Studio
• Visual Studio Code
• Oracle SQL-Developer
• Agile iterative software development
• Use of modern version control system (GitLab)
• Automation of build and deployment processes (CI/CD)
• Separation of different development processes and versioning phases
• Use of automated unit and E2E tests (Jest, Selenium)
• Up-to-date developer documentation

The privacy of your data is our utmost concern. It is our declared objective to take all the required technical and organisational measure to ensure secure data processing and prevent third parties from gaining access to your personal data.
Our IT infrastructure comprises state-of-the-art data protection, encoding and encryption software and thus corresponds to the highest international security standards.
In addition, we perform a range of risk-minimising and preventive measures to ensure the protection of your personal data.