Compliance
Transparency and openness are very important to us. Please use our whistleblower system to report suspicious circumstances. - The Board
Data Protection Policy
In this Policy, please find information on the personal data we collect, what we do with it and who to contact with any concerns you may have. Firstly, the protection of your personal data is of particular concern to us. We treat your data confidentially and process your data exclusively based on statutory provisions (GDPR, Austrian Data Protection Act [Datenschutzgesetz, DSG], Austrian Telecommunications Services Act [Telekommunikationsgesetz, TKG]).
1. Who is responsible for data processing and whom can you contact?
We are HAUSER GmbH (hereinafter: “HAUSER”) with our head office in Linz. The HAUSER Group operates from the following locations and sales offices: locations/sales offices. If you have any questions about this Data Protection Policy, wish to make use of your data protection rights or have any other concerns relating to data protection, please write to the following address:
HAUSER GmbH
Am Hartmayrgut 4-6
A-4040 Linz | Austria
datenschutz@hauser.com
2. What data do we process, for what purpose and on what legal basis?
2.1 Customer and supplier master data management, including contract drafting
We process the following personal data of employees of our (potential) customers and suppliers to manage customer and supplier master data, including for the preparation of offers and drafting of contracts for customers:
- First and last name, academic titles
- Business contact details (office telephone number, business address, business email address)
- Company affiliation/employer as well as position in the company
- Status as a contact person for deliveries or services or for specific offers
- In the case of sole proprietorships, further company-specific data are also required, such as the VAT number, bank details, turnover, contract data and offers placed or received.
We process the above personal data based on a legitimate interest (Article 6(1)(f) GDPR), more particularly for preparing contracts and expanding the company's activities, for acquiring new customers or suppliers and projects or for consolidating existing customer or supplier relationships.
In the event of a cooperation with other HAUSER Group companies or a prospective contract with another HAUSER Group company, the above-mentioned personal data will be transmitted to the HAUSER Group company concerned based on the legitimate interest.
2.2 Contract fulfilment and ongoing customer or supplier support
We process the following data of customers and suppliers and/or of their employees for the processing of existing contracts and for the ongoing support of customers or relationships with suppliers:
- First and last name, academic titles
- Business contact details (office telephone number, business address, business email address)
- Company affiliation/employer as well as position in the company
- Status as contact person for deliveries or services or for specific offers
- Correspondence exchanged in connection with contracts or projects
- In the case of sole proprietorships, further company-specific data are required as well, such as the VAT number, bank details, turnover, contract data and offers placed or received.
We process the above personal data to prepare contracts and to perform contracts in accordance with Article 6(1)(b) GDPR.
To the extent necessary for this purpose, we transmit the above personal data based on our legitimate interest to the following recipients:
- Courts of law, administrative authorities, corporations under public law
- Insurers
- Cooperation partners
- Legal representatives
- Recipients communicated to us by our customers or suppliers
- Banks
In view of the statutory retention obligations pursuant to the Austrian Federal Tax Code [Bundesabgabenordnung (BAO)] and the Austrian Company Code [Unternehmensgesetzbuch (UGB)], we store the above personal data in accordance with Article 6(1)(c) GDPR for seven (7) years calculated as of the end of the year in which the respective contract was performed or in which the respective transaction took place. If necessary, this period may also be extended if the personal data concerned is necessary for judicial, administrative or tax-related proceedings; in this case, the data will be stored or processed until the proceedings concerned have been resolved with final and binding effect.
2.3 Recruitment management
We process the following personal data for processing job applications, including for apprenticeships, for conducting recruitment proceedings, including for shortlisting candidates, to bring about HR decisions and, if necessary, to maintain the records of applicants:
- Master data (first and last name, academic degree, date of birth and, if applicable, nationality)
- Contact details (address, telephone number, email address)
- Educational details (data on school, university and other education or training)
- Work experience/professional qualification (information on previous employers and positions)
- Recruitment documents (CV, letter of motivation, submitted certificates)
- Qualifications and language skills
In principle, your job application and related information should not contain any special categories of personal data (e.g. data on ethnicity, religious or philosophical beliefs, political opinions, trade union membership, health data, biometric data, genetic data or data on your sex life or sexual orientation, referred to collectively as ‘sensitive data’). If your application contains sensitive data, we will not process the data during the recruitment process unless it is relevant, e.g. in connection with hiring people with disabilities, and the data will not be used as a basis for the recruitment decision; we will merely store the data together with the other recruitment records.
If your application is of interest to other HAUSER Group companies, we will forward it to those other HAUSER Group companies. We will not transmit your personal data to recipients outside the EU/EEA.
For this purpose, we process your personal data based on Article 6(1)(b) GDPR (preparation of a contract at your instigation) or in regard to other HAUSER Group companies based on a legitimate interest pursuant to Article 6(1)(f) GDPR, which consists in the recruitment by or on behalf of the company concerned. The storage of sensitive data contained in the application is based on Article 9(2)(e) GDPR.
If you consent to our storage of your data (Article 6(1)(a) GDPR), we will keep your application on file for future vacancies even if we reject your application.
If your application is successful, we will further process your application data as part of your HR file. In the event of a refusal, we will store your personal data for a period of 6 months or 12 months (for applicants with disabilities) from the date of our notification to you. If you consent to our keeping your data on record, we will process your personal data until you have revoked your consent.
2.4 Processing of enquiries via our contact form
To process enquiries submitted via the contact form on our website (www.hauser.com/en/contact), we process the following personal data to be able to respond to your enquiries, requests or complaints:
- First and last name (or given name)
- Email address
- Subject (General, Press & Marketing, Products & Services)
- The content of your message or request
- When you enter ‘General’ in the subject line, please also state the country of your establishment
- For the subject ‘Press & Marketing’, please also state the product you are interested in as well as the indicated address (generally a company address)
If an answer is required from a HAUSER Group company, your request will be forwarded to that company, or we will obtain the necessary information from them.
In this case, we will process your personal data based on a legitimate interest (Article 6(1)(f) GDPR), which consists in being able to respond to your enquiry, or in the case of a product or service-related enquiry, based on Article 6(1)(b) GDPR (preparation of a contract at the instigation of the data subject).
When processing enquiries, we process your personal data for as long as necessary to return a conclusive reply.
3. Changes of purpose
We will inform you separately before HAUSER processes your data for purposes other than those described in this Policy. In particular, we expressly reserve the right to provide specific data protection statements.
4. Who can we disclose your data to and from whom do we obtain them?
In addition to the particulars under point 2, you will find information about other potential recipients of personal data in this section.
Within the HAUSER Group, your data will be provided to the relevant positions, companies or employees to the extent that this data is required for the respective purpose and consistent with the respective legal basis on a ‘need-to-know’ basis. In addition, processors commissioned by us (e.g. IT service providers) will receive your data if they need the data to perform their respective tasks. All of our processors are contractually obliged to treat your data confidentially and to process the data only as part of the specific services that they are required to perform. If a transfer takes place in this connection to third countries that have a level of data protection that does not correspond to the level of data protection in the EU, standard contractual clauses (according to Article 46 (2) lit c GDPR) will be concluded with the respective recipients and additional security measures will be agreed.
For example, your personal data may be transferred to the following recipients:
4.1. Data transfer within the HAUSER Group
We may assign specific data processing tasks to specialist departments or companies within our group of companies. This occurs so HAUSER can manage your data centrally.
4.2. External service providers and commissioned data processing
Our external service providers and data processors include, in particular, IT service providers, service providers as part of the performance of contracts (service and assembly partners), contract management and claims processing, postal and messenger services, outsourced HR management, translation and advertising agencies.
4.3. Courts and public authorities
There are also statutory obligations that HAUSER can only fulfil if we transfer your personal data to authorities (e.g. to social security agencies, tax or law enforcement authorities) or courts to the necessary extent.
4.4. Other recipients
In the context of the contractual relationship and in particular in connection with our performance obligations, further transfers of your personal data may occur (e.g. to lawyers, special interest groups, auditors) depending on the circumstances of the individual case.
5. How long do we store and process your data?
We store your personal data for as long as it is necessary for the purpose concerned, for example for the duration of the entire contractual relationship (from preparing and processing a contract to its termination), as long as there is a legal basis or a legal obligation to process or store the data, for example to comply with statutory retention and documentation obligations and as long as the data is necessary for any pursuit or defence of legal interests and any related proceedings.
These obligations are based, amongst others, on the following laws: the Austrian Employees Act [Angestelltengesetz (AngG)], the Austrian Equal Treatment Act [Gleichbehandlungsgesetz (GlBG)], the Austrian Employee Liability Act [Dienstnehmerhaftpflichtgesetz (DHG)], the Austrian Company Code [Unternehmensgesetzbuch (UGB)], the Austrian Federal Tax Code [Bundesabgabenordnung (BAO)] and the Austrian Social Security Act [All. Sozialversicherungsgesetz (ASVG)].
In addition, these storage periods must take account of the statutory limitation periods in accordance with the Austrian General Civil Code [Allgemeines Gesetzbuch (ABGB)], which range between 3 and 30 years. Once the purposes of stated under point 2 have been fulfilled or achieved, your personal data will be deleted in accordance with the technical and organisational requirements, provided that no other statutory retention obligations apply, or relevant proceedings are pending before courts or authorities.
6. Cookies
Our website uses cookies. These are small text files that are stored on your end device with the help of your browser. They do not cause any harm. We use your cookies to make our website user-friendly. Some cookies remain stored on your device until you delete them. They enable us to recognise your browser on your next visit. If you do not want this to happen, you can configure your browser so that it informs you about the setting of cookies; this means that you can allow the setting of cookies case by case. Deactivating cookies may restrict the functionality of our website. If you want to withdraw or change your consent, please click on this **link** to open the Cookie Manager, where you can find out more about all cookies that are set on this website.
Technically necessary cookies, which are necessary, for example, for the functioning or security of the website, are processed based on Article 6(1)(f) GDPR. All cookies that are not technically necessary are processed based on your consent in accordance with Article 6(1)(a) GDPR in conjunction with Section § 165 Abs 3 TKG 2021 and are only stored on your end device with your consent.
7. Web analytics, monitoring and optimisation
Web analytics (also referred to as “reach measurement”) is used to evaluate the flow of visitors to our website and can include pseudonymised information about the behaviour, interests or demographics of website visitors, such as age or gender. With the help of reach analytics, we can, for example, recognise when our website or its features or content is being used most often or attracts users to return visits. It also helps us understand which areas are in need of optimisation.
In addition to web analytics, we can also use test procedures, for example, to test and optimise different versions of our website or its components.
For these purposes, user profiles can be created and stored in a file (“cookie”), or similar processes can be used for the same purpose. This information can include, for example, content viewed, pages visited, and elements and technical information used there, such as the browser used, the computer system used, as well as information on usage times. When users have consented to the collection of their location data, these can also be processed, depending on the provider.
The IP addresses of the users are also saved. However, we use an IP masking process (i.e., pseudonymisation by truncating the IP address) to protect users. In general, no clearly identifiable user data (such as email addresses or names) is saved in the context of web analytics, A/B testing and optimisation. Instead, this data is pseudonymised. This means that we and the providers of the software that we use are not aware of the actual identity of the users and only take note of the information stored in their profiles for the purposes of the respective procedures.
Information on legal bases: When we ask users for their consent to the use of third-party providers, the processing of data is legally based on consent. Otherwise, user data will be processed based on our legitimate interests (i.e. our interest in efficient, economic and recipient friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this Data Protection Policy.
Types of processed data: Usage data (e.g. visited web pages, content interest, access times), meta/communication data (e.g. device information, IP addresses).
Data subjects: Users (e.g. website visitors, users of online services).
Purposes of the data processing: Range measurement (e.g. access statistics, recognition of returning visitors), profiles with user-related information (creating user profiles).
Security measures: IP masking (IP address pseudonymisation).
Legal bases: Consent (Art. 6(1) sentence 1 lit. (a) GDPR), legitimate interests (Art. 6(1) sentence 1 lit. (f) GDPR).
Services and service providers used:
Google Analytics Range measurement and web analytics; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com/intl/de/about/analytics/; Privacy Policy: https://policies.google.com/privacy; Types of processing and processed data: https://privacy.google.com/businesses/adsservices; Data processing conditions for Google advertising products and standard contractual clauses for transfers of data to third countries: https://business.safety.google/adsprocessorterms.
Matomo: The information generated by the cookie about your use of this website is stored only on our server and is not passed on to third parties; Service provider: Web analytics/range measurement in self-hosting; Website: https://matomo.org/; Erasure of data: The cookies have a maximum storage period of 13 months.
8. Profiling
We do not use automated decision-making in accordance with Art. 22 GDPR (‘Profiling’). In the event that we introduce profiling, we will inform data subjects by separate notice about the procedure (logic).
9. What data protection rights do you have?
You have at any time:
- a right of access to your data and the right to rectification, erasure or restriction of the processing of your stored data
- the right to object to the processing
- the right to data portability pursuant to the requirements of data protection law
If the processing of personal data is based on your consent, you can revoke it at any time with effect for the future without stating reasons; until such time, we will process the data in accordance with the law.
Do you have questions about data protection at HAUSER? Would you like to assert your rights as a data subject, revoke your consent or file a complaint? In this case, please contact the address mentioned under point 1 or our data protection officer (datenschutz@hauser.com). In addition, you can lodge a complaint with the Austrian Data Protection Authority: Österreichische Datenschutzbehörde (Austrian Data Protection Authority), Barichgasse 40-42, 1030 Vienna.