PRIVACY POLICY
I. General information
According to the law, personal data must be processed lawfully, in good faith, and in a manner comprehensible for the data subject (“lawfulness, fairness and transparency”).
With this Privacy Policy, we, Sunkid GmbH, inform you about the type, scope, and purpose of the personal data processed by us within the framework of our (general) business operations, when you call up and use our website, and in the scope of the application process. With this Privacy Policy, we also inform you about your rights.
As a company under private law, we are subject to the rules of the European Data Protection Regulation (General Data Protection Regulation [EU] 679/2016, GDPR) and the rules of the Austrian Data Protection Act (Datenschutzgesetz, DSG). We give high priority to preserving the confidentiality of the personal data you make available and to protecting such data against unauthorised access. Therefore, we take utmost care and apply state-of-the-art security standards to ensure maximum protection for your personal data.
This Privacy Policy describes:
• what information we gather and for what purposes,
• how we use that information, and
• what your rights are.
Definitions of the individual terms used in this Privacy Policy can be found in Art. 4 GDPR.
1) CONTROLLER ACCORDING TO ART. 24 GDPR
Sunkid GmbH
FN 154738 g
Industriezone 39
A-6460 Imst
+43 5412 68131
A data protection officer is not appointed since there is no legal obligation to do so.
2) LEGAL BASIS OF PROCESSING
We process your personal data only if at least one of the following applies:
• You have given consent
• Based on a contract
• Compliance with a legal obligation
• Due to legitimate interests
2) HOW DO WE PROTECT YOUR PERSONAL DATA?
We have taken a series of technical and organisational measures as defined by Art. 32 GDPR to ensure the security of your personal data. Personal data are stored on secure networks and are only accessible to a limited number of specifically authorised persons who are bound by an obligation of confidentiality in regard of those data. We have taken in particular the following data protection measures for this; they are subject to constant review and adjustment to the current state of the art:
- Use of encryption systems
- User authentication controls
- Secured network infrastructures
- Limitation of access to personal data
- Network monitoring solutions
- Obligation to data secrecy
- Limitation of access rights in electronic systems
- Firewalls
- Virus protection
- Network monitoring solutions
- Area-limited alarm systems and video monitoring
- Employee code of conduct
- Obligation to data secrecy
Please observe:
In spite of these measures, there is always a risk that it may be intercepted and used by third parties whom we are unable to control whenever you provide personal information on the internet. Although we make every effort to protect your personal information and privacy, we are unable to guarantee the security of any information you make available on the internet.
II. Data processing by Sunkid GmbH
1) PURPOSE OF PROCESSING
1.1) Business relationship / contractual relationship
We as Controller process your personal data primarily in the framework of a business relationship with you and/or a company represented by you, particularly where there is a contractual relationship or in order to take steps at your request prior to entering into a contract (point (b) of Art. 6 (1) GDPR).
The personal data processed by us will specifically include your name, your contact details (email address, telephone number, residential address) and your bank details, potentially information on your credit history, your social security data (if necessary), and information on you connected to compliance with the contractual relationship, as well as any other information submitted by you.
1.2) Legal / regulatory obligations
Your personal data are also processed to the extent it is necessary for compliance with a legal/regulatory obligation to which we are subject (e.g. statutory record-keeping requirements for accounting data, information obligations towards authorities, or employer’s obligation to report to the social insurance institution etc.(point c of Art. 6 (1) GDPR). Furthermore, your personal data may be processed where the processing is necessary for the performance of a task carried out in the public interest (point (e) of Art. 6 (1) GDPR).
In this case, processing shall in particular include business correspondence and any fiscally relevant records relating to the contractual relationship between you and us (§ 212 UGB (Commercial Code), § 132 BAO (Federal Tax Act) and others), as well as social security data, if an employer/employee relationship exists between you and us.
1.3) Consent
The processing of your personal data may be performed on the basis of your consent to the processing; you may revoke your given consent at any time (point (a) of Art. 6 (1) GDPR). We process those personal data for which you have given consent. This is the case, for example, if you submit queries to us by email or via the website contact form and your data are not processed based on a (pre-) contractual business relationship in accordance with point (f) of Art. 6 (1) GDPR.
1.4) Legitimate interest
We also process personal information where it is necessary for the purposes of the legitimate interests pursued by us as the controller (point (f) of Art. 6 (1) GDPR). This may be necessary particularly to safeguard our corporate interests, to assert or exercise or defend legal claims and, if there is no reason to assume that you have an overriding legitimate interest that your data are not passed on, to avoid physical injury or financial losses, for direct advertising (marketing and information measures, particularly relating to services we offer), IT security and technical administration and for records as well as file, customer, and supplier management purposes. The processing includes all the data processed in the framework of the contractual relationship, to the extent it is necessary to achieve the respective purpose.
Moreover, we reserve the right to transmit your personal data in case we sell or transfer all or parts of our company or our assets (also in case of restructuring, re-founding, dissolution, or liquidation).
1.5) Events
We make sound and picture recordings within the scope of events and workshops organised by us or held in our premises.
In invitations and at events it is pointed out in advance that picture and sound recordings will be made. Where photographs are taken of larger groups, the pictures are used to heighten our profile and promote our image. We publish such pictures on the Internet and in printed form based on our legitimate interest. When recording smaller groups or individuals, we will request consent beforehand. According to Art. 7 (3) GDPR you have the right to withdraw your consent at any time (see data subject rights). Please note that such withdrawal shall not affect any processing that has taken place until your declaration of withdrawal.
2) (POTENTIAL) RECIPIENTS OF PERSONAL DATA
Personal data processed by us will be transmitted to the following categories of recipients (point (e) of Art. 13 (1) GDPR):
• Companies to which Sunkid GmbH is affiliated under corporate law, i.e. ZoWo Holding GmbH (FN 460440 v), Bruckschlögl Gesellschaft m.b.H (FN 104926 d), Braso Technik GmbH (FN 503507 b), Sunkid France Sarl (France), Borer Lift AG (Switzerland), and Star Lifts USA Inc. (USA).
• Data processors engaged by us (in particular IT and BackOffice service providers [IDC EDV Handels- und Dienstleistungs-GmbH, web-crossing GmbH, The Rocket Science Group LLC, HOST Software Entwicklung & Consulting GmbH], accountants, payroll accountants [Illmer und Partner Steuerberatungsgesellschaft GmbH], tax advisors, and auditors [NEXIA TU Wirtschaftsprüfung GmbH]
• Courts and authorities (especially in case of customer and supplier disputes) as well as our opponents in court (and out-of-court) or regulatory proceedings;
• (Court-appointed and non-judicial) experts;
• Third-party suppliers and cooperation partners (e.g.: credit card providers, banks);
• Lawyers and law firms retained by us;
- our tax advisors and auditors;
- our advertising and web analysis partners (website);
- social media platforms;
We use your personal data exclusively for the purposes described above and do sell your personal data or trade in them or pass them on to any third parties without informing you in advance.
3) STORAGE AND RETENTION OF PERSONAL DATA
Point (e) of Art. 5 (1) GDPR requires us to erase the personal data relating to you as a data subject when the purpose for storing the data no longer exists, there is no longer a legal basis for keeping your personal data, and you have not consented to further processing of your data.
Your personal data will be stored by us in any event for as long as it is necessary to achieve the respective purpose, particularly for the duration of the complete business relationship (from initiation or pre-contractual relations to implementation and completion of the contract) and in compliance with the legal obligations contained in statutory record-keeping and documentation provisions (e.g. the 7-year retention period for contracts and other documents and the accompanying correspondence according to UGB, BAO, UStG (Value-Added Tax Act), etc.). The data will be stored beyond this until the applicable guarantee, damages, and warranty periods for the required assertion, exercise, or defence of legal claims expire (in this case until a legal dispute where the data are needed as evidence is resolved), taking into account the statutory limitation periods according to ABGB (General Civil Code), which may lead to retention periods, for the required documents, of up to 30 years after the termination of the contractual relationship.
The respective duration of the storage of your data is, therefore, measured based on various criteria (in particular the legal basis on which the processing is based, the purpose to be achieved and, if applicable, your consent). When processing your personal data based on your consent, storage and processing will in any case be carried out as long as your consent has been given (and we have not received any objection.
III. Processing of website user data by Sunkid GmbH
1) (Automatic) data collection when visiting our website
When you visit our website, a connection will be established between your terminal device and our servers. In the course of this connection, data that may also include personal data will be transmitted to us automatically. These data will be stored on our server in a log file for 90 days.
The transmitted data will include in particular:
- Date and time of your visit
- The visited website (incl. any visited subpages)
- The terminal device you use when visiting the website and its IP address
- The browser used by you when visiting the website (incl. version of the browser)
- The operating system you use on your terminal device when visiting the website (incl. the version of the operating system)
- Visited link including corresponding reference link
Processing of such data is based on our legitimate interest in the upright and secure operation of our websites pursuant to point (f) of Art. 6 (1) GDPR. The data in these log files are generally not passed on to any third parties. However, we reserve the right to transmit these data in particular to law enforcement agencies and IT forensics in the event of unlawful use of our website.
Beyond this, processing shall take place in connection with use of the website in order to be able to compile usage statistics, to be able to provide and use the website, to be able to optimise the offers and the service of the website, to be able to respond to inquiries, to process orders and registration on the website, to maintain and evaluate system security and stability, as well as for administrative purposes (points (f), (a), and (b) of Art. 6 (1) GDPR); furthermore, processing may take place in order to comply with a legal obligation (point (c) of Art. 6 (1) GDPR).
2) Contact through forms or by email
If you send us any messages via a (contact) form (e.g. at www.sunkidworld.com/unternehmen/kontakt/) or by email, we assume that you voluntarily provide us with personal data (such as your name, address, telephone number, and email address). As a result, we process your data in particular based on your (voluntary) consent. However, please note that we may also process your data – depending on the content of your request – for other reasons (item III.1).
If you transmit any data from third parties to us, we assume that you have obtained the consent of the (third-party) data subject.
3) COOKIES
3.1) General information
In addition to the above data, information will be collected and stored on your computer when you use our website. This information is called “cookies”. “Cookies” are small (text) files that enable us to store information specific to you on your terminal device.
Cookies cannot run any programs or transfer any viruses to your computer. They are used to determine the frequency of use and the number of users of the Internet pages, as well as to make the Internet offering as a whole more user-friendly and effective.
3.2) Duration of storage:
Cookies have different storage durations. There are cookies that are automatically deleted when you close your browser (“session cookies”), and cookies that are stored for a specific period of time. The respective storage period of the cookies can be found in the cookie table (see below).
3.3) Cookies used by us:
Find a complete overview of the cookies used, including their names, descriptions, and storage periods, under the cookie settings of our website.
Please note that all essential cookies will be set even without your consent, as that we use and process them based on our legitimate interest. Non-essential cookies are only set based on your explicit consent.
3.4) Deleting and blocking cookies
All common web browsers offer functions to prevent general storage of cookies, or storage of cookies from third-party providers (e.g. advertising partners) and to delete cookies at any time, to restrict them to certain websites, or to set the web browser so that you will be informed once a cookie is sent. Information and instructions on how to manage cookies are available on the links below provided by the browser manufacturers:
However, note that blocking cookies may limit use of the website.
3.5) Third-party cookies
Third-party cookies (including those from Google) are also used to serve ads based on previous visits to the website. These advertising partners will not collect any personal information such as names, email addresses, postal addresses, or telephone numbers. As a user of the website, you can disable Google’s use of cookies by visiting the page of interest-based advertising on websites outside Google and disabling the function there. You may also deactivate use of cookies from third-party providers by visiting the deactivation page of the “Network Advertising Initiative” (www.networkadvertising.org/choices/ and www.youronlinechoices.com) and making the corresponding settings for the opt-out procedure there. These settings ensure that no interest-based advertising is displayed; they do not prevent advertising in general.
4) Marketing and analysis tools, social-media providers, and other third-party tools
4.1) GOOGLE ANALYTICS
This website uses Google Analytics, a web analytics service provided by Google Inc (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, hereinafter: “Google”). Google Analytics uses “cookies”, i.e. text files placed on the user’s computer, to help the website analyse how users use the site. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States.
Google Analytics is used exclusively on the basis of your explicit consent.
We use Google Analytics exclusively with IP anonymisation enabled. Your IP address will, therefore, usually be shortened before transmission to the USA so as to prevent clear identification. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.
Google will use this information on our behalf for evaluating your use of the website, compiling reports on website activity, and providing other services relating to website activity and internet usage to the website operator.
You may refuse the use of cookies by selecting the appropriate settings on your browser; however, please note that if you do this you may not be able to use the functions of this website in full. You may also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google, as well as processing of these data by Google, by downloading and installing the browser plug-in available at the following link: tools.google.com/dlpage/gaoptout.
As an alternative to the browser plug-in or from browsers on mobile devices, you can click the following link to set an opt-out cookie that will prevent the collection by Google Analytics within this website in the future (this opt-out cookie only works in this browser and only for this domain, if you delete your cookies in this browser, you must click this link again): <a onclick="alert(‘Google Analytics has been deactivated’);"href="javascript:gaOptout()">Deactivate Google Analytics</a>
Please note that this third-party provider is headquartered in the USA. Due to the current legal situation there, it cannot be ruled out that your data may be accessed by US authorities (even if your data may be stored within the EU). If you consent to using Google Analytics, your consent will, therefore, also include transfer of your data to the USA pursuant to point (a) of Art 49 (1) GDPR.
For more information on Google’s use of data, see: https://support.google.com/analytics/answer/6004245?hl=de. More information on Google’s use of data when using websites: www.google.com/policies/privacy/ and www.google.com/policies/privacy/partners/.
4.2) GOOGLE MAPS
This website uses Google Maps API of Google Inc (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter: “Google”) to visually display geographic information. When using Google Maps, Google also collects, processes, and uses data about visitors’ use of the map functions. By your use of this website, you consent to the collection, processing, and use of automatically collected data by Google.
Google Maps is used exclusively on the basis of your explicit consent.
Google Maps uses “cookies”, i.e. text files placed on the user’s computer, to help the website analyse how users use the site. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States.
You may refuse the use of cookies by selecting the appropriate settings on your browser; however, please note that if you do this you may not be able to use the functions of this website in full.
Please note that this third-party provider is headquartered in the USA. Due to the current legal situation there, it cannot be ruled out that your data may be accessed by US authorities (even if your data may be stored within the EU). If you consent to using Google Analytics, your consent will, therefore, also include transfer of your data to the USA pursuant to point (a) of Art 49 (1) GDPR.
For more information, visit the Google Maps help forum at https://support.google.com/maps/?hl=de#topic=3092425.
More information on Google’s use of data when using websites:www.google.com/policies/privacy/ and www.google.com/policies/privacy/partners/.
4.3) GOOGLE RECAPTCHA
We use the service reCAPTCHA of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter: “Google”) to protect your orders via internet forms.
The “reCAPTCHA” tool is used to determine whether the input is made by a human or abusively by automated, machine processing. The query includes submission of the IP address and potentially further data required by Google for the reCAPTCHA service (in particular reference URL, cookies, date, and time) to Google. Your input will be transmitted to Google and used there for this purpose.
Google reCAPTCHA is used exclusively on the basis of your explicit consent.
Google reCAPTCHA uses “cookies”, i.e. text files placed on the user’s computer, to help the website analyse how users use the site. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States. Beyond this, your terminal device will establish a connection to Google’s servers.
You may refuse the use of cookies by selecting the appropriate settings on your browser; however, please note that if you do this you may not be able to use the functions of this website in full.
Please note that this third-party provider is headquartered in the USA. Due to the current legal situation there, it cannot be ruled out that your data may be accessed by US authorities (even if your data may be stored within the EU). If you consent to using Google Analytics, your consent will, therefore, also include transfer of your data to the USA pursuant to point (a) of Art 49 (1) GDPR.
By using reCAPTCHA, you agree that the recognition you provide will be included in the digitisation of old works. These data are subject to deviating data protection provisions of Google.
For technical information about Google ReCAPTCHA, see: https://developers.google.com/recaptcha/. More information on Google’s use of data can be found at:www.google.com/policies/privacy/ and www.google.com/policies/privacy/partners/.
4.4) Google Fonts
We use Google Fonts (https://www.google.com/webfonts/) on this website in order to display our content, more specifically the external fonts we use, correctly and graphically appealing across browsers. Google Fonts is a service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, hereinafter: “Google”). Integration of such web fonts takes place via a server call, usually to a Google server in the USA. This will transmit information on which of our websites you have visited to the server. Google will also store the IP address of the browser of your terminal device as a visitor to our website. If your browser does not support Google Fonts or prevents access, content will be displayed in a standard font.
Calling up script libraries or font libraries will automatically trigger a connection to the provider of the library (Google). This will transfer the IP address to Google.
This service will be used exclusively based on your explicit consent.
Please note that this third-party provider is headquartered in the USA. Due to the current legal situation there, it cannot be ruled out that your data may be accessed by US authorities (even if your data may be stored within the EU). If you consent to using Google Analytics, your consent will, therefore, also include transfer of your data to the USA pursuant to point (a) of Art 49 (1) GDPR.
For technical information about Google Fonts, see: https://developers.google.com/fonts/faq#what_does_using_the_google_fonts_api_mean_for_the_privacy_of_my_users. More information on Google’s use of data when using websites: www.google.com/policies/privacy/ and www.google.com/policies/privacy/partners/.
4.5) FACEBOOK
We use social plug-ins (“plug-ins”) of the social network Instagram of Meta Platforms Inc (1601 Willow Rd, Menlo Park CA 94025, USA; hereinafter “Instagram”) based on your consent.
The plug-ins may display interaction elements or content (e.g., videos, graphics. or text posts) and are recognisable by one of the Facebook logos (white “f” on blue tile, the terms of “Like”, “Gefällt mir” or a “thumbs up” sign) or are marked with the addition of “Facebook Social Plug-in”. For an overview of Facebook plug-ins and their appearance see: developers.facebook.com/docs/plugins.
The plug-ins are integrated into the page a “2-click” or “Shariff” solution to increase protection of your data when visiting our website. This integration ensures that no connection is established with the Facebook servers yet when a page of our website containing such plug-ins is called up. Only when you activate the plug-ins and thus give your consent to the data transfer will your browser establish a direct connection to Meta’s servers. The content of the respective plug-in will be transmitted directly to your browser and integrated into the page. The plug-in will then transmit data (including your IP address) to Meta. We have no influence on the scope of the data Meta collects using these plug-ins. To the best of our knowledge, Meta receives information that you have currently or previously visited our website. By integrating the plug-ins, Meta will receive the information that your browser has called up the corresponding page of our website even if you do not have a profile on Facebook or are not currently logged in. This information (including your IP address) will be transmitted by your browser to a Meta server in the USA directly and stored there. If you interact with the plug-ins, e.g., by clicking the “Like” button, the corresponding information will also be transmitted directly to a Facebook server and stored there. The information will also be published on Facebook and displayed there to your contacts.
For the purpose and scope of data collection and further processing and use of the data by Meta, as well as your rights in this regard and setting options to protect your privacy, see Facebook’s data protection information at http://www.facebook.com/policy.php.
If you are a member of the Facebook social network (of Meta) and wish to limit collection of data about our website and aggregation of your user data with the data stored about you by the Facebook social network, log out of Facebook and delete your cookies before visiting our website. You can also prevent loading of Facebook plug-ins for the future entirely with add-ons for your browser, e.g., with the script blocker “NoScript” (http://noscript.net/).
Further settings and objections to use of data for advertising purposes can be made within the Facebook profile settings: https://www.facebook.com/settings?tab=ads, the US site http://www.aboutads.info/choices/, or the EU site http://www.youronlinechoices.com/. The settings are platform-independent; this means that they apply to all devices, such as desktop computers or mobile devices.
Please note that this third-party provider is headquartered in the USA. Due to the current legal situation there, it cannot be ruled out that your data may be accessed by US authorities (even if your data may be stored within the EU). If you consent to using this third-party provider, your consent will, therefore, also include transfer of your data to the USA pursuant to point (a) of Art 49 (1) GDPR.
4.6) INSTAGRAM
We use social plug-ins (“plug-ins”) of the social network Instagram of Meta Platforms Inc (1601 Willow Rd, Menlo Park CA 94025, USA; hereinafter “Instagram”) based on your consent.
Instagram content embedding features allows us to display images and videos (embed function). By calling up pages that use such functions, data (IP address, browser data, date, time, cookies) will be transmitted to Instagram, stored, and evaluated. If you have an Instagram account and are logged in, these data will be associated with your personal account and the data stored in it.
By calling up pages that use such functions, data (IP address, browser data, date, time, cookies) will be transmitted to Instagram, stored, and evaluated. If you have an Instagram account and are logged in, these data will be associated with your personal account and the data stored in it. You can prevent this by logging out of your YouTube account beforehand and deleting any cookies.
This service will be used exclusively based on your explicit consent.
Please note that this third-party provider is headquartered in the USA. Due to the current legal situation there, it cannot be ruled out that your data may be accessed by US authorities (even if your data may be stored within the EU). If you consent to using this third-party provider, your consent will, therefore, also include transfer of your data to the USA pursuant to point (a) of Art 49 (1) GDPR.
The privacy policy, the information collected by Instagram, and its use there can be found at https://help.instagram.com/519522125107875.
4.7) YouTube
We use social plug-ins (“plug-ins”) of the video platform “YouTube” on our website based on your consent. The provider of the respective plug-ins is Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; hereinafter: “YouTube”).
If you visit a page with the YouTube plug-in, a connection to YouTube servers will be established. When you access the website, YouTube is told which pages you are visiting. If you are logged into your YouTube account, YouTube can personally assign your surfing behaviour. You can prevent this by logging out of your YouTube account beforehand and deleting any cookies.
The provider uses cookies that collect information about their user behaviour when starting a YouTube video. Users who have deactivated cookies for the Google Ad program will not have to deal with such cookies when watching YouTube videos. However, YouTube also stores non-personal usage information in other cookies. If you wish to prevent this, you must block the storage of cookies in the browser.
This service will be used exclusively based on your explicit consent.
Please note that this third-party provider is headquartered in the USA. Due to the current legal situation there, it cannot be ruled out that your data may be accessed by US authorities (even if your data may be stored within the EU). If you consent to using this third-party provider, your consent will, therefore, also include transfer of your data to the USA pursuant to point (a) of Art 49 (1) GDPR.
Information on Google’s use of data when using websites: www.google.com/policies/privacy/ and www.google.com/policies/privacy/partners/.
4.8) VIMEO-VIDEOS
We embed Vimeo videos on our website. The provider of the corresponding plug-ins is Vimeo LLC (555 West 18th Street, New York 10011, USA; hereinafter: “Vimeo”).
If you visit our page with the Vimeo plug-in, a connection to Vimeo servers will be established. This will inform Vimeo of which pages you are visiting. If you are logged into your Vimeo account, Vimeo can assign your surfing behaviour to you personally. You can prevent this by logging out of your Vimeo account beforehand and deleting any cookies.
The provider uses cookies that collect information on user behaviour when starting a Vimeo video. You can delete the cookies set and reject new cookies in the browser settings. As a registered user from the EU, you can also opt out of any cookies that are not required; see: https://vimeo.com/cookie_policy for the steps required to do this. However, Vimeo also stores non-personal usage information in other cookies. If you wish to prevent this, you must block the storage of cookies in the browser.
For further information on data protection at “Vimeo”, see the provider’s privacy policy at: https://vimeo.com/privacy.
This service will be used exclusively based on your explicit consent.
Please note that this third-party provider is headquartered in the USA. Due to the current legal situation there, it cannot be ruled out that your data may be accessed by US authorities (even if your data may be stored within the EU). If you consent to using this third-party provider, your consent will, therefore, also include transfer of your data to the USA pursuant to point (a) of Art 49 (1) GDPR.
4.9) LINKEDIN
We use plug-ins of the social network LinkedIn of LinkedIn Corporation (2029 Stierlin Court, Mountain View, CA 94043, USA; hereinafter: “LinkedIn”). The LinkedIn plug-ins are marked by the LinkedIn logo on our website.
A direct connection between your browser and the LinkedIn server is established via the plug-in when you visit our pages. It gives LinkedIn the information that you have visited our website with your IP address.
Clicking the LinkedIn “Recommend Button” while logged into your LinkedIn account allows you to link the content of our website on your LinkedIn profile. This allows LinkedIn to assign the visit to our website to your user account.
Please note that we, as the provider of the website, have no knowledge of the content of the data transmitted or their use by LinkedIn.
Details on data collection (purpose, scope, further processing, use) as well as your rights and setting options can be found in LinkedIn’s privacy policy. LinkedIn provides this information at http://www.linkedin.com/static?key=privacy_policy&trk=hb_ft_priv/; objection – opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. LinkedIn privacy policy: https://www.linkedin.com/legal/privacy-policy.
This service will be used exclusively based on your explicit consent.
Please note that this third-party provider is headquartered in the USA. Due to the current legal situation there, it cannot be ruled out that your data may be accessed by US authorities (even if your data may be stored within the EU). If you consent to using this third-party provider, your consent will, therefore, also include transfer of your data to the USA pursuant to point (a) of Art 49 (1) GDPR.
5) NEWSLETTER
5.1) General information
You may subscribe to our newsletter via our website. We require your first and last name, your email address, and a declaration that you agree to receive the newsletter and that we may process the above personal data for the purpose of sending you information on offers, product innovations, competitions, etc. in accordance with point (a) of Art. 6 (1) GDPR for this.
We also collect and process information voluntarily provided on areas of interest, birthdate, and postal code, etc., in order to provide you with targeted information.
5.2) Revocation of your consent
You may revoke your consent at any time in accordance with Art. 7 (3) GDPR; this shall not affect the lawfulness of any processing carried out on the basis of the consent until the time of revocation. You may also cancel the newsletter subscription at any time by clicking unsubscribe from any newsletter/mailing.
If you withdraw your consent pursuant to Art. 7 (3) GDPR, your personal data will be routinely blocked or erased in accordance with the statutory provisions, except if otherwise provided by law or we have an overriding legitimate interest in its further use.
Registration for our newsletter takes place in a double opt-in process. That means that the user will receive an email with a link to confirm the registration after registration. You may cancel the subscription to the newsletter at any time. Unsubscribe here >>
5.3) Processor based on a contract
We use the list provider MailChimp to send our newsletter. MailChimp is a service provided by The Rocket Science Group, LLC (512 Means Street, Ste 404 Atlanta, GA 30318). The data stored in the course of your newsletter registration (title, first name, last name, email address, IP address, as well as date and time of your registration) will be transmitted to a server of The Rocket Science Group, LLC in the USA. Your consent to processing of your data in connection with the sending of newsletters, therefore, also includes the transfer of your data to the USA pursuant to point (a) of Art 49 (1) GDPR.
MailChimp provides extensive analyses on how newsletters are opened and used. These analyses are group-related and not used by us for individual evaluation. MailChimp also uses the Google Analytics analysis tool and integrates it into the newsletters where applicable. Further details on Google Analytics can be found in the “Google Analytics” section. You can find more information on MailChimp and data protection at MailChimp here: http://mailchimp.com/legal/privacy/.
Please note that this third-party provider is headquartered in the USA. Due to the current legal situation there, it cannot be ruled out that your data may be accessed by US authorities (even if your data may be stored within the EU). If you consent to using this third-party provider, your consent will, therefore, also include transfer of your data to the USA pursuant to point (a) of Art 49 (1) GDPR.
6) Purpose of processing
In addition to the purposes of processing already referred to in item III.1, the purposes listed in item II.1 also apply to processing of personal data, depending on the situation and conditions.
7) Storage duration
If no explicit storage period is specified in the data protection declaration concerning the website for the respective processing activity (in particular for the server log file item III.1 and for cookies in item III.3.2), see our provisions on the storage period in item II.3.
8) (Potential) transferees
Except if any explicit recipients of transfers are specified in the privacy policy for the website for a respective processing activity (specifically: marketing and analysis tools, social media providers, as well as other third-party tools in item III.4) see our provisions on potential transfer recipients in item II.2.
IV APPLICATION
1) General information
Our website https://www.sunkidworld.com/unternehmen/karriere/ offers the opportunity of learning about vacancies within our company. You may also use the form to apply for advertised positions or to send us your application documents.
2) Consent to processing and processed data
We assume that you consent to our processing of the data you submit to us for the purpose of the application process when you submit your personal data in the course of an application.
We process the data that you voluntarily provide to us in the course of the application process. Please note that the following data must be submitted for your application to be considered in the application process: Name, email address, home address, nationality, curriculum vitae, and cover letter.
Please note that we request that you do not send us any sensitive data within the meaning of the GDPR or any criminal data / criminal convictions. If you provide us with such data anyway, your consent shall also include processing of such data.
3) Storage duration
Data of applicants who are not hired will be stored for seven months after completion of the application process and eventually erased, except if the applicant agrees that the data may be kept on record and/or that we may inform them for advertising purposes by electronic messages.
If the applicant is hired by our company, the data will remain stored beyond the application phase.
4) Revocation
See data subject rights.
DATA SUBJECT RIGHTS / REVOCATION RIGHTS
1) DATA SUBJECT RIGHTS
The following rights, about which we provide information below, are available to you within the meaning of the GDPR with the exceptions provided for in the respective provisions and the restrictions described in Art. 23 GDPR:
1.1) RIGHT TO INFORMATION (ARTICLE 15 GDPR)
You have the right to request confirmation from us as the Controller (Sunkid GmbH; cf. item I.1.) at any time as to whether we are processing personal data relating to you and, if so, to receive free information about the personal data processed about you and a copy of this information. If this right to information is claimed excessively, in that requests for information are addressed to us in an excessive manner, we may levy a charge customary in the locality for the administrative costs of providing the information.
1.2) RIGHT TO RECTIFICATION (ARTICLE 16 GDPR)
You have the right to request that we (as the Controller) rectify any inaccurate personal data relating to you without undue delay.
1.3) RIGHT TO ERASURE (RIGHT TO BE FORGOTTEN) (ARTICLE 17 GDPR)
You have the right to demand from us (as the Controller) that the personal data concerning you be erased without undue delay, insofar as the data are not necessary for the purposes for which they were collected or otherwise processed and that there is no legal reason for the deletion. If you request erasure, we will check the above legal requirements and inform you accordingly.
1.4) RIGHT TO RESTRICT PROCESSING (ARTICLE 18 GDPR)
You have the right to request that we (as the Controller) restrict processing of any personal data relating to you.
1.5) RIGHT TO DATA PORTABILITY (ARTICLE 20 GDPR)
You have the right to receive the personal data concerning you that you have provided to us (as the Controller) in a structured, common, and machine-readable format, and the right to transmit these data to another data controller to whom you have provided your personal data without any hindrance from us.
1.6) RIGHT TO OBJECT (ARTICLE 21 GDPR)
If we process any personal data based on public interest or in the exercise of official authority or because it is required by a legitimate interest, you have the right to object to such processing of your data at any time due to your particular situation. In this case, your data will only be processed if there are compelling reasons to be protected for the processing activities.
1.7) RIGHT TO WITHDRAW CONSENT (ARTICLE 7 (3) GDPR)
You have the right to withdraw consent previously given to data processing at any time. Revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
1.8) RIGHT NOT TO BE SUBJECT TO ANY DECISIONS BASED ON AUTOMATED PROCESSING
You have the right not to be subject to a decision based solely on automated processing – including profiling – that produces legal effects concerning you or similarly significantly affects you under certain circumstances.
1.9) RIGHT TO LODGE A COMPLAINT AND RIGHT TO EFFECTIVE REMEDY (ARTICLE 77 et seq. GDPR)
If you believe that processing of your personal data violates any data protection regulations or that your data protection rights have been violated in any other manner, you may lodge a complaint with the supervisory authority. In Austria, this is the Datenschutzbehörde, Wickenburggasse 8, A-1080 Vienna.
Without prejudice to any other administrative or extrajudicial remedy and the right of appeal, you have the right to effective judicial remedy against a legally binding decision of the supervisory authority concerning you.
1.10) EXERCISING ANY DATA SUBJECT RIGHTS
We as the Controller can be reached under the following contact details for inquiries on the subject of data protection or on the exercise of the rights outlined above (see also item I.1.):
- by email to: info@sunkidworld.com*
- by mail to: Sunkid GmbH, Industriezone 39, A-6460 Imst*
* Please enclose an official copy of your passport. We cannot process any data subject requests without first successfully establishing their identity. This is why we ask you to provide appropriate assistance in establishing your identity.
2) DIRECT MARKETING
If any personal data are processed for direct marketing purposes in accordance with Art. 21 (2) GDPR, you have the right to object to the processing of personal data concerning you at any time.
In case of such an objection, the personal data processed for direct marketing will no longer be processed for these purposes in the future.
VI. COLLECTION OF PERSONAL DATA FROM PERSONS OTHER THAN THE DATA SUBJECT (ARTICLE 14 GDPR)
In exceptional cases, we as the Controller do not collect personal data from you directly, but from other sources; in this case, information will only be collected from publicly accessible databases, from customers/suppliers, from credit agencies, or from companies with which we are associated under company law:
• Company register data at various offices authorised by the BMVRDJ, such as lexunited, IMD, etc.; land register data at court, notaries public, or via the internet; data concerning the practised trade from the federal trade information system GISA;
• Creditworthiness data, including data on payment behaviour (through queries to KSV, AKV, ÖVC, ISA);
• Insolvency data (especially from the federal edict file);
• Registration data from the respective registration authorities (municipal office, magistrate in the case of statutory cities or magistrate’s district office in Vienna);
• Information on you from search engines, social networks, various websites;
• Information regarding contact, payment history, business relationship by customers/suppliers or their business partners if you are our opponent in any proceedings.
The data we collect and store about you from these sources are limited to contact details (email address, telephone number, postal address), any information on your function and assignment/responsibility within the company, data concerning your professional career, with information on your professional and educational career that is accessible from public sources also possible being, as well as data in contract documents and associated documents.
Processing of these data will be carried out in our overriding legitimate interest for efficient communication for business purposes, as well as with regard to proper applicant management (point (f) of Art. 6 (1) GDPR). The data processed by us in this manner will be stored within the periods indicated in item II.3.
In the context of the collection of your data from third parties, you are entitled to the same rights as those listed in item V.1.
VII. DATA TRANSFERS TO OTHER COUNTRIES
We may also transfer your personal information to countries outside of the country in which the information was originally collected. These countries may not be subject to the same data protection laws as the country where you originally provided your personal data. When we transfer your information to other countries, we protect that information as described in our Privacy Policy, and such transfers are subject to applicable law.
The countries to which we disclose your personal data are located in the following countries
• within the European Union, or
• outside the European Union.
When we transfer personal data to countries or international organisations outside the European Union, the transfer is made on the basis:
• of an adequacy decision of the European Commission
• in the absence of this, based on other legally permissible reasons, such as the existence of a legally binding and enforceable document between authorities or public bodies, binding internal company rules, standard data protection clauses, and approved or certified codes of conduct.
In exceptional cases, a data transfer may also take place on the basis of Art. 49 GDPR:
• You have explicitly consented to the proposed data transfer after being informed about the potential risks such data transfers may pose to you in the absence of an adequacy decision and without appropriate safeguards (Article 49(1)(a) of the GDPR).
• Transfer is necessary for performance of a contract between you and us or for the implementation of pre-contractual measures based on your request (point (b) of Art. 49 (1) GDPR)
• Transfer is necessary for conclusion or performance of a contract entered into by us in your interest with another natural or legal person (point (c) of Art. 49 (1) GDPR)
As far as any service providers or contractual partners have their registered office in a country outside of the European Economic Area (EEA), we will inform you of the consequences of this circumstance from case to case.
VIII. CHILDREN
Our offer is generally aimed at adults. Persons under the age of 16 should not submit any personal data to us without the consent of their parents or legal guardians.
IX. MISCELLANEOUS
1) Questions on our privacy policy
You may contact us at any time using the contact information below if you have any questions regarding our privacy practices described above:
2) Changes
Our Privacy Policy is updated continually (in accordance with our obligation under Art. 32 GDPR to ensure that data processing is always in line with the current state of the art). The bottom of this page shows when our Privacy Policy was last updated.
Sunkid GmbH
Industriezone 39
A-6460 Imst / Austria
Phone +43 5412 68131
Email: info@sunkidworld.com
Sunkid GmbH last updated on: 30/05/2022