Your data is safe with Action Composites GmbH! We have a duty to protect your data and we are particularly aware of the need to do so. This is why when processing your personal data in the performance of our duties we comply, in particular, with the applicable data protection provisions of the General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG).

The following provides you with more information about our data processing activities. Please take the time to read our privacy statement carefully in order to find out why we collect your data and in what form we will process it i) if you visit our website or are a prospective customer of ours (see in particular "The processing of data relating to visitors to our website and prospective customers"), ii) if you are a (potential) customer of ours or one of its contact persons (see in particular "The processing of data relating to (potential) customers or customer contacts"), iii) if you are one of our suppliers or business partners (see in particular "The processing of data relating to suppliers and business partners and their contact persons"), or iv) if you apply for a job with us (see in particular "The processing of data relating to applicants"). To find out what data we collect about you from third party sources, please see the section entitled "The collection of personal data from sources other than the data subject himself/herself (Article 14 GDPR)".

Insofar as references are made to persons in the masculine form only, either on our website or in this information on data protection, such references should be understood as being gender-neutral and as such they refer to men, women and the third gender equally.

Personal data are any pieces of information relating to an identified or identifiable natural person. This means all data that personally relates to you, e.g. your name, address, email addresses, billing data, IP addresses, and user behaviour.

Action Composites GmbH

(Reg. no. FN 368043 s, Regional Court of Ried im Innkreis)

Molkereistraße 4, A-4910 Ried im Innkreis

Tel:        +43(0)77 52 / 21333-0

Email:     office@action-composites.com

 

As we are not legally obliged to, we have not appointed a data protection officer and given his/her name to the data protection authority.

We use appropriate technical and organisational measures (TOMs) and security measures to prevent unauthorised access, unlawful processing and unauthorised or accidental loss of your data. This includes for example the encryption of your communications with us via this website based on the Secure Socket Layer (SSL) encryption protocol.

You can check the quality of our encryption here: https://www.ssllabs.com/ssltest.

It is important to stress that by transmitting data over the internet your data may be exposed to security breaches and vulnerabilities as it is not possible to provide complete protection against unauthorised access by third parties.

We are required to keep secret any data from processing activities that have been entrusted or made accessible to us exclusively on the basis of our professional activities, without prejudice to other obligations of confidentiality imposed by law, unless there exist legitimate grounds warranting the transmission of the data so entrusted or made accessible (data secrecy, Section 6 of the Data Protection Act).

Likewise, our employees are subject to a duty of confidentiality pursuant to Section 6 of the Data Protection Act.

We process your personal data either for the purposes of pursuing our legitimate interests (Article 6(1)(f) GDPR), namely to ensure the operation, security and optimisation of our website, or for the purposes of processing the enquiries you send to us by email or make over the telephone (Article 6(1)(a) GDPR). You give us your consent by making the request.

To improve the information we provide, the following data are processed and evaluated on our website when you visit our website:

  • Browser type,
  • Operating system and its interface,
  • Model name of the mobile phone and a generic device identifier,
  • Country, date, time and duration of access,
  • IP address of the user's computer and pages visited, including entry and exit pages,
  • Time zone difference to Greenwich Mean Time (GMT),
  • Access status / HTTP status code,
  • Volume of data transmitted,
  • Website from which the request comes (referrer URL),
  • Language and version of the browser software.

 

We evaluate these data for statistical purposes with a view to optimising the services on our website. In addition, these data are stored for a period of three months and then deleted unless statutory retention obligations prevent us from deleting the data in question. Data may be stored for a longer period should this prove necessary to help investigate attacks on this website.

The web server is located in Germany (https://www.mittwald.de/). The data are not used to identify persons visiting this website.

 

To achieve these intended purposes, it may prove necessary in some cases to disclose your data to the following recipients in particular. Such disclosure may be made by transmitting, disseminating or providing your data in any other form.

RECIPIENT

PLACE OF BUSINESS (COUNTRY)

BASIS FOR TRANSMISSION TO THIRD COUNTRIES

innpuls Werbeagentur GmbH (website management / maintenance)

 

Austria

 

Within the European Economic Area ("EEA")

 

Mittwald CM Service GmbH & Co. KG (web hosting)

 

Germany

Within the EEA

Infotech EDV-Systeme GmbH (internet and telephone services)

 

Austria

Within the EEA

 

HEISSBAUER – Computer & Bürotechnik e.U. (Within the context of IT support and remote maintenance)

 

Austria

Within the EEA

1&1 IONOS SE (email traffic)

 

Germany

Within the EEA

Cooperation partner (companies belonging to our group, accountants), to the extent necessary for the processing of enquiries

 

Austria and, on a case-by-case basis, within the EU and/or worldwide

 

Adequacy decision issued by the European Commission or measures taken to ensure that all recipients are afforded an adequate level of data protection (see "Data transfer to third countries / automated decision")

 

Use of cookies

We use "cookies" to improve the operation of our websites. Cookies are small text files that can be stored on your computer when you visit a website. Generally speaking, cookies are used to offer users additional functionality on a website. Cookies cannot access, read or modify any other data on your computer.

We use cookies that

  • will be deleted when you close your browser (session cookies),
  • remain on your end device even after you close your browser (permanent cookies),
  • originate from us (first party cookies) or from third parties (third party cookies).

 

We process data gathered by cookies on the following legal bases and for the following purposes:

  • We use cookies that are absolutely necessary for the functioning of our websites on a legal basis.
  • We use all other cookies on the basis of your consent.

You have the following options in particular to revoke your consent or place restrictions on certain cookies:

  • Use the settings in your browser. You can find details in your browser's help function (this can usually be accessed by pressing the F1 key on your keyboard).
  • You can visit http://www.youronlinechoices.com/uk/your-ad-choices to analyse which cookies are used in your case. You can deactivate them individually or collectively. This service is offered by the European Interactive Digital Advertising Alliance.

The revocation of your consent does not affect the lawfulness of the processing that took place based on your consent prior to revocation.

Please note that the functionality of our websites may be limited if you revoke or limit your consent.

You can find details of the cookies we use below:

 

Use of Google Analytics

This website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter "Google"). Google Analytics uses what are known as "cookies", i.e. text files stored on your computer and which make it possible to analyse your use of the website.

The purpose is to count and measure the number of hits on our website and the content published there. On our behalf, Google makes use of the information collected to evaluate your use of our website, produce reports on website activities and provide other services to us related to the use of the website and the internet.

Article 6(1)(a) GDPR provides the legal basis for data processing. In this respect, you have a right of revocation that can be exercised at any time. However, revocation does not affect the lawfulness of the processing of data conducted up until revocation.

If you accept the cookies on our cookie banner, you give your consent to Google to place these cookies on your device.

No cookies are set by Google Analytics if you reject the cookies.

The information generated by the cookie concerning your use of this website (including your IP address and the URLs of the websites you visit) is transferred to and stored on servers operated by Google in the United States. We do not store any of your data collected in connection with Google Analytics. The relationship with Google and the transmission of information to Google is based on an appropriateness decision of the European Commission: EU-US Privacy Shield Agreement ("Privacy Shield").

This website takes advantage of the possibility of IP anonymisation offered by Google Analytics. Your IP address will therefore be shortened/anonymised by Google as soon as Google receives your IP address. On our behalf, Google will make use of this information to evaluate your use of the website, produce reports on website activities and provide other services to us related to the use of the website and the internet. The IP address transmitted by your browser in the context of Google Analytics will not be merged by Google with other data.

You can prevent the storage of cookies by changing your browser settings accordingly. However, we wish to draw your attention to the fact that if you do so you will not be able to take full advantage of all of the functions of this website. You can also prevent Google from collecting your data in connection with Google Analytics by downloading and installing the browser plug-in available from the following link: https://tools.google.com/dlpage/gaoptout? hl=en.

You can also prevent the collection of your data by Google Analytics on this website by clicking on the link below. It will set an opt-out cookie that will prevent your data from being collected in future when you visit this website:

Deactivate Google Analytics

You can find more information on Google Analytics Terms of Service by visiting https://marketingplatform.google.com/about/analytics/terms/gb/ and Google's privacy policy is available at https://www.google.com/policies/privacy/.

 

Use of Google Web Fonts

This website uses so-called web fonts in order to display fonts consistently. To ensure compliance with the GDPR, we have stored these fonts locally on our server and integrated them into our website in such a way that no data are exchanged with Google.

 

Use of Web Fonts

This website uses so-called web fonts provided by Monotype GmbH (fonts.com and fast.fonts.net) in order to display fonts consistently. To ensure compliance with the GDPR, we have stored these fonts locally on our server and integrated them into our website in such a way that no data are exchanged with Monotype GmbH.

 

Use of Adobe Typekit (now Adobe Fonts)

We use Adobe Typekit to display fonts on our website. Adobe Typekit is a service that provides access to a font library. It is provided by Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe). To ensure compliance with the GDPR, we have stored these fonts locally on our server and integrated them into our website in such a way that no data are exchanged with Adobe.

 

Use of YouTube videos

We have integrated YouTube videos into our online offering. The videos are stored at https://www.YouTube.com and can be played directly from our website.

Article 6(1)(a) GDPR provides the legal basis for data processing. In this respect, you have a right of revocation that can be exercised at any time.

If you accept the cookies on our cookie banner, you give your consent to Google to place these cookies on your device.

No YouTube cookies are set if you reject the cookies.

In addition, our YouTube videos on this website are embedded in "enhanced privacy mode", which means that no data about you as a user is transferred to YouTube if you do not play the videos. Data will only be transferred if you play the videos. We have no influence on this data transfer.

If you are logged in to Google, your information is directly associated with your account.

If you do not wish such information to be associated with your profile on YouTube, you must log out before playing the video.

You have the right to object to the creation of these user profiles, but you must contact YouTube to exercise this right.

Please see YouTube's privacy policy for more information on the purpose and scope of data collection and processing by YouTube. There you will also find more information on your rights and the settings that can help protect your privacy: https://www.google.com/policies/privacy/. Google also processes your personal data in the USA and is subject to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.

By integrating YouTube, DoubleClick by Google is normally also activated.  However, we have added the word "nocookie" to the video links so that DoubleClick is no longer activated in compliance with the GDPR. You can find general information on DoubleClick by Google at https://www.google.de/doubleclick. Visit https://www.google.com/policies/privacy/ for general information on data protection at Google.

 

Use of Amazon Cloud Front – CDN

To make our website faster and more secure, we use Amazon Cloud Front as our Content Delivery Network (CDN). The CDN provider is Amazon Web Services Inc, 440 Terry Ave N, Seattle, WA 98109, USA. Of course, we want to offer you the best possible service via our website. Amazon Cloud Front helps us make our website faster and more secure. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR. A CDN is a network of servers connected via the internet. Amazon has such servers all over the world, enabling websites to load faster on your screen. Put simply, Amazon makes copies of our website and places them on its own servers. When you visit our website, a load balancing system makes sure that most parts of our website are delivered from the server that can display our website the fastest. A CDN significantly shortens the distance that data has to travel to reach your browser. The content of our website is therefore delivered to you by Amazon not only from our hosting server, but also from servers located all over the world. In the majority of cases, the data that Amazon receives, such as IP addresses, security fingerprints, DNS protocol data and performance data for websites, are derived from browser activity. Log data for example helps Amazon identify new threats. In this way, Amazon is able to ensure a high level of security protection for our website. Amazon processes this data within the context of the services it provides, in compliance with applicable laws. This of course includes the GDPR. Amazon Web Services is an active participant in the EU-US Privacy Shield Framework, which regulates the correct and secure transfer of personal data. You can find more information by visiting https://aws.amazon.com/compliance/eu-us-privacy-shield-faq/.

We would like to point out that you have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you, in accordance with Article 21 GDPR. This only applies if the data processing is necessary to protect our legitimate interests or those of a third party (Article 6(1)(f) GDPR). For information on how to exercise your right to object, see "What rights do you have in relation to data processing?"

We process your personal data either for the performance of a contract or to take steps prior to entering into a contract (Article 6(1)(b) GDPR) within the framework of the contractual relationship, based on your express consent (Article 6(1)(a) GDPR), if you give us your consent to be named as a reference, or for compliance with our legal obligations (Article 6(1)(c) GDPR) and on the basis of our overriding legitimate interest (Article 6(1)(f) GDPR), which consists in achieving the purposes specified in points c to i below.

Where it concerns sensitive data, we process it for the purposes of carrying out our obligations in the field of employment and social security and social protection law (Article 9(2)(b) GDPR).

The processing of your data serves primarily to carry out and process our deliveries and services. You can revoke your consent to be named as a reference at any time (see "What rights do you have in relation to data processing?").

We will process your personal data, in the categories mentioned in Annex 1, for the following purposes in particular:

a.       Handling our delivery and service processes;

b.       Managing our customer relationships, including contacts and communication, as well as conducting an analysis of customer needs and how our products and services are used;

c.       Managing in-house visits;

d.       Analysing and forecasting customer demand;

e.       Organising events;

f.        Performing customer satisfaction analyses;

g.       Providing information about our services and events;

h.       Conducting surveys, and

i.        Implementing direct marketing and advertising campaigns via electronic and non-electronic means.

We collect your personal data either

  • from you directly, as part of our communication or business relationship, or
  • from public sources (e.g. social media, public internet sources, public attendance lists from conferences or public registers), or
  • via our employees who are in contact with you or who manage your visit to our premises.

You are not under any obligation to provide us with the personal data we ask for. However, common business or marketing processes may be delayed or prove impossible and it may become impossible for you to participate in our events if you do not provide us with your personal data. Should the provision of your data be required by law in some cases, we will inform you separately.

We will use your contact details for the purpose of sending you information about our range of services and invitations to events organised by our company by post or email (Article 6(1)(f) GDPR). You have the right to object to this processing of your data for the purpose of direct advertising at any time without stating reasons by writing to us or by sending an email to office@action-composites.com. We will process your data for this purpose for so long as you do not object, but only up to three years after termination of the contract. The processing of your personal data for the purposes of direct advertising is not necessary for the handling of our contractual relationship.

For other forms of direct advertising, we will only process your data if you have given your express consent to the processing of your data (Article 6(1)(a) GDPR). If you have given your consent to the processing of your data, you may revoke such consent without stating reasons for doing so by writing to us or sending an email to office@action-composites.com. Revocation does not affect the lawfulness of any processing previously conducted.

The data will be secured in terms of confidentiality and integrity as well as resilience/availability in a form consistent with state-of-the-art technology and with regard to the respective type of data.

In spite of efforts to maintain a reasonably high level of due diligence at all times, it cannot be ruled out that any information you disclose to us over the internet may be viewed and used by other persons.

Please note that we therefore do not accept any liability whatsoever for the disclosure of information due to errors not caused by us in the event of data transmission and/or unauthorised access by third parties (e.g. hack attacks on websites, email accounts or telephone lines, or the interception of faxes).

To achieve these intended purposes, it may prove necessary in some cases to disclose your data to the following recipients in particular. Such disclosure may be made by transmitting, disseminating or providing your data in any other form.

 

RECIPIENT

 

PLACE OF BUSINESS (COUNTRY)

 

BASIS FOR TRANSMISSIONS TO THIRD COUNTRIES

innpuls Werbeagentur GmbH (website management / maintenance)

 

Austria

 

Within the European Economic Area ("EEA")

 

Mittwald CM Service GmbH & Co. KG (web hosting)

 

Germany

Within the EEA

Infotech EDV-Systeme GmbH (internet and telephone services)

 

Austria

Within the EEA

 

HEISSBAUER – Computer & Bürotechnik e.U. (within the context of IT support and remote maintenance)

 

Austria

Within the EEA

1&1 IONOS SE (email traffic and office communications)

 

Germany

Within the EEA

Legal representative

 

Austria

Within the EEA

Banks for the settlement of payment transactions

 

Austria

 

Within the EEA

 

Accountant

 

Austria

 

Within the EEA

Courts and public administrative authorities

 

Austria and, on a case-by-case basis, within the EU

 

Within the EEA

Competent public administrative authorities, in particular tax authorities

 

Austria

 

Within the EEA

Debt collection companies (abroad, therefore, only to the extent that the debt must be collected abroad)

 

Austria and, on a case-by-case basis, within the EU

Within the EEA

External financiers, such as leasing or factoring companies and assignees, if the delivery or service is financed in this way

 

Austria

 

Within the EEA

Insurance policies taken out on the occasion of the conclusion of an insurance contract for the delivery of goods/services or the occurrence of an insured event

 

Austria

Within the EEA

Contractual and business partners who are or should be involved in the delivery or service

 

Worldwide depending on the place of business

 

Necessary for the performance of a contract (Article 49(1)(b) or (c) GDPR);

Adequacy decision issued by the European Commission or measures taken to ensure that all recipients are afforded an adequate level of data protection (see "Data transfer to third countries / automated decision")

 

Companies belonging to our group

 

Hong Kong, China, Vietnam, British Virgin Islands

Standard contractual clauses

We process your personal data either for the performance of a contract or to take steps prior to entering into a contract (Article 6(1)(b) GDPR) or for compliance with our legal obligations (Article 6(1)(c) GDPR) or on the basis of our overriding legitimate interest (Article 6(1)(f) GDPR), which consists in achieving the purposes specified in points a. to e. below.

The processing of your data serves primarily to initiate, maintain and process our contracts for goods and services.

We will process your personal data, as specified in Annex 2, for the following purposes in particular:

a.       to handle our procurement activities;

b.       to provide working materials and infrastructure to ensure efficient internal workflows;

c.       for communication purposes with our suppliers and business partners;

d.       to be able to use the products and services of our suppliers and business partners; and

e.       to administer our contracts with our suppliers and business partners.

Your personal data

  • are provided to us either by you directly (in particular in communications via email or by other means of communication) or
  • we collect your personal data ourselves in the course of our business relationship.

You are not under any obligation to provide us with the personal data we ask for. However, common business processes may be delayed or in some cases may prove impossible if you do not provide us with your personal data. Should the provision of your data be required by law in some cases, we will inform you separately.

To achieve these intended purposes, it may prove necessary in some cases to disclose your data to the following recipients in particular. Such disclosure may be made by transmitting, disseminating or providing your data in any other form. Unless you provide us with your data, we will not be able to enter into a business relationship with you.

 

RECIPIENT

 

PLACE OF BUSINESS (COUNTRY)

 

BASIS FOR TRANSMISSIONS TO THIRD COUNTRIES

 

innpuls Werbeagentur GmbH (website management / maintenance)

 

Austria

 

Within the European Economic Area ("EEA")

 

Mittwald CM Service GmbH & Co. KG (web hosting)

 

Germany

Within the EEA

Infotech EDV-Systeme GmbH (internet and telephone services)

 

Austria

Within the EEA

 

HEISSBAUER – Computer & Bürotechnik e.U. (within the context of IT support and remote maintenance)

 

Austria

Within the EEA

1&1 IONOS SE (email traffic and office communications)

 

Germany

Within the EEA

Legal representative

 

Austria

Within the EEA

Banks for the settlement of payment transactions

 

Austria

 

Within the EEA

 

Accountant

 

Austria

 

Within the EEA

Courts and public administrative authorities

 

Austria and, on a case-by-case basis, within the EU

 

Within the EEA

Competent public administrative authorities, in particular tax authorities

 

Austria

 

Within the EEA

Debt collection companies (abroad, therefore, only to the extent that the debt must be collected abroad)

 

Austria and, on a case-by-case basis, within the EU

Within the EEA

External financiers, such as leasing or factoring companies and assignees, if the delivery or service is financed in this way

 

Austria

 

Within the EEA

Insurance policies taken out on the occasion of the conclusion of an insurance contract for the delivery of goods/services or the occurrence of an insured event

 

Austria

Within the EEA

Contractual and business partners who are or should be involved in the delivery or service

 

Worldwide depending on the place of business

 

Necessary for the performance of a contract (Article 49(1)(b) or (c) GDPR);

Adequacy decision issued by the European Commission or measures taken to ensure that all recipients are afforded an adequate level of data protection (see "Data transfer to third countries / automated decision")

 

Statistics Austria for the preparation of the (official) statistics prescribed by law

 

Austria

Within the EEA

Customers

 

Worldwide depending on the place of business

Necessary for the performance of a contract (Article 49(1)(b) or (c) GDPR);

Adequacy decision issued by the European Commission or measures taken to ensure that all recipients are afforded an adequate level of data protection (see "Data transfer to third countries / automated decision")

 

Companies belonging to our group

 

Hong Kong, China, Vietnam, British Virgin Islands

Standard contractual clauses

We process your personal data either to take steps prior to entering into a contract (conclusion of an employment contract, Article 6(1)(b) GDPR), based on your express consent (Article 6(1)(a) GDPR), if we would like to keep your application for a job with us on file, and/or for compliance with our legal obligations (registration of an employee with the social security fund, Article 6(1)(c) GDPR).

The processing of your data serves the purpose of handling the application process and registering you with the social security fund if we employ you. If you do not provide us with your data, we cannot process your application.

We will process your personal data, in the categories mentioned in Annex 3, for the following purposes in particular:

  • to actively approach potential employees through various channels as well as through authorised recruitment consultants;
  • to carry out human resources planning and personnel management on a global level, including to ensure adequate staffing;
  • for investment decisions;
  • to plan and manage the skills of potential employees;
  • to process applications received through various channels (e.g. email, Xing or LinkedIn);
  • to manage the application process;
  • to assert, exercise or defend legal claims;
  • to be able to refer back to applications received at a later date with regard to potential employment.

We receive this data

  • from public sources,
  • from recruitment consultants,
  • in the course of the application process in which you provide us with the data yourself (e.g. by sending us your CV by email), or
  • by taking notes during the course of the interview.

You are not under any obligation to provide us with the personal data we ask for. However, it will not be possible to complete the application process if you do not provide your personal data. Should the provision of your data be required by law in some cases, we will inform you separately.

To achieve these intended purposes, it may prove necessary in some cases to disclose your data to the following recipients in particular. Such disclosure may be made by transmitting, disseminating or providing your data in any other form.

 

RECIPIENT

 

PLACE OF BUSINESS (COUNTRY)

 

BASIS FOR TRANSMISSIONS TO THIRD COUNTRIES

 

innpuls Werbeagentur GmbH (website management / maintenance)

 

Austria

 

Within the European Economic Area ("EEA")

 

Mittwald CM Service GmbH & Co. KG (web hosting)

 

Germany

Within the EEA

Infotech EDV-Systeme GmbH (internet and telephone services)

 

Austria

Within the EEA

 

HEISSBAUER – Computer & Bürotechnik e.U. (within the context of IT support and remote maintenance)

 

Austria

Within the EEA

1&1 IONOS SE (email traffic and office communications)

 

Germany

Within the EEA

External payroll accounting, bookkeeping, tax advice if required during the application process and for registration with the social security fund

 

Austria

 

Within the EEA

 

Companies belonging to our group

 

Hong Kong, China, Vietnam, British Virgin Islands

Standard contractual clauses

Even if the processing of data relating to you falls under "The processing of data relating to (potential) customers or customer contacts", "The processing of data relating to suppliers and business partners and their contact persons" or "The processing of data relating to applicants", and we therefore collect the data from and about you, i.e. it is usually you yourself who provides us with this data, it may occur in individual cases that we also obtain data from other sources. These other sources exclusively consist of publicly accessible information that we obtain from the internet or, in individual cases, from credit bureaus and agencies. The data we obtain about you from third party sources and store in our systems are limited to contact information (email address and telephone number, postal address), your position within the company, your professional history, and your assignment to or responsibility for a specific company (usually your employer or affiliated group companies or companies which are associated with your employer for other reasons), if you have not disclosed such information to us in the course of our communications with you. If you are an applicant, we may also process information drawn from publicly available sources about your professional, educational and academic background and about works you have written. However, we usually ask you directly whether you can provide this information to us if it was not made available in your application documents. The processing of this data is based on our legitimate interest in obtaining a complete data set relating to you, which is necessary for professional communications and handling the business relationship and also the application process, depending on the relationship we have with you (Article 6(1)(f) GDPR).

As a basic principle, data are not transferred to a third country or an international organisation.  Some of the recipients of your personal data mentioned under "The processing of data relating to visitors to our website and prospective customers", "The processing of data relating to customers", "The processing of data relating to suppliers and business partners" or "The processing of data relating to applicants" are located outside your country or process your personal data there. The level of data protection in other countries may not correspond to that in Austria. However, we only transfer your personal data to countries in respect of which the European Commission has decided that they have an adequate level of data protection or we take measures to ensure that all recipients have an adequate level of data protection, such as for example through the conclusion of standard contractual clauses (Commission Decision 2010/87/EC and/or Commission Decision 2004/915/EC). These are available on request (see the contact details under "Who is the controller for data protection purposes?").

Automated individual decision-making, including profiling pursuant to Article 22 GDPR, does not occur.

Your personal data will only be stored by us for as long as is necessary to achieve the abovementioned purposes.

In any event, we continue to store your personal data for so long as (i) statutory retention obligations require us to do so, or (ii) any legal claims have yet to become time-barred, for the assertion or defence of which the personal data are required.

For tax purposes, we store contracts, agreements and other documents as well as related correspondence from our contractual relationship for a period of 10 years.

The data relating to applicants who are not recruited will be deleted seven months after completion of the application process unless we ask for the consent of such applicants to keep their data on file. Data relevant for assessing a claim for the reimbursement of possible interview costs under Section 1486 no. 5 of the Austrian Civil Code (ABGB) will be kept for up to three years after an interview. Our internal data protection information for employees, which can be requested during the application process, is applicable to those applicants we recruit.

Marketing data are kept for up to three years after the last contact.

You are entitled to exercise the following rights against us with regard to the personal data relating to you:

  • Right of access (Article 15 GDPR): You have the right to obtain confirmation from us as to whether we are processing personal data concerning you. Where that is the case, you have a right to access this personal data and the information specified in Article 15 GDPR.
  • Right to rectification (Article 16 GDPR): You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you and to have incomplete personal data completed.
  • Right to erasure ("right to be forgotten"; Article 17 GDPR): You have the right to obtain from us the erasure of personal data concerning you without undue delay where one of the grounds specified in Article 17 GDPR applies (e.g. data processing is no longer necessary for the purpose for which it was collected).
  • Right to restriction of processing (Article 18 GDPR): You have the right to obtain from us the restriction of processing where one of the requirements set out in Article 18 GDPR applies (e.g. in the event of an objection to data processing pending the verification whether our legitimate grounds override yours).
  • Right to data portability (Article 20 GDPR): You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us. However, you only have this right if the data processing is based on consent (Article 6(1)(a) or Article 9(2)(a) GDPR) or on a contract (Article 6(1)(b) GDPR) and the processing is carried out by automated means.

 

Right to object

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you. However, you only have this right if the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us (Article 6(1)(e) GDPR) or is necessary for the purposes of pursuing our legitimate interests or those of a third party (Article 6(1)(f) GDPR).

When exercising your right to object, we ask that you state the reasons why we should not process your personal data in the way we have done. We will examine the situation and will either stop or adapt the processing of data or show you what our compelling reasons are that are worthy of protection and continue our processing of the data. We will also continue processing data if it is intended to enable the assertion, exercise or defence of legal claims.

You may object to data processing for the purposes of direct marketing and data analysis (profiling in connection with direct marketing) at any time and free of charge. In this case we will stop processing data.

 

Right of revocation

If you have given us your consent to process your personal data, you can revoke your consent at any time. Your revocation does not affect the lawfulness of the data processing that took place up until revocation; i.e. the revocation applies to future processing.

 

How can you exercise your rights against us?

To exercise the rights mentioned above, you must inform us either in person, by telephone or in writing:

Action Composites GmbH

Molkereistraße 4, A-4910 Ried im Innkreis

Tel:        +43(0)77 52 / 21333-0

Email:     office@action-composites.com

www.action-composites.com

 

Please note that we can only give out information if you are able to provide proof of identify.

In the event that, despite being under an obligation to process your data lawfully, your right to lawful processing of your data is violated contrary to expectations, please contact us by post or email (see the contact details above) so that we can learn about your concerns and deal with them. However, you also have the right to lodge a complaint with the Austrian Data Protection Agency or with any other data protection supervisory authority within the European Union, especially at your place of residence or work. Should you have any further questions regarding the processing of your data, please feel free to contact us directly (see the contact details above).

Our website and our services are not intended for use by minors and we do not wish to collect data from minors. In the event that a parent or other representative of a minor believes that his or her child may have provided us with personal data, please write to us using the contact details provided above and we will delete the personal data in question subject to applicable law and in accordance with this information on data protection.

Action Composites GmbH

(Reg. no. FN 368043 s, Regional Court of Ried im Innkreis)

Molkereistraße 4, A-4910 Ried im Innkreis

Tel:        +43(0)77 52 / 21333-0

Email:     office@action-composites.com

www.action-composites.com

Personal data of (potential) clients:

  • Name
  • Title
  • Gender
  • Nationality
  • Date and place of birth
  • Company name
  • Contact details (address, email address, telephone number)
  • Communications with them

Personal data of clients:

  • Supply and service contracts that have been entered into as well as related data, including in particular
    • Object of delivery or service
    • Contact person for dealing with the delivery or service
    • Third parties involved in providing the service, including information on the nature of their involvement
    • Terms and conditions of delivery and performance (including information on the place of delivery or performance, packaging, etc.)
    • Data on customs clearance (e.g. country of origin, customs tariff number) and export control
    • Data on the insurance taken out for the delivery or service and its financing
    • Financing and payment conditions
    • Credit management data (e.g. credit limit)
    • Data on the payment or performance behaviour of the data subject
    • Dunning data/claim data
    • Account and document data
    • Performance-specific expenses and income
  • Company register/commercial register data
  • VAT identification number or Intrastat identification number
  • Tax liability and tax calculation data
  • Payment data (especially bank account)
  • Customer category

Personal data of employees at (potential) clients:

  • Name
  • Title
  • Gender
  • Company where they work and their position there
  • Date and place of birth
  • Contact details (address, email address, telephone number)
  • Content of communications (from emails and telephone calls, etc.)
  • Additional data for addressing customers, suppliers or third parties
  • Correspondence languages, other agreements and keys for the exchange of data
  • Business transactions processed by the data subject
  • Power of representation
  • Date and time of visits
  • Signature
  • Reception and response to marketing and sales initiatives
  • History of previous interactions with us
  • Professional and personal interests

Personal data of suppliers and business partners

  • Name
  • Title
  • Gender
  • Date of birth
  • Contact details (address, email address, telephone number)
  • Company register/commercial register data
  • Block indicator (e.g. contact block, invoice block, delivery block, posting block, payment block)
  • Identification number for the purposes of official statistics such as VAT number and Intrastat identification number
  • Membership of a specific purchasing association or group
  • Object of delivery or service
  • Contact person for dealing with the delivery or service
  • Third parties involved in providing the service, including information on the nature of their involvement
  • Terms and conditions of delivery and performance (including information on the place of delivery or performance, packaging, etc.)
  • Data on customs clearance (e.g. country of origin, customs tariff number) and export control
  • Data on the insurance taken out for the delivery or service and its financing
  • Tax liability and tax calculation data
  • Financing and payment conditions
  • Bank account data
  • Credit management data (e.g. credit limit, bill of exchange limit)
  • Data on the payment or performance behaviour of the data subject
  • Dunning data/claim data
  • Account and document data
  • Performance-specific expenses and income

Personal data of contact persons at suppliers and business partners

  • Name
  • Title
  • Gender
  • Associated customer, supplier or third party
  • Additional data for addressing customers, suppliers or third parties
  • Correspondence languages, other agreements and keys for the exchange of data
  • Position held by the data subject at the recipient or provider of the service
  • Scope of power of representation
  • Business transactions processed by the data subject
  • Name
  • Title (Mr/Mrs/other) including academic title
  • Name affix
  • Photo (where provided)
  • Gender
  • Address
  • Date and place of birth
  • Driving licence (yes/no)
  • Email address
  • Telephone number
  • Marital status and children
  • Nationality
  • Position for which they have applied
  • Type of application (e.g. email, Xing, LinkedIn, speculative application yes/no)
  • Earliest entry date
  • Notice period
  • Salary requirement
  • CV
  • Military service/civil service
  • Education/training (school, university, courses taken)
  • Previous professional experience
  • Personal skills and competences
  • Signature
  • Certificates and diplomas
  • Notes taken during an interview
  • Communications data (including email traffic)
  • Other data provided by you within the context of the application process