Privacy Statement / Information Requirements

MIC Datenverarbeitung GmbH (August 2020)

We are strongly committed to protecting your data; therefore we process your personal data in strict compliance with the applicable data protection regulations, including, but not limited to, GDPR and DPA.

Below, you will find more information about our processing activities:

 

1. Controller

MIC data processing operations GmbH, Hafenstraße 24, 4020 Linz

We are not under a legal obligation and therefore we have not registered a data protection officer with the Data Protection Authority.

 

2. Information about our processing of your personal data

2.1. Accounting and logistics

  • Purpose: Processing and transfer of data within the framework of business relationships with Customers and suppliers, including text documents (such as e.g. correspondence) in such matters created and archived by automated means.
  • Legal basis: The performance of a contract, necessary to take steps prior to entering into a contract (Art 6 para 1 subpara b GDPR), compliance with a legal obligation (Art 6 para 1 subpara c GDPR), pursuit of legitimate interests, esp. warding off, exercising and establishing claims (Art 6 para 1 subpara f GDPR), explicit consent (Art 9 para 2 subpara a GDPR), necessary for carrying out the legal obligations relating to employment and social security (Art 9 para 2 subpara b GDPR).
  • Retention period: Until the business relationship ends or until the periods of guarantee, warranty, limitation and statutory retention (esp. BAO) applying to the Customer expire; beyond that, until any legal disputes in which the data is needed as evidence have been resolved.
  • Categories of recipients: Legal representatives; courts; banks for managing payment transactions; public accountants for auditing purposes; competent administrative authorities, esp. tax authority; collection agencies for debt collecting; debt financers such as leasing or  factoring companies and assignee, where the trade payables are externally financed that way; contract or  business partners cooperating or expected to cooperate in products or  services; insurers when an insurance policy relating to the products/services is taken out or  an event covered by insurance occurs; Bundesanstalt “Statistik Österreich” (Austrian Statistical Office) for creating the (official) statistics required by law; group management of the Controller, suppliers as well as trade customers and key accounts, Customers (services recipients).

2.2. Personnel management and recruitment

  • Purpose: Processing and transfer of data for payroll and remuneration and compliance with obligations to keep records, provide information and register to the extent required by laws or standards of collectively agreed provisions or  obligations under employment contracts, including text documents (such as e.g. correspondence) in such matters created and archived by automated means. Such use is permitted to any Customer who employs people under a private law contract, except those employees to which the special uses by public-sector employers apply; using and keeping on record personal data of applicants if those data were provided by the data subject and/or recruiters.
  • Legal basis: Consent (Art 6 para 1 subpara a GDPR), performance of a contract, necessary to take steps prior to entering into a contract (Art 6 para 1 subpara b GDPR), compliance with a legal obligation (Art 6 para 1 subpara c GDPR), pursuit of legitimate interests, esp. warding off, exercise and establishment of legal claims (Art 6 para 1 subpara f GDPR), explicit consent (Art 9 para 2 subpara a GDPR), necessary for carrying out the legal obligations relating to employment and social security (Art 9 para 2 subpara b GDPR), establishment, exercise and defense of legal claims (Art 9 para 2 subpara f GDPR), duty of care required by law (Art 10 GDPR in conjunction with § 4 para 3 subpara 2 DPA), legitimate interest (Art 10 GDPR in conjunction with § 4 para 3 subpara 2 DPA).
  • Retention period: Until the relationship with the data subject ends, and beyond that until the statutory retention period ends or as long as legal claims against the Employer can be established under the employment relationship (esp. issuing of references by employers etc.). Applicant data are deleted without undue delay when the advertized vacancy is filled, unless the applicant agrees to his/her data being kept on record; unsolicited applications are kept on record. The period of keeping data on record is 5 years; after 5 years the data kept on record are deleted.
  • Recipients/Categories of recipients: Creditors of the data subject as well as other parties involved in the relevant prosecution, if applicable, also in the case of voluntary wage assignments for repayment of loans, if applicable; social insurance funds (including company health insurance funds); election committee for works council elections; Labor Inspectorate, Transportation Labor Inspectorate and Agricultural and Forestry Inspectorate, esp. according to § 8 Work Inspection Act; bodies of employee representations (esp. works council according to § 89 subpara 4 ArbVG (Labor Constitution Act), Safety and Health Officers according to § 10 ASchG (Occupational Safety and Health Act), Youth Representative according to § 125ff ArbVG and Representative for Disabled Employees according to § 22a Disabled Persons Employment Act); municipal authorities in connection with administrative police agendas; district administration offices in connection with administrative police agendas (trade authorities, responsibilities under ASchG, etc.); Apprenticeship Office according to § 19 BAG (Vocational Training Act) and vocational colleges; Arbeitsmarktservice (job center); Construction Workers' Vacation and Severance Payment Fund; Federal Office of Social Affairs and Disabled Persons e.g. § 16 Disabled Persons Employment Act (BEinstG); Tax Office; insurance institutions within the framework of existing collective or  individual insurance; banks managing payment to the data subject or to third parties; trade union specified by the employee with the consent of the data subject; statutory bodies set up for representing the interests of professional associations; Works Council Fund according to § 73 para 3 ArbVG; works doctors; pension funds; Rechnungshof (Court of Auditors); legal representatives; courts; additional insured persons; Staff Provision Fund (MVK) according to § 11 para 2 subpara  and § 13 BMVG (Federal Act on Corporate Staff and Self-Employment Provision).

2.3. Customer and supplier care/management and marketing

  • Purpose: Use of own or  purchased customer or prospect data for initial business contact relating to own range of products and services, including text documents (such as e.g. correspondence) in such matters created and archived by automated means.
  • Legal basis: Consent (Art 6 para 1 subpara a GDPR), performance of a contract, necessary to take steps prior to entering into a contract (Art 6 para 1 subpara b GDPR), pursuit of legitimate interests, esp. warding off, exercise and establishment of legal claims (Art 6 para 1 subpara f GDPR).
  • Retention period: The data may be kept until the end of the third year after the last contact with the Customer, unless longer contractual or statutory retention periods are in place.
  • Recipients/ Categories of recipients: None

2.4. Visual access control

  • Purpose: Camera that allows viewing of live image in the entrance area at Hafenstraße without recording footage for visual access control due to poor acoustic conditions: Protection of property and protection of the Controller’s employees and the responsibility to protect (duty to implement safety precautions, contractual liability to Customers etc.).
  • Legal basis: Compliance with a legal obligation (Art 6 para 1 subpara c GDPR), legitimate interest (Art 6 para 1 subpara f GDPR), § 12 para 2 DPA, establishment, exercise or defense of legal claims (Art 9 para 2 subpara f GDPR), legitimate interest.
  • Retention period: No recording, only live image.
  • Recipients/Categories of recipients: None

2.5. Identity management

  • Purpose: System access control and identity management for the Customer’s data applications, and management of the allocation of hardware and software to the system users, including text documents (such as e.g. correspondence) in such matters created and archived by automated means.
  • Legal basis: Compliance with a legal obligation, esp. compliance with access controls (e.g. password guideline) or access authorizations (Art 6 para 1 subpara c GDPR), pursuit of legitimate interests, esp. warding off, exercise and establishment of legal claims (Art 6 para 1 subpara f GDPR).
  • Retention period: The data is erased when the system rights of the data subject have expired and all legal disputes in which the data is needed as evidence have been resolved. The data is definitely deleted when legal retention periods are no longer applicable.
  • Recipients/Categories of recipients: None

2.6. Access control using personal data

  • Purpose: Building access and marked area access authorization checking by the owner or  authorized person using facilities which collect and store personal data by automated means, including text documents (such as e.g. correspondence) in such matters created and archived by automated means.
  • Legal basis: Consent (Art 6 para 1 subpara a GDPR), performance of a contract, necessary to take steps prior to entering into a contract (Art 6 para 1 subpara b GDPR), compliance with a legal obligation to implement technical and organizational measures for the protection of personal data (Art 6 para 1 subpara c GDPR), pursuit of legitimate interests, esp. warding off, exercise and establishment of legal claims (Art 6 para 1 subpara f GDPR), explicit consent (Art 9 para 2 subpara a GDPR), necessary for carrying out the legal obligations relating to employment and social security (Art 9 para 2 subpara b).
  • Retention period: Until the access authorization expires, and beyond that as long as a legal retention period is in place or legal claims against the Employer can be established under the employment relationship. If no specific retention periods are in place, the data shall be erased six months after the expiry date of the access authorization.
  • Recipients/Categories of recipients: Courts and public authorities

2.7. Cookies/Website analysis services

We use the web analysis services Google Analytics and Marketo on our website. These web analysis services use so-called cookies; these are small text files that are stored on your end device (computer, smartphone, etc.) with the aid of the browser you use. This enables us to analyse the use of the website by its users. The data generated by this is transferred to the provider’s server and stored there. We do not use cookies until you have agreed to them. We may use cookies whose sole purpose is to carry out the transmission of a message via a communication network or which are absolutely necessary in order for us to provide the service you have expressly requested, even without your consent.

You can also set up your browser at any time by changing the settings so that no cookies are stored.

  • Purpose: Improvement of the range of services offered, of the web presence and of direct advertising
  • Legal basis: Consent (Article 6 para. 1 lit. a GDPR), legitimate interest, in particular to improve the own services for the benefit of users (Article 6 para. 1 lit. f GDPR), § 96(3) TKG (Telecommunications Act), express consent (Art 49 Paragraph 1 lit a GDPR), fulfillment of a contract, necessary to carry out pre-contractual measures (Art 49 Paragraph 1 lit b GDPR), necessary to fulfill an interest of the person concerned (Art 49 Paragraph 1 lit c GDPR), assertion , Exercise and defense of legal claims (Art 49 para 1 lit e GDPR).
  • The following data is collected from you: IP address in anonymous form (deletion of the last 8 bits of the IP address).
  • Recipient: Provider of the analysis service

Use of Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”), if you are a resident of the European Union, the European Economic Area and Switzerland, Google Ireland Limited (registration number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland. This service uses “cookies” to analyse the use of the website.

We use the analysis of user behaviour to optimise both our website and our advertising. We have activated the IP anonymisation function on this website. As a result, your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before it is transmitted to the USA. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. A transfer of the collected information to a third country without an adequate level of security cannot be excluded. With your explicit consent to the processing of cookies, you also accept the possible processing of your data in the USA.

The information may also be passed on to Google’s contractual partners. More information on the handling of user data can be found in Google's privacy statement: https://policies.google.com/privacy?hl=en.

  • Storage period: 26 months
  • Commissioned data processing: We have concluded a contract with Google for commissioned data processing.

Use of Marketo

This website uses a tracking cookie from Marketo Inc. , 601 Townsend St, San Francisco, CA 94103 ATTN if you are a resident of the European Union, the European Economic Area and Switzerland: Marketo EMEA, Ltd. Level 2, Red Oak North, South County Business Park, Leopardstown, Dublin 18 Ireland.

We use this tracking cookie to link visitor behaviour on our website to the recipient of an email marketing campaign in order to measure the effectiveness of the campaign. A transfer of the collected information to a third country without an adequate level of security cannot be excluded. With your explicit consent to the processing of cookies, you also accept the possible processing of your data in the USA.

The information may also be disclosed to Marketo’s contractual partners. For more information on how we handle user data, please see Marketo’s privacy policy: https://documents.marketo.com/legal/privacy/.

  • Storage period: 25 months
  • Commissioned data processing: We have concluded a contract with Marketo for commissioned data processing.

Use of LinkedIn Insight Tag

We use the LinkedIn Insight Tag from LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA, if you are a resident of the European Union, the European Economic Area and Switzerland, LinkedIn Ireland Unlimited Company (LinkedIn), Wilton Place, Dublin 2, Ireland that allows us to receive information about the use of our website and to show you advertising content on other websites tailored to your interests. For this purpose, a cookie is set in your browser with a validity of 180 days, which enables LinkedIn to recognize you when you visit a website. LinkedIn uses this data to generate anonymous reports for us about advertising activity and information about how you interact with our website. A transfer of the collected information to a third country without an adequate level of security cannot be excluded. With your explicit consent to the processing of cookies, you also accept the possible processing of your data in the USA.

You can deactivate the LinkedIn Insight Tag and interest-based advertising by opting out at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. If you are a LinkedIn member, click the "Reject on LinkedIn" field. Other visitors click "Decline".

Further information on data protection at LinkedIn can be found here: https://www.linkedin.com/legal/privacy-policy#choices-oblig.

  • Storage period: 180 days
  • Commissioned data processing: We have concluded a contract with LinkedIn for commissioned data processing.

Please refer to Article 3 to find out how you can exercise your right to withdraw consent.

2.8. Newsletter, electronically

You have the option of subscribing to a newsletter via our website. To do this, you must declare that you agree to receive the newsletter (opt-in).

  • Purpose: to send a newsletter
  • Legal basis: consent (Art 6 Para 1 lit a GDPR), fulfillment of a contract, necessary for the implementation of pre-contractual measures (Art 6 Para 1 lit b GDPR), § 107 TKG.
  • The following data is collected from you: email address, name
  • Storage period: Until revocation of the consent to send the newsletter
  • Recipient / recipient categories: company of the analysis service / service provider

We would like to point out that you have the right to withdraw your consent at any time without giving reasons. Your revocation does not affect the legality of the data processing carried out before the revocation.

Please refer to Article 3 to find out how you can exercise your right to withdraw consent.

 

3. Rights of the data subject/Right to withdraw consent /Right to object

3.1. You have the right of access (Art 15 GDPR), the right to rectification (Art 16 GDPR), the right to erasure (Art 17 GDPR), the right to restriction of processing (Art 18 GDPR), the right to data portability (Art 20 GDPR) and the right to object (Art 21 GDPR). 

If you have consented to processing of your personal data, you have the right to withdraw your consent at any time. Your withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

If you would like to exercise any of your rights listed above, please contact us personally or by telephone or in writing:

Data Protection Manager:
Ursula Schöneborn-Siligan

[email protected] 
0043 732 778496

Please note that you can only obtain information from us if you can identify yourself to us.

3.2. If you believe that we have not adhered to the applicable data protection regulations or that we have committed data breach of your personal information, you have the right to lodge a complaint with the supervisory authority.

Please send the complaint to:
Österreichische Datenschutzbehörde
Barichgasse 40-42 
1030 Wien


Privacy Policy

MIC's privacy policy can be downloaded HERE.