Privacy Policy

Getzner Werkstoffe GmbH
Herrenau 5
6706 Bürs
Austria
Telephone number: 0043 / 5522 / 201 – 0
Email adress: privacy@getzner.com
Website: www.getzner.com

and companies affiliated with the Controller:

Getzner Werkstoffe GmbH, Getzner Werkstoffe GmbH (Germany), Getzner Spring Solutions GmbH, Nihon Getzner K.K., Byrel Fastening Systems Co., Ltd; Getzner India Pvt. Ltd., Beijing Getzner Trading Co., Ltd., Getzner USA, Inc., Getzner France SAS, Getzner Vibration Solutions Pty Ltd.;

Data collected by us are only shared with our companies and any distribution partners if necessary for the purpose of the data processing and if consent has been obtained.

• Master data (e.g. names, addresses)
• Contact data (e.g. email, telephone numbers)
• Job application data of all kinds (e.g. photos, CVs, credentials and references)
• Content data (e.g. text entries, photographs, videos)
• Usage data (e.g. visited websites, interest in content, access dates and times)
• Metadata/communications data (e.g. device information, IP addresses)

Visitors and users of the online presence (data subjects are referred to collectively hereinafter as ‘users’)

• Provision of the online presence and its functions and content
• Responding to enquiries and communication with users
• Security measures
• Measurement of reach/marketing

‘Personal data’ means any information relating to an identified or identifiable natural person (hereinafter: ‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookies) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The term is broadly defined and includes almost all handling of data.

‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Pursuant to Article 13 GDPR we wish to inform you about the legal basis of our data processing. If the legal basis is not specified in the Privacy Policy, the following applies: the legal basis for obtaining consent is point (a) of Article 6(1) and Article 7 GDPR; the legal basis for processing in order to provide our services, perform contractual measures and respond to enquiries is point (b) of Article 6(1) GDPR; the legal basis for processing in order to comply with our legal obligations is point (c) of Article 6(1) GDPR; and the legal basis for processing for the purposes of our legitimate interests is point (f) of Article 6(1) GDPR. Point (d) of Article 6(1) GDPR is the legal basis for processing of personal data in the event that such processing is necessary in order to protect the vital interests of the data subject or of another natural person.

In the scope of our processing, we will only share data with other entities or companies (processors or third parties), transfer data to them or otherwise grant them access to the data on the basis of permission granted by law (e.g. if transfer of data to third parties, such as payment service providers, is necessary for performance of a contract pursuant to point (b) of Section 6(1) GDPR), if you have given your consent, or we are subject to a legal obligation to do so or on the basis of our legitimate interests (use of contractors, web hosting providers etc.).

If we contract third parties to process data, said third parties (‘processors’) will be contracted on the basis of Article 28 GDPR.

We will only process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), or do so by using the services of third parties or disclosing or transferring data to third parties, for the fulfilment of our (pre-) contractual duties on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Unless granted permission by law or on the basis of a contract, we will only process or have data processed in a third country if the specific conditions set out in Article 44ff. GDPR are met. That means processing is conducted on the basis of specific safeguards, such as a data protection level that is officially recognised as corresponding to that of the EU or compliance with officially recognised, specific contractual obligations (‘standard contractual clauses’).

Pursuant to Article 15 GDPR you have the right to obtain confirmation as to whether or not personal data are being processed, and, where that is the case, the right to access the personal data and to obtain further information and a copy of the data.

Pursuant to Article 16 GDPR you have the right to obtain the completion of personal data concerning you or the rectification of inaccurate personal data concerning you.

Pursuant to Article 17 GDPR you have the right to obtain the erasure of personal data concerning you without undue delay, or pursuant to Article 18 GDPR the right to obtain restriction of the processing of the data.

Pursuant to Article 20 GDPR you have the right to receive personal data concerning you – that you have provided to us – in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.

Furthermore, pursuant to Article 77 GDPR you have the right to lodge a complaint with the relevant supervisory authority.

Pursuant to Article 7(3) GDPR you have the right to withdraw your consent with effect for the future.

Pursuant to Article 21 GDPR you have the right to object at any time to the future processing of data concerning you. You may in particular object to processing for purposes of direct marketing.

‘Cookies’ are small files that are stored on the computers of users. Various data can be stored in the cookies. Cookies primarily serve to store data about a user (or about the device on which the cookie is stored) during or after the user’s visit to a website. Cookies that are deleted after a user leaves a website and closes their browser are referred to as ‘temporary cookies’, ‘session cookies’ or ‘transient cookies’. The content of the user’s shopping basket in an online shop or the user’s log-in status may, for example, be stored in such a cookie. Cookies that remain stored even after the browser is closed are referred to as ‘permanent’ or ‘persistent’. That means, for example, that the user’s login status is stored if the user returns to the website after several days. Cookies may also be used to store data about the interests of users; such data are used to measure reach or for marketing purposes. Cookies of providers other than the controller who operates the website are provided as ‘third-party cookies’ (cookies of the controller who operates the website are referred to as ‘first-party cookies’).

We may use both temporary and permanent cookies; information about our use of said cookies is provided in our Privacy Policy.

If users do not wish cookies to be stored on their computer, they are advised to deactivate the relevant option in the system settings of their browser. Stored cookies may be deleted in the system settings of the browser. Disabling cookies may limit the functionality of this online presence.

For numerous services, it is possible to opt out in general from the use of cookies for online marketing purposes, especially in the case of tracking, via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/.

Data processed by us will be erased or their processing will be restricted pursuant to Article 17 and Article 18 GDPR. Unless expressly indicated in this Privacy Policy, data stored by us will be erased once they are no longer required for their intended purpose and erasure of the data is not in conflict with any statutory data retention obligations. If data are not deleted because they are required for other purposes permitted by law, their processing will be restricted. That means the data will be blocked and will not be used for other purposes. That applies, for example, to data that must be retained pursuant to provisions under commercial or taxation law.

Data will be retained pursuant to the statutory provisions in Austria.

Under Austrian statutory provisions, data are, in particular, required to be retained for the following periods: 7 years pursuant to Article 212(1) of the Austrian Commercial Code (UGB) (in the case of accounts, inventory, opening balance sheets, annual accounts, including management reports etc.) and pursuant to Article 132(1) of the Austrian Federal Fiscal Code (BAO) (in the case of accounting documents, receipts/invoices, accounts, supporting documents, commercial documents, statements of income and expenditure etc.); for 22 years in connection with plots of land; and for 10 years in the case of documents concerning electronically provided services, telecommunications services and radio and television services provided to non-commercial entitles in EU Member States and for which the mini-one-stop-shop (MOSS) is used.

In addition, we process

• contract data (e.g. subject of the contract, term of the contract, customer category).
• payment data (e.g. bank account details, payment history)

of our customers, prospective customers and business partners for the purpose of contractual performance, providing services, customer care, marketing, advertising and market research.

Getzner collects and processes the personal data of job applicants for the purpose of conducting job application processes. Processing may also take place electronically. That is the case, in particular, if an applicant sends the relevant application documents electronically to the controller, e.g. by email or using a web form on our website. If Getzner concludes an employment contract with an applicant, the transferred data will be used in compliance with statutory provisions to arrange the employment. If Getzner does not conclude an employment contract with the applicant, the application documents will be automatically deleted six months after notification of the rejection decision, providing that deletion of the data is not in conflict with any other legitimate interests of the controller.

We use hosting services to make the following services available: infrastructure services and platform services, processing capacity, data storage and database services, security services and technical maintenance services used by us for the purpose of operating this online presence.

We or our hosting provider process master data, contact data, contract data, usage data, metadata and communications data of customers, prospective customers and visitors to this online presence based on our legitimate interests in efficient and secure provision of this online presence pursuant to point (f) of Article 6(1) GDPR in conjunction with Article 28 GDPR (processing conducted on a contractual basis on behalf of a controller).

We or our hosting provider collect data on every access to the server on which this service is located (server log files) on the basis of our legitimate interests pursuant to point (f) of Article 6(1) GDPR. The access data include the name of the accessed website, the file, date and time of the access, the data volume transmitted, notification about successful access, the browser type and version, the operating system of the user, the referrer URL (the previously visited page), the IP address and the provider requesting access.

Log file data are stored for a maximum period of 7 days for security reasons (e.g. to clear up any cases of misuse or fraud) and are then deleted. Data that are required to be stored beyond that for reasons of proof will not be deleted until the given case has been fully cleared up.

We process master data (e.g. names, addresses and contact details of users), contract data (services used, names of contact persons, payment information) for the purpose of fulfilling our contractual duties and providing contractually agreed services pursuant to point (b) of Article 6(1) GDPR. Entries that are indicated as mandatory in online forms are required for concluding the relevant contract.

Data will be deleted following the expiry of statutory warranty obligations and equivalent obligations; the need for the data to be retained will be reviewed every three years; in the case of statutory archiving obligations, data will be erased once the statutory archiving periods expire. Any data in a customer account will remain until they are deleted.

If users contact us (e.g. using a contact form, by email, by telephone or via social media), the data of the user will be processed pursuant to point (b) of Article 6(1) GDPR for the purpose of processing the enquiry. The user data may be stored in a customer relationship management system (‘CRM’ system) or equivalent system for processing enquiries.

We will delete enquiries if they are no longer required. We will review whether they are required every three years; in addition, statutory archiving obligations apply.

Information is provided below about the content of our newsletter, registration processes, processes for sending the newsletter, analysis processes and your rights to object. By subscribing to our newsletter, you declare that you consent to receipt of the newsletter and the processes described.

Content of the newsletter: We only send newsletters, emails and other electronic notifications containing advertising information (hereinafter: ‘newsletters’) with the consent of the recipient or if granted permission by law. If the content of a newsletter is specified in the context of registration for the newsletter, the consent of users is based on that specified content. In addition, our newsletters contain information about our services and our company.

Double opt-in and logging: A double opt-in process is used for registration for our newsletter. That means that after registering you receive an email requesting confirmation of your registration. That confirmation is necessary to ensure that nobody can register with email addresses that do not belong to them. Registration for the newsletter is logged to provide proof of the registration process in line with legal requirements. That includes storage of the date and time of the registration and confirmation, as well as the IP address. Any changes to your data that are stored with the newsletter sending service will also be logged.

Registration data: To register for the newsletter it is sufficient for you to enter your name and email address. The registration process is logged on the basis of our legitimate interests pursuant to point (f) of Article 6(1) GDPR. We have an interest in the use of a user-friendly and secure newsletter system that serves our business interests, meets the expectations of users and enables us to prove that consent has been granted.

Cancellation/withdrawal of consent – you may cancel the receipt of our newsletter at any time; by doing so you withdraw your consent. A link to cancel receipt of the newsletter is included at the end of each newsletter. We may store unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them for purposes of sending the newsletter in order to be able to prove former consent. The processing of said data will be restricted to the purpose of defence against any claims. Individual requests for erasure are possible at any time, providing confirmation is given of former consent.

If you have given your consent, this website uses Google Analytics 4, a web analytics service provided by Google LLC. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

Nature and purpose of the processing

Google Analytics 4 uses cookies that enable an analysis of your use of our websites. The information collected by means of the cookies about your use of this website is generally transferred to a Google server in the USA and stored there.

We use Google Signals. This allows Google Analytics to collect additional information about users who have personalised ads enabled (interests and demographics) and ads can be delivered to these users in cross-device remarketing campaigns.

Google Analytics 4 has IP anonymisation enabled by default. Due to IP anonymisation, your IP address will be shortened by Google within Member States of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. According to Google, the IP address transferred by your browser as part of Google Analytics will not be merged with other Google data.

During your website visit, your user behaviour is recorded in the form of "events". Events can be:

• Page views
• First visit to the website
• Start of session
• Web pages visited
• Scrolls
• Clicks on external links
• Internal search queries
• Interaction with videos
• File downloads
• Contact requests
• Seen Ads / clicked Ads
• Language settings

Also recorded:

• Your approximate location (region)
• Date and time of your visit
• Your IP address (in shortened form)
• Technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
• Your internet service provider
• The referrer URL (via which website/advertising medium you came to this website)

Purposes of the data processing

On behalf of the operator Google will use this information to evaluate your use of the website and to compile reports on website activity. The reports provided by Google Analytics 4 serve to analyse the performance of our website and the success of our marketing campaigns.

Recipients

Recipients of the data are/may be

• Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor under Art. 28 DSGVO).
• Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
• Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

Retention period

The data sent by us and linked to cookies are automatically deleted after 2. The maximum lifespan of Google Analytics cookies is 2 years. The deletion of data whose retention period has been reached occurs automatically once a month.

Legal basis

The legal basis for this data processing is your consent pursuant to Art.6 para.1 p.1 lit.a GDPR.

Withdrawal

You can withdraw your consent at any time with effect for the future by accessing the cookie settings and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until revocation remains unaffected.

You can also prevent the collection of data generated by the cookie and relating to your use of the website (including your IP address) by Google, and the processing of this data by Google, by

a. not giving your consent to the setting of the cookie or

b. downloading and installing the browser add-on to deactivate Google Analytics HERE.

For more information on Google Analytics' terms of use and Google's privacy policy, please visit https://marketingplatform.google.com/about/analytics/terms/us/ and at https://policies.google.com/?hl=en.

Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). The list and the appearance of the Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/.

Facebook is certified under the Privacy Shield Framework and therefore provides a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

When a user accesses a function of this online presence that contains one of these plugins, the user's device creates a direct connection with the Facebook servers. The content of the plugin is sent directly from Facebook to the user's device and integrated into the online presence. That may involve using the processed data to generate usage profiles of users. For this reason, we have no influence on the scope of the data that Facebook collects using these plugins. The information provided here is therefore based on our current knowledge.

By implementing a plugin, when a user accesses the corresponding page of the website, this information is sent to Facebook. If the user is logged in to Facebook, Facebook may link the visit to their Facebook account. If the user interacts with a plugin, for example by clicking the "Like" button or leaving a comment, the corresponding information from the user's device is shared with Facebook and stored there. If the user is not a member of Facebook, it is nevertheless possible that Facebook will ascertain and store the user's IP address. According to Facebook, only anonymised IP addresses are stored in Germany.

The purpose and scope of the data collection, the additional processing and use of this data by Facebook, the user's rights regarding this and privacy settings can be found in Facebook's data protection notice: https://www.facebook.com/about/privacy/.

If the user is a member of Facebook and does not want Facebook to collect data regarding them through our online presence and link it to their member data stored at Facebook, the user must log out of Facebook and delete their cookies before accessing our online presence. Further settings and the ability to object to the use of data for advertising purposes can be found in the Facebook profile settings: https://www.facebook.com/settings?tab=ads or by using the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. The settings are independent of the platform, meaning that they are applied across all devices, such as desktop computers or mobile devices.

We maintain an online presence on social media and platforms to communicate with active customers, prospective customers and users there and to be able to inform them about our services there. When visiting such networks and platforms, the terms of service and privacy policies of the respective operators apply.

Unless otherwise indicated in our Privacy Policy, we process the data of users if they communicate with us on social media and platforms, e.g. write posts on our social media pages or send us messages.

On the basis of our legitimate interests (namely our interest in the analysis, optimisation and commercial operation of our online presence pursuant to point (f) of Article 6(1) GDPR), we use content or services provided by third parties within our online presence for integration of their content and services, such as videos and fonts (hereinafter collectively: ‘content’).

That always requires the third-party providers of such content to know the IP address of the user because without the IP address they cannot send content to the user’s browser. The IP address is required for the display of said content. We endeavour only to use content where the respective provider uses the IP address solely for the delivery of content. In addition, third-party providers may use pixel tags (invisible graphics, which are also referred to as ‘web beacons’) for statistical or marketing purposes. Pixel tags enable analysis of information, such as user traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the device of the user and include technical information concerning the browser and operating system, referrer websites, duration of the visit and further information concerning use of our online presence, and may also be linked with such information from other sources.

Videos of the ‘YouTube’ platform provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland are integrated with our online presence. Privacy policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.

Maps of the ‘Google Maps’ service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland are integrated with our online presence. Privacy policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.

Fonts (‘Google Fonts’) provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland are integrated with our online presence. Privacy policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.

Functions for detection of bots (‘ReCaptcha’), e.g. to detect web form entries by bots, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland are integrated with our online presence. Privacy policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.

We use plug-ins of the sketchfab.com website operated by Sketchfab, Inc. The operator of the website is Sketchfab, Inc., Sketchfab HQ, 1123 Broadway ‚ #501 (25th St), New York City, NY 10010, USA. If you visit one of our pages featuring a Sketchfab plug-in, a connection is established with the Sketchfab servers. The Sketchfab server is informed which of our pages you have visited. If you are logged into your Sketchfab account, Sketchfab can directly link your browsing behaviour to your personal profile. You can prevent that by logging out of your Sketchfab account. For further information about the handling of user data, please see Sketchfab’s privacy policy at: http://sketchfab.com/privacy.

We use Hotjar Technology ‘Testing and Optimising’, a service of Hotjar Ltd., 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta. We use Hotjar in order to better understand our users’ needs and to optimise this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies (_hjid, _hijdclud.) and other technologies to collect data on our users’ behaviour and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymised user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.
For further details, please see the Hotjar website https://www.hotjar.com as well as their privacy policy https://www.hotjar.com/legal/policies/privacy and cookie policy: https://www.hotjar.com/legal/policies/cookie-information.

This website uses Mouseflow: a website analytics tool that provides session replay, heatmaps, funnels, form analytics, feedback surveys, and similar features/functionality. Mouseflow may record your clicks, mouse movements, scrolling, form fills (keystrokes) in non-excluded fields, pages visited and content, time on site, browser, operating system, device type (desktop/tablet/phone), screen resolution, visitor type (first time/returning), referrer, anonymized IP address, location (city/country), language, and similar meta data. Mouseflow does not collect any information on pages where it is not installed, nor does it track or collect information outside your web browser. If you'd like to opt-out, you can do so at https://mouseflow.com/opt-out. If you'd like to obtain a copy of your data, make a correction, or have it erased, please contact us first or, as a secondary option, contact Mouseflow at privacy@mouseflow.com.

For more information, see Mouseflow’s Privacy Policy at http://mouseflow.com/privacy/.

For more information on Mouseflow and GDPR, visit https://mouseflow.com/gdpr/.