Data protection
Privacy policy
Data protection declaration in accordance with Art. 13, 14 GDPR – fulfillment of information obligations
Thank you for visiting our website. We attach great importance to the protection of your data and inform you here in detail about the extent to which your data is processed when you visit our website.
All personal designations always refer to all genders. The use of the masculine form is for ease of reading only.
The controller pursuant to Art. 4 (7) of the EU General Data Protection Regulation (GDPR) is
Saubermacher Outsourcing GmbH
Hans-Roth-Straße 1
8073 Feldkirchen bei Graz
Tel: +43 59800 7000
E-Mail: outsourcing@saubermacher.at
The company has appointed a data protection officer. Birgit von Maurnböck, VMCON OG, Opernring 2, 8010 Graz can be reached at: datenschutz@saubermacher.at
2.1 Data processing in accordance with Art. 13 GDPR
We process the data that various people provide to us through their own information, for example in the context of an inquiry by e-mail, for the initiation and conclusion of a contract or a business relationship.
2.2 Data processing in accordance with Art. 14 GDPR
In addition, we process data of persons who may be part of a contractual relationship, which we have legitimately received in the context of information from third parties (e.g. managing directors provide us with the data of their employees).
2.3 Persons concerned
We process the following data from interested parties: Company, name of contact person and professional contact and address data.
We process the following customer data: Company, title and names of contact persons, professional address data and contact details, bank details, contract data.
We collect the following data from suppliers and business partners: Company, title and names of contact persons, professional address data and contact details, bank details, contract data.
2.4 Forwarding of data
We only pass on personal data to third parties if this is necessary for the purpose of contract processing and fulfillment or due to legal regulations.
2.5 Storage/deletion of data
Expiry of contractual obligations: If there are contractual provisions that stipulate how long personal data must be stored, the controller shall ensure that these deadlines are met. As soon as these periods have expired, the data will be deleted or anonymized by the controller.
Withdrawal of consent: If a person withdraws their consent to the processing of their personal data, the controller erases this data unless there is another legal basis for the processing.
Expiry of legal obligations: In some cases, there may be exceptions that not only allow but even oblige the controller to continue to retain personal data even after the expiry of contractual deadlines or after consent has been withdrawn. This may be the case if there are statutory deadlines that require the retention of personal data for a defined period of time, such as the retention of tax or accounting records. Once these statutory periods have expired, the controller also ensures that the data is anonymized or deleted.
2.6 Contact by e-mail
When you contact us by e-mail, the data you provide will be stored by us on the basis of your consent in order to answer your questions. We delete the data arising in this context after processing is no longer necessary, or restrict processing if there are statutory retention obligations.
2.7 Publication of the names of authors
We are legally obliged to disclose the names of the authors of image data (photos or videos) each time image data is published. We automatically delete this personal data as soon as we stop using the image data.
2.8 Legal basis
The legal basis for data processing is
contract initiation and fulfillment pursuant to Art. 6 para. 1 lit. b GDPR.
legal obligations pursuant to Art. 6 para. 1 lit. c GDPR, (e.g. legally prescribed storage and documentation obligations, publication obligations under copyright law).
legitimate interests of our company within the meaning of Art. 6 para. 1 lit. f GDPR (e.g. use of software)
6 para. 1 lit. a GDPR when obtaining consent (e.g. when processing image data or for advertising purposes).
Please note that national data protection regulations may also apply in addition to the provisions of the GDPR.
3.1 Making contact
If you have asked us to contact you via our web form or if you have sent us a message, we will store the data required to contact you. This is your name, your e-mail address and, on a voluntary basis, your telephone number and additional information if personal. The data will be deleted by us as soon as storage is no longer necessary or you object to the processing.
3.2 Applicants
General: If you send us your application documents, we will process your personal data contained therein for the purpose of personnel selection and recruitment. In the event of a rejection, we will delete your documents 7 months after sending the rejection to you.
Legal basis: Art. 6 para. 1 lit. b GDPR (contract initiation and fulfillment)
If we wish to keep you on record for the purpose of contacting you at a later date, we will approach you with a separate request for your consent. If you explicitly give us this consent, we will store your application documents. If there is no further opportunity to fill a position with us within one year, we will delete all your applicant data one year after you have given us your consent.
Legal basis: Art. 6 para. 1 lit. a GDPR (consent)
Applicant portal: Applications are also processed via our application portal. For full details on how we handle your application data, please visit: https://saubermacher.at/karriere/offene-stellen/#jobangebote
4.1 Informational use of the website
When using the website for information purposes only, we only collect the personal data that your browser transmits to our server (server log files). If you wish to view our website, we collect at most the data that is technically necessary for us to display our website to you and to ensure stability and security:
- IP address
- Date and time of the request
- Time zone difference to Coordinated Universal Time (UTC)
- Content of the request (specific page)
- Access status/HTTP status code
- Website from which the request originates
- Browser
- Operating system and its interface
- Language and version of the browser software.
This data is not merged with personal data sources. We reserve the right to check this data retrospectively if we become aware of specific indications of unlawful use and – if there has been a hacking attack – to pass the data on to the law enforcement authorities. The data will not be passed on to third parties beyond this.
Legal basis: Art. 6 para. 1 lit. f GDPR
4.2 Cookies
Cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard disk assigned to the browser you are using and through which certain information flows to the place that sets the cookie (here by us or third-party providers). Cookies cannot execute programs or transmit viruses to your computer.
The cookie allows you to be recognized when you visit the website without having to re-enter data that you have already entered.
The information contained in the cookies is used, for example, to determine whether you are logged in or what data you have already entered, or to recognize you as a user when a connection is established between our web server and your browser.
We distinguish between technical cookies that are used exclusively to ensure the operation of a website and other cookies that are set by us or third-party providers for the purposes of statistical analysis, tracking or advertising/marketing.
Legal basis: Art. 6 para. 1 lit. f GDPR (for technical cookies), Art. 6 para. 1 lit. a GDPR (for all other cookies)
4.3 Data processing in the USA
It cannot be ruled out that personal data will be transmitted to the USA when you visit our website. If this is the case, we will point this out separately in this privacy policy.
The GDPR requires so-called appropriate safeguards in accordance with Art. 46 GDPR for data transfers to a third country or an international organization.
The European Commission has adopted an adequacy decision for the exchange of data between European and US companies. This decision stipulates that American companies that have submitted to the EU-US Privacy Framework guarantee an adequate level of protection for personal data. Personal data may be exchanged with these companies without additional guarantees.
In the case of data processing by US data recipients who have not submitted to the regulations of the EU-US Data Privacy Framework, the following risks in particular cannot currently be ruled out for you as the data subject:
Your personal data could possibly be passed on to other third parties (e.g. US authorities) by the respective service provider beyond the actual purpose of fulfilling the order.
You may not be able to assert or enforce your rights to information against the respective service provider in the long term.
There may be a higher probability that incorrect data processing may occur, as the technical and organizational measures for the protection of personal data do not fully meet the requirements of the GDPR in terms of quantity and quality.
By consenting to the processing of (advertising and marketing) cookies, you explicitly consent to the transfer of data to the USA. You can remove cookies stored on your PC yourself at any time by deleting the temporary internet files.
Legal basis: Art. 6 para. 1 lit. a GDPR
5.1 Purpose of the processing
We have set up a whistleblowing online portal on our website. The whistleblowing system makes it possible to contact us and report compliance and legal violations without fear of reprisals. Where legally permissible, reports can also be made without providing personal data. We process personal data, provided that it is disclosed to us, in order to check the report made via the reporting office and to investigate the suspected compliance and legal violations. We may have queries in this regard. We use communication via this whistleblower system for this purpose.
5.2 Data processing in accordance with Art. 13 GDPR
We process the data that the whistleblower provides to us in the context of the report.
5.3 Data processing in accordance with Art. 14 GDPR
In addition, we process data of persons named by the whistleblower in the course of reporting violations (e.g. name data or functions of the persons who caused the violation, name data or functions of the persons who are also affected by a violation, description of behavior or actions of the person concerned in connection with the reported misconduct that could contribute to their identification).
5.4 Personal data, forwarding and legal basis
In principle, it is possible to use the whistleblowing system without providing personal data, insofar as this is legally permissible. However, personal data may be provided voluntarily as part of the whistleblowing process, in particular details of identity, first name and surname, country of residence, telephone number or email address.
When using anonymous communication with us, the IP address and current location are not stored at any time. After submitting a report, the person submitting the report will receive access data to the mailbox of the online portal so that they can continue to communicate with us in a protected manner.
In order to fulfill the stated purpose, it may also be necessary for us to transfer the personal data to external bodies such as law firms, criminal or competition authorities, within or outside the European Union.
We process personal data, insofar as we have received it, insofar as this is necessary to fulfill legal obligations in terms of whistleblower protection on the basis of Art. 6 para. 1 lit. c GDPR and local data protection laws.
5.5 Responsible body
We use the whistleblowing online portal as a member of the Saubermacher Group.
The whistleblower system is operated by the management consultants commissioned by us, who act as independent controllers within the meaning of the EU General Data Protection Regulation. The company in question is VMCON OG, Opernring 2, 8010 Graz.
For data protection questions concerning VMCON OG, please contact“datenschutz@meineberater.at”.
The whistleblowing system (.LOUPE) is provided by our processor, the software provider.fobi solutions GmbH, Steinsiedlung 11, 4222 St. Georgen an der Gusen, Austria, with whom a corresponding data processing agreement has been concluded.
5.6 Duration of storage
We only store personal data for as long as is necessary to process your message or for as long as we have a legitimate interest in storing your personal data. Data may be stored for longer if this has been provided for by national or European legislation in order to fulfill legal obligations, such as retention obligations.
We neither collect nor store personal data that is not required for processing a reference. They will be deleted immediately if necessary.
After completion of the investigation, all reports and associated data are archived for a period of 5 years. After this period, we guarantee the irretrievable deletion or anonymization of all data. In addition, the data will be stored for as long as is necessary for official or legal proceedings that have already been initiated.
5.7 Your rights
Data subject rights in accordance with Art. 13 to 21 GDPR do not apply to persons affected by a tip-off in accordance with Section 8 (9) HSchG if this is necessary to protect the person providing the information or to investigate information (e.g: Right to information, right to access, right to erasure, right to object). For reports outside the scope of the HSchG, the general data protection regulations apply.
If you are of the opinion that we have violated Austrian or European data protection law when processing your data and thereby infringed your rights, you have the right to lodge a complaint with the Austrian Data Protection Authority, Barichgasse 40 – 42, 1030 Vienna, telephone: +43 1 52 152-0, e-mail: dsb@dsb.gv.at
We have entered into a contract with Google Ireland Limited (“Google”), a company incorporated and operated under Irish law (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland. Nevertheless, it is possible that data may be transferred from Europe to the USA, over which we as a company have no influence.
Google has certified itself in accordance with the adequacy decision for the transfer of personal data to the USA. The European Commission concludes that there is an adequate level of protection for personal data transferred from the EU to a company certified under the EU-US data protection framework in the USA, which is why data transfer is permitted under Art. 45 GDPR.
6.1 Google Analytics
We have integrated Google Analytics on our website, a web analysis service from Google, which enables us to analyze visitor flows and the time spent on our website.
This website uses the function “Activation of IP anonymization” (i.e. Google Analytics has been extended by the code “gat._anonymizeIp();” to ensure an anonymized collection of IP addresses (so-called IP masking)). As a result, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.
According to Google, Google will use the information obtained to evaluate your use of the website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. However, Google may transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. You can prevent the storage of cookies by selecting the appropriate settings in your browser software. However, we would like to point out that in this case you may not be able to use all functions of the website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the websites (including your anonymized IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link(https://tools.google.com/dlpage/gaoptout?hl=de).
Further information on terms of use and data protection can be found at https://www.google.com/analytics/terms/de.html or at https://support.google.com/analytics/answer/6004245?hl=de.
Legal basis: Art. 6 para. 1 lit. a GDPR
6.2 Google Fonts
We use Google Fonts. To ensure a uniform and appealing display of the fonts and icons, your browser loads the required fonts into your browser cache. To do this, it is necessary for the browser you are using to contact the Google Fonts servers, which means that Google Fonts becomes aware that our website has been accessed via your IP address.
You can find out what data is collected by Google and what this data is used for at https://www.google.com/intl/de/policies/privacy/.
Legal basis: Art. 6 para. 1 lit. a GDPR
6.3 Google Gstatic
Gstatic is a domain used by Google to load static content into a different domain name to reduce bandwidth usage and increase network performance for the end user.
Legal basis: Art. 6 para. 1 lit. a GDPR
6.4 Google reCaptcha
We use the Google service reCaptcha to determine whether a human or a computer is making a certain entry in our contact or newsletter form. Google uses the following data to check whether you are a human or a computer IP address of the end device used, the website that you visit on our site and on which the captcha is integrated, the date and duration of the visit, the identification data of the browser and operating system type used, Google account if you are logged in to Google, mouse movements on the reCaptcha areas and tasks in which you have to identify images.
Legal basis: Art. 6 para. 1 lit. a GDPR
6.5 Google Tag Manager
We use Google Tag Manager to recognize your user behavior. Google Tag Manager is a solution that allows marketers to manage website tags via an interface. The tool itself processes the following personal data IP address of the user. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. Google Tag Manager can set cookies, at least in the administrator’s preview and debug mode, but also outside of it. If deactivation has been carried out at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.
You can find more detailed information here: https://www.google.com/intl/de/tagmanager/faq.html.
Legal basis: Art. 6 para. 1 lit. a GDPR
You have the following rights vis-à-vis us with regard to your personal data:
- Right of access, rectification and erasure
- Right to restriction of processing
- Right to object to processing
- Right to data portability
- Right to lodge a complaint with the Austrian Data Protection Authority
Barichgasse 40 – 42, 1030 Vienna, phone: +43 1 52 152-0, E-mail: dsb@dsb.gv.at
If you are of the opinion that we have violated Austrian or European data protection law in the processing of your data and thereby infringed your rights, please contact us so that we can clarify any questions you may have.
Please send your inquiries and concerns by e-mail to datenschutz@saubermacher.at or contact us using the contact details provided.
We reserve the right to make changes to our privacy policy from time to time. We will publish all changes to the privacy policy on this page. Please refer to the latest version of our privacy policy in this regard.
