I. Data protection at a glance
1. Who is reponsible for data processing and who can I contact if I have any queries?
SETEC Engineering GmbH & CO. KG
Tel. +43 463 58 08-0
Fax: +43 463 58 08 -0
Companies register: Austrian trade register
Trade register number: FN 180699i
Authorized representatives: DI Gerhard Zimmerl, DI Cristian Nunner and DI Wilhelm Tischendorf
VAT identification number: ATU46515604
Data Protection Officer
Mr Marko Pircer
SETEC Engineering GmbH & Co. KG
Tel. +43 463 58 08-232
Fax: +43 463 58 08 -5
Ms Katharina Isele, attorney-at-law
Berner Straße 45
60437 Frankfurt am Main
Tel. +49 69 5 00 08-173
Fax: +49 69 5 00 08 -170
2. What sources and data do we use?
We process personal data that we have received from you in the context of our contractual relationship. Such data includes, in particular, your company address, your company data, your bank details, your E-mail addresses and your contact details.
3. For what purposes and on what legal grounds do we process your data?
We process your personal data in compliance with the provisions of the European General Data Protection Regulation (EC/GDPR) and the German Federal Data Protection Act (BDSG). Data is used for company-internal purposes, as, for instance, to inform you about special offers or new products and send you invitations to events as well as information and reminders in connection with your existing contractual relationship with us.
4. Who receives your personal data?
Your personal data is used for the purpose of managing your contractual relationship with us only. Access to data is limited to our legal department, our management board and the respective project leaders.
5. How long do we store your personal data?
Your data is stored by us only as long as your contract concluded with us is valid and we are legally bound by statutory duties of retention and documentation.
6. Transfer of your personal data to international or superordinate organizations
Your data is transferred to authorities (e.g. tax authorities), auditors, subcontractors, employees, etc. to meet legal requirements and to prepare your final account. The respective authorities and institutions only use your personal data for administrative and invoicing/final accounting purposes related to your contractual relationship with us.
Your personal data is neither processed nor disclosed for any other purposes.
7. Legal basis
We process your personal data on the following legal basis:
The legal basis is the GDPR, whereby the processing of personal data relies on the following articles:
- a) 6 I lit. a GDPR: the data subject (you) has given their consent to the processing of their personal data for one or several specific purposes, e.g. to conclude a contract with us.
- b) 6 I lit. b GDPR: Processing is necessary for the performance of a contract to which the data subject (you) is party, or in order to take steps at the data subject's request prior to enter into a contract.
- c) 6 I lit. c GDPR: Processing is necessary for compliance with a legal obligation to which the controller is subject, e.g. tax obligations to which we are subject.
- d) 6 I lit. d GDPR: Processing is necessary to protect vital interests of the data subject or another natural person; although this is a very rare event that hopefully will never occur, it includes, e.g., the situation where you would be injured within the scope of your contractual relationship with us, making it necessary for us to disclose your name, age or other vital information to a doctor, hospital or other third party.
Art. 6 I lit. f GDPR: All processing operations to which none of the aforementioned articles apply, these operations being necessary to keep a legitimate interest of our company or any third party, provided there are no overriding interests, fundamental rights and fundamental freedoms of the data subject. Should the processing of personal data rely on this Art. 6 I lit. f GDPR, our legitimate interest would be to implement our existing contractual relationship with you.
8. What privacy rights do you have?
a) You have the right to obtain confirmation
Any data subject has the right, granted by the European directive and regulatory authority, to obtain from the controller the confirmation as to whether or not personal data concerning them are being processed. If a data subject wishes to avail themselves of this right of confirmation, they may contact an employee of the controller at any time. In this case, please contact the Data Protection Officer.
b) You have the right to obtain information
Any data subject has the right, granted by the European directive and regulatory authority, to obtain at any time from the controller free information about their personal data stored, and a copy of this information. Also, the European directive and regulatory authority grants the data subject access to the following information:
o the purposes of processing
o the categories of personal data processed
o the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organizations
o where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
o the existence of the right to request from the controller rectification or deletion of personal data, or restriction of the processing of personal data concerning the data subject, or to object to such processing
o the existence of the right to lodge a complaint with a supervisory authority
o where the personal data are not collected from the data subject: any available information as to the source of these data
o Furthermore, the data subject has a right to obtain information as to whether personal data was transferred to a third country or to an international organization. Where this is the case, the data subject has the right to be informed of the appropriate safeguards relating to the transfer.
If a data subject wishes to avail themselves of this right of confirmation, they may contact an employee of the controller at any time. In this matter, please contact the Data Protection Officer.
c) You have the right to obtain rectification
Any data subject has the right, granted by the European directive and regulatory authority, to obtain from the controller without undue delay the rectification of inaccurate personal data concerning them. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.
If a data subject wishes to avail themselves of this right of rectification, they may contact an employee of the controller at any time. In this case, please contact the Data Protection Officer.
d) You have the right to obtain deletion (Right to be forgotten)
Any data subject has the right, granted by the European directive and regulatory authority, to obtain from the controller the deletion of their personal data without undue delay, and the controller has the obligation to delete the personal data without undue delay where one of the following grounds applies, as long as processing is not necessary:
o The personal data is no longer required for the purposes for which it was collected or otherwise processed.
o The data subject withdraws their consent, on which the processing was based pursuant to Article 6 (1) lit. a GDPR or Article 9 (2) lit. a GDPR, and where there is no other legal ground for this processing.
The data subject objects to the processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 (2) GDPR.
o The personal data was processed unlawfully.
o The personal data has to be deleted for compliance with a legal obligation under Union or Member State law to which the controller is subject.
The personal data has been collected in relation to the offer of information society services referred to in Article 8 (1) GDPR.
If one of the aforementioned reasons applies and a data subject wishes to request the deletion of personal data stored by the companies of the Gauff Consultants group, they may contact an employee of the controller at any time. In this matter, please contact the Data Protection Officer.
- e) You have the right to obtain restriction of processing
Any data subject has the right, granted by the European directive and regulatory authority, to obtain from the controller restriction of processing in either of the following circumstances:
o The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
o The processing is unlawful and the data subject opposes the deletion of the personal data and requests instead the restriction of their use.
o The controller no longer needs the personal data for the purposes of processing, but they are required by the data subject for the establishment, exercise or defense of legal claims
The data subject has objected to the processing pursuant to Article 21 (1) GDPR, pending the verification whether the legitimate grounds of the controller override those of the data subject.
If one of the aforementioned conditions is met and a data subject wishes to request the restriction of the personal data stored by the respective companies of the Gauff Consultants group, they may contact the Data Protection Officer at any time.
- f) You have the right to obtain data transferability
Any data subject has the right, granted by the European directive and regulatory authority, to receive their personal data, provided by the data subject to a controller, in a structured, commonly used and machine-readable format. They also have the right to transmit those data to another controller without hindrance from the controller to which the personal data was provided, as long as the processing is based on consent pursuant to Article 6 (1) lit. a GDPR or Article 9 (2) lit. a GDPR, or on a contract pursuant to Article 6 (1) lit. b GDPR and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, in exercising their right to data portability pursuant to Article 20 (1) GDPR, the data subject has the right to have personal data transmitted directly from one controller to another, where technically feasible and where this does not adversely affect the rights and freedoms of others.
In order to assert the right to data portability, the data subject may contact the Data Protection Officer at any time.
- g) You have the right to oppose
Any data subject has the right, granted by the European directive and regulatory authority, to object at any time, on grounds relating to their particular situation, to the processing of their personal data pursuant to Article 6(1) lit. e or f GDPR.
We shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims.
In order to avail of the right to object, the data subject may contact the Data Protection Officer at any time. In addition, the data subject is free in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to use their right to object by automated means using technical specifications.
- h) You have the right to complain
If you find that the processing of your personal data is unlawful, you have the right to lodge a complaint with a supervisory authority responsible for data protection, that is competent for your place of residence, workplace or the place of the presumed infringement.
- i) You have the right to withdraw your consent to data processing
Any data subject has the right, granted by the European directive and regulatory authority, to withdraw consent to the processing of their personal data at any time.
If the data subject wishes to assert their right to withdraw consent, they may contact the Data Protection Officer at any time. They simply have to send us an informal e-mail. The lawfulness of the data processing carried out until the consent is withdrawn shall remain unaffected by such withdrawal.
We hope that the above information is sufficient for you. However, please do not hesitate to contact our Data Protection Officer or our Legal department for any questions you may have. Our Data Protection Officer or the Legal department will also be at your disposal should you have any other suggestions or further information relating to the implementation of the General Data Protection Regulation.
Please note that we collect as few data as possible; however, we need the data collected and to be processed by us in order to manage our mutual contractual relationship properly and in compliance with further legal requirements, e.g. tax requirements.
- Data collection on our website
- Who is responsible for data collection on this website?
Data collection on this website is carried out by the website operator whose contact details can be found in the imprint of this website.
2. How do we collect your data?
Some data is collected when you provide it to us. This could, for example, be data you enter on a contact form.
Other data is collected automatically by our IT systems when you visit the website. This data is primarily technical data such as the browser, the operating system you are using or the time when you view the page. This data is collected automatically as soon as you enter our website.
3. For what purposes do we use your data?
Part of the data is compiled in order to ensure that the website is provided faultlessly. Other data can be used to analyze how you use the site.
4. What rights do you have regarding your data?
5. Analytics and third-party tools
6. General information and mandatory information
a) Data privacy and protection
Please note that data transmitted via the internet (e.g. via e-mail communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.
b) Notice concerning the party responsible for this website
The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.).
c) SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the mandates or inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon is displayed in your browser's address bar.
If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.
7. Data collection on our website
Some of our web pages use so-called cookies. Cookies do not harm your computer and do not contain any viruses. Cookies help make our website more user-friendly, efficient, and secure. Cookies are small text files that are stored on your computer and saved by your browser.
Most of the cookies we use are so-called "session cookies." They are automatically deleted after your visit. Other cookies remain in your device's memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.
b) Server log files
The website provider automatically collects and stores information that your browser automatically transmits to us in "server log files". These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
These data will not be combined with data from other sources.
The basis for data processing is Art. 6 (1) lit. f GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.
c) Contact form
Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information without your permission.
We will, therefore, process any data you enter onto the contact form only with your consent in accordance with Art. 6 (1) lit. a GDPR. You may revoke your consent at any time. An informal e-mail making this request is sufficient. The data processed before we receive your request may still be legally processed.
We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.
8. Analysis tools and advertising
a) Google Analytics
This website uses functions of the web analysis service Google Analytics. The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses so-called cookies. These are text files that are saved on your computer and that allow an analysis to be made of your use of the website. The information provided by the cookie about your use of this website is usually transmitted to a Google server in the USA and saved there.
The saving of Google Analytics cookies is done on the basis of Article 6 (1) lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both the operator’s web products and services, and advertising them.
b) IP Anonymization
We have activated the IP anonymization function on this website. This enables your IP address to be shortened by Google within member States of the European Union (EU) or in other countries party to the Agreement on the European Economic Area (EEA) before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the US and shortened there. On behalf of the operator of this website, Google will use this information in order to analyze your use of the website and compile reports on website activity, and to provide the website operator with further services related to website and internet usage. The IP address transmitted by your browser within the framework of Google Analytics is not merged with other Google data.
c) Browser plug-in
You can prevent cookies from being saved by adjusting the relevant settings in your browser software. However, we point out that in this case it may happen that you are not able to fully use all the functions of this website. Moreover, you can also prevent Google from collecting and processing the data obtained from the cookie and relating to your use of the website (including your IP address) by downloading and installing the browser plug-in provided at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
d) Objection to data collection
You can prevent Google Analytics from collecting your data by clicking on the following link. This will set an opt-out cookie which prevents the collection of your data during future visits to this website: Deactivating Google Analytics.
e) Demographics with Google Analytics
This website uses the Google Analytics Demographics function. It compiles reports containing information about the age, sex, and interests of website visitors. These data originate from interest-based advertising from Google, as well as visitor data from third-party providers. Such data cannot be associated with a specific individual. You can deactivate this function at any time via the display settings in your Google account, or generally refuse to allow the collection of your data by Google Analytics, as explained under "Objection to data collection".
f) Google reCAPTCHA
We use Google reCAPTCHA (hereinafter called reCAPTCHA) on our websites. This service is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").
reCAPTCHA is used to check whether the data entered on our website (such as on a contact form) has been entered by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, how long the visitor has been on the website, or mouse movements made by the user). The data collected during the analysis will be forwarded to Google.
The reCAPTCHA analyses take place completely in the background. Website visitors are not advised that such an analysis is taking place.
Data processing is based on Article 6 (1) lit. f GDPR. The website operator has a legitimate interest in protecting their site from abusive automated crawling and spam.
a) Newsletter data
If you would like to receive the newsletter offered on our website, we require a valid e-mail address as well as information that allows us to verify that you are the owner of the specified e-mail address and that you agree to receive this newsletter. No additional data is collected or is only collected on a voluntary basis. We only use this data to send the requested information and do not pass it on to third parties.
We will, therefore, process any data you enter onto the contact form only with your consent in accordance with Art. 6 (1) lit. a GDPR. You can revoke consent to the storage of your data and e-mail address as well as their use for sending the newsletter at any time, e.g. through the "unsubscribe" link in the newsletter. The data processed before we receive your request may still be legally processed.
The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription when said data will be deleted. Data we have stored for other purposes (e.g. e-mail addresses for the members area) remain unaffected.
10. Plug-ins and tools
Our website uses plug-ins of the YouTube portal provided by Google. The pages are operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
When you visit any of our pages featuring a YouTube plug-in, a connection to YouTube servers will be established. As part of this technical procedure, You Tube will be informed about which of our pages you have visited.
If you do so while logged into your YouTube account, you allow YouTube to directly associate your surfing behavior with your personal profile. You can prevent this from happening by logging out of your YouTube account beforehand.
We use YouTube to facilitate the visually attractive presentation of our online products and services. Pursuant to Article 6 (1) lit. f GDPR, this is a legitimate interest.
Google Web Fonts
This site uses so-called web fonts, provided by Google for the uniform representation of fonts. When you call up a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.
For this purpose, your browser has to create a connection with the servers of Google. Hereby Google obtains knowledge that our website was called up via your IP address. Google Web Fonts are used in the interest of a uniform and appealing presentation of our online products and services. This is a legitimate interest pursuant to Article 6 (1) lit. f GDPR.
If your browser does not support web fonts, a default font will be used by your computer.
c) Google Maps
This website uses the Google Maps map service via an API. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
To use Google Maps, it is necessary to save your IP address. This information is generally transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.
The use of Google Maps is in the interest of making our website appealing and to facilitate the location of places specified by us on the website. This is a legitimate interest pursuant to Article 6 (1) lit. f GDPR.