Privacy Policy

 

Protecting your personal data is an issue of particular concern to us. We therefore process your data solely on the basis of the statutory provisions (General Data Protection Regulation (EU) 2016/679, Austria’s Data Protection Amendment Act (DGS 2018) and Telecommunications Act (TKG 2003). The aim of this privacy policy is to inform you about the key aspects of data processing when you use our website.

Protecting information and personal data is an issue of particular concern to Wilhelm Schwarzmüller GmbH (hereinafter “Company”). Your expectation of the quality of our products and services is our standard when handling your data. This privacy policy describes in more detail how the Company processes and protects your personal data on this website. This privacy policy applies to any of the websites the Company operates, from which this privacy policy is accessible. 

As the general technical and legal conditions for the processing of personal data are subject to ongoing and continuous development, the Company reserves the right to adjust this privacy policy to take account of the changes in the general conditions from time to time. Users of one of the Company’s websites must therefore familiarise themselves with any changes to this privacy policy when they start to use the website.

This privacy policy applies to all websites operated by the corporate group.
 

1. Personal data

Personal data is, for example, the name, address, date of birth, telephone number and email address.

Anonymous or anonymised data, by contrast, does not constitute personal data. It is not subject to the scope of data protection regulations. The Company tries to process data in an anonymised form wherever possible. This is carried out, for example, by the acquired data not being collected with your name but under a pseudonym, so that it is not possible to trace it back to a specific or identifiable person.
 

2. Determining and collecting personal data

The Company does not collect and gather personal data without a reason. In fact, personal data is collected in order to

  • make this website as user friendly as possible for you,
  • process information requests or complaints quickly,
  • respond to service and product enquiries,
  • provide information, marketing or newsletter content that is relevant to you,
  • allow you to navigate this website,
  • handle your job application,
  • process orders and
  • conduct statistical surveys on the usage of this Website.

The Company collects the personal data used to do this in a variety of ways. Personal data is collected when you notify of the specific personal data directly as part of data acquisition (e.g. form when you register, a product enquiry or subscribe to the newsletter). But personal data is also collected by ‘cookies’ when you navigate onto or through this website. Such data includes the IP address, the type of browser you are using, the language, the login times, the end device used, the data volumes transmitted, the navigation history, and the referrer.
 

3. Use of personal data

The Company always only uses personal data solely within the scope and on the basis of the applicable data protection regulations, such as the General Data Protection Regulation (EU) 2016/679, Austria’s Data Protection Amendment Act (DSG 2018) and the Telecommunications Act (TKG 2003), in particular.

The Company only uses personal data if this is covered by the Company’s legal authority in terms of content and purpose of data usage and if your interests requiring protection are not breached. The Company’s legal authority arises on the basis of the granted business licence and the articles of association.

The Company safeguards your interests in secrecy requiring protection, for example, when you give your consent to your personal data being used. This consent may be withdrawn at any time by using the contact details given at the end of this privacy policy. Withdrawing consent will render any further use of your personal data illegal if data usage is based solely on your consent and your interests in secrecy requiring protection cannot be safeguarded in any other way.

If consent is required, the Company will invite you to give such consent directly when this personal data is collected. The Company will explain to you in advance what types of data are used and for what purposes. Should usage also include transmission to third parties, you will also be informed about the recipients and purpose of the transmission. You will further be advised, once again, about your right to withdraw consent at any time.

The Company also safeguards your interests in secrecy requiring protection in that the Company’s or a third party’s overriding, legitimate interests require the use of your personal data. Your interests in protecting the particular personal data and the interests of the Company or of a third party in using this data will be considered. The interests of the Company or a third party predominate, in particular, if data is required to fulfil a contractual obligation between the Company and you or to assert, exercise or defend the Company’s legal claims.

If the Company has an overriding, legitimate interest in using the data, your personal data will only be used to the extent required to fulfil this particular purpose. For example, personal data that is required to implement the contract will not be used for marketing purposes.
 

4. Special data collection and use

The Company collects and uses personal data on the website on the following occasions:

  • When you sign up to the online shop: If you sign up to the online shop, the following data is collected: First name, second name, company, street, house number, post code, town, country, tax ID number, email address, telephone number. The data is used to give you access to the online shop and, in the event of orders, to process the order. This data is taken into the Company’s ERP system to this end.
  • Contact form: We collect the following data for the contact form: Title, first name, surname, email address, telephone number and the information about whether you want to be included on the newsletter’s distribution list. This information is saved on our CRM system and used to be able to process your enquiry or your contact requests.
  • Newsletter: There is also an option for ordering the newsletter as part of the contact requests. The following data is collected here: Title, first name, surname, email address, and the information whether you want to be included on the newsletter’s distribution list. This information is saved on our CRM system and used to send you our newsletter.
  • Application to a job advertisement or speculative application: The following data is collected when you apply for a position with the Company using the online application form: The position sought (job title), title, name, street, house number, post code, town, your email address, your telephone number, your date of birth, your CV and your school and work references, as well as personal skills to qualify for the position. This data is used to process your application and to contact you on this matter. Should this result in employment, the data will be taken into Company’s personnel records and subsequently used for personnel administration.

The Company also collects personal data using ‘cookies’ (see below). If personal data is entered during one of the aforesaid occasions across more than one webpage, it is cached by a session cookie, so it can be used again when you next visit the webpage.  
 

5. Sharing/transmitting data

Data transmission is forwarding personal data to third parties, who in turn use this data for their own purposes or even use the data for another field of activity within the Company. Data sharing is forwarding personal data to third parties, who use this data on the Company’s behalf for the Company’s purposes.

Personal data is used if you notify us of this, for example, as part of a registration (e.g. contact request) or consent to the use of cookies. 

All personal data is collected, processed and used in accordance with the respective requirements to protect personal data, first and foremost, for the purpose of the services commissioned by you and to process your enquiries.

The Company will never sell, lease or rent out personal data. Your personal data will only be provided to third parties, if and insofar as this is necessary to implement the contract and for information, marketing and newsletter services.

Your data will only be stored in a personalised form, insofar as is necessary for the purposes for which it is processed, and until the end of any guarantee, warranty, limitation and statutory retention periods unless otherwise stipulated in these data protection requirements.

As part of operating our website(s), we commission software service providers and agencies, which may have access to your personal data during the course of their activities. They are obliged in respect to us to adhere to the applicable data protection regulations. Generally, if we have appointed an external service provider to process the data, such service provider will also be obliged to adhere to data protection.
 

6. Cookies and analysis services

Cookies are tiny text files, which the website operator caches on a storage medium of the end device used by the website user (PC, notebook, tablet and smartphone etc.) using the browser. This information is accessed again during subsequent visits to the website and allows the website to recognise the end device. Both personal and non-personal data can be saved in cookies. User profiles can also be created by setting cookies.

Cookies are used by the Company to organise usage of the website in a more user friendly way, to continually improve performance of the website for you and to learn more about usage of the website. However, this website can also be viewed without cookies. It is possible for all Internet browsers to be set to determine if and what cookies are cached by your browser. The default setting for most browsers accepts all cookies. Adjust the browser settings accordingly should you not want this. To do this, access your browser’s help page and check your browser’s cookie settings.

Our websites use functions of the website analysis service Google Analytics and Matomo (Piwik). The provider for Google Analytics is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Provider for Matomo (Piwik) is InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand. For this purpose, Cookies are also used that enable usage of the website by your users to be analysed. The information generated as a result is transferred to the provider’s server and stored there.
 

7. Data protection measures

The Company has taken suitable technical and organisational precautions to guarantee that your personal data is protected. Therefore, any unauthorised access, collection, usage, publication, duplication, modification or deletion of the personal data should be prevented. This data is stored on protected servers within Austria for this purpose. Technical data protection measures employed include mandatory passwords, logging, access controls, firewall and anti-virus programs. The organisational data protection measures include the principle of dual control, the restriction of data access for selected employees, random checks, confidentiality agreements and contractual letters of commitment.
 

8. Rights of data subjects

The Company naturally grants you a right to access, a right to rectify or erase and a right to object to your personal data being used. 

The data subject is entitled, at all times, to demand confirmation whether personal data relating to them is being processed, and if necessary, obtain corresponding information about this personal data from the data controller. 

The data subject has the right to have personal data relating to them rectified (completed), deleted or to restrict processing, and to object to this. This also applies to the data subject’s automated data processing of personal data. The data subject also has the right to object to the direct marketing of their personal data. Consent to process your data as part of sending out the newsletter may be withdrawn at any time. The Company will not carry out profiling (evaluation).

The data subject is urged to notify any changes to their personal data.

Any duty by the Company to provide information and duty of disclosure under data protection law is restricted, particularly, by an obligation to secrecy.

As far as possible and provided this does not entail disproportionate expense, the controller will inform any recipients of personal data, which has been rectified, erased or whose processing has been restricted. They will be informed about these recipients if the data subject requires. 

The data subject is entitled to receive personal data relating to them and provided to the controller in a structured, current and machine-readable format, and to transfer this data to another controller. When exercising the right to have their data transferred, the data subject may arrange for personal data to be transferred directly from one controller to another controller, provided this is technically feasible. 

If the Company uses your data on the basis of your consent, you also have the right to withdraw this consent at all times. Following withdrawal of consent, the Company shall cease using the personal data relating to the data subject immediately, provided the data is being used solely on the basis of your consent. The Company may continue to use the personal data relating to the data subject if it is previously anonymised in such a way that it is impossible for it to be assigned to a specific individual. 

In the event that the protection of personal data is breached (“data breach”), which is likely to entail a high risk to personal rights and freedoms of natural persons, the controller will send a notification to the data subjects and/or data protection authority. 

All rights are to be claimed from the Company in writing (see below for contact details). To prevent misuse, the data subject must provide evidence of their identity in a suitable form. Each data subject often has the unrestricted right to information. The Company provides information once a year free of charge and any outlay above and beyond this will be billed based on the information issued. 

The data subject may obtain information at any time to exercise their rights with respect to processing at the controller.

There is generally an option to lodge a complaint with the supervisory authority.
 

9. Contact details

We will update these guidelines for the protection of your personal data from time to time. You should view these guidelines from time to time to remain up to date about how we protect your data and continuously improve the content of our website. Should we make any significant changes to how we collect, use and/or forward the personal data you provide to us, you will be made aware of this by means of a clear and visible reference on the website. By using the website you are stating your agreement to the terms of these guidelines for protecting personal data.

You can use the following contact details to get in touch with the Company on matters concerning this privacy policy: 

Wilhelm Schwarzmüller GmbH
Hanzing 11, 4785 Freinberg,
FN 364874f
Managing Director: Roland Hartwig, Georg Preschern
email: gdprschwarzmuellercom
Tel.: +43 (0)7713 8000
Fax: +43 (0)7713 800 297

Date: May 2018
 


Supplementary data protection notice: App


A) Data processing using user information 

You can contact us over the app by using the contact form. If you do so, the following personal data will be sent to us: IP, time, operating system, name, email, telephone number and other personal data which you may have given in free text form. 

This is necessary for us to react to your inquiry and give you an answer. 

The data will be stored for as long as is necessary to fulfil the purpose, a legal duty to retain it exists or the data is needed by us to secure, enforce, or defend demands and claims.

Data processing for the purpose of contacting us using the contact form, takes place in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR, on the basis of your voluntarily given consent. You can revoke this consent at any time by deinstalling the app. Although the app can no longer be used in the case of a revocation, our other contact channels such as telephone, email, fax, or postal address (see masthead) remain available, or you can visit us in person.

Target group: Our offering is exclusively for people aged 16 years and above. Use by minors under the age of 16 is not allowed.

 

B) Social media & external content

 

Social Media Links

Links are integrated to the provider’s social media profile on: 

  • Instagram (a business belonging to Facebook Ireland Limited., 4 Grand Canal Square, Dublin 2, Ireland),
  • YouTube (a business belonging to Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA) and 
  • Facebook (Facebook Ireland Limited., 4 Grand Canal Square, Dublin 2, Ireland)

These links do not contain any explicitly user-specific data, only the provider’s respective profile links. By clicking on the link, you leave the app and will be redirected by your smartphone browser to the respective social media platform. Whereby, the respective social media platforms receive the information that your browser has launched our app, even if you do not have an account with the respective social media platform or are not currently logged in. This information (including your IP address) is transmitted by your browser direct to the social media platforms’ servers in the USA and stored there. If you are logged into your social media account, the social media platform can attribute the visit to our app directly to your account. The social media platforms use this information, for example, for the purpose of advertising, market research and needs-based platform design. Usage, interest, and relationship profiles are created for this purpose, e.g., to evaluate your use of our app with regard to the advertisements presented to you on the social media platforms or to inform other users about your activities on our app. If you do not want the social media platforms to attribute the data collected by our app to your account, you must log out of your account before launching our app.

For the purpose and extent of the data processing by the social media platforms, as well as your rights in this respect and using settings options for protecting your privacy, please see the data protection notices of

 

Content from other third-party providers 

a) Google Maps

Map data from Google Maps is embedded in the app via the Google Maps API, for the presentation of maps under the menu heading “workshop search”. Google Maps is a map service belonging to Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.

This allows us to show you interactive maps directly in the app, enabling your convenient use of the map function, so that you can quickly find a nearby service point.

After clicking “workshop search”, you can choose whether you want to enter a specific location or carry out an automated location determination based on your current location. In both options, your smartphone’s personal data, such as time, operating system and your current IP address, will be transmitted to Google, so that you can be shown a suitable map section.

For automated location determination, your current location will be sent to Google and automatically processed. The following data will be processed by Google to determine your location: Your IP address, your GPS coordinates, your mobile phone network, your WLAN network.

In addition, Google receives the information that you have launched our app. This happens regardless of whether Google provides a user account over which you have logged in, or whether no user account exists. 

These data will also be processed in the USA which has lower data protection standards. The Google service is only activated with your consent. Google Inc.’s data protection policy (http://www.google.de/intl/de/policies/privacy) applies in respect to your rights in the event of revocation etc. 

If you are logged in to Google, your data will be directly attributed to your account. If you do not want this attribution to your Google profile, you must log yourself out of Google before activating the button. Google stores your data as a usage profile and uses it for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation takes place (even for users who are not logged in) in particular, for the provision of needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby, to exercise this right, you must address your objection to Google. 

Further information about the purpose and extent of the data collection and its processing by the plug-in provider, can be found in the provider’s data protection declaration. You will also find further information about your rights in this respect and using settings options to protect your privacy: http://www.google.de/intl/de/policies/privacy

The legal basis for embedding the Google Maps function is your voluntarily given consent according to Art. 6 para. 1 S. 1 lit. a GDPR.

 

b) Google Firebase and Google Analytics for Firebase

The Google Firebase service and Google analytics for Firebase, are used to analyze app usage for push notifications. These are also services belonging to Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.

The information generated about the app’s usage is transmitted, with an anonymized IP address, to a Google server and stored there. The IP anonymization function in Analytics sets the last octet of type IPv4 user IP addresses and the last 80 bits of IPv6 addresses in memory, to zero. Thus, the user’s exact IP address is not stored by Analytics. Google uses this information to evaluate your usage of the app in order to produce activity reports for the app operators. Google may also transmit this information to third parties. If the user installs the app and allows push notifications, he declares his agreement to the processing of the data collected about him by Google, by the ways and means described above, and for the purpose named above. This usage data forms the basis for statistical, anonymous evaluations and dashboards by Google.

The legal basis for embedding the Google Maps function is your voluntarily given consent according to Art. 6 para. 1 S. 1 lit. a GDPR. You can revoke this consent at any time by deinstalling the app. Although the app can no longer be used in the case of a revocation, our other contact channels such as telephone, email, fax, or postal address (see masthead) remain available, or you can visit us in person.

 

c) Facebook Pixel

We also use the Facebook Pixel analysis tool in our app in extended data matching mode, in order to be able to establish the effectiveness of our advertising. 

This is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Facebook”).

If you click on one of our advertisements which is shown on Facebook, a first party cookie for our app is activated which writes a URL addition into your browser and collects specific user data, for example, the contact information that you enter when using the contact form on our Facebook-connected website (extended data matching). The cookie is read by Facebook Pixel and enables data to be forwarded to Facebook. The information generated by Facebook is generally transferred to a Facebook server and stored there, thus it can also be transmitted to a Facebook Inc. Server in the USA. The use of Facebook Pixel is on the basis of your express, prior consent. You can revoke this consent at any time by deinstalling the app. Although the app can no longer be used in the case of a revocation, our other contact channels such as telephone, email, fax, or postal address (see masthead) remain available, or you can visit us in person.

The provider Facebook Ireland Limited. (“Facebook”), 4 Grand Canal Square, Dublin 2, Ireland, also makes summarized statistical data available to us as page administrators, which gives us information about how site users interact on our site (so-called page-insights). More detailed information about this can be found over the following link: https://www.facebook.com/legal/terms/information_about_page_insights_data

For the purpose and extent of the data processing by Facebook and your rights in this respect and using settings options to protect your privacy, please see Facebook’s data protection notice (https://www.facebook.com/about/privacy/).

The legal basis for embedding the Facebook Pixel analysis tool is your voluntarily given consent, in accordance with Art. 6 para. 1 S. 1 lit. a GDPR.