DATA PRODECTION DIRECTIVE

1. Purpose of data processing

EBNER processes personal data, especially data relating to employees, pensioners, applicants, customers, suppliers and other partners for the purpose of performing business activities and fulfilling the associated legal and contractual requirements.

1.1 Processing data relating to employees and pensioners

EBNER saves and processes personal data of employees, former employees, pensioners and their relatives in fulfillment of all contractual and legal requirements and obligations.

Personal data that is not essential to the fulfillment of contractual and legal requirements are only processed if employees have granted their permission.

1.2 Processing data relating to customers, partners and suppliers

EBNER saves and processes data made available by prospective customers, customers, partners and suppliers, especially names, email addresses and telephone numbers for creating proposals and processing orders as well as fulfilling the associated contractual and legal obligations. The data may be forwarded to the authorities and public institutions if this is necessary to fulfill legal obligations.

The information is processed within the whole company group to ensure that trouble-free service is provided.

1.3 Job applicants

We electronically process the contact data and application documents provided by applicants for a job so that we can select suitable candidates.

We also keep your data on record following a possible rejection in case we have other jobs available that match your profile, or the position for which your originally applied becomes vacant again and in such a case we can accelerate the application process. While your data is on record, only a limited group of people – our Human Resources department – have access to your application documents and before we forward data to another business unit within the company we will contact you to obtain your permission. Your data will be erased no later than three years after the rejection. If you object to your data being stored in this way, please send an email to privacy(at)ebner.cc.

1.4 Website & cookies

1.4.1 IP address

Information is saved automatically to the web server when you visit our website. This includes information on the browser used, the operating system, the IP address and the time of the visit. From EBNER‘s point of view these data are pseudonymized and without another source of data cannot be associated clearly with particular persons.

EBNER does not evaluate these data as long as no unlawful use of the website has occurred.

1.4.2 Google Analytics

This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators, and providing other services relating to website activity and Internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

1.4.3 Cookies

When you visit this website, cookies are saved to your computer or mobile device that allow you to be recognized when you return to the website. The user-friendliness of the website is enhanced as a result. No personal information is saved. No information is forwarded to third parties (except to IT providers who help us to optimize the website from a technical point of view).

There are two types of cookies: permanent cookies and temporary cookies. Permanent cookies are saved as a file on your device for up to twelve months. Temporary cookies are saved for the duration of your visit and then deleted when you close the browser session. We use permanent cookies only to remember which start page you have chosen.

You can easily delete cookies from your computer or mobile device by using the settings in your browser. In the Help menu of your browser you can see how to manage and delete cookies. You can also deactivate cookies and be notified if a new cookie is sent to your computer or mobile device. Please note that in certain situations you will not be able to use all the services offered by our website if you reject its cookies.

Data is processed based on the legal regulations specified in clause 96 section 3 of the Austrian telecommunications law.

1.5 Newsletter

The names and email addresses of our customers and other people interested in our company and products are used to subscribe to the newsletter in order to receive the latest news and offers.

If the data are not correct, they can be changed by the newsletter recipient.

If the recipient no longer wishes to receive the newsletter, they can unsubscribe by clicking on the link in the email.

2. Principles of processing personal data

The processing of personal data is based on strict principles in terms of data protection and security and the rights of the people affected.

2.1 Lawfulness & transparency

Data processing takes place on a lawful basis in accordance with the data protection terms while taking into consideration the rights of the data subjects.

2.2 Purpose limitation

The data are recorded and processed for clearly specified and legitimate purposes. Data is not processed in a way that is considered incompatible with the initial purpose.

2.3 Data minimization

Only the data that is essential to the purpose specified is recorded and processed. Where possible for achieving the purpose and if the effort is deemed reasonable, only anonymized data is processed

2.4 Storage limitation and erasure

Personal data will be erased as soon as the purpose for which the data was originally recorded no longer exists and the legal grace periods do not prevent erasure.

If there are special cases where the data is deemed worthy of protection, the data will be stored until interest in the data no longer exists.

2.5 Data security

Personal data is subject to data confidentiality The data is to be treated confidentially and is protected by suitable organizational and technical measures against unauthorized access, unlawful manipulation or forwarding as well as loss and destruction.

2.6 Material accuracy

Personal data must be accurate, complete and kept up to date. Suitable measures are implemented to correct old, incorrect or incomplete data.

3. Obligation to maintain data confidentiality

All employees at EBNER are obliged to maintain confidentiality and are instructed and trained at regular intervals on how to treat personal data and other critical data.

4. Data security

The protection of confidentiality, availability and integrity of data is one of EBNER‘s key tasks. This applies equally to company secrets, customer data, personal data and other critical information.

For this purpose, technical and organizational security measures that comply with the state-of-theart and internationally recognized best practices and security standards have been installed and are continuously improved.

5. Data Protection Officer

EBNER is not in the position of having to nominate a Data Protection Officer because the terms of the EU GDPR do not apply in this case.

However, because data protection is so important to us, EBNER has decided to name a Data Protection Coordinator. This person is available to assist data subjects on any matters concerning data protection within the EBNER Group. Another task is to continuously check and improve EBNER‘s data protection measures.

6. Rights of data subjects

Each data subject whose personal data is processed by EBNER can at any time exercise the rights of data subjects by contacting the Data Protection Coordinator at EBNER.

Data security is also very important in relation to the rights of data subjects, which is why the rights of data subjects can only be made valid after the data subject has been clearly identified beyond all doubt.

To exercise your rights, you can send an email to privacy(at)ebner.cc at any time. In addition, every data subject has the right to complain to the data protection authorities.

The implementation of the following data subject laws is governed by the terms of the EU GDPR.

6.1 Information

Data subjects can demand information at any time about which of their personal data are being processed and what purpose the processing serves.

6.2 Rectification

Data subjects have the right to demand immediate rectification of any personal data that is incorrect.

6.3 Limitation

Data subjects have the right to limit processing if the correctness of the data relating to them is disputed, the processing is unlawful, the data is no longer needed for processing or the data subjects have objected to the processing.

6.4 Objection

Data subjects have the right to object to the processing of their personal data at any time.

6.5 Portability

Data subjects have the right to obtain the personal data they have made available to EBNER in a structured, accessible and machine-readable format. They also have the right to demand that this data is transferred to another controller providing this is technically possible. Portability applies only to personal data that has been processed using automated processes.

6.6 Erasure – right to be forgotten

The data subject has the right to demand immediate erasure of their personal data if the legal basis for processing the data is missing or no longer exists, if an objection to the data processing has been made, if the data processing is unlawful and there is no legal grace period for erasing the data.

7. Data transfer

The transfer of personal data to recipients outside the company group or recipients in non-EU countries only takes place in accordance with the applicable laws while observing strict confidentiality and data security.

In the course of processing data within the group, personal data is transferred between companies in the EBNER Group. This transfer is governed by standardized contract clauses, which represent a uniform standard for the protection and legally-compliant processing of data.

EBNER uses various processors to process data. All processors have signed a data processing agreement and are legally obliged to adhere to the data protection regulations.

8. Ongoing checks and improvements

The ongoing improvement of quality and processes is very important to EBNER.

Adherence to the directives on data protection as well as the laws and effectiveness of measures to ensure data protection and data security are continuously being analyzed and improved in order to ensure that data protection measures are implemented in the best way possible.