Data Protection Declaration of Binder+Co AG

DOWNLOAD
 

1 Introduction

We are making this data protection declaration to inform you of our data protection guidelines; how we record, use and process your personal data and how we meet our legal obligations in relation to this. The protection of your personal data is of particular importance to us and we endeavour to protect and guarantee your data protection rights. We therefore only process your data on the basis of legal provisions (GDPR, Austrian Telecommunications Act 2003).

This data protection declaration is applicable for the personal data of users of our website, applicants, customers, suppliers or partners, with whom we may make contact.

Note: the current status of the data protection declaration is denoted by the indication of the date (below). We reserve the right to amend this data protection declaration at any time with effect for the future. The respective current version can be called up directly from our website. Please search our website regularly and in particular this page to inform yourself of the applicable data protection declaration.

1.1 Terms
Personal data: information through which you can be identified as a person directly or indirectly; “direct” describes, for example, your name, your postal address, your email address and telephone number or a unique device identification; “indirect” describes a combination of other information in order to identify you.

Processing: the term “processing” means any process, with or without the help of an automated process, or any sequence of processes carried out in relation to personal data, such as collection, recording, organisation, filing, saving, amendment or change, reading-off, querying, usage, disclosure by means of sending, distribution or other form of provision, syncing or linking, limitation, deletion or destruction (Art. 4 GDPR).

1.2 Where do we get your personal data?
We get personal data from the following sources:

  • Applicant data: from the applicant themselves, via professional agencies and career portals
  • Customer data: from the customers themselves, from credit institutions
  • Supplier/service provider data: from the suppliers/service providers themselves

1.3 For what purpose is your personal data used?
Your personal data is only used for the following purposes:

  • Acquisition, execution and processing of orders, sales and after-sales
  • Applications
  • Invoicing
  • Cooperation with projects


1.4 As part of which activities is your personal data collected?
Applicant data: we record your personal data as part of the following processes:

  • Application process
  • Speculative applications

Customer data: your personal data is recorded as part of the following procedures:

  • Acquisition
  • Updating the contact database
  • Cooperation with projects
  • Invoicing

Supplier and service provider data: your personal data is recorded as part of the following procedures:

  • Updating the contact database
  • Cooperation with projects
  • Invoicing

1.5 Which types of personal data are recorded?
We process the personal data that we receive from you as part of a business relationship, a visit to our website or an application received from you.

  • Visitors to our website: we do not record any personal data of visitors to our website.
  • Applicants: we must process certain information from you in order to be able to offer optimum, tailor-made employment opportunities to you. We only ask for information with the help of which we can actually help you better, such as name, age, date of birth, contact data, individual details of education and training, previous employment.
  • Customers: if you are a customer of Binder+Co AG, we must record and use information about you or people within your organisation in order to be able to provide services to you.
  • Suppliers/service providers: if you are a supplier or service provider for Binder+Co AG, we must record and use information about you or people within your organisation in order to be able to use your services or to provide services to our customers together.

Depending on the type of respective personal data and the reasons why we are processing it, we may possibly not be able to meet our contractual obligations or, in extreme cases, no longer be able to continue our business relationship if you refuse to provide us this data.

1.6 Which personal information is used in detail?
You want to find out in more detail which details we record about you? The information that we record is described in more detail here. The information below is of course in addition to the personal data that we are legally obliged to process in applicable situations.

Applicant data: depending on the decisive conditions and applicable local laws and regulations, we can record some or all of the information below in order to be able to offer you employment opportunities that are tailored to your situation and interests.

The following information is recorded:

  • Name
  • Address
  • Contact data (email address, telephone numbers, …)
  • Age/date of birth
  • Sex
  • Photo
  • Individual details in relation to education and training
  • School education
  • Previous employment
  • Job references
  • Nationality
  • Additional information that you notify us of

Please note that this is not an exhaustive list of the personal data that we can record.

Customer data or data from suppliers/service providers: we generally need your contact data or the contact data of individual contacts within your organisation (such as your name, telephone numbers and email addresses) in order to guarantee a smooth business relationship.

Further information that is recorded:

  • Name
  • Company form
  • Address
  • Location
  • Email address
  • Telephone number
  • Contact persons
  • Company bank details
  • Company registration number
  • VAT number
  • Short profile
  • Departments/specialist departments
  • Information on creditworthiness

1.7 How is your personal data protected?
The protection of your data is important to us. For this reason, we take suitable measures to prevent unauthorised access to your personal data and the misuse thereof. We save your data in an ERP system, the provider of which also adheres to the requirements of an order processor within the meaning of the GDPR.
 
1.8 How long is your personal data saved?
Applicant data:

  • Applicant data is saved, depending on the duration of the application process, for a maximum of six months. It is deleted again once the selection process has ended – provided deletion does not contravene any other justified interests. Such justified interests in this sense are, for example, an obligation to provide evidence in proceedings under the Austrian Equality Act (Section 15 of the Austrian Equality Act, GLBG). Saving for longer is carried out with your consent.
  • In the event that no employment relationship is entered into, the application is kept for as long as there is a possibility that the application may be of interest, unless being kept on file was agreed in writing.
  • Your applicant data is only collected, processed and used by us and our subsidiaries for the purposes of the applicant selection process and for internal statistics. Your personal data is saved and processed in accordance with applicable data protection provisions.
  • We will save your personal data in our system in order to be able to assign any possible queries and, if applicable, to be able to access earlier applicants if a new vacancy arises.

Customer data:

  • The data is saved on an ongoing basis. The data is retained for as long as there is a business relationship between the two parties. Legally required storage periods are adhered to.

Supplier and service provider data:

  • The data is saved on an ongoing basis. The data is retained for as long as there is a business relationship between the two parties. Legally required storage periods are adhered to.

In general, we always delete or restrict your personal data when the reason to save it is no longer applicable. Furthermore, saving can be carried out if this is envisaged by legal and/or statutory requirements that apply to us; for example, with regard to statutory storage and documentation obligations. In such cases, we delete or restrict your personal data at the end of the corresponding requirements.

1.9 Is your personal data forwarded?
We forward all personal data from your application and, if applicable, all enclosures that you provide in your application, to an internal department or branch. In doing so, only the respective persons in charge of human resources and selected managers of Binder+Co AG have access to your data. Information you have provided is treated with strict confidentiality. Personal data is only forwarded to professional agencies (such as CATRO for example).

Information on creditworthiness is also obtained without express consent, in order to be able to meet our contractual obligations and to be able to maintain our business relationships.

External forwarding of certain customer, supplier or service provider data can take place as part of the following processes, to the companies listed below, however only with your express permission:

  • Subsidiaries
  • Trading and distribution partners
  • Freighters, transport companies, subcontractors and delivery companies
  • Customs authorities
  • Professional agencies (such as CATRO)
  • Other third parties involved as part of projects (subsuppliers, planners, statisticians, etc.)

1.10 Your rights
One of the main objectives of the GDPR is to protect and clarify the data protection rights of EU citizens as well as people within the EU. This means that you continue to have various rights in relation to your data, even if you have already transferred it to us. These rights are described in more detail below.

If you want to contact us in relation to these rights, please get in touch. We will endeavour to respond to your query as soon as possible, in any case within one month (extensions could possibly be applied, for which there is legal provision). Please note that we can record our correspondence in order to better be able to solve the problems you address.

Right to objection: you can object to us processing your personal data on the basis of this law if you do this for one of the following reasons:

  • our justified interests,
  • for statistical purposes.

The above-mentioned “justified interests” category is the category most applicable to the visitors of our website, candidates, customers, suppliers and service providers. If you have objections to us processing your personal data because we consider it necessary for your justified interests, we must stop the corresponding activities due to your objection unless:

  • we can prove that we have overriding justified reasons for the processing that outweigh your interests, or
  • we are processing your data in order to make, exercise or defend a legal claim.

Right to withdraw consent: if you have granted us your consent to process your personal data for certain activities, you can revoke this consent at any time. We shall stop the activity that you previously consented to provided that, in our view, there is no other reason that justifies the further processing of your data for this purpose. We will inform you of this if this is the case.
Application of data subjects for the provision of information about personal data: you can request a confirmation from us at any time about which data in relation to you we have saved, and you can request that we amend, update or delete this information. We can ask you to confirm your identity or to provide more information in relation to your request. If we grant you access to the information in relation to you that we have saved, we shall not levy any fees for this unless your request is “manifestly unfounded or excessive”. If you request further copies of this information from us, we can invoice appropriate administration costs, insofar as legally permitted. We can reject your request if this is legally permitted. We will in all cases provide reasons if we reject your request.

Right to deletion: under certain circumstances, you can demand that we delete your personal data. In general, the information must meet one of the following criteria:

  • The data is no longer required for the purpose for which it was originally recorded and/or processed;
  • You have revoked your consent for us to process your data and there is no other valid reason to continue to process it;
  • The data has been processed unlawfully (i.e. in a manner that contravenes the GDPR);
  • The data must be deleted so that we can fulfil our obligations as the data controller; or
  • You object to processing and we cannot show any overriding justified reasons for further processing by us, if we process the data, for why we consider it necessary for our justified interests.

Right to restriction of processing: under certain circumstances, you can demand that we restrict the processing of your personal data. This means that we will in the future only save your data and not be able to make further processing activities until:

  • One of the conditions stated below is no longer applicable;
  • You grant your consent; or
  • Further processing is necessary to make, exercise or defend legal claims, to protect the rights of other people, or if it is necessary due to justified public interest of the EU or a member state.

Right to correction: you can also demand that we correct incorrect or incomplete data in relation to you that we have saved. If we forward this personal data to third parties, we shall inform them of the correction as soon as this is possible and does not require disproportionate effort. If applicable, we will inform you of the third parties to which we have sent the incorrect or incomplete personal data. If we feel that it is not reasonable to comply with your request, we will explain the reasons for this decision to you.

Right to data portability: if you want, you are entitled to have your data transferred from one controller to another. To this end, we provide you with the data in a common machine-readable format, protected with a password, so that you can transfer your data to another online platform. Alternatively, we can transfer the data for you directly. The right to data portability is applicable for:

  • Personal data that we process in an automated manner (i.e. without human intervention);
  • Personal data that you have provided to us; and
  • Personal data that we process on the basis of your consent or in order to fulfil a contract.

Right to complain to a supervisory authority: you have the right to submit a complaint to the competent local supervisory authority.
If you want to exercise one of these rights or revoke your consent to the processing of your personal data (if your consent constitutes the legal basis for the processing of your personal data), please contact us. Please note that we can keep recordings of your correspondence in order to better solve the problems you address.

You can unsubscribe to notifications or newsletters at any time.

It is important that the personal information saved in relation to you is correct and up-to-date. Please keep us up-to-date if your personal data changes in the period in which we save data.

1.11 Who is responsible for the processing of your personal data on the website?
Binder+Co AG is responsible for the processing of your personal data on the website.

You can contact us for these reasons:

  • If you suspect that your personal data has been misused, lost or accessed without authorisation;
  • To revoke your consent for us to process your personal data (if the consent constitutes the legal basis for processing your personal data);
  • To comment on or make proposals in relation to these data protection guidelines.

Send a letter by post to the following address:
Binder+Co AG
Grazer Straße 19-25
8200 Gleisdorf
Austria


or alternatively, an email to:
datenschutz@binder-co.at

1.12 Is there a data protection officer?
There is no internal data protection officer at Binder+Co AG because this is not legally required for our company. However, there is someone responsible for the issue of data protection, who provides support in all these matters.

2 Use of our website

2.1 Information about your computer
Each time you access our website, we collect the following information about your computer: your computer’s IP address, the query from your browser and the time of this query. The status and amount of data transferred are also recorded a part of this query. We also collect product and version information about the browser and computer operating system used. Furthermore, we record the website from which the access to the online presence came. The other data is saved for a limited time period (a maximum of 26 months).

Our website uses the possibility of IP anonymisation offered by Google Analytics. Your IP address is thus shortened before being sent to Google and thus made anonymous. As a result, only rough localisation is possible. On our behalf, Google will use this information to evaluate your use of the website, to compile reports about website activities and to provide further services to us connected to the use of the website and the internet. The IP address sent by your browser as part of the Google Analytics process is not combined with other data.

The relationship to the web analysis provider is based on a corresponding contract for commissioned data processing with the provider. You can find further information in relation to data protection at Google here: http://www.google.com/intl/en/policies/privacy and https://services.google.com/sitestats/en.html. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org. Google is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

Data processing is carried out on the basis of the legal provisions of Section 96 Paragraph 3 of the Austrian Telecommunications Act (TKG) as well as Article 6 Paragraph 1 (a) (consent) and/or (f) (justified interest) of the GDPR.

2.2 Use of cookies/Google Analytics
For our online presence, we use Google Analytics, a web analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses “cookies”. A “cookie” is a small data file that is saved on your computer’s hard drive. It does not damage your system. We use it to track your activities and to ensure that you can enjoy a pleasant customer experience when visiting our website. We can use the information from cookies to ensure that, the next time you visit, we can present you with options that correspond to your settings. We can also use cookies to analyse data traffic and for advertising purposes.
The information obtained by Google Analytics about your use of this website (including your anonymised IP address and the URLs of the website called up) is sent to Google servers in the USA and saved there. We do not save any data that is collected in connection with Google Analytics.

You can prevent the saving of cookies by means of a corresponding setting in your browser software; however, we would like to point out that the functionality of our website may be restricted when deactivating cookies. Furthermore, you can prevent the recording of the data generated by the cookie in relation to your use of the website (including your IP address) by Google as well as the processing of this data by Google.

With the above protective precautions, the anonymisation of the IP address as well as the possibility to object, we are of the opinion that data processing to optimise our online presence is to be seen as a justified interest in data processing in accordance with Article 6 Paragraph 1 (f) GDPR.

3 Communication with Binder+Co

There are different ways you can contact us, including by means of the contact form on our website, as well as via different social media channels. We will also contact you regularly by means of our newsletter or our email info service.

3.1 Contact form
If you want to use the contact form on our website, you will be asked for personal data such as first name, surname, and email address. We collect and use the data we have collected via the contact form solely for the purpose of being able to respond to your question or issue.

The legal basis for the processing of your data is your consent in accordance with Article 6 Paragraph 1 (a) GDPR. After we have processed the matter, we initially save the data in case of any follow-up queries. Deletion of the data can be requested at any time, otherwise it is deleted after completion of the matter; periods of storage required by law remain unaffected by this.

3.2 Newsletter
You have the possibility to subscribe to our newsletter via our website. To do this, we need your email address and a declaration from you stating that you agree to receive the newsletter.

For registration to our newsletter, we use, if you have not granted us your consent in writing, the double opt-in method, i.e. we will send you a confirmation email as soon as you have registered for the newsletter, with a link to confirm the registration.
When ordering our newsletter, you receive regular information by email on selected topics, as well as emails due to particular events. In doing so, the emails can be personalised and individualised on the basis of information about you.

You can cancel the subscription to the newsletter at any time. At the end of each newsletter, you can find a link to fully unsubscribe from our newsletter. We then immediately delete your data in relation to sending the newsletter.

3.3 Social media channels
You can find links to social networks on our website. You can recognise the links from the respective provider logos.

Clicking on the links opens the corresponding social media sites, for which this data protection declaration is not applicable. You can find individual details on the terms applicable there from the corresponding data protection declaration of the individual provider.

There is no transfer of personal information to the respective provider before the corresponding links are called up. Your call to the linked site is at the same time the basis for data processing by the respective provider.

3.4 Orders and registration for events
Our online presence includes enquiry forms that you can fill out in order to request information about or tickets for events (such as trade fairs). In these forms, personal data such as first name, surname, email address and telephone number are requested in order to answer your query.

4 Consent

Under certain circumstances, we must obtain your consent for the processing of your personal data in relation to certain activities. Depending on precisely what the data is needed for, we obtain this consent explicitly.

Pursuant to Article 4 (11) of the GDPR, consent is “any freely-given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her”. Simply put, it means that:

  • You have to grant us your consent voluntarily, without us exerting any kind of pressure on you;
  • You must know what you are giving consent to – we will therefore ensure that we have informed you sufficiently;
  • You should have control over the processing activities that you consent to or do not consent to. We provide you with this detailed control in our data protection setting centre; and
  • You must grant us your consent in the form of a positive, affirmative action.

We store recordings of the consent that you have granted this way. As already stated, in some cases consent by means of a soft opt-in is sufficient.

As already mentioned, you have the right to revoke your consent to our activities. You can do this at any time.

5 Contact

Binder+Co AG
Grazer Straße 19-25
8200 Gleisdorf, Austria
Tel.: +43 3112 800-0
Fax: +43 3112 800 300
Email: office@binder-co.at
Email: datenschutz@binder-co.at
 
Dated: 7 June 2018

neuer Server