and companies affiliated with the Controller:
Getzner Werkstoffe GmbH, Getzner Werkstoffe GmbH (Germany), Getzner Spring Solutions GmbH, Nihon Getzner K.K., Byrel Fastening Systems Co., Ltd; Getzner India Pvt. Ltd., Beijing Getzner Trading Co., Ltd., Getzner USA, Inc., Getzner France SAS;
Data collected by us are only shared with our companies and any distribution partners if necessary for the purpose of the data processing and if consent has been obtained.
Types of processed data:
- Master data (e.g. names, addresses)
- Contact data (e.g. email, telephone numbers)
- Job application data of all kinds (e.g. photos, CVs, credentials and references)
- Content data (e.g. text entries, photographs, videos)
- Usage data (e.g. visited websites, interest in content, access dates and times)
- Metadata/communications data (e.g. device information, IP addresses)
Categories of data subjects:
Visitors and users of the online presence (data subjects are referred to collectively hereinafter as ‘users’)
Purpose of the processing:
- Provision of the online presence and its functions and content
- Responding to enquiries and communication with users
- Security measures
- Measurement of reach/marketing
‘Personal data’ means any information relating to an identified or identifiable natural person (hereinafter: ‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookies) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The term is broadly defined and includes almost all handling of data.
‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Cooperation with processors and third parties:
In the scope of our processing, we will only share data with other entities or companies (processors or third parties), transfer data to them or otherwise grant them access to the data on the basis of permission granted by law (e.g. if transfer of data to third parties, such as payment service providers, is necessary for performance of a contract pursuant to point (b) of Section 6(1) GDPR), if you have given your consent, or we are subject to a legal obligation to do so or on the basis of our legitimate interests (use of contractors, web hosting providers etc.).
If we contract third parties to process data, said third parties (‘processors’) will be contracted on the basis of Article 28 GDPR.
Data transfer to third countries:
We will only process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), or do so by using the services of third parties or disclosing or transferring data to third parties, for the fulfilment of our (pre-) contractual duties on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Unless granted permission by law or on the basis of a contract, we will only process or have data processed in a third country if the specific conditions set out in Article 44ff. GDPR are met. That means processing is conducted on the basis of specific safeguards, such as a data protection level that is officially recognised as corresponding to that of the EU (e.g. through the ‘Privacy Shield’ for the USA) or compliance with officially recognised, specific contractual obligations (‘standard contractual clauses’).
Rights of data subjects:
Pursuant to Article 15 GDPR you have the right to obtain confirmation as to whether or not personal data are being processed, and, where that is the case, the right to access the personal data and to obtain further information and a copy of the data.
Pursuant to Article 16 GDPR you have the right to obtain the completion of personal data concerning you or the rectification of inaccurate personal data concerning you.
Pursuant to Article 17 GDPR you have the right to obtain the erasure of personal data concerning you without undue delay, or pursuant to Article 18 GDPR the right to obtain restriction of the processing of the data.
Pursuant to Article 20 GDPR you have the right to receive personal data concerning you – that you have provided to us – in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.
Furthermore, pursuant to Article 77 GDPR you have the right to lodge a complaint with the relevant supervisory authority.
Right to withdraw content:
Pursuant to Article 7(3) GDPR you have the right to withdraw your consent with effect for the future.
Right to object:
Pursuant to Article 21 GDPR you have the right to object at any time to the future processing of data concerning you. You may in particular object to processing for purposes of direct marketing.
Cookies and the right to object in the case of direct marketing:
‘Cookies’ are small files that are stored on the computers of users. Various data can be stored in the cookies. Cookies primarily serve to store data about a user (or about the device on which the cookie is stored) during or after the user’s visit to a website. Cookies that are deleted after a user leaves a website and closes their browser are referred to as ‘temporary cookies’, ‘session cookies’ or ‘transient cookies’. The content of the user’s shopping basket in an online shop or the user’s log-in status may, for example, be stored in such a cookie. Cookies that remain stored even after the browser is closed are referred to as ‘permanent’ or ‘persistent’. That means, for example, that the user’s login status is stored if the user returns to the website after several days. Cookies may also be used to store data about the interests of users; such data are used to measure reach or for marketing purposes. Cookies of providers other than the controller who operates the website are provided as ‘third-party cookies’ (cookies of the controller who operates the website are referred to as ‘first-party cookies’).
If users do not wish cookies to be stored on their computer, they are advised to deactivate the relevant option in the system settings of their browser. Stored cookies may be deleted in the system settings of the browser. Disabling cookies may limit the functionality of this online presence.
Erasure of data:
Data will be retained pursuant to the statutory provisions in Austria.
Under Austrian statutory provisions, data are, in particular, required to be retained for the following periods: 7 years pursuant to Article 212(1) of the Austrian Commercial Code (UGB) (in the case of accounts, inventory, opening balance sheets, annual accounts, including management reports etc.) and pursuant to Article 132(1) of the Austrian Federal Fiscal Code (BAO) (in the case of accounting documents, receipts/invoices, accounts, supporting documents, commercial documents, statements of income and expenditure etc.); for 22 years in connection with plots of land; and for 10 years in the case of documents concerning electronically provided services, telecommunications services and radio and television services provided to non-commercial entitles in EU Member States and for which the mini-one-stop-shop (MOSS) is used.
In addition, we process
- contract data (e.g. subject of the contract, term of the contract, customer category).
- payment data (e.g. bank account details, payment history)
of our customers, prospective customers and business partners for the purpose of contractual performance, providing services, customer care, marketing, advertising and market research.
Data protection in the case of job applications and job application processes:
Getzner collects and processes the personal data of job applicants for the purpose of conducting job application processes. Processing may also take place electronically. That is the case, in particular, if an applicant sends the relevant application documents electronically to the controller, e.g. by email or using a web form on our website. If Getzner concludes an employment contract with an applicant, the transferred data will be used in compliance with statutory provisions to arrange the employment. If Getzner does not conclude an employment contract with the applicant, the application documents will be automatically deleted six months after notification of the rejection decision, providing that deletion of the data is not in conflict with any other legitimate interests of the controller.
We use hosting services to make the following services available: infrastructure services and platform services, processing capacity, data storage and database services, security services and technical maintenance services used by us for the purpose of operating this online presence.
We or our hosting provider process master data, contact data, contract data, usage data, metadata and communications data of customers, prospective customers and visitors to this online presence based on our legitimate interests in efficient and secure provision of this online presence pursuant to point (f) of Article 6(1) GDPR in conjunction with Article 28 GDPR (processing conducted on a contractual basis on behalf of a controller).
Collection of access data and log files:
We or our hosting provider collect data on every access to the server on which this service is located (server log files) on the basis of our legitimate interests pursuant to point (f) of Article 6(1) GDPR. The access data include the name of the accessed website, the file, date and time of the access, the data volume transmitted, notification about successful access, the browser type and version, the operating system of the user, the referrer URL (the previously visited page), the IP address and the provider requesting access.
Log file data are stored for a maximum period of 7 days for security reasons (e.g. to clear up any cases of misuse or fraud) and are then deleted. Data that are required to be stored beyond that for reasons of proof will not be deleted until the given case has been fully cleared up.
We process master data (e.g. names, addresses and contact details of users), contract data (services used, names of contact persons, payment information) for the purpose of fulfilling our contractual duties and providing contractually agreed services pursuant to point (b) of Article 6(1) GDPR. Entries that are indicated as mandatory in online forms are required for concluding the relevant contract.
Data will be deleted following the expiry of statutory warranty obligations and equivalent obligations; the need for the data to be retained will be reviewed every three years; in the case of statutory archiving obligations, data will be erased once the statutory archiving periods expire. Any data in a customer account will remain until they are deleted.
Contact with us:
If users contact us (e.g. using a contact form, by email, by telephone or via social media), the data of the user will be processed pursuant to point (b) of Article 6(1) GDPR for the purpose of processing the enquiry. The user data may be stored in a customer relationship management system (‘CRM’ system) or equivalent system for processing enquiries.
We will delete enquiries if they are no longer required. We will review whether they are required every three years; in addition, statutory archiving obligations apply.
Information is provided below about the content of our newsletter, registration processes, processes for sending the newsletter, analysis processes and your rights to object. By subscribing to our newsletter, you declare that you consent to receipt of the newsletter and the processes described.
Content of the newsletter: We only send newsletters, emails and other electronic notifications containing advertising information (hereinafter: ‘newsletters’) with the consent of the recipient or if granted permission by law. If the content of a newsletter is specified in the context of registration for the newsletter, the consent of users is based on that specified content. In addition, our newsletters contain information about our services and our company.
Double opt-in and logging: A double opt-in process is used for registration for our newsletter. That means that after registering you receive an email requesting confirmation of your registration. That confirmation is necessary to ensure that nobody can register with email addresses that do not belong to them. Registration for the newsletter is logged to provide proof of the registration process in line with legal requirements. That includes storage of the date and time of the registration and confirmation, as well as the IP address. Any changes to your data that are stored with the newsletter sending service will also be logged.
Registration data: To register for the newsletter it is sufficient for you to enter your name and email address. The registration process is logged on the basis of our legitimate interests pursuant to point (f) of Article 6(1) GDPR. We have an interest in the use of a user-friendly and secure newsletter system that serves our business interests, meets the expectations of users and enables us to prove that consent has been granted.
Cancellation/withdrawal of consent – you may cancel the receipt of our newsletter at any time; by doing so you withdraw your consent. A link to cancel receipt of the newsletter is included at the end of each newsletter. We may store unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them for purposes of sending the newsletter in order to be able to prove former consent. The processing of said data will be restricted to the purpose of defence against any claims. Individual requests for erasure are possible at any time, providing confirmation is given of former consent.
Google is certified under the Privacy Shield Framework and therefore provides a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google will use that information on our behalf to analyse use of our online presence by users, to compile reports about activities within this online presence and to provide us with further services related to use of this online presence and internet use. That may involve using the processed data to generate pseudonymous usage profiles of users.
We only use Google Analytics with activated IP anonymisation. That means the IP address of users is truncated by Google within the Member States of the European Union or other signatory states to the Agreement on the European Economic Area. The full IP address is only transferred to a Google server in the USA and truncated there in exceptional cases.
The IP address transmitted by your browser is not merged with any other data held by Google. Users may prevent the storage of cookies by adjusting their browser settings accordingly; in addition, users may prevent the collection of data generated by cookies relating to their use of the online presence by Google and processing of such data by Google by downloading and installing the browser add-on under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
Please see the Google websites for further information about data use by Google and possibilities of adjusting the settings and opting out: https://www.google.com/intl/de/policies/privacy/partners (‘How Google uses information from sites or apps that use our services’), http://www.google.com/policies/technologies/ads (‘Advertising’), http://www.google.de/settings/ads (‘Control the information Google uses to show you ads’).
Facebook Social Plugins
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). The list and the appearance of the Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/.
Facebook is certified under the Privacy Shield Framework and therefore provides a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
When a user accesses a function of this online presence that contains one of these plugins, the user's device creates a direct connection with the Facebook servers. The content of the plugin is sent directly from Facebook to the user's device and integrated into the online presence. That may involve using the processed data to generate usage profiles of users. For this reason, we have no influence on the scope of the data that Facebook collects using these plugins. The information provided here is therefore based on our current knowledge.
By implementing a plugin, when a user accesses the corresponding page of the website, this information is sent to Facebook. If the user is logged in to Facebook, Facebook may link the visit to their Facebook account. If the user interacts with a plugin, for example by clicking the "Like" button or leaving a comment, the corresponding information from the user's device is shared with Facebook and stored there. If the user is not a member of Facebook, it is nevertheless possible that Facebook will ascertain and store the user's IP address. According to Facebook, only anonymised IP addresses are stored in Germany.
The purpose and scope of the data collection, the additional processing and use of this data by Facebook, the user's rights regarding this and privacy settings can be found in Facebook's data protection notice: https://www.facebook.com/about/privacy/.
If the user is a member of Facebook and does not want Facebook to collect data regarding them through our online presence and link it to their member data stored at Facebook, the user must log out of Facebook and delete their cookies before accessing our online presence. Further settings and the ability to object to the use of data for advertising purposes can be found in the Facebook profile settings: https://www.facebook.com/settings?tab=ads or by using the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. The settings are independent of the platform, meaning that they are applied across all devices, such as desktop computers or mobile devices.
Online presence on social media:
We maintain an online presence on social media and platforms to communicate with active customers, prospective customers and users there and to be able to inform them about our services there. When visiting such networks and platforms, the terms of service and privacy policies of the respective operators apply.
Integration of third-party services and content:
On the basis of our legitimate interests (namely our interest in the analysis, optimisation and commercial operation of our online presence pursuant to point (f) of Article 6(1) GDPR), we use content or services provided by third parties within our online presence for integration of their content and services, such as videos and fonts (hereinafter collectively: ‘content’).
That always requires the third-party providers of such content to know the IP address of the user because without the IP address they cannot send content to the user’s browser. The IP address is required for the display of said content. We endeavour only to use content where the respective provider uses the IP address solely for the delivery of content. In addition, third-party providers may use pixel tags (invisible graphics, which are also referred to as ‘web beacons’) for statistical or marketing purposes. Pixel tags enable analysis of information, such as user traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the device of the user and include technical information concerning the browser and operating system, referrer websites, duration of the visit and further information concerning use of our online presence, and may also be linked with such information from other sources.