The protection of the personal data of employees and of interlocutors at all business partners is of great importance to Swietelsky AG, Edlbacherstraße 10, 4020 Linz, Austria and its subsidiaries (collectively referred to as Swietelsky). That is why Swietelsky processes personal data in accordance with applicable laws regarding data protection and data security.
The terms used here follow the definitions in Art. 4 of the EU's General Data Protection Regulation (GDPR).
II. PURPOSE OF THE DATA PROCESSING
Swietelsky processes the personal data of employees, partners, customers and suppliers for the purposes of conducting its business operations and fulfilling the legal and contractual requirements this entails.
1. Processing of the data of business partners:
Swietelsky processes the personal data provided by interested parties, customers, suppliers etc. to create offers and to execute orders as well as to fulfill the associated contractual/pre-contractual and legal obligations.
We process the contact data and application documents submitted as part of an application for the purpose of selecting suitable candidates for employment. In the event of a rejection, the application documents are only kept until the end of any legal retention period, unless you consent to them being retained for longer.
Data controller for this website
Swietelsky AG, Edlbacherstraße 10, 4020 Linz, Austria
Data collection on our website
Your data are collected when you provide them to us; data, in particular technical data, are also automatically collected when your visit our website. Some of these data are collected to ensure the error-free functioning of our website. Other data may be used for analysis. You can find out more about this in the section below.
Modules, plug-ins and tools used
If you have chosen to apply online via our career page, thank you for your application. By applying online you make things easier for us and so speed up the processing of your application.
We process the personal data that you provide as part of an application only for the purpose and in the framework of the application process and in accordance with the legal requirements. If your application refers to a specific job posting, we process the provided data exclusively for this job opening. The processing of your application data ensues for the purpose of fulfilling our (pre-)contractual obligations in the context of the application process in accordance with Art. 6 (1) (b) GDPR. After the conclusion of the application process for a position, we process your application data only to the extent that this is necessary pursuant to Art. 6 (1) (f) GDPR to ensure our legitimate interests, or if you have explicitly agreed to the processing of your application data for future job postings. This also applies to speculative applications once we have compared your desired positions and your qualification profile with our open positions.
If special categories of personal information within the meaning of Art. 9 (1) GDPR are transmitted voluntarily in the context of the application process, they are processed in accordance with Art. 9 (2) (b) GDPR (e.g. health data such as severe invalidity, or ethnic origin) or on the basis of your consent pursuant to Art. 9 (2) (a) GDPR (e.g. health data, insofar as these are necessary to exercise the profession).
If your application is successful, the data provided by you may be further processed by us for the purposes of the employment relation. Otherwise, as soon as an application to a job posting was unsuccessful, the data of the applicants are deleted upon the expiry of the legal retention periods or, if you have explicitly consented to a longer retention period, upon the expiry of that period.
If you have not consented to a longer retention period, deletion occurs after a period of seven months, so that we can answer any subsequent enquiries regarding the application and can fulfil our evidential duties under the Austrian Employment Equality Act. Invoices for any travel expenses are archived in accordance with the applicable tax regulations.
Social media presence
We take the current debate around data protection in social media very seriously, because we also have a social media presence, which we use to inform users of our offerings. The actual social media platforms used by us are represented by their logos on our site. In this regard, we note that according to current jurisprudence we share joint responsibility with the operators of the respective social media platforms within the meaning of Art. 26 GDPR. We have taken the requisite measures, to the extent that the providers have enabled us to do so. However, according to the GDPR the primary responsibility for the processing of personal data on the respective social media platform lies with the respective platform provider. In the event that data subjects wish to assert their rights, these should ideally be asserted directly vis-à-vis the social media platforms. We, as users, make no decisions concerning the processing of data on social media. Only the respective provider has access to the users' data, and therefore only the provider can take concrete measures.
For a detailed description of the respective data processing and the options for objecting or revoking consent, we refer readers to the privacy policies of the respective social media platforms.
In some cases, user data on some social media platforms may be processed outside the territory of the European Union. With regard to US providers certified through the Privacy Shield, we point out that the providers undertake to observe the data protection standards of the European Union, in particular the GDPR. The transmission of data to the USA is permissible according to Art. 45 GDPR with a valid Privacy Shield certification.
A selection of the major providers of social media platforms, including additional information, can be found here:
Provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Additional information: https://www.facebook.com/legal/terms/information_about_page_insights_data
Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
Joint responsibility: https://www.facebook.com/legal/terms/page_controller_addendum
Provider: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany
Additional information: https://privacy.xing.com/de/datenschutzerklaerung
Provider: LinkedIn Ireland, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
Additional information: https://www.linkedin.com/legal/privacy-policy
Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active
Provider: Pinterest Inc., 635 High Street, Palo Alto, 94301 California, USA
Additional information: https://about.pinterest.com/de/privacy-policy
Provider: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, 94301 California, USA
Additional information: https://twitter.com/de/privacy
Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Additional information: https://policies.google.com/privacy
Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Cookies in general
Cookies are small data packages that are exchanged between your browser and the Web server when you visit our website. They are not harmful and only serve to recognise the website's visitors. Cookies can only store information that is provided by your browser, i.e. information that you yourself have entered into the browser or that is on the website. Cookies cannot execute code and cannot be used to access your device. The next time you visit our website from the same device, the information stored in the cookies can be sent back to us ("first-party cookies") or to a Web application of a third party to whom the cookie belongs ("third-party cookies"). The stored and returned information allows the respective Web application to recognise that you have already called up and visited the website with the browser on your device.
Depending on their purpose and function, cookies are divided into the following categories:
- Technically required cookies to ensure the technical operation and basic functionality of our website. This type of cookies is used e.g. to save your settings while you navigate around the website; or they can ensure that important information is saved for the duration of the session (e.g. login, shopping cart).
- Statistics cookies serve to understand how visitors interact with our website; the information that is collected and analysed is anonymised. This provides us with valuable insights that allow us to optimise our website as well as our products and services.
- Marketing cookies to set targeted advertising activities for visitors to our website.
- Unclassified cookies are cookies that we are currently attempting to classify together with the providers of individual cookies.
We also classify cookies as session or permanent cookies, based on the length of storage. Session cookies save information that is used during your current browser session. These cookies are automatically deleted when you close the browser. No information remains on your device. Permanent cookies save information between two visits to the website. With this information, your device is recognised when you visit the website again and the website reacts accordingly. The life of a permanent cookie is determined by the cookie's provider.
Furthermore, you can also configure your Internet browser to always prevent the storing of cookies on your device or to always ask you if you consent to the setting of cookies. You can always delete cookies that have already been set. You can find more details in the help function of your browser.
Please note that the general deactivation of cookies may restrict the functionality of our website.
Integration of third-party services and contents
To analyse and optimise our online presence, our website uses third-party content or service offerings in order to display their contents and services, e.g. videos or fonts.
This always requires that the third-party providers of these contents can recognise a user's IP address, as this is necessary to display these contents. We make efforts to only use contents whose providers use the IP address exclusively to deliver the contents. The processing of your data is based on our legitimate interest to optimise our online offering in accordance with Art. 6 (1) (f) GDPR. Third-party providers may also use so-called pixel tags (invisible graphics also known as "Web beacons") for statistical or marketing purposes. The pixel tags enable the evaluation of information such as visitor traffic to the pages of this website. The pseudonymous information may also be stored in cookies on the users' devices and contain, amongst others, technical information on the browser and operating system, referring website, time of visit and other information on the use of our online offering, and may also be combined with such information from other sources.
The processing of your data in the cookies is based on your consent in accordance with Art. 6 (1) (a) GDPR. You may revoke this consent with future effect at any time.
For the analysis, optimisation and economic operation of our online offering, our website uses the so-called "Facebook pixel" of the social media platform Facebook, operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). We are jointly responsible with Facebook for this data processing pursuant to Art. 26 GDPR.
The Facebook pixel allows Facebook to identify the visitors of our online offering as a target group for the display of advertising (so-called Facebook ads). We therefore use the Facebook pixel in order to display ads on Facebook only to those Facebook users who have demonstrated an interest in our online offering or who have certain characteristics (e.g. interest in certain subjects or products, as determined by the websites they visit) that we transmit to Facebook (so-called "custom audiences"). The Facebook pixel also lets us ensure that our Facebook ads correspond to the potential interests of the users and are not irritating. The Facebook pixel additionally enables us to measure the effectiveness of our Facebook ads for statistical and market research purposes by letting us see whether users were directed to our website after clicking on a Facebook ad ("conversion").
The processing of your data in the cookies is based on your consent in accordance with Art. 6 (1) (a) GDPR. You may revoke this consent with future effect at any time.
You may also object to the collection of your data by the Facebook pixel and its use to display Facebook ads,
To configure what types of ads should be shown to you on the Facebook platform, you can call up the page set up by Facebook and follow the instructions regarding the configuration of usage-based advertising: https://www.facebook.com/settings?tab=ads. The settings are platform-independent, i.e. they are applied across all devices, whether desktop computer, laptop, smartphone etc.
Insofar as data is to be processed by Facebook in the USA, we would like to point out that Facebook Inc., headquartered in the USA, is certified under the Privacy Shield agreement and thereby assures that it adheres to European data protection laws (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active). The Privacy Shield is an agreement between the European Union and the USA that is meant to ensure that EU data protection standards are assured in the USA. In accordance with Art. 45 GDPR, the transmission of data to the USA is therefore permissible.
Our website uses the functions of the Web analysis service Google Analytics to analyse user behaviour and to optimise our online presence. This service is provided by Google Ireland Limited, Barrow Street, Dublin 4, Ireland ("Google"). Information on the use of the website, such as browser type/version, used operating system, previously visited site, hostname of the accessing device (IP address), and time of server call-up are usually transmitted to a server of Google and stored there. To this end, we have concluded a data processing agreement with Google pursuant to Art. 28 GDPR.
Google will use this information on our behalf to evaluate the use of our website, to generate reports on the activities within our website and to provide us with additional services associated with the use of our website and the use of the Internet. According to Google, the IP address provided by your browser will not be combined with other data owned by Google.
We only use Google Analytics in conjunction with IP anonymisation; to this end, we have added the code "anonymizeIP" to this website. This guarantees that your IP address is masked, ensuring that all the data collected is anonymous. Only in exceptional cases is the full IP address transmitted to a Google server and shortened there.
Data on the use of our website are immediately deleted after the end of the retention period set by us. Google Analytics offers the following options for the retention period: 14 months, 26 months, 38 months, 50 months, do not delete automatically. You can enquire about the retention period we have currently set at any time.
The processing of your data with the help of Google Analytics is based on your explicit consent in accordance with Art. 6 (1) (a) GDPR. You may revoke this consent with future effect at any time in accordance with Art. 7 (3) GDPR.
Furthermore, you may prevent the collection of data by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
Insofar as data is to be processed by Google in the USA, we would like to point out that Google is certified under the Privacy Shield agreement and thereby assures that it observes European data protection laws (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). The Privacy Shield is an agreement between the European Union and the USA that is meant to ensure that EU data protection standards are assured in the USA. In accordance with Art. 45 GDPR, the transmission of data to the USA is therefore permissible.
Google Tag Manager
Our website uses the Google Tag Manager service provide by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The Tag Manager is a service through which we can administer website tags via an interface. It allows us to integrate code snippets like tracking codes or conversion pixels into websites without accessing the source code. The data is only transmitted by Tag Manager, but not collected or stored by it. The Tag Manager itself is a cookie-less domain and does not process any personal data as it only serves to administer other services in our online offering. The Tag Manager serves to resolve other tags, which in turn may collect data. However, the Tag Manager does not itself access this data. If a deactivation took place at the domain or cookie level, this remains in force for all tracking tags that are implemented with the Tag Manager.
You can find more information on data protection at the following Google websites:
FAQ Google Tag Manager: https://www.google.com/intl/de/tagmanager/faq.html
Google Tag Manager Terms and Conditions: https://www.google.com/intl/de/tagmanager/use-policy.html
In the framework of the hosting of our website, we store all the data that need to be processed for the operation of our website. This is necessary to enable the operation of the website. We therefore process the data on the basis of our legitimate interest in the optimisation of our website offering pursuant to Art. 6 (1) (f) GDPR. To make our online presence available, we utilise the services of Web-hosting providers, to whom we provide the aforementioned data as part of a processing agreement in accordance with Art. 28 GDPR.
When you contact us, the information you provide is used to process your enquiry in order to fulfil pre-contractual rights and obligations in accordance with Art. 6 (1) (b) GDPR. The processing of your data is required to process and reply to your enquiry; otherwise we could not, or not fully, reply to your inquiry. The information ma be stored in a database of customers and interested parties based on our legitimate interest in direct marketing in accordance with Art. 6 (1) (f) GDPR.
We will delete your enquiry and your contact details once your enquiry has been definitively answered, provided that there are no legal retention obligations, e.g. in the framework of a subsequent contract execution. Generally, this is the case when there has been no contact with you for three continuous years.
LinkedIn Conversion Tracking
Our website uses LinkedIn conversion tracking, a Web analysis service provided by the LinkedIn Corporation.
The information collected by the LinkedIn Insight tag about your use of our website is encrypted.
The processing of your data is based on your consent in accordance with Art. 6 (1) (a) GDPR. You may revoke this consent with future effect at any time.
LinkedIn members also have the option of opting out of LinkedIn conversion tracking and of blocking and deleting cookies at https://www.linkedin.com/psettings/advertising/ or deactivating demographic characteristics. LinkedIn's settings do not include a separate opt-out option for third-party impressions or click tracking for campaigns running on LinkedIn, as all campaigns respect the settings of the LinkedIn members.
We use LinkedIn conversion tracking to analyse the use of our website and to be able to regularly improve it. The statistics obtained allow us to improve our offering and make it more interesting to you as a user.
More information from the third-party provider: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA;
http://www.linkedin.com/legal/privacy-policy ; https://www.linkedin.com/help/lms/answer/85787 ; https://www.linkedin.com/help/linkedin/answer/87150/linkedin-marketinglosungen-und-die-datenschutz-grundverordnung-dsgvo-?lang=de ;
LinkedIn has subjected itself to the EU-US Privacy Shield https://www.privacyshield.gov/EU-US-Framework
Server Log Files (Access Data)
For technical reasons, in particular to ensure a functional and secure online presence, we process technically required data regarding accesses to our website, provided automatically by your browser, in so-called server log files.
The access data that we process include:
- name of called-up website
- used browser type incl. version
- operating system used by the visitor
- the site previously visited by the visitor (referrer URL)
- time of server call-up
- transmitted volume of data
- hostname of the accessing device (used IP address, may be anonymised)
These data are not associated with any natural person and are only used for statistical evaluations and for the operation and improvement of our website as well as for the security and optimisation of our online offering. These data are only transmitted to our website operator. The data are not associated or combined with other data sources. If there are grounds to suspect an illegal use of our website, we reserve the right to retrospectively verify these data. The data processing is based on our legitimate interest in the technically error-free representation and the optimisation of our website in accordance with Art. 6 (1) (f) GDPR.
The access data are deleted rapidly once their purpose has expired, usually in a few days, provided that additional retention as evidence is not required. Otherwise, the data are stored until an event is definitively resolved.
You can find out more about this company at www.datareporter.eu. The cookie banner collects and stores the consent to cookie use of the respective users of our website. Our cookie banner ensures that statistics and market research cookies are only set if users have explicitly declared their consent.
Youtube - Videos
Our website uses the "YouTube" service to integrate videos. This service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("YouTube"). A soon as you call up a site with embedded YouTube videos, a connection is established to the servers of YouTube. As part of this process, YouTube is informed of what sites your are visiting.
Insofar as data is to be processed by Google in the USA, we would like to point out that Google is certified under the Privacy Shield agreement and thereby assures that it observes European data protection laws (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). In accordance with Art. 45 GDPR, the transmission of data to the USA is therefore permissible.
If you send us enquiries by e-mail, your information, including the contact details that you provide, are stored by us for the purpose of processing your enquiry and in the event of follow-up questions. We explicitly point out that data transmission via the Internet (e.g. via e-mail) may have security gaps and cannot be completely protected from access by third parties.
The use of the contact details in our imprint or our website to send us advertising is expressly not permitted, unless we have provided the relevant authorisation in writing. All persons named on this website hereby explicitly object to any and all commercial use and disclosure of these data.
III. LEGAL BASIS FOR THE PROCESSING
Pursuant to the data protection regulations applicable in the EU, the processing of your personal data requires a legal foundation. The respective applicable legal foundation depends on which of the specific purposes described above your personal data is processed for.
In certain cases, the collection and processing of your personal data requires your consent. If you grant your consent, you may revoke it at a later time. Please note that the revocation of consent has no effect on the processing that has already taken place.
In other cases, the processing of your personal data may be required to observe applicable laws and regulations or to execute a contract that concerns you.
In yet other cases, the processing of your personal data may be based on our legitimate interest in communicating with you concerning our services.
IV. PRINCIPLES OF THE PROCESSING OF PERSONAL DATA
At Swietelsky, the processing of personal data is based on strict principles that view the protection and the safety of the data and the rights of the data subjects as being of primary importance.
Legality & Transparency: To the best of our knowledge, the data processing conforms to the law.
Specific purpose: The data are collected and processed for clearly defined, legitimate purposes. The data processing does not occur in a way that conflicts with these purposes.
Data minimisation: We only collect and process the data that is strictly required for the stated purposes. When it is possible to achieve the purpose and when the required effort is proportionate, only anonymised data are used.
Storage restriction and deletion: Personal data are deleted as soon as the purpose for which they were originally collected has expired and provided that there is no legal retention period preventing deletion. If in individual cases there is a legitimate interest in these data, they will continue to be stored until the legitimate interest has been legally resolved.
Data security: Personal data are subject to data secrecy. The data are handled confidentially and are protected from unauthorised access, illegal manipulation or disclosure, as well as from loss and destruction, through appropriate organisational and technical measures.
Factual accuracy: Personal data are kept accurate, complete and up to date. Appropriate measures are taken to correct obsolete, incorrect or incomplete data.
V. DATA TRANSMISSION
Personal data are only transmitted to recipients outside the Swietelsky Group and to recipients in countries outside the EU in accordance with applicable laws and when there is a legal basis to do so, and under adherence to the strictest standards of confidentiality and data security. We do not sell or rent any personal information to third parties for their own marketing purposes.
Personal data are transmitted to recipients within the Swietelsky Group to fulfil legal requirements and simplify Group-wide administrative activities. Here too, transmission occurs exclusively in accordance with legal requirements.
The following categories of recipients within the meaning of Art. 13. (1) (e) GDPR exist:
- Group companies of the data controller
- Subcontractors, general contractors, suppliers
- Data processors, insofar as these require the data to provide their respective services
- Authorities, public administrations and institutions
- Notaries, legal and tax advisers, debt collection services and experts, to assert, exercise or defend legal claims
- Auditing firms, to fulfil accounting obligations
- Insurance companies
- Banks and financial institutions or similar facilities
- Courts, to assert, exercise or defend legal claims
- Arbitration bodies
VI. OBLIGATION TO DATA SECRECY
All employees of the Swietelsky Group and all employees of contractual partners are contractually obligated to secrecy and are regularly informed of and trained in the secure handling of personal and other critical data.
VII. DATA SECURITY
The protection of the confidentiality, availability and integrity of data is a primary task of Swietelsky. This applies equally to business secrets, customer data, personal data and other critical information.
For this purpose, technical and organisational measures reflecting the current state of the art and international best practices and security standards have been established and are continuously improved.
VIII. DATA PROTECTION OFFICER
Swietelsky is not obligated to appoint a data protection officer as Article 37, paragraph 1 of the EU's GDPR does not apply. But given the importance that Swietelsky places on data protection, it has decided to voluntarily appoint a data protection officer. The data protection officer can be reached by data subjects and the data protection authority at firstname.lastname@example.org.
IX. RIGHTS OF THE DATA SUBJECTS
You have the right:
- pursuant to Art. 15 GDPR, to request access to your personal data processed by us. In particular, you may request information on the purpose of the processing, the categories of personal data, the categories of recipients of your personal data, the planned length of storage, the existence of a right to correction, deletion, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data, insofar as they were not collected by us, and the existence of any automated decision-making process, including profiling, as well as any relevant information on the details;
- pursuant to Art. 16 GDPR, to request the immediate correction of incorrect data, or the completion of incomplete data, regarding your personal data stored by us;
- pursuant to Art. 17 GDPR, to request the deletion of your personal data stored with us, provided that the processing is not required to exercise the right to freedom of expression and information, to fulfil a legal obligation, is not in the public interest, or is not required to assert, exercise or defend legal claims;
- pursuant to Art. 18 GDPR, to request the restriction of the processing of your personal data, provided that you contest the correctness of the data, the processing is illegal but you reject the deletion of the data, we no longer need the data but you require them to assert, exercise or defend legal claims, or you have objected to the processing pursuant to Art. 21;
- pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in an organised, common and machine-readable format or to request their transmission to another controller;
- pursuant to Art. 21 GDPR, and insofar as your personal data are processed on the basis of our legitimate interest, to object to the processing of your personal data, provided that there are good grounds arising from your specific situation, or the objection is directed at direct marketing. In the latter case, you have a general right to object, which will be implemented by us without the existence of a specific situation.
- pursuant to Art. 7 (3) GDPR, to withdraw the consent you have granted us at any time. As a result, we may no longer carry out the data processing that was based on this consent in the future.
- pursuant to Art. 77 GDPR, to lodge a complaint with a supervisory authority regarding the illegal processing of your data by us. You can generally address your complaint to the supervisory authority in your usual country of residence or of work, or in the country where our headquarters are located.
Every data subject whose data are processed by Swietelsky has the possibility of invoking the above-cited data subject rights and to assert them vis-à-vis Swietelsky at all times. To exercise your data subject rights, you can contact us by e-mail at any time under email@example.com.
The supervisory authority for Swietelsky AG is:
Austrian Data Protection Authority
Tel.: +43 1 52 152-0, firstname.lastname@example.org
X. CONTINUOUS CONTROL AND IMPROVEMENT
At Swietelsky, we place great value in the continuous improvement of quality and processes. We have defined processes to continuously improve quality, as the ISO 9001 certification we have held for many years attests to. The observance of the data protection guidelines and of applicable laws and the effectiveness of the data protection and data security measures is constantly measured and improved with the help of these processes in order to be able to ensure an optimal implementation of the data protection measures.