CONTACT US
ASTOTEC - astonishing technologies
Part of orasis
Astotec

This website is operated by Astotec Holding GmbH (FN 107104g), hereinafter referred to as “we”, “us” and “ASTOTEC”, domiciled at Leobersdorfer Strasse 31-33, 2552 Hirtenberg, Austria. In this Privacy Policy, we as the data controller pursuant to Art. 4(7) GDPR explain which data we collect when you visit our website and the purposes for which we process it (Part A). We also inform you how data from our customers, suppliers and prospects is processed for marketing purposes (Part B), and provide a general explanation of the rights and security we offer when processing this data. You will find all the relevant contact information in section C.4 of this Privacy Policy.

Our website contains descriptions of products and services offered by our corporation. This Privacy Policy also applies to the processing of your personal data if you are a customer, supplier or prospect of any of our affiliated companies. These companies are:

  • Orasis Industries Holding GmbH, Leobersdorfer Straße 31-33, 2552 Hirtenberg/ Austria
  • Astotec Holding GmbH, Leobersdorfer Straße 31-33, 2552 Hirtenberg/ Austria
  • Astotec Automotive GmbH, Leobersdorfer Straße 31-33, 2552 Hirtenberg/ Austria
  • Astotec Automotive Hungary Bt., Pápa, Nagysallói u., 8500 Hungary
  • Astotec Automotive Czech Republic s.r.o., Brankovice č.p. 350, 683 33 Brankovice/ Czech Republic
  • Astotec Pyrotechnic Solutions GmbH, Hauptstrasse 1, 2722 Winzendorf/ Austria
  • Astotec Metal Processing GmbH, Leobersdorfer Straße 31-33, 2552 Hirtenberg/ Austria

Since the protection of your personal data is particularly important to us, we adhere strictly to the statutory provisions in the Austrian Data Protection Act (DSG) and the EU General Data Protection Regulation (GDPR) when collecting and processing it.

In this Privacy Policy, we provide detailed information about the scope and purpose of our data processing activities and your rights as the data subject. You are therefore requested to read our Private Policy carefully before continuing to use our website and to give your consent to the processing of your data if applicable.

A. Personal data processing on our website

1. Personal data

 

In principle, you can use our website without providing your personal data. However, different regulations may apply when using individual services; you will be notified separately if this is the case.

 

Except in the case of the cookies described in detail below, we generally only collect and store the data you send us when you enter it into our input masks or actively interact with our website in any other way.

 

Personal data is defined as all information relating to an identified or identifiable natural person. Along with details such as your name, address, telephone number and date of birth, this information also includes your IP address and geolocation data, which can also be used to identify you.

2. Use of cookies
a. If you are using our website solely for information purposes, i.e. if you are not registering for a service or sending us information in any other way, e.g. using a contact form, we will only collect the personal data which your server transmits to our browser. If you wish to visit our website, we will therefore collect the following data, which is technically necessary for us to display the website to you and to guarantee its stability and security as described in Art. 6(1)(f) EU GDPR:

  • IP address
  • Date and time of request
  • Difference between your time zone and Greenwich Mean Time (GMT)
  • Content of request
  • Access status / HTTP status code
  • Volume of data transmitted
  • Website which sent the request
  • Browser used
  • Operating system and user interface
  • Browser software language and version

b. Besides collecting the data mentioned above, first-party and third-party cookies will be stored on your computer when you use our website. These are small text files which are stored on your hard drive in the browser you are using. These cookies send specific information to the party which placed them (in this case, they are placed by ourselves and the third parties listed below). We need these cookies firstly to identify you as a website user, and secondly so that we can track the use of our services. Lastly, we use cookies for marketing purposes, i.e. to analyse your usage of the website and to send you targeted advertising if there is occasion to do so.

In general, a distinction can be made between first-party cookies, third-party cookies and third-party requests.

  • First-party cookies

First-party cookies are stored in your browser by us or by our website so that we can offer you the best possible user experience. Many of these are functional cookies such as shopping basket cookies.

  • Third-party cookies

Third-party cookies are stored on your browser by a third party. Most of these are tracking or marketing tools that are used firstly to analyse your user behaviour and secondly to enable third-party providers to identify you on other websites you visit. Retargeting, for example, is generally based on the functioning of these cookies. Please see our cookie banner to find out exactly which third-party cookies we use.

  • Third-party requests

Third-party requests are all requests you send to third parties through our website or as a user of our website, e.g. when you use plug-ins to interact with social media networks or use services offered by a payment provider. These do not cause cookies to be stored in your browser, but we cannot rule out the possibility that personal data may be sent to these third-party providers when you interact with them. This is why our Privacy Policy contains detailed information on the tools and applications we use.

3. Collection and processing of personal data

We only process personal data other than the data stored by cookies if you communicate this to us voluntarily, e.g. if you register with us, enter into a contractual relationship with us, or contact us for any other reason. This personal data consists solely of contact data and information about why you are contacting us.

We only use the personal data you provide insofar as this is necessary to fulfil the purpose of the processing (e.g. registration, newsletter delivery, order processing, sending information material and advertising, holding a competition, answering a question, enabling access to specific information) and insofar as this is permitted by law (pursuant in particular to Art. 6 GDPR).

Other purposes for which your data may be processed include purchases of products, materials and services, sales of products and services, real estate and machinery leasing, maintenance and servicing following purchases of our products, optimising machinery performance, providing communication channels with our distribution partners, processing and transmitting employee data for payroll accounting purposes, and compliance with record-keeping, information and reporting obligations.

We process applicant data when initiating a contract and for 6 months afterwards in order to be able to defend ourselves against any claims filed by an applicant as the result of a rejection. Provided you give us your consent to do so, we will store your application documents for a period of 3 years in order to maintain our records.

We will provide separate information about the purposes of data processing in special situations such as video surveillance, photos taken and videos recorded at events organised by us etc. when the occasion arises. The same applies to the respective retention period and time limit for erasure.

The purpose for which we process the data we obtain from you as a website visitor is to operate our website and to provide target, company-specific information, including a presentation of our goods and services (marketing). Your data will only be used in any other way if and insofar as you have given your express consent to this. You can withdraw your consent at any time with future effect; a detailed explanation of how to do this is provided below.

4. Storage duration

Data which you make available to us solely for purposes of customer service, marketing and/or providing information is generally stored until three years have expired since our last contact. If requested, we will erase your data before this time limit has expired unless there is a legal obstacle which prevents us from doing so.

In the event of a contact being initiated or concluded, we will process your personal data after the contract has been fully executed until such time as the guarantee, warranty, statutory limitation and statutory retention periods by which we are bound have expired. If necessary, we will continue processing your data until any legal disputes in which the data is required as evidence have been resolved.

5. Newsletter

You have the option to subscribe to our free newsletter. This newsletter is sent at regular intervals and contains all the latest news and information about our company as well as customised advertisements. If you wish to receive our newsletter, you will need a valid e-mail address.

We will check the e-mail address you enter into our registration mask in order to determine whether you actually want to receive our newsletter. We will do this by sending an e-mail to the e-mail address you specified and requesting you to confirm receipt by clicking on the link it contains. Confirming this e-mail will activate your subscription to our newsletter (double opt-in).

When you first register for the newsletter, we will store your IP address and the date and time at which you registered. This is done for security reasons in case a third party makes improper use of your e-mail address and subscribes to our newsletter without your knowledge. We will not collect or process any other data for your newsletter subscription; your data will be used solely to send you the newsletter.

Unless you object, we will transfer your data to other companies in our corporation for analytical purposes and to send information for marketing purposes. Within the corporation, the data you provided when you subscribed to the newsletter will be compared against data which we may have collected for other purposes (e.g. when you purchased an item or booked a service).

The data you provided when you subscribed to the newsletter will not be sent to third parties outside the corporation. You can cancel your subscription to our newsletter at any time; detailed information on how to unsubscribe is provided in the confirmation e-mail and in each newsletter.

6. Tools and applications used
a. We use Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This service uses cookies, the functioning of which has already been explained in detail. When you consent to the use of Google Analytics in our cookie banner, the information regarding your website use generated by these cookies is usually sent to a Google server and stored there.

Google uses this information on our behalf to analyse your use of our website, to compile reports about website activities, and to render other website and internet services for us as the website operator. The IP address transmitted by your browser within the scope of Google Analytics is not combined with other Google data.

You can prevent the cookies used by Google Analytics from being stored on your browser by changing your browser settings accordingly; however, you may then be unable to use all the functions on this website in full. In addition, you can prevent data generated by the cookie referring to your use of the website (including your IP address) from being collected, transmitted and processed by Google by downloading and installing the following add-on: http://tools.google.com/dlpage/gaoptout?hl=en

If you require further information regarding the nature, scope and purpose of the data collected by Google, we recommend you read Google’s privacy policy. https://support.google.com/analytics/answer/6004245?hl=de

Google also processes your data in the USA.

If you consent to the use of Google Analytics, you will also be consenting to the data generated by these plug-ins being used in the USA, if this is applicable (Art. 49(1)(a) GDPR).

This is significant since ECJ case law and recent decisions made by the authorities have determined that the level of data protection guaranteed by the USA is inadequate (C-311/18, Schrems II). It is critical to note that access by U.S. authorities (FISA 0702) is not comprehensively restricted by law, that the approval of anindependent body is not required, and that no significant legal remedies are available if the U.S. authorities access your data in this way. Please take this into consideration when you give your consent.

b. Our website also uses services provided by Google Maps. We can use these to display interactive maps directly on our website subject to your consent, thus enabling you to use the map function as a convenient way to find our location and make your journey easier.

When you visit our website, Google receives the information that you have accessed the corresponding subpage of our website together with the personal data listed in section 2. This occurs regardless of whether you are logged in via a Google account. If you are logged in to Google, your data will be directly linked with your account. If you do not wish this to happen, you must log out of Google before you use this service. Google uses your data for purposes of advertising, market research and needs-based website design. You have the right to object to this use of your data; any such objection must be sent to Google directly.

Further information about the type of data collected and the purpose for which it is collected is provided in Google’s privacy policy; you will find this at https://policies.google.com/privacy?hl=en. Google also processes your data in the USA.

If you consent to the use of Google Maps, you will also be consenting to the data generated by these plug-ins being used in the USA, if this is applicable (Art. 49(1)(a) GDPR).

This is significant since ECJ case law and recent decisions made by the authorities have determined that the level of data protection guaranteed by the USA is inadequate (C-311/18, Schrems II). It is critical to note that access by U.S. authorities (FISA 0702) is not comprehensively restricted by law, that the approval of an independent body is not required, and that no significant legal remedies are available if the U.S. authorities access your data in this way. Please take this into consideration when you give your consent.

c. Our website also uses Google Tag Manager, subject to your consent. Google Tag Manager is a popular tool used to control tags on websites. When using Google Tag Manager, everything can be controlled from statistical scripts or marketing tags which collect data for analytics and advertising, e.g. website page views, button clicks, and user scrolling and behaviour. Google Tag Manager is used to update and optimise websites and their content based on its tracking of user information.

Further information about the type of data collected and the purpose for which it is collected is provided in Google’s privacy policy; you will find this at https://policies.google.com/privacy?hl=en. Google also processes your data in the USA.

If you consent to the use of Google Tag Manager, you will also be consenting to the data generated by these plug-ins being used in the USA, if this is applicable (Art.

49(1)(a) GDPR).

This is significant since ECJ case law and recent decisions made by the authorities have determined that the level of data protection guaranteed by the USA is inadequate (C-311/18, Schrems II). It is critical to note that access by U.S. authorities (FISA 0702) is not comprehensively restricted by law, that the approval of an independent body is not required, and that no significant legal remedies are available if the U.S. authorities access your data in this way. Please take this into consideration when you give your consent.

d. Another tool used for marketing purposes – subject to your consent – is Google Ads Remarketing, a marketing system provided by Google. We can use this tool to place ads which are mainly oriented on the search results obtained when using our services.

Google Ads is Google’s online advertising tool. You can use this tool to create online ads which can be used to market products in line with the customer’s personal interests and preferences

Further information about the type of data collected and the purpose for which it is collected is provided in Google’s privacy policy; you will find this at https://policies.google.com/privacy?hl=en. Google also processes your data in the USA.

If you consent to the use of Google Ads Remarketing, you will also be consenting to the data generated by these plug-ins being used in the USA, if this is applicable (Art. 49(1)(a) GDPR).

This is significant since ECJ case law and recent decisions made by the authorities have determined that the level of data protection guaranteed by the USA is inadequate (C-311/18, Schrems II). It is critical to note that access by U.S. authorities (FISA 0702) is not comprehensively restricted by law, that the approval of an independent body is not required, and that no significant legal remedies are available if the U.S. authorities access your data in this way. Please take this into consideration when you give your consent.

e. We also use Facebook Pixel, provided you have given your consent. Facebook Pixel is an analytical tool which measures the effectiveness of our advertising. It can be used to analyse actions performed by visitors to our website.

Facebook Pixel is a Javascript code which is embedded into websites. It can link user behaviour on websites with Facebook user profiles. It collects data that helps track conversions, optimise advertisements and build target groups.

If you consent to the use of Facebook Pixel, you will also be consenting to the data generated by this feature being used in the USA, if this is applicable (Art. 49(1)(a) GDPR).

This is significant since ECJ case law and recent decisions made by the authorities have determined that the level of data protection guaranteed by the USA is inadequate (C-311/18, Schrems II). It is critical to note that access by U.S. authorities (FISA 0702) is not comprehensively restricted by law, that the approval of an independent body is not required, and that no significant legal remedies are available if the U.S. authorities access your data in this way. Please take this into consideration when you give your consent.

f. Our website also includes links to other websites; these are provided solely for informative purposes. These websites are not under our control and are therefore not covered by the provisions in this Privacy Policy. However, if you click on a link, the operator of this website may collect data from you and process it in accordance with their privacy policy, which may vary from ours. This means you should always consult the current data privacy regulations on websites we have linked.

g. Our website also offers the opportunity to interact with various social media networks via plug-ins. These networks are:

  • Facebook, operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand
    Canal Harbour, Dublin 2, Ireland
  • Linked In, operated by LinkedIn Inc., 2029 Stierlin Court, Mountain View, CA
    94043, USA
  • XING, operated by XING SE, Dammtorstraße 30, 20354 Hamburg, Germany

If you click on a plug-in provided by one of these social media networks, it will be activated and a connection will be established with the respective network server as described above.

If you activate these plug-ins, you will also be consenting to the data generated by these plug-ins being used in the USA, if this is applicable (Art. 49(1)(a) GDPR).

This is significant since ECJ case law and recent decisions made by the authorities have determined that the level of data protection guaranteed by the USA is inadequate (C-311/18, Schrems II). It is critical to note that access by U.S. authorities (FISA 0702) is not comprehensively restricted by law, that the approval of an independent body is not required, and that no significant legal remedies are available if the U.S. authorities access your data in this way.

We have no influence over the scope and content of the data transmitted to the operator of the respective social media network when you click on the plug-in; please note that this data could then be subject to access by the U.S. authorities.

If you wish to find out more about the nature and scope of the data collected by the operators of these social media networks and the purpose for which it is collected, we recommend you read the privacy policy of the respective network.

h. Facebook fan page

We maintain a Facebook fan page at https://www.facebook.com/astotec. The purpose of this fan page is to share information about our company’s activities, carry out marketing measures and provide another channel through which you can communicate with us.

In this context, we are “joint controllers” with Facebook, operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, which places this service at our disposal. In general, Facebook enables you to adjust your settings so that you can select which of your personal data is shared with us. If you do not wish to do this, the personal data of fan page visitors and all information relating to your use of our fan page will be sent to us in anonymised form.

With this in mind, we have concluded a so-called Art. 26 GDPR agreement with Facebook which sets out our reciprocal rights and obligations. You will find it at https://www.facebook.com/legal/terms/page_controller_addendum. We also request that you read Facebook’s privacy policy, which you will find at https://www.facebook.com/policy.php.

In the Art. 26 GDPR agreement which we have concluded with Facebook, Facebook undertakes to act as the first point of contact for data subjects with regard to the processing of Insights data and the fulfilment of the associated tasks and obligations.

You can therefore exercise your rights as the data subject both against us pursuant to section C. 3 of this Privacy Policy and against Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

h. LinkedIn fan page

We operate a LinkedIn fan page at https://www.linkedin.com/company/astotec. The purpose of this fan page is to share information about our company’s activities, implement marketing measures and provide another channel through which you can communicate with us.

In this context, we are “joint controllers” with LinkedIn, operated by LinkedIn Ireland Unlimited Company (Gardner House, 2 Wilton Pl, Dublin 2, D02 CA30, Ireland), which places this service at our disposal In general, LinkedIn enables you to adjust your settings so that you can select which of your personal data is shared with us. If you do not wish to do this, the personal data of fan page visitors and all information relating to your use of our fan page will be sent to us in anonymised form.

We have concluded a so-called Art. 26 GDPR agreement with LinkedIn for this purpose. You will find further information at https://de.linkedin.com/pulse/wie-du- social-media-fanpages-rechtlich-richtig-nutzt-kandelhard (only available in German). We also request that you read LinkedIn’s privacy policy, which you will find at https://www.linkedin.com/legal/privacy-policy (only available in German).

You can therefore exercise your rights as the data subject both against us pursuant to section C. 3 of this Privacy Policy and against LinkedIn Ireland Unlimited Company (Gardner House, 2 Wilton Pl, Dublin 2, D02 CA30, Ireland).

h. Xing fan page

We operate a Xing fan page at https://www.xing.com/pages/astotec-holding-gmbh. The purpose of this fan page is to share information about our company’s activities, implement marketing measures, engage with applicants and provide another channel through which you can communicate with us. In general, Xing enables you to adjust your settings so that you can select which of your personal data is shared with us. If you do not wish to do this, the personal data of fan page visitors and all information relating to your use of our fan page will be sent to us in anonymised form.

We also request that you read Xing’s privacy policy, which you will find at https://privacy.xing.com/en.

B. Processing data from our customers, suppliers and interested parties for marketing purposes

We use personal data from our customers and suppliers (e.g. contact persons, their contact data, information relevant for marketing purposes) not only for the purpose of executing contacts and complying with statutory retention obligations (e.g. accounting) but also for marketing and customer service purposes.

We also collect personal data from interested parties (e.g. contact persons, their contact data, information relevant for marketing purposes) during the course of our acquisition and distribution activities. We are always on the lookout for potential contractual partners in the internet, at trade fairs and at other events and therefore maintain a marketing database to enable us to place targeted advertising for our products and services. All the measures described here are implemented in pursuit of our legitimate interest in marketing pursuant to Art. 6(1)(f) GDPR in conjunction with Recital 47, and last for three years from the time the contractual relationship ends (customers and suppliers) or from the time of our first (fruitless) contact (interested parties) unless the data subject has expressly consented to their data being processed for a longer period.

If we do not collect the personal data required for marketing purposes from the data subject ourselves, we inform the data subject where we obtained their data at the time we first contact them. Based on fiscal and administrative considerations, we have established various companies in Austria and abroad with which we process personal data for marketing and customer service purposes (and other purposes), either jointly or in the context of contract processing relationships. We maintain a joint marketing database with these companies, each of which are themselves data controllers within the meaning of GDPR.

You will find a full list of our affiliated companies at www.astotec.com. If we are required to provide products and services supplied by other companies affiliated with us as part of an ongoing business relationship or in response to an explicit request from an interested party, we will transfer the interested party’s personal data to the companies which supply the products and services of interest in pursuit of our legitimate interest in marketing.

We and each of our affiliates store data for marketing and customer service purposes for a period equivalent to that set out in section A.4.

C. General information on data privacy

1. Data transfer

We do not transfer your data to third parties unless we are legally obligated to do so, the transfer of your data is necessary in performance of a contract concluded between us, or you gave us your express consent to the transfer of your data beforehand. Your data will only be sent to external contract processors or other cooperative partners if this is necessary to perform the contract or if we have a legitimate interest therein, in which case we will always notify you separately. If any of our contract processors come into contact with your personal data, we will ensure that they comply with the provisions set out in the data protection statutes in the same way as we do.

We will not sell or otherwise market your personal data to any third party outside our corporation. If our contract partners or contract processors are based in a third country, i.e. a country outside the European Economic Area (EEA), we will inform you of the consequences thereof in our offer.

2. Security

We have implemented numerous technical and organisational security measures to protect your data from manipulation, loss, destruction and third-party access. Our security measures are regularly upgraded in keeping with the advances made in web technology. If you require further information on the nature and scope of the technical and organisational measures taken by us, we will gladly respond to your written request at any time.

3. Your rights

As a data subject, the General Data Protection Regulation and the Austrian Data Protection Act grant you the following rights and legal remedies:

  • Right of access (Art. 15 GDPR)
    As the subject of the data processing described above and other forms of data processing, you have the right to request information as to whether your personal data is being processed, and if so, which data is being processed.
    For your own protection, i.e. to prevent unauthorised persons from obtaining information about your data, we will check your identity in an appropriate manner before releasing this information.
  • Right to rectification (Art. 16) and erasure (Art. 17 GDPR)
    You have the right to have inaccurate personal data rectified without undue delay and – with due consideration of the purpose of the data processing – to have incomplete personal data completed and to have your data erased provided the criteria set out in Art. 17 GDPR are met.
  • Right to restriction of processing (Art. 18 GDPR)
    You have the right to have the controller restrict the processing of all personal data collected from you provided the statutory requirements are met. Once your request for the restriction of processing has been received, your data will only be processed with your individual consent or to establish and exercise legal claims.
  • Right to data portability (Art. 20 GDPR)
    You have the right to have the personal data you made available to us transmitted to you or a third party without hindrance or restriction.
  • Right to object (Art. 21 GDPR)
    You have the right, on grounds relating to your particular situation, to object to any processing of your personal data which is necessary to pursue our legitimate interests or those of a third party. Once you have exercised your right to object, your data will no longer be processed unless there are compelling legitimate interests for the processing which override your interests, rights and freedoms or your data has to be processed to establish, exercise and defend legal claims. You can object to the processing of your data for direct marketing purposes at any time with future effect.
  • Withdrawal of consent
    If you have given your separate consent to the processing of your data, you may withdraw this at any time. This withdrawal will affect the lawfulness of any processing of your personal data that takes place after you give us notice thereof.

If you take steps to enforce your rights under GDPR as set out above, ASTOTEC must issue a statement regarding the measure requested or comply with your request without undue delay, i.e. within no more than one month of receiving your request.

We will respond to all reasonable requests free of charge and as soon as possible within the framework of the law.

The Austrian Data Protection Authority is responsible for dealing with breaches of your rights to information, secrecy, rectification or erasure. You can contact them at

Österreichische Datenschutzbehörde Barichgasse 40-42

1030 Wien, Austria dsb@dsb.gv.at

4. Contact information / person to contact

a. Contact information for data controller

Astotec Holding GmbH Leobersdorfer Strasse 31-33

2552 Hirtenberg, Austria

Tel.: +43 2256 811 84-0

Fax: +43 2256 818 08

E-mail: holding@astotec.com

b. Contact information for the person responsible for data protection matters

You can contact us at any time through any of the channels available, in particular by sending a message to the e-mail address gdpr@astotec.com specially created for this purpose.

Last updated: February 2022