Privacy statement

1. General information

Your data are in safe hands with us! We, ROXCEL Holding GmbH (“ROXCEL Holding”) are obliged to protect your data and take such duty seriously. Please take the time to carefully read through our Privacy Policy to find out why we collect your data and in which form they are processed.

This Privacy Policy shall apply to

  • visitors to the ROXCEL Holding website (Section 4.1.)
  • customers and interested parties of ROXCEL Holding (Section 4.2.)
  • suppliers and business partners of ROXCEL Holding (Section 4.3.)
  • applicants (Section 4.4.)
  • visitors to our Vienna office (Section 4.5.).

 

 

2. Controller

The following company is responsible for data processing and thus the controller:

ROXCEL Holding GmbH
Thurngasse 10
1090 Vienna
E-mail: datenschutz@roxcel.com

 

 

3. What are personal data?

Personal data means any information relating to an identified or identifiable natural person (e.g. name, contact details, invoice data, IP address).

 

 

4. How do we process your personal data?

We process your data in different ways, depending on whether you visit our website (Section 4.1.), are our customer or an interested party (Section 4.2.), are our supplier or business partner (Section 4.3.), apply to us as potential employee (Section 4.4.) or visit our office in Vienna (Section 4.5.):

4.1. Data processing regarding visitors of our website

If you visit our website, we will process personal data related to your visit.

Personal data that you transfer electronically through this website, for example name, e-mail address, address and other personal data, shall only be used by us for the specified purpose, shall be stored securely and shall not be disclosed to third parties. Our website provider automatically collects and saves information regarding the web server, such as the browser used, operating system, referrer website, IP address, time of access etc. This data cannot be linked to specific individuals without checking other data sources and we will not analyse these data any further for as long as there is no suspicion of an attack to our website.

 

 

Cookies

Our website uses “cookies”. Cookies are small files that allow this website to save certain information about the user on their computers while they are visiting our website. Cookies help us to determine the frequency of use and the number of people using out websites, as well as to make our content comfortable and efficient for you. On the one hand, we use session cookies that only temporarily store information for the time that you use our website, and, on the other hand, permanent cookies in order to save information on visitors who access our website repeatedly. Purpose of the use of such cookies is to be able to offer an optimised user interface and to recognise users as well as, in case of repeated use, to be able to present a website that is as attractive as possible with content that is as interesting as possible.

The following data is temporarily retained in the session cookies: browser type, operating system, country, date, time and duration of access, IP address and sites visited including entry and exit sites and language settings. You can prevent the installation and operation of cookies by changing the settings of your browser. In such context, we process your personal data in order to safeguard our legitimate interests (Art 6(1) point (f) GDPR), i.e. ensuring the operation, security and optimisation of our website.

The following permanent cookies are used within our website: “reDimCookieHint”. The content of the permanent cookie is restricted to an identification number. Name, IP address etc. are not saved. No individual profiling regarding your user behaviour is carried out.

It is possible to also use our website without cookies. The permanent cookies shall only be activated if you expressly consent to the use of cookies by clicking on “Ok” in the cookie banner of the website (Art. 6(1) point (a) GDPR). If you consented to the use of such cookies, they will be stored for one year after placing and/or updating of such cookies and thereafter deleted. Cookies which have already been stored can be erased at any time. Furthermore, you can deactivate the saving of cookies in your browser, restrict it on certain websites or set your web browser (Chrome, IE, Firefox, etc.) to display a notification when a cookie is being sent. You can also erase cookies from the storage medium of your end device at any time.

 

 

Google Analytics

This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses cookies, i.e. text files stored on your computer and allowing to analyse your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the US and stored there. In the case of the activation of IP anonymisation on this website, however, your IP address will first be shortened by Google within European Union member states or other states which are part of the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the US and shortened there. On behalf of the provider of this website, Google will use this information to analyse your use of the website, to compile reports about website activities and to provide further services connected to the use of this website and of the internet for the website provider. The IP address transferred by your browser in the context of Google Analytics is not combined with any other data from Google. You can prevent cookies from being stored by setting your browser accordingly; however, please note that you may not have full access to all website functions in this case. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) from being processed by Google by downloading and installing the browser plug-in available under the following link (https://tools.google.com/dlpage/gaoptout?hl=de).

For more information on the terms of service and data protection, please see https://www.google.com/analytics/terms/de.html and/or https://support.google.com/analytics/answer/6004245?hl=de. Please note that Google Analytics was extended by the code “gat._anonymizeIp();” on this website to ensure anonymised collection of IP addresses (so-called IP masking).

 

Contact form

We provide a contact form on our website. To the extent you contact us via such form or by email, the personal data you provide will be processed for the purpose of handling your request. Details which are mandatory for handling and responding to your request are marked separately (*). All other information can be given voluntarily. The processing is required for the performance of precontractual measures which are carried out at your request (Art 6(1) point (b) GDPR).

 

 

Google reCAPTCHA

In order to protect our website against automated accesses (e.g. bots), we use the reCAPTCHA service from Google LLC (“Google”), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, in our contact form. The query of the service is used to differentiate between inputs made by people and improper automated or machine inputs. By means of such service, Google can identify the website from which a query was sent and from which IP address you use the so-called reCAPTCHA input box. Your input is communicated to Google for this purpose. By using reCAPTCHA, you consent to participating in the reCAPTCHA digitalisation project for character and image recognition with your recognition performed.

In the case of the activation of IP anonymisation on this website, your IP address will first be shortened by Google within European Union member states or other states which are part of the European Economic Area (“EEA”). Only in exceptional cases will the full IP address be transmitted to a Google server in the US and shortened there. The deviating data protection provisions of Google shall apply to the processing pf personal data. Further information on Google’s data protection provisions can be found at https://policies.google.com/privacy.

The use of the service is in our overriding legitimate interest (Art. 6(1) point (f) GDPR), i.e. ensuring the security of our website as well as protection against unsolicited and automated access in the form of spam or the like.

 

 

Google Maps

Our website uses Google Maps for displaying map information. When Google Maps is used, Google also collects and processes data on the use of the map functions by visitors of the website. In order to obtain directions, you can either enable the location tracking function of your device or input your address manually. Any activation and use of the location tracking function as well as the statement of your address shall be voluntary (Art 6(1) point (a) GDPR).

You can find more detailed information on data processing by Google in the privacy policy of Google at https://policies.google.com/privacy.

 

Social Plug-ins

So-called social media buttons can be used on our website. These so-called “social plug-ins” enable you to recommend and share contents of social networks. For the protection of your data, we use a two-stage procedure in the implementation of social plug-ins. Our website contains the buttons merely as a graphic containing a link to the corresponding website of the button provider. If you do not click on such graphic, there shall be no communication between you and the providers of the social media buttons. Any data, e.g. the information that the IP address used by you accessed our website, will be transferred to social media providers only if you click on one of the social media buttons. In such case, we have no influence on and no access to cookies which are placed by providers of social media buttons; in general, such cookies serve the purpose of collecting further information about your use behaviour or our website and, where applicable, other websites. By clicking the social media buttons, you provide your consent to the processing of your personal data (Art. 6(1) point (a) GDPR), in particular to the transfer of personal data to the respective social media provider. By clicking the social media buttons while logged into your social media account, you can link content from our website to your social media profile. If you do so, the respective social network can assign your visit to our website to your user account. Please note that as the provider of the websites, we have no knowledge of the contents of the transferred data or its use by the social media provider. Information on the scope and use of the data collected is set forth in the data protection provisions of the respective social media.

We have embedded the social media buttons of the following companies in our website:

Facebook Fanpage

For our “ROXCEL Group of Companies” Facebook fanpage, we refer to our “Privacy Policy for visitors to our fan page” which can be accessed via the following link: https://holding.roxcel.com/component/content/article/2-staic-page/108-datenschutzinformation-f%C3%BCr-die-besucher-unserer-fanpage.html.

In order to achieve such intended goals, we may be required to disclose your data towards the following recipients:

RECIPIENT

PLACE OF BUSINESS (COUNTRY)

BASIS FOR TRANSFERS TO THIRD COUNTRIES

ABAX Informationstechnik GmbH (IT provider, IT support)

Austria

Within the EEA

FaNetwork e.U. (webdesign)

Austria

Within the EEA

Facebook Ireland Limited, Facebook Inc. (Facebook Plugin, Facebook Fanpage)

Ireland

USA

Within the EEA

EU-US-Privacy Shield

Google Ireland Limited, Google LLC (Google Maps, reCAPTCHA)

Ireland

USA

Within the EEA

EU-US Privacy Shield

4.2. Processing of data of customers and potential interested parties of ROXCEL

The processing of your data primarily takes place for the initiation, maintenance, performance and settlement of our contracts concerning goods and services (Art. 6(1) point (b) GDPR) or for the fulfilment of our legal obligations (Art. 6(1) point (c) GDPR).

You need to provide your data to enable us to properly conclude and settle our contract with you. If your personal data are not provided, this means that we cannot enter into a contractual relationship with you.

If we process your data based upon your explicit consent (Art. 6(1) point (a) GDPR), you have the right to withdraw such consent at any time, where the withdrawal of your consent shall not affect the lawfulness of the processing before the withdrawal.

It is in ROXCEL’s interests to inform customers, with whom there is an existing contractual relationship, as well as potential customers and interested parties, for the purpose of initiating contracts, about the further development of our own products and services as well as about market-specific topics and trends in this field on a regular basis.

If you are a customer, we will process the data we obtained in the course of our contractual relationship with you in order to send e-mails to you for the purpose of describing and presenting our products (Art. 6(1) point (f) GDPR). You have the right to object at any time to such use of your data for direct marketing purposes without stating any grounds; such objection can be sent by letter to ROXCEL Holding GmbH, Thurngasse 10, 1090 Vienna or by e-mail to datenschutz@roxcel.com. We shall process your data for such purpose only until you object, however, no longer than for three years after contract termination. We will process your data for other forms of direct marketing only if you grant us an express consent to the processing of your data (Art. 6(1) point (a) GDPR). If you consented to such data processing, you can withdraw such consent without stating any grounds by a letter sent to ROXCEL Holding GmbH, Thurngasse 10, 1090 Vienna or by email to datenschutz@roxcel.com. The processing of your personal data for direct marketing purposes is not required for the performance of our contractual relationship.

In order to achieve such intended goals, we may be required to disclose your data towards the following recipients:

RECIPIENT

PLACE OF BUSINESS (COUNTRY)

BASIS FOR TRANSFERS TO THIRD COUNTRIES

ABAX Informationstechnik GmbH (IT provider, IT support)

Austria

Within the EEA

Hutchison Drei Austria GmbH (telephone provider)

Austria

Within the EEA

Dimension Data Germany AG & Co KG (IT provider)

Germany

Within the EEA

Microsoft Corporation

USA

EU-US Privacy Shield

Banks for performing payment transactions

Globally, depending on the place of business

required for contract fulfilment (Art. 49(1) point (b) or (c) GDPR)

Accounting, tax consulting

Austria

Within the EEA

Service providers (DHL, UPS, TNT, FedEx, Post, Airportdriver)

Globally, depending on the place of business

required for contract fulfilment (Art. 49(1) point (b) or (c) GDPR)

Auditors (for auditing purposes)

Austria

Within the EEA

Domestic and foreign representation authorities and embassies

Globally, depending on the place of business

required for contract fulfilment (Art. 49(1) point (b) or (c) GDPR)

Travel agencies and operators of booking platforms (eWings)

Austria, Germany

Within the EEA

Embassies/foreign representation authorities, financial authorities to the extent required in the course of handling of transactions

Globally, depending on the place of business

required for contract fulfilment (Art. 49(1) point (b) or (c) GDPR)

Courts, notaries public, experts, legal representatives

Austria/globally, where applicable

Within the EEA/required for legal defence (Art. 49(1) point (e) GDPR)

Third-party lenders such as leasing or factoring companies and assignees to the extent the delivery or service is financed by third-party borrowing in such manner

Austria

Within the EEA

Insurances based upon the conclusion of an insurance contract for the delivery/service or occurrence of the insured event

Austria

Within the EEA

Federal Institute of “Statistik Österreich” [Austrian Statistics Office] for the preparation of the (official) statistics required by law

Austria

Within the EEA

Group management of the Controller regarding commercial and large customers

Austria

Within the EEA

Contractual or business partners who participate or are to participate in the delivery or service

Austria/globally, where applicable

required for contract fulfilment (Art. 49(1) point (b) or (c) GDPR)

4.3. Processing of data of suppliers and business partners of ROXCEL

The processing of your data primarily takes place for the initiation, maintenance, performance and settlement of our contracts concerning goods and services (Art. 6(1) point (b) GDPR) or for the fulfilment of our legal obligations (Art. 6(1) point (c) GDPR).

If you do not provide your data to us, we cannot enter into a business relationship with you.

In order to achieve such intended goals, we may be required to disclose your data towards the following recipients:

RECIPIENT

PLACE OF BUSINESS (COUNTRY)

BASIS FOR TRANSFERS TO THIRD COUNTRIES

ABAX Informationstechnik GmbH (IT provider, IT support)

Austria

Within the EEA

Hutchison Drei Austria GmbH (telephone provider)

Austria

Within the EEA

Dimension Data Germany AG & Co KG (IT provider)

Germany

Within the EEA

BELLIN Treasury International GmbH

Canada

Adequacy decision (Art 45(9) GDPR in connection with Decision 2002/2/EC in the version Commission Implementing Decision [EU] 2016/2295)

Microsoft Corporation

USA

EU-US Privacy Shield

Banks for performing payment transactions

Globally, depending on the place of business

required for contract fulfilment (Art. 49(1) point (b) or (c) GDPR)

Accounting, tax consulting

Austria

Within the EEA

Service providers (DHL, UPS, TNT, FedEx, Post, Airportdriver)

Globally, depending on the place of business

required for contract fulfilment (Art. 49(1) point (b) or (c) GDPR)

Auditors (for auditing purposes)

Austria

Within the EEA

Domestic and foreign representation authorities and embassies

Globally, depending on the place of business

required for contract fulfilment (Art. 49(1) point (b) or (c) GDPR)

Travel agencies and operators of booking platforms (eWings)

Austria, Germany

Within the EEA

Embassies/foreign representation authorities, financial authorities to the extent required in the course of handling of transactions

Globally, depending on the place of business

required for contract fulfilment (Art. 49(1) point (b) or (c) GDPR)

Courts, notaries public, experts, legal representatives

Austria/globally, where applicable

Within the EEA/required for legal defence (Art. 49(1) point (e) GDPR)

Debt collection agencies

Austria

Within the EEA

Third-party lenders such as leasing or factoring companies and assignees to the extent the delivery or service is financed by third-party borrowing in such manner

Austria

Within the EEA

Insurances based upon the conclusion of an insurance contract for the delivery/service or occurrence of the insured event

Austria

Within the EEA

Federal Institute of “Statistik Österreich” [Austrian Statistics Office] for the preparation of the (official) statistics required by law

Austria

Within the EEA

Group management of the Controller regarding suppliers

Austria

Within the EEA

Contractual or business partners who participate or are to participate in the delivery or service

Austria/globally, where applicable

required for contract fulfilment (Art. 49(1) point (b) or (c) GDPR)

4.4. Processing of personal data of applicants

We process your personal data either

  • for the initiation and performance of precontractual measures (conclusion of an employment contract, Art. 6(1) point (b) GDPR),
  • based upon your express consent (Art. 6(1) point (a) GDPR) if we wish to continue to keep you in our records as an applicant, or
  • in order to fulfil our legal obligations (registration as employee with social insurance providers, Art. 6(1) point (c) GDPR).

The processing of your personal data serves the purpose of handling the application process and registering you with social insurance providers if we employ you. If you do not provide your data to us, we cannot process your application.

In order to achieve such intended goals, we may be required to disclose your data towards the following recipients:

 

RECIPIENT

PLACE OF BUSINESS (COUNTRY)

BASIS FOR TRANSFERS TO THIRD COUNTRIES

ABAX Informationstechnik GmbH (IT provider, IT support)

Austria

Within the EEA

Hutchison Drei Austria GmbH (telephone provider)

Austria

Within the EEA

Dimension Data Germany AG & Co KG (IT provider)

Germany

Within the EEA

Courts, experts, legal representatives

Austria/globally, where applicable

Within the EEA/required for legal defence (Art. 49(1) point (e) GDPR)

Social insurance providers (for registration as employee)

Austria

Within the EEA

4.5. Visitors to our Vienna office

If you visit our Vienna office, we process your data in connection with the issuance of a visitor badge. The processing serves our legitimate interest, i.e. to control and manage visitors in the course of our domiciliary right (Art. 6(1) point (f) GDPR).

The business premises of our office at Thurngasse 10, 1090 Vienna are under video surveillance. The internal area in front of the entrance door, the internal area of the garage gate as well as the garage area on the first and second basement floor are in the field of view of the cameras. The publicly accessible areas in front of and around the business premises (e.g. the pavement) are not captured by the cameras. No acoustic information related to the image recordings are processed. All persons within the areas under video surveillance are in the field of view of the cameras. Therefore, apart from customers, suppliers, business partners, applicants and employees of ROXCEL, tenants and their visitors can also be regarded as data subjects. Video surveillance is separately labelled on site pursuant to the legal requirements under Sec. 13 DSG [Data Protection Act].

ROXCEL Immobilien GmbH is responsible for such video surveillance in terms of data protection legislation. The access of employees at the reception of ROXCEL Holding GmbH is limited to the image data transferred in real time. ROXCEL Holding GmH can access to and analyse footage within 72 hours only under certain predefined circumstances. The personal data are erased after 72 hours or, where applicable, after any civil, criminal or administrative proceeding has been completed.

The video surveillance serves the purpose of protecting the domiciliary right as well as for property and object protection, in particular protection against theft, burglary, wilful damage to property and similar incidents. The processing serves our legitimate interest and is based upon Art 6(1) point (f) GDPR in connection with Sec. 12 para. 2 No. 4 Data Protection Act.

In order to achieve such intended goals, we may be required to disclose your data towards the following recipients.

RECIPIENT

PLACE OF BUSINESS (COUNTRY)

BASIS FOR TRANSFERS TO THIRD COUNTRIES

ROXCEL Immobilien GmbH

Austria

Within the EEA

Reception

Austria

Within the EEA

Competent authority and/or competent court (retention for evidence purposes in criminal matters, Sec. 80 and/or 109 et seq. StPO [Code of Criminal Procedure])

Austria

Within the EEA

Security authorities (Sec. 53 para. 5 SPG [Security Police Act])

Austria

Within the EEA

Courts (for the production of evidence in civil matters, Sec 384 et seq. ZPO [Code of Civil Procedure])

Austria

Within the EEA

Insurances (only for handling insured events)

Austria

Within the EEA

Rescue organisations (in cases of emergencies pursuant to Art. 6(1) point (d) GDPR)

Austria

Within the EEA

5. Collection of personal data from other sources than the data subjects themselves (Art. 14 GDPR)

Even if the processing of your personal data is covered by Sections 4.1., 4.2., 4.3., 4.4. or 4.5 and we generally collect the data from you personally, we may also obtain data from other sources in individual cases. Such other sources shall only be information that is publicly available and which we obtain via the internet, Commercial Register, insolvency register, from justice authorities or, in individual cases, from credit agencies.

The data relating to you which we obtain from third parties and store in our systems are limited to contact details (e-mail address, telephone number, postal address), your function in the company, your professional career and your allocation to and/or your responsibility for a certain company (usually your employee or companies in the same group or related thereto for other reasons) if you did not provide such data to us in the course of our communication. Furthermore, we can collect and process data on your creditworthiness to the extent this is required from our perspective to check compliance matters and to ensure that the business transaction is performed.

If you are an applicant, we may also process information that is publicly available about your professional, school or university career. However, we usually ask you directly whether you can provide such information to us if we could not find it in your application documents.

Such processing is based upon our legitimate interest in a full data set concerning your person required for professional communication and performance of the business relationship as well as the application process, depending our relationship with you (Art. 6(1) point (f) GDPR).

 

6. How long will your data be retained?

We will retain data only for as long as necessary for the purposes for which we collected your data:

  • For tax reasons, we retain the contracts and other documents as well as pertaining correspondence arising from our contractual relationship for seven years in general (Sec. 132 BAO [Federal Fiscal Code]). In individual cases, e.g. in the event of pending official procedures, such retention period may exceed seven years.
  • Data about applicants who are not employed are erased seven months after the completion of the application process, unless we obtain a consent that we may keep such data for future reference. Our internal privacy policies for employees which can be requested during the application process apply to applicants who are employed.
  • Data of customers and interested parties are retained for three years after the last contact with such customers and/or interested parties.
  • The data about visitors collected by the reception desk are erased after 30 days.
  • The data collected by means of video surveillance are erased within 72 hours in general. To the extent the image material is accessed where this is required, such data will be erased immediately after the purpose for such access (e.g. investigation of a criminal matter) no longer exists or after a civil, criminal or administrative procedure has been concluded.

 

7. Which rights do you have regarding data processing?

We would like to inform you that you have the right to request information about which data we process about you, at any time. The right of access also includes the right to receive a data copy if this does not impair the rights and obligations of other persons (see Art. 15 GDPR for details). You have the right to request rectification or completion of inaccurate or incomplete data concerning you (see Art. 16 GDPR for details). In general, you have a right to erasure of your data (see Art. 17 GDPR for details). However, such right to erasure shall not apply, for example, to the extent the processing is required for the fulfilment of a legal or contractual obligation. You have the right to request rectification or completion of inaccurate or incomplete data concerning you (see Art. 18 GDPR for details). You have the right to object to any processing your data which is necessary for safeguarding our legitimate interests or the legitimate interests of a third party. In the event of an objection, we will no longer process your data, unless the processing is required for the establishment, exercising or defence of legal claims or we demonstrate compelling legitimate grounds for processing which override your interests (see Art. 21 GDPR for details). In general, you have the right to receive the transmission of personal data provided by you in a structured, commonly used and machine-readable format. However, the right to data portability shall only exist to the extent the processing is based upon your consent or a contract (see Art. 20 GDPR for details).

If you are, in spite of our obligation to process your personal data in a lawful manner, of the opinion that we process your data in violation of legal provisions, please contact us personally so that we can discuss your concerns and provide remedy, where applicable. However, regardless thereof, you have the right to lodge a complaint with the Austrian Data Protection Authority, Wickenburggasse 8, 1080 Vienna, dsb@dsb.gv.at or another data protection supervisory authority in the EU, particularly at your place of residence or place of work.

We hope that by means of this information sheet we are able to clarify in which form and for which purposes we process your data. If you still have any questions on the processing of your data, please contact us via datenschutz@roxcel.com.

ROXCEL Holding GmbH
Thurngasse 10
1090 Vienna
E-mail: 
datenschutz@roxcel.com
Commercial Register Number: FN 267218 v
Commercial Register Court: Vienna Commercial Court
Authority pursuant to the E-Commerce Act: Municipal District Office of the 9. District