General data protection notice
PRIVACY POLICY / INFORMATION OBLIGATION
(Status: June 2020, Version 1.0)
It is particularly important to us to protect your data, which is why we comply with the applicable data protection regulations, in particular the GDPR and the DSG, when processing your personal data (e.g. master data).
Below you will find more information about the data processing we carry out:
1. Responsible
Laaher Strasse 8
4052 Ansfelden
Email: business@realsim.at
Since we are not legally obliged, we have not appointed / appointed a data protection officer at the data protection authority.
2. Rights of data subjects / right of objection and withdrawal / right of appeal
2.1. You have the following rights towards us with regard to your personal data:
- Right to information (Art 15 GDPR),
- Right to correction (Art 16 GDPR) or deletion (Art 17 GDPR),
- Restriction of processing (Art 18 GDPR),
- Right to data portability (Art 20 GDPR),
- Right to object to processing (Art 21 GDPR).
Right of objection: If the processing of your personal data is based on a weighing of interests (Art 6 Paragraph 1 lit f GDPR: legitimate interests), you have the right to object to the processing at any time for reasons that arise from your particular situation. When exercising your right of objection, we ask you to explain to us your reasons why we should not process your personal data as we have done. We will examine the situation and either discontinue or adjust the data processing or show you our compelling reasons worthy of protection and continue the data processing. We will continue data processing even if it serves to assert, exercise or defend legal claims.
You can object to data processing for the purposes of direct advertising and data analysis at any time. In this case, we will stop processing the data.
Right of withdrawal: If you have given us your consent to the processing of your personal data, you can withdraw your consent at any time. Your revocation does not affect the legality of the data processing carried out up to the point of revocation.
In order to exercise the rights listed, you must inform us personally, by telephone or in writing:
Thomas Peterseil
Laaher Strasse 8
4052 Ansfelden
Phone: 43 (0) 660/4887930
Email: business@realsim.at
Please note that we can only provide you with information if you can identify yourself.
2.2. If you are of the opinion that the data processing violates applicable data protection law or that we violate your data protection claims, you also have the right to lodge a complaint with the supervisory authority in the member state of your place of residence, your place of work or the place of the alleged violation.
If you want to submit your complaint to the supervisory authority in Austria, please address it to:
Austrian data protection authority
Barichgasse 40-42
1030 Vienna
3. Information about the processing of your personal data
3.1. Website visit
- Purpose: If our website is only used for information purposes (no registration and no transmission of other information), personal data is collected, which is transmitted from your browser to our server. This is technically necessary in order to be able to display our website to you and to guarantee the stability and security of the website.
- Legal basis: legitimate interest (Art 6 Paragraph 1 lit f GDPR), Section 96 Paragraph 3 TKG 2003
- The following data is processed: IP address, date and time of the request, time zone difference to GMT, content of the request (specific page), access status / HTTP status code, amount of data transferred, requesting website, browser, operating system and interface, language and version of the Browser software
- Storage period: As long as you use our website.
- Recipients / recipient categories: Processors
3.1.1 Social Media
In addition to our website, we also maintain appearances in social networks, in particular Facebook and Xing to increase the level of awareness of our company and for marketing purposes. If you visit one of our presences, personal data may be transmitted to the operator of the social network. In addition, the operator can link your profile to ours, provided you are logged into the respective network.
Legal basis: legitimate interest (Art 6 Paragraph 1 lit f GDPR)
Recipients / recipient categories: Processors
Details about the specific data collection and processing by the respective operator can be found in the following links:
Facebook: https://de-de.facebook.com/about/privacy/
Xing: https://privacy.xing.com/de/datenschutzerklaerung
With the integration of Google services in this website, Google also collects and processes personal information. A transfer of the information collected to a third country cannot be ruled out. With the certification for the Privacy Shield, Google has committed itself to complying with the EU-US and the Swiss-US Privacy Shield Framework requirements. Information about participation can be found under the search term Google here: https://www.privacyshield.gov/list The information can also be passed on to contractual partners of Google. You can find more information on handling user data in Google's privacy policy: https://www.google.de/intl/de/policies/privacy/ .
Order data processing:
We have concluded a contract data processing agreement with Google.
Legal basis: Art. 6 Para. 1 lit.f GDPR
Storage period: until the end of use
3.2. Electronic contact requests through the website
- Purpose: Processing of contact requests via email or the website contact form.
- Legal basis: Fulfillment of a contract, necessary to carry out pre-contractual measures (Art 6 Paragraph 1 lit b GDPR), legitimate interest (Art 6 Paragraph 1 lit f GDPR), Section 96 Paragraph 3 TKG 2003
- The following data is processed: master data, content data of the request
- Storage period: until the request is answered. If there are statutory retention requirements, processing will be restricted until then.
- Recipients / recipient categories: Processors
3.3. Customer administration, accounting, logistics and bookkeeping
- Purpose: Processing of personal data in the context of all business relationships with customers and suppliers in the context of a commercial exercise, including systematic recording of all business transactions relating to income and expenditure.
- Legal basis: Consent (Art 6 Para 1 lit a GDPR), fulfillment of a contract, necessary to carry out pre-contractual measures (Art 6 Par 1 lit b GDPR), fulfillment of a legal obligation (Art 6 Par 1 lit c GDPR), legitimate interest, esp Defense, exercise and assertion of legal claims (Art 6 Paragraph 1 lit f GDPR), express consent (Art 9 Paragraph 2 lit a GDPR).
- Storage period: Until the end of the business relationship or until the expiry of the guarantee, warranty, statute of limitations and statutory retention periods (in particular BAO); in addition, until the end of any legal disputes in which the data is required as evidence.
- Recipients / recipient categories: tax office, courts and authorities, suppliers, debt collection agencies, banks dealing with the payment to the person concerned or to third parties, legal representatives, accountants, payroll administrators.
3.4. Customer care and marketing for own purposes
- Purpose: Processing of own or purchased customer and prospect data for the initiation of business regarding the own delivery or service offer as well as for the implementation of advertising measures and customer relation management.
- Legal basis: Consent (Art 6 Para 1 lit a GDPR), fulfillment of a contract, necessary to carry out pre-contractual measures (Art 6 Par 1 lit b GDPR), fulfillment of a legal obligation (Art 6 Par 1 lit c GDPR), legitimate interest, esp Defense, exercise and assertion of legal claims (Art 6 Paragraph 1 lit f GDPR)
- The following data is processed for sending the newsletter via our website: Master data
- Storage period: The data may be stored until the end of the third year after the last contact with the client, unless there are longer contractual or statutory retention periods.
- Recipients / recipient categories: Processors
3.5. Personnel administration and applicant management
- Purpose: Processing and transmission of data for wage, salary and remuneration accounting and compliance with recording, information and reporting obligations, insofar as this is required by law or norms of collective legal arrangements or contractual obligations, use and keeping of personal data of Applicants if this data has been provided by the person concerned.
- Legal basis: Consent (Art 6 Para 1 lit a GDPR), fulfillment of a contract, necessary to carry out pre-contractual measures (Art 6 Par 1 lit b GDPR), fulfillment of a legal obligation (Art 6 Par 1 lit c GDPR), legitimate interest, esp Defense, exercise and assertion of legal claims (Art 6 Paragraph 1 lit f GDPR), express consent (Art 9 Paragraph 2 lit a GDPR), necessary to fulfill the obligations under labor law and social law (Art 9 Paragraph 2 lit b GDPR), assertion , Exercise and defense of legal claims (Art 9 Paragraph 2 lit f GDPR), statutory duties of care (Art 10 GDPR in conjunction with Section 4 Paragraph 3 Z 2 GDPR), legitimate interest (Art 10 GDPR in conjunction with Section 4 Paragraph 3 Z 2 GDPR)
- Storage period: Until the end of the relationship with the person concerned and beyond that as long as the statutory retention period or as long as legal claims from the employment relationship can be asserted against the employer (in particular the issuing of references and the like). Applicant data will be deleted immediately after the advertised position has been filled, unless consent has been given to keep records. Unsolicited applications are appropriately kept on record until they are revoked by the person concerned.
- Recipients / recipient categories: Tax office, courts and authorities, social security agencies (including company health insurance funds), labor inspectorate, traffic labor inspectorate and agriculture and forestry inspectorate, in particular in accordance with Section 8 of the Labor Inspection Act, organs of company interest representation (in particular works council in accordance with Section 89 (4) ArbVG, safety representative according to Section 10 ASchG, youth ombudsman according to § 125ff ArbVG and disabled ombudsman according to § 22a BEinstG), apprenticeship according to § 19 BAG and vocational schools, labor market service, banks dealing with the payment to the person concerned or to third parties, union specified by the employee, with the consent of the person concerned Statutory interest groups, pension funds, employee pension fund (MVK) in accordance with Section 11 Paragraph 2 Z and Section 13 BMVG, legal representative; Chartered accountant; Payroll Clerk.
3.6. Access management for IT systems
- Purpose: User name and password management and system access logging.
- Legal basis: Fulfillment of a legal obligation, in particular compliance with access controls (e.g. password guideline) or access authorizations (Art 6 Paragraph 1 lit c GDPR), legitimate interest, in particular defense, exercise and assertion of legal claims (Art 6 Paragraph 1 lit f GDPR)
- Storage period: Data will be deleted when the data subject's system rights have expired and all legal disputes in which the data is required as evidence have been concluded. In any case, the data will be deleted if there are no longer any statutory retention periods.
- Recipient / recipient categories: None
- Purpose: Control of the authorization of access to buildings and demarcated areas by the owner or authorized user with the help of systems that process personal data with automated support, whereby no biometric data of those affected are processed. The mere real-time display of facial images is covered by this exception.
- Legal basis: Consent (Art 6 Paragraph 1 lit a GDPR), fulfillment of a contract, required to carry out pre-contractual measures (Art 6 Paragraph 1 lit b GDPR), fulfillment of a legal obligation to implement technical and organizational measures to protect personal data (Art 6 para 1 lit c GDPR), legitimate interest, in particular defense, exercise and assertion of legal claims (Art 6 para 1 lit f GDPR), express consent (Art 9 para 2 lit a GDPR), necessary to fulfill the obligations under labor law and Social law (Art 9 Paragraph 2 lit b)
- Storage period: Until the end of the access authorization and beyond as long as there is a statutory retention period or as long as special legal claims from the employment relationship can be asserted against the employer. If there are no special retention periods, the data should be deleted six months after the end of the access authorization.
- Recipients / recipient categories: Courts and authorities.
4. Information about data transfers to third countries or to international organizations
Change of these data protection regulations
DATA PRIVACY STATEMENT / RIGHT TO BE INFORMED
(As at: June 2020, version 1.0)
Protecting your data is an especially important concern for us, which is why we comply with the applicable data protection provisions, particularly GDPR and the Austrian Data Protection Act (DSG), when processing your personal data (eg master data).
You can find more detailed information on how we carry out data processing below:
1. Controller
Laaher Strasse 8
4052 Ansfelden, Austria
E-mail: business@realsim.at
As we are not under any statutory obligation to do so, we have not appointed a data protection officer or appointed one from the Austrian Data Protection Authority.
2. Rights of the data subject / right to object and withdraw / right to complain
2.1. You have the following rights with regard to the personal data concerning you:
- Right of access (Article 15 GDPR)
- Right to rectification (Article 16 GDPR) or erasure (Article 17 GDPR)
- Right to restriction of processing (Article 18 GDPR)
- Right to data portability (Article 20 GDPR)
- Right to object to processing (Article 21 GDPR)
Right to object: As the processing of your personal data is based on the consideration of interests (Article 6 (1) f) GDPR: legitimate interests), you have the right to file an objection to this processing for reasons related to your particular circumstances at any time. In the event that you exercise your right to object, we will ask you to state your reasons for withdrawing consent for the processing of your personal data for the purposes we have already carried out. We will verify the circumstances and either stop the data processing, adjust it or show you our urgent reasons that need protecting and continue with the data processing. We will then also continue data processing if it serves to assert, exercise or defend against legal claims.
You can object to data processing for the purposes of direct marketing and data analysis at any time. In this case, we will stop data processing.
Right to withdraw: If you have given your consent for us to process personal data, you can also withdraw your consent at any time. Your withdrawal does not affect the legality of the data processing carried out up to the withdrawal.
To exercise the rights listed above, you must inform us in person, by phone or in writing:
Thomas Peterseil
Laaher Strasse 8
4052 Ansfelden, Austria
Phone: 43 (0) 660 488 7930
E-mail: business@realsim.at
Please note that we can then only issue information if you verify your identify.
2.2. If you are of the opinion that the data processing violates the applicable data protection law or we have violated your data protection claims, you also have the right to file a complaint with the supervisory authority in the Member State in which you are resident, in which you work or in which the alleged breach took place.
If you wish to file a complaint with the Austrian Data Protection Authority, please direct this to:
Austrian Data Protection Authority
Barichgasse 40-42
1030 Vienna, Austria
3. Information about processing your personal data
3.1. Visiting our website
- Purpose: If our website is used only for information purposes (no registration and no transfer of other information), personal data is collected that is transferred from your browser to our server. This is required for technical reasons to correctly display our website to you and guarantee the stability and security of the website.
- Legal basis: Legitimate interest (Article 6 (1) f) GDPR), Article 96 (3) Telecommunications Act 2003 (TKG)
- The following data will be processed: IP address, data and time of inquiry, time difference from GMT, content of the request (specific page), access status / HTTP status code, respective transferred data volume, requested website, browser, operating system and interface, language and version of browser software
- Storage duration: For as long as you use our website.
- Recipient / recipient categories: Processor
3.1.1 Social Media
In addition to our website, we also maintain a social media presence, particularly on Facebook and Xing, to increase the level of awareness for our company and for marketing purposes. If you visit one of our pages, it is possible that personal data may be sent to the operator of the social network. Furthermore, the operator can connect your profile with ours, provided that you are logged into the respective network.
Legal basis: Legitimate interest (Article 6 (1) f) GDPR)
Recipient / recipient categories: Processor
Specific details about the data collection and processing by the respective operator can be found via the following links:
Facebook: https://en-gb.facebook.com/about/privacy/
Xing: https://privacy.xing.com/en/privacy-policy
With the integration of Google services in this website, Google also collects and processes personal data. The gathered information being sent to third parties cannot be ruled out. With the Privacy Shield certification, Google undertakes to comply with the provisions in the EU-US and Swiss-US Privacy Shield Framework. Information about participation can be found by searching for Google here: https://www.privacyshield.gov/list The information can also be forwarded to Google's contractual partners. More information about the handling of user data can be found in Google's privacy policy: https://policies.google.com/privacy?hl=en-GB .
We have concluded a data processing contract with Google.
Legal basis: Article 6 (1) f) GDPR
Storage duration: Until the end of use
3.2. Electronic contact inquiries via the website
- Purpose: Processing contact inquiries via e-mail or the contact form on the website.
- Legal basis: Fulfilling a contract, required to carry out precontractual measures (Article 6 (1) b) GDPR), legitimate interest (Article 6 (1) f) GDPR), Article 96 (3) TKG 2003
- The following data will be processed: Master data, data on the content of the inquiry
- Storage duration: Until the inquiry is answered. If there are statutory storage obligations, processing will be limited accordingly.
- Recipient / recipient categories: Processor
3.3. Client management, accounting, logistics and record keeping
- Purpose: Processing personal data as part of any business relationships with clients and suppliers in the context of operating a business, including systematically recording all income and costs of relevant business transactions.
- Legal basis: Consent (Article 6 (1) a) GDPR), fulfilling a contract, required to carry out precontractual measures (Article 6 (1) b) GDPR), fulfilling a legal obligation (Article 6 (1) c) GDPR) , legitimate interest, especially preventing, exercising and asserting legal claims (Article 6 (1) f) GDPR), explicit consent (Article 9 (2) a) GDPR).
- Storage duration: Until the end of the business relationship or until the expiration of the applicable guarantee, warranty, limitation and statutory storage periods (particularly the Austrian Fiscal Code (BAO)); furthermore, until the expiration of all legal disputes in which the data is required as evidence.
- Recipient / recipient categories: Fiscal authorities, courts and authorities, suppliers, debt collection companies, banks concerned with payment to the data subject or third parties, legal representatives, economic trusts and payroll accountants.
3.4. Customer support and marketing for internal purposes
- Purpose: Processing of data belonging to customers and prospective buyers that is internal or has been purchased in addition for the initial business contact with regard to internal delivery or supply offers and carrying out advertising measures and customer relation management.
- Legal basis: Consent (Article 6 (1) a) GDPR), fulfilling a contract, required to carry out precontractual measures (Article 6 (1) b) GDPR), fulfilling a legal obligation (Article 6 (1) c) GDPR) , legitimate interest, especially preventing, exercising and asserting legal claims (Article 6 (1) f) GDPR)
- The following data will be processed in order to send out the newsletter through our website: Master data
- Storage duration: The data may be stored until the end of the third year following the last contact with the client, provided that there are no longer contractual or statutory storage periods in effect.
- Recipient / recipient categories: Processor
3.5. Staff management and applicant management
- Purpose: Processing and transferring data for paying wages, salaries and remuneration and complying with recording, information and reporting obligations, insofar as these are required by law or codes of collective legal regulation or obligations in employment contracts; using personal data belonging to applicants and retaining for record keeping, if this data has been provided by the data subject.
- Legal basis: Consent (Article 6 (1) a) GDPR), fulfilling a contract, required to carry out precontractual measures (Article 6 (1) b) GDPR), fulfilling a legal obligation (Article 6 (1) c) GDPR) , legitimate interest, especially preventing, exercising and asserting legal claims (Article 6 (1) f) GDPR), explicit consent (Article 9 (2) a) GDPR), required to fulfill obligations from employment law and social law (Article 9 ( 2) b) GDPR), exercising, asserting and defending against legal claims (Article 9 (2) f) GDPR), statutory obligations to exercise due diligence (Article 10 GDPR in conjunction with Article 4 (3) 2 DSG), legitimate interest (Article 10 GDPR in conjunction with Article 4 (3) 2 DSG).
- Storage duration: Until the end of the relationship with the data subject and, in addition, for as long as the statutory storage period or for as long as legal claims resulting from the employment relationship against the employer can be asserted (particularly providing character references, Etc.). Applicant data will be deleted immediately once the advertised position is filled, unless consent has been provided to keep it for our records. Prospective applications shall be kept in our records as appropriate until the data subject withdraws their consent.
- Recipient / recipient categories: Fiscal authorities, courts and authorities, social insurance agencies (including company health insurance funds), Labor Inspectorate, Transport Labor Inspectorate and Agriculture and Forestry Labor Inspectorate, in particular pursuant to Article 8 Labor Inspection Act, bodies in occupational special interest groups (particularly works councils pursuant to Article 89 4) Working Conditions Act (ArbVG), safety representatives pursuant to Article 10 Health and Safety at Work Act (ASchG), youth representatives pursuant to Article 125 ff. ArbVG and disability representatives pursuant to Article 22a Disability Employment Act (BEinstG)), apprentice positions pursuant to Article 19 Employment Training Act (BAG) and vocational schools, job market services, banks concerned with payment to the data subject or third parties, trade unions specified by the employee , with consent of the data subject, statutory special interest groups, reti rement funds, employee pension funds (MVK) pursuant to Article 11 2) and Article 13 Occupational Employee Pension Law (BMVG), legal representatives; economic trusts; payroll accountants.
3.6. Access management for computer systems
- Purpose: Managing usernames and passwords, as well as system access logs.
- Legal basis: Fulfilling a legal obligation, particularly complying with access controls (eg password guidelines) or access authorizations (Article 6 (1) c) GDPR), legitimate interest, especially preventing, exercising and asserting legal claims (Article 6 (1) f ) GDPR)
- Storage duration: Data will be erased if the data subject's system permissions expire and all legal disputes for which the data is required as evidence are concluded. However, the data will be deleted in any case if there is no longer a statutory storage period.
- Recipient / recipient categories: None
- Purpose: Controlling access authorization to buildings and restricted areas by the owner or those authorized for use by means of systems that process personal data using automated technology in which no biometric data belonging to the data subject is processed. The only exception is the real-time reproduction of facial images.
- Legal basis: Consent (Article 6 (1) a) GDPR), fulfilling a contract, required to carry out precontractual measures (Article 6 (1) b) GDPR), fulfilling a legal obligation to implement technical and organizational measures to protect personal data (Article 6 (1) c) GDPR), legitimate interest, especially preventing, exercising and asserting legal claims (Article 6 (1) f) GDPR), explicit consent (Article 9 (2) a) GDPR), required to fulfill obligations in employment law and social law (Article 9 (2) b).
- Storage duration: Until the end of the access authorization and, in addition, for as long as the statutory storage period or for as long as particular legal claims resulting from the employment relationship against the employer can be asserted. If there is no storage period is specified, the data must be deleted six months after the end of the access authorization.
- Recipient / recipient categories: Courts and authorities.
4. Information about transferring data to third countries or international organizations
Modification of these data protection provisions