Last updated on 06/03/2023
In this Policy, reference to “your Personal Data” shall mean any information from which you may be identified (hereinafter referred to as the Personal Data).
We are the controller of the Personal Data within the scope of this Policy.
We use your Personal Data in the course of our business and to provide services to you. Our aim is to process only those of your Personal Data which you have voluntarily provided to us after having received detailed information about the purposes of the processing and those data which are necessary for the performance of our contracts with you, for the implementation of legal requirements and for the performance of our activities.
1. COLLECTION AND USE OF PERSONAL DATA
1.1. WHAT INFORMATION WE COLLECT
We process your Personal Data if you voluntarily provide it to us, e.g. within the the scope of your e-mail to us, when ordering our services, filling in a form on our website or contacting us by telephone/SMS. In some cases, we already process personal data that you have previously provided to us, e.g. if you are a current or former customer. We shall process the personal data you provide to us in accordance with this Policy and the legislation applicable to us. Your Personal Data shall not be used for purposes other than those specified at the time of receipt, unless we have your additional consent or such use is required by law. If you send us your curriculum vitae, we shall use the information you provide to offer you the most suitable position in our company.
1.2. LEGAL BASIS FOR THE PROCESSING OF YOUR PERSONAL DATA
As a general rule, we shall collect your Personal Data only to the extent necessary to provide services to you. EU law obliges us to inform the individuals whose data we process about the legal basis for processing. We rely on one of the following legal bases for processing your Personal Data:
Basis for the performance of a contract. Applicable where the processing of your data is necessary for the performance of our obligations to you under the contract, e.g. to issue you a loyalty card or to make/receive payment for services.
Basis of the requirement from legal acts. Applicable where we are obliged by law or regulation to process your Personal Data, e.g. for the purposes of the obligation to know your customer, for the prevention of money laundering and terrorist financing, for tax accounting purposes, for the provision of data to public authorities or the police.
Legal basis of consent. In certain cases, we shall only process your Personal Data if we have obtained your prior consent. You may withdraw your consent to data processing at any time by contacting us at firstname.lastname@example.org by stating “Withdrawal of consent” in the subject line.
Legal basis of legitimate interests. We shall process your Personal Data where we have a legitimate interest in doing so and such processing is not prejudicial to the protection of your interests and rights.
Regarding the abovementioned legitimate interest, we, for example:
• Provide visitors to our Website with information about the Company’s services or job offers;
• Strive to prevent fraud and crime, and to protect our assets and IT systems;
• Organise and monitor the advertising solutions we use;
• Strive to ensure that we meet the Company’s corporate and social obligations;
• Ensure the realisation of the rights enshrined in Articles 16 and 17 of the Charter of Fundamental Rights of the European Union, including the freedom to conduct a business and the right to personal property.
In certain cases, the Personal Data we process may also include special categories of personal data, i.e. personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data for the purpose of specific identification of an individual, health data, or data concerning the sex life and sexual orientation of a natural person. We shall only process this data with your consent or if such processing is required by law.
1.3. AUTOMATED COLLECTION OF PERSONAL DATA
1.3.1. IP ADDRESSES
An IP address is the number given to your computer when it connects to the internet. It allows computers and servers to recognise each other and share data. When you visit our website, your IP address is logged and used for system diagnostics and security purposes. The IP address is also used to compile indicators that measure the traffic and usability of a website.
Cookies will normally be stored on your computer or other device to which you connect to the internet each time you access our website. This allows us to distinguish your device from others.
We sometimes use third-party tools and widgets to extend the functionality of our website. These tools and controls shall usually store a cookie on your computer or device to ensure that the additional functionality works.
Cookies do not automatically tell us your e-mail address or otherwise identify you personally. We use different identifiers, including IP addresses, when evaluating website activity, but only to determine the number of unique website visitors and the geographical distribution of users, and not to single out specific users.
1.3.3. WEB BEACONS
A web beacon is a small image file on a website that may be used to collect information about a visitor’s computer, including the IP address, the time of the visit, the type of browser, and the setting of cookies that have previously been stored on the same server. We strictly comply with legal requirements when using web beacons.
We or the service providers we use shall use web beacons to ensure the proper management of cookies and to determine the usefulness of the services provided to us by third parties, such as visitors attracted by information dissemination, advertising or recruitment services.
You may restrict the functionality of the web beacons by prohibiting the storage of cookies necessary for their operation. In such a case, the web beacon may still record an anonymous visit from a specific IP address, but the cookie information shall not be stored.
In some of our newsletters or other communications, we shall track recipients’ actions, such as opening an e-mail, by using web beacons. We shall use the information we collect to gauge user interest and to improve user satisfaction levels in the future.
1.3.4. LOCATION MEASURES
When you use our services, we may collect information about the location of your computer or other device. We shall use this information to better tailor our services to you.
1.4. SOCIAL MEDIA TOOLS AND APPLICATIONS
1.5. PERSONAL DATA OF CHILDREN
We understand how important it is to properly protect the privacy of children’s personal data. Our website and services are not suitable for children under the age of 16. We shall never purposefully collect or store information about children under the age of 16 unless it is necessary for us to provide our services to you.
2. TRANSFER OF PERSONAL DATA TO THIRD PARTIES
We shall not share your Personal Data with third parties unless it is necessary for the provision of services to you, to fulfil your requests, for our legitimate interests and business needs, or as required by specific legislation. You may see more information about the use of third parties by clicking on the following link.
3. YOUR CHOICES
We will not normally ask you to provide personal data when you use our services unless it is necessary for the provision of the service, e.g. to enter into a contract or to keep in touch with you. We may ask you to provide additional personal data upon your request for information about the services we provide to you. In certain cases, we may ask for your additional consent for the processing of your personal data and you shall have the right to refuse to consent to processing for such purposes. If you give your consent to receive certain services or communications, we shall give you the opportunity to withdraw this consent at any time. In the event of withdrawal of consent, we shall endeavour to delete the use of your Personal Data for the purposes specified in the consent as soon as possible.
4. YOUR RIGHTS
If we process your Personal Data, you shall have the right to exercise the following rights:
Access and rectification. You shall have the right to have access to your Personal Data processed by us. In order to have access to your Personal Data processed by us, you may submit a request to us. If, after evaluating your enquiry, we decide that we must grant you such a right, we shall provide the information free of charge. In order to ensure the protection of the rights of others and to respond appropriately to your enquiry, we may ask you to provide personally identifiable information and other information about your relationship with us before responding. If the data we process about you is inaccurate, you shall have the right to request a correction of this data.
Right to object to data processing. You shall have the right to object to our processing of your Personal Data if we can no longer use it.
Other rights. If you believe that we should not process your Personal Data or that we are storing it for too long, you shall have the right to request that your Personal Data be erased or that its use be restricted. In certain cases, you shall also have the right to request a copy of electronically stored information.
In order to exercise your rights, you may contact us at email@example.com by stating “concerning the processing of personal data” in the subject line. Upon receipt of your request, we shall make all reasonable efforts, in accordance with applicable law and professional practice, to help you exercise your rights.
5. DATA SECURITY AND INTEGRITY
When processing your Personal Data, we shall use organisational and technical data protection measures and procedures to protect your Personal Data against unauthorised loss, misuse, alteration or destruction. Despite our best efforts, it is not possible to take into account all possible threats and guarantee absolute security of personal data. In order to ensure maximum protection of Personal Data, when processing your Personal Data, access to the data is restricted to our employees on a need-to-know basis. Data processors shall be obliged to comply with strict requirements for the processing of personal data.
We shall use all reasonable endeavours to process your Personal Data only (i) for as long as it is necessary for the provision of services or information to you; (ii) for as long as we are required to retain it by law or business necessity; or (iii) until you request the destruction of your Personal Data. The specific term of data storage depends on the circumstances in which the information was collected and the purposes of using the information, but taking into account the requirements specified in Clauses i)-iii) above, personal data shall not be stored for longer than two years.
6. LINKS TO OTHER WEBSITES
7. CHANGES TO THIS POLICY
Upon receipt of your enquiry, we shall acknowledge receipt of your enquiry within 14 days and endeavour to provide a response within one month of receiving your enquiry. If your enquiry is complex or we have received a very large amount of enquiries at that time, after informing you thereof, we may extend the deadline for responding to the enquiry up to three months from the receipt of the enquiry.
Finally, you shall always have the right to lodge a complaint with the State Data Protection Inspectorate concerning the improper processing of your data.
TRANSFER OF DATA TO THIRD PARTIES
We do not share your Personal Data with third parties unless it is necessary for the provision of services to you, to comply with your requests, for our legitimate business needs and/or if required by law. This shall include the following:
Our service providers: we share your Personal Data with third parties who provide services to us, such as our IT maintenance providers, our website hosting providers, our accounting service providers, consultants, lawyers and other providers of goods and services. We work with these third parties and transfer the processing of your Personal Data to them. We shall only transfer your Personal Data to these third parties if they comply with our strict personal data processing and security requirements. We shall only share your Personal Data to the extent necessary to provide these third party services.
If we or part of our business were to be sold, reorganised or transferred to another company: we would transfer personal data relating to the sale or reorganisation insofar as it is directly related to the performance of the activities sold or transferred.
Pre-trial investigation authorities, courts or other public authorities: we shall transfer personal data requested by courts, pre-trial investigation authorities or other public authorities when it is necessary for the performance of our legal duties or when there is any other lawful basis for the transfer.
Audits: we shall transfer personal data if it is necessary to carry out a financial, data privacy and security audit or to investigate and respond appropriately to a complaint or security threat.