STATEMENT ON INFORMATION REQUIRED BY THE EU GENERAL DATA PROTECTION REGULATION AND THE AUSTRIAN PRIVACY POLICY AMENDMENT ACT OF 2018.

In the Hammer Group, we have always been committed to the protection of your personal data. We have made substantial investments for many years to ensure that our organisational measures always reflect state-of-the-art IT technology.

Die The following statements are based on current privacy policy regulations and were prepared for the users of our website according to our best judgment.

This subject matter was still considered highly complex and ambiguous, even by legal experts, on the date we published this information, i.e. on 22 May 2018, as an area of conflicting priorities between EU and national law. The legislators were apparently unable to create easily understandable rules which permit reasonable application by the business sector.

The basis for these regulations is formed by the EU-GDPR (an EU regulation which was adopted directly into Austrian law by “bypassing“ the elected Austrian Parliament) and by the Data Protection Amendment Act which was passed by the Austrian Parliament in May 2018. The EU regulation includes various “flexibility clauses“, which allow the member states to individually regulate certain aspects of data protection through national law. We can currently not assess the extent of the differences between the EU-GDPR and national regulations or the extent to which national regulations are covered by the EU-GDPR. In case of doubt, we consider the regulations passed by the Austrian Parliament to take precedence.

These regulations took effect on 25 May 2018.

The following sections are intended only to summarise current legal requirements, unless indicated otherwise. Although they were prepared with the greatest care, these summaries can be incorrect and cannot replace an analysis of the original legal regulations.

 

1. DATA ON THE CONTROLLER

Hammer & Partner Industries GmbH

Head Office:
Kolbegasse 69
, A–1230 Wien

Office Oberwart:
Röntgengasse 28, A-7400 Oberwart

Telephone: +43 664 887 375 80
email: thomas.hammer(at)hammer-partner.at
Internet: www.hammer-industries.at

Managing Director: Thomas Hammer

Commercial Court of Vienna
FN 384516s
VAT ID-No.: ATU68463548

 

2. WEBSITE AND NEWSLETTER

2.1. Consent

By using this website and/or subscribing to a newsletter, you hereby consent to the storage and use of your data as indicated in this statement. Any changes in this data protection statement will be made directly on this page, and you will therefore always exactly know what data is stored and used by Hammer Industries.

2.2. Use of data and limitation of purpose

We collect information for the following purpose:

2.2.1. IP addresses

IP addresses are identified by the respective web server and used to diagnose problems, administer websites and collect demographic information. When you visit our website, we see the name of your domain but not your email address or other personal data. We only see your email address or other personal data when you provide this information directly by completing an online form or sending an email.

2.2.2. Cookies

Cookies are used to personalise content, to prevent repeated password entry and/or to adapt the information offering to the user’s behaviour.

2.2.3. Email addresses

When you provide us with your email address, we will communicate with you directly via email. We will not transmit your email address to any third party outside our corporate group. You can withdraw your consent at any time if you do not want to receive further emails from us. Sending an email to our company could also result in the transmission of personal data, depending on the settings in your email programme. We will, of course, also treat this data confidentially.

2.3. Links to other websites

Our website also includes links to other third-party websites. We are not responsible for the data protection measures or the content of other websites.

2.4. Newsletter and opt-out

You may receive newsletters with information on up-to-date topics from us via email at regular intervals, if you have previously subscribed to these mailings free of charge. If you do not want us to send you further information or newsletters via email, you can withdraw your previously granted consent at any time. Simply send an email to office@hammer-partner.at and we will remove your name from our mailing list.

2.5. Use of Google Analytics

This website currently uses Google Analytics, a web analysis service operated by Google Inc. (“Google“). Google Analytics uses cookies. The information generated by these cookies on your use of the website (including your IP address) is – based on our current state of knowledge – most likely transferred to and stored in a Google server in the USA. Google probably uses this information to evaluate your use of the website, to compile reports on advertising activity for the website operator and to provide other one-sided services related to the use of the website. Google possibly transfers this information to third parties if this is required by law or if the third parties process this data on behalf of Google. Google maintains, as far as we can determine from their user policies, that they cannot link your IP address with other data. We cannot verify whether this is true. Google maintains that you can prevent the installation of cookies through a setting in your browser software. By using our website, you agree to the processing of your personal data collected by Google in the above-mentioned manner and for the above-mentioned purposes.

2.6. Use of Google AdWords and Remarketing

This website currently uses Google AdWords for advertising purposes. Google AdWords analyses our website in order to present online advertisements to our website visitors via remarketing campaigns in Google’s advertising network at a later time. Similar to Google, third party-providers also use cookies obtained from visits to this website for their remarketing activities. You can deactivate the use of cookies by Google with the appropriate setting under this link: www.google.com/ads/preferences.

 

3. PRIVACY POLICY – GENERAL

We store data to acquire and fulfil contracts and orders and to provide support for our clients. In addition, we store data to meet legal requirements.

3.1. Personal data and processing

When we contact you – or when you contact us – we almost certainly store a wide range of personal data, for example (this listing is not complete) your name, your company’s name, address, telephone numbers, email addresses, VAT ID number, company registry number, branch classification, contact persons and for SEPA direct debit transactions: bank data, correspondence, contact origin, etc. If a business relationship does not develop, your data will be stored for advertising purposes – but only if we have obtained your consent. When you subscribe to a newsletter over this website or via email, you automatically consent to the storage of the data you have provided. You are entitled to require the deletion of your stored data at any time unless this is prevented by legal regulations.

3.2. Data transfer to third parties

Your data will only be transmitted to third parties (e.g. banks, legal representatives in business transactions, chartered accountants, courts of law as required, administrative authorities as required, involved contract and business partners, providers (IT services), insurance firms as required and contract data processors) when this is necessary for the fulfilment of a contract or when legal regulations require this storage. In this connection, we refer to the statutory storage obligations for business records.

3.3. Confidentiality

We are committed to handling your data confidentially.

3.4. Contract data processing agreement

We conclude contract data processing agreements with service providers or customers where appropriate.

 

4. PRIVACY POLICY INFORMATION – APPLICATIONS

When you apply for a position with our corporate group, we collect and store your data in order to process your application.

4.1. Collection and use of applicant data

In connection with your application (online, via email, mail or personally), we collect personal data like your name, address, date of birth and other data you have voluntarily provided. This data is only used for the application process and is only available to a limited group of persons.

4.2. Commencement of an employment relationship

If the application results in an employment relationship, the data stored in connection with the application process will be used for pre-contract measures (preparation of the employment contract).

4.3. Your data after the end of the application process

You will be informed of the status of your application after the end of the application process. If the outcome of your application is negative, your data will be kept on record and you will be informed of future job offers which reflect your application profile. You can also decide to have your data deleted after the end of the statutory storage period.

 

5. YOUR LEGAL RIGHTS

Your rights in connection with this legal material are defined in the 2nd Section of the Austrian Data Protection Amendment Act of 2018. A translation of this legal regulation is provided below, based on the version available as of 22 May 2018:

 

RIGHTS OF THE DATA SUBJECT

General principles

§ 42. (1)

The controller shall provide the data subject with all information and notifications related to processing the data subject as specified in §§ 43 to 45 in a concise, understandable and easily accessible form, using clear and plain language. This information shall be provided in suitable form and, in the event of a request, in the same form as the request, where possible.

(2) The controller shall facilitate the exercise of data subject rights as defined in §§ 43 to 45.

(3) The controller shall inform the data subject without delay and in writing of how his/her request was processed.

(4) The controller shall provide the data subject with information on the action taken on a request in accordance with §§ 44 bis 45 without undue delay and, in any event, within one month after receipt of the request. This period can be extended for a further two months when this is necessary to deal with the complexity and number of requests. The controller shall inform the data subject of any such extension within one month after receipt of the request, together with the reasons for the delay. Where the data subject makes the request by electronic means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject.

(5) Where the controller does not take action on the request of the data subject, the controller shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking judicial remedy.

(6) Information under § 43 and any communications and actions taken under §§ 44 and 45 shall be provided free of charge. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the controller may either
1. charge a reasonable fee, taking into account the administrative costs of providing the information or communication or taking the action requested; or
2. refuse to act on the request. The controller shall bear the burden of demonstrating the manifestly unfounded or excessive character of the request.

(7) The controller may request the provision of additional information necessary to confirm the identity of the natural person making the request under § 44 or § 45.

(8) In the cases covered by §§ 43 (4), 44 (3) and 45 (4), the data subject shall be entitled to request a review of the lawfulness of the restriction of his/her rights by the data protection authority. The controller shall inform the data subject of this right.

(9) If the right under Para. 8 is exercised, the data protection authority shall inform the data subject, as a minimum, that all necessary examinations or review were carried out by the data protection authority. The data protection authority shall also inform the data subject of his/her right to lodge a complaint with the Austrian Federal Administrative Court.

 

INFORMATION ON THE DATA SUBJECT

§ 43. (1)

The controller shall provide the data subject with the following information as a minimum:

1. The name and contact details of the controller
2. The contact details of the data protection officer where applicable
3. The purposes for which the personal data is processed
4. The right to lodge a complaint with the supervisory authority and the relevant contact details
5. The right to obtain information and to rectify or erase personal data and to restrict the processing of personal data on the data subject by the controller.
(“20 von 31 322/ME XXV. GP – Ministerialentwurf –
(including “322/ME XXV. GP – Ministerialentwurf – Gesetzestext 21 von 31“, www.parlament.gv.at 22 von 31 deren Verweigerung“).
www.parlament.gv.at“)

(2) In addition to the information specified under Para. 1, the controller shall provide the data subject with the following additional information in certain cases necessary to ensure the exercise of rights by the data subject:
1. The legal basis for the processing
2. The period for which the personal data will be stored or, if that is not possible, the criteria used to determine that period
3. The recipients or categories of recipients of the personal data, if any, as well as any recipients in third countries or international organisations
4. Additional information where necessary, in particular when the personal data is collected without the consent of the data subject.

(3) Where personal data relating to a data subject is collected, the data subject shall be provided with the information specified under Paras. 1 and 2 at the time of collection. In all other cases, Art. 14 (3) of the GDPR shall apply. Paras. 1 and 2 shall not apply when the data was not obtained from the data subject, but through the transfer of data from other areas of responsibility of the same controller or from applications by other controllers and this data processing is required by law.

(4) The provision of information to the data subject as defined in Para. 3 may be omitted, to the extent and as long as necessary and proportionate:
1. To ensure that the prevention, detection, investigation or prosecution of criminal acts or criminal penalties is not impaired, in particular through the obstruction of regulatory or judicial inquiries, investigations or proceedings,
2. To protect public security
3. To protect national security
4. To protect the constitutional institutions of the Republic of Austria
5. To protect military defences or
6. To protect the rights and freedoms of others.

 

RIGHT TO INFORMATION OF THE DATA SUBJECT

§ 44. (1)

Every data subject has the right to obtain confirmation from the controller as to whether or not personal data concerning him/her is being processed, and, where that is the case, to obtain access to the personal data and the following information:

1. The purposes of the processing
2. The categories of personal data concerned
3. The recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
4. Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
5. The existence of the right to request from the controller rectification or erasure of personal data or to restrict the processing of personal data concerning the data subject or to object to such processing,
6. The right to lodge a complaint with the data protection authority and the relevant contact details and
7. Information on the personal data undergoing processing as well as all available information on the origin of the data.

(2) The time periods specified in Art. 12 GDPR shall apply to the information described in Para. 1. The restriction of the right to information shall only be possible under the conditions specified in § 43 (4).

(3) Where the information requested under Para. 2 is not provided, the controller shall inform the data subject of the refusal or restriction of the information without delay in writing and explain the reasons. This requirement shall not apply where the provision of this information would contradict a purpose listed under § 43 (4). The controller shall inform the data subject of the possibility of lodging a complaint with the data protection authority.

(4) The controller shall document the reasons for the decision not to provide the information under Para. 2. This documentation shall be made available to the data protection authority.

(5) A data subject shall have the right to obtain access to his/her processed personal data to the extent he/she is entitled to receive information under the legal right of inspection.
The legal regulations governing the right of inspection shall apply to the procedures for inspection
(including “322/ME XXV. GP – Ministerialentwurf – Gesetzestext 21 von 31“, www.parlament.gv.at 22 von 31 deren Verweigerung“).
The components of information listed in Para. 1
which are not covered by the right of inspection can still be enforced under this federal law.

 

RIGHT TO RECTIFICATION OR ERASURE OF PERSONAL DATA AND TO THE RESTRICTION OF PROCESSING

§ 45. (1)

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purpose of the documentation, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement. The controller shall be responsible for confirming the data is correct to the extent the personal data was not obtained solely from the data subject.

(2) The controller shall erase personal data without delay on its own accord or at the request of the data subject when
1. The personal data is no longer required in relation to the purposes for which it was collected or otherwise processed,
2. The personal data was unlawfully processed or
3. The personal data must be erased for compliance with a legal obligation.

(3) The controller can, instead of erasing, restrict the processing of personal data when
1. The data subject contests the correctness of the personal data and the correctness or incorrectness cannot be determined, or
2. The personal data shall be stored for purposes of proof in connection with the execution of a task assigned by law.
In case of a restriction under point 1, the controller shall inform the data subject of the lifting of the restriction.

(4) The controller shall inform the data subject in writing of any refusal to rectify or erase personal data or any restriction on processing together with the reasons for the refusal. The controller shall also inform the data subject of the possibility to lodge a complain with the data protection authority.

(5) The controller shall inform the authority from which the incorrect personal data was obtained of the rectification of such data.

(6) In cases of rectification, erasure or restriction of processing under Paras. 1 to 3, the controller shall inform all recipients of the personal data of the data subject. The recipients shall be obliged to rectify, erase or restrict the processing of the personal data for which they are responsible.

(7) Art. 12 GDPR shall apply mutatis mutandis.