Data Protection Statement
1. Name and address of responsible party
The responsible party in the sense of the General Data Protection Regulation and other national data protection laws as well as other statutory data protection provisions is: Saubermacher Outsourcing GmbH Hans-Roth-Straße 1 8073 Feldkirchen bei Graz Tel.: +43 59 800 7000 Email: firstname.lastname@example.org Website: www.saubermacher-outsourcing.com
2. Contact information for the data protection officer
The responsible party’s data protection officer can be reached using the following contact information: Tel.: +43 59 800 Email: email@example.com
3. General information about data processing
1. Scope of processing for personal data We collect and use personal data for our users only to the extent that this is necessary in order to provide a functional website as well as our content and services. As a rule, the collection and use of our users’ personal data only takes place with prior consent from the user. An exception applies in cases where it is not possible to obtain consent in advance for practical reasons, and where data processing is permitted by the statutory provisions. 2. Legal basis for processing personal data If and to the extent that we obtain consent from the relevant persons to process their personal data, Art. 6 Sec. 1 lt. a EU General Data Protection Regulation (GDPR) serves as the legal basis for processing personal data. When processing personal data that is necessary in order to fulfill a contract with the relevant person, Art. 6 Sec. 1 lt. b GDPR serves as the legal basis. This also applies to processing steps that are necessary in order to perform pre-contractual measures. If and to the extent that personal data must be processed in order to fulfill a legal obligation for our company, Art. 6 Sec. 1 lt. c GDPR serves as the legal basis. In the event that vital interests of the relevant persons or of another natural person necessitate the processing of personal data, Art. 6 Sec. 1 lt. d GDPR serves as the legal basis. If data processing is necessary in order to protect a justified interest of our company or of a third party, and if the interests, basic rights and basic liberties of the relevant party do not outweigh the former interest, Art. 6 Sec. 1 lt. f GDPR serves as the legal basis for such processing. 3. Deletion of data and storage period Personal data for the relevant persons will be deleted or blocked as soon as the reason for storing it no longer applies. Longer storage periods may apply as required by European or national legislation in Union ordinances, laws, or other regulations to which the responsible party is subject. Data will also be deleted or blocked once a storage period established by the abovementioned standards comes to an end, unless the data must continue to be stored for the purpose of concluding or executing a contract.
4. Availability of the website and creating log files
1. Description and scope of data processing Each time our website is called up, our system automatically records data and information from the visitor’s computer system. The following data is collected: (1) Information about the browser type and version used (2) The user’s operating system (3) The user’s internet service provider (4) Date and time of access (5) Websites from which the user’s system accesses our website (6) Websites accessed by the user’s system via our website This data is also stored in our system’s log files. It does not include the user’s IP addresses or other data that would allow the collected data to be assigned to a specific user. The data is not stored in conjunction with the user’s other personal data. 2. Legal basis for data processing The legal basis for temporary storage of the data is Art. 6 Sec. 1 lt. f GDPR. 3. Purpose of data processing We use the data to optimize the website and to ensure the security of our information technology systems. This also constitutes our justified interest in data processing as per Art. 6 Sec. 1 lt. f GDPR. 4. Storage period The data is deleted as soon as it is no longer needed to achieve the purpose for which it was collected. In the event that data is collected in order to make the website available, this is the case once each session has ended. 5. Right to objection and removal Collecting the data in order to make the website available, and saving this data in log files, is necessary in order to operate the website. Therefore the user does not have a right to object to this.
6. Use of Google Analytics and Google AdWords
7. Rights of the relevant person
If your personal data is processed, you are the relevant person, and you have the following rights with regard to the responsible party: 1. Right to information You can request confirmation from the responsible party about whether your personal data is being processed by us. If such processing is taking place, you can request the following information from the responsible party: (1) the purposes for which the personal data is being processed; (2) the categories of personal data being processed; (3) the recipients and/or categories of recipients to whom your personal data has been or will be disclosed; (4) the planned storage period for your personal data or, if no concrete information can be provided in this regard, criteria for determining the storage period; (5) whether you have a right to have your personal data corrected or deleted, a right to limit processing by the responsible party, or a right to object to such processing; (6) whether you have a right to lodge a complaint with a supervisory authority; (7) all available information regarding the origin of the data if the personal data is not collected from the relevant person; (8) whether there is an automated decision-making process, including profiling as per Art. 22 Sec. 1 and 4 GDPR, and – at least in these cases – meaningful information about the involved logic and reach as well as the intended effects of such processing for the relevant person. You have the right to request information about whether your personal data is transmitted to a non-EU country or an international organization. In this context, you can ask to be informed about the appropriate guarantees as per Art. 46 GDPR in conjunction with this transmission. 2. Right to correction You have a right to ask the responsible party to correct and/or complete your personal data if your processed data is incorrect or incomplete. The responsible party must perform such corrections immediately. 3. Right to limit processing Under the following conditions, you can request that processing of your personal data be limited if: (1) you dispute the accuracy of your personal data for a period of time that allows the responsible party to check the accuracy of the personal data; (2) the processing is illegal and you waive the right to delete the personal data, instead asking to limit use of the personal data; (3) the responsible party no longer needs the personal data for the stated processing purposes, but you need it in order to assert, exercise or defend legal claims, or (4) you have raised an objection to the processing as per Art. 21 Sec. 1 GDPR and it is not yet clear whether the responsible party’s justified reasons outweigh your reasons. If processing of your personal data has been limited, this data – aside from its storage – may only be processed with your consent or in order to assert, exercise or defend legal claims or to protect the rights of another natural or legal person, or for the sake of an important public interest of the Union or a member state. If processing has been limited according to the abovementioned requirements, you will be informed by the responsible party before the limitation is lifted. 4. Right to deletion a) Deletion obligation You can ask the responsible party to delete your personal data immediately, and the responsible party is obligated to delete this data immediately, if one of the following reasons applies: (1) Your personal data is no longer needed for the purposes for which it was collected or otherwise processed. (2) You revoke your consent, which was the basis for processing as per Art. 6 Sec. 1 lt. a or Art. 9 Sec. 2 lt. a GDPR, and there is no other legal basis for the processing. (3) You object to the processing as per Art. 21 Sec. 1 GDPR and there are no prior-ranking justified reasons for processing, or you object to the processing as per Art. 21 Sec. 2 GDPR. (4) Your personal data was processed illegally. (5) It is necessary to delete your personal data in order to fulfill a legal obligation under Union law or the law of the member states to which the responsible party is subject. (6) Your personal data was collected with regard to information society services as per Art. 8 Sec. 1 GDPR. a) Information for third parties If the responsible party has published your personal data and is obligated to delete it as per Art. 17 Sec. 1 GDPR, it will take appropriate (technical) measures – with consideration for the available technology and the implementation costs – to inform the parties responsible for processing your personal data that you as a relevant person have asked them to delete all links to this personal data and any copies or replications of this personal data. b) Exceptions The right to deletion does not apply if processing is required: (1) to exercise the right to freedom of expression and information; (2) to fulfill a legal obligation that requires processing according to the law of the Union or the member states to which the responsible party is subject, or to perform a task that is in the public interest or was assigned to the responsible party in the exercise of public authority; (3) for the sake of public interest in the sphere of public health as per Art. 9 Sec. 2 lt. h and i as well as Art. 9 Sec. 3 GDPR; (4) for archival purposes, scholarly or historical research purposes that are in the public interest, or for statistical purposes as per Art. 89 Sec. 1 GDPR, to the extent that the right named in Section a) will likely make it impossible to realize the objectives of this processing or will significantly impair it, or (5) in order to assert, exercise or defend legal claims. 5. Right to information If you have asserted your right to have the data corrected or deleted or its processing limited by the responsible party, this party must inform all recipients to whom your personal data was disclosed about this correction or deletion of data or limitation on processing, unless this is impossible or is associated with an unreasonable effort or cost. You have the right to be informed about these recipients by the responsible party. 6. Right to data portability You have the right to obtain your personal data that you provided to the responsible party in a structured, common and machine-readable format wherever technically possible. In addition, you have the right to provide this data to another responsible party without hindrance from the responsible party that was originally provided with the personal data as long as (1) the processing is based on a declaration of consent as per Art. 6 Sec. 1 lt. a GDPR or Art. 9 Sec. 2 lt. a GDPR or on a contract as per Art. 6 Sec. 1 lt. b GDPR and (2) the processing takes place using automated procedures. In exercising this right, you are also entitled to have the relevant personal data transmitted directly from one responsible party to another responsible party wherever technically possible. In doing so, other people’s freedoms or rights may not be impaired. The right to data portability does not apply to the processing of personal data that is necessary in order to perform a task that is in the public interest or was assigned to the responsible party in the exercise of public authority. 7. Right to object For reasons relating to your particular situation, you have the right to object at any time to the processing of your personal data that takes place on the basis of Art. 6 Sec. 1 lt. e or f GDPR. The responsible party will no longer process your personal data in this case unless it can demonstrate urgent, legitimate grounds for such processing that outweigh your interests, rights and freedoms, or unless such processing is being used to assert, exercise or defend legal claims. If your personal data is being processed for the purpose of direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling where this is connected to such direct advertising. If you raise an objection to processing for the sake of direct advertising, your personal data will no longer be processed for this purpose. You have the option to exercise your right to object in conjunction with the use of information society services – regardless of Directive 2002/58/EC – by way of automated processes in which technical specifications are used. 8. Right to revoke the declaration of consent under data protection law You have the right to revoke your declaration of consent under data protection law at any time. Revoking your consent will not affect the legality of any processing that took place before the revocation. 9. Right to submit a complaint to a supervisory authority Regardless of any other administrative or judicial action, you have the right to submit a complaint to a supervisory authority, particularly in the member state where you are located, at your workplace, or in the city of the alleged violation, if you believe that the processing of your personal data violates the GDPR. The supervisory authority to which the complaint is submitted will then inform the complainant about the status and results of the complaint, including the possibility of taking legal action as per Art. 78 GDPR.