11 - 2020 Privacy information notice - Austria
Information for our business partners (and potential clients), pursuant to Article 13 of the GDPR
We are a Rubner Holding SpA group company and operate within the European Economic Area (EEA). Together we process the personal data of our customers and suppliers, such as surname, first name(s), telephone numbers, etc., in order to keep in touch with them.
Business relationships and commercial activities of any kind may be established and continued only by providing for the processing of the personal data of the persons involved. Your data will be used in Business to Business (B2B) transactions.
The data controller of all personal data pursuant to the General Data Protection Regulation (GDPR) is Rubner Holzbau GmbH, Rennersdorf 62, A-3200 Ober-Grafendorf.
Data Protection Officer
You may contact our Data Protection Officer (DPO) at email@example.com for clarifications and other information regarding how your personal data is processed. You may also contact him using the contact details above and adding the note "to the Data Protection Officer", so that any requests may be forwarded to him. You may also contact the competent office directly.
Purposes of personal data processing, data categories and legal basis
We store the personal data supplied by you, in connection with our business relationship and / or the start of commercial operations (potential customers) primarily for fulfilling the contracts entered into and / or for performing any pre-contractual measures.
Specifically, this involves the company data supplied to us for the purpose of requesting / preparing offers and orders (replying to requests for clarification / offers, coordinating appointments, invoicing, customer consultancy / customer service and other legal obligations of the data controller), as well as the contact details of our customers, suppliers or business partners. Generally speaking, we collect this data during telephone calls, or when we give or receive business cards and / or send or receive emails.
The legal basis for our data collection, for personal data processing purposes in relation to the performance of contracts, or of pre-contractual measures, is Article 6(1)(b) of the GDPR.
In order to pursue our legitimate interests pursuant to Article 6(1)(f) of the GDPR, contact details are also used for statistical purposes and to optimise our sales and shipping processes. In order to provide an overview of our customer service, improve our products and maintain our contractual relationships, the personal data are stored in a customer database (Customer Relationship Management - CRM).
In accordance with various legal provisions, the Rubner Group companies are subject to additional obligations arising, for example, out of the Commercial Code or the applicable tax laws, in particular, of the tax control and communication obligations, the implementation of compliance checks (regarding the "EU terrorist lists", under the EU regulations 2580/2001 and 881/2002 on specific restrictive measures directed against certain persons and entities with a view to combating terrorism, and the prevention of fraud and money laundering). The legal basis for the collection of data aimed at fulfilling legal obligations is Article 6(1)(c) of the GDPR.
We also use the contact details of our customers, suppliers and partners to transmit information about our products, or to report information events / fairs, or even to conduct customer satisfaction surveys (on a voluntary basis). The data for these purposes are used on the basis of a consent form - The legal basis for data collection is Article 6(1)(a) of the GDPR.
If, in addition to the consent you have already given, you also consent to you data being processed for other purposes to those mentioned here, this agreement shall apply until you withdraw your consent, at any time, in writing, and which we will of course immediately implement in respect of all future activities.
Personal data processing may also be carried out by companies associated with Rubner Holding AG. Your data will be transmitted, by the relevant Rubner Holding AG unit, only to the offices in charge of fulfilling existing contracts, performing pre-contractual commercial relationships and / or protecting our legitimate interests. Specifically, these employees are responsible for handling the requests for offers and the preparation of the offers, and managing orders (distribution, shipping, finance and accounting), purchases and customer service.
Further access to the data is permitted in the case of service providers engaged by us (the so-called "persons in charge of data processing", see Article 28 of the GDPR) and who act on our behalf to maintain and repair our systems, troubleshoot and resolve any failures and ensure computer security. These accesses are regulated by dedicated data processing management agreements, pursuant to the GDPR regulation.
If a specific data storage period has not been established by law and / or if the data storage is no longer necessary, or if there are no longer any legitimate reasons for storing the data, the data shall be deleted. This applies:
- if an order falls through and you do not wish to receive further information, maintain contact and / or give your consent in this respect, or
- if, after the termination of the contract and the completion of the contractual services, there are no legal obligations that require the storage of the data and prevent their cancellation.
The personal data storage obligation may vary between three (3) and thirty (30) years.
The following aspects must be considered:
1. Data subject's rights
According to the GDPR, the data subject has the following rights:
- if your personal data is processed, you are entitled to access the stored data concerning you (Article 15, GDPR);
- in the case of processing of incorrect personal data, you are entitled to request the rectification of the data (Article 16 GDPR);
- if the legal requirements are met, you are entitled to request the erasure or the restriction of processing, and to object to the processing of any personal data concerning you (Articles 17, 18 and 21 GDPR);
- if you have consented to the processing of the data, or if there is a contract for such processing and the processing of the data is carried out using automated means, you are entitled to the portability of the data (Article 20 GDPR).
The data subject also has the right to lodge a complaint with the supervisory authority (Article 77 GDPR).
Austrian data protection authority
Telefon: +43 1 52 152 - 0
If the data subject considers that the processing of personal data relating to him/her infringes the GDPR regulation, he/she has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his/her habitual residence, place of work or place of the alleged infringement.
2. Information on the right to object, pursuant to Article 21 of the General Data Protection Regulation (GDPR)
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on Article 6(1)(f) of the GDPR (data processing based on a balance of interests). The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
3. Collection of personal data when accessing our website
(1) If you use the website solely for information purposes, that is, if you do not sign up or otherwise supply information, we only collect the personal data that your browser sends to our server. If you wish to visit our website, we collect the data that are technically necessary for viewing the website and guaranteeing stability and security (the legal basis is Article 6(1)(f) of the GDPR), more precisely:
- IP address
- date and time of the request
- time difference, with respect to the Greenwich Mean Time (GMT)
- content of the request (concrete page)
- access status / HTTP status code
- quantity of transmitted data
- site from which the request comes
- operating system and related interface
- language and version of the browser software
(2) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are saved on the hard disk and assigned to the browser you are using, and through which certain information returns to the position that sent the cookie in the first place (in this case ourselves). Cookies cannot run programs or transmit viruses to your computer. They only serve the purpose of making the Internet experience easier and more effective.
a) This website makes use of the following types of cookies, whose function and scope are explained below:
- transient cookies (see letter "b")
- persistent cookies (see letter "c").
b) Transient cookies are automatically deleted when the browser is closed. These mainly include session cookies, which save a session ID that allows you to associate different requests from your browser to a shared session. Your computer will then be recognised once you return to our website. Session cookies are deleted when you log out or close the browser.
c) Persistent cookies are automatically deleted after a certain period of time, which may vary depending on the cookie. These cookies may be deleted at any time in the security settings of your browser.
d) You may configure the settings of your browser as you wish and, for example, reject third-party cookies or all cookies. Please note that, in this case, you may not be able to use all the features of this website.
4. Other functions and offers found in our website
(1) In addition to the use of our website for information purposes only, we offer a range of services that you may access if you are interested. To this end, you will normally have to supply additional personal data, which we will use to deliver the relevant service and to which the above data processing principles shall also apply.
(2) We outsource a part of our data processing activities to external service providers, who are carefully selected and engaged by us and who are required to comply with our instructions and are subject to regular checks.
(3) We may also disclose your personal data to third parties in connection with participation in certain actions, prize competitions, contracts or similar services offered by us together with our partners. More information on this will be provided when you supply your personal data; alternatively, you may consult the description of the offer further on.
(4) If our service providers or partners are located outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the offer.
(1) If you so desire you may subscribe to our newsletter, which we use to inform you, from time to time, about our most interesting offers. The advertised products and services are mentioned in the consent form.
(2) To sign up for our newsletter we use the "double opt-in" method, according to which, after registration, we will send you an email, to the specified email address, asking you to confirm your desire to receive the newsletter. If you do not confirm your registration within [24 hours], your data will be blocked and automatically deleted after a month. In addition, we store the IP addresses you use and the dates of registration and confirmation. This method is intended to certify your registration and, if necessary, to identify any possible abuse of your personal data.
(3) Your email address is the only information we need to send you the newsletter. [The supply of any additional specially marked data is optional and will be used to contact you personally]. After confirmation, we will save your email address for sending the newsletter. The legal basis is Article 6(1)(1)(a) of the GDPR.
(4) You may withdraw your consent to the newsletter at any time and cancel the relevant subscription. To withdraw, simply click on the link provided in each newsletter email, [via this website form], by email to [Newsletter@example.com], or by sending a message to the addresses indicated in the imprint.
6. Use of Matomo
For the purpose of searching for and analysing errors, evaluating the use and deriving measures for the future development of our website, we process your data using the local analysis software Matomo, InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand.
As this service is a local analysis tool, no personal data is passed on to the service provider or third parties. In addition, your personal data will be anonymised immediately after collection. There is therefore no storage of personal data beyond the first processing step.
The legal basis for the data processing is the legitimate interest (unconditional technical necessity for the provision and delivery of the "website" service expressly requested by you through your call) in accordance with Art. 6 para. 1 lit. f) DSGVO.
The legal basis for the transmission to New Zealand is the implementing decision of the EU Commission 2013/65/EU.
You have the possibility to prevent that actions you have taken are analysed and linked. This will protect your privacy, but will no longer enable us to learn from your actions and improve usability for you and other users.
7. Integration of YouTube videos
(1) Our online offer includes YouTube videos, which are stored on www.YouTube.com and may be reproduced directly from our website. [These are all integrated into the "extended data protection mode", which means no data about you as a user will be transferred to YouTube if you do not play any videos. Only if the videos are reproduced will the data referred to in paragraph 2 be transmitted, an operation over which we have no control].
(2) By visiting the website YouTube is informed that you have recalled the corresponding sub-page of our website. The data referred to in point 3 of this policy statement will also be transmitted, and this will happen regardless of whether or not YouTube provides a user account to which you connect. If you are logged into Google your data will be assigned directly to your account. If you do not want your profile to be associated with YouTube you must log out before activating the button. YouTube stores your data as user profiles and uses them for promotional purposes, market research and / or to optimise their website according to user needs. This evaluation is carried out in particular (also for users who have not logged in) to provide customised advertising and to inform other social media users about your activities on our website. However, you have the right to object to the creation of these user profiles, to exercise which you must contact YouTube.
(3) Further information on the purpose and scope of the collection and processing of data by YouTube is available in the relevant information notice, in which you will find more information about your rights and the settings available to protect your privacy: www.google.de/intl/de/policies/privacy. Google also processes your personal data in the United States and is subject to the EU-US-Privacy-Shield, www.privacyshield.gov/EU-US-Framework.
8. Integration of Google Maps
(1) Our website uses the Google Maps services, which allow us to display interactive maps directly on the website and to use the map function.
(2) By visiting the website, Google is informed that you have recalled the corresponding sub-page of our website. The data referred to in point 3 of this information notice will also be transmitted, and this will happen regardless of whether or not Google provides a user account to which you connect. If you are logged into Google your data will be assigned directly to your account. If you do not want your profile to be associated with Google you must log out before activating the button. Google stores your data as user profiles and uses them for promotional purposes, market research and / or to optimise their website according to user needs. This evaluation is carried out in particular (also for users who have not logged in) to provide customised advertising and to inform other social media users about your activities on our website. However, you have the right to object to the creation of these user profiles, to exercise which you must contact Google.
9. Job offers and online applications
10. Google Tag Manager
To administer our website and to incorporate cookie-based technologies, we use the Tag Manager service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). Each time you visit one of our websites, your IP address is transmitted to a Google server, which may also be located in the USA. The IP address is not stored by Google as part of the Tag Manager service and is only used to integrate the technologies administered by the Tag Manager. The Tag Manager itself does not set cookies.