DATA PROTECTION INFORMATION
for data subjects pursuant to Art 13 and 14 GDPR
Controller pursuant to Art 24 GDPR:
Büsscher & Hoffmann GmbH („B&H“)
Business Unit Herbitect
Fabrikstraße 2, 4470 Enns,
Tel. +43 / (0)7223 82323 0
Fax. +43 / (0)7223 82323 42
Dkfm Dr Johann F Kwizda and
DI Karl Landl
Data Protection Officer pursuant to Art 37 et seq. GDPR:
B&H is a private company and not a public authority or body as defined by Art 37 (1) a GDPR. Within the framework of our core activity according to Art 37 (1) b and c GDPR, no large-scale processing is carried out of special categories of data or personal data relating to criminal convictions or offences, nor is there any processing that requires the regular and systematic monitoring of data subjects on a large scale. For this reason, B&H is not obliged to appoint a Data Protection Officer.
Handling personal data:
B&H takes the protection of personal data very seriously.
Personal data are pieces of information that can be associated individually with you. Examples include your address, name, postal address, e-mail address or telephone number. Information such as the number of users visiting a site are not deemed to be personal data, because they are not allocated to a specific person.
B&H treats personal data in accordance with the statutory data protection regulations (in particular the basic EU Data Protection Regulation, Data Protection Act DSG 2018), and with this data protection declaration.
Rights of data subjects:
You have the right:
pursuant to Art. 15 GDPR, to demand information about your personal data that we have processed. In particular, you can obtain information about the purposes of the processing, The categories of personal data concerned, the recipients or category of recipients to whom you data have been or will be disclosed, the envisaged period for which the data will be stored, the existence of the right to request rectification, erasure, or restriction of the processing, or to object to it, the right to lodge a complaint with a supervisory authority, the source of your data, if these have not been collected by us, and on the existence of automated decision-making, including profiling, and any other meaningful information about their details or the logic involved;
pursuant to Art. 16 GDPR, to demand the immediate rectification or completion of inaccurate personal data stored by us;
pursuant to Art. 17 GDPR, to demand the erasure of personal data stored by us, unless their processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims;
pursuant to Art. 18 GDPR, to demand the restriction of the processing of your personal data in cases where you contest the accuracy of the data, where the processing is unlawful yet you oppose the erasure of the personal data, where we no longer need the data but you still require them to establish, exercise or defend legal claims, or where you have objected to the processing of the data pursuant to Art. 21 GDPR;
pursuant to Art. 20 GDPR, to obtain your personal data that you have provided to us in a structured, commonly used and machine-readable format and to demand the transfer of these data to another controller;
pursuant to Art. 7 (3) GDPR, to withdraw your consent at any time, which will mean that in future we may no longer carry out the data processing that was contingent upon this consent.
Assertion of data subject rights:
Insofar as your personal data is processed on the basis of legitimate interests in accordance with Art. 6 (1) f GDPR, you have the right, under Art. 21 GDPR, to object to the processing of your personal data, provided there are reasons relating to your particular situation or if the objection relates to direct marketing. In the latter case, you have a general right to object, which shall be implemented by us without any reference to a particular situation.
Storage duration and limitation:
In accordance with valid data protection requirements, we are obliged under Art 5 (1) e GDPR to erase personal data immediately as soon as the purpose of the processing has been fulfilled. In this context we wish to point out that statutory retention requirements and time limits represent a legitimate purpose for the processing of personal data.
In all cases data will be stored and kept by us in personal form until the end of the business relationship or until the expiry of valid guarantee or limitation periods; in addition, until the end of any legal disputes in which the data are required as evidence; or in any case until the expiry of the third year after the last contact with a business partner.
In addition, we comply with the following time limits:
Accounting and taxation law:
Tax-related retention requirements under §§ 207 Abs. 2, 209 BAO: 10 years
Purchase price claim for movable objects under § 1062 in conjunction with § 1486 ABGB: 3 years
Purchase price claim for immovable objects (from contract § 1486 ABGB): 30 years
Claims arising from a service contract under § 1486 ABGB (if the service was provided as part of a commercial or other business operation): 3years
General compensation under § 1489 ABGB (compensation claims): 3 years (if damage and injurer known) / otherwise 30years
Claim for the issuing of a reference under § 1163 iVm § 1478 ABGB: 30 years
Claims by the employee and claims by the employer relating to remuneration, advance payment, and all other claims arising from the employment relationship under § 1153 ff iVm 1486 ABGB: 3 years
Accounting-relevant employee data: same as Accounting.
Deadline for the assertion of claims under §§ 15 (1) and 29 GlBG for discrimination in promotions or applications: 6 months from rejection of the promotion respectively the application or according to the consent of the applicant application documents also 3 years.
Forwarding of data
Your personal data will not be transferred to any third party for any purpose other than those listed below.
We shall forward your personal data to third parties only when:
you have given your explicit consent, in accordance with Art. 6 (1) a GDPR,
under Art. 6 (1) f GDPR, the transfer is made to protect operational interests, or is necessary for the establishment, exercise or defence of legal claims, and there is no reason to assume that you have an overriding interest, which must be protected, in the non-forwarding of your data,
in the event that there is a legal obligation to forward the data under Art. 6 (1) c GDPR, and
this is legally permissible and necessary under Art. 6 (1) b GDPR for the processing of contractual relationships with you.
Use of our website
a) When accessing our website, the browser used on your end device automatically send information to our website’s server. This information is stored temporarily in a so-called log file. Without any action on your part, the following information is collected and stored until its automatic erasure:
IP address of the accessing computer
Date and time of the access
Name and URL of the retrieved file
Website, from which access was made (referrer URL)
Browser used and, where applicable, the operating system of your computer and the name of your access provider
The aforementioned data will be processed by us for the following purposes:
Guaranteeing the smooth connection setup of the website
Guaranteeing the comfortable use of our website
Evaluating system security and stability and
Other administrative purposes
The legal basis for data processing is Art. 6 (1) f GDPR. Our legitimate interest is derived from the purposes listed above for data collection. Under no circumstances shall we used the data collected for the purpose of making any inferences to your person.
b) When using our contact form
For queries of all kinds we offer you the possibility to contact us by means of a form provided on the website. This requires the input of a valid e-mail address, so that we know from whom the request has come and in order to be able to reply. Additional information can be provided voluntarily.
We process data for the purpose of making contact in accordance with Art. 6 (1) a GDPR on the basis of your voluntary consent. The personal data collected by us for the use of the contact form will be erased automatically once your query has been dealt with.
Our website uses so-called cookies. These are small text files that are installed on your end device with the help of the browser. They do not cause any damage.
If you do not wish this, you can set up your browser in such a manner that it informs you about the installation of cookies, which you may permit on a case-by-case basis. Deactivating cookies may restrict the functionality of our website.
Server log files
The website provider automatically collects and stores information in so-called server log files, which your browser sends to us automatically. These are:
• Browser type/ browser version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Time of the server request
These data cannot be attributed to any particular person. These data are not merged with other data sources. We reserve the right to check these data in retrospect, should we become aware of concrete indications of unlawful use.
This website uses functions of the web analysis service Google Analytics. The provider is Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google Analytics uses so-called “cookies”. These are text files that are stored on your computer to allow the analysis of your use of the website. The information generated by the cookies about your use of this website is generally sent to a Google server in the USA and stored there.
We use Google Analytics only with activated IP anonymisation. This means that on this website your IP address is truncated beforehand by Google in member states of the European Union or in other states party to the agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activities, and to provide other services relating to internet use and website activity. Google will not correlate the IP address transmitted by your browser within the framework of Google Analytics with any other data.
You can prevent the installation of cookies by selecting the appropriate settings in your browser software; however, we draw your attention to the fact that if you do this you may not be able to use the full functionality of this website. In addition, you can prevent the data generated by the cookie relating to your use of the website (incl. your IP address) from being tracked and processed by Google by downloading and installing the browser plugin that is available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
Our website may contain links to third-party websites (“external links”). These external links are subject to the liability of the respective operator. B&H has no influence whatsoever on the current and future design or the contents of the linked pages. Placing external links does not mean that the contents are B&H contents. It is not possible or reasonable for B&H to conduct ongoing checks of the external links without any concrete indications of legal violations. However, should we become aware of any legal violations, such external links will be deleted immediately.
If you send us queries by e-mail, your information, including the contact data you provide, will be stored by us for the purpose of answering your query and for any follow-up questions. B&H draws explicit attention to the fact that the transfer of data on the internet (e.g. during e-mail communication) can be vulnerable to security gaps and cannot be protected seamlessly against third-party access.
The use of the contact data in our imprint or our website for commercial advertising is explicitly undesired, unless we have granted our written consent. B&H, and all persons named on this website, hereby object to any commercial use or forwarding of these data.
During your visit to our website we use the widespread SSL (Secure Socket Layer) method in combination with the currently highest encryption level that is supported by your browser. This is generally a 256-bit encryption. If your browser does not support 256-bit encryption, we revert instead to 128-bit v3 technology. You can see whether individual pages of our website are transmitted in encrypted form by means of the closed illustration of the key or lock symbol in your browser’s status bar.
Furthermore, we avail of suitable technical and organisation security measures in order to protect your data against random or deliberate manipulation, partial or complete loss, destruction, or unauthorised third-party access. Our security measures are improved on an ongoing basis in accordance with technological developments.
Currency of and amendments to this data protection declaration
The further development of our website and offers, or altered statutory or official requirements may necessitate amendments to this data protection declaration. You can retrieve and print the updated data protection declaration at any time from our website at http://herbitect.com/index.php/en/dataprotection.
Büsscher & Hoffmann GmbH