Our company, AIDU GmbH (our contact details can be found below), is particularly committed to protecting your data and your privacy.

We always perform any processing of personal data in compliance with the General Data Protection Regulation (GDPR) and in accordance with all national data protection laws applicable to AIDU GmbH. This Privacy Statement is intended to inform the general public of the nature, scope and purpose of the personal data that we collect, use and process, and tell you about your rights in this regard.

AIDU GmbH has implemented appropriate technical and organisational measures to safeguard your data against loss, manipulation, unauthorised access and other risks and threats. The measures in place are subject to regular review and are continuously updated to the state of the art.

1. General

The AIDU GmbH Privacy Statement is based on the terms as defined in the GDPR.

"Personal data" means any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. "Non-personal data" are data that have been rendered anonymous and which under no circumstances can be traced to any specific data subject. For this reason, non-personal data are not subject to data protection law.

"Data subject" means any identified or identifiable natural person whose personal data is to be processed by the controller.

"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

"Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by European Union or Member State law, the controller or the specific criteria for its nomination may be provided for by European Union or Member State law.

"Third party" means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

"Consent" of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. Personal data that we process are processed exclusively in accordance with the data protection laws, rules and regulations currently in force. Please note that when you correspond with us you accept that the data you enter in the given form will be processed for the purposes defined below.

2. Name and address of the controller and data protection contact

The controller as defined in the GDPR, any other data protection laws in force in the Member States of the European Union, and other statutory or regulatory provisions governing data protection, is:

Walter-Simmer-Str. 4
A-5310 Mondsee

The data protection officer voluntarily appointed by the controller can be reached using the following contact information:

EY Law – Pelzmann Gall Größ Rechtsanwälte GmbH
RA (RAK München) Dr. Ermano Geuer
RAA Mag. Alexander Wollmann

Wagramer Straße 19/33
1220 Wien, Österreich
Email: [email protected]

3. Processing of personal data

Your personal data are processed solely for the purposes specified in this Privacy Statement and only to the extent required for achieving these purposes.

3.1. Processing of customer and supplier data

Processing for performance of pre-contractual and contractual obligations (Art. 6(1)(b) GDPR) and for compliance with legal obligations (Art. 6(1)(c) GDPR)
We process the data needed to initiate, record, execute or terminate business relationships and to process contractual claims arising from our activities, including automatically created and archived documents (e.g. written correspondence). Such processing includes, for example, delivery data, sales data, billing data, as well as contract management and the processing and forwarding of information to courts, official bodies or legal representatives for the assertion of claims.

In particular, it may be necessary to pass on data to our contractual partners for the logistical processing and coordination of deliveries and services.

In addition, we process your data in compliance with legal obligations. These encompass corporate, tax and tax law-related retention, documentation and reporting obligations, including financial bookkeeping and accounting. Fulfilling these purposes may in some cases necessitate supplying your information to service providers, such as auditors.

Processing on the basis of our legitimate interests or the legitimate interests of third parties (Art. 6(1)(f) GDPR), namely in the implementation of entrepreneurial freedom and for the protection of property for the purpose of internal administration and simplification of efficient business processes.

To respond to your requests. It may be necessary for this purpose to forward your data to other companies within the Group.

  • For credit checks.
  • For event planning, invitations and coordination.
  • For the purpose of direct advertising and for maintaining business partner relationships
  • To ensure network and information security. In implementing (data) security measures and precautions, your data will be processed for the administration and security of our systems. During Internet use via our visitor access, during the use of means of communication, such as telephone, e-mail, instant messaging or video conferencing, the usage and means of collaboration (e.g. intranet and web-based project platforms) are logged as a security precaution.
  • For the purpose of preventing cases of misuse (whistleblower system).
  • To ensure general security on the company premises, your information will be recorded as part of visitor management and it may happen that your image will be stored by the video surveillance system.


If you do not agree to this on reasonable grounds, you can object to such processing.

3.2. Online applications

Personal data that you provide to us as part of your online application will be treated confidentially and only be used to carry out the application process. As soon as you submit an online application to us using the mask provided for this purpose, you will receive a confirmation e-mail from us. In principle, we will store your personal data for only as long necessary to perform and complete the application process.

The online application form requires input of the following information: Salutation, Title, First Name and Surname, Address, Nationality, Birthday, Telephone Number, E-mail address, Details of military or civilian service where applicable, Details of the position applied for.
By submitting your application to us, applicants agree to the processing of their data for the purposes of the application process in accordance with the type and scope set out in this privacy and data protection statement.

The legal basis for processing applicant data is defined in Article 6(1)(b) and Article 6(1)(f) of the GDPR. Insofar as special categories of personal data within the meaning of Article 9(1) of the GDPR are voluntarily communicated in the context of the application process, processing thereof is additionally carried out in accordance with Article 9(2)(b) of the GDPR (e.g. health data, such as disability status or ethnic origin). If special categories of personal data within the meaning of Article 9(1) of the GDPR are requested from applicants as part of the application process, processing thereof will also be carried out in accordance with Article 9(2)(a) of the GDPR (e.g. health data if these are necessary for professional practice). If you apply for an advertised position in a third country, your data will be used to implement pre-contractual measures on your behalf in accordance with Article 49(1)(b) of the GDPR.

Filling in this online data-entry form allows you to apply for positions in our company. The information and personal data needed for the application process such as your name, address, e-mail address or details of your nationality and date of birth are collected. In addition, you have the option of uploading your individual, personalised application documents (such as a covering letter, CV, personal statement, references and photo). The information provided and uploaded documents will be added to our job portal and stored there.

If you apply for an advertised position via the job portal, your data can only be viewed and processed by the responsible employees at our HR department and the responsible employees at the specific department issuing the recruitment advertisement.

By submitting an unsolicited application via our job portal, you provide us with your personal data for the purpose of finding a suitable position for you. Your data can then be viewed by the HR departments of AIDU GmbH as well as by the departmental staff specifically involved in the application process so that your profile can be reviewed against suitable vacancies.

In addition, we will also check whether your application is suitable for other vacancies in Austria, other European locations or subsidiaries of BWT Holding GmbH. If we find a suitable vacancy, your application data will be forwarded accordingly by the responsible HR department.

The applicant data provided as part of the online application process may be forwarded within AIDU GmbH in Germany, as well as to European locations of BWT Holding GmbH and its Group subsidiaries. The answers and information you provide during the application phase will generally be stored together with your name for up to six months after completion of the application process. After that, the results are only stored in anonymised form for the purpose of statistical evaluations. This statistical data set does not allow any conclusions to be drawn about your identity.

In addition, before submitting your application, you can give your consent to allow the information you provide to be retained and kept in evidence by enabling the "Evidenzhaltung" (Record Keeping) field. You thereby expressly agree that the data and information that you provide in the context of the Job Portal may be kept on record for a period of two years after the end of the application process. In the event that a vacancy arises in the company, you will allow BWT Holding GmbH and its affiliated companies to compare the data you have provided with the corresponding job profile during this period of data retention.

The legal basis for keeping records is Article 6(1)(a) of the GDPR. You can withdraw your consent to the processing of your data at any time with effect for the future pursuant to Article 7(3) of the GDPR. All you need to do is inform us of your withdrawal of consent.

We use technical and organisational security measures to protect your data against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Your data will be encrypted if transmitted via the Internet. Our security measures are regularly reviewed and revised in line with the latest technological developments.

4. Period of data retention

We store your personal data, if necessary, for the duration of the entire business relationship (from the initiation of the relationship and its implementation through to completion of contract execution) and beyond, in accordance with the statutory obligations governing the retention and documentation of information, and for the purpose of defending against legal claims. The duration of data retention is therefore determined by the mandatory statutory retention periods and by statutes of limitation. The Austrian Commercial Code (UGB) and the Austrian Federal Tax Code (BAO) stipulate a mandatory retention period of 7 years, while the Austrian Equal Treatment Act (GIBG) sets a period of six months. A longer period of retention may be necessary in certain cases due to statutes of limitation or in order to defend against legal claims.

5. Rights of data subjects

With regard to the data processing described in greater detail below, users and data subjects are entitled to:

  • obtain confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, gain access to the personal data and further information on the data processing, as well as to copies of the personal data undergoing processing (see also Art. 15 GDPR);
  • obtain rectification of inaccurate personal data and to have incomplete personal data concerning him or her completed (see also Art. 16 GDPR);
  • obtain erasure without undue delay of the personal data concerning him or her (see also Art. 17 GDPR) or, alternatively, provided further processing is needed in accordance with Article 17(3) of the GDPR, to obtain restriction of processing in accordance with Article 18 of the GDPR;
  • receive the data concerning him or her and which he or she provided, and to transmit these data to other providers/controllers (see also Art. 20 GDPR);
  • lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data related to him or her by the provider infringes the statutory provisions governing data protection (see also Art. 77 GDPR). The appropriate supervisory authority in Austria is the Austrian Data Protection Authority.

The service provider is further obligated to communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17(1) and Article 18 of the GDPR to each recipient to whom the service provider has disclosed data. This obligation does not apply, however, if this proves impossible or involves disproportionate effort. Irrespective of this, the user has the right to receive information on these recipients.

Users and data subjects likewise have the right, in accordance with Article 21 of the GDPR, to object to future processing of data concerning them if the service provider processes the data in accordance with Article 6(1)(f) of the GDPR. In particular, data subjects may object to data processing for the purpose of direct marketing.

You may assert these rights at any time by writing directly to AIDU GmbH. Please note that we can only provide access to personal data if you provide adequate proof of your identity. 

Date 1st October 2021