The protection of your personal data is very important to us and as an accredited company we always handle your data very carefully. Therefore, we process your data exclusively on the basis of the applicable legal provisions, namely the National Data Protection Act (DPA), the European General Data Protection Regulation (GDPR) and the national Telecommunications Act )2003).
In the following data protection statement we inform you about the most important aspects of data processing related to
a) the initiation of a contractual relationship within the scope of the inspection and certification process
1. How to reach us
2. Personal Data
Personal data in the sense of data protection law are all data that contain information about personal or factual circumstances, such as name, address, e-mail address, telephone number.
3. Purposes of data processing
Your data will be processed by us for the following purposes:
a) Answering your inquiries and follow-up questions, including making offers for contracts for our services
b) Operation and optimization of our website for information purposes
c) Creation and delivery of information on current legal innovations and developments and descriptions of our inspections and certifications as well as other services in the context of contract performance
d) Evaluation of applicants’ professional and personal skills and filling of vacancies
4. Legal basis of data processing according to GDPR
The data processing for (a) answering your inquiries and follow-up questions, including making offers for contracts for our services and fulfilling existing contracts for our services in the context of the activity is based on the legal basis of the performance of the contract or pre-contractual measures with the respective (potential) customers.
The data processing (b) for the operation and optimization of our website is based on the fulfillment of existing contracts as well as the necessary information regarding the respective services.
The data processing (c) for information purposes takes place on the basis of the fulfillment of the contract or pre-contractual measures.
The data processing (d) in the context of application procedures is based on the legal basis of the consent, the pre-contractual measures and the legal basis of the legitimate interest, namely the interest of checking the suitability for the specific position in the company.
If you are already or would like to become our customer, e.g. if you wish to have or have an existing contract, you are – under the contract – obliged to provide certain personal data that are necessary in the context of the inspection and certification process.
5. Recipients of the data
The personal data will be passed on as follows:
In the course of the inspection and certification activity: authorities; private standard and specification operators, if an order exists; other inspection bodies, if necessary for the performance of the service; the EASY-CERT-platform for the publication of the certificates in accordance with ISO 17065; accredited laboratories for any sample analyzes.
Where appropriate, data will be forwarded to insurance companies, banks, tax consultants, auditing firms.
In addition, data is provided to companies for the dispatch and transport of letters, prints and parcels and to companies for the professional paper and file disposal.
b) Operation and optimization of our website: to designers and administrators of our Homepage.
c) As part of public relations and information work for graphic designers, editors and printers
d) Application procedures are handled internally
In addition, we undertake not to disclose your personal data to third parties, unless we are legally obliged to do so or on the basis of a decision of the authority.
6. Data transfer to a third country
It may be necessary within the scope of the inspection and certification activity that personal data is forwarded to other companies outside of Austria and outside the European Economic Area, in particular Switzerland. Switzerland is considered a third country with adequate data protection (DSAV).
7. Duration of data storage
Personal data processed by us will only be stored until the purpose for which it was collected and processed is fulfilled. Criteria for storage are:
a) Within the scope of the inspection and certification activity: if requirements of the accreditation authority and company retention periods must be complied with, the duration of the storage of inspection-relevant data must be at least ten years. Further criteria for the retention are the fulfillment of legal proof obligations and the duration of the statute of limitations of legal claims (duration depending on the legal basis).
b) Operation and optimization of our website: No personal data is stored for the visitor statistics.
c) Information and public relations: as long as there is a contractual relationship with our customers or for interested parties until the receipt of a revocation of the given consent.
d) Application procedure: The data will be saved up to 7 months after the end of the application process if no contractual relationship is reached. If consent for the keeping is given, data will be stored until the receipt of a revocation of the given consent.
8. Your Rights
As persons affected by data processing in terms of data protection law, you have in particular the following rights, as long as these do not conflict with our contractual relationship:
- Right to information about your processed personal data;
- Right to rectification or deletion or to limitation of processing, whereby for customers with an upright contractual relationship the conditions of the inspection contract apply;
- Right of objection to the processing, whereby for customers with an upright contractual relationship the conditions of the inspection contract apply;
- Right to data portability.
Should there be any changes to your personal information, we request that you notify us accordingly. If you believe that the processing of your data violates data protection law or your data protection claims have otherwise been violated in a way, you can complain to the Data Protection Authority.
If the data processing is based on your consent, you can revoke your consent to data processing at any time in writing (e-mail is sufficient) to firstname.lastname@example.org. A revocation does not affect the legality of any data that was used with the consent prior to the revocation.
9. Links to other websites
10. Web server logs
The web server automatically recognizes certain personal data such as your IP address, date, time, user agent of the browser, as well as the destination page stored. These data are stored for technical reasons for 2 weeks and then automatically deleted.
Our website uses so-called cookies. These are small text files that are stored on your device with the help of the browser. They do no harm. The following data is collected: Language settings, user tracking for web analytics
Our website uses so-called “session cookies”. These are cookies that are only active while visiting the website. Session cookies are therefore limited in time and are always deleted when the browser / tab is closed.
If you do not want this, you can set up your browser so that it informs you about the setting of cookies and you allow this only in individual cases. Disabling cookies may limit the functionality of our website.
12. Web analytics
Our web site uses features of the web analytics service Google Analytics Google Inc., Gordon House Barrow St Dublin 4 Ireland. For this purpose, cookies are used that allow an analysis of the use of the website by the users. The information generated thereby is transmitted to the server of the provider and stored there. Some cookies remain stored on your device until you delete them. You can prevent this by setting up your browser so that no cookies are stored. Disabling cookies may limit the functionality of our website.
The IP address is recorded, but immediately anonymized by deleting the last digit. As a result, only a rough localization is possible.
We have entered into a contract for data processing with the provider.
13. Data security
Your data is hosted by a provider located within the European Union. Both our company and the provider use technical and organizational security measures to protect your collected data against manipulation, loss, destruction or access by unauthorized persons. Notwithstanding our efforts to maintain an appropriately high standard of due diligence, it can not be ruled out that information you provide to us over the Internet will be viewed and used by others.
Please note that we therefore accept no liability whatsoever for the disclosure of information due to errors not caused by us in data transmission and / or unauthorized access by third parties (e.g. hacker attack on e-mail account or telephone, interception of faxes).
As of: May 2018