General Data Protection Regulation
The company Transfer Planconsulting Datentransfer und Anlagenconsulting GmbH, hereinafter referred to as TRANSFER, handles your personal data with great care. The following privacy statement is intended to provide you with an overview of how your data is processed and what measures we take to protect it.
1. Scope
This privacy policy applies to TRANSFER and all of its affiliated group companies.
2. Purpose of Data Processing
TRANSFER processes personal data of employees, partners, customers, and suppliers for the purpose of conducting its business activities and fulfilling related legal and contractual obligations.
2.1 Processing of Customer and Supplier Data
TRANSFER stores and processes the personal data provided by prospective and existing customers for the purpose of preparing offers, handling orders, and fulfilling the associated contractual and legal obligations. To meet legal obligations, this data may also be transmitted to authorities and public institutions.
2.2 Candidates
The contact details and application documents submitted as part of an application process are electronically processed by us for the purpose of selecting suitable candidates for employment and are forwarded to our clients.
In the event of a rejection, application documents will only be stored for future reference if you have given your explicit consent.
Unsolicited applications are forwarded to clients on an ongoing basis for the purpose of candidate selection, based on our legitimate interest. If, as an applicant, you do not agree to this, you may withdraw your consent at any time by contacting datenschutz@transfer.co.at.
2.3 Webseite & Cookies
2.3.1 IP-Adress
When visiting our website, certain information is automatically stored on the web server. This includes the browser used, the operating system, the referring page, the IP address, the time of access, and other technical data. From TRANSFER’s perspective, this data is pseudonymized and cannot be linked to any specific individual without additional information.
TRANSFER does not analyze this data unless there is a suspected unlawful use of the website.
2.3.2 Google-Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses so-called "cookies" – text files that are stored on your device and enable an analysis of your use of the website. The information generated by the cookie about your use of this website (including your IP address) is transmitted to a Google server in the United States and stored there. Google will use this information to evaluate your use of the website, to compile reports on website activity for the website operator, and to provide other services related to website and internet usage. Google may also transfer this information to third parties if required by law or if such third parties process the data on Google’s behalf. Google will not associate your IP address with any other data held by Google. You can prevent the storage of cookies by adjusting your browser settings accordingly. However, please note that in this case, you may not be able to fully use all features of this website. By using this website, you consent to the processing of your data by Google in the manner and for the purposes described above.
Alternatively, you can prevent Google Analytics from collecting your data by clicking the following link. An opt-out cookie will be set that prevents the future collection of your data when visiting this website.
3. Principles of Personal Data Processing
The processing of personal data is based on strict principles that prioritize the protection and security of the data, as well as the rights of the data subjects.
3.1 Lawfulness & Transparency
Data processing is carried out lawfully and in good faith. Data subjects are informed at the time of data collection about the planned processing and handling of their data. At a minimum, the following information is provided:
- Controller of the data processing
- Purpose of the data processing
- Legal basis for the processing
3.2 Purpose Limitation
Data is collected and processed for specified, explicit, and legitimate purposes. Processing shall not take place in a manner that is incompatible with those purposes.
3.3 Data Minimization
Only data that is strictly necessary for the stated purposes is collected and processed. Where possible and reasonable, anonymized data is processed instead of personal data.
3.4 Storage Limitation and Deletion
Personal data is deleted as soon as the original purpose for its collection no longer applies, provided that no legal retention periods prevent deletion.
If, in individual cases, there is a legitimate interest in retaining the data, it will be stored until this interest has been legally clarified.
3.5 Data Security
All personal data is subject to data confidentiality. It must be handled with care and protected by appropriate organizational and technical measures against unauthorized access, unlawful alteration or disclosure, as well as loss or destruction.
3.6 Accuracy
Personal data must be accurate, complete, and up to date. Reasonable steps are taken to correct outdated, incorrect, or incomplete data.
4. Confidentiality Obligation
All employees of TRANSFER and its affiliated group companies are contractually bound to maintain confidentiality. They are regularly instructed and trained on the secure handling of personal data and other sensitive information.
5. Data Security
Protecting the confidentiality, availability, and integrity of data is a key responsibility of TRANSFER. This applies equally to trade secrets, customer data, personal data, and other critical information.
To this end, technical and organizational security measures are implemented in accordance with the latest technological standards, internationally recognized best practices, and security frameworks. These measures are continuously reviewed and improved.
6. Data Protection Officer
TRANSFER is not required to appoint a Data Protection Officer, as Article 37(1) of the EU General Data Protection Regulation (GDPR) does not apply.
However, in line with our strong commitment to data protection, TRANSFER has voluntarily appointed a data protection coordinator. This person serves as the primary point of contact for data subjects and the data protection authority, and is responsible for managing data protection matters within the group.
Contact: datenschutz@transfer.co.at
7. Rights of Data Subjects
Every data subject whose personal data is processed by TRANSFER has the right to invoke and exercise their data subject rights at any time.
To exercise these rights, you may contact us in writing via email at datenschutz@transfer.co.at at any time.
7.1 Right of Access
Data subjects may request information at any time about which personal data concerning them is being processed and for what purposes this processing is carried out.
7.2 Right to Rectification
Data subjects have the right to request the immediate correction of inaccurate personal data concerning them.
7.3 Right to Restriction of Processing
Data subjects have the right to request restriction of processing if the accuracy of the data is contested, the processing is unlawful, the data is no longer required for the original purpose, or the data subject has objected to the processing.
7.4 Right to Object
Data subjects have the right to object to the processing of their personal data at any time.
7.5 Right to Data Portability
Data subjects have the right to receive the personal data concerning them, which they have provided to TRANSFER, in a structured, commonly used, and machine-readable format.
They also have the right to request the transfer of this data to another controller, where technically feasible.
This right applies only to personal data processed by automated means.
Die Übertragbarkeit gilt nur für personenbezogene Daten, die mithilfe automatisierter Verfahren verarbeitet werden.
7.6 Right to Erasure – "Right to be Forgotten"
Data subjects have the right to request the immediate deletion of their personal data if the legal basis for processing is no longer applicable, if they have objected to the processing, if the processing is unlawful, or if there are no legal retention requirements preventing the deletion.
Data security is of high importance in relation to data subject rights. Therefore, the exercise of such rights is only possible once the identity of the data subject has been clearly verified.
Furthermore, you have the right to lodge a complaint with the competent data protection authority at any time.
8. Data Transfers
The transfer of personal data to recipients outside the corporate group, including recipients in third countries outside the EU, is carried out solely in accordance with applicable laws and on a lawful basis, with strict adherence to confidentiality and data security requirements.
As part of group-wide processing activities, personal data may be exchanged between companies within the TRANSFER Group. This exchange is governed by a framework of Binding Corporate Rules, which ensure a consistent standard for data protection and lawful processing.
In certain cases, TRANSFER uses external data processors to carry out processing activities. All such processors are contractually bound by data processing agreements to comply with all applicable data protection laws.
9. Continuous Monitoring and Improvement
Continuous improvement of quality and processes is of great importance at TRANSFER.
Compliance with data protection policies, applicable legal requirements, and the effectiveness of data protection and data security measures are continuously monitored and enhanced in order to ensure optimal implementation of all data protection procedures.