Privacy Policy

As of: June 2025

DABIS GmbH is pleased to welcome you to our website (https://dabis.eu) and to your interest in our company and our products.

DABIS is an independent software development company from Austria and has been a leading provider of innovative software solutions for libraries, archives, and documentation centers in Central Europe for over 35 years. We support our customers from the implementation of our products throughout the entire duration of a maintenance contract to specific project inquiries as well as training and further education. We manage projects of all sizes, from traditional libraries and collections to archives, media libraries, documentation centers, and special libraries, in both the private and public sectors. Our corporate culture is characterized by competence, innovation, and respect, both internally and externally.

The protection and security of your personal data is an important concern for us, as is ensuring that you are informed about which personal data we collect when using our services and for what purposes we process this data.

Purposes and legal bases of data processing

Personal data is only processed by us when you contact us in the context of a request. You can contact us via a contact form or by email. By making your request, you voluntarily provide us with your data.

We need your data to receive and process your respective request, and we process the data that you have provided to us. Without this data, we cannot process your request.

You also have the option to apply to our company via email. We process your application data to handle your application.

We process your personal data based on the following legal grounds:

Consent according to Art. 6 para. 1 lit. a GDPR
Fulfillment of a contract according to Art. 6 para. 1 lit. b GDPR
Our legitimate interests according to Art. 6 para. 1 lit. f GDPR, particularly in the proper functioning of our website as well as the transactions conducted through it, processing of inquiries and applications.

If the processing of your personal data is based on your consent according to Art. 6 para. 1 lit. a GDPR, you can revoke your consent at any time. The legality of the processing based on the consent remains unaffected until the revocation.

Categories of personal data

In the context of a request, we process the following categories of personal data, depending on the type of request: institution/library name, contact person (first name, last name, title), email address, phone numbers, content data of the request/message, feedback preference, and any other data you provide to us in the context of your request.

In the event that you apply for a job with us, we process the following categories of personal data: email address, first name, last name, title, address details, phone numbers, contents of the application (cover letter, resume), previous work experience, and any other personal data you provide to us in the course of the inquiry.

Disclosure to third parties

We use service providers from Austria and Hungary who process data on our behalf. In these cases, information is shared with these external service providers to ensure smooth processing. We carefully select these service providers and regularly review them to ensure that your personal data is protected.

These service providers are bound by instructions and are processors who are obligated to process your data solely in accordance with our instructions and applicable data protection regulations. They are particularly required to treat your data as strictly confidential and not to use it for any purposes other than those agreed upon. The transfer of data to processors is based on Art. 28 GDPR.

We do not sell your data to third parties or market it in any other way. Without your explicit consent, your personal data will only be forwarded to law enforcement authorities and, if applicable, to affected third parties when this is necessary to clarify unlawful use of our services or for legal prosecution. This only occurs when there are concrete indications of unlawful or abusive behavior. Data may also be shared if this is necessary to enforce terms of use or other agreements. Additionally, we are legally obligated to provide information to certain public authorities upon request, such as law enforcement agencies, authorities for the prosecution of administrative offenses, and tax authorities.

The sharing of this data is based on our legitimate interest in combating abuse, prosecuting crimes, and securing, asserting, and enforcing claims, provided that your rights and interests in the protection of your personal data do not outweigh this according to Art. 6 para. 1 lit. f GDPR.

Data transfer to third countries

We do not transfer any data to third countries.

Should this become necessary in the future, the corresponding legal requirements will be established. In particular, you will be informed in accordance with legal requirements about the respective recipients or categories of recipients.

Data security

DABIS GmbH employs technical and organizational security measures that meet current standards to protect the data entrusted to us from accidental or intentional manipulation, loss, destruction, or unauthorized access. This also applies when external services are utilized. The effectiveness of our security measures is regularly reviewed and continuously adapted to technological developments. Personal data is always transmitted in an encrypted form when entered.

Cookies

Our website does not process any cookies.

Links and Presences in Social Networks

We maintain online presences within social networks and process user data in this context to communicate with users active there or to provide information about us.

We would like to point out that user data may be processed outside the European Union. This may pose risks for users, as it could make the enforcement of user rights more difficult.

Furthermore, user data within social networks is usually processed for market research and advertising purposes. For example, usage profiles can be created based on user behavior and the resulting interests. These profiles may then be used to display advertisements both within and outside the networks that presumably match the users' interests. Therefore, cookies are typically stored on users' computers, which record their usage behavior and interests. Additionally, data may also be stored in the usage profiles independently of the devices used by the users (especially if they are members of the respective platforms and logged in there).

For a detailed presentation of the respective processing forms and the options for objection (opt-out), we refer to the privacy policies and information provided by the operators of the respective networks.

In the case of inquiries and the assertion of rights of the affected individuals, we would like to point out that these can be most effectively asserted with the providers. Only they have access to the user data and can directly take appropriate measures and provide information. If you still need assistance, you can contact us.

Instagram:Social network that allows sharing of photos and videos, commenting and favoriting posts, sending messages, and subscribing to profiles and pages;
- Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland;
- Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR);
- Website: https://www.instagram.com;
- Privacy Policy: https://privacycenter.instagram.com/policy/.
- Basis for transfers to third countries: Data Privacy Framework (DPF).
Facebook Pages: Profiles within the social network Facebook - We are jointly responsible with Meta Platforms Ireland Limited for the collection (but not the further processing) of data from visitors to our Facebook page (so-called "Fanpage"). This data includes information about the types of content that users view or interact with, or actions they take (see under "Things you and others have done and provided" in the Facebook Data Policy:https://www.facebook.com/privacy/policy/), as well as information about the devices used by the users (e.g., IP addresses, operating system, browser type, language settings, cookie data; see under "Device Information" in the Facebook Data Policy:https://www.facebook.com/privacy/policy/). As explained in the Facebook Data Policy under "How do we use this information?", Facebook also collects and uses information to provide analytics services, so-called "Page Insights", for page operators, so they can gain insights into how people interact with their pages and the content associated with them.
We have entered into a special agreement with Facebook ("Information on Page Insights", https://www.facebook.com/legal/terms/page_controller_addendum), which specifically regulates what security measures Facebook must observe and in which Facebook has agreed to fulfill the rights of the affected individuals (i.e., users can, for example, direct inquiries or deletion requests directly to Facebook). The rights of users (especially the right to information, deletion, objection, and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the "Information on Page Insights" (https://www.facebook.com/legal/terms/information_about_page_insights_data). Joint responsibility is limited to the collection and transmission of data to Meta Platforms Ireland Limited, a company based in the EU. The further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, particularly regarding the transmission of data to the parent company Meta Platforms, Inc. in the USA;
- Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland;
- Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR);
- Website: https://www.facebook.com;
- Privacy policy: https://www.facebook.com/privacy/policy/.
- Basis for third country transfers: Data Privacy Framework (DPF).
LinkedIn:Social network - We are jointly responsible with LinkedIn Ireland Unlimited Company for the collection (but not further processing) of visitor data that is created for the purpose of generating "Page Insights" (statistics) for our LinkedIn profiles. This data includes information about the types of content that users view or interact with, or actions they take, as well as information about the devices used by the users (e.g., IP addresses, operating system, browser type, language settings, cookie data) and details from the users' profiles, such as job function, country, industry, hierarchy level, company size, and employment status. Privacy information regarding the processing of user data by LinkedIn can be found in LinkedIn's privacy notices:https://www.linkedin.com/legal/privacy-policyWe have entered into a special agreement with LinkedIn Ireland ("Page Insights Joint Controller Addendum (the 'Addendum')"),https://legal.linkedin.com/pages-joint-controller-addendum), which specifically regulates the security measures that LinkedIn must observe and in which LinkedIn has agreed to fulfill the rights of the affected individuals (i.e., users can, for example, direct inquiries or deletion requests directly to LinkedIn). The rights of users (especially the right to information, deletion, objection, and complaint to the competent supervisory authority) are not restricted by the agreements with LinkedIn. The joint responsibility is limited to the collection of data by and the transmission to the Ireland Unlimited Company, a company based in the EU. The further processing of the data is solely the responsibility of the Ireland Unlimited Company, particularly concerning the transmission of the data to the parent company LinkedIn Corporation in the USA;
- Dienstanbieter:LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland;
- Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR);
- Website: https://www.linkedin.com;
- Privacy policy: https://www.linkedin.com/legal/privacy-policy;
- Basis for third country transfers: Data Privacy Framework (DPF).
- Right to object (Opt-Out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
XING:Professional network for maintaining business contacts, publishing company profiles, and career opportunities. We are jointly responsible with New Work SE for the collection (but not further processing) of data from visitors to our XING profile. The collected data includes, among other things, interactions with our content, visit times, device information (e.g., IP address, operating system, browser type), as well as publicly available profile data of users. More information on the processing of personal data by XING can be found in the
- Service provider: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany;
- Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
- Privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.
YouTube:Social network and video platform;
- Service provider:Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland;
- Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR);
- Privacy policy: https://policies.google.com/privacy;
- Basis for third country transfers: Data Privacy Framework (DPF).
- Right to object (Opt-Out): https://myadcenter.google.com/personalizationoff.
- YouTube videos on the DABIS website:
  Our website includes videos from the YouTube platform. The integration is done in enhanced privacy mode. A connection to YouTube's servers is only established when the video is played. The YouTube server is informed about which of our pages you have visited.
- If you are logged into your YouTube account, you allow YouTube to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.

Our website uses buttons that create a link to the aforementioned social networks when clicked.

The buttons are marked with the logo of the respective social network. They are buttons with embedded links. These buttons must be activated by you with a click. As long as the buttons are not clicked, no data is transmitted to the social networks. Only when you click the buttons and thereby declare your consent to communicate with the servers of the social network do the buttons become active and the connection is established.

After clicking, the button functions like a so-called share plugin. It provides the social network with information about the page you visited, which you can then share with your contacts in your social network. To share, you must be logged into your social network. If you are not logged in, you will be directed to the login page of the clicked social network. If you are logged in, the information will be transmitted that you would like to recommend the respective article.

By activating the button, social networks receive information about whether and when you accessed the corresponding page of our website. This may also include your IP address, details about the browser used, and language settings. When you click the button, your click is transmitted to the social network and processed there according to the network's data usage policies.

We have no influence over the type and extent of the data that the social network collects using the buttons. We are also not responsible for this data processing and therefore do not qualify as a data controller under the GDPR. We are also not aware of all the details of data collection, its legal basis, purposes, and retention periods. Therefore, the information provided here may not be complete.

The transmission of data occurs regardless of whether you actually have an account with the provider or are logged in there. If you are logged in with the provider, your data will be directly associated with your account. The provider may also use cookies on your computer to track your behavior.

To our knowledge, the provider stores this data in usage profiles, which it uses for advertising, market research, and/or tailored design of its website. Such evaluation also takes place for non-logged-in users to display targeted advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. To exercise this right, please contact the respective provider.

For information on the purpose and scope of data collection, as well as the further processing and use of the data by the respective social network and your rights and options for protecting your privacy, please read the privacy policy of the corresponding provider (links to this can be found above).

If you do not want the social network to receive data about you, you must not click the button.

Event Registration

When you register for an event via our online form, we process the personal data you provide (e.g., salutation, name, email address, institution, type of participation, and content interests). The processing is based on your voluntary consent in accordance with Art. 6 para. 1 lit. a GDPR.

The data will be used solely for the purpose of organizing, conducting, and following up on the respective event. Disclosure to third parties only occurs if this is necessary for the execution of the event (e.g., to technical service providers for the livestream).

The data will be deleted after the event has concluded and the statutory retention periods have expired, unless you have consented to further use (e.g., for invitations to follow-up events or newsletters).

You have the right to withdraw your consent at any time with effect for the future.

Retention and Data Storage

We retain your personal data in accordance with legal retention obligations and store your personal data for as long as necessary for the stated purposes. After these periods have expired, the relevant data will be routinely deleted. Data that is not affected by this will be deleted or anonymized as soon as the purposes for which it was collected under this privacy policy no longer apply.

Your rights in connection with the processing of your personal data

Right of access (Art. 15 GDPR): You have the right to request information from us about the processing of your personal data.
Right to rectification (Art. 16 GDPR): You have the right to request the correction of your personal data from us if it is incorrect.
Right to erasure (Art. 17 GDPR): You have the right to have your personal data erased when the legal requirements are met. This is the case, among other things, when the personal data is no longer necessary for the purposes for which it was collected, you have withdrawn your consent, and there is no other legal basis for processing, or when you object to the processing.
Right to restriction of processing (Art. 18 GDPR): You have the right to restrict processing if the conditions are met.
Right to data portability (Art. 20 GDPR): You have the right to data portability. This means that you can receive the data concerning you that you have provided to us in a commonly used, structured, and machine-readable format.
Right to object (Art. 21 GDPR): You have the right to object at any time to the processing of your personal data that is carried out based on Art. 6 para. 1 lit. e or f GDPR for reasons relating to your particular situation.

Assertion of your rights

You can assert your rights as a data subject as well as the withdrawal of any consent given to the controller using the contact details provided.

Right to lodge a complaint with the supervisory authority

If you believe that the processing of your personal data by us violates data protection laws, you have the right to lodge a complaint with the supervisory authority responsible for us.

The competent supervisory authority in Austria is:

Austrian Data Protection Authority

Wickenburggasse 8, 1080 Vienna

Phone: +43 1 52 152-0

E-Mail: dsb@dsb.gv.at

Contact information for the data controller

DABIS GmbH

Heiligenstaedter Strasse 213, 1190 Vienna, Austria

Phone: +43 1 318 9777

E-Mail: webmaster@dabis.eu