DATA PROTECTION

Our company, AIDU GmbH (our contact details can be found below), is partic­u­larly committed to protecting your data and your privacy.

We always perform any processing of personal data in compli­ance with the General Data Protec­tion Regu­la­tion (GDPR) and in accor­dance with all national data protec­tion laws applic­able to AIDU GmbH. This Privacy State­ment is intended to inform the general public of the nature, scope and purpose of the personal data that we collect, use and process, and tell you about your rights in this regard.

AIDU GmbH has imple­mented appro­priate tech­nical and organ­i­sa­tional measures to safe­guard your data against loss, manip­u­la­tion, unau­tho­rised access and other risks and threats. The measures in place are subject to regular review and are contin­u­ously updated to the state of the art.

1. General

The AIDU GmbH Privacy State­ment is based on the terms as defined in the GDPR.

"Personal data" means any infor­ma­tion relating to an iden­ti­fied or iden­ti­fi­able natural person ("data subject"). An iden­ti­fi­able natural person is one who can be iden­ti­fied, directly or indi­rectly, in partic­ular by refer­ence to an iden­ti­fier such as a name, an iden­ti­fi­ca­tion number, loca­tion data, an online iden­ti­fier or to one or more factors specific to the phys­ical, phys­i­o­log­ical, genetic, mental, economic, cultural or social iden­tity of that natural person. "Non-personal data" are data that have been rendered anony­mous and which under no circum­stances can be traced to any specific data subject. For this reason, non-personal data are not subject to data protec­tion law.

"Data subject" means any iden­ti­fied or iden­ti­fi­able natural person whose personal data is to be processed by the controller.

"Processing" means any oper­a­tion or set of oper­a­tions which is performed on personal data or on sets of personal data, whether or not by auto­mated means, such as collec­tion, recording, organ­i­sa­tion, struc­turing, storage, adap­ta­tion or alter­ation, retrieval, consul­ta­tion, use, disclo­sure by trans­mis­sion, dissem­i­na­tion or other­wise making avail­able, align­ment or combi­na­tion, restric­tion, erasure or destruc­tion.

"Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, deter­mines the purposes and means of the processing of personal data. Where the purposes and means of such processing are deter­mined by Euro­pean Union or Member State law, the controller or the specific criteria for its nomi­na­tion may be provided for by Euro­pean Union or Member State law.

"Third party" means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are autho­rised to process personal data.

"Consent" of the data subject means any freely given, specific, informed and unam­biguous indi­ca­tion of the data subject's wishes by which he or she, by a state­ment or by a clear affir­ma­tive action, signi­fies agree­ment to the processing of personal data relating to him or her. Personal data that we process are processed exclu­sively in accor­dance with the data protec­tion laws, rules and regu­la­tions currently in force. Please note that when you corre­spond with us you accept that the data you enter in the given form will be processed for the purposes defined below.

2. Name and address of the controller and data protec­tion contact

The controller as defined in the GDPR, any other data protec­tion laws in force in the Member States of the Euro­pean Union, and other statu­tory or regu­la­tory provi­sions governing data protec­tion, is:

AIDU GmbH
Mondseestraße 3
A-5310 Tiefgraben 

The data protec­tion officer volun­tarily appointed by the controller can be reached using the following contact infor­ma­tion:

EY Law – Pelz­mann Gall Größ Recht­sanwälte GmbH
RA (RAK München) Dr. Ermano Geuer
RAA Mag. Alexander Woll­mann

Wagramer Straße 19/33
1220 Wien, Öster­reich
Email: daten­[email protected]

3. Processing of personal data

Your personal data are processed solely for the purposes spec­i­fied in this Privacy State­ment and only to the extent required for achieving these purposes.

3.1. Processing of customer and supplier data

Processing for perfor­mance of pre-contractual and contrac­tual oblig­a­tions (Art. 6(1)(b) GDPR) and for compli­ance with legal oblig­a­tions (Art. 6(1)(c) GDPR)
We process the data needed to initiate, record, execute or termi­nate busi­ness rela­tion­ships and to process contrac­tual claims arising from our activ­i­ties, including auto­mat­i­cally created and archived docu­ments (e.g. written corre­spon­dence). Such processing includes, for example, delivery data, sales data, billing data, as well as contract manage­ment and the processing and forwarding of infor­ma­tion to courts, offi­cial bodies or legal repre­sen­ta­tives for the asser­tion of claims.

In partic­ular, it may be neces­sary to pass on data to our contrac­tual part­ners for the logis­tical processing and coor­di­na­tion of deliv­eries and services.

In addi­tion, we process your data in compli­ance with legal oblig­a­tions. These encom­pass corpo­rate, tax and tax law-related reten­tion, docu­men­ta­tion and reporting oblig­a­tions, including finan­cial book­keeping and accounting. Fulfilling these purposes may in some cases neces­si­tate supplying your infor­ma­tion to service providers, such as audi­tors.

Processing on the basis of our legit­i­mate inter­ests or the legit­i­mate inter­ests of third parties (Art. 6(1)(f) GDPR), namely in the imple­men­ta­tion of entre­pre­neurial freedom and for the protec­tion of prop­erty for the purpose of internal admin­is­tra­tion and simpli­fi­ca­tion of effi­cient busi­ness processes.

To respond to your requests. It may be neces­sary for this purpose to forward your data to other compa­nies within the Group.

  • For credit checks.
  • For event plan­ning, invi­ta­tions and coor­di­na­tion.
  • For the purpose of direct adver­tising and for main­taining busi­ness partner rela­tion­ships
  • To ensure network and infor­ma­tion secu­rity. In imple­menting (data) secu­rity measures and precau­tions, your data will be processed for the admin­is­tra­tion and secu­rity of our systems. During Internet use via our visitor access, during the use of means of commu­ni­ca­tion, such as tele­phone, e-mail, instant messaging or video confer­encing, the usage and means of collab­o­ra­tion (e.g. intranet and web-based project plat­forms) are logged as a secu­rity precau­tion.
  • For the purpose of preventing cases of misuse (whistle­blower system).
  • To ensure general secu­rity on the company premises, your infor­ma­tion will be recorded as part of visitor manage­ment and it may happen that your image will be stored by the video surveil­lance system.

 

If you do not agree to this on reason­able grounds, you can object to such processing.

3.2. Online appli­ca­tions

Personal data that you provide to us as part of your online appli­ca­tion will be treated confi­den­tially and only be used to carry out the appli­ca­tion process. As soon as you submit an online appli­ca­tion to us using the mask provided for this purpose, you will receive a confir­ma­tion e-mail from us. In prin­ciple, we will store your personal data for only as long neces­sary to perform and complete the appli­ca­tion process.

The online appli­ca­tion form requires input of the following infor­ma­tion: Salu­ta­tion, Title, First Name and Surname, Address, Nation­ality, Birthday, Tele­phone Number, E-mail address, Details of mili­tary or civilian service where applic­able, Details of the posi­tion applied for.
By submit­ting your appli­ca­tion to us, appli­cants agree to the processing of their data for the purposes of the appli­ca­tion process in accor­dance with the type and scope set out in this privacy and data protec­tion state­ment.

The legal basis for processing appli­cant data is defined in Article 6(1)(b) and Article 6(1)(f) of the GDPR. Insofar as special cate­gories of personal data within the meaning of Article 9(1) of the GDPR are volun­tarily commu­ni­cated in the context of the appli­ca­tion process, processing thereof is addi­tion­ally carried out in accor­dance with Article 9(2)(b) of the GDPR (e.g. health data, such as disability status or ethnic origin). If special cate­gories of personal data within the meaning of Article 9(1) of the GDPR are requested from appli­cants as part of the appli­ca­tion process, processing thereof will also be carried out in accor­dance with Article 9(2)(a) of the GDPR (e.g. health data if these are neces­sary for profes­sional prac­tice). If you apply for an adver­tised posi­tion in a third country, your data will be used to imple­ment pre-contractual measures on your behalf in accor­dance with Article 49(1)(b) of the GDPR.

Filling in this online data-entry form allows you to apply for posi­tions in our company. The infor­ma­tion and personal data needed for the appli­ca­tion process such as your name, address, e-mail address or details of your nation­ality and date of birth are collected. In addi­tion, you have the option of uploading your indi­vidual, person­alised appli­ca­tion docu­ments (such as a covering letter, CV, personal state­ment, refer­ences and photo). The infor­ma­tion provided and uploaded docu­ments will be added to our job portal and stored there.

If you apply for an adver­tised posi­tion via the job portal, your data can only be viewed and processed by the respon­sible employees at our HR depart­ment and the respon­sible employees at the specific depart­ment issuing the recruit­ment adver­tise­ment.

By submit­ting an unso­licited appli­ca­tion via our job portal, you provide us with your personal data for the purpose of finding a suit­able posi­tion for you. Your data can then be viewed by the HR depart­ments of AIDU GmbH as well as by the depart­mental staff specif­i­cally involved in the appli­ca­tion process so that your profile can be reviewed against suit­able vacan­cies.

In addi­tion, we will also check whether your appli­ca­tion is suit­able for other vacan­cies in Austria, other Euro­pean loca­tions or subsidiaries of BWT Holding GmbH. If we find a suit­able vacancy, your appli­ca­tion data will be forwarded accord­ingly by the respon­sible HR depart­ment.

The appli­cant data provided as part of the online appli­ca­tion process may be forwarded within AIDU GmbH in Germany, as well as to Euro­pean loca­tions of BWT Holding GmbH and its Group subsidiaries. The answers and infor­ma­tion you provide during the appli­ca­tion phase will gener­ally be stored together with your name for up to six months after comple­tion of the appli­ca­tion process. After that, the results are only stored in anonymised form for the purpose of statis­tical eval­u­a­tions. This statis­tical data set does not allow any conclu­sions to be drawn about your iden­tity.

In addi­tion, before submit­ting your appli­ca­tion, you can give your consent to allow the infor­ma­tion you provide to be retained and kept in evidence by enabling the "Eviden­zhal­tung" (Record Keeping) field. You thereby expressly agree that the data and infor­ma­tion that you provide in the context of the Job Portal may be kept on record for a period of two years after the end of the appli­ca­tion process. In the event that a vacancy arises in the company, you will allow BWT Holding GmbH and its affil­i­ated compa­nies to compare the data you have provided with the corre­sponding job profile during this period of data reten­tion.

The legal basis for keeping records is Article 6(1)(a) of the GDPR. You can with­draw your consent to the processing of your data at any time with effect for the future pursuant to Article 7(3) of the GDPR. All you need to do is inform us of your with­drawal of consent.

We use tech­nical and organ­i­sa­tional secu­rity measures to protect your data against acci­dental or inten­tional manip­u­la­tion, loss, destruc­tion or access by unau­tho­rised persons. Your data will be encrypted if trans­mitted via the Internet. Our secu­rity measures are regu­larly reviewed and revised in line with the latest tech­no­log­ical devel­op­ments.

4. Period of data reten­tion

We store your personal data, if neces­sary, for the dura­tion of the entire busi­ness rela­tion­ship (from the initi­a­tion of the rela­tion­ship and its imple­men­ta­tion through to comple­tion of contract execu­tion) and beyond, in accor­dance with the statu­tory oblig­a­tions governing the reten­tion and docu­men­ta­tion of infor­ma­tion, and for the purpose of defending against legal claims. The dura­tion of data reten­tion is there­fore deter­mined by the manda­tory statu­tory reten­tion periods and by statutes of limi­ta­tion. The Austrian Commer­cial Code (UGB) and the Austrian Federal Tax Code (BAO) stip­u­late a manda­tory reten­tion period of 7 years, while the Austrian Equal Treat­ment Act (GIBG) sets a period of six months. A longer period of reten­tion may be neces­sary in certain cases due to statutes of limi­ta­tion or in order to defend against legal claims.

5. Rights of data subjects

With regard to the data processing described in greater detail below, users and data subjects are enti­tled to:

  • obtain confir­ma­tion as to whether or not personal data concerning him or her are being processed, and, where that is the case, gain access to the personal data and further infor­ma­tion on the data processing, as well as to copies of the personal data under­going processing (see also Art. 15 GDPR);
  • obtain recti­fi­ca­tion of inac­cu­rate personal data and to have incom­plete personal data concerning him or her completed (see also Art. 16 GDPR);
  • obtain erasure without undue delay of the personal data concerning him or her (see also Art. 17 GDPR) or, alter­na­tively, provided further processing is needed in accor­dance with Article 17(3) of the GDPR, to obtain restric­tion of processing in accor­dance with Article 18 of the GDPR;
  • receive the data concerning him or her and which he or she provided, and to transmit these data to other providers/controllers (see also Art. 20 GDPR);
  • lodge a complaint with a super­vi­sory authority if the data subject considers that the processing of personal data related to him or her by the provider infringes the statu­tory provi­sions governing data protec­tion (see also Art. 77 GDPR). The appro­priate super­vi­sory authority in Austria is the Austrian Data Protec­tion Authority.

The service provider is further oblig­ated to commu­ni­cate any recti­fi­ca­tion or erasure of personal data or restric­tion of processing carried out in accor­dance with Article 16, Article 17(1) and Article 18 of the GDPR to each recip­ient to whom the service provider has disclosed data. This oblig­a­tion does not apply, however, if this proves impos­sible or involves dispro­por­tionate effort. Irre­spec­tive of this, the user has the right to receive infor­ma­tion on these recip­i­ents.

Users and data subjects like­wise have the right, in accor­dance with Article 21 of the GDPR, to object to future processing of data concerning them if the service provider processes the data in accor­dance with Article 6(1)(f) of the GDPR. In partic­ular, data subjects may object to data processing for the purpose of direct marketing.

You may assert these rights at any time by writing directly to AIDU GmbH. Please note that we can only provide access to personal data if you provide adequate proof of your iden­tity. 

Date 1st October 2021