POLYTEC PASSION CREATES INNOVATION

PRIVACY POLICY

POLYTEC HOLDING AG and its affiliates ('POLYTEC GROUP' or 'POLYTEC') complies in the context of its social responsibility, with international data protection regulations, in particular the European General Data Protection Regulation, EU 2016/679 (GDPR) and the corresponding national adaptation laws. The protection of privacy and security of personal data is given special emphasis, as this is the basis for trusting business relationships. The following Privacy Policy provides a complete overview of what type of data POLYTEC processes for what purposes, which principles are respected and which rights a data subject has.

I Scope

This Privacy Policy applies to the processing of personal data by the respective responsible companies in the group of POLYTEC, in particular for the processing of data of employees, customers, investors, contractors, suppliers, consultants and users of the online offer of POLYTEC (data subjects). This Privacy Policy applies in the area of the online offer for the website www.polytec-group.com operated by POLYTEC HOLDING AG. The data subject acknowledges that POLYTEC makes its website available only on the conditions set out in this Privacy Policy and accepts this Privacy Policy by accessing or using a website and when logging in/registering to an online portal. The terms used in this Privacy Policy are understood according to Article 4 GDPR. The term "data subject" is to be understood gender-neutral.

II Data Controller

Data Controller for the website www.polytec-group.com

Name: POLYTEC Holding AG
Street no.: Polytec-Straße 1
Post code, location, country: 4063 Hörsching, Austria
Telephone: +43 7221 701-0
Data protection coordinator: Rafael Mugrauer
Email address: data@polytec-group.com


Data Controller for contact and (pre- and post-) contractual relations with POLYTEC

For reasons of consistency, this Privacy Policy constitutes the entire Privacy Policy for all companies within the POLYTEC GROUP. For the sake of completeness, it is pointed out that in data processing in the context of contractual relationships, the party to the contract is the data controller for the respective data processing. Data Controller may be all group companies as listed under following link POLYTEC GROUP Chart Legal, all of which agree to comply with this Privacy Policy.

III Data Protection Officer

For certain German entities (PCG, PCC, PCSW):

Name: Michael Becker
TÜV Rheinland i-sec GmbH
Street, no.: Dudweiler Str. 17
Post code, location, country: 66111 Saarbrücken, Germany
Telephone: +49 221 56783 601
Email address: Michael.Becker@i-sec.tuv.com
 
For certain German entities (PPG):

VACE Systemtechnik GmbH
Street no.: Linzerstraße 16e
Post code, location, country: 4221 Steyregg, Austria
Telephone: T: +43 732 272277
Email address: dsba@vace.at

IV Principles of processing personal data

The processing of personal data at POLYTEC is based on strict principles, which, with regard to the protection and security of the data and the rights of those concerned, are held to the highest standard while respecting the data protection principles laid down in Art. 5 et seq. GDPR, in particular.

1) LEGACY & TRANSPARENCY

The data processing is carried out legally and in good faith. The data subject will be informed of the collection of the data, the planned processing and handling of the data. Thus, the parties concerned are informed at least about the following points:

  • Person responsible
  • Purpose of the data processing
  • Legal basis of the processing

POLYTEC processes data only if at least one condition of lawfulness within the meaning of Article 6 GDPR is fulfilled, in particular if the data processing

  • is necessary to carry out (pre- or post-)contractual measures, which are carried out at the request of the data subject or necessary for the fulfillment of a contract (Article 6 para 1 lit b GDPR),
  • is required to fulfill one of POLYTEC’s legal obligation (Article 6 para 1 lit c GDPR),
  • is required to protect the overriding legitimate interests of POLYTEC or a third party (Article 6 para 1 lit f GDPR), or
  • is based on the data subject’s explicit consent for one or more specific purposes (Article 6 para 1 lit a GDPR).

POLYTEC processes special categories of personal data within the meaning of Article 9 para 1 GDPR (sensitive data) only on basis of Article 9 para 2 GDPR, in particular if the data is voluntarily provided by the data subject (eg in CVs of job applicants) (Article 9 para 2 (a) and (e) GDPR).

If necessary – e.g. If no other condition stated in Article 6 para 1 lit b-f GDPR or, in the case of sensitive data, a case of Article 9 para 2 GDPR is met, POLYTEC will obtain the explicit consent of the data subject. The data subject has the right to revoke any given consent in whole or in part at any time. The revocation must be addressed to POLYTEC HOLDING AG (contact details see point I.). Although the revocation of the consent is not bound to any particular form, the declaration of revocation in written form (for example letter, e-mail or fax) is recommended for the purposes of proof.

The revocation of the consent leaves the processing of data on the basis of other conditions within the meaning of Article 6 GDPR or - in the case of sensitive data - another case of Article 9 para 2 GDPR and the legality of the basis of the consent until revocation, unaffected.

2) PURPOSE

Data is collected and processed for specified, explicit and legitimate purposes. The processing of the data does not take place in a manner incompatible with these modalities.

3) DATA MINIMIZATION

Data is collected and processed only if absolutely necessary for the stated purposes. When it is possible to achieve the purpose, and the effort is reasonable, only anonymous data will be processed.

4) STORAGE LIMITATION AND DELETION

Data is deleted as soon as the purpose for which it was originally collected expires and statutory retention periods do not prevent deletion. If, in individual cases, there are legitimate interests (Article 6 para 1 lit f GDPR), it will continue to be stored until the interest worthy of protection has legally expired.

5) DATA SECURITY

POLYTEC takes, with regard to the criteria set out in Article 32 GDPR, adequate and appropriate technical and organisational measures for data security and data processing and endeavours to protect the data from unauthorised access, loss, corruption or alteration and ensures that the data is protected against unauthorized or unlawful processing and loss, damage and alteration. In order to protect the security of personal data during transmission, POLYTEC uses state-of-the-art encryption techniques (e.g. SSL) over HTTPS.

V Data processing when using the online offer of POLYTEC

Users can visit the websites of POLYTEC without giving any personal information. Therefore, during the operation of its websites POLYTEC only processes data of a technical nature about every access to the server on which this service is located (server log files) which is automatically processed using cookies (see point 5) and which are considered as personal data or can be used to identify the person or personal data of the data subject (access data). These include, for example, the IP address, unique device identification, type and version of the operating system and the browser, name of the retrieved web page, file, date and time of retrieval, referrer URL (previously visited page) and the requesting provider.
 
POLYTEC does not process this access data for the purpose of identifying the person or personal data of the data subject, but solely for the purpose of providing, customizing, adapting, improving, maintaining, optimizing and further developing the websites (including functions, services, modules and features thereof), for error detection and correction, to maintain the security system and for the purpose of internal statistical evaluation, without any conclusions being drawn on the person or data of the data subject. There is also no profiling within the meaning of Article 4 sub-section 4 GDPR.
 
2) DATA OF REGISTERED USERS OF THE ONLINE PORTAL OF POLYTEC („JOB PORTAL“)

POLYTEC operates online portals on its websites where data subjects can register and optionally create a user account, enabling them - after logging in - to retrieve information and documents online in the closed area (login area) and to take advantage of personalized services and communicate with POLYTEC. When registering for online application portals (‘Job Portal’), the following data is processed: first and last name, address, date of birth, contact and communication data such as telephone number and e-mail address, application letter, CV and related data such as age, gender, place of residence and additional qualifications (eg certificates, diplomas), date of application, correspondence with the applicant, if applicable registration data for application platforms (username, password) as well as further personal data resulting from the documents submitted by the data subject (in particular CVs) (such as eg Photos or confessions) for the purpose of selecting suitable candidates as future employees, submitting other suitable job offers within the POLYTEC GROUP and contacting data subjects. The processing of personal data takes place exclusively for the purposes described above and in accordance with Article 6 para 1 letters a, b and Article 9 para 2 GDPR. To fulfill this purpose, the data will be passed on to eRecruiter (manufacturer and host of the Job Portal) as well as to the relevant POLYTEC GROUP company, which is looking for personnel.
 
As part of the registration and further log-ins and the use of the online portal, POLYTEC processes the IP address and the time of the respective access by the data subject. After successful registration, a user account will be opened for the data subject. The registered data subject can then gain access to the login area of the online portal at any time by entering his login data (username or e-mail address and the password chosen). Data subjects also have the option of changing or deleting the data specified during registration at any time.
 
The user account is protected against access by other persons by the password chosen by the data subject. The data subject is obliged to treat his password confidentially and to ensure with the necessary care that third parties do not gain access to it. A transfer or disclosure of the credentials to the online portal to third parties and / or their authorization to use the user account of the data subject is expressly prohibited. The data subject must not pass on credentials to third parties and must protect them against unauthorized access by third parties, misuse or fraudulent use. The data subject must immediately report to POLYTEC any unauthorized, abusive or fraudulent use of the user account and the suspicion that the user account could be exposed to such a risk and change his password. If there is any suspicion that an account is being used or was being created unauthorizedly, abusively or fraudulently, POLYTEC has the right to temporarily suspend or permanently delete the user account in question without prior notice. The user accounts are not public and cannot be indexed by search engines. Data subjects can delete their user account at any time. In this case, all data concerning the user account will be deleted if and insofar as their retention is not necessary for contractual or legal reasons. It is up to data subjects to save the data before deleting the user account.
 
With the registration data subjects accept that they may be contacted by telephone or by e-mail by POLYTEC employees who are involved with the purpose in order to ensure a smooth application process. The data subject assures to provide all information truthfully. Misrepresentations may lead to dismissal.
 
3) CONTACT VIA THE ONLINE CONTACT FORM OR BY E-MAIL
 
When contacting POLYTEC (per contact form or email) the information provided by the user (company, address, telephone number, contact person, e-mail) is used to process the contact enquiry in accordance with Article 6 para 1 lit b and f GDPR. Legitimate interest exists on basis of processing individual enquiries and provide reliable answers. 
POLYTEC deletes the requests as soon as they are no longer required.
 
4) NEWSLETTER

By clicking on "Register", the data subject agrees according to Art. 6 para 1 lit a GDPR to the personal data, namely name, e-mail address, company name and possibly postal address for the purpose of establishing contact, as well as for sending a newsletter, company magazines, invitations and other information from POLYTEC HOLDING AG processed and stored until deregistration or revocation.
 
With registering for the newsletter, the data provided by the data subject will be used exclusively for this purpose.
Registration for our newsletter is done in a so-called double-opt-in procedure. That means that after registration, the data subject will receive an email asking to confirm the registration. This confirmation is necessary so that nobody can register with external email addresses. The registration for the newsletter will be recorded in order to prove the registration process according to the statutory requirements. This includes the storage of the login and the confirmation time, as well as the IP address. Likewise, changes to the data stored with the shipping service provider will be recorded.
 
The newsletter is sent by mailworx, a software from the company eworx Network & Internet GmbH, Hanriederstraße 25, 4150 Rohrbach-Berg. Hereinafter referred to as "shipping service provider". The Privacy Policy of the shipping service provider can be viewed here: www.mailworx.info/de/datenschutz.

Germany: The sending of the newsletter and the measurement of success are based on the consent of the recipients in accordance with Article 6 para. 1 lit. a, Article 7 GDPR in conjunction with Section 7 para. 2 No. 3 Protection Against Unfair Competition Act or on the basis of the legal permission in accordance with Section 7 para. 3 Protection Against Unfair Competition Act.
 
Austria: The sending of the newsletter and the success measurement are made on the basis of a consent of the recipients in accordance with Article 6 para. 1 lit. a, Article 7 GDPR in conjunction with Section 107 para. 2 Telecommunications Act or on the basis of the legal permission in accordance with Section 107 para. 2 and 3 Telecommunications Act.
 
The logging of the registration process as well as the opening- and click-behavior is based on legitimate interests of POLYTEC in accordance with Article 6 para. 1 lit. f GDPR and serves as proof of consent to the receipt of the newsletter and serves the purpose of being able to send relevant content.
 
Data subjects can cancel the receipt of the newsletter at any time, which means revocation of consent. At the same time, consent for dispatch by the shipping service provider and the statistical analyzes expire. A separate revocation of the shipment by the shipping service provider or the statistical evaluation is unfortunately not possible. A link to unsubscribe to the e-mail newsletter can be found at the end of each e-mail. The data of the data subjects who have registered exclusively for the e-mail newsletter and have canceled this application will be deleted.


​​​​​​​5) WHISTLEBLOWING PORTAL

This section provides information about the processing of personal data that a data subject submits when submitting a whistleblower report, either by email, letter, telephone, via the internal whisleblower portal available in POLYTECs intranet or via the (external) whistleblower portal available on the homepage.


In compliance with legal requirements, the whistleblower system supports POLYTEC in investigating and clarifying whistleblower reports about suspected violations of the law or other serious violations of internal guidelines. The processing of the personal data transmitted by the data subject is carried out in accordance with Article 6 para. 1 lit. f GDPR out of POLYTEC's legitimate interest in immediately remediating all grievances, avoiding potential damage and risks and complying with its own requirements for integrity, legal compliance and responsible behavior.


By entering personal contact details in a non-obligatory manner, the person concerned also agrees, in accordance with Article 6 para. 1 lit. a GDPR, that he/she will be contacted by POLYTEC to process and clarify the whistleblower report and that his/her data will be processed for this purpose. Consent to data processing can be revoked at any time. If it is absolutely necessary for clarifying a matter or a serious grievance, the identity of the person making the report will be disclosed to an authority or a court. In these cases, revocation of consent is only possible to a limited extent, as the data must be stored and therefore processed by POLYTEC during ongoing procedures.


When using the whistleblowing portal, the following personal data is processed, provided that it is submitted by the reporting party on a voluntary basis: name, contact details, if applicable, name and other personal data of persons named in the report. All data is processed exclusively by employees of the legal department as the responsible compliance officer. If absolutely necessary to clarify the information, the data will also be passed on to other employees of the POLYTEC GROUP to the extent necessary. Those employees are, however, obliged to maintain complete confidentiality. All data is always treated confidentially. As far as legally possible, the identity of the reporting party will not be disclosed when the report is clarified and it will also be ensured that no conclusions can be drawn about the reporting party's identity.


Personal data will be retained for as long as is necessary to clarify the reported information and will then be deleted - unless POLYTEC has a legitimate interest or a legal requirement for further processing.


6) COOKIES

POLYTEC uses so called “Cookies” according to Article 6 para 1 lit a GDPR. Cookies are files that are stored locally in the buffer of the internet browser of the data subject and serve in particular to make the website (in particular by recognising the accessing browser) more user-friendly, effective and secure as well as enabling an analysis of the use of the website by the data subject. POLYTEC automatically processes certain data such as IP address, browser used, operating system on the data subject's computer and its connection to the Internet.
 
Cookies cannot be used to launch programs or to transfer viruses to a computer. Based on the information contained in cookies, POLYTEC makes it easier for those affected to navigate and facilitate the correct display of the websites. Under no circumstances POLYTEC will pass on any the data collected to third parties or will establish a link with personal data without the consent of the data subject.
 
Users can also view POLYTEC websites without using of cookies. The data subject has the option of deactivating and/or deleting cookies in the settings of the Internet browser at any time, as well as set the duration of their storage and when they are deleted. The procedure depends on the Internet browser used by the data subjects. However, disabling cookies may result in certain features and/or contents of the website not functioning or functioning as expected.
 
7) INTEGRATION OF SERVICES AND CONTENT OF THIRD PARTIES

a) Youtube

On the websites, POLYTEC embedded YouTube videos for legitimate interest according to Article 6 para 1 lit f GDPR to ensure function and user friendliness of the websites. The corresponding plug-ins are operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When a data subject visits a page with the YouTube plug-in, it will connect to YouTube's servers. YouTube will be informed of which pages a data subject visits. If a data subject is logged into a YouTube account, YouTube can assign the surfing behaviour to the data subject personally. This can be prevented by logging out of the YouTube account beforehand.

If a YouTube video is started, the provider uses cookies that collect information about user behaviour. Anyone who has disabled the storage of cookies for the Google Ad program will not have to expect such cookies when watching YouTube videos. However, YouTube also stores non-personal usage information in other cookies. If a data subject wants to prevent this, the data subject must block the storage of cookies in the browser.

For more information on data protection at "YouTube", please see the Privacy Policy of the provider at https://www.google.de/intl/en/policies/privacy.

b) XING

POLYTEC uses functions of the network XING. Provider is the XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Each time a data subject visits a POLYTEC website that includes Xing features, it connects to XING servers. Personal data is not stored according to POLYTEC’s knowledge. In particular, no IP addresses are stored or the usage behaviour evaluated. The Privacy Policy of XING may be viewed following this link: https://www.xing.com/app/share?op=data_protection.

c) LINKEDIN

In POLYTEC’s online offer POLYTEC uses the marketing functions (so-called "LinkedIn Insight Tag") of the network LinkedIn. Provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, United States. Each time data subjects visit one of our pages that contains LinkedIn functions, it will connect to LinkedIn servers. LinkedIn is informed that a data subjects has visited POLYTEC’s website with a specific IP address. In particular, the LinkedIn Insight Tag allows POLYTEC to analyse the success of campaigns within LinkedIn, or to target groups based on how users interact with POLYTEC’s online offering. If a data subject is registered with LinkedIn, LinkedIn will be able to assign the interaction with POLYTEC’s online offering to the data subject’s user account. Even if the data subject clicks LinkedIn's "Recommend Button" and is logged in to a LinkedIn account, LinkedIn will be able to assign the visit to POLYTEC’s website to a data subject and the user account. LinkedIn is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active). Find Linkedin’s Privacy Policy under following link: https://www.linkedin.com/legal/privacy-policy, opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-Opt-out.

d) Facebook

POLYTEC uses features of the social network Facebook, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland.

Some POLYTEC websites use Facebook plugins as well as Facebook pixels. The user may be presented with interaction elements or content (e.g., videos, graphics, or text contributions) from Facebook. When the user calls a function that contains such a plugin, a direct connection is established with the Facebook servers.

By using the Facebook pixel the visit of this website is communicated to Facebook and the behavior of the visitors is evaluated. This can be used to improve advertisements. The collected data cannot be viewed by POLYTEC, but can at best be used within the scope of advertisements.

With regard to the processing of personal data, we refer to the privacy policy of Facebook, which can be found at the following link: https://www.facebook.com/about/privacy/.

Facebook is certified under the Privacy Shield Agreement, thereby ensuring compliance with European data protection law. Details can be found at the following link: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

e) Links to other websites

POLYTEC uses links to other websites such as Kununu, including own content on social media platforms such as Facebook, Twitter, LinkedIn and YouTube. This privacy policy applies only to the use and disclosure of personal information we collect while you use our website or products. POLYTEC provides these links solely as an additional service. POLYTEC assumes no responsibility for the content of the linked websites. If you click on such a link, you will leave our website and switch to another website. During this process, a third party may collect personal information from you.

f) Google Analytics

POLYTEC’s websites use Google Analytics, a web analytics service provided by Google Inc. Google Analytics uses so-called "cookies", i.e. text files that are stored on a computer and that allow an analysis of the use of the website by a data subject (see point 5.). The information generated by the cookie about the use of a website is usually transmitted to a Google server in the USA and stored there. However, POLYTEC only uses Google Analytics only with active IP-anonymisation on its websites, which means an IP address will be shortened beforehand by Google within member states of the European Union or in other signatory states of the Agreement in the European Economic Area. Only in exceptional cases the full IP address will be sent to a Google server in the USA and shortened there. On behalf of POLYTEC, Google will use this information to evaluate the use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address provided by a browser in the framework of Google Analytics will not be merged with other Google data.

Google is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active).

Data subjects have the possiblilty to anytime deactivate the cookie-settings in the internet browser and/or to delete and enhance settings as to how long cookies may be stored and when they need to be deleted. The procedure depends on the internet browser used. However, disabling cookies may cause some features and content of the websites to fail or not work as expected. Moreover, data subjects can prevent the collection of the data generated by the cookie and related to the use of the website (including IP address) as well as the processing of this data by Google by downloading the browser plug-in available under the following link and installing: https://tools.google.com/dlpage/gaoptout?hl=de.

In addition, or as an alternative to the browser add-on, data subjects can prevent tracking by Google Analytics on POLYTEC’s websites. An opt-out cookie will be installed on the device. This will prevent the collection by Google Analytics for this website and for this browser in future, as long as the cookie remains installed in the browser.

Deactivate the collection of data through Google Analytics​​​​​​​

g) Google Maps

POLYTEC’s websites use Google Maps API to visually display geographic information. When using Google Maps, Google also collects, processes and uses data on the use of map features by visitors. For more information about Google's data processing, please refer to the www.google.com/privacypolicy.html. There data subjects can also change personal privacy settings in the data protection centre.

For detailed instructions on how to manage your own data related to Google products see following link www.dataliberation.org.

h) Google AdWords

POLYTEC’s websites use Google Conversion Tracking. If data subjects have reached the website via an advertisement sent by Google, Google AdWords has set a cookie on a data subject’s computer. The conversion tracking cookie is set when a data subject clicks on an ad delivered by Google. These cookies lose their validity after 30 days and are not used for personal identification. If the data subject visits certain pages on the website and the cookie has not expired, POLYTEC and Google may recognise that the data subject clicked on the ad and was redirected to this page. Each Google AdWords customer receives a different cookie. Thus, cookies cannot be tracked through AdWords advertisers' websites. The information gathered using the conversion cookie is used to generate conversion statistics for AdWords advertisers who have opted for conversion tracking. POLYTEC is told the total number of data subjects who clicked on their ad and were redirected to a conversion tracking tag page. However, they do not receive any information that personally identifies data subjects.

If data subjects do not want to participate in the tracking, they can refuse the required setting of a cookie - for example by a browser setting that generally disables the automatic setting of cookies or sets the browser to block cookies from the domain "googleleadservices.com".

i) Google reCAPTCHA

On the websites POLYTEC uses "Google reCAPTCHA" (hereafter "reCAPTCHA"). Provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.

With reCAPTCHA, POLYTEC wants to check if the data entry on the websites (e.g., in a contact form) is done by a human or by an automated program. For this, reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g., the IP address, the website visitor's visit time on the website, or data subject mouse movements). The data collected during the analysis will be forwarded to Google.

The reCAPTCHA analyses are run completely in the background. Site visitors are not advised that an analysis is taking place.

Data processing takes place on the basis of Article 6 para. 1 lit. f GDPR. The Web site operator has a legitimate interest in protecting its web sites from abusive automated spying and SPAM.
For more information about Google reCAPTCHA and Google's Privacy Policy, please visit the following links: https://www.google.com/intl/en/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.

j) Google Remarketing

POLYTEC’s websites use the remarketing function of Google Inc. This function is designed to present interest-based ads to website visitors within the Google network. A so-called "cookie" is stored in the browser of the website visitor, which makes it possible to recognise the visitor when he or she visits websites that belong to the advertising network of Google. On these pages, visitors may be presented with ads related to content that the visitor previously viewed on web pages using Google's remarketing feature.

According to own information of Google, it does not collect any personal data in this process. However, if a data subject still does not want Google's remarketing function it can always be disabled using the appropriate settings at www.google.com/settings/ads. Alternatively, a data subject can disable the use of cookies for interest-based advertising through the advertising network initiative by following the instructions at www.networkadvertising.org/managing/opt_out.asp.

k) Google Tag Manager

This website uses the Google Tag Manager. Google Tag Manager is a solution that can be used to manage website tags via an interface. Since the Google Tag Manager only implements tags and therefore does not use its own cookies, no personal data is recorded. However, Google Tag Manager triggers other tags, which may collect personal data, but it does not access this data. If deactivation has been carried out at the domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.

l) WiredMinds

POLYTEC uses the tracking technology (Java Script) of WiredMinds GmbH (www.wiredminds.de) on its website to analyze the behavior of its website visitors. Before the visitor behavior is recorded, the IP address of each website visitor is read from the TCP/IP protocol, compared against the company database of WiredMinds GmbH (whitelist procedure) and deleted after the comparison has been made. The IP address is never stored in LeadLab.

The IP address is processed solely for the purpose of being able to assign website visits to an identifiable company without any possible conclusions being drawn about the natural person. The visit behavior of website visitors where the identifiability of a natural person cannot be ruled out is not recorded.

The basis for the processing is the legitimate interest of the client (Art. 6 Para. 1 (f) GDPR) to obtain information about an identifiable company visitor to its website and to optimize its website through the analytical examination of visitor behavior. WiredMinds GmbH uses the information collected on behalf of the client to create anonymous user profiles based on visitor behavior on POLYTECs website. The data obtained in this way is not used to personally identify the visitor to the website.

m) Copyright

The images used on this website are from the following sources:

Bildstadt, Martina Draper, Matthias Witzany, Stefan Klübert, Timo Lutz Werbefotografie, Photo Galerie Seidel by order of POLYTEC
Wiener Börse AG, Jaguar Land Rover, Volvo Group
Fotolia: jack1e (modificated), telmanbigarov (modificated)
Shutterstock: Di Bronzino (modificated),  goodluz (modificated), Nerthuz
Adobe Stock: Dr. N. Lange, Dron, RobbinLee, Dosch Design
iStock: Sven Loeffler

VI Processing data for (pre- and post) contractual relationships

POLYTEC processes master data (e.g. names and addresses as well as contact details of suppliers, customers, consultants and other data subjects), contract data (e.g. services used, names of contact persons, payment information) for the purpose of fulfilling its contractual obligations and services in accordance with Article 6 para. 1 lit b. GDPR and for compliance with legal or regulatory requirements acc. to Article 6 para 1 lit c. GDPR.

VII Processing of visitor's data

POLYTEC (respective visited POLYTEC entity as data controller) processes name, company, time of visit and license plate number from plant and location visitors according to Article 6 para 1 lit f GDPR on basis of legitimate interest and for the purpose of safeguarding of assets and compliance with the parking regulations.

VIII Data processing, data transfer to third countries

In the context of processing, POLYTEC discloses, transmits or otherwise grants access to other persons and companies only only on basis of Article 6 GDPR.

When data processing is carried out on behalf of POLYTEC, it only works with service providers within the meaning of Article 4 sub-section 8 GDPR and provides sufficient guarantees that suitable technical and organisational measures are carried out in such a way that the processing complies with existing standard legislation and the rights of data subjects are protected. For this purpose, POLYTEC enters into appropriate contracts with its data processors which meet the requirements of Article 28 GDPR and respects Articles 44 GDPR for data processors based in non-EU member states (third countries). This means, data processing is done on basis of special guarantees, such as the officially recognized statement of an EU-compliant level of data protectin or officially recognized, special contractual obligations (so called ‘standard contractual clauses’).

A disclosure, transfer or communication of data to natural or legal persons who are neither data processors of POLYTEC, nor authorised to process data under the direct responsibility of POLYTEC or any authorized by data processors (third party), takes place only in accordance Article 6 GDPR or an express request of the data subject to transmit the data processed by POLYTEC directly to another responsible person, insofar as this is technically feasible and insofar as this does not affect the rights and freedoms of other persons.

The processing of data by third parties is not the subject of this Privacy Policy and POLYTEC assumes no liability whatsoever in respect of any liability, responsibility or liability.

IX Data processing, retention and storage periods

POLYTEC does not process and store data on a permanent basis, but only as is required to comply with the deadlines stipulated under the current applicable legislation. However, for at least as long as is necessary for the purpose of carrying out (pre- and post) contractual measures and the fulfilment of the contractual relationship of POLYTEC (including the expiry of any warranty claims and guarantee periods as well as the legal termination of any official or judicial proceedings). Subject to the above circumstances, stored data will be deleted immediately as a result of a legitimate objection, a revocation of consent or termination of the contractual relationship.

Some access data which is not required for the entire duration of the contract, is not stored permanently by POLYTEC, but only temporarily for the duration of the access or the use by the data subject. If and as far as data is processed for the purpose of the anonymous internal statistical evaluation, it is only stored until completion of the evaluation or analysis and then deleted. Session cookies are only stored temporarily for the duration of access or use by the data subject; persistent cookies until the data subject removes them from the browser.

X Rights of data subjects

Any person whose personal data is processed by POLYTEC is a data subject within the meaning of the European General Data Protection Regulation. According to applicable legislation, data subjects have the following rights with regard to the data processed:

  1. Information:
    data subjects can at any time request information about which personal data is processed about them and the purposes of such processing.

  2. Rectification:
    data subjects have the right to demand the immediate rectification of inaccurate personal data concerning them.

  3. Restriction:
    data subjects have the right to restrict processing if the accuracy of the data concerning them is disputed, the processing is unlawful, the data is no longer needed for processing or the data subject has objected to the processing.

  4. Objection: 
    data subjects have the right to revoke at any time the processing of personal data concerning them.

  5. Transferability: 
    data subjects have the right to receive the personal data they have provided to POLYTEC in a structured, common and machine-readable format. They also have the right to request the transfer of this data to another person responsible, if technically feasible. The transferability applies only to personal data that is processed using automated procedures.

  6. Deletion – Right to be Forgotten: 
    the data subject has the right to demand the immediate deletion of personal data concerned if the legal basis for the processing of the data is absent or is cancelled, the data processing is revoked or is unlawful and there are no statutory retention periods that make a deletion impossible.

  7. Identification: 
    data security also has a high priority with regard to the rights of the data subject, which is why the assertion of the rights of the data subject is only possible after the unambiguous identification of the data subject.


​​​​​​​An automated decision-making process (profiling within the meaning of Article 4 sub-section 4 GDPR) does not take place. In addition, the right of appeal exists to the relevant supervisory authority:

​​​​​​​Österreichische Datenschutzbehörde
Street, no.: Barichgasse 40-42
Post code, location, country: 1030 Wien, Austria
Telephone: +43 1 52 152-0
​​​​​​​Email adress: dsb@dsb.gv.at

To claim these rights, please send an email to data@polytec-group.com.

XI Exclusion of liability

Despite all precautions and measures taken by POLYTEC it cannot be ruled out that data losses, corruptions and alterations will occur and the data subject will suffer damage. The provision of online offers by POLYTEC is at the risk and responsibility of the data subject. POLYTEC assumes no responsibility or liability for any damage or consequential loss arising out of or in connection with data loss, damage or alteration, unauthorised and / or manipulative access to or interference with data processing and data communication, or violations of data protection regulations, which was not unlawfully and culpably cause by POLYTEC or its employees.

XII Cooperation with supervisory authorities

POLYTEC is committed to working with the relevant regulatory authorities to handle any complaint regarding the processing of the data which it cannot itself clarify with the data subject.

XIII Amendments to the privacy policy, severability clause

POLYTEC regularly reviews compliance with and the validity of this Privacy Policy and reserves the right to amend or supplement it at any time without giving reason, in particular, but not limited to legislation valid at the time and the interests of the data subject.

Should individual provisions of this Privacy Policy be or become ineffective, this will not affect the validity of the remaining provisions.