Thank you for your interest in our company. Privacy is of highest importance for the management of Kirchdorfer Fertigteilholding GmbH. The use of Kirchdorfer Fertigteilholding GmbH’s website is basically possible without disclosure of personal data. However, if a person concerned would like to make use of special services of our company via our internet site, the processing personal data could be necessary. If the processing of personal data is necessary and if there is no legal basis for such a processing of data, we generally seek approval of the person in question. The processing of personal data such as name, address, e-mail address or telephone number of the person in question will always be done in accordance with the General Data Protection Regulation and in accordance with the country specific privacy regulations applicable to Kirchdorfer Fertigteilholding GmbH. By means of this privacy statement our company would like to inform the public on the nature, extent and purpose of personal data collected, utilized and processed by us. Furthermore, concerned persons („data subjects”) are informed of the rights on their part by way of this privacy statement.
As the responsible entity for the processing the data („controller”), Kirchdorfer Fertigteilholding GmbH has taken several technical and organizational measures to secure protection as seamless as possible for personal data processed through this website. However, the transfer of data over the internet can never be absolutely secured. Therefore, every data subject is of course free to choose alternative ways of transferring personal data to us, e.g. via telephone.
The privacy statement of Kirchdorfer Fertigteilholding GmbH is based on the terminology used by the European legislative body in the course of issuing the General Data Protection Regulation (GDPR). Our privacy statement is supposed to be easily readable and understandable for the public as well as for our customers and business partners. In order to ensure this, we would first like to define the terms used. Among others, this privacy statement uses the following terms:
a) Personal Data
Personal data is all kind of information that relates to an identified or identifiable natural person (hereafter referred to as „concerned person”). A natural person is defined as „identifiable”, if it can be identified directly or indirectly, in particular through assigning identifiers such as a name, an id number, location data, an online ID or one or several particular features that are an expression of the person’s physiological, genetical, psychical, economical, cultural or social identity.
b) Data Subject
A data subject is every identified or identifiable natural person, whose personal data are processed by the personal responsible for the processing.
Processing refers to every manually or automatically performed event or sequence of events in relation to personal data such as the collection, the recording, the organisation, the ordering, the saving, the editing or modification, the selection, the requesting, the utilization, the disclosure by way of transfer, publication or any other form of provision, the comparison or combination, the limitation, deleting or erasing.
d) Restriction of Processing
The restriction of processing is the marking of saved personal data with the aim of limiting their future processing.
Profiling is every kind of automated processing of personal data that consists in using personal data in order to judge certain personal aspects that relate to a natural person, especially in order to analyse or predict aspects regarding work performance, economic situation, health, preferences, interests, reliability, location or change of location of that natural person.
Pseudonymization is the processing of personal data in such a way that the personal data cannot be attributed to a specific concerned personal anymore without the enlistment of additional information, as long as said additional information is stored separately and subjected to technical and organizational measures that ensure that personal data cannot be assigned to an identified or identifiable natural person.
g) The Controller
The controller (responsible for the processing) is any natural person or legal entity, authority, agency or other institution that decides alone or in cooperation with others about the means and purposes of the processing of personal data. If these means and purposes are specified by EU law or the national law of member countries, then the person responsible or the criteria of his appointment can be provided by these laws.
A processor is any natural person or legal entity, authority, agency or other institution that processes data on behalf of the controller.
A recipient is any natural person or legal entity, authority, agency or other institution to whom personal data is disclosed, irrespective of whether it constitutes a third party or not. Authorities that receive data in the course of an investigation covered be EU laws or the laws of member states, are not considered as recipients.
j) Third Party
A third party is any natural person or legal entity, authority, agency or other institution that is not a data subject, a controller, a processor or a person authorised to process personal data under the immediate responsibility of the controller or of the processor.
Consent is every declaration of intent given voluntary for a particular case, in an informed fashion and unmistakably by a data subject in the form of a declaration or any other explicitly confirmed action with which the person concerned intimates his or her agreement with the processing of their respective personal data.
2. NAME AND ADRESS OF THE PERSON RESPONSIBLE FOR PROCESSING
The person responsible for the purposes of the General Data Protection Regulation and other privacy regulations or privacy related provisions implemented in the member countries is:
Kirchdorfer Fertigteilholding GmbH
Kirchdorfer Platz 1
Telefon: +43 5 7715 1010
3 . COOKIES
The data subject can oppose the placing of cookies through our website anytime with the respective settings of the web browser used and thus prevent the storage of cookies on a permanent basis. Existing cookies can be deleted anytime through the web browser or other software applications. This is possible with any major web browser on the market. By deactivating the storage of cookies, the data subject can possibly not use all functions of our website to their full extent.
4. COLLECTION OF GENERAL DATA AND INFORMATION
The Website of Kirchdorfer Fertigteilholding GmbH collects a series of general data and information with every request that is sent by either a data subject or an automated system. They are stored in the server’s logfiles and may include: (1) the type and version of web browser used, (2) the operating system of the access requesting system, (3) the website, from which the accessing system was referred to our website, (4) the sub web pages that are requested on our website by the accessing system, (5) the date and time of an access to our website, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system and (8) other similar data and information, which is used to respond to threats in case of attacks on our information technology systems.
In using this general data and information Kirchdorfer Fertigteilholding GmbH does not draw conclusions as to the identity of the concerned person. Instead, this information is needed in order to (1) correctly deliver the contents of our website, (2) optimize the content our website as well as advertising for it, (3) ensure the permanent functioning of the IT systems and the technology of our website as well as (4) be able to hand over the necessary information to the prosecutorial authorities in case of a cyber attack. This anonymously gathered data and information are analysed statistically by Kirchdorfer Fertigteilholding GmbH, as well as with the aim to raise privacy and privacy protection in our company, in order to ensure an optimal level of protection for the processing or personal data by us. The anonymous server logfiles are stored separate from all personal data given to us by a data subject.
5. ROUTINE DELETION AND CLOSURE OF PERSONAL DATA
The controller will process and store personal data of the data subject only as long as it is necessary to achieve the purpose of storage or if provided by the European regulatory authority or any other body under whose authority the controller responsible for the processing is. If the purpose of storage ceases to apply or if a storage period mandated by the European regulatory authority or any other relevant regulatory body expires, personal data is routinely closed and deleted according to the statutory provisions.
6. RIGHTS OF THE DATA SUBJECT
a) Right to confirmation
Each data subject has the right, as granted by the European directives and regulatory authority, to require the controller to confirm whether personal data relating to him or her is being processed. If a data subject wishes to exercise this right of confirmation, an employee of the controller can be contacted at any time.
b) Right to information
Any person affected by the processing of personal data shall have the right granted by the European legislative authority at any time to obtain free information from the controller on the personal data stored about him and a copy of that information. In addition, the European directives and regulatory authority has provided the data subject with the right to the following information:
- the processing purposes
- the categories of personal data being processed
- the recipients or categories of recipients to whom the personal data have been disclosed or are still being disclosed, in particular to recipients in third countries or to international organizations
- if possible, the planned duration for which the personal data will be stored or, if that is not possible, the criteria for determining that duration
- the existence of a right to rectification or erasure of the personal data concerning them, or to the limitation of the processing by the controller or a right to object to such processing
- the existence of a right of appeal to a supervisory authority
- if the personal data is not collected from the data subject: all available information about the origin of the data
- the existence of automated decision-making including profiling in accordance with Article 22 (1) and (4) of the GDPR and – at least in these cases – meaningful information about the logic involved and the scope and intended impact of such processing on the data subject
Furthermore, the data subject has a right of information as to whether personal data has been transmitted to a third country or to an international organization. If this is the case, then the data subject has the right to obtain information about the appropriate guarantees in connection with the transfer .
If a data subject wishes to make use of this right to information, he may, at any time, contact an employee of the controller.
c) Right to rectification
Any person affected by the processing of personal data has the right granted by the European directives and regulatory authority to demand the immediate correction of inaccurate personal data concerning him or her. Furthermore, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration, taking into account the purposes of the processing.
If an affected person wishes to exercise this right of rectification, they may, at any time, contact an employee of the controller.
d) Right to erasure (right to be forgotten)
Any person affected by the processing of personal data has the right granted by the European directives and regulatory authority to require the controller to immediately delete the personal data concerning him or her, provided that one of the following reasons is satisfied and the processing is not required:
- The personal data has been collected for such purposes or otherwise processed for which they are no longer necessary.
- The person concerned revokes the consent on which the processing was based on Article 6 (1) (a) of the GDPR or Article 9 (2) (a) of the GDPR and lacks any other legal basis for the processing.
- According to Art. 21 (1) of the GDPR, the data subject objects to the processing and there are no legitimate reasons for the processing or the data subject objects to the proceedings pursuant to Art. 21 (2) GDPR Processing.
- The personal data was processed unlawfully
- The deletion of personal data is necessary to comply with a legal obligation under EU or national law, to which the controller is subject.
- The personal data was collected in relation to information society services offered in accordance with Art. 8 paragraph 1 or the GDPR.
If one of the above-mentioned reasons is correct and an affected person wishes to arrange for the deletion of personal data stored by Kirchdorfer Fertigteilholding GmbH, they may at any time contact an employee of the controller. The employee of Kirchdorfer Fertigteilholding GmbH will arrange that the erasure request be fulfilled immediately.
If the personal data has been made public by Kirchdorfer Fertigteilholding GmbH and if our company is responsible for deleting personal data as the controller pursuant to Art. 17 paragraph 1 of the GDPR, Kirchdorfer Fertigteilholding GmbH takes appropriate measures taking into account the available technology and the implementation costs also of a technical nature, to inform other data controllers processing the personal data published that the data subject of these other data controllers has deleted all links to such personal data or copies or replications thereof personal data, unless the processing is required. The employee of Kirchdorfer Fertigteilholding GmbH will arrange the necessary in each individual case.
e) Right to restriction of processing
Any person affected by the processing of personal data has the right granted by the European directive and regulatory authority to require the controller to restrict the processing if one of the following conditions applies:
- The accuracy of the personal data is contested by the data subject for a period of time that enables the person responsible to verify the accuracy of the personal data.
- The processing is unlawful, the data subject refuses to delete the personal data and instead requests the restriction of the use of personal data.
- The controller no longer needs the personal data for processing purposes, but the data subject requires them to assert, exercise or defend legal claims.
- The person concerned has objection to the processing according to Article 21 paragraph 1 of the GDPR and it is not yet clear whether the legitimate reasons of the controller outweigh those of the data subject.
If one of the conditions mentioned above is met and a data subject wishes to request the restriction of personal data stored by Kirchdorfer Fertigteilholding GmbH, he or her may at any time contact an employee of the controller. The employee of Kirchdorfer Fertigteilholding GmbH will initiate the restriction of the processing.
f) Data transferability
Any person affected by the processing of personal data has the right granted by the European regulatory Authority to receive the personal data concerning him or her, provided to a controller by the data subject in a structured, common and machine-readable format. He or her also has the right to transfer this data to another person responsible without hindrance by the controller to whom the personal data were provided, provided that the processing is based on the consent pursuant to Article 6 (1) (a) or Article 9 paragraph 2 (a) of the GDPR or on a contract pursuant to Article 6 (1) (b) of the GDPR and processing by automated means, unless the processing is necessary for the performance of a task of public interest or in the exercise of official authority, which has been assigned to the controller.
Furthermore, in exercising their right to data portability under Article 20 (1) of the GDPR, the data subject has the right to obtain that the personal data is transmitted directly from one controller to another, where technically feasible and if in doing so this does not affect the rights and freedoms of others.
To assert the right of data transferability, the data subject may at any time contact an employee of Kirchdorfer Fertigteilholding GmbH.
g) Right to object
Any person concerned by the processing of personal data shall have the right conferred by the European directive and regulatory authority at any time, for reasons arising from its particular situation, against the processing of personal data relating to it pursuant to Article 6 (1) (e) or (f) of the GDPR, to raise an objection. This also applies to profiling based on these provisions.
Kirchdorfer Fertigteilholding GmbH will no longer process the personal data in the event of an objection, unless we can prove compelling reasons for processing that are worthy of protection that outweigh the interests, rights and freedoms of the data subject, or the processing serves the purpose of asserting, exercising or defending legal claims.
If Kirchdorfer Fertigteilholding GmbH processes personal data in order to operate direct mail advertisement, the data subject has the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to the profiling, as far as it is associated with such direct mailings. If the data subject objects to the processing of Kirchdorfer Fertigteilholding GmbH for direct marketing purposes, Kirchdorfer Fertigteilholding GmbH will no longer process the personal data for these purposes.
In addition, the data subject has the right, for reasons arising from his or her particular situation, to object to the processing of personal data relating to him or her by Kirchdorfer Fertigteilholding GmbH for scientific or historical research purposes or for statistical purposes pursuant to Article 89 paragraph 1 of the GDPR, unless such processing is necessary for the fulfilment of a public interest task.
In order to exercise the right to object, the data subject may directly contact any employee of Kirchdorfer Fertigteilholding GmbH or another employee. The data subject is also free, in the context of the use of information society services, notwithstanding Directive 2002/58 / EC, to exercise his right of opposition by means of automated procedures using technical specifications.
h) Automated decisions in individual cases including profiling
Any person concerned by the processing of personal data has the right, as granted by the European directive and regulatory authority, not to be subject to a decision based solely on automated processing, including profiling, which has a legal effect on it or, in a similar manner, significantly affects it; unless the decision (1) is necessary for the conclusion or performance of a contract between the data subject and the controller, or (2) permitted by EU or Member State legislation to which the controller is subject, and that legislation provides for appropriate measures to safeguard the rights and freedoms and the legitimate interests of the data subject; or (3) with the express consent of the data subject.
If the decision (1) is required for the conclusion or the performance of a contract between the person concerned and the person responsible or (2) it takes place with the express consent of the person concerned, Kirchdorfer Fertigteilholding GmbH shall take appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject, including at least the right to obtain the intervention of a person by the controller, to express his / her own position and to contest the decision.
If the data subject wishes to rely on automated decision-making rights, they may, at any time, contact an employee of the controller.
i) Right to revoke a data protection consent
Any person affected by the processing of personal data has the right, granted by the European directive and regulatory authority, to revoke consent to the processing of personal data at any time.
If the data subject wishes to assert their right to withdraw consent, they may, at any time, contact an employee of the controller.
j) Right to complain
If you believe that the processing of your data violates the data protection law or your data protection claims have otherwise been violated in any way, you have the opportunity to file a complaint with the Data Protection Authority.
7. LEGAL BASIS OF PROCESSING
Art. 6 I lit. A of the GDPR serves as the legal basis for our company in processing operations in which we obtain consent for a particular processing purpose. If the processing of personal data is necessary to honour a contract to which the data subject is a party, as is the case, for example, in processing operations necessary for the supply of goods or the provision of any other service or consideration, processing is based on Article 6 I lit. b of the GDPR. The same applies to processing operations that are necessary to carry out pre-contractual measures, for example in the case of inquiries about our products or services. If our company is subject to a legal obligation which requires the processing of personal data, such as the fulfilment of tax obligations, the processing is based on Art. 6 I lit. c of the GDPR. In rare cases, the processing of personal data may be required to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our premises were injured and his or her name, age, health insurance or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 I lit. d of the GDPR. Ultimately, processing operations could be based on Art. 6 I lit. f of the GDPR. This covers processing operations that are not covered by any of the above legal bases if processing is necessary to safeguard the legitimate interests of our company or a third party, unless the interests, fundamental rights and fundamental freedoms of the person concerned prevail. Such processing operations are particularly permitted because they have been specifically mentioned by the European legislator. In that regard, it considered that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47, second sentence, GDPR).
8. CONTACT POSSIBILITY VIA THE WEBSITE
The website of Kirchdorfer Fertigteilholding GmbH contains a fast electronic contact to our company as well as a direct communication with us, which also includes an e-mail address. If an affected person contacts the data controller by e-mail or through a contact form, the personal data provided by the data subject will be automatically saved. Such personal information provided on a voluntary basis by a data subject to the controller is stored for the purposes of processing or contacting the data subject. There is no disclosure of this personal data to third parties.
9. LEGITIMATE INTERESTS IN PROCESSING PURSUED BY THE CONTROLLER OR A THIRD PARTY
Is the processing of personal data based on Article 6 I lit. f of the GDPR, our legitimate interest lies in conducting our business for the benefit of all of our employees and our shareholders.
10. DURATION FOR WHICH PERSONAL DATA IS STORED
The criterion for the duration of the storage of personal data is the respective statutory retention period. After the deadline, the corresponding data will be routinely deleted, if it is no longer required to fulfil or to initiate a contract.
11. LEGAL OR CONTRACTUAL PROVISIONS FOR THE PROVISION OF PERSONAL DATA; REQUIREMENT FOR CONCLUSION OF CONTRACT; OBLIGATION OF THE PERSON CONCERNED TO PROVIDE THE PERSONAL DATA; POSSIBLE CONSEQUENCES OF FAILURE TO PROVIDE
We clarify that the provision of personal information is in part required by law (such as tax regulations) or may result from contractual arrangements (such as details of the contractor). Sometimes it may be necessary for a contract to be concluded that an affected person provides us with personal data that must subsequently be processed by us. For example, the data subject is required to provide us with personal information when our company concludes a contract with him or her. Failure to provide the personal data would mean that the contract with the person concerned could not be closed. Prior to any personal data being provided by the person concerned, the person concerned must contact one of our employees. Our employee will inform the individual on a case-by-case basis whether the provision of the personal data is required by law or contract or required for the conclusion of the contract, whether there is an obligation to provide the personal data, and what would have resulted from the failure to provide the personal data.
12. EXISTENCE OF AN AUTOMATED DECISION-MAKING
As a responsible company, we refrain from automatic decision-making or profiling.