Astotec
June 2021
Protecting your personal data is a matter of personal importance to us. Based on the terms of the General Data Protection Regulation (GDPR) and the Austrian Data Protection Act, we will inform you about the most important aspects of our data processing, where we process personal data concerning you within the scope of our business relationship, your visit to our website or in some other context.

1. GENERAL INFORMATION ON DATA PROCESSING

What is personal data?
Personal data is any information relating to an identified or identifiable natural person. For example, this includes your name, your address, your telephone number and your date of birth, as well as usage data relating to our online services.

Why do we process your data?
The group of companies processes your data solely for the purpose of producing goods and delivering services, including any necessary secondary processing activities, and for initiating business relationships.

Where do we get your data?
The group of companies receives data for processing from different sources and for different purposes:

  • from direct contact with the data subject themselves, for example, during trade fairs, website visits, job applications
  • from third parties in the process of initiating contracts and handling business transactions with customers, suppliers, subsidiaries and partner firms

What measures do we take to protect your data?
There are a number of organizational and technological precautions in place to protect your personal data. These precautions include protection against the unauthorized, unlawful or accidental access to, processing, loss, use or manipulation of data. Regardless of these efforts to comply with the consistently and appropriately high standards of diligence, it cannot be excluded that any information you knowingly furnish us with via the internet may be seen and used by other people.

How long do we save your data for?
With regards to initiating or concluding a contract, we process your personal data to fulfil the contract and, once the contract is complete, until expiry of the applicable guarantee, warranty, limitation and legal retention periods, and beyond that until conclusion of any possible legal disputes where the data is required as evidence.

Any data we collect from prospects and customers for marketing and information purposes is processed by us from the time the relevant consent is given until it is withdrawn or, where it is in our legitimate interest, for a period of three years from the last business contact or contact initiated by the prospect.

Where requested by you, we will delete your data processed for marketing purposes before this period expires, insofar as this is legally permitted.

Job application documents are deleted at the latest six months from the time of rejection, unless consent is provided for them to be retained for a longer period.

Data that is collected or processed in the legitimate interest of the group, for example for the purposes of quality assurance, information security or the protection of property, are deleted after expiry of the legal retention periods.

The retention period for cookies can be seen in the table of cookies we use.

2. PURPOSES OF PROCESSING

Production of goods and delivery of services
Data processing activities required for the production of goods and delivery of services, including:

  • procurement of products, materials and services
  • sale of products and services
  • leasing of property and machinery
  • maintenance and services after purchase of our products
  • optimization of machinery performance
  • provision of communication channels with our sales partners
  • processing and transmission of data pertaining to employees for the purpose of paying salaries, wages and compensation, and compliance with record-keeping, information and reporting obligations

Trade fair visitors
Trade fair visitors can find out more about our company from our employees and initiate a potential contract by providing their name, address, email address and phone number, or by furnishing us with a business card, so that we can contact the visitor at a later time.

Newsletters
We offer our customers and other interested parties the opportunity to receive regular newsletters. In order to process the required data, you will be asked to provide your consent and will be referred to this data privacy statement during the registration process. Your data will not be forwarded to third parties in connection with the data processing required for sending newsletters. The data will be used exclusively for the purpose of sending newsletters. The legal basis for processing the data is the provision of consent pursuant to Art. 6 Para. 1(a) of the GDPR. The user’s email address is collected in order to deliver the newsletter. The relevant data is deleted as soon as it is no longer required for the purposes for which it was originally collected. The user’s email address shall be stored for as long as the newsletter subscription remains active. The newsletter subscription may be cancelled at any time by the relevant user. A corresponding link is included in each newsletter.

Events
Within the scope of events, in particular trade fairs, the names of our sales staff and employees of sales partners, their location at the fair and their photos are shown on a screen for end customers to see and make it easier to contact them. Photos are only provided with the consent of the relevant employees.

Contact form and email contact
We have a number of different forms available on our homepage. These forms allow you to contact us and make enquiries about our products. When a user makes use of this opportunity, the data entered into the form is transmitted to us and saved. Any data that you share with us by filling in the forms is subject to processing. To process these requests appropriately, we may need to forward your data to our sales partners and partner companies.

The following data is also saved at the time the message is sent:

  • IP address
  • Date and time

The legal basis for this is the performance of the contract, including precontractual steps, and safeguarding the legitimate interests of the data subject and the data controller.

Job candidates
You can apply for a position at one of the companies within the group via an online tool. To do this, the following data is required:

  • Title
  • Name
  • Address
  • Date of birth
  • Phone number
  • Email address

This data is used and processed exclusively in order to review the job application, as a precontractual step. If no employment relationship is entered into, the data is saved for six months from the time of rejection, based on legitimate interest, and then deleted. The data may be saved and retained for up to three years if the candidate provides their consent. This consent may be withdrawn at any time. Applicant data may be shared with other companies in the group that are involved in the recruitment process.

Video surveillance
The group operates a video surveillance system in its relevant offices in order to, firstly, ensure the safe handling of explosive substances and, secondly, to protect the property and possessions of the group and third parties.

The legal basis for this is the legitimate interests of the controller or third parties (e.g. employees) in the context of workplace health and safety:

  • the legitimate interest in quality control and preventing damage in order to avoid material damages, bodily injuries, the violation of regulations, etc.
  • the production of evidence to help resolve a matter in the event of any destruction, loss, bodily injuries or material damages

The legal basis for this is the legitimate interests of the controller or third parties in the context of protecting property and possessions:

  • safeguarding the plant and company premises against unauthorized intrusion and theft
  • the production of evidence to help resolve a matter in the event of property offences against the controller or third party
  • the production of evidence to help resolve a matter in the event of any destruction, loss, bodily injuries or material damages

In general, recordings are not reviewed or analyzed. Analysis only takes place in the event of an actual or suspected incident. Recordings will be deleted at the latest 72 hours after recording. Should this period lapse on a Saturday, Sunday, public holiday, Good Friday or Christmas Eve, it shall be extended to the next working day.

Cookies
We use cookies on our website to make our online offering more user-friendly, effective and secure. A cookie is a small text file that we transfer to the cookie file of the browser on your computer’s hard disk, via our web server. This allows our website to recognize you again when you connect to our web server using your browser. Cookies help us to determine the user frequency and number of users on our web pages. The content of the cookies we use is restricted to an identification number that does not allow an individual user to be identified. The main purpose of a cookie is to recognize when a user is visiting the website. You can configure your browser’s settings so that you are notified when cookies are being used and only accept them on a case-by-case basis, to exclude the acceptance of cookies in certain instances or in general, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website.

Google Analytics 
This website uses Google Analytics, which is provided by Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) for analyzing website use. The service employs cookies – small text files that are saved on your end device. In general, the information collected by the cookies is sent to a Google server in the USA and stored there. This website uses IP anonymization. The IP addresses of users within the member states of the European Union and European Economic Area are abbreviated. This abbreviation makes it impossible to extract any identifiable information on an individual. As part of the agreement on contract data processing concluded by the website operator with Google Inc., the latter shall use the collected information to analyze website use and activity and deliver services related to internet usage. You have the option of preventing cookies from being stored on your device by adjusting your browser settings accordingly. There is no guarantee that you will be able to access all functions of this website without limitations if your browser does not accept cookies. Furthermore, you can use a browser plug-in to prevent the information collected by cookies (including your IP address) from being sent to Google Inc. and used by Google Inc. The following link will take you to a relevant plug-in: https://tools.google.com/dlpage/gaoptout?hl=de You can find more information on how Google Inc. uses data here: https://support.google.com/analytics/answer/6004245?hl=de

All the cookies we use, including their purpose and how long they’re valid for, can be found in the following table:

  • Cookie name: Google „_ga“
    Validity: 2 years
    Description: Used to distinguish website users

  • Cookie name: Google „_ga“
    Validity: 24 hours
    Description: Used to distinguish website users

  • Cookie name: Google „_ga“
    Validity: 1 minute
    Description: Used to throttle the request rate If Google Analytics is integrated via Google Tag Manager, the cookie is called « _dc_gtm »

3. WHO DO WE SEND YOUR PERSONAL DATA TO?

As part of data processing, where required, data may be sent to other controllers or external processors. These may include:

  • other companies within the group
  • service providers
  • IT service providers
  • sales partners
  • official bodies and authorities
  • insurance companies
  • social insurance agencies
  • courts
  • auditors

Some of these recipients, particularly IT service providers, may be based in third countries.

Where personal data is sent to a third country (as is the case with Google Analytics), we ensure compliance with all necessary regulations.

4. YOUR RIGHTS WHEN IT COMES TO YOUR PERSONAL DATA

Pursuant to the GDPR and the Austrian Data Protection Law, the following rights and remedies are available to you as the data subject:

  1. Right of access (Art. 15 EU GDPR)
    As the data subject, you have the right to demand access to information about whether data concerning you is being processed, and if so when and which data. For your own protection – to prevent information about your data falling into the wrong hands – it may be necessary for us to verify your identity in a suitable manner first.
  2. Right to rectification (Art. 16) and erasure (Art. 17 EU GDPR)
    You have the right to immediately request the rectification of inaccurate personal data concerning you, or – taking into account the purposes of the processing – to have incomplete personal data completed or to request the erasure of your data, provided the criteria of Art. 17 EU GDPR have been met.
  3. Right to restriction of processing (Art. 18 EU GDPR)
    You have the right to restrict the processing of all personal data that is collected, as per the legal terms. From the time of the request to restrict processing, this data may only be processed with your own consent or for the establishment or exercise of legal claims.
  4. Right to data portability (Art. 20 EU GDPR)
    You have the right to request that personal data be transmitted to a third party without hindrance or restriction.
  5. Right to object (Art. 21 EU GDPR)
    You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that is in our legitimate interest or that of a third party. After the objection, your data will no longer be processed, unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms, or where the processing serves the establishment, exercise or defence of legal claims. You have the right to object to the processing of your personal data for marketing purposes at any time, with future effect.
  6. Right to withdraw consent
    Where you have provided consent to the processing of your data separately, you may withdraw this consent at any time. Any such withdrawal of consent only affects the permissibility of processing your personal data after you have informed us.
  7. Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, particularly in the member state of your residence, your workplace or the place of the alleged infringement, if you are of the view that the processing of personal data concerning you violates the GDPR. The supervisory authority that receives the complaint shall keep the complainant informed about the progress or outcome of the complaint lodged, including the opportunity for judicial remedies, pursuant to Art. 78 GDPR.
The supervisory authority responsible for our group is the Austrian Data Protection Authority, Barichgasse 40–42, 1030 Vienna, Austria, Email: dsb@dsb.gv.at, www.dsb.gv.at

5. WHAT HAPPENS IF THERE'S A DATA BREACH (E.G. DATA IS STOLEN)?

We do everything we can to ensure that data breaches are identified early on and, where applicable, are immediately communicated to you and the relevant supervisory authority, with reference to the relevant data categories that are affected.

6. HOW CAN YOU WITHDRAW YOUR CONSENT TO DATA PROCESSING?

Where you have given us your consent to process data, you may withdraw this consent at any time. Please email us at: gdpr@astotec.com.  Or you can send a letter to: Astotec Holding GmbH, Leobersdorferstraße 31–33, 2552 Hirtenberg, Austria. If you have any other queries relating to the processing of your personal data, email us at: gdpr@astotec.com. The withdrawal of consent does not affect the lawfulness of any data processing that occurs as a result of the original consent until the time of withdrawal.

 

7. WHO IS RESPONSIBLE FOR PROCESSING THE DATA?

This data privacy statement applies to all the companies listed below, and Astotec Holding GmbH is the central point of contact for all issues concerning the GDPR. Enquiries are distributed internally based on roles and responsibilities.
Orasis Industries Holding GmbH Leobersdorfer Straße 31–33 2552 Hirtenberg, Austria
Astotec Holding GmbHLeobersdorfer Straße 31–33 2552 Hirtenberg, Austria
Astotec Automotive GmbH Leobersdorfer Straße 31–33 2552 Hirtenberg, Austria
Astotec Automotive Hungary Bt.Pápa, Nagysallói u. 8500 Hungary
Astotec Automotive Czech Republic s.r.o.Brankovice č.p. 350 683 33 Brankovice, Czech Republic
Astotec Pyrotechnic Solutions GmbHHauptstrasse 1 2722 Winzendorf, Austria
Astotec Metal Processing GmbHLeobersdorfer Straße 31–33 2552 Hirtenberg, Austria

8. CENTRAL CONTACT POINT

Astotec Holding GmbH Leobersdorferstraße 31–33 2552 Hirtenberg, Austria
If you have any questions relating to the processing of your data or would like to exercise rights, please contact gdpr@astotec.com.