Data protection - [EN] Saubermacher Outsourcing

Data privacy policy pursuant to Art. 13, 14 GDPR – fulfilment of the information obligations

Thank you for visiting our website. We place great value on the protection of your data and inform you here in detail on the extent to which your data are processed when you access our website.
All references to persons always refer to all genders. The use of the male form merely serves the purpose of easier legibility.

1 Data controller

The responsible party pursuant to Art. 4 para. 7 of the EU General Data Protection Regulation (GDPR) is

Saubermacher Outsourcing GmbH
Europastraße 24
8330 Feldbach
Tel.: +43 59800 7000
Fax: +43 59800 7099
E-Mail: outsourcing@saubermacher.at

The data privacy officer of the controller has the following contact details:
Tel.: +43 (0)59 800
Email: datenschutz@saubermacher.at

2 Data processing of people in the corporate/business environment

2.1 Data processing pursuant to Art. 17 GDPR

We process the data of individuals that are provided to us as part of an enquiry by e-mail or to initiate and conclude a contract or business relationship.

2.2 Data processing pursuant to Art. 17 GDPR

In addition, we also process data from persons who are part of a contractual relationship which we have received as part of disclosures from third parties (e.g. managing directors send us data about their employees).

2.3 Data subjects

We process the following data of interested parties: Company, name of contact person and business contact and address details.
We process the following data of customers: Company, title and name of contact persons, business address and contact details, bank details, contract data.
We process the following data of suppliers and business partners: Company, title and name of contact persons, business address and contact details, bank details, contract data.

2.4 Passing on data

We will only pass on personal data to third parties if this is required for the purpose of contact processing and fulfilment or if legal stipulations require us to do so.

2.5 Retention/erasure of data

Elapsing of contractual obligations: In the event that there are contractual provisions that prescribe for how long personal data must be retained, the data controller shall ensure that these retention periods are adhered to. Once these periods have elapsed, the data shall be deleted or anonymised by the data controller.
Revocation of consent: In the event that a data subject revokes consent for the processing of personal data, the data controller shall delete the data, provided that there is no other legal basis for processing.
Elapsing of statutory obligations: In some cases, there may be exceptions that not only permit but obligate a data controller to continue to retain personal data after statutory retention periods elapse or upon revocation of consent. This may be the case if there are legally prescribed retention periods that require retention of personal data for a defined period of time, e.g. retention of tax-related or accounting records. Once these statutory periods have elapsed, the data controller shall ensure that the data are anonymised or deleted.

2.6 Contact via email

When you make contact with us by e-mail, the data you have provided is stored by us on the basis of your consent in order to answer your questions. We erase the data gathered in this context after processing is no longer required, or we restrict the processing if there are legal obligations to preserve records.

2.7 Publication of the names of authors

We are legally obligated to disclose the names of the authors of image data (photographs or videos) whenever image data are published. We delete these personal data automatically as soon as we discontinue use of the image data.

2.8 Legal basis

Legal bases of data processing are

the initiation and fulfilment of a contract in accordance with Art. 6 Par. 1 b GDPR.
legal obligations in accordance with Art. 6 para. 1 line c GDPR, (e.g. legally prescribed preserving of records or documentation duties, publication obligations in accordance with the Copyright Act).
the legitimate interest of our company within the sense or Art. 6 para. 1 line f GDPR (e.g. the use of software)
6 para. 1 line a GDPR when obtaining consent (e.g. when processing image data or for advertising purposes).

3 Data processing when establishing contact via our website, submitting an application

3.1 Contact form

If you have allowed us to contact you via our web form or you have sent us a message, then we store your data that are required to make contact. This includes your (company) name and your email address or telephone number. We delete the data as soon as storage is no longer required or if you object to the processing.

Legal basis: Art. 6 para. 1 lit. a GDPR

3.2 Applicants

In the event that you send us your application documents, we process your personal data contained in those documents as well as your CV and your certificates for the purpose of personnel selection and recruitment. If your application is rejected, we will delete your documents 7 months after informing you of the rejection

Legal basis: Art. 6 par. 1 line b GDPR

If we wish to keep your data on file so that we may contact you at a later point in time, we will contact you with our own request for consent. If you expressly grant your consent, we will store your application documents. If there is no further opportunity for recruitment with us within a period of a year, we will delete all of your application data one year after you have granted your consent.

Legal basis: Art. 6 para. 1 lit. a GDPR

4 Data processing when visiting our website

4.1 Informational use of the website

In the case of purely informational use of the website, we collect only the personal data that your browser transmits to our server (server log files). If you would like to view our website, we at most collect the data that is technically necessary for us to display our website to you and to ensure stability and security:

IP address
Date and time of the enquiry
Time Zone Difference to Coordinated Universal Time (UTC)
Content of the requirement (concrete page)
Access Status / HTTP status code
Website from which the enquiry is made
Browser
Operating system and its interface
Language and version of the browser software.

This data is not merged with personal data sources. We reserve the right to check this data retrospectively if concrete indications of illegitimate use come to our knowledge and to pass on the data – if there has been a hacker attack – to law enforcement authorities. There is no passing on to third parties beyond this.

Legal basis: Art. 6 par. 1 line f GDPR

4.2 Cookies

During the use of our website, cookies will be stored on your computer. Cookies are small text files that are deposited on your hard drive by your browser and through which certain information flows to the party placing the cookie (in this case us or the service provider). Cookies cannot carry out programmes or transmit viruses to your computer.

Through the cookie, you can be identified when revisiting the website, without data that you previously entered needing to be entered again.

The information contained in the cookies is used for example to establish whether you are logged in, or what data you have already entered, or to recognise you as a user when a connection is established between our web server and your browser.

We distinguish between technical cookies, which are used solely to ensure operation of a website, and other cookies, which are saved to your device by us or by third parties for the purpose of statistical analysis, tracking or advertising/marketing.

Legal basis: Art. 6 para. 1 line f GDPR (for technical cookies), Art. 6 para. 1 line a GDPR (for all other cookies)

4.3 Data processing in the USA

We cannot rule out the possibility of your data being transmitted to the USA when your visit our website. If this is the case, we will draw attention to this in a separate location in this privacy policy.

The GDPR sets out ‘suitable guarantees’ for data transmission to a third country or to an international organisation pursuant to Art. 46 GDPR.

The European Commission has adopted an adequacy decision for the EU-US Data Privacy Framework. The decision establishes that the USA must guarantee an adequate level of protection – comparable to that of the EU – for personal data that are transferred from the EU to US enterprises within the new framework. On the basis of the new adequacy decision, personal data can be transmitted securely from the EU to certified US enterprises participating in the EU-US Data Privacy Framework without the need to introduce additional data protection guarantees.

In the event of data processing by US data recipients that have not been certified under the EU-US Data Privacy Framework or the Privacy Shield, for you as the data subject, at present the following risks in particular cannot be excluded:

Your personal data may be passed on to other third parties by the respective service provider (e.g. American authorities) beyond the actual purpose of order fulfilment.
You may not be able to exert your right to access to information from the respective service provider.
There may be a higher likelihood that incorrect data processing can occur, as the technical and organisational measures for protecting personal data do not correspond quantitatively and qualitatively to the full extent to the GDPR requirements.

With your consent to the processing of (advertising and marketing) cookies, you are explicitly agreeing to data transmission to the USA. You can remove cookies stored on your PC yourself at any time by deleting the temporary internet data.

Legal basis: Art. 6 para. 1 lit. a GDPR

5 Data processing for Google services

We have concluded a contract with Google Ireland Limited (“Google”), a company registered and operated according to Irish law (register number: 368047) with its head office at Gordon House, Barrow Street, Dublin 4, Ireland. It can happen even so that data from Europe is transmitted to the USA, which we as a company cannot influence.

Use of this service means that personal data are transferred to the USA or that a transfer of personal data to the USA cannot be ruled out. Google LLC has been certified for the transmission of personal data to the USA in accordance with the adequacy decision. The European Commission concludes that for personal data that are transferred from the EU to a company in the USA that is certified under the EU-US Data Privacy Framework, an adequate level of protection exists, which is why data transmission is permitted pursuant to Art. 45 GDPR.

5.1 Google Analytics

We have integrated Google Analytics into our website, a web analysis service provided by Google, that allows us to analyse visitor flows and the time that visitors spend on our website.

This website uses the function “Activation of IP anonymisation” (i.e. that Google Analytics has been extended by the code “gat._anonymizeIp();”, in order to ensure an anonymised collection of IP addresses, so-called IP masking) This means that your IP address will be stored by Google in shortened form within Member States of the European Union or in other states that are contracting parties to the Agreement on the European Economic Area. The full IP address will only be transferred to a Google server in the USA and shortened there in exceptional cases.

According to Google, Google will use the gained information to evaluate your use of the website, to compile reports about website activity and to provide further services to us relating to website usage and Internet usage. The IP address transmitted from your browser as part of Google Analytics is not merged with other Google data. Google may, however, transmit this information to third parties, insofar as this is legally mandatory or third parties are processing this data on behalf of Google. You can disable cookies using the relevant settings in your browser. We would like to point out, however, that in this case you may not be able to use all the functions of the websites to the full extent. Furthermore, you can prevent the collection of the data generated by the cookie relating to your website use (including your anonymised IP address), as well as the processing of this data by Google, by downloading and installing the browser plugin available under the following link (https://tools.google.com/dlpage/gaoptout?hl=de).

Further information on terms of use and data protection is available at https://www.google.com/analytics/terms/de.html and https://support.google.com/analytics/answer/6004245?hl=de.

Legal basis: Art. 6 para. 1 lit. a GDPR

5.2 Google Gstatic

Gstatic is a domain used by Google to load static contents to another domain name in order to reduce the bandwidth use and increase the network performance for the end user.

Legal basis: Art. 6 para. 1 lit. a GDPR

5.3 Google reCaptcha

We use the Google service reCaptcha to determine whether a person or a computer is making a particular entry in our contact or newsletter form. Google uses the following data to check whether you are a person or a computer: IP address of the device used, the webpages you visit on our website and on which the Captcha is integrated, the date and duration of the visit, the identification data of the type of browser and operating system used, Google account if you are logged in to Google, mouse movements on the reCaptcha areas and tasks in which you have to identify images.

Legal basis: Art. 6 para. 1 lit. a GDPR

5.4 Google Tag Manager

To identify your user behaviour, we use the so-called Google Tag Manager. The Google Tag Manager is a solution with which the marketer can manage website tags through an interface. The tool itself processes the following personal data: IP address of the user. The tool triggers other tags, which may in certain circumstances collect data. Google Tag Manager does not access this data. Google Tag Manager can install cookies, in any event in the administrator’s preview and debug modes, as well as outside of these modes. If there has been a deactivation at a domain or cookie level, this remains in place for all tracking tags that were implemented with the Google Tag Manager.

Further information is available here: https://www.google.com/intl/de/tagmanager/faq.html.

Legal basis: Art. 6 para. 1 lit. a GDPR

6 Your rights

You have the following rights with respect to the personal data concerning you:

Right to access, rectification and erasure
Right to restriction of the processing
Right to objection to the processing
Right to data portability
Right to lodge a complaint with the Austrian data protection authority
Barichgasse 40 – 42, 1030 Vienna, Telephone: +43 1 52 152-0
E-Mail: dsb@dsb.gv.at

If you believe that we are contravening Austrian or European data protection law during the processing of data and have therefore infringed your rights, please contact us to clarify any questions.

To do so, please direct your enquiries and concerns by email to datenschutz@saubermacher.at or use the given contact details.

7 Changes to this privacy policy

We reserve the right to make adjustments to our data privacy policy from time to time. We publish all changes to the privacy policy on this page. Please note the current version of our privacy policy.