PRIVACY DECLARATION

PREAMBLE

At Swietelsky Baugesellschaft m.b.H, Edlbacherstraße 10, 4020 Linz, Österreich and its subsidiaries (collectively Swietelsky), the protection of the personal data of contact partners is a primary concern for all business partners and employees. For this reason, Swietelsky processes personal data in coordination with the relevant applicable legal provisions for the protection of personal data and data security.

The terms used in this declaration are based on the definitions in Art. 4 of the EU General Data Protection Regulation (GDPR).

I. SCOPE:

Objective: This privacy declaration regulates the handling and processing of personal data in the Swietelsky business group.

Personal: This privacy declaration applies to all employees of the Swietelsky business group as well as their partners, clients and suppliers and other people integrated in Swietelsky operations.

Time: This privacy declaration comes into effect on 25.5.2018 and are a minimum standard for the processing of personal data.

II. PURPOSE OF DATA PROCESSING:

Swietelsky processes the personal data of employees, partners, clients and suppliers for the purpose of carrying out business activities and thus fulfilling legal and contractual requirements.

1. Processing business partner data:

Swietelsky processes the personal data provided to us by stakeholders, clients, suppliers etc. for the creation of offers and the settlement of commissions and the fulfilment of the associated contractual / precontractual and legal obligations.

2. Applicants:

The contact details and application documents provided as part of an application are electronically processed by us for the purposes of selecting a suitable candidate for a service relationship. In the event of a rejection, the application documents are only kept beyond the legal retention obligations in evidence if you consent to this.

3. Website:

Responsible for the data processing activities on this website

Swietelsky Baugesellschaft m.b.H, Edlbacherstraße 10, 4020 Linz, Österreich

Data collection on our website

On the one hand, your data is collected by you communicating it to us; on the other hand, data, in particular, technical data, is collected automatically when you visit our website. Some of the data is collected in order to ensure that our website functions correctly. Other data may be used for analysis. You can find out more about this in the next section.

Used modules, plug-ins or tools

Applicant Portal

If you have decided to apply online on our applicant portal, we thank you. This will make it easier and faster for us to process your application.

We process your data which you have provided to us in the context of an application, only for the purpose and in the context of the application process in accordance with the legal regulations. As far as your application refers to a specific job advertisement, we process the data provided only for the purpose of processing this specific job. The processing of your applicant data is carried out to fulfil our (pre)contractual obligations within the framework of the application process in accordance with Art. 6 paragraph 1 lit. b GDPR. Beyond the conclusion of the application process for a position, we process your application data only to the extent that this is necessary to safeguard our legitimate interest pursuant to Art. 6 paragraph 1 lit. f GDPR or if you have expressly consented to the processing of your application data for future job advertisements. The same applies to unsolicited applications after comparing your job requirements and your qualification profile with our job offers.

Insofar as special categories of personal data within the meaning of Art. 9 paragraph 1 GDPR are voluntarily disclosed during the application process, they will be processed in accordance with Art. 9 paragraph 2 lit. b GDPR (e.g. health data, such as severely disabled status or ethnic origin) or on the basis of your consent in accordance with Art. 9 paragraph 2 lit. a GDPR (e.g. health data, insofar as these are necessary for the exercise of the profession).

In the event of a successful application, the data provided by you may be further processed by us for the purposes of the employment relationship. Otherwise, if the application for a job offer is not successful, the applicant's data will be deleted after the statutory deadlines have expired or, if you have expressly agreed to a longer period of time, after this period has expired.

Unless you have given your consent for a longer period, the data will be deleted after a period of seven months so that we can answer any follow-up questions regarding the application and comply with our obligation to provide evidence under the Equal Treatment Act. Invoices for any reimbursement of travel expenses will be archived in accordance with the provisions of tax law.

Use of cookies in general

We use cookies to make our website more user-friendly and functional. Some cookies may remain stored on your device.

Cookies are small data packages that are exchanged between your browser and web server when you visit our website. They do not cause any damage and only serve the recognition of the website visitor. The next time you visit our website using the same terminal device, the information stored in cookies may subsequently be returned either to us ("first-party cookie") or to a third-party web application to which the cookie belongs ("third-party cookie").

By storing and returning the information, the web application recognizes that you have already accessed and visited our website with the browser of your terminal device. We use this information to optimally design and display our website according to your preferences. Any further processing of personal data will only take place with your express consent pursuant to Art. 6 paragraph 1 lit. a GDPR or if this is absolutely technically necessary pursuant to Art. 6 paragraph 1 lit. f GDPR on the basis of our legitimate interest in order to be able to use the service you have called up accordingly.

Depending on the intended use and function, we detail cookies into the following 3 categories:

  • Technically necessary cookies to ensure the technical operation and basic functions of our website.
  • Statistic cookies to understand how visitors interact with our site by anonymously collecting and analyzing information
  • Marketing cookies to follow users on our website and to set targeted promotional activities

The legal basis for the use of technically necessary cookies is based on our legitimate interest pursuant to Art. 6 paragraph 1 lit. f GDPR in the technically flawless operation of our website. The use of statistics and marketing cookies requires your consent pursuant to Art. 6 paragraph 1 lit. a GDPR.

For further information on the cookies actually used by us, in particular on the purpose and duration of storage, please refer to this data protection declaration and the details on the cookies used in our cookie banner.

You can revoke your consent to the use of cookies at any time for the future in accordance with Art 7 paragraph 3 GDPR by using the setting in our cookie banner. You can also set your Internet browser so that the storage of cookies is generally prevented on your end device or you are asked each time whether you agree to the setting of cookies. Once cookies have been set, you can delete them at any time. How all this works in detail can be found in the help function of your browser.

Please note that a general deactivation of cookies may lead to functional limitations of our website.

Google Analytics (anonymized)

On this website, we use the functions of the web analysis tool Google Analytics to analyze the usage behavior and to optimize our internet presence. The provider of this service is Google Ireland Limited, Barrow Street, Dublin 4, Ireland ("Google"). Google uses cookies for this purpose. The information generated by the cookie about the use of the website such as browser type/version, operating system used, referrer URL (the previously visited page), the hostname of the accessing computer (IP address), time of the server request is usually transferred to a Google server and stored there.

On our behalf, Google will use this information to evaluate the use of our online services by users, to compile reports on activities within this online service and to provide us with other services associated with the use of this online service and our website.

The IP address transmitted by your browser will not be merged with other Google data.

We use Google Analytics only with activated IP anonymization by adding the code "anonymizeIP" to this website. This guarantees the masking of your IP address so that all data is collected anonymously. Only in exceptional cases your full IP address is transmitted to a Google server and shortened there.

The processing of your data by cookies will be based on your consent, which is queried in our cookie banner in accordance with Article 6 para. 1 lit. a GDPR. You can revoke this consent at any time with effect for the future by calling up the settings of our cookie banner and managing your consent. In addition, your data will only be processed for technical reasons in accordance with Article 6 para. 1 lit. f GDPR.

If you do not agree with the processing of your data, you can also prevent the storage of cookies at any time by making a setting in your Internet browser. Further information can be found under "Cookies" in this data protection declaration. In addition, you can prevent the collection of data by cookies by downloading and installing the browser plug-in available under the following link:http://tools.google.com/dlpage/gaoptout?hl=en. Further information on the use of data by Google, setting and objection options can be found in Google's data protection declaration (https://policies.google.com/privacy?hl=en) and in the settings for the display of advertising by Google (https://adssettings.google.com/authenticated).

If data should be processed by Google in the US, we point out that Google is certified under the Privacy Shield Agreement and thereby assures that European data protection law is observed (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). The Privacy Shield is an agreement between the European Union and the United States to ensure compliance with European data protection standards in the United States. The transfer of data to the US would, therefore, be permitted according to Article 45 GDPR.

Google Fonts

Our website uses so-called web fonts, which are provided by Google, for the uniform display of fonts on our website. Google Fonts is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). For this purpose, the browser you are using must connect to Google's servers. This will enable Google to know that your IP address has been used to access our website. The IP address of the browser of the terminal device of the visitor to these Internet pages is also stored by Google. If your browser does not support web fonts, a standard font will be used by your computer.

As far as data is processed by Google in the US, we point out that Google is certified under the Privacy Shield Agreement and thereby assures that European data protection law is observed (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). The transmission of data to the USA is therefore permitted according to Art. 45 GDPR.

The processing of your data takes place in the interest of a uniform and appealing presentation of our online offer. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

Further information on Google Fonts can be found athttps://developers.google.com/fonts/faq and in Google's privacy policy:https://policies.google.com/privacy?hl=en.

Google Maps

On our website, the "Google Maps" service is integrated via API in order to be able to display geographical information. The use of Google Maps enables Google to collect, process and use data about your use of the service. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

The data processed may include, in particular, IP addresses and location data of users, which, however, are not collected without their consent pursuant to Art. 6 para. 1 lit. a GDPR. This information is generally transmitted to and stored on Google servers. We have no influence on this data transfer. In addition, your data will only be processed on the basis of our legitimate interest in the visual representation of graphic information for the user of our website pursuant to Art. 6 Para. 1 lit. f GDPR.

As far as data are processed by Google in the US, we point out that Google is certified under the Privacy Shield Agreement and thereby assures that European data protection law is observed (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). The transmission of data to the USA is therefore permitted according to Art. 45 GDPR.

Further information can be found in Google's privacy policy, which can be found here:https://www.google.com/policies/privacy/, Opt-Out:https://adssettings.google.com/authenticated.

Google reCAPTCHA

Our website uses the "ReCAPTCHA" service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") to detect bots and prevent spam.

The purpose of reCAPTCHA is to check whether the data input on our websites is carried out by a human being or by an automated program. To this end, reCAPTCHA analyses the behaviour of website visitors on the basis of various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, length of stay of the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run completely in the background.

As far as data is processed by Google in the US, we point out that Google is certified under the Privacy-Shield-Agreement and thereby assures that European data protection law is observed (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). The transmission of data to the USA is therefore permitted according to Art. 45 GDPR.

According to Art. 6 para. 1 lit. f GDPR, the website operator has a legitimate interest in protecting his website from improper automated spying and from spam.

Further information on Google reCAPTCHA and Google's privacy policy can be found at the following links:https://policies.google.com/privacy?hl=en andhttps://www.google.com/recaptcha/intro/android.htm

Hosting and e-mailing

Within the framework of hosting our website, all data to be processed in connection with the operation of our website is stored. This is necessary to enable the operation of the website. We, therefore, process the data accordingly on the basis of our justified interest in the optimisation of our website offer pursuant to Art. 6 paragraph 1 lit. f GDPR. For the provision of our online presence, we use the services of web hosting providers to whom we make the above data available within the framework of data processing pursuant to Art 28 GDPR.

Internet presence in social media

We have internet presences in different social media to communicate with users who are active there and to inform them about our services and products.

Users' data may be processed as part of our social media appearances for advertising and market research purposes. It is possible that own user profiles are created for various interests of the users. The user profiles can subsequently be used to make for example targeted ads within and outside social media. For this purpose, cookies are used by the social media, in which the user behavior and the interests of the users are stored. Furthermore, these user profiles may also contain data on the users as members of the respective social media, as long as they are logged into them.

Our processing of personal data of users is based on our legitimate interests in information and communication with users in accordance with. Article 6 paragraph 1 lit. f GDPR. If users are asked to consent to data processing by the respective social media, the legal basis of the processing is Art. 6 paragraph 1 lit a GDPR.

For a detailed description of the respective processing of data and the possibilities for opposition or revocation, we refer to the privacy policy of the respective social media.

In the case of requests for information and other assertion of data subject rights, we point out that these are best asserted to the social media itself. Only the respective provider of the social media has access to the data of the users and can take actions directly.

Please note that for some social media data may be processed outside the European Union. With regard to US providers which are certified under the Privacy Shield, we point out that the providers commit themselves to comply with the EU data protection standards, in particular with the GDPR. The transfer of data to the US is therefore permitted with an active Privacy Shield certification according to Art. 45 GDPR.

Contact us (contact form)

When you contact us, your details will be used to process the contact inquiry and to process it in accordance with Art. 6 para. 1 lit. b GDPR. The processing of your data is necessary for the processing and answering of your inquiry, otherwise, we will not be able to answer your inquiry or only to a limited extent. The data may be stored in a customer and interested party database on the basis of our legitimate interest in direct marketing pursuant to Art. 6 para. 1lit. f GDPR.

We delete your inquiry and your contact data, provided that your inquiry has been answered conclusively and the deletion does not conflict with any statutory retention periods, e.g. in the context of a subsequent contract processing. This is usually the case if you have not been in contact with us for at least three years.

Server Log Files

For technical reasons, in particular, to ensure a functional and secure Internet presence, we store technically necessary data about access to our website in so-called server log files, which your browser automatically transmits to us. The following data will be logged:

  • Visited website
  • Browser type/version used
  • Operating system used
  • referrer URL (the previously visited page)
  • Hostname of the accessing computer
  • Time of the server request
  • Amount of data sent
  • Hostname of the accessing computer (IP address used)

These data are not assigned to any natural persons and serve only evaluations to improve our website. These data are only transmitted to our web site provider. A connection or combination of these data with other data sources does not take place. If our website is used illegally, we reserve the right to check this data subsequently. The use of this data is based on our legitimate interest pursuant to Art. 6 paragraph 1 lit. f GDPR in the technically error-free presentation and optimization of our website.

The data will be deleted shortly after completion of the purpose, usually after a few days, as long as no further storage is necessary for evidence purposes. Otherwise, the data will be kept until the final clarification of an incident.

data security

Within your visit to our website, we use the widespread SSL procedure (Secure Socket Layer) in conjunction with the highest level of encryption supported by your browser on the basis of our justified interest in the use of suitable encryption techniques in accordance with Art. 6 para. 1 lit. f GDPR. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed representation of the key or lock symbol in the lower status bar of your browser.

We also make use of suitable technical and organisational security measures in accordance with Art. 32 GDPR to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments and kept state-of-the-art.

E-mail

If you send us enquiries by E-mail, your details including the contact details you provided will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We expressly point out that data transmission on the Internet (e.g. communication by E-mail) is subject to security gaps and cannot be completely protected against access by third parties.

Commercial advertising

The use of the contact data of our imprint or our website for commercial advertising is expressly not desired unless we give a written consent. All persons named on this website hereby object to any commercial use and disclosure of this data.

You can delete cookies which are already on your computer at any time. The process for doing this varies according to the browser, please refer to your browser instructions (under ‘help’ on the browser menu)

III. LEGAL BASIS FOR PROCESSING:

According to the data protection guidelines applicable in the EU, there must be a legal basis to process your personal data. The relevant applicable legal basis depends on which of these defined purposes your personal data is processed for:

In certain cases, you must have given permission for the collection and processing of your personal data. If you give permission you can revoke it later. Please be aware that revoking your permission has no effect on processing which has already taken place.

In other cases the processing of your personal data may be necessary to adhere to the applicable legal conditions and guidelines or to fulfil a contract relating to you.

In other cases again your personal data may be processed due to a justified interest to communicate with you about our services.

IV. PRINCIPLES FOR PROCESSING PERSONAL DATA:

The processing of personal data at Swietelsky is based on strict principles, which prioritise the protection and security of data and the rights of those affected.

Lawfulness & transparency: Data protection is conducted lawfully and in good faith.

Earmarking: the data is collected and processed for defined, clear and legitimate purposes. The processing of data is not conducted in ways not corresponding to these purposes.

Data minimisation: Only data, which is absolutely necessary for the given purposes is collected and processed. If it is possible to achieve the purpose and the effort required is reasonable, only anonymised data is processed.

Memory limitation and deletion: Personal data is deleted as soon as the purpose for which it was originally collected ceases to apply and legal retention times do not prevent deletion. If in individual cases there are interest parties to this data worthy of protection, it is stored until the interested parties worthy of protection have been legally cleared.

Data security: Data confidentiality applies to personal data. The data is to be treated as confidential and protected against unauthorised access, improper manipulation or forwarding as well as against loss and destruction using relevant organisational and technical measures.

Factual correctness: Personal data is to be kept correct, in full and up to date. Applicable measures are met to correct outdated, incorrect or incomplete data.

V. DATA TRANSFER:

Personal data is only transferred to recipients outside of the Swietelsky business group and recipients in third party EU countries in compliance with applicable laws and on a lawful basis as well as observing the highest level of confidentiality and data security. We do not sell or lease personal data to third parties for their own marketing purposes.

Personal data is transferred to recipients within the Swietelsky group to fulfil legal requirements and simplify group-wide administrative activities. Here, the data is only transferred adhering to the legal framework conditions.

The following categories of recipients exist in the sense of art. 13 sec. 1 lit e GDPR

  • Affiliate companies of the responsible party
  • Subcontractors, general contractors, suppliers
  • Processors, provided they need the data to fulfil their relevant services
  • Authorities, public bodies and institutions
  • Notaries, legal and tax advisers, collection service providers and experts for the enforcement, practice or defence of legal claims
  • Auditing firms for the fulfilment of accountability
  • Insurance companies
  • Credit and financial institutes or comparable institutions
  • Courts for the enforcement, practice or defence of legal claims
  • Arbitration boards

VI. OBLIGATION TO MAINTAIN DATA CONFIDENTIALITY:

All employees of the Swietelsky business group and employees of the contractual partners are contractually obligated to maintain confidentiality and are regularly informed and instructed on the safe handling of personal and other critical data.

VII. DATA SECURITY:

The protection of the confidentiality, availability and integrity of data is a significant task for Swietelsky. The same applies equally to operational secrets, client data, personal data and other critical information.

For this purpose, technical and organisational safety measures are established and continually improved in accordance with the current standard of technology and internationally recognised best practices and safety standards.

VIII. DATA PROTECTION OFFICERS:

Swietelsky is not required to appoint a data protection officer as article 37, section 1 of the EU GDPR does not apply. Due to the importance of data protection, Swietelsky has decided to voluntarily appoint a data protection officer. This officer is available to those affected and the data protection authorities as a point of contact under datenschutz@swietelsky.com.

IX. RIGHTS OF THOSE AFFECTED:

You have the right:

  • to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may request information on the processing purposes, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right of rectification, deletion, restriction of processing or objection, the existence of a right of complaint, the origin of your data if not collected from us, as well as the existence of an automated decision-making process including profiling and, if applicable, meaningful information on its details;
  • to demand the immediate correction of incorrect or incomplete personal data stored by us in accordance with Art. 16 GDPR;
  • to demand the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims;
  • to demand the restriction of the processing of your personal data in accordance with Art. 18 GDPR if the correctness of the data is disputed by you, the processing is unlawful but you refuse its deletion and we no longer need the data but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;
  • to receive, in accordance with Art. 20 GDPR, your personal data which you have provided to us in a structured, common and machine-readable format or to request the transfer to another responsible person;
  • pursuant to Art 21 GDPR, if your personal data is processed on the basis of our legitimate interest, to object to the processing of your personal data if there are reasons for doing so which arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us without stating a particular situation.
  • In accordance with Art. 7 paragraph 3 GDPR, you have the right to revoke your consent to us at any time. The consequence of this is that we may no longer continue the data processing based on this consent in the future.
  • Pursuant to Art. 77 GDPR, you are entitled to complain to a supervisory authority regarding the unlawful processing of your data by us. As a rule, you can contact the supervisory authority at your usual place of residence or workplace or at our company headquarters.

Every data subject whose data is processed by Swietelsky may at any time invoke the above mentioned rights and assert it with Swietelsky. To exercise your rights, you can always contact us in writing via e-mail to datenschutz@swietelsky.com.

The responsible supervisory authority for Swietelsky Baugesellschaft m.b.H is:

Österreichische Datenschutzbehörde

X. CONTINUAL CONTROL AND IMPROVEMENT:

The continual improvement of quality and processes is very important to Swietelsky. There are defined processes for continually increasing quality, which has also been proven with a certification in accordance with ISO 9001. Adherence to data protection guidelines and the applicable legislation and the effectiveness of data protection and data security measures is measured and increased continually with the help of this process to ensure the data protection measures are run optimally.