Your data is safe with Action Composites GmbH! We have a duty to protect your data and we are particularly aware of the need to do so. This is why when processing your personal data in the performance of our duties we comply, in particular, with the applicable data protection provisions of the General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG).

The following provides you with more information about our data processing activities. Please take the time to read our privacy statement carefully in order to find out why we collect your data and in what form we will process it i) if you visit our website or are a prospective customer of ours (see in particular “The processing of data relating to visitors to our website and prospective customers“), ii) if you are a (potential) customer of ours or one of its contact persons (see in particular “The processing of data relating to (potential) customers or customer contacts“), iii) if you are one of our suppliers or business partners (see in particular “The processing of data relating to suppliers and business partners and their contact persons“), or iv) if you apply for a job with us (see in particular “The processing of data relating to applicants“). To find out what data we collect about you from third party sources, please see the section entitled “The collection of personal data from sources other than the data subject himself/herself (Article 14 GDPR)“.

Insofar as references are made to persons in the masculine form only, either on our website or in this information on data protection, such references should be understood as being gender-neutral and as such they refer to men, women and the third gender equally.

Personal data are any pieces of information relating to an identified or identifiable natural person. This means all data that personally relates to you, e.g. your name, address, email addresses, billing data, IP addresses, and user behaviour.

Action Composites GmbH

(Reg. no. FN 368043 s, Regional Court of Ried im Innkreis)

Molkereistraße 4, A-4910 Ried im Innkreis

Tel:        +43(0)77 52 / 21333-0

Email:     bssvpr@npgvba-pbzcbfvgrf.pbz

 

As we are not legally obliged to, we have not appointed a data protection officer and given his/her name to the data protection authority.

We use appropriate technical and organisational measures (TOMs) and security measures to prevent unauthorised access, unlawful processing and unauthorised or accidental loss of your data. This includes for example the encryption of your communications with us via this website based on the Secure Socket Layer (SSL) encryption protocol.

You can check the quality of our encryption here: https://www.ssllabs.com/ssltest.

It is important to stress that by transmitting data over the internet your data may be exposed to security breaches and vulnerabilities as it is not possible to provide complete protection against unauthorised access by third parties.

We are required to keep secret any data from processing activities that have been entrusted or made accessible to us exclusively on the basis of our professional activities, without prejudice to other obligations of confidentiality imposed by law, unless there exist legitimate grounds warranting the transmission of the data so entrusted or made accessible (data secrecy, Section 6 of the Data Protection Act).

Likewise, our employees are subject to a duty of confidentiality pursuant to Section 6 of the Data Protection Act.

We process your personal data either for the purposes of pursuing our legitimate interests (Article 6(1)(f) GDPR), namely to ensure the operation, security and optimisation of our website, or for the purposes of processing the enquiries you send to us by email or make over the telephone (Article 6(1)(a) GDPR). You give us your consent by making the request.

To improve the information we provide, the following data are processed and evaluated on our website when you visit our website:

  • Browser type,
  • Operating system and its interface,
  • Model name of the mobile phone and a generic device identifier,
  • Country, date, time and duration of access,
  • IP address of the user’s computer and pages visited, including entry and exit pages,
  • Time zone difference to Greenwich Mean Time (GMT),
  • Access status / HTTP status code,
  • Volume of data transmitted,
  • Website from which the request comes (referrer URL),
  • Language and version of the browser software.

 

We evaluate these data for statistical purposes with a view to optimising the services on our website. In addition, these data are stored for a period of three months and then deleted unless statutory retention obligations prevent us from deleting the data in question. Data may be stored for a longer period should this prove necessary to help investigate attacks on this website.

The web server is located in Germany (https://www.mittwald.de/). The data are not used to identify persons visiting this website.

 

 

To achieve these intended purposes, it may prove necessary in some cases to disclose your data to the following recipients in particular. Such disclosure may be made by transmitting, disseminating or providing your data in any other form.

 

RECIPIENT

PLACE OF BUSINESS (COUNTRY)

BASIS FOR TRANSMISSION TO THIRD COUNTRIES

innpuls Werbeagentur GmbH (website management / maintenance)

 

Austria

 

Within the European Economic Area (“EEA”)

 

Mittwald CM Service GmbH & Co. KG (web hosting)

 

Germany

Within the EEA

Infotech EDV-Systeme GmbH (internet and telephone services)

 

Austria

Within the EEA

 

HEISSBAUER – Computer & Bürotechnik e.U. (Within the context of IT support and remote maintenance)

 

Austria

Within the EEA

1&1 IONOS SE (email traffic)

 

Germany

Within the EEA

Cooperation partner (companies belonging to our group, accountants), to the extent necessary for the processing of enquiries

 

Austria and, on a case-by-case basis, within the EU and/or worldwide

 

Adequacy decision issued by the European Commission or measures taken to ensure that all recipients are afforded an adequate level of data protection (see “Data transfer to third countries / automated decision“)

 

Use of cookies

We use “cookies” to improve the operation of our websites. Cookies are small text files that can be stored on your computer when you visit a website. Generally speaking, cookies are used to offer users additional functionality on a website. Cookies cannot access, read or modify any other data on your computer.

We use cookies that

  • will be deleted when you close your browser (session cookies),
  • remain on your end device even after you close your browser (permanent cookies),
  • originate from us (first party cookies) or from third parties (third party cookies).

We process data gathered by cookies on the following legal bases and for the following purposes:

  • We use cookies that are absolutely necessary for the functioning of our websites on a legal basis.
  • We use all other cookies on the basis of your consent.

You have the following options in particular to revoke your consent or place restrictions on certain cookies:

  • Use the settings in your browser. You can find details in your browser’s help function (this can usually be accessed by pressing the F1 key on your keyboard).
  • You can visit http://www.youronlinechoices.com/uk/your-ad-choices to analyse which cookies are used in your case. You can deactivate them individually or collectively. This service is offered by the European Interactive Digital Advertising Alliance.

The revocation of your consent does not affect the lawfulness of the processing that took place based on your consent prior to revocation.

Please note that the functionality of our websites may be limited if you revoke or limit your consent.

You can find details of the cookies we use below:

Use of Google Analytics

This website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter “Google”). Google Analytics uses what are known as “cookies”, i.e. text files stored on your computer and which make it possible to analyse your use of the website.

The purpose is to count and measure the number of hits on our website and the content published there. On our behalf, Google makes use of the information collected to evaluate your use of our website, produce reports on website activities and provide other services to us related to the use of the website and the internet.

Article 6(1)(a) GDPR provides the legal basis for data processing. In this respect, you have a right of revocation that can be exercised at any time. However, revocation does not affect the lawfulness of the processing of data conducted up until revocation.

If you accept the cookies on our cookie banner, you give your consent to Google to place these cookies on your device.

No cookies are set by Google Analytics if you reject the cookies.

The information generated by the cookie concerning your use of this website (including your IP address and the URLs of the websites you visit) is transferred to and stored on servers operated by Google in the United States. We do not store any of your data collected in connection with Google Analytics.

This website takes advantage of the possibility of IP anonymisation offered by Google Analytics. Your IP address will therefore be shortened/anonymised by Google as soon as Google receives your IP address. On our behalf, Google will make use of this information to evaluate your use of the website, produce reports on website activities and provide other services to us related to the use of the website and the internet. The IP address transmitted by your browser in the context of Google Analytics will not be merged by Google with other data.

You can prevent the storage of cookies by changing your browser settings accordingly. However, we wish to draw your attention to the fact that if you do so you will not be able to take full advantage of all of the functions of this website. You can also prevent Google from collecting your data in connection with Google Analytics by downloading and installing the browser plug-in available from the following link: https://tools.google.com/dlpage/gaoptout? hl=en.

You can also prevent the collection of your data by Google Analytics on this website by clicking on the link below. It will set an opt-out cookie that will prevent your data from being collected in future when you visit this website:

Deactivate Google Analytics

You can find more information on Google Analytics Terms of Service by visiting https://marketingplatform.google.com/about/analytics/terms/gb/ and Google’s privacy policy is available at https://www.google.com/policies/privacy/.

Use of Google Web Fonts

This website uses so-called web fonts in order to display fonts consistently. To ensure compliance with the GDPR, we have stored these fonts locally on our server and integrated them into our website in such a way that no data are exchanged with Google.

Use of Web Fonts

This website uses so-called web fonts provided by Monotype GmbH (fonts.com and fast.fonts.net) in order to display fonts consistently. To ensure compliance with the GDPR, we have stored these fonts locally on our server and integrated them into our website in such a way that no data are exchanged with Monotype GmbH.

Use of Adobe Typekit (now Adobe Fonts)

We use Adobe Typekit to display fonts on our website. Adobe Typekit is a service that provides access to a font library. It is provided by Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe). To ensure compliance with the GDPR, we have stored these fonts locally on our server and integrated them into our website in such a way that no data are exchanged with Adobe.

Use of YouTube videos

We have integrated YouTube videos into our online offering. The videos are stored at https://www.YouTube.com and can be played directly from our website.

Article 6(1)(a) GDPR provides the legal basis for data processing. In this respect, you have a right of revocation that can be exercised at any time.

If you accept the cookies on our cookie banner, you give your consent to Google to place these cookies on your device.

No YouTube cookies are set if you reject the cookies.

In addition, our YouTube videos on this website are embedded in “enhanced privacy mode”, which means that no data about you as a user is transferred to YouTube if you do not play the videos. Data will only be transferred if you play the videos. We have no influence on this data transfer.

If you are logged in to Google, your information is directly associated with your account.

If you do not wish such information to be associated with your profile on YouTube, you must log out before playing the video.

You have the right to object to the creation of these user profiles, but you must contact YouTube to exercise this right.

Please see YouTube’s privacy policy for more information on the purpose and scope of data collection and processing by YouTube. There you will also find more information on your rights and the settings that can help protect your privacy: https://www.google.com/policies/privacy/. Google also processes your personal data in the USA.

By integrating YouTube, DoubleClick by Google is normally also activated.  However, we have added the word “nocookie” to the video links so that DoubleClick is no longer activated in compliance with the GDPR. You can find general information on DoubleClick by Google at https://www.google.de/doubleclick. Visit https://www.google.com/policies/privacy/ for general information on data protection at Google.

Use of Amazon Cloud Front – CDN

To make our website faster and more secure, we use Amazon Cloud Front as our Content Delivery Network (CDN). The CDN provider is Amazon Web Services Inc, 440 Terry Ave N, Seattle, WA 98109, USA. Of course, we want to offer you the best possible service via our website. Amazon Cloud Front helps us make our website faster and more secure. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR. A CDN is a network of servers connected via the internet. Amazon has such servers all over the world, enabling websites to load faster on your screen. Put simply, Amazon makes copies of our website and places them on its own servers. When you visit our website, a load balancing system makes sure that most parts of our website are delivered from the server that can display our website the fastest. A CDN significantly shortens the distance that data has to travel to reach your browser. The content of our website is therefore delivered to you by Amazon not only from our hosting server, but also from servers located all over the world. In the majority of cases, the data that Amazon receives, such as IP addresses, security fingerprints, DNS protocol data and performance data for websites, are derived from browser activity. Log data for example helps Amazon identify new threats. In this way, Amazon is able to ensure a high level of security protection for our website. Amazon processes this data within the context of the services it provides, in compliance with applicable laws. This of course includes the GDPR.

We would like to point out that you have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you, in accordance with Article 21 GDPR. This only applies if the data processing is necessary to protect our legitimate interests or those of a third party (Article 6(1)(f) GDPR). For information on how to exercise your right to object, see “What rights do you have in relation to data processing?

We process personal data for the purposes of online marketing, which may include in particular the marketing of advertising space or the display of advertising and other content (collectively referred to as “Content”) based on the potential interests of users and the measurement of their effectiveness.

For these purposes, so-called user profiles are created and stored in a file (so-called “cookie”) or similar procedure in which the relevant user information for the display of the aforementioned content is stored. This information may include, for example, content viewed, websites visited, online networks used, communication partners and technical information such as the browser used, computer system used and information on usage times and used functions. If users have consented to the collection of their sideline data, these can also be processed.
The IP addresses of the users are also stored. However, we use provided IP masking procedures (i.e. pseudonymisation by shortening the IP address) to ensure the protection of the user’s by using a pseudonym. In general, within the framework of the online marketing process, no clear user data (such as e-mail addresses or names) is secured, but pseudonyms. This means that we, as well as the providers of online marketing procedures, do not know the actual identity of the users, but only the information stored in their profiles.
The information in the profiles is usually stored in the cookies or similar memorizing procedures. These cookies can later, generally also on other websites that use the same online marketing technology, be read and analyzed for purposes of content display, as well as supplemented with other data and stored on the server of the online marketing technology provider.
Exceptionally, clear data can be assigned to the profiles. This is the case, for example, if the users are members of a social network whose online marketing technology we use and the network links the profiles of the users in the aforementioned data. Please note that users may enter into additional agreements with the social network providers or other service providers, e.g. by consenting as part of a registration process.
As a matter of principle, we only gain access to summarised information about the performance of our advertisements. However, within the framework of so-called conversion measurement, we can check which of our online marketing processes have led to a so-called conversion, i.e. to the conclusion of a contract with us. The conversion measurement is used alone for the performance analysis of our marketing activities.
Unless otherwise stated, we kindly ask you to consider that cookies used will be stored for a period of two years.
Information on legal basis: If we ask users for their consent (e.g. in the context of a so-called “cookie banner consent”), the legal basis for processing data for online marketing purposes is this consent. Otherwise, user data will be processed on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online services. In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

  • Processed data types: Event Data (Facebook) (“Event Data” is data that can be transmitted from us to Facebook, e.g. via Facebook pixels (via apps or other means) and relates to persons or their actions; the data includes, for example, information about visits to websites, interactions with content, functions, installations of apps, purchases of products, etc.; Event data is processed for the purpose of creating target groups for content and advertising information (Custom Audiences); Event Data does not include the actual content (such as written comments), login information, and Contact Information (such as names, email addresses, and phone numbers). Event Data is deleted by Facebook after a maximum of two years, the Custom Audiences created from them with the deletion of our Facebook account); Contact Information (Facebook) (“Contact Information” is data that (clearly) identifies data subjects, such as names, email addresses and phone numbers, that can be transmitted to Facebook, e.g. via Facebook pixels or uploads for matching purposes to form Custom Audiences; After the matching to create target groups, the Contact Information is deleted); Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of Processing: Remarketing; Conversion tracking (Measurement of the effectiveness of marketing activities); Affiliate Tracking; Custom Audiences (Selection of relevant target groups for marketing purposes or other output of content); Marketing; Profiles with user-related information (Creating user profiles).
  • Security measures: IP Masking (Pseudonymization of the IP address).
  • Legal Basis: Consent (Article 6 (1) (a) GDPR); Legitimate Interests (Article 6 (1) (f) GDPR).
  • Opt-Out: We refer to the privacy policies of the respective service providers and the possibilities for objection (so-called “opt-out”). If no explicit opt-out option has been specified, it is possible to deactivate cookies in the settings of your browser. However, this may restrict the functions of our online offer. We therefore recommend the following additional opt-out options, which are offered collectively for each area:
    a) Europe: https://www.youronlinechoices.eu.
    b) Canada: https://www.youradchoices.ca/choices.
    c) USA: https://www.aboutads.info/choices.
    d) Cross-regional: https://optout.aboutads.info.

Further information on processing methods, procedures and services used:

  • Facebook Pixel and Custom Audiences (Custom Audiences): With the help of the Facebook pixel (or equivalent functions, to transfer Event-Data or Contact Information via interfaces or other software in apps), Facebook is on the one hand able to determine the visitors of our online services as a target group for the presentation of ads (so-called “Facebook ads”). Accordingly, we use Facebook pixels to display Facebook ads placed by us only to Facebook users and within the services of partners cooperating with Facebook (so-called “audience network” https://www.facebook.com/audiencenetwork/) who have shown an interest in our online services or who have certain characteristics (e.g. interests in certain topics or products that are determined on the basis of the websites visited) that we transmit to Facebook (so-called “custom audiences”). With the help of Facebook pixels, we also want to ensure that our Facebook ads correspond to the potential interest of users and do not appear annoying. The Facebook pixel also enables us to track the effectiveness of Facebook ads for statistical and market research purposes by showing whether users were referred to our website after clicking on a Facebook ad (known as “conversion tracking”); Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; Data Processing Agreement: https://www.facebook.com/legal/terms/dataprocessing; Standard Contractual Clauses (Safeguarding the level of data protection when processing data in third countries): The “Facebook EU Data Transfer Addendum” (https://www.facebook.com/legal/EU_data_transfer_addendum) apply in case of processing of Event Data of EU citizens in the USA and the inclusion of the SCC in the “Facebook Platform Terms of Use” (https://developers.facebook.com/terms) with regard to the processing of Event Data from Facebook as controller in the context of ad placement; Further Information: The “Data Processing Terms” (https://www.facebook.com/legal/terms/dataprocessing) apply with respect to Event Data that Facebook processes to provide reporting and analytics to businesses; The “Controller Addendum” as a joint responsibility agreement (Article 26(1) p. 3 of the GDPR) is relevant in the case of processing of Event Data by Facebook as controller for the purposes of targeting and improving and securing Facebook’s products.
  • Advanced matching for the Facebook pixel: In addition to the processing of Event Data in the context of the use of the Facebook Pixel (or equivalent functions, e.g. in apps), Contact Information (data identifying individual persons, names, email addresses and telephone numbers) is also collected by Facebook within our online offer or transmitted to Facebook. The processing of contact information serves to form target groups (so-called ” Custom Audiences”) for the display of content and advertising information based on the presumed interests of users. The collection, or transmission and matching with data available on Facebook is not in plain text, but as so-called “hash values”, i.e. mathematical representations of the data (this method is used, for example, in the storage of passwords). After the matching to create target groups, the Contact Information is deleted. The Contact Information is processed on the basis of a DPA with Meta Platforms Ireland Limited (“Data Processing Terms”, https://www.facebook.com/legal/terms/dataprocessing), the “Data Security Terms” (https://www.facebook.com/legal/terms/data_security_terms) and, with regard to processing in the USA, on the basis of Standard Contractual Clauses (“Facebook-EU Data Transfer Addendum”, https://www.facebook.com/legal/EU_data_transfer_addendum). For more information on the processing of contact information, please refer to the “Facebook Business Tools Terms”, https://www.facebook.com/legal/technology_terms.
  • Facebook – Custom Audiences from File: Creation of target groups for marketing purposes – We submit Contact Information (names, email addresses and phone numbers) to Facebook in list form for the purpose of creating Custom Audiences for content and advertising information based on the presumed interests of users. The transmission and matching with data available on Facebook is not in plain text, but as so-called “hash values”, i.e. mathematical representations of the data (this method is used, for example, in the storage of passwords). After the matching to create target groups, the Contact Information is deleted. The Contact Information is processed on the basis of a DPA with Meta Platforms Ireland Limited (“Data Processing Terms”, https://www.facebook.com/legal/terms/dataprocessing), the “Data Security Terms” (https://www.facebook.com/legal/terms/data_security_terms) and, with regard to processing in the USA, on the basis of Standard Contractual Clauses (“Facebook-EU Data Transfer Addendum”, https://www.facebook.com/legal/EU_data_transfer_addendum). Further information on the processing of contact information can be found in the “Facebook Business Tools Terms”, https://www.facebook.com/legal/terms/customaudience; Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; Data Processing Agreement: https://www.facebook.com/legal/terms/dataprocessing; Standard Contractual Clauses (Safeguarding the level of data protection when processing data in third countries): https://www.facebook.com/legal/EU_data_transfer_addendum.
  • LinkedIn: e.g. Insights Tag / Conversion tracking; Service provider: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA; Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy, cookie policy: https://www.linkedin.com/legal/cookie_policy; Data Processing Agreement: https://legal.linkedin.com/dpa; Standard Contractual Clauses (Safeguarding the level of data protection when processing data in third countries): https://legal.linkedin.com/dpa; Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

We maintain online presences within social networks and process user data in this context in order to communicate with the users active there or to offer information about us.

We would like to point out that user data may be processed outside the European Union. This may entail risks for users, e.g. by making it more difficult to enforce users’ rights.

In addition, user data is usually processed within social networks for market research and advertising purposes. For example, user profiles can be created on the basis of user behaviour and the associated interests of users. The user profiles can then be used, for example, to place advertisements within and outside the networks which are presumed to correspond to the interests of the users. For these purposes, cookies are usually stored on the user’s computer, in which the user’s usage behaviour and interests are stored. Furthermore, data can be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective networks or will become members later on).

For a detailed description of the respective processing operations and the opt-out options, please refer to the respective data protection declarations and information provided by the providers of the respective networks.

Also in the case of requests for information and the exercise of rights of data subjects, we point out that these can be most effectively pursued with the providers. Only the providers have access to the data of the users and can directly take appropriate measures and provide information. If you still need help, please do not hesitate to contact us.

  • Processed data types: Contact data (e.g. e-mail, telephone numbers); Content data (e.g. text input, photographs, videos); Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of Processing: Contact requests and communication; Feedback (e.g. collecting feedback via online form); Marketing.
  • Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).

Further information on processing methods, procedures and services used:

  • Instagram: Social network; Service provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA; Website: https://www.instagram.com; Privacy Policy: https://instagram.com/about/legal/privacy.
  • Facebook-Page: Profiles within the social network Facebook – We are jointly responsible (so called “joint controller”) with Meta Platforms Ireland Limited for the collection (but not the further processing) of data of visitors to our Facebook page. This data includes information about the types of content users view or interact with, or the actions they take (see “Things that you and others do and provide” in the Facebook Data Policy: https://www.facebook.com/policy), and information about the devices used by users (e.g., IP addresses, operating system, browser type, language settings, cookie information; see “Device Information” in the Facebook Data Policy: https://www.facebook.com/policy). As explained in the Facebook Data Policy under “How we use this information?” Facebook also collects and uses information to provide analytics services, known as “page insights,” to site operators to help them understand how people interact with their pages and with content associated with them. We have concluded a special agreement with Facebook (“Information about Page-Insights”, https://www.facebook.com/legal/terms/page_controller_addendum), which regulates in particular the security measures that Facebook must observe and in which Facebook has agreed to fulfill the rights of the persons concerned (i.e. users can send information access or deletion requests directly to Facebook). The rights of users (in particular to access to information, erasure, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the “Information about Page Insights” (https://www.facebook.com/legal/terms/information_about_page_insights_data); Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; Standard Contractual Clauses (Safeguarding the level of data protection when processing data in third countries): https://www.facebook.com/legal/EU_data_transfer_addendum; Further Information: Joint Controllership Agreement: https://www.facebook.com/legal/terms/information_about_page_insights_data.
  • Facebook-Groups: Interest groups within the social network Facebook – We use the “Groups” function of the Facebook platform to create interest groups within which Facebook users can contact each other or us and exchange information. In doing so, we process personal data of the users of our groups as far as this is necessary for the purpose of the group use as well as its moderation. These data include information on first and last names, as well as published or privately shared content, as well as values on the status of group membership or group-related activities, such as entry or exit, as well as the time information on the aforementioned data. Our guidelines within the groups may contain further specifications and information on the use of the respective group. Furthermore, we would like to point out the processing of data of the users by Facebook itself. This data includes information about the types of content users view or interact with, or the actions they take (see under “Things You and Others Do and Provide” in the Facebook Data Policy: https://www.facebook.com/policy), as well as information about the devices users use (e.g., IP addresses, operating system, browser type, language settings, cookie data; see under “Device Information” in the Facebook Data Policy: https://www.facebook.com/policy). As explained in the Facebook Data Policy under “How do we use this information?”, Facebook also collects and uses information to provide analytics services, called “Insights” to group operators to provide them with insights about how people interact with their groups and with content associated with them; Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; Data Processing Agreement: https://www.facebook.com/legal/terms/dataprocessing; Standard Contractual Clauses (Safeguarding the level of data protection when processing data in third countries): https://www.facebook.com/legal/EU_data_transfer_addendum.
  • Facebook events: Event profiles within the social network Facebook – We use the “Events” function of the Facebook platform to refer to events and dates as well as to get in touch with users (participants and interested parties) and to exchange information. In doing so, we process personal data of the users of our event pages, as far as this is necessary for the purpose of the event page as well as its moderation. These data include information on first and last names, as well as published or privately communicated content, as well as values on the status of participation and the time information on the aforementioned data. Furthermore, we refer to the processing of data of users by Facebook itself. This data includes information about the types of content users view or interact with, or the actions they take (see under “Things You and Others Do and Provide” in the Facebook Data Policy: https://www.facebook.com/policy), as well as information about the devices users use (e.g., IP addresses, operating system, browser type, language settings, cookie data; see under “Device Information” in the Facebook Data Policy: https://www.facebook.com/policy). As explained in the Facebook Data Policy under “How do we use this information?”, Facebook also collects and uses information to provide analytics services, known as “insights” to event providers to provide them with insights about how people interact with their event pages and with content associated with them; Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; Data Processing Agreement: https://www.facebook.com/legal/terms/dataprocessing; Standard Contractual Clauses (Safeguarding the level of data protection when processing data in third countries): https://www.facebook.com/legal/EU_data_transfer_addendum.
  • LinkedIn: Social network; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Data Processing Agreement: https://legal.linkedin.com/dpa; Standard Contractual Clauses (Safeguarding the level of data protection when processing data in third countries): https://legal.linkedin.com/dpa; Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

 

Within our online services, we integrate functional and content elements that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These may, for example, be graphics, videos or city maps (hereinafter uniformly referred to as “Content”).

The integration always presupposes that the third-party providers of this content process the IP address of the user, since they could not send the content to their browser without the IP address. The IP address is therefore required for the presentation of these contents or functions. We strive to use only those contents, whose respective offerers use the IP address only for the distribution of the contents. Third parties may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may include technical information about the browser and operating system, referring websites, visit times and other information about the use of our website, as well as may be linked to such information from other sources.

Information on legal basis: If we ask users for their consent (e.g. in the context of a so-called “cookie banner consent”), the legal basis for processing is this consent. Otherwise, user data will be processed on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online services. We refer you to the note on the use of cookies in this privacy policy.

  • Processed data types: Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses); Event Data (Facebook) (“Event Data” is data that can be transmitted from us to Facebook, e.g. via Facebook pixels (via apps or other means) and relates to persons or their actions; the data includes, for example, information about visits to websites, interactions with content, functions, installations of apps, purchases of products, etc.; Event data is processed for the purpose of creating target groups for content and advertising information (Custom Audiences); Event Data does not include the actual content (such as written comments), login information, and Contact Information (such as names, email addresses, and phone numbers). Event Data is deleted by Facebook after a maximum of two years, the Custom Audiences created from them with the deletion of our Facebook account).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of Processing: Provision of our online services and usability; Marketing; Profiles with user-related information (Creating user profiles).
  • Legal Basis: Consent (Article 6 (1) (a) GDPR); Legitimate Interests (Article 6 (1) (f) GDPR).

Further information on processing methods, procedures and services used:

  • Facebook plugins and contents: Facebook Social Plugins and contents – This can include content such as images, videos or text and buttons with which users can share content from this online service within Facebook. The list and appearance of the Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/ – We are jointly responsible (so-called “joint-controllership”) with Meta Platforms Ireland Limited for the collection or transmission (but not further processing) of “Event Data” that Facebook collects or receives as part of a transmission using the Facebook Social Plugins that run on our website for the following purposes: a) displaying content advertising information that matches users’ presumed interests; b) delivering commercial and transactional messages (e.g. addressing users via Facebook Messenger); c) improving ad delivery and personalizing features and content (e.g. improving recognition of which content or advertising information is believed to be of interest to users). We have entered into a special agreement with Facebook (“Controller Addendum”, https://www.facebook.com/legal/controller_addendum), which specifically addresses the security measures that Facebook must take (https://www.facebook.com/legal/terms/data_security_terms) and in which Facebook has agreed to comply with the rights of data subjects (i.e., users can, for example, submit information access or deletion requests directly to Facebook). Note: If Facebook provides us with measurements, analyses and reports (which are aggregated, i.e. do not contain information on individual users and are anonymous to us), then this processing is not carried out within the scope of joint responsibility, but on the basis of a DPA (“Data Processing Terms”, https://www.facebook.com/legal/terms/dataprocessing/update), the “Data Security Conditions” (https://www.facebook.com/legal/terms/data_security_terms) and, with regard to processing in the USA, on the basis of Standard Contractual Clauses (“Facebook EU Data Transfer Addendum”, https://www.facebook.com/legal/EU_data_transfer_addendum). The rights of users (in particular to access to information, erasure, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook; Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland; Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy.
  • Instagram plugins and contents: Instagram plugins and contents – This can include content such as images, videos or text and buttons with which users can share content from this online service within Instagram. – We are jointly responsible (so-called “joint-controllership”) with Meta Platforms Ireland Limited for the collection or transmission (but not further processing) of “Event Data” that Facebook collects or receives as part of a transmission using Instagram functions that run on our website for the following purposes: a) displaying content advertising information that matches users’ presumed interests; b) delivering commercial and transactional messages (e.g. addressing users via Facebook Messenger); c) improving ad delivery and personalizing features and content (e.g. improving recognition of which content or advertising information is believed to be of interest to users). We have entered into a special agreement with Facebook (“Controller Addendum”, https://www.facebook.com/legal/controller_addendum), which specifically addresses the security measures that Facebook must take (https://www.facebook.com/legal/terms/data_security_terms) and in which Facebook has agreed to comply with the rights of data subjects (i.e. users can, for example, submit information access or deletion requests directly to Facebook). Note: If Facebook provides us with measurements, analyses and reports (which are aggregated, i.e. do not contain information on individual users and are anonymous to us), then this processing is not carried out within the scope of joint responsibility, but on the basis of a DPA (“Data Processing Terms”, https://www.facebook.com/legal/terms/dataprocessing/update), the “Data Security Conditions” (https://www.facebook.com/legal/terms/data_security_terms) and, with regard to processing in the USA, on the basis of Standard Contractual Clauses (“Facebook EU Data Transfer Addendum”, https://www.facebook.com/legal/EU_data_transfer_addendum). The rights of users (in particular to access to information, erasure, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook; Service provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA; Website: https://www.instagram.com; Privacy Policy: https://instagram.com/about/legal/privacy.
  • LinkedIn plugins and contents: LinkedIn plugins and contents – This can include content such as images, videos or text and buttons with which users can share content from this online service within LinkedIn; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Data Processing Agreement: https://legal.linkedin.com/dpa; Standard Contractual Clauses (Safeguarding the level of data protection when processing data in third countries): https://legal.linkedin.com/dpa; Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

We process your personal data either for the performance of a contract or to take steps prior to entering into a contract (Article 6(1)(b) GDPR) within the framework of the contractual relationship, based on your express consent (Article 6(1)(a) GDPR), if you give us your consent to be named as a reference, or for compliance with our legal obligations (Article 6(1)(c) GDPR) and on the basis of our overriding legitimate interest (Article 6(1)(f) GDPR), which consists in achieving the purposes specified in points c to i below.

Where it concerns sensitive data, we process it for the purposes of carrying out our obligations in the field of employment and social security and social protection law (Article 9(2)(b) GDPR).

The processing of your data serves primarily to carry out and process our deliveries and services. You can revoke your consent to be named as a reference at any time (see “What rights do you have in relation to data processing?“).

We will process your personal data, in the categories mentioned in Annex 1, for the following purposes in particular:

a.       Handling our delivery and service processes;

b.       Managing our customer relationships, including contacts and communication, as well as conducting an analysis of customer needs and how our products and services are used;

c.       Managing in-house visits;

d.       Analysing and forecasting customer demand;

e.       Organising events;

f.        Performing customer satisfaction analyses;

g.       Providing information about our services and events;

h.       Conducting surveys, and

i.        Implementing direct marketing and advertising campaigns via electronic and non-electronic means.

We collect your personal data either

  • from you directly, as part of our communication or business relationship, or
  • from public sources (e.g. social media, public internet sources, public attendance lists from conferences or public registers), or
  • via our employees who are in contact with you or who manage your visit to our premises.

You are not under any obligation to provide us with the personal data we ask for. However, common business or marketing processes may be delayed or prove impossible and it may become impossible for you to participate in our events if you do not provide us with your personal data. Should the provision of your data be required by law in some cases, we will inform you separately.

We will use your contact details for the purpose of sending you information about our range of services and invitations to events organised by our company by post or email (Article 6(1)(f) GDPR). You have the right to object to this processing of your data for the purpose of direct advertising at any time without stating reasons by writing to us or by sending an email to bssvpr@npgvba-pbzcbfvgrf.pbz. We will process your data for this purpose for so long as you do not object, but only up to three years after termination of the contract. The processing of your personal data for the purposes of direct advertising is not necessary for the handling of our contractual relationship.

For other forms of direct advertising, we will only process your data if you have given your express consent to the processing of your data (Article 6(1)(a) GDPR). If you have given your consent to the processing of your data, you may revoke such consent without stating reasons for doing so by writing to us or sending an email to bssvpr@npgvba-pbzcbfvgrf.pbz. Revocation does not affect the lawfulness of any processing previously conducted.

The data will be secured in terms of confidentiality and integrity as well as resilience/availability in a form consistent with state-of-the-art technology and with regard to the respective type of data.

In spite of efforts to maintain a reasonably high level of due diligence at all times, it cannot be ruled out that any information you disclose to us over the internet may be viewed and used by other persons.

Please note that we therefore do not accept any liability whatsoever for the disclosure of information due to errors not caused by us in the event of data transmission and/or unauthorised access by third parties (e.g. hack attacks on websites, email accounts or telephone lines, or the interception of faxes).

To achieve these intended purposes, it may prove necessary in some cases to disclose your data to the following recipients in particular. Such disclosure may be made by transmitting, disseminating or providing your data in any other form.

 

RECIPIENT

 

PLACE OF BUSINESS (COUNTRY)

 

BASIS FOR TRANSMISSIONS TO THIRD COUNTRIES

innpuls Werbeagentur GmbH (website management / maintenance)

 

Austria

 

Within the European Economic Area (“EEA”)

 

Mittwald CM Service GmbH & Co. KG (web hosting)

 

Germany

Within the EEA

Infotech EDV-Systeme GmbH (internet and telephone services)

 

Austria

Within the EEA

 

HEISSBAUER – Computer & Bürotechnik e.U. (within the context of IT support and remote maintenance)

 

Austria

Within the EEA

1&1 IONOS SE (email traffic and office communications)

 

Germany

Within the EEA

Legal representative

 

Austria

Within the EEA

Banks for the settlement of payment transactions

 

Austria

 

Within the EEA

 

Accountant

 

Austria

 

Within the EEA

Courts and public administrative authorities

 

Austria and, on a case-by-case basis, within the EU

 

Within the EEA

Competent public administrative authorities, in particular tax authorities

 

Austria

 

Within the EEA

Debt collection companies (abroad, therefore, only to the extent that the debt must be collected abroad)

 

Austria and, on a case-by-case basis, within the EU

Within the EEA

External financiers, such as leasing or factoring companies and assignees, if the delivery or service is financed in this way

 

Austria

 

Within the EEA

Insurance policies taken out on the occasion of the conclusion of an insurance contract for the delivery of goods/services or the occurrence of an insured event

 

Austria

Within the EEA

Contractual and business partners who are or should be involved in the delivery or service

 

Worldwide depending on the place of business

 

Necessary for the performance of a contract (Article 49(1)(b) or (c) GDPR);

Adequacy decision issued by the European Commission or measures taken to ensure that all recipients are afforded an adequate level of data protection (see “Data transfer to third countries / automated decision“)

 

Companies belonging to our group

 

Hong Kong, China, Vietnam, British Virgin Islands

Standard contractual clauses

We process your personal data either for the performance of a contract or to take steps prior to entering into a contract (Article 6(1)(b) GDPR) or for compliance with our legal obligations (Article 6(1)(c) GDPR) or on the basis of our overriding legitimate interest (Article 6(1)(f) GDPR), which consists in achieving the purposes specified in points a. to e. below.

The processing of your data serves primarily to initiate, maintain and process our contracts for goods and services.

We will process your personal data, as specified in Annex 2, for the following purposes in particular:

a.       to handle our procurement activities;

b.       to provide working materials and infrastructure to ensure efficient internal workflows;

c.       for communication purposes with our suppliers and business partners;

d.       to be able to use the products and services of our suppliers and business partners; and

e.       to administer our contracts with our suppliers and business partners.

Your personal data

  • are provided to us either by you directly (in particular in communications via email or by other means of communication) or
  • we collect your personal data ourselves in the course of our business relationship.

You are not under any obligation to provide us with the personal data we ask for. However, common business processes may be delayed or in some cases may prove impossible if you do not provide us with your personal data. Should the provision of your data be required by law in some cases, we will inform you separately.

To achieve these intended purposes, it may prove necessary in some cases to disclose your data to the following recipients in particular. Such disclosure may be made by transmitting, disseminating or providing your data in any other form. Unless you provide us with your data, we will not be able to enter into a business relationship with you.

 

RECIPIENT

 

PLACE OF BUSINESS (COUNTRY)

 

BASIS FOR TRANSMISSIONS TO THIRD COUNTRIES

 

innpuls Werbeagentur GmbH (website management / maintenance)

 

Austria

 

Within the European Economic Area (“EEA”)

 

Mittwald CM Service GmbH & Co. KG (web hosting)

 

Germany

Within the EEA

Infotech EDV-Systeme GmbH (internet and telephone services)

 

Austria

Within the EEA

 

HEISSBAUER – Computer & Bürotechnik e.U. (within the context of IT support and remote maintenance)

 

Austria

Within the EEA

1&1 IONOS SE (email traffic and office communications)

 

Germany

Within the EEA

Legal representative

 

Austria

Within the EEA

Banks for the settlement of payment transactions

 

Austria

 

Within the EEA

 

Accountant

 

Austria

 

Within the EEA

Courts and public administrative authorities

 

Austria and, on a case-by-case basis, within the EU

 

Within the EEA

Competent public administrative authorities, in particular tax authorities

 

Austria

 

Within the EEA

Debt collection companies (abroad, therefore, only to the extent that the debt must be collected abroad)

 

Austria and, on a case-by-case basis, within the EU

Within the EEA

External financiers, such as leasing or factoring companies and assignees, if the delivery or service is financed in this way

 

Austria

 

Within the EEA

Insurance policies taken out on the occasion of the conclusion of an insurance contract for the delivery of goods/services or the occurrence of an insured event

 

Austria

Within the EEA

Contractual and business partners who are or should be involved in the delivery or service

 

Worldwide depending on the place of business

 

Necessary for the performance of a contract (Article 49(1)(b) or (c) GDPR);

Adequacy decision issued by the European Commission or measures taken to ensure that all recipients are afforded an adequate level of data protection (see “Data transfer to third countries / automated decision“)

 

Statistics Austria for the preparation of the (official) statistics prescribed by law

 

Austria

Within the EEA

Customers

 

Worldwide depending on the place of business

Necessary for the performance of a contract (Article 49(1)(b) or (c) GDPR);

Adequacy decision issued by the European Commission or measures taken to ensure that all recipients are afforded an adequate level of data protection (see “Data transfer to third countries / automated decision“)

 

Companies belonging to our group

 

Hong Kong, China, Vietnam, British Virgin Islands

Standard contractual clauses

We process your personal data either to take steps prior to entering into a contract (conclusion of an employment contract, Article 6(1)(b) GDPR), based on your express consent (Article 6(1)(a) GDPR), if we would like to keep your application for a job with us on file, and/or for compliance with our legal obligations (registration of an employee with the social security fund, Article 6(1)(c) GDPR).

The processing of your data serves the purpose of handling the application process and registering you with the social security fund if we employ you. If you do not provide us with your data, we cannot process your application.

We will process your personal data, in the categories mentioned in Annex 3, for the following purposes in particular:

  • to actively approach potential employees through various channels as well as through authorised recruitment consultants;
  • to carry out human resources planning and personnel management on a global level, including to ensure adequate staffing;
  • for investment decisions;
  • to plan and manage the skills of potential employees;
  • to process applications received through various channels (e.g. email, Xing or LinkedIn);
  • to manage the application process;
  • to assert, exercise or defend legal claims;
  • to be able to refer back to applications received at a later date with regard to potential employment.

We receive this data

  • from public sources,
  • from recruitment consultants,
  • in the course of the application process in which you provide us with the data yourself (e.g. by sending us your CV by email), or
  • by taking notes during the course of the interview.

You are not under any obligation to provide us with the personal data we ask for. However, it will not be possible to complete the application process if you do not provide your personal data. Should the provision of your data be required by law in some cases, we will inform you separately.

To achieve these intended purposes, it may prove necessary in some cases to disclose your data to the following recipients in particular. Such disclosure may be made by transmitting, disseminating or providing your data in any other form.

 

RECIPIENT

 

PLACE OF BUSINESS (COUNTRY)

 

BASIS FOR TRANSMISSIONS TO THIRD COUNTRIES

 

innpuls Werbeagentur GmbH (website management / maintenance)

 

Austria

 

Within the European Economic Area (“EEA”)

 

Mittwald CM Service GmbH & Co. KG (web hosting)

 

Germany

Within the EEA

Infotech EDV-Systeme GmbH (internet and telephone services)

 

Austria

Within the EEA

 

HEISSBAUER – Computer & Bürotechnik e.U. (within the context of IT support and remote maintenance)

 

Austria

Within the EEA

1&1 IONOS SE (email traffic and office communications)

 

Germany

Within the EEA

External payroll accounting, bookkeeping, tax advice if required during the application process and for registration with the social security fund

 

Austria

 

Within the EEA

 

Companies belonging to our group

 

Hong Kong, China, Vietnam, British Virgin Islands

Standard contractual clauses

Even if the processing of data relating to you falls under “The processing of data relating to (potential) customers or customer contacts“, “The processing of data relating to suppliers and business partners and their contact persons” or “The processing of data relating to applicants“, and we therefore collect the data from and about you, i.e. it is usually you yourself who provides us with this data, it may occur in individual cases that we also obtain data from other sources. These other sources exclusively consist of publicly accessible information that we obtain from the internet or, in individual cases, from credit bureaus and agencies. The data we obtain about you from third party sources and store in our systems are limited to contact information (email address and telephone number, postal address), your position within the company, your professional history, and your assignment to or responsibility for a specific company (usually your employer or affiliated group companies or companies which are associated with your employer for other reasons), if you have not disclosed such information to us in the course of our communications with you. If you are an applicant, we may also process information drawn from publicly available sources about your professional, educational and academic background and about works you have written. However, we usually ask you directly whether you can provide this information to us if it was not made available in your application documents. The processing of this data is based on our legitimate interest in obtaining a complete data set relating to you, which is necessary for professional communications and handling the business relationship and also the application process, depending on the relationship we have with you (Article 6(1)(f) GDPR).

As a basic principle, data are not transferred to a third country or an international organisation.  Some of the recipients of your personal data mentioned under “The processing of data relating to visitors to our website and prospective customers“, “The processing of data relating to customers“, “The processing of data relating to suppliers and business partners” or “The processing of data relating to applicants” are located outside your country or process your personal data there. The level of data protection in other countries may not correspond to that in Austria. However, we only transfer your personal data to countries in respect of which the European Commission has decided that they have an adequate level of data protection or we take measures to ensure that all recipients have an adequate level of data protection, such as for example through the conclusion of standard contractual clauses (Commission Decision 2010/87/EC and/or Commission Decision 2004/915/EC). These are available on request (see the contact details under “Who is the controller for data protection purposes?“).

Automated individual decision-making, including profiling pursuant to Article 22 GDPR, does not occur.

Your personal data will only be stored by us for as long as is necessary to achieve the abovementioned purposes.

In any event, we continue to store your personal data for so long as (i) statutory retention obligations require us to do so, or (ii) any legal claims have yet to become time-barred, for the assertion or defence of which the personal data are required.

For tax purposes, we store contracts, agreements and other documents as well as related correspondence from our contractual relationship for a period of 10 years.

The data relating to applicants who are not recruited will be deleted seven months after completion of the application process unless we ask for the consent of such applicants to keep their data on file. Data relevant for assessing a claim for the reimbursement of possible interview costs under Section 1486 no. 5 of the Austrian Civil Code (ABGB) will be kept for up to three years after an interview. Our internal data protection information for employees, which can be requested during the application process, is applicable to those applicants we recruit.

Marketing data are kept for up to three years after the last contact.

You are entitled to exercise the following rights against us with regard to the personal data relating to you:

  • Right of access (Article 15 GDPR): You have the right to obtain confirmation from us as to whether we are processing personal data concerning you. Where that is the case, you have a right to access this personal data and the information specified in Article 15 GDPR.
  • Right to rectification (Article 16 GDPR): You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you and to have incomplete personal data completed.
  • Right to erasure (“right to be forgotten”; Article 17 GDPR): You have the right to obtain from us the erasure of personal data concerning you without undue delay where one of the grounds specified in Article 17 GDPR applies (e.g. data processing is no longer necessary for the purpose for which it was collected).
  • Right to restriction of processing (Article 18 GDPR): You have the right to obtain from us the restriction of processing where one of the requirements set out in Article 18 GDPR applies (e.g. in the event of an objection to data processing pending the verification whether our legitimate grounds override yours).
  • Right to data portability (Article 20 GDPR): You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us. However, you only have this right if the data processing is based on consent (Article 6(1)(a) or Article 9(2)(a) GDPR) or on a contract (Article 6(1)(b) GDPR) and the processing is carried out by automated means.

 

Right to object

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you. However, you only have this right if the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us (Article 6(1)(e) GDPR) or is necessary for the purposes of pursuing our legitimate interests or those of a third party (Article 6(1)(f) GDPR).

When exercising your right to object, we ask that you state the reasons why we should not process your personal data in the way we have done. We will examine the situation and will either stop or adapt the processing of data or show you what our compelling reasons are that are worthy of protection and continue our processing of the data. We will also continue processing data if it is intended to enable the assertion, exercise or defence of legal claims.

You may object to data processing for the purposes of direct marketing and data analysis (profiling in connection with direct marketing) at any time and free of charge. In this case we will stop processing data.

 

Right of revocation

If you have given us your consent to process your personal data, you can revoke your consent at any time. Your revocation does not affect the lawfulness of the data processing that took place up until revocation; i.e. the revocation applies to future processing.

 

How can you exercise your rights against us?

To exercise the rights mentioned above, you must inform us either in person, by telephone or in writing:

Action Composites GmbH

Molkereistraße 4, A-4910 Ried im Innkreis

Tel:        +43(0)77 52 / 21333-0

Email:     bssvpr@npgvba-pbzcbfvgrf.pbz

www.action-composites.com

 

Please note that we can only give out information if you are able to provide proof of identify.

In the event that, despite being under an obligation to process your data lawfully, your right to lawful processing of your data is violated contrary to expectations, please contact us by post or email (see the contact details above) so that we can learn about your concerns and deal with them. However, you also have the right to lodge a complaint with the Austrian Data Protection Agency or with any other data protection supervisory authority within the European Union, especially at your place of residence or work. Should you have any further questions regarding the processing of your data, please feel free to contact us directly (see the contact details above).

Our website and our services are not intended for use by minors and we do not wish to collect data from minors. In the event that a parent or other representative of a minor believes that his or her child may have provided us with personal data, please write to us using the contact details provided above and we will delete the personal data in question subject to applicable law and in accordance with this information on data protection.

Action Composites GmbH

(Reg. no. FN 368043 s, Regional Court of Ried im Innkreis)

Molkereistraße 4, A-4910 Ried im Innkreis

Tel:        +43(0)77 52 / 21333-0

Email:     bssvpr@npgvba-pbzcbfvgrf.pbz

www.action-composites.com

Personal data of (potential) clients:

  • Name
  • Title
  • Gender
  • Nationality
  • Date and place of birth
  • Company name
  • Contact details (address, email address, telephone number)
  • Communications with them

Personal data of clients:

  • Supply and service contracts that have been entered into as well as related data, including in particular
    • Object of delivery or service
    • Contact person for dealing with the delivery or service
    • Third parties involved in providing the service, including information on the nature of their involvement
    • Terms and conditions of delivery and performance (including information on the place of delivery or performance, packaging, etc.)
    • Data on customs clearance (e.g. country of origin, customs tariff number) and export control
    • Data on the insurance taken out for the delivery or service and its financing
    • Financing and payment conditions
    • Credit management data (e.g. credit limit)
    • Data on the payment or performance behaviour of the data subject
    • Dunning data/claim data
    • Account and document data
    • Performance-specific expenses and income
  • Company register/commercial register data
  • VAT identification number or Intrastat identification number
  • Tax liability and tax calculation data
  • Payment data (especially bank account)
  • Customer category

Personal data of employees at (potential) clients:

  • Name
  • Title
  • Gender
  • Company where they work and their position there
  • Date and place of birth
  • Contact details (address, email address, telephone number)
  • Content of communications (from emails and telephone calls, etc.)
  • Additional data for addressing customers, suppliers or third parties
  • Correspondence languages, other agreements and keys for the exchange of data
  • Business transactions processed by the data subject
  • Power of representation
  • Date and time of visits
  • Signature
  • Reception and response to marketing and sales initiatives
  • History of previous interactions with us
  • Professional and personal interests

Personal data of suppliers and business partners

  • Name
  • Title
  • Gender
  • Date of birth
  • Contact details (address, email address, telephone number)
  • Company register/commercial register data
  • Block indicator (e.g. contact block, invoice block, delivery block, posting block, payment block)
  • Identification number for the purposes of official statistics such as VAT number and Intrastat identification number
  • Membership of a specific purchasing association or group
  • Object of delivery or service
  • Contact person for dealing with the delivery or service
  • Third parties involved in providing the service, including information on the nature of their involvement
  • Terms and conditions of delivery and performance (including information on the place of delivery or performance, packaging, etc.)
  • Data on customs clearance (e.g. country of origin, customs tariff number) and export control
  • Data on the insurance taken out for the delivery or service and its financing
  • Tax liability and tax calculation data
  • Financing and payment conditions
  • Bank account data
  • Credit management data (e.g. credit limit, bill of exchange limit)
  • Data on the payment or performance behaviour of the data subject
  • Dunning data/claim data
  • Account and document data
  • Performance-specific expenses and income

Personal data of contact persons at suppliers and business partners

  • Name
  • Title
  • Gender
  • Associated customer, supplier or third party
  • Additional data for addressing customers, suppliers or third parties
  • Correspondence languages, other agreements and keys for the exchange of data
  • Position held by the data subject at the recipient or provider of the service
  • Scope of power of representation
  • Business transactions processed by the data subject
  • Name
  • Title (Mr/Mrs/other) including academic title
  • Name affix
  • Photo (where provided)
  • Gender
  • Address
  • Date and place of birth
  • Driving licence (yes/no)
  • Email address
  • Telephone number
  • Marital status and children
  • Nationality
  • Position for which they have applied
  • Type of application (e.g. email, Xing, LinkedIn, speculative application yes/no)
  • Earliest entry date
  • Notice period
  • Salary requirement
  • CV
  • Military service/civil service
  • Education/training (school, university, courses taken)
  • Previous professional experience
  • Personal skills and competences
  • Signature
  • Certificates and diplomas
  • Notes taken during an interview
  • Communications data (including email traffic)
  • Other data provided by you within the context of the application process