Protection of your personal data is of particular importance to EURODIMA GmbH & Co KG. With this privacy notice, we would like to inform you about the nature, extent and purpose of personal data processed by us and inform data subjects affected by the data processing about the rights to which they are entitled.
Your personal data will be protected as best as we can during collecting, processing, storing and visiting our website. The processing of personal data, such as the name, address, e-mail address or telephone number is solely based on the statutory provisions (GDPR, DSG, TKG 2003).
a) Personal data
Personal data (“pd”) means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
b) Data subject
Data subject is the person who provides their pd to the responsible person for the purpose of processing. The primary purpose of the GDPR is to protect the rights of data subjects.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller; Example: We process in the sense of capture pd of our customers (name, address, date of birth, etc.) as controller. In case we give this data to e.g. a printing company to create and send advertising folders to our customers, the print shop is our processor.
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
g) Third party
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
h) Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future;
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2. Name and address of the controller
The responsible person/controller within the meaning of the General Data Protection Regulation is:
EURODIMA GmbH & Co. KG , FN 446985g
Lagerstraße 6, 5071 Wals, Austria
T +43 662 42 42 48-0
F +43 662 42 42 48-27
3. Categories and recipients of pd
We process those pd that we receive from you as part of a business relationship. In addition, we process data that we have legitimately received from publicly available sources (eg commercial register, register of associations, Registry of Deeds, media).
The pd processed by us include among others:
Within EURODIMA GmbH & Co KG, those bodies or employees receive their data that they need to fulfill their contractual, statutory and regulatory obligations and to safeguard legitimate interests (“need-to-know-basis”). In addition, commissioned by us processors (especially IT and possibly back office service providers) receive your data, if they need them to fulfill their respective task. All processors (including computer administrators, internet and e-mail providers (technical infrastructure), newsletter tool providers, storage and data storage (possibly in the cloud or in a data center), comparison portals, CRM Systems, also for the purpose of legally compliant documentation) are contractually obliged to treat your data confidentially and to process it only in the context of the provision of services.
If there is a legal or supervisory obligation, public authorities and institutions (eg tax authorities, etc.) may also receive your personal data.
Recipients of personal data may also be suppliers, freight forwarders, or hauliers be comparable service customers themselves, if appropriate partners, affiliates, consultants, legal counsel, accountants, auditors, tax authorities and other authorities / ombudsman).
There is basically no transfer of your personal data to third countries, unless, contractors, customers, insurance or Bank (as affiliate of the customer) have in other EEA countries based and use standard contractual clauses or a service provider (eg Microsoft) has submitted to the Privacy Shield Agreement.
4. Purpose and legal basis of data processing
We process your personal data in accordance with the data protection regulations in order to:
– Fulfillment of contractual and / or legal obligations (Article 6 (1b), Art. 6 (1c) GDPR):
The purposed by business is governed by the data processing on the basis of the statutory provisions of § 96 (3) TKG and Art. 6 para. 1 lit. a (consent) and / or lit. b (necessary for performance of the contract) and lit c (legal obligation) of the GDPR.
The data provided by you is required to fulfill the contract or to carry out pre-contractual measures. Without this data, we can not conclude the contract with you or comply with legal obligations.
– in the context of your consent (Article 6 (1a) GDPR)
If you have given us consent to the processing of your personal data (e.g. for newsletter subscription), processing will only take place in accordance with the purposes stated in the consent declaration and to the extent agreed therein. Any consent given may be revoked at any time with future effect (for example, you may object to the processing of your personal information for marketing and promotional purposes in the future).
– for the protection of legitimate interests (Article 6 (1f) GDPR)
Should it be necessary to safeguard the legitimate interests of EURODIMA Gmbh & Co KG or a third party that your data will be processed beyond the fulfillment of the contract, data processing will take place in the following cases:
Consultation and data exchange with credit bureaus (eg Österreichischer Kreditschutzverband 1870) for the identification of credit risks and default risks
Examination and optimization of procedures for needs analysis and direct customer approach
Advertising or market and opinion research, as far as you have not objected to the use of your data according to Art. 21 GDPR
Measures for business management and further development of services and products
Measures to protect employees, customers and the property of the company
The data subject may, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programs. This is possible in all popular Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be entirely usable.
6. Collection of general data and information on the website
The website of the EURODIMA GmbH & Co KG collects a series of general data and information when a data subject or automated system calls up the website. This general data and information are stored in the server log files. Collected may be (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites, (5) the date and time of access to the Internet site, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) any other similar data and information that may be used in the event of attacks on our information technology systems.
When using these general data and information, the EURODIMA GmbH & Co KG does not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website as well as its advertisement, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. Therefore, the EURODIMA Gmbh & Co KG analyzes anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
7. Subscription to our newsletter
We inform our customers and business partners at regular intervals by means of a newsletter about offers of the company. The newsletter of our company can only be received by the person concerned if
(1) the data subject has a valid e-mail address and
(2) the data subject has registered for sending out the newsletter or
(3) there is an active customer relationship with the person concerned.
A confirmation e-mail will be sent to the e-mail address entered by an affected person for the first time for the newsletter dispatch in the double-opt-in procedure. This confirmation email is used to check whether the owner of the e-mail address as the person concerned authorized the receipt of the newsletter.
When subscribing to the newsletter, we also store the IP address of the computer system used by the person concerned at the time of registration, as well as the date and time of registration, as assigned by the Internet Service Provider (ISP). The collection of this data is necessary in order to understand the (possible) misuse of an affected person’s e-mail address at a later date and therefore serves as legal safeguards for the controller.
The personal data collected in the context of registering for the newsletter will be used exclusively to send our newsletter. Subscribers to the newsletter may also be notified by e-mail if this is necessary for the operation of the newsletter service or registration, as might be the case in the event of changes to the newsletter or technical changes. The subscription of our newsletter and thus the consent to the processing pd can be revoked at any time by the data subject. For the purpose of revoking the consent, there is a corresponding link in each newsletter. It is also possible to unsubscribe from the newsletter at any time on our website or to inform the controller in a different way (by letter or e-mail).
8. Storage duration; routine deletion or blocking of pd
EURODIMA GmbH & Co KG processes pd of the data subject as far as necessary for the duration of the entire business transaction (from initiation, fulfillment to termination / performance of a contract) as well as in accordance with the statutory retention and documentation obligations arising, for example, from the Austrian Commercial Code (UGB ) or the Federal Tax Code (BAO) or as long as limitation periods of potential legal claims have not yet been expired. – So your pd will be stored e.g. 7 years after the end of the financial year in which the data was collected (§ 132 BAO) and in addition kept to the assertion or defense of claims (including tax issues); furthermore 3 years after the last contact with newsletter / advertising measures.
9. Rights of the data subject
a) right to information
Any person affected by the processing of personal data has the right to obtain information from the controller at any time as to whether the pd concerned is being processed. Furthermore, there is the right to obtain free information about the pd stored on his person and a copy of this information.
b) right to rectification
Every person affected by the processing pd has the right to demand the immediate correction of any incorrect pd concerning them. Furthermore, the data subject has the right, subject to the purposes of the processing, to demand the completion of incomplete pd, also by means of a supplementary declaration.
c) right to cancellation (right to be forgotten)
Any person affected by the pd processing has the right to require the controller to immediately delete the pd pertaining to it, if one of the following reasons applies and if processing is not (further) required:
The pd were collected for such purposes or otherwise processed, for which they are no longer necessary.
The data subject revokes their consent, on which the processing was based in accordance with Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR, and there is no other legal basis for processing.
According to Art. 21 (1) GDPR, the data subject submits an objection to the processing and there are no legitimate reasons for the processing, or the person concerned objects to the processing pursuant to Art. 21 (2) GDPR.
The pd were processed unlawfully.
The deletion of the pd is necessary to fulfill a legal obligation under the European Union law or the law of the member states, to which the person responsible is subject.
The pd were collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.
d) right to restriction of processing
Any person affected by the pd processing has the right to require the controller to restrict processing if any of the following conditions apply:
The accuracy of the pd is denied by the data subject, and for a period of time that allows the person responsible to verify the accuracy of the pd.
The processing is unlawful, the data subject refuses to delete the pd and instead requires the restriction of the use of pd.
The person responsible no longer needs the pd for processing purposes, but the data subject needs them to assert, exercise or defend legal claims.
The person concerned has objection to the processing acc. Art. 21 para. 1 DSGVO and it is not yet clear whether the legitimate reasons of the person responsible outweigh those of the data subject.
e) Data transferability
Each person affected by the pd processing has the right to receive the pd pertaining to it, which has been provided by the data subject to a responsible person, in a structured, common and machine-readable format. It also has the right to transfer this data to another person in charge without hindrance by the person responsible to whom the pd was provided, provided that the processing is based on the consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) lit. a GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task in the public interest or in the exercise of official authority which was transferred to the person responsible.
Furthermore, in exercising their right to data portability under Article 20 (1) of the GDPR, the data subject has the right to obtain that data subjects are transmitted directly from one data controller to another, insofar as this is technically feasible and if this is not the case Rights and freedoms of others are impaired.
f) Right to object
Every person affected by the processing pd has the right to object at any time for reasons arising from its particular situation against the processing of pd pertaining to it, which occurs on the basis of Article 6 (1) lit e or f GDPR. This also applies to profiling based on these provisions. EURODIMA GmbH & Co KG will no longer process the pd in the event of an objection, unless we can prove that there are compelling legitimate reasons for processing that outweigh the interests, rights and freedoms of the data subject, or the processing is for assertion, exercise or defense of legal claims.
If EURODIMA GmbH & Co KG processes pd in order to operate direct marketing then the data subject has the right to appeal at any time against the processing of the pd for the purpose of such advertising. This also applies to the profiling, as far as it is associated with such direct mail. If the data subject objects to EURODIMA GmbH & Co KG for the purpose of direct marketing, EURODIMA GmbH & Co KG will no longer process the pd for these purposes.
In addition, the data subject has the right, for reasons arising from his or her particular situation, against processing pd, or at EURODIMA GmbH & Co KG for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) DSGVO objection, unless such processing is necessary to fulfill a public interest task.
g) Automated decisions on a case-by-case basis, including profiling
Any person concerned by the processing of personal data shall have the right not to be subject to a decision based solely on automated processing, including profiling, which has a legal effect or similarly appreciably affects it, unless Decision (1) does (2) is permissible under Union or Member State legislation to which the controller is subject, and where such legislation provides for appropriate measures to safeguard the rights and freedoms, and the legitimate interests of the data subject or (3) with the express consent of the data subject.
If the decision (1) is required for the conclusion or performance of a contract between the data subject and the controller or (2) it takes place with the express consent of the data subject, EURODIMA GmbH & Co KG shall take appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject, including at least the right to obtain the intervention of a person by the controller, to express his / her own position and to contest the decision.
We currently do not use automated decision-making according to Art. 22 DSGVO.
h) Right to revoke a data protection consent
Any person affected by the processing of personal data has the right, granted by the European directive and regulatory authority, to revoke consent to the processing of personal data at any time.
If the data subject wishes to assert their right to withdraw consent, they can contact our data protection officer or another member of the data controller at any time.
Note: If you believe that the processing of your data violates data protection law or your data protection claims have otherwise been violated in any way, you can contact the Austrian Data Protection Authority (DSB), Wickenburggasse 8-10, 1080 Vienna.
10. Legal or contractual provisions for the provision of personal data; Necessity for the conclusion of the contract; Obligation of the data subject to provide the personal data; possible consequences of non-provision
As explained in point 4 above, the provision of personal data is partly required by law (such as tax regulations) or arises from legal and contractual requirements (such as details of the contractor). For the conclusion of the contract and the fulfillment of the contract, it is therefore necessary that pd be made available to us, which are subsequently processed by us. If you do not provide us with this data, we will generally have to refuse to conclude the contract or to execute the order or to be unable to carry out an existing contract and therefore not justify or terminate the business relationship. It is not necessary to give consent for data processing with regard to the fulfillment of relevant or legally and / or legally required data processing.
We have implemented organizational and technical safeguards that we continually evaluate and adapt as necessary to protect your personal information that we store and process.
12. Contact Details
For further information please contact us at EURODIMA GmbH & Co KG, Lagerstraße 6, 5071 Wals or firstname.lastname@example.org.