Privacy Policy

This Privacy Notice provides information about the nature, scope and purpose of the processing of personal data (hereinafter abbreviated to “data”) in connection with our online services and the affiliated web pages, functions and content as well as external online services such as our social media profiles. (hereinafter jointly referred to as “online services”). As regards the terms used, e. g. “personal data” or their “processing”, please refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Controller:
Name/co: AustroCel Hallein GmbH
Street: Salzachtalstraße 88
P.O. Box 62, Postcode, city, country: 5400 Hallein – Austria Commercial
register no.: Salzburg Commercial Court, 184407m
Managing director: Dipl.-Ing. (FH) Jörg Harbring
Phone number: +43 (0) 6245 890-0
Email: office@austrocel.com

Data protection officer:
Name: Ing. Walter Kogler
T: +43 6245 890 320
M: +43 664 6208 320
Email: walter.kogler@austrocel.com

Types of Processed Data:

  • Inventory data (e. g. names, addresses)
  • Contact data (e. g. email, phone numbers)
  • Usage data (e.g. visited web pages, interest in contents, access times)
  • Meta-/communication data (e.g. device information, IP addresses)Processing of special categories of personal data (Art. 9, para. 1 GDPR):

No special categories of data are processed. Categories of data subjects affected by the processing:

  • Customers / interested parties / suppliers
  • Visitors and users of the online services

 

1 Purpose of the processing:

  • Provision of the online offer, its functions and contents.
  • Replying to contact requests and communication with users.
  • Marketing, advertising and market research

Version: 13/11/2019

  1. Applicable legal bases In accordance with Art. 13 GDPR, we hereby inform you about the legal bases of our data processing activities. If the legal basis is not mentioned in the Privacy Policy, the following applies: The legal basis for obtaining consent is Art. 6 (1) Point a and Art. 7 GDPR; the legal basis for the processing of data to provide our services and implement contractual measures as well as replying to requests is Art. 6 (1) Point b GDPR; the legal basis for the processing of data to comply with our legal obligations is Art. 6 (1) Point c GDPR; and the legal basis for the processing of data to protect our legitimate interests is Art. 6 (1) Point f GDPR. If processing is necessary to protect the vital interests of the data subject or another natural person, Art. 6 (1) Point d GDPR serves as the legal basis.
  2. Changes to and updates of the privacy policy We kindly request you to refer to the content of our privacy policy on a regular basis. We will modify the privacy policy whenever this is required due to changes in our data processing methods. We will inform you if we need your cooperation (e.g. consent) to implement the modifications or if any other individual notification becomes necessary.
  3. Security measures
    – In accordance with Art. 32, GDPR and taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk; the measures shall include, in particular, ensuring the ongoing confidentiality, integrity and availability of the data by controlling the physical and digital access to the data and their use, input, disclosure, availability and separation. In addition, we have put procedures in place that ensure compliance with the rights of data subjects, the erasure of data and a reaction to hazards to data security. Furthermore, we take the protection of personal data into account during the initial development and/or the selection of hardware, software and procedures in accordance with the principle of data protection by design and by default (Art. 25, GDPR).
    – The safety measures include in particular the encrypted transfer of data between your browser and our server. Cooperation with processors and third partieso If we disclose or transfer or make available any data to other persons and companies (processors or third parties) during processing, this will only occur based on statutory permission (e.g. if a transfer of data to third parties such as payment service providers is required for the performance of a contract in accordance with Art. 6 Par. 1 (b) GDPR), your consent, a legal obligation that requires it or our legitimate interests (e.g. if an agent, webhosting provider, etc. is used).
    – If we commission third parties with the processing of data in the context of a so-called “data processing agreement”, this will occur based on Art. 28 GDPR.
  4. Transfer to third countries If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or data is processed due to the use of third-party services or disclosure and/or transfer of data to third parties, this only occurs to fulfil our (pre)contractual obligations, based on your consent, due to a legal obligation or based on our legitimate interests. Subject to any legal or contractual authorisations, we only process data or have data processed in a third country if the special preconditions of Art. 44 et seq. GDPR apply. I. e. the processing is based on special guarantees such as the officially recognised assessment that the level of data protection corresponds to that of the EU (e. g. “Privacy Shield” in the US) or in compliance with officially recognised special contractual commitments (referred to as “standard contractual clauses”).
  5. Rights of the data subjects
    – You have the right to obtain confirmation as to whether or not personal data concerning you are being processed and access to these data as well as further information and a copy of the data in accordance with Art. 15 GDPR.o According to Art. 16 GDPR, you have the right to request the completion or the rectification of inaccurate personal data concerning you.
    – According to Art. 17 GDPR, you have the right to erasure of personal data without undue delay. Alternatively, you have the right to obtain a restriction of processing of the data according to Art. 18 GDPR.
    – According to Art. 20 GDPR, you have the right to receive the personal data concerning you which you have provided to us and to have them transmitted to other controllers.
    – Furthermore, you have the right to lodge a complaint with the competent supervisory authority pursuant to Art. 77 GDPR
  6. Right of withdrawal You have the right to withdraw your consent with effect for the future in accordance with Art. 7 (3) GDPR.
  7. Right to object You have the right to object to the future processing of the personal data concerning you at any time according to Art. 21 GDPR. The right to object refers, in particular, to the processing for direct marketing purposes.
  8. Cookies and the right to object to direct marketing We use temporary and permanent cookies, i. e. small files which are saved on the users’ devices (for an explanation of the term and function, please refer to the final section of this privacy policy). In part, the cookies are intended to ensure security or are required for the functionality of our online services (e. g. displaying of the website) or to save the user’s decision regarding the confirmation of the cookie banner. In addition, we or our technology partners use cookies for coverage measurement and marketing purposes. In this privacy policy, the users are informed accordingly. A general objection to the use of cookies for online marketing purposes is possible with a number of services, in particular regarding tracking, via the American website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, the saving of cookies can be prevented by disabling cookies in the browser settings. Please note that in this case, it may no longer be possible to use all functions of these online services.
  9. Erasure of data
    – The data which are processed by us are erased or their processing will be restricted in compliance with Art. 17 and 18 GDPR. Unless expressly stated in this Privacy Policy, the data we have saved will be erased as soon as they are no longer required for their purpose and the erasure does not conflict with any legal obligation to preserve records. If the data are not erased, since they are required for other purposes which are permitted by law, their processing will be restricted. I. e. the data is blocked and not processed for any other purposes. This applies e.g. to data which has to be preserved due to commercial law or tax law.
    – According to statutory provisions, data are retained in particular for 7 years as per sec. 132 para. 1 BAO [Austrian federal fiscal code] (accounting documents, receipts/bills, accounts, receipts, business documents, list of income and expenditure, etc.), for 22 years in connection with property and for 10 years in connection with electronically provided services, telecommunication, broadcasting and television services which are provided to nonentrepreneurs in EU member states and for which the Mini- One-Stop-Shop (MOSS) can be used.
  10. Contacting
    – If you contact us (via contact form or email), the user information shall be processed for the purpose of handling the contact request in accordance with Art. 6, para. 1 (b) GDPR.
    -User information can be saved in our customer relationship management system (“CRM system”) or a comparable query organisation system.
  11. Online presence in social media
    – We have an online presence in social networks and platforms to communicate with customers, interested parties and users who are active there and to be able to inform them about our services. Regarding the use of these networks and platforms, the relevant operator’s terms and conditions as well as their data processing regulations apply.
    – Unless otherwise indicated in our privacy policy, we shall process the data of users if they communicate with us via social networks and platforms, e. g. write contributions in our online presence or send us messages.
  12. Cookies & coverage measurement
    – Cookies are information which is transmitted to the users’ web browsers by our web server or the web servers of third parties and is stored there for later access. Cookies may be small files or other types of stored information.
    – We use “session cookies” which are only stored for the duration of the current visit to our online presence (e. g. to save your log-in status or the shopping cart function, i. e. to make the use of our online service possible). In a session cookie, a randomly generated unique identification number is stored which is referred to as session ID. In addition, a cookie contains information on its origin and storage period. These cookies are not able to store any other data. Session cookies will be erased as soon as you have finished using our online services and e. g. log off or close the browser.
    – The users shall be informed in the present privacy policy about the use of cookies within the scope of pseudonymous coverage measurement.
    – If users do not wish to have cookies stored on their computer, they are asked to disable the relevant option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The disabling of cookies may lead to restrictions regarding the functionality of the online services.
    – You can object to the use of cookies for coverage measurement and marketing purposes via the deactivation page of the network advertising initiative (http://optout.networkadvertising.org/) and also the US web page (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
  13. Use of third-party services and content
    – As part of our online services, we use content or services which are provided by third parties to embed their content and services such as videos or fonts (hereinafter uniformly referred to as “content”) based on our legitimate interests (i. e. interest in the analysis, optimisation and economical operation of our online services in accordance with Art. 6(1) point (f) GDPR). As a prerequisite, the third-party providers of this content need to know the user’s IP address since they would otherwise not be able to send the content to the user’s browser. The IP address is therefore required to display such content. We will attempt to only use content whose provider uses the IP address for the delivery of the content only. Furthermore, third parties can use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. With the “pixel tags”, information such as the visitor traffic on the pages of this website can be analysed. The pseudonymous information can also be saved as cookies on the user’s device; among other data, they may contain technical information on the browser and operating system, referring web pages, access time and other information on the use of our online services and it can be linked to such information from other sources.
    – The following list provides an overview of third-party providers and their content including links to their Privacy Notices which contain further information on the processing of data and options to object (referred to as opt out), some of which have already been mentioned here: External fonts by Google, LLC., https://www.google.com/fonts (“Google Fonts”). Google Fonts are embedded by a server call at Google (usually in the USA). Privacy Notice: https://policies.google.com/privacy, opt out: https://adssettings.google.com/authenticated.

 

Hosting

Host Europe GmbH
Our website is hosted by our processor Host Europe, Host Europe GmbH, Hansestrasse 111, 51149 Köln, Germany.

Connection data are processed to provide and to deliver the website. Data are not stored beyond access for the mere purpose of delivery and provision of the website.

The legal basis of processing is the legitimate interest (absolute technical necessity to provide and to deliver the “website” service which you have explicitly requested by visiting the website according to Article 6 (1) (f) GDPR.

Connection data and other personal data are also processed in connection with various other functions or services in order to operate the website. Detailed information is provided in this Data Privacy Statement and in the individual functions or services.

Server Log Files
Connection data are processed to monitor the technical function and to increase the reliability of our webhost. The duration of processing is limited to 7 days.

The legal basis of processing is the legitimate interest (absolute technical necessity of a server log file as fundamental data basis for failure analysis and for security measures in connection with the “website” service which you have explicitly requested by visiting the website) according to Art. 6 (1) (f) GDPR.

 

Security Services

On this website we use the offer of security service providers such as Captcha services to avoid non-human and automated input.

Google reCAPTCHA
If you give your consent, we will process your personal data in cooperation with the service Google reCaptcha, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland as joint controllers for the purpose of avoidance of non human and automatized inputs. We will enable the service to set third party cookies, to collect connection data and data of your web browser. Furthermore we enable the service to build a personal user-ID to conclusively identify the user within the scope of the advertising network operated by Google. The data will be stored on your device for up to two years.

The legal basis of processing is your consent according to Article 6 (1) (a) GDPR. A failure to give consent will have the effect of not being able to use reCaptcha or the connected forms.

You can revoke your consent by changing the settings at Privacy settings.

The Google group transfers your personal data to the USA. The legal basis for data transfer to the USA is your consent in accordance with Art. 49 Para. 1 a in conjunction with Art. 6 Para. 1 a GDPR. Before you gave your consent, you were informed that the USA does not have a data protection level that complies with EU standards. In particular, US intelligence agencies can access your data without being informed about it and without you being able to take legal action against it. For this reason, the European Court of Justice ruled in a judgment that the previous adequacy decision (Privacy Shield) was invalid.

 

Analysis Services

Google Analytics
If you give your consent, we will process your personal data in cooperation with the service Google Analytics, Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA, as joint controllers for the purpose of failure analysis and statistical analysis of our website. A failure to give consent will have no immediate impact on the function of the website, although a lack of statistic data will make it more difficult for us to sophisticate the website.

You can revoke your consent by changing the settings at Privacy settings.

We will enable the service to collect connection data, data of your web browser and data of accessed content and to execute analysis software and to store data on your terminal device. The service anonymizes collected data immediately after such data were collected and provides us with statistics for analysis containing anonymous data. We use these statistics for failure analysis and for the sophistication of our website. Data on your terminal device are kept for up to two years.

The legal basis of processing is your consent according to Article 6 (1) (a) GDPR. The Google group transfers your personal data to the USA. The legal basis for data transfer to the USA is your consent in accordance with Art. 49 Para. 1 a in conjunction with Art. 6 Para. 1 a GDPR. Before you gave your consent, you were informed that the USA does not have a data protection level that complies with EU standards. In particular, US intelligence agencies can access your data without being informed about it and without you being able to take legal action against it. For this reason, the European Court of Justice ruled in a judgment that the previous adequacy decision (Privacy Shield) was invalid.