Legal information and data protection
Protecting the personal data of its associates is of great importance to Swietelsky AG, Edlbacherstraße 10, 4020 Linz, Austria and its subsidiaries (together Swietelsky). For this reason, Swietelsky processes personal data in accordance with the applicable legal directives for the protection of personal information and data protection.
The terminology used in this policy is based around the definitions given in article 4 of the EU General Data Protection Regulation (GDPR).
2. Processing Policies
Swietelsky’s processing of personal data is regulated by strict policies, which highly value the protection and security of data and the rights of the data subjects.
Legitimacy and Transparency: Data is processed in a lawfully, reasonable and fair manner.
Purpose Limitation: Data will be processed and complied for specified, clear and legitimate purposes. Data will not be processed in any manner that is incompatible with these purposes.
Data Minimisation: Data will only be processed and compiled when it is necessary to do so. Where the purpose of the data processing permits, the data will be anonymised.
Storage Limitation and Deletion: Personal data will be deleted as soon as the purpose for which it was compiled expires and legal retention periods do not prohibit deletion. If in individual cases there are interests in this data that are worthy of protection, they will continue to be stored until the interest worthy of protection has been legally clarified.
Data Protection: Data secrecy is applicable for personal data. The data shall be treated confidentially and shall be protected by appropriate organisational and technical measures against unauthorised access, unlawful manipulation or disclosure as well as against loss and destruction.
Factual Accuracy: Personal data must be kept accurate, complete and up to date. Reasonable measures are taken to correct outdated, incorrect or incomplete data.
3. Data Protection
The protection of data confidentiality, availability and integrity is an essential task of Swietelsky. This applies equally for corporate secrets, client information, personal data and other critical information.
For this purpose, technical and organisational security measures have been established and continue to be improved according to internationally recognised Best Practices.
4. Data Secrecy
All employees of Swietelsky corporate group and of its contractual partners are obliged to maintain secrecy and are regularly instructed and trained on the secure handling of personal data and other critical data.
5. Continuing Checks and Improvement
Swietelsky highly values continuing quality and process improvement. There are defined processes for continuingly increasing quality, which have been in place for years and are certified according to ISO 9001. Compliance with data protection guidelines and applicable legislation, as well as the effectiveness of data protection and data security measures, is continuously measured and improved with the help of these processes in order to be able to guarantee optimal data protection measures.
I. Legal Information acc. to GDPR
1. Information acc. to Art. 13 of GDPR
2. Responsible Person within the Meaning of Art. 24 GDPR
Swietelsky Group (henceforth Swietelsky, WE or the Responsible Person)
3. Data Protection Officer
Swietelsky is not required to appoint a Data Protection Officer as Article 37(1) of the EU GDPR is not applicable. Given how important data protection is, Swietelsky has chosen to appoint a Data Protection Officer voluntarily. This person is available to be contacted by data subjects and by the data protection authority at firstname.lastname@example.org.
- what information we will compile and for what reason;
- how we will use this information;
- your data subject rights
We have tried to present this information as simply as possible.
5. Legal Basis of Data Processing
Swietelsky processes personal data exclusively on one of the following legal bases:
- Your consent
- On a contractual basis
- for legitimate interests
Data is processed on the website exclusively in accordance with the legal provisions (GDPR, Telecommunications Act 2003).
- In the instance that Analysis Tools are used, the data is used pursuant to Art. 6 para. 1 subpara. f (legitimate interest) of the GDPR. The legitimate interest for data processing is the improvement of the website and the performance measurement of online advertisements.
- The use of IT Data Protection Measures takes place pursuant to the basis of Art. 6 para. 1 subpara. f (legitimate Interest) of the GDPR. The legitimate interest for using data is to safeguard the company's own IT systems.
- Social Media Plugins are only used with consent. The legal basis for this is Art. 6 para. 1 subpara. a of the GDPR. Consent must be given again each time the website is accessed.
II. Data Processing, Purpose and Legal Basis
Swietelsky processes the personal information of employees, partners, clients and suppliers for the purpose of providing the business activity and fulfilling related legal and contractual requirements.
1. Processing the Data of Business Partners
Swietelsky processes the personal data provided by interested parties, clients, suppliers, etc. in order to prepare offers and process orders as well as to fulfil the associated contractual/pre-contractual and legal obligations.
When you contact us, the personal data you provide us with will be used to process and handle your enquiry in accordance with Art. 6 para. 1 subpara. a and b of the GDPR. It is necessary to process your data in order to process and respond to your enquiry, otherwise we would not be able to respond to your enquiry or would only be able to respond to it to a limited extent.
We will delete your enquiry and your contact details once your enquiry has been conclusively answered and there are no legal retention periods preventing deletion, e.g. in the context of subsequent contract processing. This is usually the case if we have not had any contact with you for three years.
3. Job Applicants
When submitting your application to SWIETELSKY, you expressly agree to SWIETELSKY processing your personal data, and that SWIETELSKY is entitled to transmit, process and use this information within the SWIETELSKY group. The transfer, processing and use of the data is limited to the purposes of searching for personnel or staff administration.
Processing may also be done electronically. This is the case particularly when your application documents are sent electronically, for example by email or a career portal.
If the application results in an employment contract, the data submitted will be processed in accordance with legal regulations.
However, if it does not result in employment, your information will be deleted 6 months later, pursuant to legal regulations, so long as no other legitimate interests or record-keeping consent prevent deletion.
The processing of the application documents you send takes places on the basis of your consent acc. to Art. 6 para. 1 subpara. a of the GDPR.
In the event that we are provided with special categories of personal data within the meaning of Art. 9 para. 1 of the GDPR voluntarily as part of the application process, this data will be processed pursuant to Art. 9 para. 2 subpara. b of the GDPR (e.g. health data, such as disability, or ethnic background) or, with your consent, pursuant to Art. 9 para. 2 subpara. a of the GDPR (e.g. health data, to the extent that this is necessary for practising the profession).
4. Server Log Files (Access Data)
For technical reasons, particularly to guarantee functioning and secure internet access, we process technically useful data regarding access to our website in so called server log files, which are automatically shared with us by your browser.
We process the following access data:
- Name of the directing website
- Browser type used, incl. version
- Operating system used by the visitor
- Sites previously visited by the visitor (referrer URL)
- Time of the server request
- Amount of transferred data
- Host name of the accessing computer (IP address used, anonymised if necessary)
The opportunity for us to use this data, within the legal framework of Art. 6 para. 1 subpara. f of the GDPR, for the purposes of
- guaranteeing problem-free connection to the website,
- guaranteeing comfortable use of our website,
- evaluation system security and stability, as well as
- for further administrative purposes
is currently being exercised by us. The compiled data will under no circumstances be used to draw conclusions about your person.
The access data is automatically deleted after 120 days , so long as no further retention is required for evidentiary purposes. Otherwise, the data is kept until any incident is finally resolved.
III. Data Transfer
Any transfer of personal data to recipients outside the Swietelsky Corporate Group as well as recipients in EU third countries will only take place in accordance with the applicable laws on a lawful basis and subject to the highest level of confidentiality and data security. We do not sell or loan out any personal information to third parties for marketing purposes.
Personal information will be transferred to recipients within the Swietelsky Group in order to fulfil legal requirements and to simplify group-wide administrative activities. Data transferring takes place exclusively in compliance with the legal framework.
There are the following recipient categories in accordance with Art. 13 para. 1 subpara. e of the GDPR
- Affiliates of the responsible person
- Subcontractors, general contractors, suppliers
- Processor, so far as they require the data to fulfil their respective services
- State agencies, public offices and institutions
- Notaries, legal and tax advisors, collection service providers and experts for the establishment, exercise or defence of legal claims
- Auditing firms for fulfilling accounting obligations
- Insurance companies
- Credit and finance institutions or similar establishments
- Courts for the establishment, exercise or defence of legal claims
- Industrial tribunals
1. Data Transfer to Third Parties
With the exception of the following stated purposes, your personal data will not be transferred to third parties.
We will only transfer your personal information to third parties if the following conditions are satisfied:
- You have given your express consent according to Art. 6 para. 1 sub. a of the GDPR,
- disclosure is necessary in accordance with Art. 6 para. 1 lit. f of the GDPR to protect the interests of the company and to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest in the non-disclosure of your data that merits protection,
- in the event that disclosure is legally required pursuant to Art. 6 para. 1 subpara. c of the GDPR and that
- this is legally permissible and necessary pursuant to Art. 6 para. 1 subpara. c of the GDPR in order to process contractual relationships with you.
SWIETELSKY can give your personal information to suppliers, who provide services on our behalf in accordance with our instructions.
SWIETELSKY can also give your personal information to our affiliate businesses and partners.
Furthermore, SWIETELSKY may disclose your personal information if we are legally or judicially required to do so, or if we believe that disclosure is necessary or appropriate to prevent physical harm or financial loss.
SWIETELSKY reserves the right to transfer any personal information we may have about you if we sell or transfer all or part of our business or assets (including in the event of a reorganisation, dissolution or liquidation).
2. Data Transfers
The countries that we will transfer your personal information to are
- within the EU or
• outside the EU
When we transfer personal information from the European Union to countries or international organisations outside the European Union, the transfer is made on the basis of:
- an agreement with the European Commission;
- If there is no such document due to other legally permissible reasons such as the existence of a legally binding and enforceable document between the authorities or public bodies, binding internal company rules, standard data protection clauses and approved or certified codes of conduct.
In exceptional cases, data transfer may take place pursuant to Art. 49 of the GDPR:
- 49 para. 1 subpara. a of the GDPR
the data subject has given their explicit consent regarding the proposed data transfer after having been informed of the possible risks to them of any such data transfer in the absence of an agreement or appropriate safeguards,
- 49 para. 1 subpara. b of the GDPR
the transfer is necessary in order to fulfil a contract between the data subject and the responsible person or to carry out pre-contractual measures upon request by the affected person,
- 49 para. 1 subpara. c of the GDPR
the transfer is necessary in order to complete or fulfil a contract in the interest of the data subject between the responsible person and another natural or judicial person.
IV. Data Subject Rights
- You have the right:
according to Art. 15 of the GDPR to request information about which of your personal information we are processing. Specifically, you may request information about the processing purposes, the type of personal data, the types of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction or objection to processing, the existence of a right to complain, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about any details thereof;
- according to Art. 16 of the GDPR to immediately request the Correction of incorrect or incomplete personal information stored by us;
- according to Art. 17 of the GDPR to request the Deletion of any of your personal information stored by us, except where such processing is necessary in order to exercise the right to freedom of expression and information, to comply with a legal obligation, for reasons of public interest or to establish, exercise or defend legal claims;
- according to Art. 18 of the GDPR to request the Restriction of the processing of your personal information if its accuracy is disputed by you, if the processing is illegitimate, but you object to its erasure and we no longer need the information, but you need it to assert, exercise or defend legal claims, or you have objected to the processing pursuant to Art. 21 DSGVO;
- according to Art. 20 of the GDPR to request that the personal information you have provided to us be sent to you in a structured, commonly used and machine-readable format, or to request that it be transferred to another responsible party;
- according to Art. 21 of the GDPR to object to the processing of your personal information if it is processed on the basis of our legitimate interest, provided that there are grounds for doing so which arise from your particular situation or if the objection is directed against direct marketing. Regarding the previous case, you have a general right to object, which will be implemented by us without specifying a specific situation.
- according to Art. 7 para. 3 of the GDPR to revoke your consent at any time. This would have the consequence that we may no longer continue the data processing based on this consent for the future.
- according to Art. 77 of the GDPR to complain to a regulatory authority regarding the unlawful processing of your data by us. Generally, you can contact the regulatory authority for your place of residence, workplace or our company's registered office for this purpose.
1. Recognition of the Rights of Data Subjects
Each data subject, whose data is processed by Swietelsky, has the opportunity to invoke any of the aforementioned data subject rights at any time with Swietelsky.
To exercise your rights as a data subject, you can send an email to email@example.com any time.
We cannot process data subject’s requests without first successfully establishing identity. For this reason, we ask that you support us in the identification process.
2. Right to complain
If you believe that the processing of your data contravenes data protection regulations or that your data protection rights have been violated in any other way, you can complain to the regulatory authority.
The responsible regulatory authority for Swietelsky Group is:
Austrian Data Protection Authority: Tel.: +43 1 52 152-0, firstname.lastname@example.org
V. General Cookies
Cookies are small data packages, which are exchanged between your browser and web server during your visit to our website. These do no harm and simply allow us to recognise website users. Cookies can only save data that is sent from your browser, which means information that you have entered into the browser yourself or that is present on the website. Cookies cannot run code and cannot be used to access your device. The next time you visit our website using the same device, the data stored in cookies may subsequently be sent back either to us ("first-party cookie") or to a third-party web application to which it belongs ("third-party cookie"). Through the stored and transmitted data, each web application recognises that you have already opened and visited the website using this browser on your device.
We classify cookies into the following categories depending on their purpose and function:
Technically necessary Cookies needed to ensure the technical operation of the basic website functions. This type of Cookies would be used for example to retain your settings as you navigate the website; or they can ensure that important information is retained throughout your session (e.g. login, shopping cart).
Statistic Cookies are used in order to understand how visitors interact with our website, for this information is only collected and analysed anonymously. Through this we obtain valuable findings that we can use to optimise our products and services.
Marketing Cookies in order to give visitors to our website targeted adverts.
Unclassified Cookies are cookies, which we are currently trying to classify together with providers of individual cookies.
We also classify cookies into Session Cookies and Permanent Cookies depending on how long they are stored. Session Cookies save information which is used during your current visit. These cookies are automatically deleted when we close the browser. With these, no information remains on your device. Permanent Cookies save information between multiple visits to the website. With this information, you will be recognised as a returning visitor and the website will react accordingly. The operational lifetime of Permanent Cookies is determined by its provider.
Please note that a general deactivation of cookies may lead to functional restrictions on our website.
VI. Google Tools
1. Google Analytics
This website uses Google Analytics, a website analysis service from Google Inc. (henceforth: Google). Google Analytics uses so called “Cookies”, or text information, which are saved on your computer and allow for the use of a website to be analysed. The information generated by the cookies about your use of this website is usually transferred to a Google server in the United States and stored there. Due to the activation of the IP anonymisation on this website, however, your IP address will be shortened by Google within the member states of the European Union or in the EEA. Only in exceptional cases is the full IP address transferred to a Google server in the United States and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your website use, to compile reports on website activities and to provide further services to the website operator in connection with the use of the website and the internet. The IP address transmitted by your browser within the scope of Google Analytics is not merged with other Google data.
You can prevent cookies from being saved by changing the preferences of their browser software accordingly; however, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent. Furthermore, you can prevent the data generated by cookies and related to their use of the website (including your IP address) from being gathered by Google and then processed by Google by downloading and installing the browser plug-in available at the following link: Browser Add-On to disable Google Analytics.
Processing is carried out on the basis of our legitimate interests pursuant to Art. 6 para. 1 subpara. f of the GDPR.
We use the function “activate IP anonymisation” on this website. Using this, your IP address will be shortened by Google within the member states of the European Union or in the EEA. Only in exceptional cases is the full IP address transferred to a Google server in the United States and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your website use, to compile reports on website activities and to provide further services to the website operator in connection with the use of the website and the internet. The IP address transmitted by your browser within the scope of Google Analytics is not merged with other Google data.
2. Google Tag Manager
The website uses Google Tag Manager. This service allows website tags to be managed via an interface. The Google Tag Manager only implements tags. No cookies are implemented and no personal information is gathered. The Google Tag Manager triggers other tags that may collect data. The Google Tag Manager does not access this data. In the event that there has been an opt-out at the domain or cookie level, it will remain in place for all tracking tags, insofar as these are implemented with the Google Tag Manager. More information on the Google Tag Manager is available at the following link: Google Tag Manager Use Policy | Google Tag Manager – Google
The user has the opportunity to prevent all Google Tag Manager tags from being sent. For this, the user must click on the following opt-out link, to place the Google Tag Manager deactivation cookie in his browser.
Further information can be found in the Use Policy at Google Tag Manager Use Policy | Google Tag Manager – Google
3. Google Maps
Detailed instructions on how to manage your own data in connection with Google products can be found here.
VII. Social Media und Third Party Tools
We take the current discussions regarding data protection on social media platforms very seriously, as we also have an active social media presence ourselves, in order to inform active users there about our products. The specific social media used by us are shown by their logos on our website. In regard to this, we would like to state that due to current case law, there is a joint responsibility pursuant to Art. 26 of the GDPR between us and each operator of the social network. We have taken the necessary precautions for this, insofar as the provider allows. The primary responsibility for the processing of personal information, pursuant to the GDPR, with each social network belongs to the provider of said social network.
In the case of enforcing the rights of data subjects, we maintain that these must be enforced with the social networks themselves. As operators, we make no decision regarding the processing of data on social media. Only the respective provider has access to the users' data and thus only this provider can take direct action.
The social network’s respective contractual terms apply.
For a detailed description of all data processing and the opportunity to reject or revoke consent, please see the privacy policies of each social media platform.
VIII. SSL Encryption
In order to protect the security of your data when it is being transferred, we use current state of the art encryption techniques (e.g. SSL) over HTTPS. You can recognise an encrypted connection by the text string "https://" and the lock symbol in your URL bar
IX. Amendments and Additions
We reserve the right to make amendments or additions to the information content at any time and without prior notice. If any sections or specific phrases of this text do not comply, no longer comply or do not fully comply with the applicable legislation, the content and validity of the remaining parts of the document shall remain unaffected.