EBNER Beteiligungsgesellschaft m. b. H.
referred to in this document as “EBNER”.
The German version of this document dispenses with gender neutral formulations in order to make it easier to read. The regulations apply equally to men and women.
1. Purpose of data processing
EBNER processes personal data, especially data relating to employees, pensioners, applicants, customers, suppliers and other partners for the purpose of performing business activities and fulfilling the associated legal and contractual requirements.
1.1 Processing data relating to employees and pensioners
EBNER saves and processes personal data of employees, former employees, pensioners and their relatives in fulfillment of all contractual and legal requirements and obligations.
Personal data that is not essential to the fulfillment of contractual and legal requirements are only processed if employees have granted their permission.
1.2 Processing data relating to customers, partners and suppliers
EBNER saves and processes data made available by prospective customers, customers, partners and suppliers, especially names, email addresses and telephone numbers for creating proposals and processing orders as well as fulfilling the associated contractual and legal obligations. The data may be forwarded to the authorities and public institutions if this is necessary to fulfill legal obligations.
The information is processed within the whole company group to ensure that trouble-free service is provided.
1.3 Job applicants
We electronically process the contact data and application documents provided by applicants for a job so that we can select suitable candidates.
1.4 Website & cookies
1.4.1 IP address
Information is saved automatically to the web server when you visit our website. This includes information on the browser used, the operating system, the IP address and the time of the visit. From EBNER’s point of view these data are pseudonymized and without another source of data cannot be associated clearly with particular persons.
EBNER does not evaluate these data as long as no unlawful use of the website has occurred.
When you visit this website, cookies are saved to your computer or mobile device that allow you to be recognized when you return to the website. The user-friendliness of the website is enhanced as a result. No personal information is saved. No information is forwarded to third parties (except to IT providers who help us to optimize the website from a technical point of view).
There are two types of cookies: permanent cookies and temporary cookies. Permanent cookies are saved as a file on your device for up to twelve months. Temporary cookies are saved for the duration of your visit and then deleted when you close the browser session. We use permanent cookies only to remember which start page you have chosen.
You can easily delete cookies from your computer or mobile device by using the settings in your browser. In the Help menu of your browser you can see how to manage and delete cookies. You can also deactivate cookies and be notified if a new cookie is sent to your computer or mobile device. Please note that in certain situations you will not be able to use all the services offered by our website if you reject its cookies.
Data is processed based on the legal regulations specified in clause 96 section 3 of the Austrian telecommunications law.
The names and email addresses of our customers and other people interested in our company and products are used to subscribe to the newsletter in order to receive the latest news and offers.
If the data are not correct, they can be changed by the newsletter recipient.
If the recipient no longer wishes to receive the newsletter, they can unsubscribe by clicking on the link in the email.
2. Principles of processing personal data
The processing of personal data is based on strict principles in terms of data protection and security and the rights of the people affected.
2.1 Lawfulness & transparency
Data processing takes place on a lawful basis in accordance with the data protection terms while taking into consideration the rights of the data subjects.
2.2 Purpose limitation
The data are recorded and processed for clearly specified and legitimate purposes. Data is not processed in a way that is considered incompatible with the initial purpose.
2.3 Data minimization
Only the data that is essential to the purpose specified is recorded and processed. Where possible for achieving the purpose and if the effort is deemed reasonable, only anonymized data is processed
2.4 Storage limitation and erasure
Personal data will be erased as soon as the purpose for which the data was originally recorded no longer exists and the legal grace periods do not prevent erasure.
If there are special cases where the data is deemed worthy of protection, the data will be stored until interest in the data no longer exists.
2.5 Data security
Personal data is subject to data confidentiality The data is to be treated confidentially and is protected by suitable organizational and technical measures against unauthorized access, unlawful manipulation or forwarding as well as loss and destruction.
2.6 Material accuracy
Personal data must be accurate, complete and kept up to date. Suitable measures are implemented to correct old, incorrect or incomplete data.
3. Obligation to maintain data confidentiality
All employees at EBNER are obliged to maintain confidentiality and are instructed and trained at regular intervals on how to treat personal data and other critical data.
4. Data security
The protection of confidentiality, availability and integrity of data is one of EBNER’s key tasks. This applies equally to company secrets, customer data, personal data and other critical information.
For this purpose, technical and organizational security measures that comply with the state-of-the-art and internationally recognized best practices and security standards have been installed and are continuously improved.
5. Data Protection Officer
EBNER is not in the position of having to nominate a Data Protection Officer because the terms of the EU GDPR do not apply in this case.
However, because data protection is so important to us, EBNER has decided to name a Data Protection Coordinator. This person is available to assist data subjects on any matters concerning data protection within the EBNER Group. Another task is to continuously check and improve EBNER’s data protection measures.
6. Rights of data subjects
Each data subject whose personal data is processed by EBNER can at any time exercise the rights of data subjects by contacting the Data Protection Coordinator at EBNER.
Data security is also very important in relation to the rights of data subjects, which is why the rights of data subjects can only be made valid after the data subject has been clearly identified beyond all doubt.
The implementation of the following data subject laws is governed by the terms of the EU GDPR.
Data subjects can demand information at any time about which of their personal data are being processed and what purpose the processing serves.
Data subjects have the right to demand immediate rectification of any personal data that is incorrect.
Data subjects have the right to limit processing if the correctness of the data relating to them is disputed, the processing is unlawful, the data is no longer needed for processing or the data subjects have objected to the processing.
Data subjects have the right to object to the processing of their personal data at any time.
Data subjects have the right to obtain the personal data they have made available to EBNER in a structured, accessible and machine-readable format. They also have the right to demand that this data is transferred to another controller providing this is technically possible.
Portability applies only to personal data that has been processed using automated processes.
6.6 Erasure – right to be forgotten
The data subject has the right to demand immediate erasure of their personal data if the legal basis for processing the data is missing or no longer exists, if an objection to the data processing has been made, if the data processing is unlawful and there is no legal grace period for erasing the data.
7. Data transfer
The transfer of personal data to recipients outside the company group or recipients in non-EU countries only takes place in accordance with the applicable laws while observing strict confidentiality and data security.
In the course of processing data within the group, personal data is transferred between companies in the EBNER Group. This transfer is governed by standardized contract clauses, which represent a uniform standard for the protection and legally-compliant processing of data.
EBNER uses various processors to process data. All processors have signed a data processing agreement and are legally obliged to adhere to the data protection regulations.
8. Ongoing checks and improvements
The ongoing improvement of quality and processes is very important to EBNER.
Adherence to the directives on data protection as well as the laws and effectiveness of measures to ensure data protection and data security are continuously being analyzed and improved in order to ensure that data protection measures are implemented in the best way possible.