Automation Manufacturing Software

Data protection declaration


Data Privacy Statement Pursuant to Art. 13 and 14 GDPR

Data protection declaration
according to Art. 13 and 14 GDPR

 

Thank you for your interest in data protection at the STIWA Group.

The protection of your personal data is important to the STIWA Group. Therefore, we would like to inform you with this data protection declaration in a transparent manner about the type and scope of the processing of your personal data within the scope of:

 

The legal basis for the processing of your personal data is particularly the General Data Protection Regulation (GDPR) or, in our case, STIWA Holding GmbH as website operator, the Austrian Data Protection Act (DSG).

Your personal data is processed exclusively within the framework of the legal requirements for the legally permissible purposes described in section C [link to section C]. Your personal data will only be passed on to third parties if you have consented to this or if another legal basis authorizes us to pass on the data. You will find more detailed information regarding this in the following sections of our data protection declaration. 

We also use external service providers to provide and secure our website, our technical infrastructure, our offers and services. These are contractually obligated and process your personal data only on our instructions. This ensures that the protection of your personal data is also guaranteed by appropriate technical measures.

If your personal data is also processed outside the European Union or the European Economic Area, this processing only takes place if the EU Commission has determined an adequate level of data protection in this third country or if the processor in the third country is bound by standard contractual clauses (SCCs).

Furthermore, we take all technical and organizational measures to protect your personal data from loss, unauthorized access or abuse.

The Controller within the meaning of Article 4 No. 7 of the European General Data Protection Regulation for the STIWA Group website is:

STIWA Holding GmbH
Salzburger Straße 52
4800 Attnang-Puchheim
Austria

Phone: +43 7674 6030
E-mail: office@stiwa.com

If you get in touch with a contact person of one of our subsidiaries directly - in case of general questions about products or services, pre-contractual measures or in the context of support requests - the respective STIWA company is responsible for the processing of your personal data.

If, for example, you are interested in one of our products or services and use our general contact options (office@stiwa.com, our contact form or Quick Contact), your request will be forwarded to the correct contact person. In this case, there is a joint controllership according to Article 26 of the GDPR. 

If we have aroused your interest as a future employer and you access our career portal to send us your application documents, your documents will be forwarded to the relevant STIWA Group company of the branches in the EU/EEA. In the context of our Corporate Services, this case also involves a joint controllership pursuant to Article 26 of the European General Data Protection Regulation.

Note: If you apply for a vacancy or a training position at STICHT Technologie GmbH in Germany, this company is responsible for the processing of your personal data in this context. You can find more information on this in section C - point 5 of this data protection declaration. In the case of an application to STIWA US Inc., the responsibility for the processing of your personal data lies there.

Austria

  • STIWA AMS GmbH
  • STIWA Automation GmbH
  • STIWA Advanced Products GmbH
  • STIWA Services FlexCo
  • STICHT Technologie GmbH
  • XeelTech GmbH

United States of Amerika

  • STIWA US Inc.

You can find more information about our locations here: Locations - STIWA.

Germany

  • STIWA Deutschland GmbH
  • STICHT Technologie GmbH

Mainland China

  • STIWA (Nantong) Automation Machinery Production Co., Ltd

If you have any questions regarding data protection or require to exercise your rights, please contact us via datenschutz@stiwa.com.

If you believe that the processing of your personal data by STIWA Group is not lawful, you can lodge a complaint with any data protection supervisory authority.

The competent supervisory authority for the Austrian companies of the STIWA Group pursuant to Art. 55f GDPR is:

Austrian supervisory authority

Barichgasse 40-42, 1030 Vienna; Phone: +43 1 52 152-0;

Contact (dsb.gv.at)

The competent supervisory authority for the subsidiary STIWA Deutschland GmbH pursuant to Art. 55f GDPR is:

 

Supervisory authority Nordrhein-Westfalen

Postbox 20 04 44, 40102 Düsseldorf; Phone: +49 211/38424-0, Fax: +49 211/38424-999;

Contakt (nrw.de)

 

The competent supervisory authority for the subsidiary STIWA Technologie GmbH (DE) pursuant to Art. 55f GDPR is:

Supervisory authority Hessen

Postbox 3163, 65021 Wiesbaden; Phone: +49 611 1408 – 0, Fax: +49 611 1408 - 900 / 901,

Contakt (hessen.de)

 

In accordance with Article 15 of the GDPR, you have the right to obtain information free of charge at any time about your personal data processed by the relevant company of the STIWA Group.

Apart from the right of access, you have the right of rectification (Art. 16 GDPR), erasure (Art. 17 GDPR) or restriction of processing (Art. 18 GDPR), which you can assert against the relevant company of the STIWA Group. In addition, you also have the right to data portability (Art. 20 GDPR).

If your personal data was processed on the basis of your consent (Art. 6 (1) a GDPR) by a respective company of the STIWA Group, you have the right to withdraw your consent for the future at any time without giving reasons. This also applies to the withdrawal of declarations of consent that you gave to the STIWA Group before May 25, 2018. Please bear in mind that if you withdraw your consent, we will restricted store your consent in connection with one necessary identity feature for three years in accordance with the statutory documentation obligation (Art. 5 (2) GDPR).

If you have given your consent when visiting our website to the processing of your personal data in connection with our embedded cookies that are not necessary, you can withdraw your consent at any time for the future by "removing the set check mark" and "saving". Please use the following link:

If the processing of your personal data takes place on the basis of the legitimate interests (Art. 6 (1) f GDPR), you have the right to object on grounds relating to your particular situation. This also includes profiling pursuant to Article 4 No. 4 GDPR, whereby no profiling takes place.

If you exercise your right to object, STIWA Group will no longer process your personal data unless it can demonstrate either compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

If the processing of your personal data is in connection with direct marketing purposes, you may object to this at any time; this also applies to any profiling in connection with direct marketing purposes.

In the event of objection, personal data will no longer be processed for this purpose.

You can send your objection at any time without formalities with the subject "Objection", your withdrawal with the subject "Withdrawal" stating your name or other identification to:

STIWA Holding GmbH

Salzburger Straße 52

4800 Attnang-Puchheim

Austria

E-mail: datenschutz@stiwa.com

 

Please also address your requests regarding the other rights to which you are entitled as a data subject under the General Data Protection Regulation (right of access, rectification, erasure, restriction of processing and data portability) to the contact option listed here.

If there is any recourse on your part to the rights of data subjects and we have doubts about your identity, we will resort to our right to request further information from you in order to be able to identify you clearly.

This measure is important so that your personal data is not transferred to unauthorized third parties or, under certain circumstances, altered or deleted at their request.

In this context, you will receive a separate duty to inform according to Art. 13 GDPR. 

In addition to the rights already mentioned above, if you believe that the processing of your personal data violates the law, you may also contact the supervisory authority in your country of residence or the controller of your personal data (Article 77 of the GDPR). The competent supervisory authority for the respective companies of the STIWA Group can be found under section A.

If you merely visit our website without using our contact options, for example, the following personal data stored in server log files is processed by us:

  • Call-up of the website including path
  • IP address
  • Referrer URL (page from which the file was requested)
  • Date and time of the call of our website
  • Browser data
  • Information about your operating system
  • Access status and amount of data transferred

The processing of personal data takes place for the purpose of:

  • Ensuring a smooth connection setup of the website,
  • Ensuring the smooth use of our website and
  • Evaluation of system security and stability

Legal basis:

The processing of your personal data is neither contractually nor legally required, but is based on the legal basis of legitimate interest pursuant to Art. 6 para. lit. f GDPR. Without the processing of the above-mentioned personal data, a smooth presentation or stability and functionality of our website, furthermore the maintenance of system security can be guaranteed and misuse can be prevented. 

Recipient:

A transfer to third parties does not take place unless you have given your express consent. We use an IT service provider for the maintenance and operation of our website. We have concluded an data processing agreement with this service provider, which obliges it to comply with legal requirements.

Data retention:

The above-mentioned personal data is stored for a period of 12 months and - unless a security-relevant event occurs (e.g. a DDos attack) - is then irrevocably deleted. In the event of such an event, the data is stored until the security-relevant event has been fully clarified and mitigated or eliminated.

Your data subject rights:

In the case of legitimate interest, you have the right of objection at any time in accordance with Art. 21 GDPR. For more information, please refer to section B.

Cookies are small data sets that are created during your visit to our website, stored temporarily on your system and kept ready for later retrieval. If the server of our website is called up again by your visit, your browser sends the previously transmitted cookie back to the server and can, for example, evaluate information obtained through this procedure.

Within the scope of the use of cookies, navigation on our website can be facilitated in particular.

In the cookies we use, we distinguish between

  • Technically essential cookies
  • Technically non-essential cookies
    • Analysis and statistics
    • Third-party content

More detailed information about the cookies we use can be found in the next sections.

The following technically necessary cookies are implemented on our part:

Name

Purpose

Functional duration

siwa-cb

Provision of the cookie bar

365 days

STIWA Holding GmbH uses the following free web analysis tool on its website

Piwik Pro Core

The use of this tool by our processor (Piwik PRO GmbH Kurfürstendamm 21, 10719 Berlin, Germany), with whom we have concluded a data processing agreement in accordance with Art. 28 GDPR, obliging him to comply with data protection requirements, is done to analyze statistics about visitors to our website as well as their behavior (profiling), with the aim of continuously improving our website and making content clearer and more accessible.

Note: For more information about Piwik, please see: Piwik PRO privacy policy

Here you will find an overview of the cookies located in this context, their exact purpose, as well as the function / storage period:

Name

Purpose

Functional duration

_pk_id.<websiteID>.<domainHash>

Collects statistics about the user's visits to the website, such as the number of visits, average time spent on the website, and which pages were read.

13 month

_pk_ses.<websiteID>.<domainHash>

Saves custom settings made while in the application

30 minutes

STG Traffic Source Priority

Stores where (Google, Bing, campaign, ...) the user comes from

30 minutes

STG Last Interaction

Indicates whether the user's last session is still active or a new session has started.

365 days

STG Returning Visitors

Indicates whether the user has used the application before. Recurring user.

365 days

 

In the course of using this web analysis tool, the following personal data are processed:

  • IP address
  • Date and time of the request
  • Clicked and downloaded files
  • Screen resolution
  • Browser information
  • Browser language
  • Time zone
  • Color depth
  • Browser plugins (JavaScript, FlashPlayer, Java, Silverlight, Adobe Acrobat Reader, etc.)
  • Source (e.g. other website) from which you linked to the page
  • Time of the first and previous visit
  • Number of times a user has visited the site

 

Legal basis:

The legal basis for the processing of your personal data is your consent pursuant to Art. 6 (1) lit. a GDPR. However, we would like to point out that in the event that consent is not granted, it may not be possible to use all the functions of our website.

Storage period:

The storage period of your personal data can be found above under "Functional duration". However, if you withdraw your consent to the processing of your personal data in advance, your personal data will be deleted immediately.

Recipients:

Your personal data will not be transferred to third parties unless you have given your express consent to do so. For the maintenance and operation of our website, we use an IT service provider. An order processing contract has been concluded with them, which obliges you to comply with data protection requirements.

Your data protection rights:

In case of your consent, you have the right of withdrawal according to Art. 7(3) GDPR. For more information on this, but also on the other rights you have, please see section B.

Note: You can give your consent yourself at any time via use of our cookie mask. You can find this under section B.

Depending on which browser is used, the management of the cookie settings is different. A description of how you can delete the cookies stored on your end device, for example, can be found in the corresponding FAQs of the browser.

Here you will find an overview of the most common browsers and the corresponding link that will take you to the relevant FAQs.

Google Maps

If you plan to visit us in person, we would like to offer you the possibility via Google Maps that you can find us quickly and easily and reach us by your means of transport.

Google Maps is an Internet map service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland - hereinafter referred to as Google - which you can use to view locations of the STIWA Group, among others, online via a terminal device (PC, laptop, cell phone). By using Google my Business, you can also obtain further information about us, and you can also use Google Maps to display your route to us.

If you wish to make use of this offer, personal data will be transferred to Google and generally processed by them as an independent controller within the meaning of Art. 4 No. 7 GDPR. However, we cannot (technically) exclude that in the context of the use of Google Maps search services, which may be used by Google, requires a processing of your IP address from our systems. However, these are usually deleted 14 days after use.

Note: We would like to point out that the use of Google Maps is based exclusively on your consent.

You can find more information about data protection and the terms of use for Google Maps here:

Nähere Informationen zum Thema Datenschutz und den Nutzungsbedingungen zu Google Maps finden Sie hier: Privacy Policy – Privacy & Terms – Google

 

Vimeo

In order to present the STIWA Group to the outside world, to provide information about our services and products, and to provide you with the best possible content, we at STIWA Holding GmbH have also integrated videos on our website. The videos are stored via URL.

We use the service provider Vimeo.com, Inc. (330 West 34th Street, 5th Floor New York, New York 10001, USA).

If you are interested in viewing a video and have previously given your consent to do so, your browser will establish a direct connection to the Vimeo servers. Subsequently, the content of Vimeo is transmitted directly to your browser. Through this integration, Vimeo receives the information that your browser has called up the corresponding page of our website. It is irrelevant whether you have an account with Vimeo or not. In the course of the visit to Vimeo as the responsible party, there is also the use of cookies that collect personal data. Such collection of data may also occur for visitors to the Vimeo site who are not logged in or registered with Vimeo.

Further information regarding the processing of your personal data by Vimeo can be found on their privacy policy: Vimeo Privacy Policy.

We would like to expressly point out to you

  • that in this context a transfer to a third country (United States of America) takes place,
  • that we, STIWA Holding GmbH, are not responsible for the processing of your personal data and that we cannot influence this. As a rule, these are your IP address, technical information about your browser type, your operating system, or basic device information or session duration and
  • that, if you already have an account with Vimeo, additional personal data may be processed by Vimeo.

The legal basis - as already mentioned above - is your consent pursuant to Art. 6 (1) lit. a GDPR. This consent is also obtained prior to retrieving the video, unless you have already consented during your first visit to our website. If you do not consent, it will not be possible to play the video.

We at STIWA Holding GmbH do not process any personal data from you in this context.

If you are interested in one of our products or services or have questions about a product you have already purchased and contact your STIWA Group contact person directly, the respective STIWA Group company to which your inquiry is directed is the controller within the meaning of the GDPR.

Note: This also applies to the processing of your personal data in the context of the personal presentation of your business card; e.g. at trade fairs or events.

If, for example, you use our general contact options (e-mail office@stiwa.com, our contact form or Quick Contact) in the event that you are interested in one of our products or services, your request will be forwarded to the correct contact person by STIWA Holding GmbH accordingly. In this case, there is a joint responsibility according to Article 26 of the European Data Protection Regulation.  The STIWA companies involved in this process have determined by means of an agreement which responsible party within the meaning of the EU Data Protection Regulation fulfills which obligations under data protection law. Upon request of the data subject, the essential content of this agreement can be made available.

The following personal data will be processed by us when you contact us:

  • Name, first name
  • E-mail address
  • Content of your message to us
  • Availability by telephone (optional)
  • Other information that you provide to us, e.g. by handing over your business card (title, function, company name, company address)

The processing of the above personal data is carried out for the following purposes:

  • Enabling contact
  • Communication; among other things, to process inquiries, to prepare quotations and to process contracts or to provide technical information on products and services of the STIWA Group.

Legal basis:

The legal basis for the processing of your personal data in the context of a mere contact without an offer being made or a contract being concluded is your consent pursuant to Art. 6 (1) lit. a GDPR. In principle, it is not necessary to provide your personal data, however, we cannot process your request if it is not provided.

If your inquiry results in a quotation or even the conclusion of a contract between you and a company of the STIWA Group, the processing of your personal data is based on the legal basis of pre-contractual measures pursuant to Art. 6 para. 1 lit. b GDPR or, in the case of the provision of information, if you have already concluded a contract with us, on our legitimate interest with regard to contractual obligations pursuant to Art. 6 para. 1 lit. f GDPR and is therefore necessary.

Insofar as legal obligations are also to be fulfilled on our part (including commercial or tax regulations), the processing of your personal data on the basis of legal requirements pursuant to art. 6 para. 1 lit. c GDPR also comes into consideration and is necessary in this case.

Data retention:

If there is only an interest on your part, but it does not come to an offer or the conclusion of a contract, the data will be deleted after the purpose ceases to apply or, if you have not already revoked your consent in advance, after two years, unless you have consented to a longer record keeping.

In the case of an offer or the conclusion of a contract, we are obliged to store your data for a limited period of time after the purpose no longer applies due to legal retention periods. Legal retention periods may arise, for example, from commercial and tax retention obligations (up to 7 years in Austria and 10 years in Germany).

 

Recipients:

  • Internally (within the STIWA Group); on an ad hoc basis if this is necessary to achieve one of the purposes listed above. Please note here that in this case, data transfer to our subsidiaries in a third country (United States of America / China) may also take place on an occasion-related basis. A third country transfer is only permitted if suitable guarantees are in place to protect your personal data. For this reason, we have recourse to standard contractual clauses of the European Commission: ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en
  • IT service providers, insofar as these would have to be used on an ad hoc basis within the scope of the maintenance and support of our data processing equipment. Appropriate contracts (data processing agreement or, in the case of a third country transfer, standard contractual clauses of the EU Commission) have been concluded with these service providers, obliging them to comply with legal requirements.
  • Third parties (courts, tax authorities, supervisory authorities), insofar as this is legally permissible and necessary to comply with applicable law or to assert, exercise or defend legal claims.

Your data protection rights:

In the case of legitimate interest, you have the right to object at any time in accordance with Art. 21, and in connection with your consent, the right of withdrawal in accordance with Art. 7 (3) GDPR. For more information on this, but also on the other rights you have, please see section B.

When you download our application, we collect the following personal information, which is stored in server log files:

  • Username
  • E-mail address

Personal information is processed for the following purposes:

  • To ensure a smooth connection to the application and

  • To ensure the smooth use of our application

Legal basis:

The processing of your personal data is neither contractually nor legally required, but is based on the legal basis of legitimate interest pursuant to Art. 6 (f) GDPR. Without the processing of the aforementioned personal data, the smooth display, stability and functionality of our app, the maintenance of system security and the prevention of misuse cannot be guaranteed.

Recipients:

Data will not be disclosed to third parties unless you have given your express consent. We use an IT service provider for the maintenance and operation of our App. We have a contract with this service provider that requires them to comply with the law.

Your data protection rights:

In the case of legitimate interest, you have the right of objection at any time in accordance with Art. 21 GDPR. For more information, please refer to ​​​​​​​section B.

The STIWA Group company with which you have a business relationship is responsible for the processing of personal data.

However, if, for example, more than one STIWA Group company is processing data within the scope of a project and there is joint controllership pursuant to Art. 26 GDPR, the STIWA companies involved have entered into an agreement to determine which data controller within the meaning of the GDPR  fulfills which data protection obligations. Upon request of the data subject, the essential content of this agreement can be made available.

The following personal data is processed in this context:

  • First name, last name
  • E-Mail adress
  • Telephone
  • Title
  • Position
  • Company affiliation
  • Abbreviation
  • User name in accordance with our service portal including password
  • Date and time
  • IP address
  • Browser data
  • Information about your operating system
  • Access status and amount of data transferred
  • Information regarding the incident / issue
  • Information / data for the collection of statistics / evaluations
  • Health data and social security number, insofar as these must inevitably be processed in the course of troubleshooting in the area of laboratory automation

The processing of the above personal data is carried out for the following purposes:

Planning, implementation and administration of (contractual) business relations; among other things, for processing incidents, technical and organizational support and maintenance, furthermore for inspection, handling of repairs / complaints, preparation of statistics and administration of evaluations.

Legal basis:

The processing of your personal data for the above-mentioned purposes is based on our legitimate interest pursuant to Art. 6 (1) lit. f GDPR (here: fulfillment of contractual obligations) and is therefore necessary.

Insofar as we are also required to fulfill legal obligations (including commercial or tax regulations), the processing of your personal data on the basis of legal requirements pursuant to Art. 6 (1) c GDPR also comes into consideration and is necessary in this case.

In principle, we do not collect any health data from you. However, if this sensitive data is processed in the area of laboratory automation for the purpose of troubleshooting a data processing device, this is based on the legal basis pursuant to Art. 9 (2) h GDPR.

Data retention:

Your personal data will be deleted immediately after the purpose ceases to apply, unless you object in advance to the processing of your personal data based on legitimate interest (Article 21(1) GDPR) or any legal claims or statutory retention periods prevent deletion. Legal retention periods may result, for example, from retention obligations under commercial and tax law (up to 7 years in Austria and 10 years in Germany).

Recipients:

  • Internally (within the STIWA Group); on an ad hoc basis if this is necessary to achieve one of the purposes listed above. Please note that in this case, data may also be transferred to our subsidiaries in a third country (United States of America / China). A third country transfer is only permitted if suitable guarantees are in place to protect your personal data. For this reason, we have recourse to standard contractual clauses of the European Commission: ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en
  • IT service providers, insofar as these would have to be used for the maintenance and support of our data processing equipment on an ad hoc basis. Appropriate contracts (data processing agreement or, in the case of a third country transfer, standard contractual clauses of the EU Commission) have been concluded with these service providers, obliging them to comply with legal requirements.
  • Third parties (courts, tax authorities, supervisory authorities), insofar as this is legally permissible and necessary to comply with applicable law or to assert, exercise or defend legal claims.

Your data protection rights:

In the case of legitimate interest, you have the right to object at any time in accordance with Art. 21. For more information on this, but also on the other rights you have, see section B.

If you are interested in one of our training courses or if there is a need for instruction in connection with the purchase of one of our products, you can register at any time for the training course that is right for you.

The processing of personal data is carried out by STIWA Automation GmbHSTIWA AMS GmbHSTIWA Deutschland GmbHSTIWA US Inc. and STIWA Nantong Automation Machinery Production Co., Ltd, which classify themselves as joint controllers in accordance with Article 26 of the GDPR. The STIWA companies listed here have stipulated on the basis of an agreement which controller within the meaning of the EU Data Protection Regulation fulfills which obligations under data protection law. Upon request of the data subject, the essential content of this agreement can be made available.

In this context, the following personal data are processed:

  • Gender
  • Last name, first name
  • E-mail address
  • Title (optional)
  • Telephone availability (optional)
  • Company (optional)
  • Address (optional)
  • Information from remarks (optional)
  • Information about qualification

The processing of the above personal data is carried out for the following purposes:

  • Registration and organization to / of training courses and/or events
  • Issuance of a certificate to the training participants.

Legal basis:

The processing of your personal data in connection with registration and organization is based on the legal basis of your consent pursuant to Art. 6 para. 1 lit. a. GDPR, the issuance of a certificate based on the legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR (proof / documentation of qualification).

Storage period:

Personal data that we process for the above-mentioned purposes will be stored for the duration of the business relationship after the purpose has ceased to apply - provided that no legal retention periods or any legal claims oppose deletion or you already make use of withdrawal in advance - and subsequently deleted.

Recipient:

  • Internally (within the STIWA Group); on an ad hoc basis if this is necessary to achieve the above-mentioned purposes; e.g., the involvement of additional specialist personnel for training.  Please note that in this case, data may also be transferred to our subsidiaries in a third country (United States of America / China) on an ad hoc basis. A third country transfer is only permitted if suitable guarantees are in place to protect your personal data. For this reason, we have recourse to standard contractual clauses of the European Commission: ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en.
  • IT service providers, insofar as they have to be used for maintenance and support of our data processing equipment on an ad hoc basis. We have concluded order processing agreements with these service providers, which obligate them to comply with legal requirements.
  • Third parties (courts, auditors) insofar as this is required by law or you have given your consent to this.

Your data protection rights:

For more information on your withdrawal pursuant to Art. 7(3) GDPR, but also on the other rights you have, please see section B.

If you would like to learn more about our products and services and decide to subscribe to our software newsletter, STIWA AMS GmbH processes the following personal data:

  • E-mail address
  • Name, first name, title (optional)

Note: In connection with our newsletter, in order to be able to check whether the registration is really made by you, we use the double opt-in procedure for online registration. Following your registration for our newsletter, you will receive an e-mail for renewed confirmation.

In the context of the double opt-in procedure, the following data is also processed:

  • Place, date and time of registration
  • IP address
  • E-mail address
  • Name, first name, if you have also provided this on a purely voluntary basis.

Your personal data is processed for the following purpose:

  • Dispatch of the software newsletter
  • Execution of the double opt-in procedure

 

Legal basis:

The legal basis for the processing of your personal data is your consent in accordance with Art. 6 (1) lit. a GDPR and is generally not required. However, failure to provide your personal data would mean that we would not be able to send you information about products and services. The processing of your personal data in the context of the double opt-in procedure is based on the legal basis of GDPR Art. 5 para. 2. Profiling does not take place.

 

Retention period:

Your personal data will already be deleted after withdrawal of your voluntarily given consent - provided that there are no legal retention periods or any legal claims.

Note: Please bear in mind that, for technical reasons, it may take a few hours until the unsubscription from the newsletter is executed, so in a few exceptional cases a dispatch will take place during this period.

Recipient:

  • IT service provider that we use to send the newsletter. A data processing agreement has been concluded with this service provider, which obligates it to comply with legal requirements.
  • Third parties; insofar as we are legally obliged to do so or you have given your express consent.

Your data protection rights:

In connection with your consent, you have the right of revocation in accordance with Article 7 (3) GDPR. For more information on this, but also on the other rights you have, see section B.

In the context of meetings, the STIWA Group also uses virtual means of communication (Microsoft Teams web conference), in which your voice is transmitted via microphone and, if necessary, your image is also transmitted via webcam to all other meeting participants (hereinafter referred to as "online meetings"). For this purpose, we use service providers with whom - if necessary - corresponding data protection agreements have been concluded.

The respective company of the STIWA Group with which you hold a virtual meeting is responsible for processing your personal data.

We would also like to point out that the type or amount of personal data that is processed depends, on the one hand, on the functional scope of the video conferencing system itself and, on the other hand, on you as a user or meeting participant, i.e. which data you provide.

The following personal data may be processed:

  • Display name
  • E-mail address
  • Status (optional)
  • Status messages (optional)
  • Profile picture (optional)
  • Language
  • Date and time
  • Duration of the meeting
  • Meeting ID
  • Log files
  • Phone number - event related
  • Location data - event-related
  • Text, audio, video and other multimedia data
  • Audio or video recordings
  • Shared content (including links, documents)

Note: During a videoconference, data from the microphone, a webcam, or a screen display of your end device (using the screen/content sharing function) is processed for the display of video signals, the playback of audio signals, and multimedia data; e.g., if you are giving a presentation. The meeting participant can switch the microphone and / or the camera on and off independently at his end device at any time; furthermore, the screen / content sharing function must also be actively activated and terminated by the user. In addition, the user may also have recourse to the chat function.

Your personal data is processed for the following purpose:

  • Ensuring frictionless communication and conducting telephone conferences, online meetings, video conferences, training courses and webinars ("online meetings").
  • Documentation and for logging (audio and/or video recording) of, among other things, questions to be clarified or results during the online meeting or for training purposes, in order to also train persons who could not participate in the online meeting afterwards or for self-study.

Legal basis:

The legal basis for the processing of your personal data is the legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. The legitimate interest here lies, among other things, in ensuring functionality, frictionless communication and the conduct of online meetings with our business partners in further contractual obligations.

The processing of your personal data in the context of recordings is based on the legal basis of your consent pursuant to Art. 6 (1) lit. a GDPR. If a recording is planned, we will inform you of this in a transparent manner and obtain your consent in advance.

Data retention:

Your user data will be stored by us as long as, for example, a business relationship with you exists and subsequently no legal retention periods or any legal claims oppose deletion.

Meeting data and text, audio or video data, if no recording took place but there was processing apart from this, are automatically deleted after 90 days following the end of the online meeting.

If a recording of the online meeting took place for which you have given your consent, we store this data after the end of the online meeting until the purpose no longer applies and delete it afterwards, unless there are legal retention periods or any legal claims or you have revoked your consent in advance.

Automated decision-making pursuant to Art. 22 GDPR is not used.

Recipients:

Internally within the STIWA Group, on an ad hoc basis if this is necessary to achieve one of the purposes listed above and you have given your consent. Please note that in this case, data will also be transferred to our subsidiaries in a third country (United States of America / China). A third country transfer is only permitted if suitable guarantees are in place to protect your personal data. For this reason, we have recourse to standard contractual clauses of the European Commission: Standard contractual clauses for international transfers (europa.eu).

IT service providers who may be required to conduct online meetings or to maintain and support the data processing equipment used here. Corresponding data protection agreements have been concluded with these service providers, obliging them to comply with legal requirements.

Third parties; (e.g. external participants, courts), if we are legally obliged to do so or you have given your express consent.

Note: Within our technical capabilities, we have limited the storage locations to data centers within the EU/EEA. Thus, the processing of your personal data does not take place outside the borders of the EU/EEA. However, we cannot technically completely rule out routing or storage on servers outside the European Union at the processor Microsoft.

Note / information in line with the use of Microsoft Teams ("MS Teams"):

Should you call up the corresponding Microsoft website (https://teams.microsoft.com/) to download the necessary MS Teams software, "Microsoft" is responsible for data processing. The call of this website is only necessary for the download, if a use should/cannot be made directly and without a download via an Internet browser.

"Microsoft Teams" is a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, United States of America.

The use of MS-Teams is generally subject to the usage and data protection provisions of "Microsoft", over which the STIWA Group itself has no influence. If MS-Teams is used, the user must accept the terms of use and data protection of "Microsoft". If this is not done, the use of MS-Teams is not possible.

The data protection regulations of Microsoft can be found here: https://privacy.microsoft.com/en-us/privacystatement

The terms of use can be found here: https://www.microsoft.com/en/servicesagreement/

Furthermore, you can find further information on the subject of online services from Microsoft here: https://www.microsoft.com/en-us/trust-center/privacy/.

Microsoft Corporation, as one of our IT service providers, receives personal data from the above-mentioned in the context of Online Meeting, insofar as this is provided for in our order processing agreement with Microsoft. With the help of the concluded order processing, on the basis of EU standard contractual clauses, Microsoft is obliged to comply with the legal requirements of the applicable data protection law. A current version can be found at the following link: Licensing Documents (microsoft.com).

Your Privacy Rights:

In the case of legitimate interest, you have the right to object at any time in accordance with Art. 21, and in connection with your consent, the right of revocation in accordance with Art. 7 (3) GDPR. For more information on this, but also on the other rights you have, please see section B.

In the context of ever newer technologies that enable us to work even more effectively and efficiently in order to meet the requirements of our customers at best, we also use, among other things, the HoloLens2 from Microsoft in conjunction with MS Teams. This may involve the processing of personal data in the course of assembly or maintenance activities at your site, among other things.

The respective company of the STIWA Group that uses HoloLens2 is always responsible for the processing of your personal data.

In this context, the following additional personal data may be processed in addition to the personal data already listed under Section C - Item 3.3:

  • Sensor data, including the respective location via GPS or WLAN.
  • Biometric data, if applicable, insofar as your iris is stored in the system and used for activation.

Your personal data is processed for the following purpose:

  • Facilitation or improvement of the employee's activities, including in the context of instructions via data glasses during maintenance work, fault analysis without the need for physical presence at the customer's site or training / instruction. 
  • Making operational processes more effective.

Legal basis:

The legal basis for the processing of your personal data is the legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. The legitimate interest in this case lies, among other things, in ensuring functionality and a cost-efficient implementation of contractual obligations in the context of maintenance or repair work.

The legal basis for the processing of your personal data in the context of audio or video recordings is your freely given consent pursuant to Art. 6 para. 1 lit. a GDPR, if your iris is processed to activate the terminal device, your express consent pursuant to Art. 9 para. 2 lit. a GDPR.

Storage period:

Your user data will be stored by us as long as, for example, a business relationship with you exists and subsequently no legal retention periods or any legal claims oppose deletion.

Meeting data and text, audio or video data, if no recording took place but there was processing apart from this, are automatically deleted after 90 days following the end of the online meeting.

If a recording of the online meeting took place for which you have given your consent, we store this data after the end of the online meeting until the purpose no longer applies and delete it afterwards, unless there are legal retention periods or any legal claims or you have revoked your consent in advance.

Automated decision-making pursuant to Art. 22 GDPR is not used.

Recipients:

  • Internally within the STIWA Group, on an ad hoc basis if this is necessary to achieve one of the purposes listed above and you have given your consent. Please note that in this case, data will also be transferred to our subsidiaries in a third country (United States of America / China). A third country transfer is only permitted if suitable guarantees are in place to protect your personal data. For this reason, we have recourse to standard contractual clauses of the European Commission: Standard contractual clauses for international transfers (europa.eu)
  • IT service providers who may be required to conduct online meetings or to maintain and support the data processing equipment used here. Corresponding data protection agreements have been concluded with these service providers, obliging them to comply with legal requirements.
  • Third parties; (e.g. external participants, courts), if we are legally obliged to do so or you have given your express consent.

Note: Within our technical capabilities, we have limited the storage locations to data centers within the EU/EEA. Thus, the processing of your personal data does not take place outside the borders of the EU/EEA. However, we cannot technically completely rule out routing or storage on servers outside the European Union at the processor Microsoft.

Note / information in line with the use of MS HoloLens2.

The data protection regulations of Microsoft can be found here: https://privacy.microsoft.com/en-us/privacystatement

The terms of use can be found here: https://www.microsoft.com/en/servicesagreement/

Furthermore, you can find more detailed information about HoloLens2 from Microsoft here: HoloLens 2 Privacy | Microsoft Docs

Microsoft Corporation, as one of our IT service providers, receives personal data from the above-mentioned in the context of Online Meeting, insofar as this is provided for in our order processing agreement with Microsoft. With the help of the concluded order processing, on the basis of EU standard contractual clauses, Microsoft is obliged to comply with the legal requirements of the applicable data protection law. A current version can be found at the following link: Licensing Documents (microsoft.com).

Your data subject rights:

In the case of legitimate interest, you have the right to object at any time in accordance with Art. 21, and in connection with your consent, the right of revocation in accordance with Art. 7 (3) GDPR. For more information on this, but also on the other rights you have, please see section B.

If you would like to be informed about our jazz events and access our concert newsletter, STIWA Holding GmbH processes the following personal data:

  • E-mail address
  • Name, first name (optional)

Note: In connection with our newsletter, in order to be able to check whether the registration is really made by you, we use the double opt-in procedure for online registration. Following your registration for our newsletter, you will receive an e-mail for renewed confirmation.

In the context of the double opt-in procedure, the following data is also processed:

  • Place, date and time of registration
  • IP address
  • E-mail address
  • Name, first name, if you have also provided this on a purely voluntary basis.

Your personal data is processed for the following purpose:

  • Sending the concert newsletter to inform you about our events
  • Execution of the double opt-in procedure

Legal basis:

The legal basis for the processing of your personal data is your consent pursuant to Art. 6 (1) lit. b GDPR and is generally not required. However, failure to provide your personal data would result in us not being able to send you information about events.

Data retention:

Your personal data will be deleted immediately after the purpose no longer applies - in most cases, this is the case after three years after the last contact - provided that no legal retention periods or any legal claims exist, or you have already withdrawed your consent in advance.

Recipients:

  • IT service provider that we use to send the newsletter. A data processing agreement has been concluded with this service provider, which obligates it to comply with legal requirements.
  • Third parties; insofar as we are legally obliged to do so or you have given your express consent.

Your data protection rights:

In connection with your consent, you have the right of withdrawal in accordance with Article 7 (3) GDPR. For more information on this, but also on the other rights you have, see section B.

If we may welcome you as a guest at one of our events or if you rent one of our seminar rooms in Hagenberg, the following personal data will be processed by us, STIWA Holding GmbH:

  • Name, first name
  • Title
  • Reachability by telephone
  • E-mail address
  • Content / information of your message / inquiry
  • Date
  • Bank details in the context of payment for tickets
  • Photo / video recordings
  • IP address / MAC address, duration of connection, log files (guest WLAN)

Your personal data is processed for the following purpose:

  • Organization, implementation and processing of requests, ticket sales and events.
  • Reporting and publication of photos / video recordings
  • Provision of the guest WLAN

 

Legal basis:

The legal basis for the processing of your personal data as a natural person in the context of the organization, implementation and processing of requests, ticket sales and events are pre-contractual measures or a contract between you and us pursuant to Art. 6 para. 1 lit. b GDPR. As a legal entity, the processing of your personal data in response to an inquiry on your part is based on consent pursuant to Art. 6 para. 1 lit. a GDPR, the organization, implementation and handling of the event itself on the legitimate interest of a contractual obligation pursuant to Art. 6 para. lit. f GDPR.

In the case of the processing of photos / video recordings or if you also want to use our guest WLAN, the processing is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and is therefore not required in principle. However, a non-provision would result in you not being able to use our guest WLAN, among other things.

If photos / video recordings of historical value are created (e.g. in the course of anniversaries), the long-term archiving is based on our legitimate interest pursuant to Art. 6 (1) (f) in conjunction with Art. 17 (3) (a) GDPR (note; However, the processing of your personal data is restricted in this case).

Data retantion:

In the case of an offer or the conclusion of a contract, we are obliged to store your data for seven years after the expiry of the purpose due to statutory retention periods (including §132 of the Federal Fiscal Code BAO). However, the processing is restricted.

Photos and video recordings that are of historical value to us are archived for a long period of time - in accordance with the right to freedom of expression and information (cf. Art. 17 para. 3 lit. a DSGVO) - but the processing is restricted and the protection of personal data is ensured technically and organisationally.

General photos or video recordings will be deleted immediately after the purpose no longer applies or after you have exercised your right of revocation. However, please bear in mind that print media already ordered and printed, or the photos and names used in them, will not be destroyed. Furthermore, even in the case of publication in social media and on our website, your data can never be completely deleted from a technical point of view.

Personal data that exists in connection with the provision of our guest WLAN on the basis of your consent will be stored for a period of 30 days and then deleted.

Recipients:

  • Internally within the STIWA Group; on an ad hoc basis if this is necessary to achieve one of the purposes listed above. Please note that in this case, data could also be transferred to our subsidiaries in a third country (United States of America / China). A third country transfer is only permitted if suitable guarantees are in place to protect your personal data. For this reason, we have recourse to the standard contractual clauses of the European Commission: Standard contractual clauses for international transfers (europa.eu)
  • Third parties (including regional and national print media / social networks, external recipients of the employee magazine Profiles); publication of photographs and reporting on events.

Other sources:

On an occasion-related basis, we receive your personal data in connection with attendance at one of our events from an external ticketing service (in this case: CTS Eventing Austria GmbH (ÖTicket)).

Your data protection rights:

In the case of legitimate interest, you have the right of objection at any time in accordance with Art. 21, and in connection with your consent, the right of withdrawal in accordance with Art. 7 (3) GDPR. For more information on this, but also on the other rights you have, please see section B.

If you, as our customer, supplier or business partner, are interested in our internal employee magazine "Profile" and would like it to be sent to you or if we would like to mention you in one of our articles in our magazine, STIWA Holding GmbH will process the following personal data:

  • Name, first name
  • Title
  • Company name
  • Address
  • Photographs
  • Information about anniversaries, career, birth, birthday, wedding or death (event-related).

Your personal data will be processed for the following purpose:

  • Mailing of the employee magazine Profiles
  • Creation and publication of the employee magazine (internal / external), among other things, to pass on information regarding products, services, events and to introduce people connected with STIWA
  • Long-term archiving in the case of photos / information for the documentation of the company history. In this case, however, a restriction of processing takes place

 

Legal basis:

The legal basis for the processing of the above-mentioned personal data is your consent pursuant to Art. 6 (1) lit. a GDPR. In principle, it is not necessary to provide your personal data, however, if you do not provide it, we will not be able to send you our employee magazine Profile or pass on information on your part or about you.

If photos / video recordings of historical value are created (e.g. in the course of anniversaries), the long-term archiving is based on our legitimate interest pursuant to Art. 6 (1) f in conjunction with Art. 17 (3) a GDPR (note; However, the processing of your personal data is limited in this case).

Data retention:

The processing of your personal data for the purpose of sending and forwarding information takes place until your consent is revoked. Subsequently, the personal data processed for the purpose defined above will be deleted. Please note, however, that in the case of print media that have already been ordered or printed, revocation is unfortunately no longer possible and printed copies are still used up.

Photos / information of historical value will be archived, but we would like to explicitly inform them that in this case there will be a strict limitation of processing.

Recipients:

  • Internally within the STIWA Group; on an ad hoc basis if this is necessary to achieve one of the purposes listed above. Please note that in this case, data will also be transferred to our subsidiaries in a third country (United States of America / China). A third country transfer is only permitted if suitable guarantees for the protection of your personal data are available. For this reason, we have recourse to standard contractual clauses of the European Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_de
  • Service providers (in this case: printers) who have been entrusted with the mailing of the employee magazine Profile. An order processing agreement was concluded with this service provider, which obligates it to comply with legal requirements.
  • IT service providers, insofar as they have to be used for maintenance and support of our data processing equipment on an ad hoc basis. Corresponding contracts (order processing contracts or, in the case of a third country transfer, standard contractual clauses of the EU Commission) have been concluded with them, obliging them to comply with legal requirements.

Your data protection rights:

In the case of legitimate interest, you have the right to object at any time in accordance with Art. 21, and in connection with your consent, the right of revocation in accordance with Art. 7 (3) GDPR. For more information on this, but also on the other rights you have, please see section B.

If we have aroused your interest as a future employer and you access our career portal to send us your application documents, your documents will be sent to the relevant STIWA Group company of the branches in the EU/EEA (see also section A). In this case, there is a joint controllership according to Article 26 of the European General Data Protection Regulation. These branches have determined by means of an agreement which controller within the meaning of the GDPR fulfills which obligations under data protection law. The essential content of this agreement can be made available upon request by the data subject.

Note: In the case of an application directly to our subsidiary STICHT Technologie GmbH or STIWA US Inc. this joint responsibility does not exist. In this context, the companies mentioned here are their separate controllers within the meaning of the GDPR.

In connection with their application via our career portal (Open Positions), we process the following personal data:

  • First name, secound name
  • E-mail address
  • Availability by telephone (optional)
  • Information that we receive, on the one hand, through your application documents and, on the other hand, in the course of the interview (title, nationality, gender, photo, address, cover letter, curriculum vitae, (service) certificates, information on training, qualifications and professional experience).
  • If applicable, also travel data and bank details (for reimbursement of travel expenses)
  • Information on the source, how you came to our attention.

If you also provide us with special categories of personal data (such as health data, religious affiliation, degree of disability) on a purely voluntary basis in the letter of application or as part of the subsequent application process, this data will only be processed if you have given us your consent to do so.

The processing of the above-mentioned personal data is carried out for the following purposes:

  • Including carrying out the application process
  • Evaluation of the application documents to determine whether recruitment is possible for the advertised position
  • Communication and invitation to interviews
  • Submission of an offer and, if applicable, reimbursement of travel expenses.
  • In the event that you have given your consent for your application documents to be kept on file
  • Improvement of our applicant marketing by evaluating the source

Legal basis:

The processing of your personal data in connection with applicant management is based on the legal basis of your consent pursuant to Art. 6 para. 1 lit. a. GDPR or, subsequently, on the basis of pre-contractual measures pursuant to Art. 6 para. 1 lit. b GDPR.

With reference to our German companies, the legal basis results from Art. 88 para. 1 GDPR in conjunction with § 26 para. 1 sentence 1 BDSG. Insofar as the data are special categories of personal data that you yourself provide to us (for example, information about a severely disabled status), the processing is based on the legal basis of Art. 9 (2) lit. b GDPR in conjunction with Section 26 (3) Federal Data Protection Act (BDSG).

The legal basis for the evaluation of the source, how they became aware of us and which contributes to the improvement of our application marketing, is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

If - as already mentioned above - you also provide us with special categories of personal data, the processing will be based purely on your consent (Art. 9 Para. 2 lit. a GDPR).

If we are unable to consider you further with regard to a job offer, but you would like us to keep a record of it, the processing of your personal data is also based on a separate consent pursuant to Art. 6 Para. 1 lit. a GDPR, which you give us.

Storage period:

Your personal data will be deleted immediately after the purpose ceases to apply or after withdrawel of any consent given on your part or objection - provided that no legal retention periods, any legal claims or legal proceedings stand in the way of deletion. If no recruitment takes place, this is regularly the case 6 months after a rejection has been issued.

If travel expenses are reimbursed, we are obligated by legal retention periods (e.g. from commercial and tax retention obligations in Austria up to 7 years and in Germany up to 10 years) to store the related personal data on a limited basis.

If you have given your consent for us to store your personal data in our applicant database even after a rejection, the data will be deleted after two years unless you revoke your consent in advance.

If you sign an employment contract with us, we will store your data for the duration of the employment relationship. In this case, you will receive further information about the processing of your data in the employment relationship as soon as you start the employment relationship with us.

Recipients:

  • Internally within the STIWA Group within the scope of joint responsibility (EU/EEA), transmission of application documents to requesters of the corresponding vacancies within the EU/EEA.
  • IT service providers, insofar as they have to be used for the maintenance and support of our data processing equipment on an ad hoc basis For the maintenance and operation of our applicant tool, we use an external IT service provider within the EU/EEA. A contract processing agreement has been concluded with this service provider, which obligates it to comply with legal requirements.
  • Third parties (including courts), to the extent legally permissible and necessary to comply with applicable law or to assert, exercise or defend legal claims

Other sources:

Apart from your application directly via the career portal (open positions) on our STIWA homepage, there is also the possibility in individual cases that your application documents are transmitted to us by career portals (including Karriere.at , DEV.Jobs), furthermore by job agencies (including ePunkt GmbH, WIPA GmbH) or educational institutions.

In the context of a direct approach to candidates on the social media platforms provided for this purpose (e.g. Xing or LinkedIn), personal data of potential applicants are processed. For our part, only publicly accessible profile data (in particular first name/last name) is processed. The processing of personal data primarily serves the purpose of searching for suitable candidates and establishing contact. In this particular case, the data processing is based on Art. 6 para. 1 lit. f GDPR. The collected data remains exclusively within the STIWA companies named above.

Note: This does not apply in the case of an application directly to our subsidiary STICHT Technologie GmbH or STIWA US Inc.

Your data subject rights:

In the case of legitimate interest, you have the right of objection at any time in accordance with Art. 21 GDPR, and in the case of consent, the right of revocation in accordance with Art. 7 (3) GDPR. For more information on this, but also on the other rights you have, please see section B.

If we have aroused your interest in an apprenticeship / dual study program with us at STIWA Holding GmbH or an apprenticeship with STIWA Deutschland GmbH or STICHT Technologie GmbH (DE) and you would like to apply to us, we will process the following personal data from you or your parents’ authorized:

  • First name, last name
  • Title
  • E-mail address
  • Reachability by telephone
  • Address
  • Information we receive from your application documents and during the interview (title, nationality, gender, photo, address, cover letter, curriculum vitae, references, information on training, qualifications and work experience).
  • Photographs for public relations purposes
  • Social security number to apply for subsidies
  • Information on motor and mental abilities within the framework of the entrance test       

The processing of the above personal data is carried out for the following purposes:

  • Organization and implementation of career orientation
  • Carrying out the application procedure (evaluation of application documents to determine whether recruitment is possible for the advertised position, communication and invitation to the admission interview, submission of an offer)
  • Conducting and handling the admission test and the practice day
  • Instruction in work safety at the workplace
  • Publication of photos for reporting and publication within the framework of the career orientation day and the practice day
  • Application for subsidies and the associated apprenticeship notification (contact details; applicant data) to the relevant authority, which must be carried out before the apprenticeship contract is signed (Öster-reichische Gesellschaften.

Legal basis:

With the exception of the purpose regarding instruction in occupational safety and for applying for subsidies, the processing of your personal data or its custody authorized is based on the legal basis of consent pursuant to Art. 6 (1) lit. a GDPR. In principle, it is not necessary to provide your personal data, but in this case we cannot evaluate your application documents and subsequently consider them in the application process.

Personal data and its processing in connection with occupational safety are based on a legal requirement (including the ASchG in Austria) in accordance with Art. 6 (1) c GDPR, in connection with the application for funding on a legitimate interest in accordance with Art. 6 (1) f GDPR and are therefore necessary.

Storage period:

Personal data that we collect as part of the career orientation day and the practical day will be deleted immediately if you are no longer interested in applying to us or the processing has been withdrawed.

If a contract of employment is concluded between you and us, the personal data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. In this case, you will receive further information about the processing of your data in the employment relationship as soon as you start this relationship with us.

If no employment contract is concluded with you, your application documents will be deleted six months after notification of the rejection decision, provided that no other legitimate interests of our company prevent deletion. A legitimate interest is, for example, the obligation to provide evidence in proceedings under the Equal Treatment Act (GlBG), among other things.

Photographs that we have taken of you or your guardians during the practice day and published as part of our public relations work are stored for a limited period of four years so that they can be used, for example, for a review of your apprenticeship training. Please bear in mind that - if a report is published in our internal employee magazine or in local print media - print media that have already been ordered and printed, or the photos and names used in them, cannot be destroyed; furthermore, even in the case of publication in social media and on our homepage, your data can never be completely deleted from a technical point of view.

Personal data that exist in connection with the application for subsidies and the associated apprenticeship end notification, are stored for 7 years in Austria (Federal Fiscal Code §132 BAO) after the purpose ceases to exist.

Recipients:

  • IT service providers, insofar as these would have to be accessed on an ad hoc basis in the context of the maintenance and support of our data processing equipment. We have concluded a dataprocessing agreement with them to protect your personal data in accordance with Art. 28 GDPR.
  • Service providers, among others, for the evaluation of the test results of the admission test. A contract processing agreement in accordance with Art. 28 GDPR has been concluded with them for the protection of your personal data.
  • Third parties (authorities, public institutions, (vocational) schools, media); among other things, for the issuance of the apprenticeship contract / training contract, the processing of the final examination, application for funding and the associated apprenticeship notification, for summoning you to the vocational school or media for reporting and publication of photos.

Your data protection rights:

In the case of legitimate interest, you have the right of objection at any time in accordance with Art. 21 GDPR, and in the case of consent, the right of withdrawal in accordance with Art. 7 (3) GDPR. For more information on this, but also on the other rights you have, please see section B.

If we have aroused your interest in an internship or in writing your scientific paper with us, your application documents will be forwarded to the relevant STIWA Group company of the branches in Austria. In this case, there is a joint controllership according to Article 26 of the European Data Protection Regulation. These branches have stipulated by means of an agreement which responsible party within the meaning of the GDPR fulfills which obligations under data protection law. The essential content of this agreement can be made available upon request by the data subject.

In connection with your application, we process the following personal data from you or your authorized guardians

  • First name, last name
  • E-mail address
  • Availability by telephone
  • Address
  • Information that we receive through your application documents and during the interview (cover letter, curriculum vitae, (service) certificates, information on training, qualifications and professional experience).

The processing of the above personal data is carried out for the following purposes:

  • Including carrying out the application process
    • Evaluation of application documents
    • Communication and invitation to interviews
    • Submission of the contract and, if necessary, reimbursement of travel expenses.
  • In the case of an existing consent to keep records

Legal basis:

The processing of your personal data is based on the legal basis of your consent pursuant to Art. 6 para. 1 lit. a. GDPR or subsequently on the basis of pre-contractual measures pursuant to Art. 6 para. 1 lit. b GDPR. If we cannot consider you further, but it is desired on your part that we keep them on record, the processing of your personal data is also based on a separate consent pursuant to Art. 6 para. 1 lit. a GDPR, which you give us.

Storage period:

Your personal data will be deleted immediately after the purpose has ceased to apply or after revocation of any consent you have given - provided that no statutory retention periods, any legal claims or legal proceedings stand in the way of deletion. This is regularly the case 6 months after a cancellation has been issued.

If travel expenses are reimbursed, we are obligated by legal retention periods (e.g. from commercial and tax retention obligations in Austria of up to 7 years) to store the associated personal data for a restricted period.

If you have given your consent for us to store your personal data in our applicant database even after a rejection, the data will be deleted after two years unless you revoke your consent in advance.

If you sign a contract with us, we will store your data for the duration of your internship / writing your scientific paper. In this case, you will receive further information about the processing of your data as soon as you start with us.

Recipients:

  • Internally within the group (within the STIWA Group (AT) within the scope of joint controllership), transmission of application documents to requesters of the corresponding vacancy.
  • IT service providers, insofar as these would have to be accessed on an ad hoc basis within the framework of the maintenance and support of our data processing equipment. We have concluded a data processing agreement with them to protect your personal data in accordance with Art. 28 GDPR.
  • Third parties (third parties if this is necessary to comply with applicable law or to assert, exercise or defend legal claims (including courts, authorities, legal advisors).

Your data protection rights:

In the event of consent, you have the right of withdrawal in accordance with Art. 7 (3) GDPR. More information on this, but also on the other rights you have, can be found in section B

If you are interested in our STIWA Educational Content and would like to have access to our demonstration package, STIWA AMS GmbH processes the following personal data:

  • Username
  • IP address

Your personal data will be processed for the following purpose:

  • Provision of our Educational Content

Legal basis:

The legal basis for the processing of your personal data is a contract ((user) license agreement) that you as a natural person conclude with us at STIWA AMS GmbH (Art. 6 para. 1 lit b DSGVO). The processing is necessary in this context.

Profiling does not take place.

Storage period:

Your personal data will be stored for one month after the purpose ceases to apply - provided there are no statutory retention periods or any legal claims - and then deleted immediately. 

Recipients:

  • IT service provider to whom we have recourse on an ad hoc basis as part of maintenance or support. 
  • Third parties; insofar as we are legally obliged to do so or you have given your express consent.

Your data protection rights:

You can find more information on this, as well as on the other rights you have, in section B

If you have filled out our networking form at one of our trade fair stands or during a visit on site because you are interested in becoming a future employee in one of our STIWA companies (EU/EEA) and would also like to be informed about current STIWA topics and news, we will process the following personal data from you:

  • First name, secound name
  • Title (optional)
  • E-mail address
  • Telephone contact details (optional)
  • Information about your education (study / school) (optional)
  • Information about your interest in STIWA and your preferred location (optional)
  • Any other information you would like to share with us about yourself (optional)  

In this case, there is joint controllership in accordance with Article 26 of the European General Data Protection Regulation. These branches have concluded an agreement to determine which controller within the meaning of the GDPR fulfills which data protection obligations. The essential content of this agreement can be made available at the request of the person concerned.

The processing of the above-mentioned personal data is carried out for the following purposes:

  • To contact you following our conversation in order to be able to offer you information tailored to you (e.g. a vacancy, an apprenticeship, an internship or dual studies).
  • To inform you about current STIWA topics and news (STIWA Insider)

Legal basis:

The processing of your personal data in connection with the above-mentioned purposes is based in both cases on the legal basis of your consent pursuant to Art. 6 para. 1 lit. a. GDPR.

Storage period:

Personal data that we process from you for the above-mentioned purpose will be stored for 2 years after the purpose no longer applies - provided that no statutory retention periods or any legal claims oppose deletion or you already make use of revocation in advance - and subsequently deleted.

Longer storage than 2 years will only take place if you have separately consented to this.

Recipients:

  • Within the group (within the STIWA Group EU/EEA); on an ad hoc basis, if this is necessary to achieve the above-mentioned purpose.
  • IT service providers, insofar as they need to be used for the maintenance and support of our data pro-cessing equipment. Order processing contracts have been concluded with them, which oblige them to com-ply with legal requirements.
  • Third parties (e.g. courts, authorities) insofar as we are legally obliged to do so or you have given us your consent to do so.

Your data protection rights:

In the event of consent, you have the right of withdrawal in accordance with Art. 7 (3) GDPR. More information on this, but also on the other rights you have, can be found in section B.

If you like to experiment or are interested in technical topics, you can register with us at STIWA Holding GmbH in our on-site Makerspace and give your ideas free rein.

We process the following personal data from you:

  • First name, last name
  • Title
  • Date of birth
  • Availability by telephone
  • E-mail address
  • Access log-in
  • Alarm logbook
  • Badge logbook
  • Audit logbook
  • STIWA badge number
  • Information about access authorizations
  • Timestamp of registration
  • Video recordings (monitoring of operating sites).

The processing of the above personal data is carried out for the following purposes:

  • For making appointments, registration and inclusion in contact data management.
  • For instruction in occupational safety in accordance with the use of techniques and equipment provided
  • To issue access authorizations for potential interested parties and, as a result, to protect company and business secrets and to enforce house rights

Legal basis:

The processing of your personal data for the purpose of making appointments, registration and inclusion in the contact data management is based on your consent in accordance with Art. 6 Para. 1 lit. a GDPR. In principle, it is not necessary to provide your personal data, but if you do not provide it, you will not be able to register with us.

Personal data related to occupational safety is based on a legal requirement (including the ASchG) in accordance with Art. 6 (1) lit. c GDPR, in connection with the allocation of access authorizations and to protect trade and business secrets and to enforce house rules on the legitimate interest in accordance with Art. 6 (1) lit. f GDPR, and are therefore necessary. 

Storage period:

Your personal data processed in connection with the appointment, registration and inclusion in the contact data management will be deleted immediately after the purpose ceases to apply, unless there are legal retention periods or any legal claims or in the event of your revocation of consent.

Log files / logging data in connection with the protection of company and business secrets and for the enforcement of house rules will be deleted after the following periods; access logbook up to 180 days (deletion by overwriting), ID card logbook up to 3650 days (deletion by overwriting), audit logbook up to 365 days (deletion by overwriting) and alarm logbook up to 90 days (deletion by overwriting).

Video recordings in connection with the monitoring of the business premises for the protection of trade and business secrets and for the enforcement of house rights are deleted automatically after 72h - provided that no legal claims, if any, oppose deletion.

Recipient:

  • Internally (within the STIWA Group) on an ad hoc basis if this is necessary to achieve one of the above-mentioned purposes. Please note that in this case, data will also be transferred to our subsidiaries in a third country (United States of America / China). A third country transfer is only permitted if suitable guarantees are in place to protect your personal data. For this reason, we have recourse to standard contractual clauses of the European Commission: Standard contractual clauses for international transfers (europa.eu)
  • IT service providers, insofar as they have to be used for maintenance and support of our data processing equipment on an ad hoc basis. For the protection of your personal data, we have concluded a data processing contract with them in accordance with Art. 28 GDPR.

Your data protection rights:

In the case of legitimate interest, you have the right to object at any time in accordance with Art. 21 GDPR, and in the case of consent, the right of withdrawal in accordance with Art. 7 (3) GDPR. For more information on this, but also on the other rights you have, please see section B.

If you are interested in taking part in our innovationcontest, we, STIWA Advanced Products GmbH, will process the following personal data:

  • Surname, first name
  • E-mail address
  • Telephone number (if you provide it to us voluntarily)
  • Address (based on purpose b)
  • Country (if you have consented to this)
  • Age (if you have consented to this)
  • Photo (occasion-related in connection with the announcement of the winner)
  • Log files
  • Access to the website including path
  • IP address
  • Referrer URL (page from which the file was requested)
  • Date and time our website was accessed
  • Browser data
  • Information about your operating system
  • Access status and amount of data transferred

 

The above personal data is processed for the following purposes:

  1. Processing the award of the ideas competition
  2. Conclusion of an agreement for longer-term cooperation with the idea provider (event-related)
  3. Keeping records in order to contact you again if necessary
  4. Announcement of the winner in the (national) regional print media and/or the employee magazine Profile and/or STIWA homepage and/or the global, internal intranet and/or social media
  5. Statistical surveys and evaluations
  6. Verification of the legal requirements for participation in the competition
  7. Ensuring a smooth connection setup, smooth use of our website and evaluation of system security and stability

 

Legal basis:

The processing of your personal data in connection with purpose 1+2 is based on the legal basis of the contract pursuant to Art. 6 para. 1 lit. b GDPR, as the processing is necessary for the establishment and execution of a competition contract or the conclusion of a "purchase" of an idea.

The above-mentioned purposes 3-5 are based on the legal basis of your consent pursuant to Art. 6 para. 1 lit. a. GDPR, in connection with purpose 6 on the legal basis of a legal obligation pursuant to Art. 6 para. 1 lit. c GDPR and purpose 7 on the basis of legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

 

Storage period:

After the end of the ideas competition and completion of the competition contract, your data in this context will be irrevocably deleted, unless you have separately consented to it being kept on record for 2 years.

Information on age and country as part of the reach analysis will be stored for a further 12 months after the end of the ideas competition and then irrevocably deleted.

Personal data relating to visits to the website will also be deleted after 12 months.

Data relating to the conclusion of a contract will be stored for a limited period of 7 years after the contract expires, e.g. due to retention obligations under commercial and tax law.

 

Recipients:

  • Internally (within the STIWA Group) (on ad hoc basis) if you have given your consent; e.g. for the purpose of maintenance / support of the website, reporting e.g. via STIWA's global intranet or on the website or to take up the idea. Please note that in this case, data may also be transferred to our subsidiaries in a third country (United States of America / China) on an ad hoc basis. A third country transfer is only permitted if suitable guarantees are in place to protect your personal data. For this reason, we have recourse to standard contractual clauses of the European Commission: ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en
  • IT service providers, insofar as they need to be used, for example, for the maintenance and support of our data processing equipment or our website. Data Processing Agreements have been concluded with them, which oblige them to comply with legal requirements.
  • Third parties (courts, (supra-)regional print media, printers, social media, educational institutions) if you have given us your separate consent or if we are legally obliged to do so; e.g. for the assertion of legal claims, for the preparation of a project report / final thesis or for reporting / publication of the winner.

 

Your data protection rights:

For more information on your right to withdraw your consent in accordance with Art. 7 para. 3 GDPR or your right to object in accordance with Art. 21 para. 1 GDPR, as well as on the other rights you have, please refer to section B.

If you visit us personally at one of our locations, we would like to draw your attention to the fact that our premises and server rooms are under video surveillance. The processing is carried out within the framework of joint controllership in accordance with Article 26 of the European General Data Protection Regulation. The respective STIWA companies have stipulated by means of an agreement which responsible party within the meaning of the GDPR fulfills which obligations under data protection law. Upon request of the data subject, the essential content of this agreement can be made available.

In addition to the data protection declaration, you will also be made aware of this at the relevant access points to our sites by means of corresponding information signs.

We process the following personal data in connection with the video surveillance of our business premises:

  • Video recording
  • Date and time
  • Location of the recording
  • Identity of the persons concerned (if recognizable)
  • Vehicle license plate number (if recognizable)

The processing of the above personal data is carried out for the following purposes:

  • Encrypted video surveillance for the purpose of self-protection / domiciliary rights (protection of the organization's property as well as the employees)
  • Prevention, containment and clarification of criminally relevant behavior, insofar as this affects the area of responsibility of the person responsible, with exclusive evaluation in the occasion defined by the purpose
  • Assertion of claims

Legal basis:

The processing of your personal data is based on the legal basis of legitimate interest Art. 6 para. 1 lit. f GDPR or §12 para. 2f DSG and is necessary for the above purposes.

No automatic decision-making or profiling is carried out.

Storage period:

Your personal data is only stored for a period of 72 hours. Subsequently, these will be deleted automatically, unless data is required as evidence in the context of an event or in the context of the assertion of staigen legal claims.

Recipients:

  • Service provider (security/doorman service), in the course of real-time monitoring of our business premises. An order processing contract has been concluded with this service provider, which obligates it to comply with legal requirements.
  • Third parties (law enforcement agencies, legal and public prosecutor's office, courts or insurance companies) on an occasion-related basis for the assertion of any legal claims or settlement of damages.

Your data protection rights:

In the case of legitimate interest, you have the right of objection at any time in accordance with Art. 21 GDPR. For more information on this, please refer to section B.

If you visit us in person at one of our sites, we would like to draw your attention to the fact that your personal data will be processed as part of the security briefing or the completion of the initial non-disclosure agreement and the associated inclusion in the contact data management, as well as the issue of visitor passes or the provision of our guest WLAN. In this context, the processing is carried out within the framework of joint controllership in accordance with Article 26 of the European General Data Protection Regulation. The STIWA companies associated with us have determined by means of an agreement which responsible party within the meaning of the EU Data Protection Regulation fulfills which obligations under data protection law. The essential content of this agreement can be made available upon request by the data subject.

In connection with your visit, we process the following personal data:

  • First name, last name
  • Title
  • Company name
  • Telephone accessibility (on business)
  • E-mail address (on business)
  • Company address
  • Log files and time recording data in the context of the use of the visitor badge (including access logs, badge logs, alarm logs)
  • IP address / Mac address, duration of connection and services used, if they should use our guest WLAN

The processing of the above personal data is carried out for the following purposes:

  • Unique identification of the visitor, to protect the house right and business and trade secrets (signing of a non-disclosure agreement (NDA) and documentation of the validity in the contact data management) and to be able to register you with your contact person.
  • Provision of the guest WLAN, if there is a need on your part for the use of our guest WLAN
  • Assertion of claims

 

Legal basis:

The processing of your personal data for the former and latter purposes is carried out on the legal basis of legitimate interest pursuant to Art. 6 (1) lit. f GDPR(among other things, to ensure security) and is therefore necessary.

The processing of your personal data regarding the use of our guest WLAN is based on the legal basis of your consent pursuant to Art. 6 (1) lit. a GDPR. The provision of your personal data is not required. If you do not wish to provide consent in this regard, we cannot offer you access to our guest WLAN.

Automatic decision-making or profiling does not take place.

Storage period:

Any storage of your personal data related to the visitor badge will be stored for the following periods after the purpose no longer applies:

  • Access logs: 180 days (overwrite deletion)
  • Badge logs: 3650 days (overwrite deletion)
  • Alarm logs: 90 days (overwrite deletion)
  • Audit logs: 365 days (overwrite deletion)
  • Personal data related to the NDA are stored for 30 years.
  • Personal data related to the provision of our guest WLAN based on their consent will be stored for a period of 30 days.

Recipients:

  • Internally (within the STIWA Group) on an ad hoc basis if this is necessary to achieve one of the above-mentioned purposes. Please note that in this case, data will also be transferred to our subsidiaries in a third country (United States of America / China). A third country transfer is only permitted if suitable guarantees are in place to protect your personal data. For this reason, we have recourse to standard contractual clauses of the European Commission: Standard contractual clauses for international transfers (europa.eu)
  • IT service providers for the purpose of maintenance/support of the data processing equipment used.  A data processing agreement has been concluded with these service providers, which obligates them to comply with legal requirements.
  • Third parties if this is necessary to comply with applicable law or to assert, exercise or defend legal claims (including courts, authorities, legal advisors).

 

Your data protection rights:

In the case of legitimate interest, you have the right to object at any time in accordance with Art. 21, and in connection with your consent, the right of withdrawal in accordance with Art. 7 (3) GDPR. For more information on this, but also on the other rights you have, please see section B.

If you have become aware of one of our STIWA products or services, whether at one of our trade fair booths, visiting us on site or via our website, and would like to learn more about it, the STIWA entities  (EU/EEA) process the following personal data:

  • Salutation (optional)
  • First name, second name
  • E-mail address
  • Telephone availability
  • Company information (name, location, function)
  • Interest (optional)
  •  

If we want to take a photo of you in the context of an event and you give us your consent to do so, we, the STIWA companies, will process the following personal data:

  • First name, last name
  • Photographs

In both cases, there is joint controllership in accordance with Article 26 of the European General Data Protection Regulation. These entities have entered into an agreement to determine which data controller within the meaning of the GDPR fulfills which obligations under data protection law. The essential content of this agreement can be made available upon request by the person concerned.

 

The processing of the above-mentioned personal data is carried out for the following purposes:

  • For contacting for the event and submitting offers for STIWA products and services.
  • For documentation and reporting in the regional print media, employee magazine, global intranet, homepage and social media.

 

Legal basis:

The processing of your personal data for the above-mentioned purposes is based on the legal basis of your consent pursuant to Art. 6 para. 1 lit. a. GDPR.

 

Storage period:

Personal data that we process from you for the first purpose of "contacting for the event" will be irrevocably deleted after the purpose no longer applies (this is usually the case after the end of the event) - provided that there are no statutory retention periods or any legal claims that prevent deletion or you have already made use of the withdrawal in advance.

Personal data that we process for the second purpose of "business initiation" will be stored for 2 years after the purpose no longer applies (e.g. no contract is concluded) - provided that there are no statutory retention periods or any legal claims to the contrary or you have already made use of the withdrawal in advance - and then irrevocably deleted.

Data will only be stored for longer than 2 years if you have consented to this separately.

Photographs that are of historical value to us will be archived for a long period of time in accordance with the right to freedom of expression and information (cf. Art. 17 Para. 3 lit. a GDPR), but processing will be restricted and the protection of personal data will be ensured technically and organizationally.

General photos or video recordings are deleted immediately after the purpose no longer applies or after you have exercised your right of revocation. However, please bear in mind that print media that have already been ordered and printed, or the photos and names used in them, will not be destroyed. Furthermore, even in the case of publication in social media and on our homepage, your data can never be completely deleted from a technical point of view.

 

Recipients:

  • Intra-group (within the STIWA Group); e.g. in case of reporting in our global intranet. Please note that in this case, data may also be transferred to our subsidiaries in a third country (United States of America / China) on an ad-hoc basis. A transfer to a third country is only permitted if there are suitable guarantees for the protection of your personal data. For this reason, we use the standard contractual clauses of the European Commission: ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en.
  • IT service providers, insofar as these would have to be used for the maintenance and support of our data processing equipment on an ad hoc basis. Data processing agreements have been concluded with these service providers, obliging them to comply with legal requirements.
  • Service providers (in this case: printers) who were entrusted with the mailing of the employee magazine Profile. An Data Processing Agreement was concluded with this service provider, obliging it to comply with legal requirements.
  • Third parties (including regional and national print media / social networks, external recipients of the employee magazine Profile); publication of photographs and reporting on events.

 

Your data protection rights:

For more information on your withdrawal pursuant to Art. 7 para 3 GDPR, but also on the other rights you have, please see section B.

To fulfill the legal requirements resulting from the Austrian Whistleblower Protection Act (HSchG), the Austrian companies of the STIWA Group and TISP Aufschließungs- und Betreibergesellschaft mbH use the whistleblower system HINTBOX.

Processing of personal data

In principle, it is possible to use our HINTBOX whistleblower system - as far as legally permissible - without providing personal data. A provision of personal data (name, first name, residence, telephone number, e-mail address, voice recording) is based explicitly on your voluntary consent.

We also do not process special categories of personal data. However, should you provide us with special categories of personal data (e.g. racial and/or ethnic origin, religious and/or ideological beliefs, trade union membership or sexual orientation), this will be done exclusively on the basis of your express consent.

The transmitted notification may also include personal data of third parties. In this case, the persons concerned will be informed and given the opportunity to comment on the matter. If this is the case, your identity will be treated confidentially and the person concerned - insofar as this is legally permissible - will not receive any information about your identity.

Should you provide us with personal data on a purely voluntary basis, the processing will be carried out for the following purposes:

  • Investigation of the report submitted via the HINTBOX whistleblower system.
  • Investigation of suspected violations of regulations and laws
  • Initiation of any necessary legal steps and for documentation purposes

If we have any questions about your report, we will communicate exclusively via the HINTBOX whistleblower system to ensure confidentiality and protect your identity.

We do not intend to use your personal data for purposes other than those mentioned above. Should this change, we will obtain your prior consent.

Legal basis:

If you provide us with personal data in the context of using our whistleblower system HINTBOX, the processing is based on your voluntary consent pursuant to Art. 6 (1) lit a GDPR, in the case of special categories of personal data based on your explicit consent pursuant to Art. 9 (2) lit a GDPR. There is no need for this, as the use of the whistleblower system Hintbox is possible in a purely anonymized manner.

Should it be necessary or legally required in the course of the investigation / examination of the facts or the initiation of legal action that we have to process your personal data, the processing is based on legal obligations (HSchG, criminal, competition and labor law obligations) pursuant to Art. 6 (1) lit. c GDPR or the legitimate interest of the company or third parties pursuant to Art. 6 (1) lit. f GDPR, in order to prevent and detect violations within the company, to verify the lawfulness of internal processes and to maintain the integrity of the company. This also applies to personal data of third parties that are necessary or required by law to clarify the facts.

Technical implementation and security of your data

Our whistleblower system HINTBOX offers the possibility of anonymous communication via an encrypted connection. If you use the HINTBOX, your IP address and your current location will not be stored at any time. After sending a message, you will receive access data to the HINTBOX inbox so that you can continue to communicate with us in a secure manner.

We maintain appropriate technical measures to ensure data protection and confidentiality. The data you provide is stored in a secure database. All data stored in the database is encrypted by lawcode GmbH using state-of-the-art technology. An data processing agreement has been concluded with this company, which obliges it to comply with legal requirements.

Storage period:

If personal data is processed, the data is irrevocably deleted after the purpose no longer applies, unless legal retention periods or any legal claims conflict with this. In Austria, this is usually the case after 5 years following the conclusion of the internal investigation, external investigations by law enforcement authorities or a possible legal dispute.

Recipients:

  • Internally within the Group (within the STIWA Group & TISP Aufschließungs- und Betreibergesellschaft mbH); on an ad hoc basis if this is necessary to achieve one of the purposes listed above. This would be the case, for example, if the investigation of your report is carried out in the country concerned. All persons authorized to inspect the data are bound to secrecy. Stored data can also only be viewed by authorized persons within the company who are free of conflicts of interest. Please note that in this case, data may also be transferred to our subsidiaries in a third country (United States of America / China) on an ad hoc basis. A third country transfer is only permitted if suitable guarantees are in place to protect your personal data. For this reason, we make use of standard contractual clauses of the European Commission: ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en
  • IT service provider in the context of providing our whistleblower system Hintbox (service-as-a-solution) and in the context of maintenance and support. A data processing agreement has been concluded with this in accordance with Art. 28 DSGVO.
  • Third parties (including courts, authorities, the legal profession) insofar as we are legally obliged to do so or you have given your express consent.

Your data protection rights

In connection with your consent, you have the right of revocation pursuant to Art. 7(3) GDPR, and in the case of a legitimate interest, the right of objection. For more information on this, but also on the other rights you have, please see section B.

Note: Please keep in mind that according to Section 8 (9) HSchG (Austria), for the duration of an administrative or judicial proceeding or an investigation under the StPO, to protect the whistleblower or to prevent attempts to prevent, undermine, or obstruct tips or follow-up actions based on tips, recourse to the following rights is not possible:

  • Right to information (§ 43 DSG, Articles 13 and 14 DSGVO),
  • Right of access (§ 1 para 3 (1) and Section 44 DSG, Art. 15 DSGVO),
  • Right to rectification (§ 1 para 3 (2) and Section 45 DSG, Art. 16 DSGVO),
  • Right to erasure (§ 1 para. 3 (2) and § 45 DSG, Art. 17 DSGVO),
  • Right to restriction of processing (§ 45 DSG, Art. 18 DSGVO),
  • Right to object (Art. 21 DSGVO) as well as
  • Right to notification of a personal data breach (Section 56 DSG and Art. 34 DSGVO).

 

Notice regarding changes to the data protection declaration
STIWA Holding GmbH, as the operator of this website, reserves the right to constantly adapt this data protection declaration, whether in order to always comply with the current and legal requirements or - resulting from new processing activities - to include these in the data protection declaration, e.g. in the context of providing new services. 

If you visit our website again, the new data protection declaration will apply from this point on.

The currently valid version is dated January 23th 2024.

Quick Contact