Thank you for your interest in our company. Data privacy is one of the highest priorities for our Management, particularly as we are engaged in a large number of business activities.
The website of Kostwein Maschinenbau GmbH can generally be used without sharing any personal data whatsoever. However, as soon as a data subject wishes to use certain of our services through the website, we may need to process their personal data. If the processing of personal data is a necessity and if there is no legal basis for such processing, we always obtain the consent of the data subject.
In its role as the data controller, Kostwein Maschinenbau GmbH has implemented numerous technical and organisational measures to guarantee the highest possible level of complete protection for personal data processed via this website. However, internet-based data transmission can always be subject to security gaps, so that it is not possible to warrant absolute protection. Data subjects are therefore free to share their personal data with us via alternative methods, e.g. over the phone.
a) Personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter called “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject
A data subject is any identifiable or identified natural person whose personal data are processed by the data controller with responsibility for processing.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movement.
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
g) Controller or data processing controller
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and way of processing of personal data. If the purposes and means of processing are determined by Union or Member State law, the controller or the specific criteria for each nomination may be provided for by the Union or Member State law.
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient means a natural or legal person, public authority, agency or other body to which the personal data are disclosed, whether a third party or not. However, authorities which may receive personal data in the framework of a particular inquiry according to Union or Member State law shall not be regarded as recipients.
j) Third party
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2) Name and address of controller
The controller within the meaning of the General Data Protection Regulation, other data protection laws in the Member States of the European Union and other data protection legislation is:
Kostwein Maschinenbau GmbH
9020 Klagenfurt am Wörthersee
You can use your browser settings to block some or all cookies.
Each cookie contains a so-called cookie ID, which is its unique identifier. It consists of a sequence of characters matching up webpages and servers to the specific web browser where the cookie has been saved. This allows websites and servers that have been visited to distinguish the individual’s browser from other internet browsers that contain other cookies. A particular web browser can be recognised and identified by the unique cookie ID.
The relevant data subject can prevent the setting of cookies by our website at any time by making suitable settings in the relevant web browser. This has the effect of permanently preventing cookies from being set. Also, any cookies that have already been set can always be deleted via a web browser or other software applications. This can be done in all the common web browsers. Once the data subject has prevented the setting of cookies in their web browser, they may not be able to use all the functions of our website in full.
4) Collection of general data and information
Whenever the website of Kostwein Maschinenbau GmbH is opened by a data subject or by an automated system, it collects a range of general data and details. These general data and details are saved to server log files.
They may include:
(1) the browser types and versions that are used,
(2) the operating system used by the system accessing the website,
(3) the website from which the system accesses our website (so-called referral website),
(4) the pages of our website accessed by the system,
(5) the date and time when our website is accessed,
(6) an internet protocol address (IP address),
(7) the internet service provider of the system accessing our website, and
(8) other similar data and details serving to defend against dangers in the event of attacks on our IT systems.
When using these general data and details, Kostwein Maschinenbau GmbH is not in a position to trace the data subject. On the contrary, such information is required
(1) for the correct delivery of content of our website,
(2) for the optimisation of our site content and to promote the same,
(3) to guarantee the permanent functioning of our IT systems and the technology of our website, and
(4) if a cyber attack has occurred, to provide the law enforcement authorities with the information required for criminal prosecution.
These data and details are collected anonymously by Kostwein Maschinenbau GmbH and have two purposes: firstly, to help us with our statistics, and secondly, to increase data privacy and data security within our company so that, ultimately, we can warrant the best possible level of protection for the personal data that we process. The data in the server log files are anonymous and are stored separately from any personal data provided by a data subject.
5) Right to object
All users of the Kostwein Maschinenbau GmbH website are entitled to refuse the storage of their personal data. In such a case the relevant user and his or her data will be erased, unless we are under a legal obligation to store those data.
6) Routine erasure and making personal data unavailable
The controller with responsibility for processing only processes and stores the personal data of the data subject for the period of time required to achieve the purpose of storage and to the extent that this is specified by the European regulatory authority or the European body issuing directives or by any other legislative body through laws and regulations to which the controller is subject when processing data.
If the purpose of data storage has been achieved, or it is the end of a storage period stipulated by the European regulatory authority and the European body issuing directives or some other relevant legislative body, the personal data are routinely erased or made unavailable, as required by the relevant statutory regulations.
7) Rights of the data subject
a) Right to confirmation
According to the European regulatory authority and the European body issuing directives, every data subject is entitled to obtain confirmation from the relevant data controller whether their personal data are being processed. If a data subject wants to use this right, he or she may contact firstname.lastname@example.org at any time.
b) Right to information
According to the European regulatory authority and the European body issuing directives, every data subject affected by the processing of personal data is entitled to receive free information about personal data stored in respect of themselves and to receive a copy of this information; such information must be provided by the relevant controller at any time, whenever requested. In addition, according to the European regulatory authority and the European body issuing directives, the data subject must be provided with information about the following details:
- the purposes of processing
- the categories of personal data concerned
- the recipients or categories of recipients towards whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or a right to object to such processing
- the right to lodge a complaint with a supervisory authority
- where the personal data are not collected from the data subject: any available information as to their source;
- the existence of automated decision-making, including profiling, referred to in GDPR Article 22 (1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
In addition, the data subject has the right to be informed whether personal data have been transferred to a third country or an international organisation. If this is the case, then the data subject is also entitled to receive information about suitable guarantees in connection with the data transfer. If a data subject wants to use this right to information, he or she can contact email@example.com at any time.
c) Right to rectification
According to the European regulatory authority and the European body issuing directives, every data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement. If a data subject wants to use this right to rectification, he or she can contact firstname.lastname@example.org any time.
d) Right to erasure (right to be forgotten)
According to the European regulatory authority and the European body issuing directives, every data subject has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller has the obligation to erase personal data without undue delay where one of the following grounds applies and to the extent processing is not necessary:
The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
The data subject withdraws consent on which the processing is based according to point (a) of GDPR Article 6 (1), or point (a) of GDPR Article 9 (2), and where there is no other legal ground for the processing.
The data subject objects to the processing pursuant to GDPR Article 21 (1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to GDPR Article 21 (2).
The personal data have been unlawfully processed.
The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
The personal data have been collected in relation to the offer of services provided by Kostwein Maschinenbau GmbH as referred to in GDPR Article 8 (1).
Should one of these reasons be applicable and should a data subject wish to obtain the erasure of personal data stored by Kostwein Maschinenbau GmbH, they can contactt email@example.com any time.
Where Kostwein Maschinenbau GmbH has made the personal data public and our company is obliged pursuant to GDPR Article 17 (1) to erase the personal data, Kostwein Maschinenbau GmbH, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers with responsibility for data processing which are processing the personal data made public that the data subject has requested the erasure of any links to, or copy or replication of, those personal data from those other controllers with responsibility for data processing, provided that data processing is not a requirement.
e) Right to restriction of processing
Every data subject affected by the processing of personal data has the right granted by the European regulatory authority and the European body issuing directives to obtain from the controller restriction of processing where one of the following applies:
The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.
· The data subject has objected to processing pursuant to GDPR Article 21 (1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
If one of the aforementioned grounds are applicable and a data subject wishes to obtain the restriction of processing concerning their personal data stored by Kostwein Maschinenbau GmbH, then they can contact firstname.lastname@example.org at any time.
f) Right to data portability
According to the European regulatory authority and the European body issuing directives, every data subject affected by the processing of personal data has the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format. He or she also has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent pursuant to GDPR Article 6 (1) point (a) or Article 9 (2) point (a) or on a contract pursuant to GDPR Article 6 (1) point (b) and where the processing is carried out by automated means. This right does not, however, apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Moreover, in exercising his or her right to data portability pursuant to GDPR Article 20 (1), the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible, provided that this does not adversely affect the rights and freedoms of others. The data subject may contact the data protection officer of Kostwein Maschinenbau GmbH at any time to establish his or her right to data portability.
g) Right to object
According to the European regulatory authority and the European body issuing directives, every data subject has the right at any time to object, on grounds relating to his or her particular situation, to processing of personal data concerning him or her on the basis of GDPR Article 6 (1) points (e) or (f). This also includes profiling based on those provisions.
If an objection has been raised, Kostwein Maschinenbau GmbH shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or if the data processing takes place for the establishment, exercise or defence of legal claims.
Where personal data are processed by Kostwein Maschinenbau GmbH for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes by Kostwein Maschinenbau GmbH.
Where personal data are processed by Kostwein Maschinenbau GmbH for scientific or historical research purposes or statistical purposes pursuant to GDPR Article 89 (1), the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
The data subject may contact the data protection officer of Kostwein Maschinenbau GmbH directly at any time to establish his or her right to object. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.
h) Automated individual decision-making, including profiling
According to the European regulatory authority and the European body issuing directives, every data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, if such a decision
(1) is not necessary for entering into, or performance of, a contract between the data subject and the data controller; or
(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or
(3) is based on the data subject’s explicit consent.
If the decision
(1) is necessary for entering into, or performance of, a contract between the data subject and the data controller, or
(2) is based on the data subject’s explicit consent,
Kostwein Maschinenbau GmbH shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision. If the data subject wishes to assert his or her rights in relation to automated decision-making, he or she can contact email@example.com at any time.
i) Right to withdraw privacy consent
According to the European regulatory authority and the European body issuing directives, every data subject has the right to withdraw his or her privacy consent at any time. If the data subject wishes to assert his or her right to withdraw his or her privacy consent, he or she can contact firstname.lastname@example.org at any time.
8) Data privacy of applications and application processes
The controller with responsibility for processing collects and processes the personal data of applicants for the purpose of managing the application procedure. Processing may also take place electronically. This is particularly the case if an applicant sends application documents to the relevant data processor by electronic means, e.g. by email. If the data processor concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of managing the employment relationship, in observance of the applicable statutory provisions. If no employment contract is concluded between the applicant and the data processor, the application documents are automatically erased six months after the announcement of the refusal, provided that such erasure is not prevented by other legitimate interests on the part of the relevant data processor.
Other legitimate interests include, for example, a burden of proof in proceedings under the Austrian Equal Opportunities Act (GlBG).