Privacy Statement / Information Requirements

MIC Datenverarbeitung GmbH (April 2018)

We are strongly committed to protecting your data; therefore we process your personal data in strict compliance with the applicable data protection regulations, including, but not limited to, GDPR and DPA.

Below, you will find more information about our processing activities:

1. Controller

MIC data processing operations GmbH, Hafenstraße 24, 4020 Linz

We are not under a legal obligation and therefore we have not registered a data protection officer with the Data Protection Authority.

2. Information about our processing of your personal data

2.1. Accounting and logistics

  • Purpose: Processing and transfer of data within the framework of business relationships with Customers and suppliers, including text documents (such as e.g. correspondence) in such matters created and archived by automated means.
  • Legal basis: The performance of a contract, necessary to take steps prior to entering into a contract (Art 6 para 1 subpara b GDPR), compliance with a legal obligation (Art 6 para 1 subpara c GDPR), pursuit of legitimate interests, esp. warding off, exercising and establishing claims (Art 6 para 1 subpara f GDPR), explicit consent (Art 9 para 2 subpara a GDPR), necessary for carrying out the legal obligations relating to employment and social security (Art 9 para 2 subpara b GDPR).
  • Retention period: Until the business relationship ends or until the periods of guarantee, warranty, limitation and statutory retention (esp. BAO) applying to the Customer expire; beyond that, until any legal disputes in which the data is needed as evidence have been resolved.
  • Categories of recipients: Legal representatives; courts; banks for managing payment transactions; public accountants for auditing purposes; competent administrative authorities, esp. tax authority; collection agencies for debt collecting; debt financers such as leasing or  factoring companies and assignee, where the trade payables are externally financed that way; contract or  business partners cooperating or expected to cooperate in products or  services; insurers when an insurance policy relating to the products/services is taken out or  an event covered by insurance occurs; Bundesanstalt “Statistik Österreich” (Austrian Statistical Office) for creating the (official) statistics required by law; group management of the Controller, suppliers as well as trade customers and key accounts, Customers (services recipients).

2.2. Personnel management and recruitment

  • Purpose: Processing and transfer of data for payroll and remuneration and compliance with obligations to keep records, provide information and register to the extent required by laws or standards of collectively agreed provisions or  obligations under employment contracts, including text documents (such as e.g. correspondence) in such matters created and archived by automated means. Such use is permitted to any Customer who employs people under a private law contract, except those employees to which the special uses by public-sector employers apply; using and keeping on record personal data of applicants if those data were provided by the data subject and/or recruiters.
  • Legal basis: Consent (Art 6 para 1 subpara a GDPR), performance of a contract, necessary to take steps prior to entering into a contract (Art 6 para 1 subpara b GDPR), compliance with a legal obligation (Art 6 para 1 subpara c GDPR), pursuit of legitimate interests, esp. warding off, exercise and establishment of legal claims (Art 6 para 1 subpara f GDPR), explicit consent (Art 9 para 2 subpara a GDPR), necessary for carrying out the legal obligations relating to employment and social security (Art 9 para 2 subpara b GDPR), establishment, exercise and defense of legal claims (Art 9 para 2 subpara f GDPR), duty of care required by law (Art 10 GDPR in conjunction with § 4 para 3 subpara 2 DPA), legitimate interest (Art 10 GDPR in conjunction with § 4 para 3 subpara 2 DPA).
  • Retention period: Until the relationship with the data subject ends, and beyond that until the statutory retention period ends or as long as legal claims against the Employer can be established under the employment relationship (esp. issuing of references by employers etc.). Applicant data are deleted without undue delay when the advertized vacancy is filled, unless the applicant agrees to his/her data being kept on record; unsolicited applications are kept on record. The period of keeping data on record is 5 years; after 5 years the data kept on record are deleted.
  • Recipients/Categories of recipients: Creditors of the data subject as well as other parties involved in the relevant prosecution, if applicable, also in the case of voluntary wage assignments for repayment of loans, if applicable; social insurance funds (including company health insurance funds); election committee for works council elections; Labor Inspectorate, Transportation Labor Inspectorate and Agricultural and Forestry Inspectorate, esp. according to § 8 Work Inspection Act; bodies of employee representations (esp. works council according to § 89 subpara 4 ArbVG (Labor Constitution Act), Safety and Health Officers according to § 10 ASchG (Occupational Safety and Health Act), Youth Representative according to § 125ff ArbVG and Representative for Disabled Employees according to § 22a Disabled Persons Employment Act); municipal authorities in connection with administrative police agendas; district administration offices in connection with administrative police agendas (trade authorities, responsibilities under ASchG, etc.); Apprenticeship Office according to § 19 BAG (Vocational Training Act) and vocational colleges; Arbeitsmarktservice (job center); Construction Workers' Vacation and Severance Payment Fund; Federal Office of Social Affairs and Disabled Persons e.g. § 16 Disabled Persons Employment Act (BEinstG); Tax Office; insurance institutions within the framework of existing collective or  individual insurance; banks managing payment to the data subject or to third parties; trade union specified by the employee with the consent of the data subject; statutory bodies set up for representing the interests of professional associations; Works Council Fund according to § 73 para 3 ArbVG; works doctors; pension funds; Rechnungshof (Court of Auditors); legal representatives; courts; additional insured persons; Staff Provision Fund (MVK) according to § 11 para 2 subpara  and § 13 BMVG (Federal Act on Corporate Staff and Self-Employment Provision).

2.3. Customer and supplier care/management and marketing

  • Purpose: Use of own or  purchased customer or prospect data for initial business contact relating to own range of products and services, including text documents (such as e.g. correspondence) in such matters created and archived by automated means.
  • Legal basis: Consent (Art 6 para 1 subpara a GDPR), performance of a contract, necessary to take steps prior to entering into a contract (Art 6 para 1 subpara b GDPR), pursuit of legitimate interests, esp. warding off, exercise and establishment of legal claims (Art 6 para 1 subpara f GDPR).
  • Retention period: The data may be kept until the end of the third year after the last contact with the Customer, unless longer contractual or statutory retention periods are in place.
  • Recipients/ Categories of recipients: None

2.4. Visual access control

  • Purpose: Camera that allows viewing of live image in the entrance area at Hafenstraße without recording footage for visual access control due to poor acoustic conditions: Protection of property and protection of the Controller’s employees and the responsibility to protect (duty to implement safety precautions, contractual liability to Customers etc.).
  • Legal basis: Compliance with a legal obligation (Art 6 para 1 subpara c GDPR), legitimate interest (Art 6 para 1 subpara f GDPR), § 12 para 2 DPA, establishment, exercise or defense of legal claims (Art 9 para 2 subpara f GDPR), legitimate interest.
  • Retention period: No recording, only live image.
  • Recipients/Categories of recipients: None

2.5. Identity management

  • Purpose: System access control and identity management for the Customer’s data applications, and management of the allocation of hardware and software to the system users, including text documents (such as e.g. correspondence) in such matters created and archived by automated means.
  • Legal basis: Compliance with a legal obligation, esp. compliance with access controls (e.g. password guideline) or access authorizations (Art 6 para 1 subpara c GDPR), pursuit of legitimate interests, esp. warding off, exercise and establishment of legal claims (Art 6 para 1 subpara f GDPR).
  • Retention period: The data is erased when the system rights of the data subject have expired and all legal disputes in which the data is needed as evidence have been resolved. The data is definitely deleted when legal retention periods are no longer applicable.
  • Recipients/Categories of recipients: None

2.6. Access control using personal data

  • Purpose: Building access and marked area access authorization checking by the owner or  authorized person using facilities which collect and store personal data by automated means, including text documents (such as e.g. correspondence) in such matters created and archived by automated means.
  • Legal basis: Consent (Art 6 para 1 subpara a GDPR), performance of a contract, necessary to take steps prior to entering into a contract (Art 6 para 1 subpara b GDPR), compliance with a legal obligation to implement technical and organizational measures for the protection of personal data (Art 6 para 1 subpara c GDPR), pursuit of legitimate interests, esp. warding off, exercise and establishment of legal claims (Art 6 para 1 subpara f GDPR), explicit consent (Art 9 para 2 subpara a GDPR), necessary for carrying out the legal obligations relating to employment and social security (Art 9 para 2 subpara b).
  • Retention period: Until the access authorization expires, and beyond that as long as a legal retention period is in place or legal claims against the Employer can be established under the employment relationship. If no specific retention periods are in place, the data shall be erased six months after the expiry date of the access authorization.
  • Recipients/Categories of recipients: Courts and public authorities

2.7. Cookies/Website analysis services

We are using the website analysis services Google Analytics and Marketo on our website. These website analysis services use so-called cookies, i.e. small text files that are stored on your terminal equipment (computer, smartphone, etc.) by your web browser, which allow us to analyze how the website is used by its users. The data generated thereby are transferred to the provider’s server and stored there.

Before using cookies we need to get consent from you. The use of cookies for the sole purpose of carrying out the transmission of a communication on a communications network or  insofar as this is strictly necessary so we can provide you with the service that has been explicitly requested by you does not require your consent.

You can change your cookies settings in your browser at any time so that no cookies are stored.

  • Purpose: Enhancement of the range of services, the Website and direct advertising
  • Legal basis: Consent (Art 6 para 1 subpara a GDPR), performance of a contract, necessary to take steps prior to entering into a contract (Art 6 para 1 subpara b GDPR), legitimate interest, esp. for enhancing own services to benefit the users (Art 6 para 1 subpara f GDPR), § 96 para 3 TKG (Telecommunications Act)
  • The following data are collected: Anonymized IP address (remove the last 8 bits in the IP address)
  • Retention period:
    • Google Analytics: 38 months
    • Marketo: 25 months
  • Recipients: Company of the analysis service / service provider; a contract data processing agreement was entered into.

Please note that according to Art 21 GDPR you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you. This applies only if the processing is necessary for the purposes of legitimate interests pursued by us or by a third party (Art 6 para 1 subpara f GDPR).

Please refer to Article 3 to find out how you can exercise your right to object.

2.8. Newsletter, electronic

You can elect to subscribe to a newsletter via our website by using the opt-in subscription form to give your consent.

  • Purpose: Receipt of a newsletter
  • Legal basis: Consent (Art 6 para 1 subpara a GDPR), performance of a contract, necessary to take steps prior to entering into a contract (Art 6 para 1 subpara b GDPR), § 107 TKG
  • The following data are collected: Email address, name
  • Retention period: Until the consent to receiving the newsletter is withdrawn
  • Recipients/Categories of recipients: Company of the analysis service / service provider

Please note that you have the right to withdraw your consent at any time without giving reasons. Your withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

Please refer to Article 3 to find out how you can exercise your right to withdraw consent.

3. Rights of the data subject/Right to withdraw consent /Right to object

3.1. You have the right of access (Art 15 GDPR), the right to rectification (Art 16 GDPR), the right to erasure (Art 17 GDPR), the right to restriction of processing (Art 18 GDPR), the right to data portability (Art 20 GDPR) and the right to object (Art 21 GDPR). 

If you have consented to processing of your personal data, you have the right to withdraw your consent at any time. Your withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

If you would like to exercise any of your rights listed above, please contact us personally or by telephone or in writing:

Data Protection Manager:
Ursula Schöneborn-Siligan

ursula.schoeneborn@remove-this.mic-cust.com 
0043 732 778496

Please note that you can only obtain information from us if you can identify yourself to us.

3.2. If you believe that we have not adhered to the applicable data protection regulations or that we have committed data breach of your personal information, you have the right to lodge a complaint with the supervisory authority.

Please send the complaint to:
Österreichische Datenschutzbehörde
Wickenburggasse 8
1080 Wien


Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, USA ("Google"), on the legal basis of overriding legitimate interest (website usage analysis). We have a contract with Google for contract data processing. When you access our website, the software connects to Google's servers and transmits data to Google's servers, some of which are located in the United States. Google Analytics also uses cookies to store information about the user of the website and to analyze the use of the website by the user of the website. This website uses the function "Activation of IP anonymization". Therefore, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. Google will use the data collected to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage. Google may also transfer this information to third parties if required by law or as far as third parties process this data on behalf of Google. For detailed information on how to handle user data in Google Analytics, see the Google Privacy Policy or the Google Analytics Privacy Policy.

Deactivate Google Analytics


Privacy Policy

MIC's privacy policy can be downloaded HERE.