§ 1 Introduction
This privacy statement explains how W. Hamburger GmbH („we“, „our“, „us“ or “W. Hamburger“) collects and uses personal data when you use our website and make use of our services and describes the rights you have with respect to personal data
§ 2 Controller
The member firm acting as Controller to process and store your personal data is W. Hamburger GmbH (see: https://www.hamburger-containerboard.com/footer-menu/imprint ), Aspanger Straße 252, 2823 Pitten
The data protection officer for the Austrian data controllers can be reached at the following e-mail address: dataprotection(at)hamburger-containerboard.com.
§ 3 General information on the processing of personal data
(1) In this privacy statement, „personal data“ means any information relating to an individual who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or an online identifier. Personal data also refers to one or more factors specific to the physical, genetic, mental, economic, cultural or social identity of an individual.
(2) Special categories of personal data:
- Racial or ethnic origin
- Political opinions
- Religious or philosophical beliefs
- Membership of a trade union
- Genetic data
- Biometric data
- Physical or mental health or condition
- Sex life or sexual orientation
Processing Purposes and Legal Basis
Personal data that we collect about you when you visit our website falls into several categories.
We collect personal data that you provide through our website, for example, when completing online forms to contact us, subscribing to a newsletters and marketing information from us, participating in surveys or registering for events that we are organizing. The information we collect about you include the following:
- Company or Organization
- Contact information, including primary email, email address and telephone numbers
- Demographic information, such as country, postal code
- Information pertinent to fulfilling services to you
- Any other personal data that you voluntarily choose to provide us
We do not intentionally collect special categories of personal data, unless you provide us with such data. While there may be free text boxes on the site where you are able to enter any information, we do not intend to process sensitive information. You are not required to provide, and should not disclose, sensitive personal information in the free text boxes. If you choose to provide any sensitive personal information in this manner, you acknowledge you consent to the collection and processing of this sensitive information.
If you register on our website e.g. for our newsletter, webcast or events, your personal data is stored to answer your enquiry.
Information that we collect automatically
When you visit our site, we collect certain personal data automatically from your device. Specifically, the data we collect automatically include information, such as your IP address, device type, unique device identification number, browser type, operating system, broad geographic location (e.g., country or city-level location) and other technical information. We also collect information about how your device has interacted with our site, including the pages accessed, current URL, time you visited the site and links clicked. Collecting this information enables us to better understand the visitors who come to our site, where they come from and what content on our site is of interest to them.
We use this information for our internal analytics purposes, and to improve the quality and relevance of our site to our visitors. Information will be collected using cookies and similar tracking technology, as explained further in the Cookie settings.
Our site also uses various social media plugins.
(3) All personal data are collected and processed by us only to the extent necessary for providing the website, including to confirm and authenticate your identity and prevent unauthorized access to restricted Aries of our site, to personalize and enrich your browsing experience by displaying content, to analyze the data of visitors to our site and site traffic information, to develop our business and services, answering inquiries, processing and execution the orders placed with us/contracts concluded with us (jointly referred to as “contractual relationships”), or in order to give you access to certain information and offers. We use the personal data exclusively for the corresponding purpose and in compliance with the applicable data protection provisions.
(2) The legal bases for the processing of personal data for the purposes just described are:
- (a) If the processing of personal data is carried out based on the consent of the data subject, the legal basis is Art. 6 (1) lit. a) GDPR.
- (b) If the processing of personal data is necessary for the performance of a contract to which the data subject is party, or for the implementation of pre-contractual measures at the request of the data subject, the legal basis is Art. 6 (1) lit. b) GDPR.
Our legitimate interest in the effective delivery of information and services to you and the effective and lawful operation of or businesses as well as the legitimate interest in developing and improving our site and your user experience, the legal basis is Art. 6 (1) lit. f) GDPR.
(3) If we commission processors for specific functions of our offer, or if we disclose your data – insofar as this is legally permissible – to other recipients, we will inform you thereof in a separate notification.
§ 4 Visiting our website
1) SSL certificate
For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the website operator, this page uses SSL encryption. You can tell when a connection is encrypted, because the address line of the browser changes from “http://” to “https://” and a padlock symbol is displayed in your browser’s title bar. When SSL encryption is activated, the data that you send to us cannot be read by third parties.
(2) If you merely use our website for informational purposes, we only collect the personal data that your browser transmits to us and that are necessary for us in technical terms in order to allow for the effortless use of our website and ensure the security and stability of the system, namely: IP address, date and time of the inquiry, time zone difference to Greenwich Meantime (GMT), contents of the request, access status/HTTP status code, respective volume of data transmitted, requesting website, browser, operating system and interface and language and version of the browser software.
(3) In addition to the previously mentioned data, cookies may also be stored on your operating system when you use our website. Cookies are small text files that are stored in or by the user’s internet browser. Cookies cannot execute programmes or infect your operating system or computer with viruses. Cookies are designed to make the internet offer more user-friendly and effective.
However, if you do so, it is possible that you may not be able to use all the functions of our website.
§ 5 Social Media Plugins
On our site, we implement so-called social media plugins. When you visit a page that displays one or more of such buttons, your browser will establish a direct connection to the relevant social network server and load the button from there. At the same time, the social media provider will know that the respective page on our site has been visited. We have no influence on the data that the social media providers collect on the basis of the buttons. If you wish to prevent this, please log out of your social media accounts before visiting our website. Social media providers set cookies as well, unless you have disabled the acceptance and storage of cookies in your browser settings
Our site includes plugins for the social network, Facebook. The Facebook plugins can be recognized by the Facebook logo on our sites. For an overview of Facebook plugins, click here.
Our site contains functions of the Instagram service.
If you are logged into your Instagram account, you can click the Instagram button to link the content of our pages with your Instagram profile. This means that Instagram can associate visits to our pages with your user account. If you are not yet logged into your Instagram account, clicking an Instagram button will show you the Instagram login page for you to enter your login credentials. We expressly point out that we receive no information on the content of the transmitted data or its use by Instagram.
Our site uses plugins from YouTube, which is operated by Google.
If you visit one of our pages featuring a YouTube plugin, it is a connection to the YouTube servers. Here, the YouTube server is informed about which pages you have visited.
If you’re logged in to your YouTube account, YouTube allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account. If you are not yet logged in, clicking a YouTube button will show you the YouTube login page for you to enter your login credentials.
We use LinkedIn for recruitment and marketing campaigns. Once LinkedIn members click on advertisement, they will see a form that is pre-filled with information from their LinkedIn profile, such as their name, contact information, company name, seniority, job title and location. As soon as a LinkedIn member submits a lead form, they will be connected to us.
Our site uses the Google Maps map service via an application programming interface (API).
To use Google Maps, it is necessary to save your IP address. This information is generally translated to a Google server in the United States and stored there. We have no influence on this data transfer.
§ 6 Processing of applicant data
(1) If you send an application to us, we process the data you disclose to us and the documents you send (upload) in order to carry out the application procedure. In any case, your data and documents are stored for the duration of the application procedure and after this, for as long as is legally permitted.
(2) If you have provided your consent, we store your data and documents beyond the legally permissible retention period and pass them on to other group companies of the Prinzhorn group in order to check if you come into consideration for other free positions. However, you will also receive separate information regarding this matter.
§ 7 Security
Prinzhorn takes appropriate administrative, technical and organizational measures to ensure the integrity and confidentiality of personal data and to protect personal data in its possession against accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure or misuse, access and any other unlawful forms of processing. In accordance with the GDPR, the Austrian Data Protection Act (DSG), applicable regulations and internal company policies, Prinzhorn takes security precautions at all appropriate points in its technological infrastructure.
Prizhorn provides training to its employees on its privacy policies and procedures and permits authorized employees to access personal information to the extent necessary in the performance of their duties.
§ 8 Transfer of personal data
In order to provide you the website and our services, we need service providers who act as Processors that support us. For example, we engage such to provide (a) general office support including printing, document production and management, archiving, and translation services; (b) accounting, finance and billing support and (c) IT functions including system management and security, data storage, analytics, business applications, voicemail and replication of systems for business continuity/disaster recovery purposes.
It is our policy to only use third-party Processors that are bound to maintain appropriate levels of data protection, security and confidentiality, and that comply with any applicable legal requirements for transferring personal data outside the jurisdiction in which it was originally collected.
In some cases, personal data might be transferred to and stored outside the country in which you are located. This includes countries outside the European Economic Area (EEA) and countries with laws that have not necessarily been determined to provide an adequate level of protection for the processing of personal data under the laws of the EU or other jurisdictions. In case personal data is transferred outside the EEA, special safeguards are foreseen to ensure the protection travels with the data. If we transfer personal data to a Processor outside of the EEA, we guarantee to have concluded Standard Contractual Clauses (SCCs) approved by the European Commission.
§ 9 Keeping your personal data up-to-date
We maintain the accuracy and completeness of the personal data we hold. It is important that you inform us of any updates to your contact details or other personal data so that we have the most up-to-date information about you. Please contact the person you usually deal with at Prinzhorn.
§ 10 Data retention / Storage of personal data
We store personal data only as long as it is necessary for the purposes described in the section 3 of this privacy statement. Please note that the retention periods vary from country to country and are determined in accordance with local legal and professional retention requirements.
In order to meet legal requirements, to establish, exercise or defend our legal rights, and for archiving and historical purposes we need to retain information for significant periods of time.
The duration of the legally stipulated retention periods can, for example, result from the following laws: UGB, BAO, UStG and GewO. The retention periods vary in length and in justified individual cases (e.g. preservation of evidence) the retention period can also be longer (e.g. in the case of limitation periods of up to 30 years; the regular retention time is 7 years). If the data concerned are subject to different retention periods, the longest retention period in each case is decisive.
§ 11 Data Subject Rights
Right of information of the data subject according to Art. 15 GDPR:
You have the right to obtain information from us about the processing of personal data. This includes purpose and category of personal data, recipients and category of recipients, possible recipients in a third country, duration of data storage.
In this regard, please contact the respective data protection officer of the company to which you have applied.
You also have the right to complain to the relevant data protection authority.
Right to rectification of data according to Art. 16 GDPR:
If data is incorrect or incomplete, you have the right to have this data corrected or completed. If applicable, we will carry this out immediately.
Right to erasure of data according to Art. 17 GDPR:
You have the right to have your personal data deleted as soon as the following conditions are met:
• The personal data is no longer necessary for the purpose.
• You withdraw your consent or object to the processing of personal data and there is no other legal basis which makes the further processing of personal data necessary.
• The processing of personal data was unlawful.
• The deletion of personal data is required by law.
The right to erasure does not exist if the processing is necessary for legal reasons or for the assertion, exercise or defense of legal claims.
Right to restriction of processing of data:
You have the right to restrict your personal data as soon as the following conditions are met:
• As soon as you dispute the accuracy of the data.
• If the processing of the data is unlawful, or the data is no longer needed by us for the purpose and you require the deletion of your data for the assertion, exercise or defense of legal claims.
Where processing has been restricted in accordance with this paragraph, such personal data may be processed, with the exception of storage, only with the consent of the data subject or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or of a Member State.
If you have obtained a restriction of the processing of the data, you will be informed by us before the restriction is lifted.
Right to data transmission (Art. 20):
You have the right to have the personal data which you have made available to us on the basis of Art. 6 Para. 1 a or b and which have been processed by us transferred to you in a structured, common and machine-readable format.
Right of objection according to Art. 21 GDPR:
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you carried out on the basis of Article 6(1)(e) or (f), including profiling based on those provisions.
Right to revoke the declaration of consent under data protection law:
You have the right to revoke your data protection consent at any time. However, the revocation shall not affect the lawfulness of the processing carried out up to that point.
Right to lodge a complaint with the national data protection authority:
If you are concerned about an alleged breach of the Data Protection Act or any other regulation, please contact email@example.com. Prinzhorn will investigate your complaint and provide information on how it should be handled and resolved.
If you are not satisfied with the resolution of your complaint, you may, without prejudice to other legal remedies, lodge a complaint with the Austrian data protection authority or also with another data protection supervisory authority in the European Union. Our competent data protection authority is:
Austrian Data Protection Authority (DSB)
Phone: +43 1 52 152-0
They may also refer the matter to a court of competent jurisdiction.
§ 12 Changes to this data privacy statement
(1) We reserve the right to adjust and update this data privacy statement so that it complies with the latest legal requirements or in order to appropriately depict or implement changes to our services in the data privacy statement. If we make material changes in the way we collect, use and share personal data, we will notify you prominently posting notice of the changes on the website. When you visit our website or use our services, the latest version of the data privacy statement that is valid at that point in time applies.We recommend that you check this page from time to time to inform yourself of any changed in this privacy statement.
valid from 2023-02-23