Data Protection Declaration
We take the protection of your personal data very seriously. Therefore, we will process your personal data confidentially and according to the statutory data protection regulations as well as this Data Protection Declaration.
PROCESSIONG OF PERSONAL DATA ON OUR WEBSITE
Personal data includes all information relating to identified or identifiable natural persons. This includes, for example, your name, address, telephone number or date of birth, as well as your IP address or geolocation data that can be traced back to you.
In general, the website can be used without providing any personal data. However, if you want to use certain services provided by our company, processing of your personal data could become necessary. This will be indicated separately below.
With the exception of cookies and applications, described hereinafter in detail, we only collect personal data which you yourself provide to us, which you enter into our input masks or by otherwise interacting actively with our website.
TLS ENCRYPTION
For security reasons and to protect the transmission of confidential information you send to us as the website operator, our website uses TLS encryption. This ensures that data you transmit via this website cannot be intercepted by third parties. You can identify an encrypted connection by the “https://” address bar on your browser and the lock symbol in the browser bar.
CONTACT
If you contact us by email or using the contact form, the (minimum) information you provide is processed to work on your request, handle any subsequent questions and fulfill rights and duties leading up to a contract. There is no legal or contractual obligation to provide personal data. If you do not provide them, however, you cannot send and we cannot handle your request.
WEB HOSTING
The technical operations of this website are carried out by a web hosting company that provides the infrastructure and storage for this website and the email accounts on its servers in Austria. On our behalf, the company takes over the maintenance, technical support and operation of the site and thus processes the personal data we receive from you when you use this website.
For this reason, we have concluded a contract for outsourced data processing with the company in accordance with Art. 28 of the General Data Protection Regulation (GDPR). Aside from this, it is our legitimate interest in accordance with Art. 6 (1)(f) of the European Union General Data Protection Regulation (GDPR) to ensure that the website functions properly and is operated safely and securely.
SERVER LOG FILE
For the purpose of monitoring the technical function and enhancing the reliability and security of the web server, this website stores data in log files, which your browser transmits to us automatically. This processing takes place based on our overriding legitimate interest (Art. 6 (1)(f) of the GDPR) in the technically correct display and optimization of this website.
The Server Log File contains the following data:
- Accessed content
- Time of the server request
- Browser type/browser version
- Used operating system
- Referrer URL
- IP address
These data are only stored temporarily, for a maximum of 24 hours, as personalized data. Afterwards, the IP addresses are anonymized.
STORAGE PERIOD
As a rule, we store data you provide to us exclusively for customer care and/or marketing and information purposes for a period of three years after our last contact. If requested by you, however, we will delete your data even before the expiration of this period unless the law prevents us from doing so.
If a contract is negotiated and/or concluded, we process your personal data, even after complete performance of the contract, until the end of the warranty period, statutory limitation and retention periods applicable to us, or beyond such period until the end of any legal disputes in which the data are required as evidence.
COOKIES
This website uses cookies. They help to make our website more user-friendly and more efficient.
Cookies are small text files stored on your terminal device using the browser. They are harmless. One purpose of these data packets is to control the display and operation of the website, while another is to gain useful information about how this website is used. A few cookies are stored only temporarily and deleted when you close the browser. Other cookies (known as “persistent cookies”) are stored for a longer period or persistently, and/or until an expiration date or until they are deleted manually from your browser cache.
When you visit our website, only those cookies are set that are absolutely necessary for operation of the website. Otherwise, we process data by setting cookies only after you give your consent.
Depending on the intended purpose and function, cookies are classified into the following categories:
- Technically necessary cookies, which ensure the technical operation and basic functions of this website.
- Statistics cookies to understand how visitors interact with this website. This information is collected and analyzed in anonymized form. This information gives us important insights for optimizing both the website and our products and services.
The use of technically necessary cookies is based on a legitimate interest in the correct technical operation and smooth function of our website in accordance with Art. 6 (1) (f) GDPR. The use of statistics cookies requires your consent in accordance with Art. 6 (1) (a) GDPR. The settings in this regard can be configured in this website’s Privacy & Cookies Policy and can be changed or revoked at any time:
WE ARE USING THE FOLLOWING COOKIES ON OUR WEBSITE:
TECHNICALLY NECESSARY COOKIES
Cookies that are necessary for the site’s function help to make the website usable by enabling the basic functions of the website. The website cannot work properly without these cookies.
cookieMessageAccepted
- Storage period: 6 Monate
- Purpose: Stores the user’s consent status for cookies on the website.
- Provided by: Reichl und Partner
cookie_consent
- Storage period: 6 months
- Purpose: Stores an indication that the user has seen the cookie box.
- Provided by: Reichl und Partner
eZSESSID
- Storage period: session
- Purpose: Maintains the user’s session status across all pages retrieved.
- Provided by: Reichl und Partner
p4t_main_application
- Storage period: session
- Purpose: Maintains the user’s session status across all pages retrieved.
- Provided by: Reichl und Partner
STATISTICS COOKIES
Statistics cookies can help website operators understand how users interact with the site. For this purpose, information is collected in anonymized form.
_ga
- Storage period: 2 years
- Purpose: Registers a unique ID, which is used to generate statistical data about how the user uses the website.
- Provided by: Google Tag Manager, Google
_gat
- Storage period: 1 minute
- Purpose: Used by Google Analytics to limit the request rate.
- Provided by: Google Tag Manager, Google
_gid
- Storage period: 1 day
- Purpose: Registers a unique ID, which is used to generate statistical data about how the user uses the website.
- Provided by: Google Tag Manager, Google
_dc_gtm_UA-#
- Storage period: session
- Purpose: Used by Google Tag Manager to control the loading of a Google Analytics tag.
- Provided by: Google Tag Manager, Google
collect
- Storage period: No storage period, network request
- Purpose: Used to transmit data for Google Analytics about the device and the user’s behaviour. Records the visitor across devices and marketing channels.
- Provided by: Google
_gcl_au
- Storage period: 2 years
- Purpose: Used to differentiate between user and user behaviour.
- Provided by: Google, Google Analytics
EXTERNAL COOKIES
Google Maps
- Storage period: 6 months
- Purpose: Used to unlock Google Maps content.
- Provided by: Google
The user can determine in the settings of the web browser how the web browser deals with cookies, which cookies are allowed or rejected.
Where these settings can be found depends on the individual web browser. For detailed information on the settings, please refer to the help feature of the respective web browser.
It is not ensured that you will have unrestricted access to this website if you configure corresponding settings that reject cookies.
TOOLS & PLUG-INS USED
GOOGLE ANALYTICS
We are using Google Analytics on this website. It is a web analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This service uses cookies, the function of which has been described in detail above. The information about your use of this website created by these cookies is usually transferred to a server of Google and stored there.
This website uses the “IP anonymization” function.This means that your IP address is anonymized by Google within the member states of the European Union or in other contracting parties to the Agreement on the European Economic Area. Only in exceptional cases, the full IP address is transferred to a server of Google in the US and shortened there.
Google will use this information on our behalf to evaluate your use of our website, to compile reports about the website activities for the website operators and to perform other services in connection with website and internet use for the website operator. To this end, we concluded a data processing contract with Google. The IP address transmitted by your browser as part of Google Analytics is not merged with other data collected by Google.
If you want more information about the type, scope and purpose of the data collected by Google, we recommend that you read its https://support.google.com/analytics/answer/6004245?hl=en.
Google also processes your data in the USA and has submitted to the SCC’s of the European Union.
GOOGLE MAPS
We also use Google Maps content on our website. This enables us to display interactive maps directly on our website and enables you to make convenient use of the map function to find our location and get there more easily.
When you visit our website, Google receives the information that you have retrieved the corresponding subsite of our website and the personal data (log files) automatically transmitted by your browser. This takes place regardless of whether you are logged in using a Google account. If you are logged in to Google, your data are allocated directly to your account. To prevent this linking, you have to log out of Google before using this service. Google uses your data for the purposes of advertising, market research and customizing your browsing experience. You are entitled to revoke the use of your data for these purposes at any time by notifying Google directly.
Additional information on the purpose and extent of the collection of data is available from Google’s data protection declaration.
Google also processes your data in the USA and has submitted to the SCC’s of the European Union.
LINKS
We also place links to other websites on our website. This is done for information purposes only. We have no control over these websites and thus they do not fall under the provisions of this data protection declaration. However, if you activate a link, it is possible that the operator of this website will collect data about you and process these data in accordance with its data protection declaration, which may differ from ours. Please be sure also to always obtain information about current data protection regulations on the websites we link to.
PLUG-INS
Our website also provides the option to interact with various social networks using plug-ins. These social networks are:
- Facebook, by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
- Twitter, by Twitter Inc., 795 Folsom Street, Suite 600, San Francisco, CA 94107, USA
- Google+, by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
- Linked In, by LinkedIn Inc., 2029 Stierlin Court, Mountain View, CA 94043, USA
- Youtube, by Youtube LLC, 901 Cherry Avenue, San Bruno, CA 94066 USA
- XING, by XING SE, Dammtorstraße 30, 20354 Hamburg, Germany
If you click a plug-in of one of these social networks, this is activated and, as described above, a connection is made to the respective server of this network. We have no influence on the scope and content of the data transmitted by the plug-in to the respective operator of this social network when you click on it.
If you want to obtain information about the type, scope and purpose of the data collected by operators of these social networks, we recommend that you read the data protection provisions of the respective social network.
PROCESSING OF DATA OF OUR CUSTOMERS, SUPPLIERS AND PROSPECTS FOR MARKETING PURPOSES
We use the personal data of our customers and suppliers (e.g. contact persons), their contact information and marketing-relevant information for marketing and customer care purposes in addition to use for the purposes of concluding the contract as part of statutory retention obligations (e.g. accounting).
In addition, we collect personal data on prospects (e.g. contact persons, their contact information and marketing-related information) as part of our customer acquisition and sales activities. We are always looking for potential contractual partners (on the Internet, at trade shows and at other events) and use a Customer Relationship Management (CRM) system for this purpose. This enables us to market our products and services in a targeted fashion.
We carry out all the measures listed here in the legitimate interest of marketing purposes in accordance with Art. 6 (1) (f) EU GDPR in conjunction with recital 47 for the period of three years from the end of a contractual relationship (customers & suppliers) or our first (unsuccessful) contact (prospects) unless we have been given express consent to store the data for a longer period by the data subject.
If we collect personal data for marketing purposes from a source other than the data subject themselves, we will tell the data subject upon initiation of first contact where we have collected these data. Within the HEMC Group, the various companies process personal data domestically and internationally, sometimes jointly, sometimes as part of outsourced data processing relationships, as part of customer support and marketing (and for other purposes). We maintain a joint CRM system with these companies, each of which is also a controller as defined by the EU GDPR.
For a complete list of the companies associated with us, refer to here. Insofar as we, as part of an ongoing business relationship or in response to an explicit request for quote from a prospect, are to provide products and services offered by other companies associated with us, we pass on the prospect’s personal data to the associated companies offering the products and services that are of interest for the specific data subject, in the legitimate interest of marketing purposes.
We and each of our associated companies store data for marketing purposes and for customer care for a duration similar to that described in the “Storage period” chapter.
GENERAL INFORMATION ON DATA PROTECTION
CONTROLLER WITHIN THE MEANING OF THE GDPR
HEMC GmbH
Lainzer Strasse 35
1130 Vienna / Wien Austria
[email protected]
Wien +43 664 4613797
DATA TRANSMISSION
As a basic principle, no transmission of your data to third parties takes place unless we are legally obligated to do so, forwarding the data is necessary to fulfill a contractual relationship existing between us, or you have previously given express consent to the forwarding of your data. External outsourced data processing firms or other cooperation partners receive your data only insofar as this is necessary to fulfill a contract or we have a legitimate interest in doing so, about which we will always notify you specifically when the occasion arises. If the firm we retain for outsourced data processing comes into contact with your personal data, we ensure that this firm complies with data protection laws in the same manner as we do.
We do not sell your personal data to third parties outside the company or otherwise market them. Insofar as our contractual partners or outsourced data processing firms are based in a third country, i.e. a state outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the product or service.
SECURITY
We employ numerous technical and organizational security measures to protect your data from tampering, loss, destruction and access by third parties. Our security measures undergo continuous improvement corresponding to technological developments in the Internet. If you would like more information about the type and scope of the technical and organizational measures, we would be glad to receive written enquiries regarding this at any time.
YOUR RIGHTS
In accordance with the General Data Protection Regulation and the German Data Protection Act, you, as the data subject of our data processing, are entitled to the following rights and legal remedies. Please direct enquiries in this regard to [email protected]:
- Right of access (Art. 15 EU GDPR): You, as the data subject of the data processing described above and other data processing, have the right to demand disclosure of whether your personal data have been processed and, if so, which of these data. For your own protection – and to ensure that your data is not disclosed to unauthorized parties – we will verify your identity using suitable means before disclosure.
- Right to rectification (Art. 16) and erasure (Art. 17 EU GDPR): You have the right to immediately demand rectification of incorrect personal data and/or – taking into account the purposes of the data processing – the completion of incomplete personal data as well as the erasure of your data insofar as the criteria of Art. 17 EU GDPR are fulfilled.
- Right to restriction of processing (Art. 18 EU GDPR): Under the statutory prerequisites, you have the right to restrict processing of all personal data collected. Effective from the time you request such restriction, these data will not be processed without your individual consent and/or will be processed only to assert and enforce legal claims.
- Right to data portability (Art. 20 EU GDPR): You can demand the unhindered and unlimited transmission of personal data you have provided to us to you or a third party.
- Right to object (Art. 21 EU GDPR): For reasons arising from your specific situation, you are entitled to object at any time to the processing of personal data concerning you that is necessary to uphold our legitimate interests or those of a third party. After your objection, your data will no longer be processed unless mandatory legitimate reasons for processing exist that override your interests, rights and freedoms, or the processing must be used for the establishment, exercise or defence of legal claims. You can object to data processing for the purpose of direct advertising at any time with effect for the future.
- Revocation of consent: If you have granted separate consent to the processing of your data, you can revoke this at any time. Such a revocation affects the permission to process your personal data that you have granted us previously.
If you make use of a measure to assert your aforementioned rights arising from the GDPR, HEMC shall immediately, but no more than one month after receipt of your request, make a statement regarding the measure requested and/or fulfill the request.
We will respond to all appropriate requests within the period set forth in the law, at no charge and as quickly as possible.
The data protection office is responsible for requests regarding infringement of the right to disclosure or infringement of the rights to confidentiality, correction or deletion. Their contact information is as follows:
Österreichische Datenschutzbehörde (Austrian Data Protection Authority)
Barichgasse 40-42
1030 Wien
Austria
[email protected]