Automation Manufacturing Software

Data protection declaration


Data Privacy Statement Pursuant to Art. 13 and 14 GDPR

Data protaction declaration
according to Art. 13 and 14 GDPR

 

Thank you for your interest in data protection at the STIWA Group.

The protection of your personal data is important to the STIWA Group. Therefore, we would like to inform you with this data protection declaration in a transparent manner about the type and scope of the processing of your personal data within the scope of:

 

The legal basis for the processing of your personal data is in particular the General Data Protection Regulation (GDPR) or, in the case of us, STIWA Holding GmbH as website operator, the Austrian Data Protection Act (DSG).

Your personal data is processed exclusively within the framework of the legal requirements for the legally permissible purposes described in section C [link to section C]. Your personal data will only be passed on to third parties if you have consented to this or if another legal basis authorizes us to pass on the data. You will find more detailed information in this regard in the following sections of our data protection declaration. 

We also use external service providers to provide and secure our website, our technical infrastructure, our offers and services. These are contractually obligated and process your personal data only on our instructions. This ensures that the protection of your personal data is also guaranteed by appropriate technical measures.

If your personal data is also processed outside the European Union or the European Economic Area, this processing only takes place if the EU Commission has determined an adequate level of data protection in this third country or if the processor in the third country is bound by standard contractual clauses (SCCs).

Furthermore, we take all technical and organizational measures to protect your personal data from loss, unauthorized access or abuse.

Regarding to the sections that are still missing, we ask for your understanding that they are currently under revision. However, we are glad to help you if you have any questions regarding data privacy — please use only our electronic data protection mailbox datenschutz@stiwa.com.

The Controller within the meaning of Article 4 No. 7 of the European General Data Protection Regulation for the STIWA Group website is:

STIWA Holding GmbH
Salzburger Straße 52
4800 Attnang-Puchheim
Austria

Phone: +43 7674 6030
E-mail: office@stiwa.com

If you get in touch with a contact person of one of our subsidiaries directly - be it in case of general questions about products or services, pre-contractual measures or in the context of support requests - the respective STIWA company is responsible for the processing of your personal data.

If, for example, you are interested in one of our products or services and use our general contact options (office@stiwa.com, our contact form or Quick Contact), your request will be forwarded to the correct contact person. In this case, there is a joint controllership according to Article 26 of the GDPR. 

If we have aroused your interest as a future employer and you access our career portal to send us your application documents, your documents will be forwarded to the relevant STIWA Group company of the branches in the EU/EEA. In the context of our Corporate Services, this case also involves a joint controllership pursuant to Article 26 of the European General Data Protection Regulation.

Note: If you apply for a vacancy or a training position at STICHT Technologie GmbH in Germany, this company is responsible for the processing of your personal data in this context. You can find more information on this in section C - point 5 of this data protection declaration. In the case of an application to STIWA US Inc., the responsibility for the processing of your personal data lies there.

Austria

  • STIWA AMS GmbH
  • STIWA Automation GmbH
  • STIWA Advanced Products GmbH
  • STICHT Technologie GmbH
  • XeelTech GmbH

United states of amerika

  • STIWA US Inc.

You can find more information about our locations here: Locations - STIWA.

Germany

  • STIWA Deutschland GmbH
  • STICH Technologie GmbH

Mainland China

  • STIWA (Nantong) Automation Machinery Production Co., Ltd

If you have any questions regarding data protection or require to exercise your rights, please contact us via datenschutz@stiwa.com.

If you believe that the processing of your personal data by STIWA Group is not lawful, you can lodge a complaint with any data protection supervisory authority.

The competent supervisory authority for the Austrian companies of the STIWA Group pursuant to Art. 55f GDPR is:

Austrian supervisory authority

Barichgasse 40-42, 1030 Vienna; Phone: +43 1 52 152-0;

Contact (dsb.gv.at)

The competent supervisory authority for the subsidiary STIWA Deutschland GmbH pursuant to Art. 55f GDPR is:

 

Supervisory authority Nordrhein-Westfalen

Postbox 20 04 44, 40102 Düsseldorf; Phone: +49 211/38424-0, Fax: +49 211/38424-999;

Contakt (nrw.de)

 

The competent supervisory authority for the subsidiary STIWA Technologie GmbH (DE) pursuant to Art. 55f GDPR is:

Supervisory authority Hessen

Postbox 3163, 65021 Wiesbaden; Phone: +49 611 1408 – 0, Fax: +49 611 1408 - 900 / 901,

Contakt (hessen.de)

 

In accordance with Article 15 of the GDPR, you have the right to obtain information free of charge at any time about your personal data processed by the relevant company of the STIWA Group.

Apart from the right of access, you have the right of rectification (Art. 16 GDPR), erasure (Art. 17 GDPR) or restriction of processing (Art. 18 GDPR), which you can assert against the relevant company of the STIWA Group. In addition, you also have the right to data portability (Art. 20 GDPR).

If your personal data was processed on the basis of your consent (Art. 6 (1) a GDPR) by a respective company of the STIWA Group, you have the right to withdraw your consent for the future at any time without giving reasons. This also applies to the withdrawal of declarations of consent that you gave to the STIWA Group before May 25, 2018.

If you have given your consent when visiting our website to the processing of your personal data in connection with our embedded cookies that are not necessary, you can withdraw your consent at any time for the future by "removing the set check mark" and "saving".

[Under revision- in case of your withdrawal please contact datenschutz@stiwa.com]

If the processing of your personal data takes place on the basis of the legitimate interests (Art. 6 (1) f GDPR), you have the right to object on grounds relating to your particular situation. This also includes profiling pursuant to Article 4 No. 4 GDPR, whereby no profiling takes place.

If you exercise your right to object, STIWA Group will no longer process your personal data unless it can demonstrate either compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

If the processing of your personal data is in connection with direct marketing purposes, you may object to this at any time; this also applies to any profiling in connection with direct marketing purposes.

In the event of objection, personal data will no longer be processed for this purpose.

You can send your objection at any time without formalities with the subject "Objection", your withdrawal with the subject "Withdrawal" stating your name or other identification to:

STIWA Holding GmbH

Salzburger Straße 52

4800 Attnang-Puchheim

Austria

E-mail: datenschutz@stiwa.com

 

Please also address your requests regarding the other rights to which you are entitled as a data subject under the General Data Protection Regulation (right of access, rectification, erasure, restriction of processing and data portability) to the contact option listed here.

If there is any recourse on your part to the rights of data subjects and we have doubts about your identity, we will resort to our right to request further information from you in order to be able to identify you clearly.

This measure is important so that your personal data is not transferred to unauthorized third parties or, under certain circumstances, altered or deleted at their request.

In this context, you will receive a separate duty to inform according to Art. 13 GDPR. 

In addition to the rights already mentioned above, if you believe that the processing of your personal data violates the law, you may also contact the supervisory authority in your country of residence or the controller of your personal data (Article 77 of the GDPR). The competent supervisory authority for the respective companies of the STIWA Group can be found under Section A.

If you merely visit our website without using our contact options, for example, the following personal data stored in server log files is processed by us:

  • Call-up of the website including path
  • IP address
  • Referrer URL (page from which the file was requested)
  • Date and time of the call of our website
  • Browser data
  • Information about your operating system
  • Access status and amount of data transferred

The processing of personal data takes place for the purpose of:

  • Ensuring a smooth connection setup of the website,
  • Ensuring the smooth use of our website and
  • Evaluation of system security and stability

Legal basis:

The processing of your personal data is neither contractually nor legally required, but is based on the legal basis of legitimate interest pursuant to Art. 6 para. lit. f GDPR. Without the processing of the above-mentioned personal data, a smooth presentation or stability and functionality of our website, furthermore the maintenance of system security can be guaranteed and misuse can be prevented. 

Recipient:

A transfer to third parties does not take place unless you have given your express consent. We use an IT service provider for the maintenance and operation of our website. We have concluded an data processing agreement with this service provider, which obliges it to comply with legal requirements.

Data retention:

The above-mentioned personal data is stored for a period of 12 months and - unless a security-relevant event occurs (e.g. a DDos attack) - is then irrevocably deleted. In the event of such an event, the data is stored until the security-relevant event has been fully clarified and mitigated or eliminated.

Your data subject rights:

In the case of legitimate interest, you have the right of objection at any time in accordance with Art. 21 GDPR. For more information, please refer to Section B.

Cookies are small data sets that are created during your visit to our website, stored temporarily on your system and kept ready for later retrieval. If the server of our website is called up again by your visit, your browser sends the previously transmitted cookie back to the server and can, for example, evaluate information obtained through this procedure.

Within the scope of the use of cookies, navigation on our website can be facilitated in particular.

In the cookies we use, we distinguish between

  • Technically essential cookies
  • Technically non-essential cookies
    • Analysis and statistics
    • Third-party content

More detailed information about the cookies we use can be found in the next sections.

The following technically necessary cookies are implemented on our part:

Name

Purpose

Functional duration

siwa-cb

Provision of the cookie bar

365 days

Depending on which browser is used, the management of the cookie settings is different. A description of how you can delete the cookies stored on your end device, for example, can be found in the corresponding FAQs of the browser.

Here you will find an overview of the most common browsers and the corresponding link that will take you to the relevant FAQs.

Google Maps

If you plan to visit us in person, we would like to offer you the possibility via Google Maps that you can find us quickly and easily and reach us by your means of transport.

Google Maps is an Internet map service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland - hereinafter referred to as Google - which you can use to view locations of the STIWA Group, among others, online via a terminal device (PC, laptop, cell phone). By using Google my Business, you can also obtain further information about us, and you can also use Google Maps to display your route to us.

If you wish to make use of this offer, personal data will be transferred to Google and generally processed by them as an independent controller within the meaning of Art. 4 No. 7 GDPR. However, we cannot (technically) exclude that in the context of the use of Google Maps search services, which may be used by Google, requires a processing of your IP address from our systems. However, these are usually deleted 14 days after use.

Note: We would like to point out that the use of Google Maps is based exclusively on your consent.

You can find more information about data protection and the terms of use for Google Maps here:

Nähere Informationen zum Thema Datenschutz und den Nutzungsbedingungen zu Google Maps finden Sie hier: Privacy Policy – Privacy & Terms – Google

If you are interested in one of our products or services or have questions about a product you have already purchased and contact your STIWA Group contact person directly, the respective STIWA Group company to which your inquiry is directed is the controller within the meaning of the GDPR.

Note: This also applies to the processing of your personal data in the context of the personal presentation of your business card; e.g. at trade fairs or events.

If, for example, you use our general contact options (e-mail office@stiwa.com, our contact form or Quick Contact) in the event that you are interested in one of our products or services, your request will be forwarded to the correct contact person by STIWA Holding GmbH accordingly. In this case, there is a joint responsibility according to Article 26 of the European Data Protection Regulation.  The STIWA companies involved in this process have determined by means of an agreement which responsible party within the meaning of the EU Data Protection Regulation fulfills which obligations under data protection law. Upon request of the data subject, the essential content of this agreement can be made available.

The following personal data will be processed by us when you contact us:

  • Name, first name
  • E-mail address
  • Content of your message to us
  • Availability by telephone (optional)
  • Other information that you provide to us, e.g. by handing over your business card (title, function, company name, company address)

The processing of the above personal data is carried out for the following purposes:

  • Enabling contact
  • Communication; among other things, to process inquiries, to prepare quotations and to process contracts or to provide technical information on products and services of the STIWA Group.

Legal basis:

The legal basis for the processing of your personal data in the context of a mere contact without an offer being made or a contract being concluded is your consent pursuant to Art. 6 (1) lit. a GDPR. In principle, it is not necessary to provide your personal data, however, we cannot process your request if it is not provided.

If your inquiry results in a quotation or even the conclusion of a contract between you and a company of the STIWA Group, the processing of your personal data is based on the legal basis of pre-contractual measures pursuant to Art. 6 para. 1 lit. b GDPR or, in the case of the provision of information, if you have already concluded a contract with us, on our legitimate interest with regard to contractual obligations pursuant to Art. 6 para. 1 lit. f GDPR and is therefore necessary.

Insofar as legal obligations are also to be fulfilled on our part (including commercial or tax regulations), the processing of your personal data on the basis of legal requirements pursuant to art. 6 para. 1 lit. c GDPR also comes into consideration and is necessary in this case.

Data retention:

If there is only an interest on your part, but it does not come to an offer or the conclusion of a contract, the data will be deleted after the purpose ceases to apply or, if you have not already revoked your consent in advance, after two years, unless you have consented to a longer record keeping.

In the case of an offer or the conclusion of a contract, we are obliged to store your data for a limited period of time after the purpose no longer applies due to legal retention periods. Legal retention periods may arise, for example, from commercial and tax retention obligations (up to 7 years in Austria and 10 years in Germany).

 

Recipients:

  • Internally (within the STIWA Group); on an ad hoc basis if this is necessary to achieve one of the purposes listed above. Please note here that in this case, data transfer to our subsidiaries in a third country (United States of America / China) may also take place on an occasion-related basis. A third country transfer is only permitted if suitable guarantees are in place to protect your personal data. For this reason, we have recourse to standard contractual clauses of the European Commission: ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en
  • IT service providers, insofar as these would have to be used on an ad hoc basis within the scope of the maintenance and support of our data processing equipment. Appropriate contracts (data processing agreement or, in the case of a third country transfer, standard contractual clauses of the EU Commission) have been concluded with these service providers, obliging them to comply with legal requirements.
  • Third parties (courts, tax authorities, supervisory authorities), insofar as this is legally permissible and necessary to comply with applicable law or to assert, exercise or defend legal claims.

Your data protection rights:

In the case of legitimate interest, you have the right to object at any time in accordance with Art. 21, and in connection with your consent, the right of withdrawal in accordance with Art. 7 (3) GDPR. For more information on this, but also on the other rights you have, please see section B.

The STIWA Group company with which you have a business relationship is responsible for the processing of personal data.

However, if, for example, more than one STIWA Group company is processing data within the scope of a project and there is joint controllership pursuant to Art. 26 GDPR, the STIWA companies involved have entered into an agreement to determine which data controller within the meaning of the GDPR  fulfills which data protection obligations. Upon request of the data subject, the essential content of this agreement can be made available.

The following personal data is processed in this context:

  • First name, last name
  • Title
  • Position
  • Company affiliation
  • Abbreviation
  • User name in accordance with our service portal including password
  • Date and time
  • IP address
  • Browser data
  • Information about your operating system
  • Access status and amount of data transferred
  • Information regarding the incident / issue
  • Information / data for the collection of statistics / evaluations
  • Health data and social security number, insofar as these must inevitably be processed in the course of troubleshooting in the area of laboratory automation

The processing of the above personal data is carried out for the following purposes:

Planning, implementation and administration of (contractual) business relations; among other things, for processing incidents, technical and organizational support and maintenance, furthermore for inspection, handling of repairs / complaints, preparation of statistics and administration of evaluations.

Legal basis:

The processing of your personal data for the above-mentioned purposes is based on our legitimate interest pursuant to Art. 6 (1) lit. f GDPR (here: fulfillment of contractual obligations) and is therefore necessary.

Insofar as we are also required to fulfill legal obligations (including commercial or tax regulations), the processing of your personal data on the basis of legal requirements pursuant to Art. 6 (1) c GDPR also comes into consideration and is necessary in this case.

In principle, we do not collect any health data from you. However, if this sensitive data is processed in the area of laboratory automation for the purpose of troubleshooting a data processing device, this is based on the legal basis pursuant to Art. 9 (2) h GDPR.

Data retention:

Your personal data will be deleted immediately after the purpose ceases to apply, unless you object in advance to the processing of your personal data based on legitimate interest (Article 21(1) GDPR) or any legal claims or statutory retention periods prevent deletion. Legal retention periods may result, for example, from retention obligations under commercial and tax law (up to 7 years in Austria and 10 years in Germany).

Recipients:

  • Internally (within the STIWA Group); on an ad hoc basis if this is necessary to achieve one of the purposes listed above. Please note that in this case, data may also be transferred to our subsidiaries in a third country (United States of America / China). A third country transfer is only permitted if suitable guarantees are in place to protect your personal data. For this reason, we have recourse to standard contractual clauses of the European Commission: ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en
  • IT service providers, insofar as these would have to be used for the maintenance and support of our data processing equipment on an ad hoc basis. Appropriate contracts (data processing agreement or, in the case of a third country transfer, standard contractual clauses of the EU Commission) have been concluded with these service providers, obliging them to comply with legal requirements.
  • Third parties (courts, tax authorities, supervisory authorities), insofar as this is legally permissible and necessary to comply with applicable law or to assert, exercise or defend legal claims.

Your data protection rights:

In the case of legitimate interest, you have the right to object at any time in accordance with Art. 21. For more information on this, but also on the other rights you have, see section B.

If you are interested in training courses or workshops and access our catalogs / information materials in the download area, we, STIWA Holding GmbH, as the website operator, process the following personal data from you:

  • Calling up the website including path
  • IP address
  • Referrer URL (page from which the file was requested)
  • Date and time of the call to our website
  • Browser data
  • Information about your operating system
  • Access status and amount of data transferred


The processing of the above-mentioned personal data takes place for the following purposes:

  • Providing documents / information about our workshops / trainings.
  • Enabling the download of the corresponding documents on our website
  • Ensuring functionality and maintaining system security.

 

Legal basis:

The processing of your personal data is neither contractually nor legally required, but is based on the legal basis of legitimate interest according to Art. 6 para. lit. f GDPR. Without the processing of the above-mentioned personal data, a smooth display or functionality of the download on our website, furthermore the maintenance of system security can be guaranteed and misuse can be prevented.

Data retention

The storage of the above-mentioned personal data is carried out for a period of 12 months and – unless a security-relevant event occurs (e.g. a DDos attack) – will be irrevocably deleted afterwards. In the event of such an event, the data will be stored until the security-relevant event has been fully clarified and mitigated or eliminated.

Recipients:

Data will not be transferred to third parties unless you have given your express consent to do so. We use an IT service provider for the maintenance and operation of our website. A data processing agreement has been concluded with this service provider, which obliges it to comply with legal requirements.

Your data protection rights:

In the case of legitimate interest, you have the right of objection at any time in accordance with Art. 21. For more information on this, but also on the other rights you have, please see section B.

If you would like to learn more about our products and services and decide to subscribe to our software newsletter, STIWA AMS GmbH processes the following personal data:

  • E-mail address
  • Name, first name, title (optional)

Note: In connection with our newsletter, in order to be able to check whether the registration is really made by you, we use the double opt-in procedure for online registration. Following your registration for our newsletter, you will receive an e-mail for renewed confirmation.

In the context of the double opt-in procedure, the following data is also processed:

  • Place, date and time of registration
  • IP address
  • E-mail address
  • Name, first name, if you have also provided this on a purely voluntary basis.

Your personal data is processed for the following purpose:

  • Dispatch of the software newsletter
  • Execution of the double opt-in procedure

 

Legal basis:

In both cases, the legal basis for the processing of your personal data is your consent pursuant to Art. 6 (1) lit. a GDPR and is generally not required. However, failure to provide your personal data would mean that we would not be able to send you information about products and services. Profiling does not take place.

Retention period:

Your personal data will already be deleted after withdrawal of your voluntarily given consent - provided that there are no legal retention periods or any legal claims.

Note: Please bear in mind that, for technical reasons, it may take a few hours until the unsubscription from the newsletter is executed, so in a few exceptional cases a dispatch will take place during this period.

Recipient:

  • IT service provider that we use to send the newsletter. A data processing agreement has been concluded with this service provider, which obligates it to comply with legal requirements.
  • Third parties; insofar as we are legally obliged to do so or you have given your express consent.

Your data protection rights:

In connection with your consent, you have the right of revocation in accordance with Article 7 (3) GDPR. For more information on this, but also on the other rights you have, see section B.

In the context of meetings, the STIWA Group also uses virtual means of communication (Microsoft Teams web conference), in which your voice is transmitted via microphone and, if necessary, your image is also transmitted via webcam to all other meeting participants (hereinafter referred to as "online meetings"). For this purpose, we use service providers with whom - if necessary - corresponding data protection agreements have been concluded.

The respective company of the STIWA Group with which you hold a virtual meeting is responsible for processing your personal data.

We would also like to point out that the type or amount of personal data that is processed depends, on the one hand, on the functional scope of the video conferencing system itself and, on the other hand, on you as a user or meeting participant, i.e. which data you provide.

The following personal data may be processed:

  • Display name
  • E-mail address
  • Status (optional)
  • Status messages (optional)
  • Profile picture (optional)
  • Language
  • Date and time
  • Duration of the meeting
  • Meeting ID
  • Log files
  • Phone number - event related
  • Location data - event-related
  • Text, audio, video and other multimedia data
  • Audio or video recordings
  • Shared content (including links, documents)

Note: During a videoconference, data from the microphone, a webcam, or a screen display of your end device (using the screen/content sharing function) is processed for the display of video signals, the playback of audio signals, and multimedia data; e.g., if you are giving a presentation. The meeting participant can switch the microphone and / or the camera on and off independently at his end device at any time; furthermore, the screen / content sharing function must also be actively activated and terminated by the user. In addition, the user may also have recourse to the chat function.

Your personal data is processed for the following purpose:

  • Ensuring frictionless communication and conducting telephone conferences, online meetings, video conferences, training courses and webinars ("online meetings").
  • Documentation and for logging (audio and/or video recording) of, among other things, questions to be clarified or results during the online meeting or for training purposes, in order to also train persons who could not participate in the online meeting afterwards or for self-study.

Legal basis:

The legal basis for the processing of your personal data is the legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. The legitimate interest here lies, among other things, in ensuring functionality, frictionless communication and the conduct of online meetings with our business partners in further contractual obligations.

The processing of your personal data in the context of recordings is based on the legal basis of your consent pursuant to Art. 6 (1) lit. a GDPR. If a recording is planned, we will inform you of this in a transparent manner and obtain your consent in advance.

Data retention:

Your user data will be stored by us as long as, for example, a business relationship with you exists and subsequently no legal retention periods or any legal claims oppose deletion.

Meeting data and text, audio or video data, if no recording took place but there was processing apart from this, are automatically deleted after 90 days following the end of the online meeting.

If a recording of the online meeting took place for which you have given your consent, we store this data after the end of the online meeting until the purpose no longer applies and delete it afterwards, unless there are legal retention periods or any legal claims or you have revoked your consent in advance.

Automated decision-making pursuant to Art. 22 GDPR is not used.

Recipients:

Internally within the STIWA Group, on an ad hoc basis if this is necessary to achieve one of the purposes listed above. Please note that in this case, data will also be transferred to our subsidiaries in a third country (United States of America / China). A third country transfer is only permitted if suitable guarantees are in place to protect your personal data. For this reason, we have recourse to standard contractual clauses of the European Commission: Standard contractual clauses for international transfers (europa.eu).

IT service providers who may be required to conduct online meetings or to maintain and support the data processing equipment used here. Corresponding data protection agreements have been concluded with these service providers, obliging them to comply with legal requirements.

Third parties; (e.g. external participants, courts), if we are legally obliged to do so or you have given your express consent.

Note: Within our technical capabilities, we have limited the storage locations to data centers within the EU/EEA. Thus, the processing of your personal data does not take place outside the borders of the EU/EEA. However, we cannot technically completely rule out routing or storage on servers outside the European Union at the processor Microsoft.

Note / information in line with the use of Microsoft Teams ("MS Teams"):

Should you call up the corresponding Microsoft website (https://teams.microsoft.com/) to download the necessary MS Teams software, "Microsoft" is responsible for data processing. The call of this website is only necessary for the download, if a use should/cannot be made directly and without a download via an Internet browser.

"Microsoft Teams" is a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, United States of America.

The use of MS-Teams is generally subject to the usage and data protection provisions of "Microsoft", over which the STIWA Group itself has no influence. If MS-Teams is used, the user must accept the terms of use and data protection of "Microsoft". If this is not done, the use of MS-Teams is not possible.

The data protection regulations of Microsoft can be found here: https://privacy.microsoft.com/en-us/privacystatement

The terms of use can be found here: https://www.microsoft.com/en/servicesagreement/

Furthermore, you can find further information on the subject of online services from Microsoft here: https://www.microsoft.com/en-us/trust-center/privacy/.

Microsoft Corporation, as one of our IT service providers, receives personal data from the above-mentioned in the context of Online Meeting, insofar as this is provided for in our order processing agreement with Microsoft. With the help of the concluded order processing, on the basis of EU standard contractual clauses, Microsoft is obliged to comply with the legal requirements of the applicable data protection law. A current version can be found at the following link: Licensing Documents (microsoft.com).

Your Privacy Rights:

In the case of legitimate interest, you have the right to object at any time in accordance with Art. 21, and in connection with your consent, the right of revocation in accordance with Art. 7 (3) GDPR. For more information on this, but also on the other rights you have, please see section B.

In the context of ever newer technologies that enable us to work even more effectively and efficiently in order to meet the requirements of our customers at best, we also use, among other things, the HoloLens2 from Microsoft in conjunction with MS Teams. This may involve the processing of personal data in the course of assembly or maintenance activities at your site, among other things.

The respective company of the STIWA Group that uses HoloLens2 is always responsible for the processing of your personal data.

In this context, the following additional personal data may be processed in addition to the personal data already listed under Section C - Item 3.3:

  • Sensor data, including the respective location via GPS or WLAN.
  • Biometric data, if applicable, insofar as your iris is stored in the system and used for activation.

Your personal data is processed for the following purpose:

  • Facilitation or improvement of the employee's activities, including in the context of instructions via data glasses during maintenance work, fault analysis without the need for physical presence at the customer's site or training / instruction. 
  • Making operational processes more effective.

Legal basis:

The legal basis for the processing of your personal data is the legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. The legitimate interest in this case lies, among other things, in ensuring functionality and a cost-efficient implementation of contractual obligations in the context of maintenance or repair work.

The legal basis for the processing of your personal data in the context of audio or video recordings is your freely given consent pursuant to Art. 6 para. 1 lit. a GDPR, if your iris is processed to activate the terminal device, your express consent pursuant to Art. 9 para. 2 lit. a GDPR.

Storage period:

Your user data will be stored by us as long as, for example, a business relationship with you exists and subsequently no legal retention periods or any legal claims oppose deletion.

Meeting data and text, audio or video data, if no recording took place but there was processing apart from this, are automatically deleted after 90 days following the end of the online meeting.

If a recording of the online meeting took place for which you have given your consent, we store this data after the end of the online meeting until the purpose no longer applies and delete it afterwards, unless there are legal retention periods or any legal claims or you have revoked your consent in advance.

Automated decision-making pursuant to Art. 22 GDPR is not used.

Recipients:

  • Internally within the STIWA Group, on an ad hoc basis if this is necessary to achieve one of the purposes listed above. Please note that in this case, data will also be transferred to our subsidiaries in a third country (United States of America / China). A third country transfer is only permitted if suitable guarantees are in place to protect your personal data. For this reason, we have recourse to standard contractual clauses of the European Commission: Standard contractual clauses for international transfers (europa.eu)
  • IT service providers who may be required to conduct online meetings or to maintain and support the data processing equipment used here. Corresponding data protection agreements have been concluded with these service providers, obliging them to comply with legal requirements.
  • Third parties; (e.g. external participants, courts), if we are legally obliged to do so or you have given your express consent.

Note: Within our technical capabilities, we have limited the storage locations to data centers within the EU/EEA. Thus, the processing of your personal data does not take place outside the borders of the EU/EEA. However, we cannot technically completely rule out routing or storage on servers outside the European Union at the processor Microsoft.

Note / information in line with the use of MS HoloLens2.

The data protection regulations of Microsoft can be found here: https://privacy.microsoft.com/en-us/privacystatement

The terms of use can be found here: https://www.microsoft.com/en/servicesagreement/

Furthermore, you can find more detailed information about HoloLens2 from Microsoft here: HoloLens 2 Privacy | Microsoft Docs

Microsoft Corporation, as one of our IT service providers, receives personal data from the above-mentioned in the context of Online Meeting, insofar as this is provided for in our order processing agreement with Microsoft. With the help of the concluded order processing, on the basis of EU standard contractual clauses, Microsoft is obliged to comply with the legal requirements of the applicable data protection law. A current version can be found at the following link: Licensing Documents (microsoft.com).

Your data subject rights:

In the case of legitimate interest, you have the right to object at any time in accordance with Art. 21, and in connection with your consent, the right of revocation in accordance with Art. 7 (3) GDPR. For more information on this, but also on the other rights you have, please see section B.

If you would like to be informed about our jazz events and access our concert newsletter, STIWA Holding GmbH processes the following personal data:

  • E-mail address
  • Name, first name (optional)

Note: In connection with our newsletter, in order to be able to check whether the registration is really made by you, we use the double opt-in procedure for online registration. Following your registration for our newsletter, you will receive an e-mail for renewed confirmation.

In the context of the double opt-in procedure, the following data is also processed:

  • Place, date and time of registration
  • IP address
  • E-mail address
  • Name, first name, if you have also provided this on a purely voluntary basis.

Your personal data is processed for the following purpose:

  • Sending the concert newsletter to inform you about our events
  • Execution of the double opt-in procedure

Legal basis:

The legal basis for the processing of your personal data is your consent pursuant to Art. 6 (1) lit. b GDPR and is generally not required. However, failure to provide your personal data would result in us not being able to send you information about events.

Data retention:

Your personal data will be deleted immediately after the purpose no longer applies - in most cases, this is the case after three years after the last contact - provided that no legal retention periods or any legal claims exist, or you have already withdrawed your consent in advance.

Recipients:

  • IT service provider that we use to send the newsletter. A data processing agreement has been concluded with this service provider, which obligates it to comply with legal requirements.
  • Third parties; insofar as we are legally obliged to do so or you have given your express consent.

Your data protection rights:

In connection with your consent, you have the right of withdrawal in accordance with Article 7 (3) GDPR. For more information on this, but also on the other rights you have, see section B.

If we may welcome you as a guest at one of our events or if you rent one of our seminar rooms in Hagenberg, the following personal data will be processed by us, STIWA Holding GmbH:

  • Name, first name
  • Title
  • Reachability by telephone
  • E-mail address
  • Content / information of your message / inquiry
  • Date
  • Bank details in the context of payment for tickets
  • Photo / video recordings
  • IP address / MAC address, duration of connection, log files (guest WLAN)

Your personal data is processed for the following purpose:

  • Organization, implementation and processing of requests, ticket sales and events.
  • Reporting and publication of photos / video recordings
  • Provision of the guest WLAN

 

Legal basis:

The legal basis for the processing of your personal data as a natural person in the context of the organization, implementation and processing of requests, ticket sales and events are pre-contractual measures or a contract between you and us pursuant to Art. 6 para. 1 lit. b GDPR. As a legal entity, the processing of your personal data in response to an inquiry on your part is based on consent pursuant to Art. 6 para. 1 lit. a GDPR, the organization, implementation and handling of the event itself on the legitimate interest of a contractual obligation pursuant to Art. 6 para. lit. f GDPR.

In the case of the processing of photos / video recordings or if you also want to use our guest WLAN, the processing is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and is therefore not required in principle. However, a non-provision would result in you not being able to use our guest WLAN, among other things.

If photos / video recordings of historical value are created (e.g. in the course of anniversaries), the long-term archiving is based on our legitimate interest pursuant to Art. 6 (1) (f) in conjunction with Art. 17 (3) (a) GDPR (note; However, the processing of your personal data is restricted in this case).

Data retantion:

In the case of an offer or the conclusion of a contract, we are obliged to store your data for seven years after the expiry of the purpose due to statutory retention periods (including §132 of the Federal Fiscal Code BAO). However, the processing is restricted.

Photos and video recordings that are of historical value to us are archived for a long period of time - in accordance with the right to freedom of expression and information (cf. Art. 17 para. 3 lit. a DSGVO) - but the processing is restricted and the protection of personal data is ensured technically and organisationally.

General photos or video recordings will be deleted immediately after the purpose no longer applies or after you have exercised your right of revocation. However, please bear in mind that print media already ordered and printed, or the photos and names used in them, will not be destroyed. Furthermore, even in the case of publication in social media and on our website, your data can never be completely deleted from a technical point of view.

Personal data that exists in connection with the provision of our guest WLAN on the basis of your consent will be stored for a period of 30 days and then deleted.

Recipients:

Other sources:

On an occasion-related basis, we receive your personal data in connection with attendance at one of our events from an external ticketing service (in this case: CTS Eventing Austria GmbH (ÖTicket)).

Your data protection rights:

In the case of legitimate interest, you have the right of objection at any time in accordance with Art. 21, and in connection with your consent, the right of withdrawal in accordance with Art. 7 (3) GDPR. For more information on this, but also on the other rights you have, please see section B.

If you, as our customer, supplier or business partner, are interested in our internal employee magazine "Profile" and would like it to be sent to you or if we would like to mention you in one of our articles in our magazine, STIWA Holding GmbH will process the following personal data:

  • Name, first name
  • Title
  • Company name
  • Address
  • Photographs
  • Information about anniversaries, career, birth, birthday, wedding or death (event-related).

Your personal data will be processed for the following purpose:

  • Mailing of the employee magazine Profiles
  • Creation and publication of the employee magazine (internal / external), among other things, to pass on information regarding products, services, events and to introduce people connected with STIWA
  • Long-term archiving in the case of photos / information for the documentation of the company history. In this case, however, a restriction of processing takes place

 

Legal basis:

The legal basis for the processing of the above-mentioned personal data is your consent pursuant to Art. 6 (1) lit. a GDPR. In principle, it is not necessary to provide your personal data, however, if you do not provide it, we will not be able to send you our employee magazine Profile or pass on information on your part or about you.

If photos / video recordings of historical value are created (e.g. in the course of anniversaries), the long-term archiving is based on our legitimate interest pursuant to Art. 6 (1) f in conjunction with Art. 17 (3) a GDPR (note; However, the processing of your personal data is limited in this case).

Data retention:

The processing of your personal data for the purpose of sending and forwarding information takes place until your consent is revoked. Subsequently, the personal data processed for the purpose defined above will be deleted. Please note, however, that in the case of print media that have already been ordered or printed, revocation is unfortunately no longer possible and printed copies are still used up.

Photos / information of historical value will be archived, but we would like to explicitly inform them that in this case there will be a strict limitation of processing.

Recipients:

  • Internally within the STIWA Group; on an ad hoc basis if this is necessary to achieve one of the purposes listed above. Please note that in this case, data will also be transferred to our subsidiaries in a third country (United States of America / China). A third country transfer is only permitted if suitable guarantees for the protection of your personal data are available. For this reason, we have recourse to standard contractual clauses of the European Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_de
  • Service providers (in this case: printers) who have been entrusted with the mailing of the employee magazine Profile. An order processing agreement was concluded with this service provider, which obligates it to comply with legal requirements.
  • IT service providers, insofar as they have to be used for maintenance and support of our data processing equipment on an ad hoc basis. Corresponding contracts (order processing contracts or, in the case of a third country transfer, standard contractual clauses of the EU Commission) have been concluded with them, obliging them to comply with legal requirements.

Your data protection rights:

In the case of legitimate interest, you have the right to object at any time in accordance with Art. 21, and in connection with your consent, the right of revocation in accordance with Art. 7 (3) GDPR. For more information on this, but also on the other rights you have, please see section B.

If we have aroused your interest as a future employer and you access our career portal to send us your application documents, your documents will be sent to the relevant STIWA Group company of the branches in the EU/EEA (see also section A). In this case, there is a joint controllership according to Article 26 of the European General Data Protection Regulation. These branches have determined by means of an agreement which controller within the meaning of the GDPR fulfills which obligations under data protection law. The essential content of this agreement can be made available upon request by the data subject.

Note: In the case of an application directly to our subsidiary STICHT Technologie GmbH or STIWA US Inc. this joint responsibility does not exist. In this context, the companies mentioned here are their separate controllers within the meaning of the GDPR.

In connection with their application via our career portal (Open Positions), we process the following personal data:

  • First name, secound name
  • E-mail address
  • Availability by telephone (optional)
  • Information that we receive, on the one hand, through your application documents and, on the other hand, in the course of the interview (title, nationality, gender, photo, address, cover letter, curriculum vitae, (service) certificates, information on training, qualifications and professional experience).
  • If applicable, also travel data and bank details (for reimbursement of travel expenses)
  • Information on the source, how you came to our attention.

If you also provide us with special categories of personal data (such as health data, religious affiliation, degree of disability) on a purely voluntary basis in the letter of application or as part of the subsequent application process, this data will only be processed if you have given us your consent to do so.

The processing of the above-mentioned personal data is carried out for the following purposes:

  • Carrying out the application process, including.
  • Evaluation of the application documents to determine whether recruitment is possible for the advertised position
  • Communication and invitation to interviews
  • Submission of an offer and, if applicable, reimbursement of travel expenses.
  • In the event that you have given your consent for your application documents to be kept on file
  • Improvement of our applicant marketing by evaluating the source

Legal basis:

The processing of your personal data in connection with applicant management is based on the legal basis of your consent pursuant to Art. 6 para. 1 lit. a. GDPR or, subsequently, on the basis of pre-contractual measures pursuant to Art. 6 para. 1 lit. b GDPR.

With reference to our German companies, the legal basis results from Art. 88 para. 1 GDPR in conjunction with § 26 para. 1 sentence 1 BDSG. Insofar as the data are special categories of personal data that you yourself provide to us (for example, information about a severely disabled status), the processing is based on the legal basis of Art. 9 (2) lit. b GDPR in conjunction with Section 26 (3) Federal Data Protection Act (BDSG).

The legal basis for the evaluation of the source, how they became aware of us and which contributes to the improvement of our application marketing, is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

If - as already mentioned above - you also provide us with special categories of personal data, the processing will be based purely on your consent (Art. 9 Para. 2 lit. a GDPR).

If we are unable to consider you further with regard to a job offer, but you would like us to keep a record of it, the processing of your personal data is also based on a separate consent pursuant to Art. 6 Para. 1 lit. a GDPR, which you give us.

Storage period:

Your personal data will be deleted immediately after the purpose ceases to apply or after withdrawel of any consent given on your part or objection - provided that no legal retention periods, any legal claims or legal proceedings stand in the way of deletion. If no recruitment takes place, this is regularly the case 6 months after a rejection has been issued.

If travel expenses are reimbursed, we are obligated by legal retention periods (e.g. from commercial and tax retention obligations in Austria up to 7 years and in Germany up to 10 years) to store the related personal data on a limited basis.

If you have given your consent for us to store your personal data in our applicant database even after a rejection, the data will be deleted after two years unless you revoke your consent in advance.

If you sign an employment contract with us, we will store your data for the duration of the employment relationship. In this case, you will receive further information about the processing of your data in the employment relationship as soon as you start the employment relationship with us.

Recipients:

  • Internally within the STIWA Group within the scope of joint responsibility (EU/EEA), transmission of application documents to requesters of the corresponding vacancies within the EU/EEA.
  • IT service providers, insofar as they have to be used for the maintenance and support of our data processing equipment on an ad hoc basis For the maintenance and operation of our applicant tool, we use an external IT service provider within the EU/EEA. A contract processing agreement has been concluded with this service provider, which obligates it to comply with legal requirements.
  • Third parties (including courts), to the extent legally permissible and necessary to comply with applicable law or to assert, exercise or defend legal claims

Other sources:

Apart from your application directly via the career portal (open positions) on our STIWA homepage, there is also the possibility in individual cases that your application documents are transmitted to us by career portals (including Karriere.at , DEV.Jobs), furthermore by job agencies (including ePunkt GmbH, WIPA GmbH).

In the context of a direct approach to candidates on the social media platforms provided for this purpose (e.g. Xing or LinkedIn), personal data of potential applicants are processed. For our part, only publicly accessible profile data (in particular first name/last name) is processed. The processing of personal data primarily serves the purpose of searching for suitable candidates and establishing contact. In this particular case, the data processing is based on Art. 6 para. 1 lit. f GDPR. The collected data remains exclusively within the STIWA companies named above.

Note: This does not apply in the case of an application directly to our subsidiary STICHT Technologie GmbH or STIWA US Inc.

Your data subject rights:

In the case of legitimate interest, you have the right of objection at any time in accordance with Art. 21 GDPR, and in the case of consent, the right of revocation in accordance with Art. 7 (3) GDPR. For more information on this, but also on the other rights you have, please see section B.

If you filled in our visitorlog at one of our trade fair visit or at one of our local events because you are interested as a future employee in one of our STIWA companies (EU/EEA) and would like to receive information, we process the following personal data from you:

  • First name, secound name
  • Title
  • E-mail address
  • Telephone availability (optional)
  • Information about your education (study / school) (optional)
  • Information about your interest in STIWA and your preferred location (optional)
  • Any other information you would like to share with us about yourself (optional)  

In this case, there is a joint responsibility under Article 26 of the European General Data Protection Regulation. These companies have determined, by means of an agreement, which responsible party within the meaning of the GDPR, fulfills which data protection obligations. Upon request of the data subject, the essential content of this agreement can be made available.

The processing of the above-mentioned personal data is carried out for the following purposes:

  • To contact you following our conversation in order to be able to offer you information tailored to you (e.g. a vacancy, an apprenticeship, an internship or dual studies).

Legal basis:

The processing of your personal data in connection with contacting us is based on the legal basis of your consent pursuant to Art. 6 para. 1 lit. a. GDPR.

Storage period:

Personal data that we process from you for the above-mentioned purpose will be stored for 2 years after the purpose no longer applies - provided that no statutory retention periods or any legal claims oppose deletion or you already make use of revocation in advance - and subsequently deleted.

Longer storage than 2 years will only take place if you have separately consented to this.

Recipients:

  • Internally (within the STIWA Group); on an ad hoc basis if this is necessary to achieve the above-mentioned purpose. Please note that in this case, data may also be transferred to our subsidiaries in a third country (United States of America / China). A third country transfer is only permitted if suitable guarantees are in place to protect your personal data. For this reason, we use the standard contractual clauses of the European Commission: ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en.
  • IT service providers, insofar as these would have to be used on an ad hoc basis in the context of the maintenance and support of our data processing equipment. Order processing contracts have been concluded with these, obliging them to comply with legal requirements.

Your data protection rights:

In the event of consent, you have the right of revocation in accordance with Art. 7 (3) GDPR. More information on this, but also on the other rights you have, can be found in section B.

Notice regarding changes to the data protection declaration
STIWA Holding GmbH, as the operator of this website, reserves the right to constantly adapt this data protection declaration, whether in order to always comply with the current and legal requirements or - resulting from new processing activities - to include these in the data protection declaration, e.g. in the context of providing new services. 

If you visit our website again, the new data protection declaration will apply from this point on.

The currently valid version is dated January 23rd 2023.

Quick Contact