Privacy policy

1. General Privacy Policy

This privacy policy explains how and to what extent we process personal data (hereinafter referred to as ‘data’) both in the context of our general business activities such as email correspondence, generally initiating and implementing business transactions, and within our online presence and the associated websites, functions and content, as well as our social media profiles (hereinafter referred to jointly as 'online services’).

1.1 Terminology used
‘Personal data’ is all information that relates to an identified or identifiable natural person (hereinafter referred to as the ‘data subject’). An identifiable natural person is a natural person who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of said natural person.

‘Processing’ refers to any operation or set of operations performed on personal data, whether or not by automated means. This is a broad term that covers virtually all handling of data.

The ‘controller’ is defined as the natural or legal person, public authority, agency or other body which alone or together with others makes decisions regarding the purpose and means of processing personal data.

Please see Art. 4 of the General Data Protection Regulation (GDPR) for further terminology.

1.2 Name and address of the controller
The controller, as defined by the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States together with any other data protection provisions, is

Getzner Textil Aktiengesellschaft (referred to as ‘we’ or ‘us’)
Bleichestraße 1
6700 Bludenz
Austria

T +43 5552 601-0
F +43 5552 65650
ZmFicmljc0BnZXR6bmVyLmF0
www.getzner.at

and affiliated companies of the controller:

• Herbert Kneitz GmbH, Bad Mitterndorf, Austria – www.kneitz.at
• TFE Textil GmbH, Bludenz, Austria – www.tfe.at
• WR Weberei Russikon AG, Russikon, Switzerland – www.weberei-russikon.ch
• Getzner Handel GmbH, Lustenau, Austria – www.getzner-boutique.at
• Getzner Textil Weberei GmbH, Gera, Germany – www.getzner.at
• E. Schoepf GmbH, Stammbach, Germany – www.e-schoepf.de

The data we collect is passed onto our subsidiaries and any sales partners only if this data processing is necessary for us to perform the business activity (purpose limitation).

1.3 Getzner Textil Group Data Protection Officer
The Getzner Textil Group Data Protection Officers and Coordinators are:

Getzner Textil AG Data Protection Coordinator
Bleichestraße 1
6700 Bludenz
Austria
T +43 5552 601-0
ZGF0ZW5zY2h1dHpAZ2V0em5lci5hdA==

Herbert Kneitz GmbH Data Protection Coordinator
Thörl 64
8983 Bad Mitterndorf
Austria
T +43 5552 601-0
ZGF0ZW5zY2h1dHpAZ2V0em5lci5hdA==

TFE Textil GmbH Data Protection Coordinator
Klarenbrunnstraße 59
6700 Bludenz
Austria
T +43 5552 601-0
ZGF0ZW5zY2h1dHpAZ2V0em5lci5hdA==

WR Weberei Russikon AG Data Protection Coordinator
Madetswilerstraße 29
8332 Russikon
Switzerland
T +43 5552 601-0
ZGF0ZW5zY2h1dHpAZ2V0em5lci5hdA==

Getzner Handel GmbH Data Protection Coordinator
Wiesenstraße 19
6890 Lustenau
Austria
T +43 5552 601-0
ZGF0ZW5zY2h1dHpAZ2V0em5lci5hdA==

Getzner Textil Weberei GmbH Data Protection Officer
Lange Straße 73
07551 Gera
Germany
T +49 351 4250280
c3RlZmZlbi5zdGllaGxlckBic3ctbWFpbC5kZQ==

E. Schoepf GmbH Data Protection Officer
Rathausstraße 18
95236 Stammbach
Germany
T +49 925680-0
ZGF0ZW5zY2h1dHpAZS1zY2hvZXBmLmRl

1.4 Details of the personally identifiable data we process
We collect the following information to allow us to perform our business activities:

• –  Inventory data (e.g. names, addresses)
• –  Contact details (e.g. email address, telephone numbers)
•   Application data of all types (e.g. photos, CVs, certificates)
• –  Content data (e.g. text entered, photographs, videos)
• –  Usage data (e.g. websites visited, interest in content, access times)
• –  Meta/communication data (e.g. device information, IP addresses)

You are not legally obliged to actually provide the data we ask you for. However, if you fail to do so, you will not be able to use all of the website's features.

1.5 Categories of data subjects
These include visitors to and users of the online services, prospective candidates, customers and suppliers. In the following, we also refer to these data subjects collectively as ‘users’.

1.6 Purpose of the processing/performance of the business activity

• – To provide, improve and further develop the website, its functions and its content
• – To respond to contact requests and to communicate with users
•  To initiate business
• – To process your job application (if you apply via our application portal)
• – Security measures to enable us to identify, prevent and investigate attacks on our website
• – To measure reach, and compile usage statistics; for marketing

1.7 Legal bases for the processing
Pursuant to Art. 13 GDPR, we inform you of the legal bases for the data processing. Where the legal basis is not specified in the privacy policy, the following applies: The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR; the legal basis for processing to deliver our services, to implement contractual measures and to respond to enquiries is Art. 6(1)(b) GDPR; the legal basis for processing to fulfil our legal obligations is Art. 6(1)(c) GDPR; and the legal basis for processing to protect our legitimate interests is Art. 6(1)(f) GDPR. Where the vital interests of the data subject or another natural person require the processing of personal data, Art. 6(1)(d) GDPR serves as the legal basis.

1.8 Collaboration with processors and third parties
Where, in the course of our processing, we disclose data to other people and organisations (processors or third parties), transmit these data to them, or otherwise grant them access to these data, this is solely on the basis of legal permission (e.g. where data needs to be transmitted to a third party such as a payment services provider pursuant to Art. 6(1)(b) GDPR to fulfil the contract), your consent, a legal obligation, or on the basis of our legitimate interest (e.g. when using agents, web hosts, etc.). 

If we commission third parties with the processing of data on the basis of a so-called ‘order processing agreement’, we do so on the basis of Art. 28 GDPR.

1.9 Transmission to third countries
Where we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), or if this happens in the context of the use of third-party services or disclosure, or transfer of data to third parties, this is done only to fulfil our (pre)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or commission the processing of data in a third country only in the particular circumstances as set out in Art. 44 ff. GDPR. Thus, the processing is carried out, for example, on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to that of the EU (e.g. for the USA through the ‘Privacy Shield’) or compliance with officially recognised special contractual obligations (so-called ‘standard contractual clauses’).

1.10 Erasure of data
The data we process is erased, or its processing is restricted, pursuant to Art.17 and 18 GDPR. Unless expressly stated otherwise within this privacy policy, the data stored by us will be erased as soon as it is no longer required for its intended purpose, and provided the erasure does not breach any statutory retention obligations. Where data are not deleted because they are required for other, legally permissible purposes, their processing will be restricted. This means that the data are blocked and are not processed for other processes. This applies, for example, to data that must be retained for commercial or fiscal law reasons. Data are stored in accordance with the legal provisions of the D/A/CH area.

1.11 Data protection with respect to applications and during the application process
The controller collects and processes the personal data of applicants for the purpose of handling the application process. Processing may also take place by electronic means, in particular when an applicant submits the corresponding application documents to the processing controller by electronic means, for example via email or via a web form on the website. If the controller concludes an employment contract with an applicant, the data submitted for the purpose of progressing the employment relationship are stored in compliance with the statutory provisions, including GDPR. If we do not conclude an employment contract with the applicant, the application documents will be automatically erased six months after notification of the rejection decision, provided no other legitimate interests of the controller prevent erasure.

1.12 Rights of the data subject
As a data subject who is affected by the processing of your data, you may assert certain rights with us in accordance with GDPR and other relevant data protection provisions. The following section explains your rights as a data subject pursuant to GDPR. Depending on the nature and scope of your request, we will ask you to exercise these rights with us in writing:

1.12.1 Right of access
You may request confirmation from the controller as to whether we process your personal data. If such processing takes place, you may request the following information from the controller:

• The purposes for which personal data are processed
• The categories of personal data which are processed
• The recipients and the categories of recipients to whom your personal data have been or will be disclosed
• –The planned period for which your personal data will be stored or, if no concrete details can be provided in this respect, the criteria used to determine the storage period
• –The existence of a right to rectification or erasure of your personal data, a right to restriction of the processing by the controller or a right to object to this processing
• The existence of a right to lodge a complaint with a supervisory authority
• All available information concerning the origin of the data where the personal data were not collected from the data subject
• The existence of automated decision-making, including profiling pursuant to Art. 22(1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to request information regarding whether your personal data are transmitted to a third country or an international organisation. In this regard, you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in relation to the transmission of your data.

1.12.2 Right to rectification
You have a right to rectification and/or completion with respect to the controller where your personal data that have been processed are inaccurate or incomplete. The controller must perform the rectification without undue delay.

1.12.3 Right to restriction of processing
You may request restriction of the processing of your personal data under the following circumstances:

• if you contest the accuracy of the personal data for a period enabling the controller to verify the accuracy of the personal data
• if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead
• if the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims, or
• if you have submitted an objection to processing pursuant to Art. 21(1) GDPR and verification is pending as to whether the legitimate grounds of the controller override yours.

Where the processing of your personal data has been restricted, these data – with the exception of their storage – will be processed only with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If processing has been restricted under the circumstances above, you will be informed by the controller before the restriction of processing is lifted.

1.12.4 Right to erasure

a) Obligation to erase
You may ask the controller to erase your personal data without undue delay and the controller is obliged to erase said data without undue delay where one of the following grounds applies:

• Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
• You withdraw consent on which the processing is based pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR and there is no other legal basis for the processing.
• You object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR.
• Your personal data were processed unlawfully.
• Your personal data have to be erased to comply with a legal obligation in Union or Member State law to which the controller is subject.
• Your personal data have been collected in relation to the offer of information society services pursuant to Art. 8(1) GDPR.

b) Information provided to third parties
Where the controller has made your personal data public, and is obliged pursuant to Art. 17(1) GDPR to erase said data, the controller, taking account of available technology and the cost of implementation, must take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of these personal data.

c) Exceptions
There is no right to erasure where the processing is necessary

• to exercise the right of freedom of expression and information
• to comply with a legal obligation which requires processing by Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
• for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) as well as Art. 9(3) GDPR
• for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to. Art. 89(1) GDPR, insofar as the right referred to under section a) is likely to render impossible or seriously impair the achievement of the objectives of this processing, or
• to establish, exercise or defend legal claims.

1.12.5 Right to be informed
If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients, to whom your personal data have been disclosed, of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed of these recipients by the controller.

1.12.6 Right to data portability
You have the right to receive the personal data you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transmit these data to another controller without hindrance from the controller to which the personal data have been provided, where

• the processing is based on consent pursuant to. Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to. Art. 6(1)(b) GDPR, and
• – the processing is carried out by automated means.

In exercising this right, you further have the right to have your personal data transmitted directly from one controller to another, where this is technically feasible. This must not affect the freedoms and rights of other persons. The right to data portability does not apply to processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

1.12.7 Right to object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data which is based on Art. 6(1)(e) or (f); this applies equally to profiling based on these provisions. The controller no longer processes your personal data unless the controller can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or to establish, exercise or defend legal claims. If your personal data are processed for direct marketing purposes, you have the right to object to the processing of your personal data for the purposes of such marketing at any time; this applies equally to profiling to the extent that it is related to such direct marketing. If you object to processing for the purposes of direct marketing, your data will no longer be used for these purposes. In the context of the use of Information Society Services – and notwithstanding Directive 2002/58/EC – you have the opportunity to exercise your right to object by automated means using technical specifications.

1.12.8 Right to withdraw the statement of consent under data protection law
You have the right to withdraw your statement of consent under data protection law at any time. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent up until the time of withdrawal.

1.12.9 Automated individual decision-making
You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects for you or similarly significantly affects you.

This does not apply where the decision

• is necessary for entering into, or the fulfilment of, a contract between you and the controller,
• – is authorised by Union or Member State law to which the controller is subject, and the controller implements appropriate measures to safeguard your rights and freedoms as well as your legitimate interests, or
• – is based on your explicit consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9(1) GDPR, unless Art. 9(2)(a) or (g) applies, and appropriate measures have been implemented to safeguard your rights and freedoms as well as your legitimate interests.

With respect to the situations specified in (9.1.) and (9.3.), the controller implements appropriate measures to safeguard your rights and freedoms and your legitimate interests, including at least the right to obtain the intervention of a person on the part of the controller, to express a personal point of view and to contest the decision.

1.12.10 Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR. The supervisory authority with which the complaint has been lodged informs the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

1.13 Video surveillance (in the respective company)
For visitors, employees and other individuals in the area monitored.

The following content informs you about the processing of personal data – in this case, images of individuals, information on the behaviour of individuals and factual information (e.g. vehicle registration numbers) (hereinafter referred to as ‘data’) – in the context of video surveillance carried out in the companies.

1.13.1 Controllers

Getzner Textil Aktiengesellschaft
Bleichestraße 1
6700 Bludenz
Austria
ZGF0ZW5zY2h1dHpAZ2V0em5lci5hdA==

Herbert Kneitz GmbH
Thörl 64
8983 Bad Mitterndorf
Austria
ZGF0ZW5zY2h1dHpAZ2V0em5lci5hdA==

TFE Textil GmbH
Klarenbrunnstraße 59
6700 Bludenz
Austria
ZGF0ZW5zY2h1dHpAZ2V0em5lci5hdA==

WR Weberei Russikon AG
Madetswilerstraße 29
8332 Russikon
Switzerland
ZGF0ZW5zY2h1dHpAZ2V0em5lci5hdA==

Getzner Handel GmbH
Wiesenstraße 19
6890 Lustenau
Austria
ZGF0ZW5zY2h1dHpAZ2V0em5lci5hdA==

Getzner Textil Weberei GmbH
Lange Straße 73
07551 Gera
Germany
c3RlZmZlbi5zdGllaGxlckBic3ctbWFpbC5kZQ==

E. Schoepf GmbH
Rathausstraße 18
95236 Stammbach
Germany
ZGF0ZW5zY2h1dHpAZS1zY2hvZXBmLmRl

1.13.2 Purpose and relevant legal basis
Data are processed on the basis of a legitimate interest pursuant to Art 6(f) GDPR. Legitimate interests include in particular:

• –Video surveillance for the purpose of protecting property (to protect property belonging to the companies as well as employees and to meet our responsibility to protect (to comply with traffic safety obligations, contractual liability with respect to customers etc.)) as well as
• to prevent, contain and provide intelligence on relevant criminal behaviour where this affects the controller’s area of responsibility, and which is reviewed only in the circumstance defined in the purpose.
• Video surveillance (in real-time) of individual production plants for the purpose of smooth production processes.

1.13.3 Collaboration with processors and third parties
If we transmit data to other persons and companies (order processors or third parties) within the scope of our processing, or otherwise grant them access to the data, this is done only on the basis of legal permission, your consent (Art. 6(1)(a) GDPR), if prescribed by a legal obligation (Art. 6(1)(c) GDPR) or on the basis of our legitimate interest (e.g. when using agents, web hosts, etc.) (Art. 6(1)(f) GDPR).

Where we commission third parties with the processing of data on the basis of a so-called ‘order processing agreement’, we do so on the basis of Art. 28 GDPR.

1.13.4 Transmission to third countries
Transmission to recipients in a third country is currently not planned. If we nevertheless process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), or if this happens in the context of third-party service or disclosure, this is done only on the basis of (pre)contractual obligations (Art. 6(1)(b) GDPR), on the basis of your consent (Art. 6(1)(a) GDPR), on the basis of a legal obligation (Art. 6(1)(c) GDPR) or on the basis of our legitimate interest (Art. 6(1)(f) GDPR). Subject to legal or contractual permissions, we process or commission the processing of data in a third country only in the particular circumstances as set out in Art. 44 ff. GDPR. Thus, the processing is carried out, for example, on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to that of the EU (e.g. for the USA through the ‘Privacy Shield’) or compliance with officially recognised special contractual obligations (so-called ‘standard contractual clauses’).

1.13.5 Data retention period
Data are generally retained for 72 hours, and in justified cases in accordance with the works agreement, and where required for the duration of managing the process.

1.13.6 Rights of the data subject
As the data subject, you in general have the right to be informed, to rectification, erasure, restriction and objection. To exercise your rights, please contact the controller (using the contact details above).

If you believe that the processing of your data infringes data protection legislation, or that your rights under data protection law have otherwise been breached, you have the option to lodge a complaint with the data protection authority.

1.14 Video conferencing
We use MS Teams for video conferencing, a service provided by Microsoft Corporation, located at One Mi-crosoft Way, Redmond, WA 98052-6399, USA. During a video conference via MS Teams, the data that you enter or upload yourself is transmitted to Microsoft in addition to the IP address and the content of the con-versation. If you activate the camera, your image data will be transmitted to Microsoft. It is up to you to de-cide whether you want to activate the camera and show your workplace (you can prevent this by making the appropriate settings in the video conference) or write chat messages. If you do so, you consent to the corre-sponding processing of your data and the transfer to Microsoft in the USA.

The sound and images are not recorded during video conferences. 

We have concluded standard contractual clauses with Microsoft that are intended to ensure compliance with European data protection levels. However, whether US law allows Microsoft to comply with these standard contractual clauses is an open question. For this reason, we cannot rule out the possibility that the transfer of data to Microsoft in the USA will take place without the appropriate safeguards pursuant to the GDPR. You are at risk that recipients in the USA may not be able to comply with European data protection requirements. US data protection law does not grant your data the same protection as the GDPR; in particular, you only have very limited data subject rights. There is also a risk that US authorities may access your data for control and monitoring purposes.

2. Online-specific data protection topics

Getzner Textil Aktiengesellschaft operates the following websites as the controller:

• www.getzner.at
• www.getzner-official.at
• www.tfe.at
• www.lehre.getzner.at

2.1 Cookies
“Cookies” are small files that are stored on the computers of the users. Cookies can be used to store different types of information. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after his or her visit to an online service. Temporary cookies, or “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online offer and closes his or her browser. The contents of a shopping basket in an online shop or a login status, for example, can be stored in such a cookie. Cookies that remain stored even after the browser is closed are referred to as “permanent” or “persistent”. For example, the login status can be stored when users return to the same site after several days. The interests of the users can also be stored in such a cookie. These interests are used for range measurement or marketing purposes. “Third-party cookies” are cookies offered by providers other than the controller that operates the online offer (otherwise, if they are only the cookies of the controller, they are referred to as “first-party cookies”). We may use temporary and permanent cookies and explain this in our privacy policy. If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser.

Detailed information on how to deactivate cookies in common browsers is provided by the following:

• Google Chrome
• Mozilla Firefox
• Internet Explorer
• Safari

The exclusion of cookies can lead to functional restrictions of this online offer!

For many services, especially in the case of tracking, a general objection to the use of cookies used for online marketing purposes can be declared via the US website www.aboutads.info or the EU website www.youronlinechoices.com. In addition, you can disable the storage of cookies by deactivating them in the browser settings. Please note that you may then not be able to use all the functions of this online offer.

When you visit our website, the "Cookie Settings" info banner will appear, informing you of the use of cookies on our website as outlined in this Privacy Policy. It will also list the cookies used and the data collected by them, and allow you to consent to the use of certain cookies. By giving your consent, you are agreeing to the use of the cookies concerned and the associated processing of data. You can revoke this consent at any time by either changing the cookie settings on our website or your browser settings. This revocation does not affect the legality of the processing carried out on the basis of the consent up to the revocation.

Some functions of this website require cookies. Cookies are technically necessary for these functions. For example, this includes the country settings or the saving of search terms on our website. The cookie that stores your consent to the use of certain cookies is also included, as well as the cookies of our content management system from Ibexa. The purpose of these cookies is to offer and execute these functions. Our legal basis for setting the technically necessary cookies and the processing associated with them is our legitimate interest, which is to achieve these purposes.

On our website, we use cookies that enable us to analyse your surfing and usage behaviour on our website. These are cookies from Google Analytics (you can find out more about this under point 2.4). We use these cookies to analyse which search terms you enter on our website, which functions you use, how often and for how long, and which sub-pages of our website you visit, for how long and how often. The data collected in this way is pseudonymised by technical precautions. This means that the data can no longer be assigned to you. Nor will the data be stored together with your other data. The data collected enables us to continuously optimise our website and its functions and to adapt them to your needs. Our legal basis for setting the cookies used for this purpose and the processing associated with them is your consent, which you can revoke at any time.

For advertising purposes and conversion measurement, our website uses the Meta Pixel of Meta Platforms Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA or Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). For more information on this, please refer to point 2.9 of this Privacy Policy. Our legal basis for setting the cookies used for this purpose and the processing associated with them is your consent, which you can revoke at any time.

2.2 Hosting
We use hosting services in order to be able to provide the following performances: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services, which we use for the purpose of operating this online offer. In doing so, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta data and communication data of customers, interested parties and visitors to this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer pursuant to Article 6 (1) letter F of the GDPR in conjunction with Article 28 GDPR (conclusion of a contract processing agreement).

2.3 Collection of access data and log files
On the basis of our legitimate interests within the meaning of Article 6 (1) (f) GDPR, we (or our hosting provider) collect data on every access to the server on which this service is located, so-called server log files. The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.

For security reasons (e.g. to clarify acts of abuse or fraud), log file information is stored for a period of up to 7 days and then deleted. Any data which needs to be safeguarded for evidentiary purposes shall be exempt from deletion until the respective incident has been finally clarified.

2.4 Google Analytics
This website uses Google Analytics 4, a web analysis service offered by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; (“Google”). Google Analytics 4 uses cookies, scripts and pixels to analyse your use of the website. For example, the time spent on the website is recorded as well as the language and location, the browser used to access the website, the operating system and the screen size, and events such as clicks, scrolls, downloads and page views.

Google Analytics 4 uses algorithms and machine learning to recognise usage behaviour across devices from the data and events collected, and in this way automatically combines the sessions into a uniform user experience across devices, via identifiers (user ID, Google ID, device ID) that Google stores in your terminal device by means of cookies.

According to Google, the information generated by the cookie about your use of this website will be transmitted to and stored by Google on servers in Ireland. We do not store any of your data collected by Google Analytics 4.

The IP anonymisation is preset for Google Analytics 4. 

Google will use the information collected to evaluate your use of the website, to compile reports about the website activities and to perform further services linked to the use of the website and the internet on our behalf. 

The tracking technologies described above are used on the basis of the consent you have given in the cookie settings, which you can revoke at any time, with effect for the future, by deactivating the tracking there. 

You can prevent the storage of cookies in general by setting your browser software accordingly. However, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent. You can also prevent Google from collecting your data in connection with Google Analytics by downloading and installing the browser plug-in available via this link.

You can learn more about Google's terms and conditions of use and Google's data privacy policy here or here.

2.5 Online presence in the social media
Links to our online presence on social networks are embedded in our website. The links are identified by the generally known icons of these networks. If you click on these icons, the link associated with the respective icon will take you to our respective online presence. You can find out which online presence we have and which data processing can be linked to a visit to this online presence in the following text.

2.5.1 Facebook Fanpage
Our company operates a fan page on Facebook, the social media platform of Meta Platforms Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. When you visit this fan page, e.g. by clicking on the corresponding link on our website marked with a Facebook symbol, Facebook sets cookies on your end device, regardless of whether you are a Facebook user yourself. For more information on what cookies are, please refer to point 2.1 of this Privacy Policy.

Facebook uses these cookies to evaluate your behaviour on our fan page according to certain criteria and to make this evaluation available to us in an anonymised form. Facebook calls this service "Facebook Insights". Further information on the processing of Insights data can be found here.

The Insights data is anonymous for us, but not for Facebook if you are a Facebook user. In this case, Facebook can assign this data to your user account. You can find out more about this in Facebook's privacy policy. 

With regard to the processing of Facebook Insights data, both Facebook Ireland and we are joint controllers pursuant to Article 26 GDPR. The primary controller for the processing of Insights data is Facebook Ireland. We do not make any decisions regarding the processing of the Insights data, in particular not regarding the further recipients of this data or the storage period of the cookies used for this purpose on the end devices.

You can assert your data subject rights either with Facebook Ireland or with us.

We have entered into a shared responsibility contract with Facebook Ireland. Facebook Ireland provide the essential content here.

The legal basis for the processing of Insights data is your consent, which you declare by clicking on the Facebook icon and then logging into your Facebook account.

2.5.2 Instagram
Our company has an Instagram account. Instagram is a social network operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). 

The link to this account is marked with an Instagram logo, for example in the form of an "Instagram camera". If you click on the logo, you will be redirected to our Instagram account. This provides Instagram with the information that your browser has accessed the corresponding page of our website, even if you do not have an Instagram profile or are not currently logged in to Instagram. This information (including your IP address) is transmitted by your browser directly to an Instagram server in the USA and stored there. 

For further processing and use of the data by Instagram, as well as your rights in this regard as well as the options you have to protect your privacy, please refer to Instagram's privacy policy. 

Should you not want Instagram to directly assign the data collected via our website to your Instagram account, you can log out of Instagram before visiting our website. You can also prevent the loading of Instagram plugins completely by using add-ons for your browser, e.g. with the script blocker "NoScript".

2.6 Integration of third-party services and content
This website uses so-called web fonts provided by Google for the uniform display of fonts. Google Fonts are installed locally. There is no connection to Google's servers.

2.7 Youtube
We have integrated YouTube components on this website. YouTube is an Internet video portal that allows video clips to be posted free of charge and also allows them to be viewed, rated and commented free of charge.

The operating company of YouTube is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube LLC is a subsidiary company of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

We use the “enhanced data protection mode” option that YouTube has made available According to the information provided by YouTube, YouTube still makes contact with Google's Double Klick service in “extended data protection mode”, but no personal data is evaluated in the process. This is according to Google's privacy policy.

If you call up sub-pages of our website in which a YouTube component (YouTube video) is integrated, a connection is established to the YouTube servers and YouTube receives your IP address in order to send the embedded video to your browser and play it. In order to do this and to create statistics about the videos played, YouTube sets the cookies listed in the cookie settings on your end device. This is how YouTube learns which subpages of our website you visit and which videos you play If you are logged in to YouTube at the same time, this information is assigned to your YouTube member account. You can prevent this by logging out of your member account before visiting our website. We have no knowledge of and no influence on the further use of your data by YouTube once it has been assigned to your member account. 

Further information on YouTube's data protection is provided by Google under this link.

The legal basis for this data processing is our legitimate interest in a creative and up-to-date internet presence of our company as well as an attractive and modern presentation of its products and services.

2.8 Social Media Wall (Walls.io)
On our website, we have embedded a social media wall that displays content concerning us that has been generated by users of social networks, in particular postings. For this social media wall, we use the services and solutions of Walls.io, Schönbrunner Straße 213/2153, 3rd floor, A-1120 Vienna. Walls.io does not use tracking cookies.

The Social Media Wall only publishes content that has been made publicly accessible by the users of the social networks in accordance with the terms of use there. Only public posts and data from accounts are accessed via the public interfaces of the social networks. These are distributed by the respective user of the social network as the person concerned as “public” in the sense of the terms of use there. In this process, the tapped content is not uploaded directly from the social network but from the Walls.io server to our social media wall. 

The legal basis for this processing is our legitimate interest in supporting our marketing activities by finding, accompanying and displaying user-generated content about us on our website.

By classifying your content as non-public in accordance with the terms of use of the social network, you can prevent publication of your content concerning us that is published on social networks.

2.9 Meta Pixel (Remarketing)
Our website uses the Meta Pixel of Meta Platforms Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA and for the European Union of Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook") for conversion measurement.

The Meta Pixel can be used, on the one hand, to track the behaviour of visitors to the site after they have been redirected to the provider's website by clicking on a Facebook ad and, on the other hand, to display advertisements of the provider to site visitors who log in to Facebook. This allows the effectiveness of the Facebook ads to be evaluated for statistical and market research purposes as well as the optimisation of future advertising measures.

The use of the Meta Pixel and the associated tracking is based on your consent, which you provide when you consent to our cookies. You can revoke this consent at any time with effect for the future. You can also revoke this consent by deactivating it in your Facebook account.

As the operator of this website, the data collected is completely anonymous and we cannot draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a link to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook data use policy. This enables Facebook to place advertisements on Facebook pages as well as outside of Facebook. This use of the data cannot be influenced by us as the site operator. You can find further information on protecting your privacy in Facebook's privacy policy. 

You can deactivate the “Custom Audiences” remarketing function in the section for settings for advertisements at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged in to Facebook. If you do not have a Facebook account, you can disable usage-based advertising from Facebook on the European Interactive Digital Advertising Alliance website.

2.10 Purposes of data processing and its legal basis
We will process your personal data for the following purposes:

a. to make this website available to you, to continuously improve and develop this website and to have a creative and up-to-date internet presence;
b. to be able to detect, prevent and investigate attacks on our website;
c. to respond to your requests;
d. to analyse your use of our website, to carry out conversion measurements and remarketing and to be able to compile usage statistics;
e.to send you our newsletter and to conduct surveys about satisfaction with our products and services;

The legal basis for the processing operations concerning the data subject,

• the legal basis for processing your personal data under 3a-c above is our overriding legitimate interest, which is to achieve the purposes listed under 3a-c above;
•  your consent for the processing operations listed under 3d;
• – for the sending of our newsletter and our customer surveys Section 174 (4) TKG (or any applicable comparable foreign statutory provision), provided that we have received your email address in connection with the sale of goods or services to you, otherwise your consent;

2.11 Recipients of personal data, in particular in the USA (“US providers”)
We transfer your personal data to the following recipients:

• IT service providers used by us, namely our agency Logic Joe GmbH, Vorsetzen 53, 20459 Hamburg and for hosting our website Platforms SH, Koblenzerstraße 11, 50968 Cologne, Germany.
• Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
• Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland pursuant to point 2.4 (Google Analytics)
• InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand (Matomo see point 2.5)
• Meta Platforms Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (Facebook, see point 2.5.1 and 2.9)
• Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Facebook, see point 2.5.1 and 2.9)
• Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (Instagram see point 2.5.2)
• YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (YouTube see point 2.7)
• Sendinblue GmbH, Köpenicker Straße 126, D-10179 Berlin (Newsletter service provider, see point 2.12)
• Walls.io, Schönbrunner Straße 213/2153, 3rd Floor, A-1120 Vienna (Social Media Wall, see Point 2.8) 

Google LLC and Meta Platforms Inc. are certified under the EU-US Data Privacy Framework and are therefore obliged to comply with the requirements of European data protection law.

The transfer of data to YouTube in the USA takes place without appropriate guarantees pursuant to the GDPR. There is a risk that this recipient may not be able to comply with the requirements of European data protection because of the EU standard data protection clauses we have concluded with this provider. US data protection law does not grant your data the same protection as the GDPR; in particular, you only have very limited data subject rights. There is also a risk that US authorities may access your data for control and monitoring purposes.

2.12 Newsletter
You will only have to provide us with an email address if you wish to receive the newsletter offered on the website. No further data is required. 

If you voluntarily provide your first and last name, we can address you personally in the newsletter.

We use the data you make available to us exclusively for the purpose of sending out our newsletter with information about our products and services, about offers or news about our company and for surveys about satisfaction with our products and services. 

After you have registered for the newsletter, you will receive a confirmation email from us so that we can check whether you are actually the owner of the email address provided and whether you have really agreed to receiving the newsletter. Only when you confirm this email will you be registered for the newsletter (double opt-in). 

When you register for the newsletter, we store the IP address provided by your Internet service provider (ISP) as well as the date and time of registration in order to be able to track any possible misuse of your email address at a later date.

Your interaction as a recipient of the newsletter with the newsletter email and your click and opening behaviour in the newsletter are tracked. The data is stored about who opens our newsletters, how often and what content he/she clicks on. We use this data to constantly improve our newsletter.

Your consent is the basis for processing the data for the purpose of sending you our newsletter and evaluating your usage and click behaviour. You can also revoke this consent at any time with effect for the future, for example via the "unsubscribe" link in the newsletter. You can also send us your revocation by email to ZGF0ZW5zY2h1dHpAZ2V0em5lci5hdA==. The legality of the data processing already carried out on the basis of the consent up to the revocation remains unaffected by the revocation.

The data processed by us in connection with the newsletter will be stored by us until you unsubscribe from the newsletter and finally deleted after you unsubscribe to the newsletter.

For the processing and evaluation of our newsletter, we use Newsletter2Go, a software of Sendinblue GmbH, Köpenicker Straße 126, D-10179 Berlin.

2.13 Changes in the Privacy Policy
If there are changes to the content and / or legal changes to this Privacy Policy, we will publish them here (www.getzner.at/datenschutz). For this reason, please always note the date of the current version.

Privacy Policy last updated: September 2023