Data Protection Policy and Provision of Information

Please find below information on the personal data we collect, what we do with this data and who to contact with any concerns you may have.
Firstly, for us the protection of your personal data is of particular concern. We treat your personal data confidentially and process your data exclusively on the basis of the statutory provisions (GDPR).

1. Who is responsible for data processing and who can you contact?
We are HAUSER GmbH (hereinafter "HAUSER") with head office in Linz. The HAUSER Group operates from the following locations and sales offices: Locations / Branches
If you have any questions about this Data Protection Policy, wish to make use of your data protection rights or have any other concern relating to data protection, please write to the following address:
HAUSER GmbH
Am Hartmayrgut 4-6
A-4040 Linz | Austria
datenschutz@hauser.com

2. What data are processed and which sources do these data come from?
We process any personal data that we receive from you as part of our business or contractual relations. In addition, we process data that we lawfully obtain from public sources (e.g. company register, media).
In principle, these are only your personal details (e.g. name, address, contact details).
We also process the following data when the situation demands it:
•    Order data
•    Advertising and sales data
•    Documentation data (e.g. meeting minutes)
•    Image and sound data (e.g telephone recordings)
•    Information from your electronic correspondence with HAUSER (e.g. cookies, e-mails, etc.)
•    Processing results generated by HAUSER itself
•    Data required to satisfy legal and regulatory requirements
•    Identity verification data (e.g. ID card data)
•    Employee data
 
3. What interest does HAUSER have in your data and for what reason and purpose can HAUSER process this data?
3.1. Contract fulfillment and execution of pre-contractual measures
We use your personal data in accordance with Art. 6 (1) (b) GDPR:
•    to process quotes and orders
•    to prepare contracts
•    to perform, fulfil, manage, interpret existing contracts
•    to provide ongoing support to customers and suppliers
•    to manage changes to master data and contract data
•    to process applications within the legally permitted timeframe
Contracts with HAUSER can only be concluded and fulfilled if we can process your personal data. If you do not give us the data we need, no contract can be concluded.

3.2. Your data can also be processed in the interests of HAUSER or a third party. Particularly in accordance with Art. 6 (1) (f) GDPR for:
•    the purpose of "compliance". Compliance means complying with legal and other requirements, such as income tax and national insurance contributions, recording/reporting obligations, audits, complying with review by the government/authorities, responding to legal processes, enforcing legal rights/remedies, defending legal disputes, handling internal complaints/claims and investigations and complying with strategies/procedures.
•    planning, conducting and documenting internal audits to ensure continuous improvement of our business processes and fulfilling our regulatory obligations.
•    ensuring IT security and IT operation, carrying out load tests, developing new and adapting existing products and systems, migrating data to ensure the compatibility and integrity of systems and in a broader sense also of the processed data. The personal data provided is predominantly used for tests in cases where this cannot be done at reasonable financial cost using anonymised data. End-to-end data security is ensured in accordance with Art. 32 GDPR.

3.3. Meeting legal obligations: HAUSER has legal obligations, e.g. provisions under tax or commercial laws. To ensure we can meet these, we process your personal data in accordance with Art. 6 (1) (c) GDPR exclusively to the extent required by the respective law.
 
3.4. Consent: We obtain your consent in accordance with Art. 6 (1) (a) GDPR insofar as none of the grounds for justification set out in points 3.1 to 3.3 apply. Any additional regulations (including the Telecommunications Act [Telekommunikationsgesetz]) will of course also be observed. HAUSER requires your voluntary consent, which you may revoke at any time, for the following purpose:
•    to store applicant data beyond the duration permitted by law.

3.5. Before HAUSER processes your data for purposes other than those set out in this document, we will inform you separately.

4. To whom do we forward your data and from whom do we receive your data?
Within the HAUSER Group your data is sent only to those departments and employees who require this to fulfil their contractual and legal obligations and to safeguard legitimate interests. Furthermore, we send your data only to processors appointed by us to the extent that these require your data to complete their tasks. All processors are contractually obliged to treat your data as confidential and only to process it within the scope of service provision.
Examples of departments that we send data to are:

4.1. Data transfer within the HAUSER group of companies
We may forward specific data processing tasks to specialist departments or companies within our group. This occurs so that HAUSER can manage your data centrally.

4.2. External service providers and processors
Our external service providers and processors include, in particular, IT service providers, service providers used to fulfil the contract (service and installation partners), contract management and claims processing, postal and courier services, outsourced HR administration, translation and advertising agencies.

4.3. Courts and authorities
HAUSER also has legal obligations that it can only fulfil if we send your personal data to authorities (such as social insurance agencies, financial authorities or law enforcement authorities) or courts to the extent required.

4.4. Other recipients
As part of our contractual relations and, in particular, in relation to our service obligation, we may be required, in some cases, to send your personal data to other parties (such as lawyers, representative associations, auditors).




5. How long will your data be stored and processed?
We store your personal data for the duration of our entire contractual relations (from set-up and processing, through to termination of a contract) and beyond in accordance with our legal obligations of retention and documentation. These obligations are based on the following laws, amongst others:
•    the Employees Act [Angestelltengesetz (AngG)]
•    the Equal Treatment Act [Gleichbehandlungsgesetz (GlBG)]
•    the Employee Liability Act [Dienstnehmerhaftpflichtgesetz (DHG)]
•    the Company Code [Unternehmensgesetzbuch (UGB)]
•    the Federal Tax Code [Bundesabgabenordnung (BAO)]
•    the General Social Security Act [Allg. Sozialversicherungsgesetz (ASVG)]

In addition, these storage periods must take account of the statutory limitation periods, in accordance with the General Civil Code [Allgemeines Bürgerliches Gesetzbuch (ABGB)], which in some cases can be up to 30 years (the general limitation period is 3 years).
Once the purpose stated under point 3 no longer exists, your personal data will be deleted, unless other legal retention obligations apply.

6. Cookies
Our website uses so-called cookies. These are small text files that are stored on your device using the browser. They do not cause any harm.
We use your cookies to make our offerings user-friendly. Some cookies are stored on your device until you delete them. They enable us to recognise your browser when you visit us again.
If you do not want this, you can set up your browser in such a way that it informs you about the setting of cookies, and allow it only in individual cases.
Disabling cookies may limit the functionality of our website.

7. Web analysis
This website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Use is subject to Art. 6 (1) (1) (f) GDPR. Google Analytics uses so-called "cookies", text files that are stored on your computer and that enable an analysis of your use of the website. The information generated by these cookies relates to your use of the website, such as
•    browser type/version,
•    operating system used,
•    referrer URL (the previously visited page),
•    host name of the accessing computer (IP address),
•    time of server request,
and is generally transferred to a Google server in the USA and stored there.
The IP address sent by your browser is not combined with any other data by Google when using Google Analytics. We have also added the "anonymizeIP" code to Google Analytics on this website. This guarantees that your IP address will be masked so that all data is collected anonymously. Only in exceptional cases will your full IP address be transferred to a Google server in the USA and abbreviated there.

On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to the website use and Internet usage to website operators. You can prevent the saving of cookies by setting your browser software accordingly; please be aware, however, that in this case you may not be able to fully use all the features of this website.

You can also prevent the data generated by the cookie about your use of the website (incl. your IP address) from being sent to Google and the processing of this data by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
Further information on data protection and Google Analytics can be found in the Google Analytics help section (https://support.google.com/analytics/answer/6004245?hl=de).

8. Profiling
We do not use any automated decision-making in accordance with Art. 22 GDPR to bring about a decision on the formation and implementation of business relations. In the event of profiling, the data subjects are informed separately of the procedure (logic).

9. What data protection rights do you have?
At all times you have:

•    the right of access, rectification, erasure or restriction of processing for your stored data
•    a right of objection to processing
•    a right to data portability in accordance with the requirements of data protection laws

In the event consent is given to process personal data, you can revoke this at any time with effect for the future without stating a reason; until such point we will process the data in accordance with the law.

Want to complain? In this case, you can write to the address given in point 1 or contact the data protection officer (datenschutz@hauser.com). In addition, you can complain to the Austrian Data Protection Authority: Österreichische Datenschutzbehörde, Wickenburggasse 8-10, 1080 Vienna.