Privacy policy

1.1 Words of which the initial letter is capitalized have the same meaning as defined in the GDPR.

We ("Controller", "us") place utmost importance on safeguarding the personal data of our users. As such, we diligently adhere to relevant data protection regulations, including the General Data Protection Regulation (GDPR) and the national legal requirements, throughout the processing of your personal information.

Since we are not required by law, we have not appointed a data protection officer with the data protection authority. Nevertheless, we appointed a data protection coordinator.

Here are his contact details:

Mr Stefan Fankhauser

E-mail: data-protection@trogroup.com

2.1 Trodat Holding GmbH

Linzer Straße 156

4600 Wels

E-mail: data-protection@trogroup.com

Phone: +43 7242 / 239 – 0

3.1 Below you will find out which information we collect, process and use when you visit and use our website www.trodat.net/int/.

3.2 Provision and use of the website

Which data is processed:

Location data: If you are looking for a Trodat location near you, we process the location specified by you (address) in order to display the hits. We delete this information after your website visit.

Technical data: IP address of your device, data and time of the visit, the internet browser used, your operating system, your click behaviour on the website and the website from which you are visiting us.

This personal data can also be collected via cookies (see below).

Retention period: Personal data is only stored for as long as you use our website or as long as we need it to fulfil the purpose.

Legal bases: The legitimate interest (Art 6 para 1 lit f GDPR) and § 165 para 3 Telecommunications Act 2021 serve as the legal basis for data processing on the website.

Who gains access to your data: For the use of the website, the personal data is processed by a processor.

3.3 Electronic contact requests via the website

Which data is processed:

Contact and enquiry data: If you actively contact us (e.g. via e-mail or our contact form), the data and information (name, address, company, enquiry, telephone number, e-mail and content of the enquiry) will be processed.

Purpose: Processing of contact requests via e-mail or the website contact form.

Data Subjects: Website visitors, interested parties, customers, suppliers

Legal bases: The following legal bases serve for data processing on the website: Fulfilment of a contract, necessary for the implementation of pre-contractual measures (Art 6 para 1 lit b GDPR), legitimate interest (Art 6 para 1 lit f GDPR), § 165 para 3 Telecommunications Act 2021

Retention period: We store the data until the request has been answered. If there are statutory retention requirements, processing will be restricted until then.

Who gains access to your data: For the use of the website, the personal data is processed by a processor.

3.4 Cookies

We use cookies, as most websites do. Details and detailed descriptions can be found on our website under the fingerprint at the bottom left of our website www.trodat.net/int/.

3.5 Third-party services

3.4.1 Social media

Purpose: In addition to our website, we are also represented on social networks, in particular Facebook, Instagram, LinkedIn and YouTube, to increase awareness of our company and for marketing purposes. If you visit one of our online websites, personal data may be transmitted to the operator of the social network. Furthermore, the operator can link your profile to ours if you are logged into the respective network.

Data subjects: Visitors to our social media sites

The following data will be processed: Date and time of the actions performed, user ID (only for users who are logged in), location data (country/city), language setting, age/gender group (from the user profile for users who are logged in), previously visited website, type of hardware (computer/mobile device)

Legal bases: Consent (Art 6 para 1 lit a GDPR), legitimate interest (Art 6 para 1 lit f GDPR), express consent (Art 49 para 1 lit a GDPR).

Who gains access to your data: Operator of the visited social media platform

Transfer to third countries: USA: A transfer of the collected information to a third country without an adequate level of data protection safeguards cannot be ruled out.

With your express consent to the processing of cookies, you also agree to the possible processing of your data in the USA.

Details about the specific data collection and processing by the respective operator can be found in the following links:

Facebook https://www.facebook.com/about/privacy/previous

Instagram: https://help.instagram.com/155833707900388

YouTube: https://www.youtube.com/intl/ALL_uk/howyoutubeworks/our-commitments/protecting-user-data/

LinkedIn: https://www.linkedin.com/legal/privacy-policy

3.6 Customer care and marketing for own purposes

Purpose: Processing of own or purchased customer and interested party data for initial business contact regarding our own delivery or service offer as well as for the implementation of advertising measures and newsletter dispatch; customer relation management.

The information on intergroup joint processing activities is provided in Clause 7 Joint processing activities.

Data Subjects: Customers, interested parties

The following data will be processed: Master data

Legal bases: legitimate interest (Art 6 para 1 lit f GDPR), § 174 subparagraph 4 Telecommunications Act 2021,

Retention period: The data may be stored for up to three years after the last contact with the client, unless there are longer contractual or statutory retention periods.

Who gains access to your data: To send the information, the personal data is processed by a processor.

3.7 Customer and supplier management, accounting, logistics and bookkeeping

The provision of your personal data is required to fulfil the contract or implement pre-contractual measures. Without this data we cannot conclude a contract with you.

Purpose: Processing of personal data as part of any business relationships with customers and suppliers in the context of exercising a trade, including systematic recording of all business transactions relating to income and expenses.

Data Subjects: Customers, suppliers

The following data will be processed: Master data, payment information, financial data, bank details

Legal bases: Consent (Art 6 para 1 lit a GDPR), fulfilment of a contract, necessary to carry out pre-contractual measures (Art 6 para 1 lit b GDPR), in particular to contact you within the framework of the business relationship; fulfilment of a legal obligation (Art 6 para 1 lit c GDPR), legitimate interest, in particular defence, exercise and assertion of legal claims (Art 6 para 1 lit f GDPR).

Retention period: Your personal data will be stored by us for as long as is necessary to fulfil our obligations, depending on the necessity until the end of the business relationship or until the guarantee, warranty, statute of limitations and statutory retention periods (especially the tax retention requirements for business letters, invoices and receipts); as well as until the end of any legal disputes in which the data is required as evidence.

Who gains access to your data: If necessary for the fulfilment of the contract, your personal data will be passed on to the companies within the group of companies, or their sales and service partners in the countries concerned so that they can act on our behalf. These include, in particular, the tax office, courts and authorities, suppliers, shipping companies, debt collection companies, banks involved in the payment to those concerned or third parties, legal representatives, chartered accountants.

3.8 Seminars

Purpose: Implementation of seminars, workshops or demo shops

Data Subjects: Interested parties, seminar participants, graduates

The following data will be processed:

Registration data: When you register for seminars, workshops or demo shops, we collect the specified registration data (name, company, address, e-mail, telephone, booked events). If you create stamp layouts using your personal data, this will also be stored.

Legal bases: Consent (Art 6 para 1 lit a GDPR), fulfilment of a contract, necessary to carry out pre-contractual measures (Art 6 para 1 lit b GDPR), in particular to contact you within the framework of the business relationship; fulfilment of a legal obligation (Art 6 para 1 lit c GDPR), legitimate interest, in particular defence, exercise and assertion of legal claims (Art 6 para 1 lit f GDPR).

Retention period: Your personal data will be stored by us for as long as is necessary to fulfil our obligations, depending on the necessity until the end of the business relationship or until the guarantee, warranty, statute of limitations and statutory retention periods (especially the tax retention requirements for business letters, invoices and receipts); as well as until the end of any legal disputes in which the data is required as evidence.

Who gains access to your data: If necessary for the fulfilment of the contract, your personal data will be passed on to the companies within the group of companies, or their sales and service partners in the countries concerned so that they can act on our behalf. These include, in particular, the tax office, courts and authorities, suppliers, shipping companies, debt collection companies, banks involved in the payment to those concerned or third parties, legal representatives, chartered accountants.

3.9 Applicant management

Purpose: Use and record keeping of personal data provided by applicants if this data was provided by the person concerned.

Data Subjects: Applicants

The following data will be processed: Master data, CV, photo

Legal bases: Consent (Art 6 para 1 lit a GDPR), express consent (Art 9 para 2 lit a GDPR) as well as assertion, exercise and defence of legal claims (Art 9 para 2 lit f GDPR) and legitimate interest (Art 10 GDPR in conjunction of § 4 para 3 clause 2 Data Protection Act)

Retention period: Applicant data will be deleted immediately after the advertised position has been filled or after any objection periods against the allocation of the job have expired, unless consent has been given to keep the record. Unsolicited applications are appropriately kept on record until they are revoked by the person concerned.

Who gains access to your data: Applicant data will not be forwarded to external bodies. The information on cross-group joint processing activities is explained in Clause 7.

3.10 Whistleblower system

Purpose: Processing information relating to possible or suspected infringements

Data Subjects: Whistleblower, reported person

The following data will be processed: Master data of the whistleblower, e-mail address, telephone number, if these are disclosed in the report and the personal data of the person named in the tip-off, data on potentially criminal actions by courts and administrative authorities (content data of the tip-off)

Legal bases: § 8 para 3 Austrian Whistleblower Protection Act, Art 6 para 1 lit e GDPR (for the performance of a task in the public interest), Art 9 para 2 lit f GDPR (processing for the assertion, exercise and defence of legal claims) and Art 9 para 2 lit g GDPR (processing based on union law and the law of a member state)

Retention period: 5 years, log data will be retained for 3 years from last use

Who gains access to your data: An internal position has been set up to process tip-offs. A processor is used to operate the whistleblower system. When a report is submitted, a lawyer carries out an initial assessment. If necessary, your data will be transferred to courts and authorities.

4.1 Except in the cases already mentioned...

5.1 We take appropriate technical and organisational security measures within the meaning of Article 5 (1) (f) or Article 32 GDPR in order to protect your personal data against unintentional or unlawful deletion, modification or loss and against unauthorised disclosure or access. In addition, we and our employees are obliged to observe data secrecy.

6.1 Your rights as a data subject

You have a right of access to the personal data we process about you (Art 15 GDPR). You also have the right to have incorrect data corrected and deleted (Art 16 and 17 GDPR). You also have the right to restriction of processing (Art 18 GDPR) and the right to data portability (Art 20 GDPR). For the sake of completeness, we would like to point out that a request for deletion can only be met if there are no statutory retention requirements or other obligations.

6.2 Your right of objection

If the processing of your personal data is based on a balance of interests (Art 6 para 1 lit f GDPR: legitimate interests), you have the right to object to the processing at any time for reasons that arise from your particular situation. If you exercise your right to object, we ask you to explain to us your reasons why we should not process your personal data as we have done. We will check the situation and either stop or adapt the data processing or present you with our compelling legitimate reasons and continue the data processing. We will also continue data processing if it serves to assert, exercise or defend legal claims.

You can object to data processing for the purposes of direct advertising and data analysis at any time. In this case, we will stop processing the data.

6.3 Your right of withdrawal

If you have given us your consent to the processing of your personal data, you can revoke your consent at any time. Your revocation does not affect the legality of the data processing that has taken place up to the revocation.

6.4 Complaint to the supervisory authority

You can also contact the Austrian data protection authority (Barichgasse 40-42, 1030 Wien, phone: +43 1 52 152-0, E-mail: dsb@dsb.gv.at) with a complaint. The data protection authorities of other countries can be found at ec.europa.eu/info/law/law-topic/data-protection/reform/what-are-data-protection-authorities-dpas_de.

If you have questions about your rights or data processing, you can also contact us. Our full contact details can be found under Clause 2.

If companies process personal data jointly, there is joint responsibility if everyone jointly determines the purposes and means of processing. The joint controllers shall conclude an agreement to determine in a transparent manner who fulfils which obligation and shall inform the data subjects of the essential content of the agreement.

7.1 Other intergroup processing of applicant data

7.1.1 Who is involved in the joint processing?

TroGroup GmbH, AUT

Trotec Laser GmbH, AUT

Trodat Holding GmbH, AUT

Trodat GmbH, AUT

Iradion Laser Holding GmbH, AUT

Iradion Laser GmbH, DEU

Trotec Laser Deutschland GmbH, DEU

Trotec Laser Automation GmbH, DEU

Trodat Vertriebs GmbH, DEU

Purpose: Processing of applicant data for business initiation in relation to employment relationships, standardised human resource management.

Data Subjects: Applicants

The following data will be processed: Master data, application data

Retention period: In the case of cross-group vacancies and international job advertisements, we delete the data no later than 12 months after the position has been filled, unless the person concerned has given their consent or there are longer contractual or statutory retention periods. In the case of national advertisements and vacancies, the retention periods are based on national legal requirements.

If you have any questions about your rights or data processing, you can get in touch with the contact person for the data subjects:

TroGroup GmbH

Linzer Straße 156

4600 Wels

data-protection@trogroup.com

The joint controllers have appointed the Austrian data protection authority (Barichgasse 40-42, 1030 Wien, phone: +43 1 52 152-0, E-mail: dsb@dsb.gv.at) as the lead supervisory authority.

The current version of this data protection declaration is available on our website. Questions about an earlier version should be sent to data-protection@trogroup.com.