Data protection
Privacy policy
1. Introduction
Information is a valuable resource and the basis for carrying out our global business activities that enable us to achieve our business goals. Information technologies offer various possibilities for the availability and use of information via a wide variety of communication systems and channels. These possibilities require HTI AG and its subsidiaries to process information, including personal data, in accordance with the law in order to minimize risks for the companies of the HTI AG Group and the persons concerned.
2. Purpose
The Group Privacy Policy of HTI AG sets out standards with regard to data protection and data security for the processing of personal data by HTI AG and its subsidiaries in order to ensure adequate protection of the fundamental rights and freedoms of the data subjects. With this Group Data Protection Policy, HTI AG fulfills its corporate responsibility to process the personal data of its employees, customers, suppliers, business partners and other data subjects with the necessary care at and to ensure a sufficient level of data protection in the context of all relevant business activities and business processes. Compliance with this Group Privacy Policy is an essential prerequisite for the creation of a standard for the lawful exchange of personal data between HTI AG and its subsidiaries. Compliance with this policy contributes to an adequate level of data protection in the cross-border exchange of personal data, in accordance with the relevant species protection laws.
3rd area of application
This guideline applies to all subsidiaries and locations under the responsibility of the HTI AG Group. As a European company with worldwide business activities and subsidiaries, HTI AG is subject to EU laws, the laws of the United States and the relevant regulations of other countries when processing data about our employees, customers, suppliers and others.
Relevant national and international legal obligations take precedence over this policy. If the personal data of persons residing outside the EU are processed by a subsidiary or by a location of a subsidiary of HTI AG, the relevant applicable national or international law of the place where the data subject resides takes precedence over this policy. This may include, among other things, prior consultation with the competent supervisory authorities if the processing of the data would result in a high risk to the fundamental rights and freedoms of the data subjects. In the event that there are no relevant legal provisions or these are less strict, this Group Privacy Policy shall take precedence as a common binding data protection standard of the HTI AG Group. This policy is not to be interpreted in the sense that individuals are granted more rights than those provided for under applicable law or other legally binding
agreements.
4. Definitions
“Applicable law” means the laws of the territory of including any regulations, regulatory requirements or directives to which the controller of the data processing is subject.
“Anonymization” is a change to data so that it can no longer be assigned to a person and can only be restored with a disproportionate amount of time, cost and effort.
“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. Consent must be documented in an appropriate manner in order to serve as evidence.
“Controller” means any natural or legal person within the HTI AG Group, who determines the purposes and means of the processing of personal data based on the business activities of HTI AG and its subsidiaries.
“Data protection impact assessment (DPIA)” is a process that is documented by or on behalf of the controller and, if required and prescribed by applicable law, carried out with the involvement of the GDPC. A DPIA is carried out prior to the actual data processing in those cases where it is likely that the processing will result in a high risk to the rights and freedoms
of natural persons, as the processing of personal data involves the use of new technologies, taking into account the nature, scope, context and purposes of the processing. As part of a DPIA, the effects of planned processing procedures for the protection of personal data are assessed.
“Data subjects” are all natural persons or (depending on the applicable law) legal entities whose data is processed.
“Group Data Protection Coordinator (GDPC)” is a person formally appointed by the management to inform and advise HTI AG on the applicable data protection laws and guidelines and to monitor compliance with them at.
“Local Data Protection Coordinators (LDPC)” are appointed individually by the management of the respective subsidiaries in consultation with the GDPC for each Group company
of HTI AG.
“Personal data” means any information relating to an identified or identifiable natural person or (depending on the applicable law) legal entity (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Processing of personal data means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. In the context of this policy, this definition also applies to the terms “processed” and “processing”.
“Pseudonymization” means the processing of personal data in such a manner (e.g. by exchanging names or numbers) that the personal data can no longer be attributed to a specific data subject without the use of additional information (e.g. a reference list of names and numbers), provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
“Special categories of personal data” are data relating to ethnic origin, political opinions, religious or philosophical beliefs or trade union membership and include genetic information, biometric data for the sole purpose of identifying a natural person, data concerning health, sexual behavior or sexual orientation.
“Third party” means any natural or legal person, public authority, agency or other body, which is neither the controller nor the data subject, nor a processor. This means that every company of the HTI AG Group, as well as every external business partner, is considered a third party, unless they process personal data on behalf of a company of the HTI AG Group (e.g. in the provision of services in the area of IT or HR).
“Transfer” means any form of disclosure, transmission or distribution of personal data and any form of transfer to third parties by the controller responsible for processing.
5. Responsibilities in relation to this policy
- 5.1 The GDPC is responsible for creating, revising, monitoring and implementing the Group Privacy Policy.
- 5.2. The management is responsible for approving the group privacy policy.
6. Principles for the processing of personal data
The processing of personal data requires compliance with international and national data protection laws and regulations as well as internal guidelines and specifications.
The principles set out the obligations to be complied with by the controller and all other parties concerned in order to ensure the lawful and fair processing of personal data and provide guidance on the correct processing of personal data.
6.1 Lawfulness, fairness and transparency of processing
Personal data is processed in a lawful manner, in good faith and in a manner that is comprehensible to the data subject.
6.2 Intended use
Personal data is collected within the HTI AG Group exclusively for lawful, clear and specified purposes and is not further processed for purposes that run counter to the intended purpose, unless there is a corresponding lawful basis for the change in the intended purpose.
6.3 Data minimization
The processing of personal data must be appropriate to the purpose and substantial and limited to what is necessary for the purposes of the processing.
6.4 Accuracy
The processing of personal data must be factually correct and, if necessary, up to date. Since the processing of inaccurate personal data involves risks that can lead to different effects for the data subject and/or for the companies of HTI AG, appropriate and reasonable measures must be taken by the controller to ensure that personal data that are inaccurate with regard to the purposes of their processing are erased or rectified without delay.
6.5 Restriction of data storage
Personal data must be stored in a form which permits identification of the data subject for no longer than is necessary for the purposes for which the personal data are processed.
6.6 Security: Confidentiality, integrity, availability
The protection of personal data requires that the controller ensures an appropriate level of security for the protection of personal data; this includes protection against unauthorized or unlawful processing, as well as protection against accidental loss, accidental destruction or damage through appropriate technical and organizational measures.
The choice of appropriate technical and organizational security measures is made taking into account the severity and probability of occurrence of the existing risks to the rights and freedoms of the natural person, taking into account the state of the art, the costs of implementation, the nature, scope, context and purpose of the processing.
These measures may include the following:
- the anonymization, pseudonymization and/or encryption of personal data;
- the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services in the long term;
- the ability to quickly restore the availability of and access to personal data in a timely manner in the event of a physical or technical incident;
- a process for regularly reviewing and evaluating the effectiveness of the technical and organizational measures to ensure the security of data processing. In addition to these requirements, any processing of personal data within or for the purposes of the HTI AG Group is subject to additional restrictions and rules for the technical and organizational measures described in the relevant IT processes.
6.7 Responsibility
The controller is responsible for compliance with the principles set out in Articles 6.1 to 6.5 and for providing evidence of such compliance. For this reason, must be able to demonstrate compliance with the principles for the processing of personal data at any time by means of appropriate documentation.
7. Special measures to protect the confidentiality of business data in the HTI AG Group
Employees of HTI AG and its subsidiaries are prohibited from using business data and personal data contained therein for their own private purposes at or making such data accessible to unauthorized persons or companies at.
For the purposes of this policy, the term “unauthorized” refers to the use of personal data by employees who do not need access to such data in the course of their employment. The description and definition of duties and responsibilities by the controller of personal data ensures that employees only have access to personal data when it is necessary and appropriate for the performance of their tasks.
Only authorized employees who have committed themselves to data confidentiality may process personal data for the intended purpose and within the existing, data protection-relevant IT systems. In accordance with the applicable local legal provisions, this includes a separate agreement on data confidentiality or an obligation of confidentiality in the employment contract, which stipulates that such an obligation exists beyond the end of the employment relationship.
8. the processing of special categories of personal data
Unless it is absolutely necessary to fulfill certain rights and obligations and / or the controller has a legal justification under applicable law, special categories of personal data will only be processed with explicit consent by the data subject.
9. lawfulness of the processing
9.1 General conditions for the processing of personal data
The processing of personal data is only lawful if at least one of the following conditions is met:
- the data subject has given their consent to the processing of their personal data for one or more purposes specified for the processing by the controller(s);
- the data processing is necessary in connection with the conclusion of a contract between the data subject and the controller;
- in the event that the data subject has already concluded a contract with the controller , the processing is lawful insofar as the processing is necessary for the performance of the contract;
- processing is necessary for compliance with a legal obligation to which the controller is subject
- the processing is necessary for the protection of the vital interests of the data subject or of another natural person
- processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data
- any other legitimate reason provided for by applicable law.
9.2 Special provisions for video surveillance systems
The processing of personal data by video surveillance systems is subject to the following restrictions: The use of video surveillance systems in publicly accessible locations and within the work area is only permitted if
- such use is justified by legitimate reasons and by the overriding interest of the controller, i.e. for the safety of employees or visitors, the protection of property, for access control, etc;
- the use is limited to what is necessary to achieve the intended purpose (e.g. with regard to the number of cameras, screen recording, etc.);
- the requirements of the applicable law are met. If required by the applicable law, approval must be obtained from the competent authorities (data protection authority, labor inspectorate, etc.).
If the above requirements are met and a video surveillance system is to be installed, a separate policy must be drawn up for each video surveillance system , which must contain at least the following points: technology used, surveillance area, access rights to the cameras and recordings, deadlines for storage and deletion of personal data, procedures for backing up and transfer of recordings to third parties, in particular to authorities.
10. order data processing
If the controller engages a data processor to carry out the processing of personal data on its behalf, the controller of the processing is responsible for compliance with the applicable law and the regulations for the processing of personal data.
For this reason, the controller only engages such contract data processors who provide sufficient guarantees to implement appropriate technical and organizational measures in such a way that the protection of the rights of the data subject is guaranteed.
The commissioning of the data processor is carried out exclusively on the basis of a written contract, which specifies the subject matter of the contract, the duration, nature and purpose of the processing and the categories of personal data to be processed, the categories of data subjects, the rights and obligations of the data controller and the data processor, as well as the technical and organizational measures (see Article 6.6) to be implemented by the data processor.
In the event that the Data Processor needs to engage another Data Processor , this will only be done with the prior express written consent of the Data Controller. The LDPCs must be contacted as early as possible to ensure the contracting of data and the drafting of a contract between the Data Controller and the Data Processor.
11. transfer of personal data to third parties
A controller shall not transfer personal data to third parties unless appropriate measures have been taken to ensure that such a transfer is carried out on an adequate legal basis and that all
personal data are adequately protected during the transfer. As soon as the controller transfers personal data to a third party in order to process data on behalf of the controller, section 10 applies.
Under certain circumstances, personal data must be disclosed on the basis of applicable law, in particular to public authorities. In the event of a request for such disclosure, the controller will ensure that the GDPC is informed without undue delay and, where permitted by law , will use its best efforts to refuse or restrict such disclosures and, in particular, to ensure that only personal data relevant and necessary for the purposes of the request are transferred.
In the event of a transfer of personal data abroad, the legislation in many countries provides for special requirements. This applies in particular, but not only, to the transfer of personal data from the countries of the European Economic Area (EEA) to countries outside the EEA. The LDPCs must be contacted as early as possible to ensure compliance with the applicable law at.
12. rights of the data subjects
Each data subject shall have inalienable and extensive rights vis-à-vis the controller, depending on the applicable law. These rights may not be excluded or limited by contract or legal transactions.
12.1 Information on personal data
The principle of transparency stipulates that the processing of personal data must be carried out in the greatest possible transparency for the data subject. The controller of the processing shall provide the data subject with transparent information to the extent required by applicable law. For more information, please contact the GDPC/LDPC.
12.2 Right to information of the data subject
Every data subject is entitled to request information regarding their personal data , which is processed by HTI AG and its subsidiaries. This information must contain at least the content required by the applicable law. The data subject can submit a request for information to the responsible department of the respective company of the HTI AG Group. This department is obliged to provide the necessary support.
12.3 Right to rectification
If the processed personal data are inaccurate or incomplete, the data subject may request rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject may also request the completion of incomplete personal data.
12.4 Right to erasure (“right to be forgotten”)
The data subject may request the erasure of personal data concerning him or her from and the controller shall have the obligation to erase personal data concerning him or her from where there is no longer any legal ground for the processing or where such erasure is required by applicable law.
Reasons for deletion may be:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the data subject withdraws consent on which the processing was based and where there are no other grounds for the lawful processing;
- the data subject has objected to processing pursuant to Article 12.7 and there are no overriding legitimate grounds for the processing;
- the personal data has been processed unlawfully;
- the personal data must be deleted by law.
12.5 Right to restriction of processing
The data subject may request the restriction of processing. In this case, the controller is obliged to restrict the processing of the data subject’s personal data in accordance with the relevant laws.
12.6 Right to data portability
Upon request, the controller must be able to provide the data subject with his or her personal data in a structured, commonly used and machine-readable format, which he or she has already provided to the controller. Furthermore, the data subject must be able to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, as far as such a right exists in the applicable law. In exercising his or her right to data portability, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
12.7 Right of objection
Where the processing is based on the legitimate interest of the controller or a third party or for the performance of a public task , the data subject may, depending on the applicable law, object to processing of personal data concerning him or her on grounds relating to his or her particular situation.
12.8 Right to compensation
Depending on the applicable law, any data subject who has suffered damage as a result of the processing of inaccurate, incomplete, outdated, incorrect or unlawfully obtained personal data or the unauthorized processing of personal data may claim compensation.
12.9 Questions, complaints and legal remedies
Inquiries and requests, complaints and legal remedies, including claims for damages regarding data protection will be handled and processed exclusively as described in section 14 and with the cooperation of the GDPC/LDPC.
13. integrated data protection management
13.1 GDPC (Global Data Protection Coordinator)
HTI AG appoints a GDPC and a deputy.
The GDPC is responsible for monitoring compliance with the applicable law for the protection
of natural persons in the HTI AG group-wide processing of
personal data within the framework of this policy. As part of this
responsibility, the GDPC creates and implements the necessary
company documents and processes and monitors compliance with them.
The GDPC shall be appointed on the basis of professional qualifications and, in particular, expertise in the
area of data protection rights and data protection practices, as well as its suitability to perform the
tasks listed below. The GDPC is subject to a duty of confidentiality and secrecy in the performance of its
duties. The GDPC should be easily accessible from any
Group company.
The GDPC has the following tasks:
- Informing and advising those responsible for the processing of personal data
and employees about the obligations arising from the applicable
data protection laws and from this policy; - Monitoring compliance with the principles set out in the Data Protection Act within the framework of
this policy, including the assignment of responsibilities; coordinating
awareness-raising and training of employees involved in the processing
and initiating appropriate audits; - Initiating and supporting data protection impact assessments upon request and as required
- Supporting the LDPCs in their cooperation with supervisory authorities at the request of the LDPC
; - Coordinating and supporting the LDPCs in matters relating to the processing of
personal data within the HTI AG Group, including issuing
opinions, participating in consultations, providing advice and carrying out
other activities related to data protection.
The GDPC is supported by a deputy in the performance of his duties.
13.2 LDPC (Local Data Protection Coordinator)
Each HTI AG Group company that processes personal data
appoints an LDPC.
The LDCP is responsible for monitoring compliance with the applicable law on the protection
of natural persons with regard to the processing of personal data in the respective
Group company within the framework of this policy and in coordination with the GDPC
. As part of this responsibility, the LCPC creates and implements the
required company documents and processes and monitors compliance
with them in the respective Group company.
The LDPCs support the GDPC in fulfilling its tasks. They support it,
by collecting the necessary information and making this information available to the GDPC. In addition, they communicate Group requirements and
Group standards on data protection to the respective Group companies.
In coordination with the GDPC, the tasks of the LDPC include in particular
- informing and advising the persons responsible for the processing of personal data
of the respective Group company and the respective employees about the
obligations arising from the applicable data protection laws and from this
policy; monitoring compliance with the principles set out in the Data Protection Act within the framework of
this policy, including the assignment of responsibilities; coordinating
awareness-raising and training of employees involved in the processing
and initiating appropriate audits; - initiating and supporting data protection impact assessments upon
request and, if necessary, in the respective Group company in coordination
with the GDPC; - Participation in consultations and cooperation with the supervisory authorities in
coordination with the GDPC - providing advice and carrying out other activities related to data protection
at the respective Group company.
If necessary, the respective
company will appoint a deputy to support the LDPC in the fulfillment of its tasks.
The GDPC can describe and/or supplement the tasks of the LDPCs in more detail in a separate guideline if necessary
.
13.3 Cooperation
Data protection management requires joint efforts and close
cooperation between the GDPC, the LDPC and all other parties involved,
to set the standard for an adequate level of data protection and to comply with applicable
international and national data protection laws and regulations when processing
personal data.
The companies of the HTI AG Group and their employees support the GDPC and the
LDPCs in the fulfillment of their legal duties. Questions to the GDPC or the
LDPCs are answered truthfully and without unnecessary delay. The GDPC and the
LDPCs are informed by the departments and/or the management in the following cases
:
- Development and introduction of new systems/processes that are important for data protection
- significant changes to existing systems/processes that are important for
data protection; - Obtaining new external service providers who have potential access to personal
data; - significant changes to contracts with external service providers who have potential
access to personal data; - any request from a customer, employee, works council, cooperation partner or other
data subject that is relevant to data protection; - Consulting requests from the operational business or projects on data protection standards.
If there are indications of a breach of data protection laws or this policy,
the GDPC, the management and the LDPC of the HTI AG Group company concerned will be informed. The GDPC classifies the incident and coordinates the
approach. The GDPC ensures that the supervisory authorities and the affected
persons are notified if this is required by law.
14 Enquiries, complaints and legal remedies
Data subjects may contact the LDPC and/or the GDPC at any time with questions and
complaints regarding the processing of their personal data. In
any case, the LDPCs will inform the GDPC about requests from data subjects
. All inquiries and complaints received will be treated in the strictest confidence
.
Questions and/or complaints from a data subject regarding an alleged breach of
this policy or of applicable data protection law by a group company of the
HTI AG Group located in a country other than the country of residence of the
data subject may be addressed to the LDPC of the country of residence, the LDPC of the company allegedly breaching
or the GDPC, at the discretion of the
data subject.
Data protection information for this website
Person responsible
SKADII GmbH is responsible for the processing of your personal data on our website. You can find our details in the legal notice. We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy. Your data will not be passed on to other recipients without your express consent.
Collection, processing and use of personal data Access data/ server log files
We automatically collect and store information that your browser transmits to us. These are
- Browser type/version,
- the operating system used,
- Referrer URL (the previously visited page),
- the host name of the accessing computer (IP address),
- the time of the server request,
- the amount of data transferred and
- the message whether the retrieval was successful.
The IP addresses of users are deleted or anonymized after the end of use. In the case of anonymization, the IP addresses are changed in such a way that the individual details about personal or factual circumstances can no longer be assigned to a specific or identifiable natural person, or only with a disproportionate amount of time, cost and manpower. The data in the so-called log files are evaluated by us in anonymized form in order to further improve the website and make it more user-friendly as well as to find and correct errors more quickly. They are also used to control server capacities in order to be able to provide appropriate data volumes if necessary.
Contact request
If you contact us using the form on the website or by e-mail, the data you provide will be processed by us and other companies of the HTI AG Group for the purpose of processing your request, without prejudice to your right of revocation.
Newsletter
You have the option of subscribing to an e-mail newsletter via our website. To do this, we need your e-mail address and your declaration that you agree to receive the newsletter.
In order to provide you with targeted information, we also collect and process voluntary information about your personal salutation, your preferred language and your areas of interest.
As soon as you have registered for the newsletter, we will send you a confirmation e-mail with a link to confirm your registration.
You have the right to revoke your consent at any time by written notification or (in the case of the e-mail newsletter also) by clicking on the unsubscribe link, without affecting the legality of the processing carried out on the basis of the consent until revocation.
Data storage/webshop
We store the following data for the purpose of processing the contract: full name, address, telephone number, e-mail address, tax number and bank details. The data provided by you is required to fulfill the contract or to carry out pre-contractual measures. We cannot conclude the contract with you without this data. Data will not be transferred to third parties, with the exception of the transfer of credit card data to the processing bank/payment service provider for the purpose of debiting the purchase price, to the transport company/shipping company commissioned by us to deliver the goods and to our tax advisor to fulfill our tax obligations.
After canceling the purchase process, the data stored by us will be deleted. If a contract is concluded, all data from the contractual relationship will be stored until the expiry of the retention period under tax law (10 years).
The data name, address, purchased goods and date of purchase will also be stored until the expiry of product liability (10 years). Data processing is carried out on the basis of the legal provisions of Art. 6 para. 1 lit a (consent) and/or lit b (necessary for contract fulfillment) of the GDPR.
Disclosure of data to third parties
The data collected by us will only be passed on to third parties if this is necessary for the purpose of contract processing or invoicing or if you have given your prior consent. The data passed on in this way may only be used by our service providers to fulfill their task. These have been carefully selected by us and commissioned in writing. They are bound by our instructions and are regularly monitored by us. Any other use of the information is not permitted and does not take place with any of the service providers entrusted by us.
Vacancies and online applications
We offer vacancies on our website with the option of sending us an application online (by e-mail or via the online application form). If you apply, your data will only be collected and processed by us as part of the application process.
Cookies
Our website uses so-called cookies. These are small text files that are stored on your end device with the help of the browser. They do not cause any damage. We use cookies to make our website more user-friendly. Some cookies remain stored on your device until you delete them. They enable us to recognize your browser on your next visit.
If you do not want this, you can set up your browser so that it informs you about the setting of cookies and you only allow this in individual cases. If you deactivate cookies, the functionality of our website may be restricted. Further information on the cookies used on this website can be found here.
Web analysis with Google Analytics
This website uses Google Analytics, a web analysis service of Google Inc (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, your IP address will first be truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link(http://tools.google.com/dlpage/gaoptout?hl=de).
You can find more information on terms of use and data protection at www.google.com/analytics/terms/de.html or at www.google.de/intl/de/policies/. Please note that on this website Google Analytics has been extended by the code “anonymizeIp” in order to ensure an anonymized collection of IP addresses (so-called IP masking).
Google Tag Manager
To manage our website and to integrate cookie-based technologies, we use the Tag Manager service offered by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). For this purpose, your IP address is transmitted to a Google server, which may also be located in the USA, each time you access one of our web pages. The IP address is not stored by Google as part of the Tag Manager service and is only used to integrate the technologies managed via the Tag Manager. The Tag Manager itself does not set any cookies.
Google Adwords
As an AdWords customer, we also use Google Conversion Tracking, an analysis service of Google Inc (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). Google Adwords places a cookie on your computer (“conversion cookie”) if you have reached our website via a Google ad. These cookies lose their validity after 30 days and are not used for personal identification. If you visit certain pages of our website and the cookie has not yet expired, we and Google can recognize that someone clicked on the ad and was redirected to our site. Each AdWords customer receives a different cookie. Cookies can therefore not be tracked via the websites of AdWords customers. The information collected using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers are told the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. If you do not wish to participate in the tracking process, you can also refuse the setting of a cookie required for this – for example, by using a browser setting that generally deactivates the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser to block cookies from the domain “googleadservices.com”.
Google Remarketing
Our pages use retargeting technologies from Google. The provider is Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.
This makes it possible to target visitors to our websites with personalized, interest-based advertising. The advertising is displayed using a cookie-based analysis of previous usage and surfing behavior. To the best of our knowledge, no personal data is stored in the process. A cookie is stored for this purpose in order to collect anonymized data about the interests of the user and thus adapt advertising individually to this information. These cookies are small text files that are stored on your computer or mobile device.
You can permanently object to the use of cookies for retargeting by deactivating interest-based advertising by Google here: www.google.com/settings/ads/onweb/
Further information and the data protection provisions can be found in Google’s privacy policy at www.google.com/policies/technologies/ads/
Facebook Custom Audiences
We use the remarketing function “Custom Audiences” of Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). When you visit our website, a connection is established between your browser and the Facebook server. Facebook receives the information that our website has been visited from your IP address. If you are a Facebook member, Facebook can link this information to your Facebook profile – provided you have not objected to this in the data protection settings of your Facebook profile – and use it for the targeted display of Facebook ads.
Detailed information on the collection and use of your data by Facebook and your rights and options in this regard can be found in Facebook’s privacy policy at the URL https://www.facebook.com/about/privacy/.
Leadfeeder
At the same time as using Google Analytics, we use the Leadfeeder service, which is operated by Liidio Oy, Mikonkatu 17, 0100 Helsinki, Finland. Leadfeeder accesses the list of IP addresses of website visitors provided by Google Analytics in the analysis and links the list of IP addresses with information about the companies that can be found on the Internet under these IP addresses. As the IP addresses of website visitors are already truncated when Google Analytics is used, no direct personal reference is established. A personal reference may be presumed when reviewing the linked company information.
Detailed information on the collection and use of your data by Leadfeeder can be found in the data protection information at www.leadfeeder.com/privacy/
Crazy Egg
Our website uses a service provided by Crazy Egg, 16220 East Ridgeview Lane, La Mirada, CA 90638, United States, www.crazyegg.com to analyze usage. This service uses cookies to analyze how you use the website (for example, which content is clicked on). For this purpose, a usage profile is displayed visually with so-called “heat maps”. No personal data is collected, processed or used when you use Crazy Egg. Only usage profiles are created when pseudonyms are used. The data collected under a pseudonym is not merged with your real data.
You can object to the collection, processing and recording of data generated by the Crazy Egg service at any time by following the instructions at www.crazyegg.com/opt-out.
Java scripts
Youtube
Java script code from the company YouTube, LLC 901 Cherry Ave, 94066 San Bruno, CA, USA (hereinafter referred to as YouTube) is loaded on our website. We use the provider YouTube to embed videos on our website. If you have activated JavaScript in your browser and have not installed a JavaScript blocker, your browser may transmit personal data to YouTube. We do not know what data YouTube links to the data received and for what purposes YouTube uses this data. Further information on this can be found in YouTube’s privacy policy(http://www.google.de/intl/de/policies/privacy). To prevent the execution of JavaScript code from YouTube altogether, you can install a JavaScript blocker (e.g. www.noscript.net or www.ghostery.com).
Facebook Connect
Facebook Connect is a service provided by Facebook, Inc. The use of Facebook Connect is subject to Facebook’s privacy policy and terms of use. When you use Facebook Connect, Facebook profile data and Facebook public data from your Facebook profile will be transferred to us. Conversely, data may be transferred from us to your Facebook profile. Your transferred data will be stored and processed by us for the purpose of registration on the platform. By registering with Facebook Connect, you consent to the transfer of profile data from your Facebook profile to us and the transfer of data from us to Facebook for use.
Social media plug-ins
Plug-ins from the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA, are integrated on our website. You can recognize these by the Facebook logo or the “Like button” below an article as well as the “Facebook blog radar” and the Facebook blog page in the sidebar (collectively referred to as Facebook plug-ins). These Facebook plug-ins establish a direct connection between your browser and the Facebook server when you visit our site. Through your visit, Facebook receives information that you have visited our pages with your IP address. If you click on the Facebook “Like” button on our site while you are logged into your Facebook account at the same time, the content of our pages will be linked to your Facebook profile. As a result, Facebook can assign your visit to our site to your user account. We would like to point out that, as the website provider, we have no knowledge of the content of the transmitted data or its use by Facebook. We therefore refer you to the following link to obtain further information regarding Facebook’s privacy policy: de-de.facebook.com/policy.php
If you do not want Facebook to associate your visit to our website with your Facebook account, we ask you to log out of your Facebook user account when you visit our website.
Right to information and right of withdrawal
You have the right to information, correction, deletion and restriction of the processing of personal data as well as the right to data transfer.
You also have the right to withdraw any consent you may have given to the processing of your personal data. The lawfulness of the processing of personal data until the revocation is not affected by the revocation.
You have the right to object to the processing of your personal data for the purpose of direct marketing. In the event of an objection, your personal data will no longer be processed for the purpose of direct advertising.
You have the right to lodge a complaint with the national supervisory authority.
You can reach us using the following contact details:
Skadii GmbH
Michael-Seeber-Straße 1
AUT – 6410 Telfs
+43 526262121
privacy@skadii.digital
Data protection information for customers and suppliers
SKADII GmbH informs you in accordance with Art. 13 of the EU General Data Protection Regulation No. 2016/679 (hereinafter “GDPR”) as the data controller (“controller”) that it processes personal data concerning you for the following purposes:
1. object of the processing
The Controller processes personal data (e.g. first name, surname, company name, address, telephone number, e-mail address, bank and payment details – hereinafter
“Personal Data” or simply “Data”) that you have provided when concluding contracts for the Controller’s products or services.
2. purpose of the processing
Personal data concerning you will be processed,
a) for the following purposes in accordance with Art. 6, Chapters b) and c) of the GDPR: Performance of the
contractual agreement with you or performance of pre-contractual measures at your
request; compliance with pre-contractual, contractual and tax obligations arising from
the existing business relationship with you; compliance with legal
obligations, regulations, EU standards or orders of a public authority (such as e.g. according to
the applicable anti-money laundering directives); exercise of the rights of the
data controller, such as the right of defense before judicial authorities;
We would like to inform you that we may send you marketing information about those
products and services of the controller that you have already purchased from us
, unless you have requested otherwise. The same applies to products and
services of the controller that are similar to those you have already purchased
.
b) for the following marketing purposes, provided that you have given your express consent to
(Art. 7 GDPR): Sending e-mails, post and/or SMS and/or
telephone calls, newsletters with marketing information and/or advertising material on products
or services of the controller as well as satisfaction surveys on the quality of
products/services; sending e-mails, post and/or SMS and/or
telephone calls, marketing and/or advertising communication from third parties (e.g.
business partners, insurance companies).
3. processing methods
The processing of personal data is carried out using one of the methods specified in Art. 4 (2) of the GDPR, such as the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data. Personal data concerning you will be processed in whole or in part, automatically and both electronically and in paper form. The controller processes personal data for as long as necessary to fulfill the above-mentioned purposes, but in any case no longer than 10 years from the end of the business relationship specified in the CUSTOMER AND SUPPLIER INFORMATION pursuant to Art. 13 GDPR and no longer than 3 years from the collection of the data for marketing purposes.
4. access to data
Access to the personal data concerning you for the purposes referred to in art. 2 of this information notice will be granted to the following: Employees and assistants of the Controller, authorized agents, processors and/or system administrators; third party companies or other partners (e.g. credit intermediaries, freelancers, consultants, insurance companies providing insurance services, etc.) who carry out outsourcing activities and provide external services on behalf of the Controller as processing partners. In addition, other companies of the HTI Group, to which the controller belongs, may also be granted access to personal data concerning you.
5. data transmission
Without the requirement of express consent, the controller may, in accordance with Art. 6 para. 1 b) and c) of the GDPR to forward personal data concerning you for the purposes mentioned above in Art. 2 a) to security organizations, judicial authorities, insurance companies that provide insurance services and other recipients for whom there is a legal obligation to notify. These recipients process the data as independent data processors.
6. transfer of data
The personal data is stored on internal servers and servers of IT service partners in the European Union. However, the Controller expressly reserves the right to transfer data to recipients outside the European Union if it deems it necessary. In this case, the controller shall ensure that the transfer is carried out in accordance with the applicable legislation and subject to the adoption of the standard contractual clauses required by the European Commission.
7. type of data processing and consequences of refusal to answer
The data processing referred to in Art. 2 a) above in this information letter is mandatory. Without this data processing, the fulfillment of the contracts mentioned in Art. 2 a) is not possible. The data processing referred to in Art. 2 b) above is optional. You cannot provide any data for this purpose or revoke your consent to the processing of the data provided at any later time. In this case, you will no longer receive newsletters, marketing communications or advertising material about the controller’s products and services. Your rights mentioned in Art. 2 a) remain unaffected.
8. rights of data subjects
As a data subject, you enjoy the rights set out in Art. 15 et seq. of the GDPR, in particular
a) the right to obtain confirmation as to whether or not personal data concerning you are being processed
, regardless of whether they are already stored, and the right to access
these data in an intelligible form;
b) the right to obtain information about: (I) the origin of the Personal Data; (II) the
purposes and methods of processing; (III) the logic applied in the case of
processing carried out by electronic means; (IV) the contact details of the controller, the
managers and legal representatives pursuant to art. 3 paragraph 1 of the
GDPR; (V) the recipients or categories of recipients to whom the
Personal Data have been or will be communicated as designated representative in the territory of the State
, designated or authorized persons;
c) I) the right to update, rectify or, if interested, complete
the data;
II) the right to erasure, anonymization, blocking or restriction of
data processing that has taken place unlawfully. This also applies to data that
no longer needs to be stored for the purposes for which it was collected or subsequently processed
;
III) the right to obtain confirmation as to whether or not the
operations referred to in points a) and b) above have taken place, and, where that is the case, the right to have the
recipients to whom the personal data have been disclosed informed of such operations,
unless this requirement proves impossible or involves disproportionate effort compared with
the right that is to be protected;
IV) the right to object, in whole or in part, to the processing of Personal Data concerning you,
(a) on grounds relating to your particular situation, or (b) where Personal Data are processed for
direct marketing purposes, such as sending advertising material,
direct selling or market research, as well as commercial communications by e-mail and/or
or traditional methods by telephone and/or physical mail.
9. exercise your rights
You can exercise your rights at any time by writing to us as follows:
- by registered mail to the head office of our company;
- by e-mail to privacy@skadii.global