1. Personal data
Personal data is, for example, the name, address, date of birth, telephone number and email address.
Anonymous or anonymised data, by contrast, does not constitute personal data. It is not subject to the scope of data protection regulations. The Company tries to process data in an anonymised form wherever possible. This is carried out, for example, by the acquired data not being collected with your name but under a pseudonym, so that it is not possible to trace it back to a specific or identifiable person.
2. Determining and collecting personal data
The Company does not collect and gather personal data without a reason. In fact, personal data is collected in order to
- make this website as user friendly as possible for you,
- process information requests or complaints quickly,
- respond to service and product enquiries,
- provide information, marketing or newsletter content that is relevant to you,
- allow you to navigate this website,
- handle your job application,
- process orders and
- conduct statistical surveys on the usage of this Website.
The Company collects the personal data used to do this in a variety of ways. Personal data is collected when you notify of the specific personal data directly as part of data acquisition (e.g. form when you register, a product enquiry or subscribe to the newsletter). But personal data is also collected by ‘cookies’ when you navigate onto or through this website. Such data includes the IP address, the type of browser you are using, the language, the login times, the end device used, the data volumes transmitted, the navigation history, and the referrer.
3. Use of personal data
The Company always only uses personal data solely within the scope and on the basis of the applicable data protection regulations, such as the General Data Protection Regulation (EU) 2016/679, Austria’s Data Protection Amendment Act (DSG 2018) and the Telecommunications Act (TKG 2003), in particular.
The Company only uses personal data if this is covered by the Company’s legal authority in terms of content and purpose of data usage and if your interests requiring protection are not breached. The Company’s legal authority arises on the basis of the granted business licence and the articles of association.
If consent is required, the Company will invite you to give such consent directly when this personal data is collected. The Company will explain to you in advance what types of data are used and for what purposes. Should usage also include transmission to third parties, you will also be informed about the recipients and purpose of the transmission. You will further be advised, once again, about your right to withdraw consent at any time.
The Company also safeguards your interests in secrecy requiring protection in that the Company’s or a third party’s overriding, legitimate interests require the use of your personal data. Your interests in protecting the particular personal data and the interests of the Company or of a third party in using this data will be considered. The interests of the Company or a third party predominate, in particular, if data is required to fulfil a contractual obligation between the Company and you or to assert, exercise or defend the Company’s legal claims.
If the Company has an overriding, legitimate interest in using the data, your personal data will only be used to the extent required to fulfil this particular purpose. For example, personal data that is required to implement the contract will not be used for marketing purposes.
4. Special data collection and use
The Company collects and uses personal data on the website on the following occasions:
- When you sign up to the online shop: If you sign up to the online shop, the following data is collected: First name, second name, company, street, house number, post code, town, country, tax ID number, email address, telephone number. The data is used to give you access to the online shop and, in the event of orders, to process the order. This data is taken into the Company’s ERP system to this end.
- Contact form: We collect the following data for the contact form: Title, first name, surname, email address, telephone number and the information about whether you want to be included on the newsletter’s distribution list. This information is saved on our CRM system and used to be able to process your enquiry or your contact requests.
- Newsletter: There is also an option for ordering the newsletter as part of the contact requests. The following data is collected here: Title, first name, surname, email address, and the information whether you want to be included on the newsletter’s distribution list. This information is saved on our CRM system and used to send you our newsletter.
- Application to a job advertisement or speculative application: The following data is collected when you apply for a position with the Company using the online application form: The position sought (job title), title, name, street, house number, post code, town, your email address, your telephone number, your date of birth, your CV and your school and work references, as well as personal skills to qualify for the position. This data is used to process your application and to contact you on this matter. Should this result in employment, the data will be taken into Company’s personnel records and subsequently used for personnel administration.
The Company also collects personal data using ‘cookies’ (see below). If personal data is entered during one of the aforesaid occasions across more than one webpage, it is cached by a session cookie, so it can be used again when you next visit the webpage.
5. Sharing/transmitting data
Data transmission is forwarding personal data to third parties, who in turn use this data for their own purposes or even use the data for another field of activity within the Company. Data sharing is forwarding personal data to third parties, who use this data on the Company’s behalf for the Company’s purposes.
All personal data is collected, processed and used in accordance with the respective requirements to protect personal data, first and foremost, for the purpose of the services commissioned by you and to process your enquiries.
The Company will never sell, lease or rent out personal data. Your personal data will only be provided to third parties, if and insofar as this is necessary to implement the contract and for information, marketing and newsletter services.
Your data will only be stored in a personalised form, insofar as is necessary for the purposes for which it is processed, and until the end of any guarantee, warranty, limitation and statutory retention periods unless otherwise stipulated in these data protection requirements.
As part of operating our website(s), we commission software service providers and agencies, which may have access to your personal data during the course of their activities. They are obliged in respect to us to adhere to the applicable data protection regulations. Generally, if we have appointed an external service provider to process the data, such service provider will also be obliged to adhere to data protection.
6. Cookies and analysis services
Cookies are tiny text files, which the website operator caches on a storage medium of the end device used by the website user (PC, notebook, tablet and smartphone etc.) using the browser. This information is accessed again during subsequent visits to the website and allows the website to recognise the end device. Both personal and non-personal data can be saved in cookies. User profiles can also be created by setting cookies.
Cookies are used by the Company to organise usage of the website in a more user friendly way, to continually improve performance of the website for you and to learn more about usage of the website. However, this website can also be viewed without cookies. It is possible for all Internet browsers to be set to determine if and what cookies are cached by your browser. The default setting for most browsers accepts all cookies. Adjust the browser settings accordingly should you not want this. To do this, access your browser’s help page and check your browser’s cookie settings.
Our websites use functions of the website analysis service Google Analytics and Matomo (Piwik). The provider for Google Analytics is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Provider for Matomo (Piwik) is InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand. For this purpose, Cookies are also used that enable usage of the website by your users to be analysed. The information generated as a result is transferred to the provider’s server and stored there.
7. Data protection measures
The Company has taken suitable technical and organisational precautions to guarantee that your personal data is protected. Therefore, any unauthorised access, collection, usage, publication, duplication, modification or deletion of the personal data should be prevented. This data is stored on protected servers within Austria for this purpose. Technical data protection measures employed include mandatory passwords, logging, access controls, firewall and anti-virus programs. The organisational data protection measures include the principle of dual control, the restriction of data access for selected employees, random checks, confidentiality agreements and contractual letters of commitment.
8. Rights of data subjects
The Company naturally grants you a right to access, a right to rectify or erase and a right to object to your personal data being used.
The data subject is entitled, at all times, to demand confirmation whether personal data relating to them is being processed, and if necessary, obtain corresponding information about this personal data from the data controller.
The data subject has the right to have personal data relating to them rectified (completed), deleted or to restrict processing, and to object to this. This also applies to the data subject’s automated data processing of personal data. The data subject also has the right to object to the direct marketing of their personal data. Consent to process your data as part of sending out the newsletter may be withdrawn at any time. The Company will not carry out profiling (evaluation).
The data subject is urged to notify any changes to their personal data.
Any duty by the Company to provide information and duty of disclosure under data protection law is restricted, particularly, by an obligation to secrecy.
As far as possible and provided this does not entail disproportionate expense, the controller will inform any recipients of personal data, which has been rectified, erased or whose processing has been restricted. They will be informed about these recipients if the data subject requires.
The data subject is entitled to receive personal data relating to them and provided to the controller in a structured, current and machine-readable format, and to transfer this data to another controller. When exercising the right to have their data transferred, the data subject may arrange for personal data to be transferred directly from one controller to another controller, provided this is technically feasible.
If the Company uses your data on the basis of your consent, you also have the right to withdraw this consent at all times. Following withdrawal of consent, the Company shall cease using the personal data relating to the data subject immediately, provided the data is being used solely on the basis of your consent. The Company may continue to use the personal data relating to the data subject if it is previously anonymised in such a way that it is impossible for it to be assigned to a specific individual.
In the event that the protection of personal data is breached (“data breach”), which is likely to entail a high risk to personal rights and freedoms of natural persons, the controller will send a notification to the data subjects and/or data protection authority.
All rights are to be claimed from the Company in writing (see below for contact details). To prevent misuse, the data subject must provide evidence of their identity in a suitable form. Each data subject often has the unrestricted right to information. The Company provides information once a year free of charge and any outlay above and beyond this will be billed based on the information issued.
The data subject may obtain information at any time to exercise their rights with respect to processing at the controller.
There is generally an option to lodge a complaint with the supervisory authority.
9. Contact details
We will update these guidelines for the protection of your personal data from time to time. You should view these guidelines from time to time to remain up to date about how we protect your data and continuously improve the content of our website. Should we make any significant changes to how we collect, use and/or forward the personal data you provide to us, you will be made aware of this by means of a clear and visible reference on the website. By using the website you are stating your agreement to the terms of these guidelines for protecting personal data.
Wilhelm Schwarzmüller GmbH
Hanzing 11, 4785 Freinberg,
Managing Director: Roland Hartwig, Georg Preschern
Tel.: +43 (0)7713 8000
Fax: +43 (0)7713 800 297
Date: May 2018
A) Data processing by means of provision of information by the user
You may contact us via the app in a contact form. This involves sending the following personal data to us: IP, time, operating system, name, e-mail, phone number, free text. These data are transferred to us by the app via our mail sever and are then stored permanently for further communications. Once our service employees retrieve the e-mails, their content is therefore also retrieved by the employee computers and is stored permanently in order to reply to your query.
The legal basis for this is:
- Point (f) of Art. 6(1) GDPR
B) Social media & external content
Social media links
We integrate links to the social media profiles of the providers of Instagram, YouTube and Facebook. These links do not contain any explicit user-specific data but only the respective profile links of the provider. By clicking on the link, you leave the app and are transferred to the respective social media platform using your smartphone browser.
Map data of Google Maps is integrated into the app via the Google Maps API for the purpose of showing the maps in the menu item “Search Workshop”. After clicking on “Search Workshop”, you may select whether you want to directly enter a specific location or perform an automated location search based on your current location. In both options, personal data of your smartphone such as time, operating system and your current IP address are transmitted to Google to show you an appropriate section of the map.
With automated location sharing, your current location is sent to Google and is processed automatically there. The following data are processed by Google for the purpose of determining your location: Your IP address, your GPS co-ordinates, you mobile communications network, your wi-fi network.
The Firebase service provided by Google and Google Analytics for Firebase is used for push notifications. The information generated about the use of the app is sent to a Google server after the IP address was anonymised and will be saved on that server. The function for IP anonymisation in Analytics turns the last eight-bit byte of user IP addresses of the IPv4 type and the last 80 bits of IPv6 addresses in the memory into zeros. Thus, the exact IP address of the user is not stored for Analytics. Google will use this information to evaluate your use of the app in order to prepare reports on activities for the app operators. Google may also transfer this information to third parties. If the user installs the app and allows push notifications, they consent to the processing of the data collected about them by Google in the way and for the purpose indicated above. These user data are the basis for statistical, anonymous evaluations and dashboards prepared by Google.
Since Google is a US company, your personal data may therefore be transferred to the USA under certain circumstances. We do not have any influence on the routing of your personal data. Google LLC is certified within the scope of the agreement between the EU and the US (EU-US Privacy Shield): https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI
The legal basis for this are:
- Point (f) of Art. 6(1) GDPR
- Point (e) of Art. 13(1) GDPR
- Point (f) of Art. 13(1) GDPR