PRIVACY POLICY OF SENSONIC GMBH

 

Sensonic GmbH
Bahnhofstraße 57a
4780 Schärding, Austria

At Sensonic GmbH (“Sensonic”), we believe privacy is important. We want you to be familiar with the data that we collect, how we use these data and with whom we share them. This privacy policy applies to all personal data we collect in connection with our corporate website, www.sensonic.com.

What personal data we use

Depending on how you choose to interact with Sensonic’s website, we may collect personal information from you that identifies you as an individual or relates to an identifiable individual (“Personal Data”). Examples include: Sensonic uses the following Personal Data in line with the use purposes explained below:

  • Usage information, pages you browse, read or watch, and otherwise access, and your geographical location; and
  • Your name and email address and any information you choose to provide when you send us a message using our Contact Us website page

We collect information to serve your needs, for example, to enable you to send us a message using our website. If you do not provide the information requested, you may not be able to do so. If you disclose any Personal Data relating to other people to us or to our service providers in connection with our website, you represent that you have the authority to do so and to permit us to use the information in accordance with this privacy policy.

We collect data to manage our content, operate efficiently and improve our website and services.

How we use Personal Data

Sensonic uses Personal Data to provide a safe, efficient and customized experience. For example, we use Personal Data to:

  • Provide the website’s functionality to you, and fulfil your requests
    • To respond to your inquiries and fulfil your requests, when you contact us via one of our online contact forms or otherwise, for example, when you send us questions, suggestions, compliments or complaints, or when you request a quote for or other information about our services.
    • To send administrative information to you, such as changes to our terms, conditions and policies.

We will engage in these activities to manage our contractual relationship with you and/or to comply with a legal obligation.

  • Conduct analyses for business reporting.
    • To analyse or predict our users’ preferences in order to prepare aggregated trend reports on how our digital content is used, so we can improve our services.

We will engage in this activity where we have a legitimate interest.

  • Accomplish our business purposes.
    • For data analysis, for example, to improve the efficiency of our services;
    • For audits, to verify that our internal processes function as intended and are compliant with legal, regulatory or contractual requirements;
    • For fraud and security monitoring purposes, for example, to detect and prevent cyberattacks;
    • For developing new products and services;
    • For enhancing, improving, or modifying our current products and services;
    • For identifying usage trends, for example, understanding which parts of our services are of most interest to users;

We engage in these activities to manage our contractual relationship with you, to comply with a legal obligation, and/or where we have a legitimate interest.

  • Recruitment purposes

In accordance with the General Data Protection Regulation (GDPR), we have implemented this privacy notice to inform you of the types of data we process about you. We also include within this notice the reasons for processing your data, the lawful basis that permits us to process it, how long we keep your data and your rights regarding your data.

A) Data Protection Principles

Under GDPR, all personal data obtained and held by us must be processed according to a set of core principles. In accordance with these principles, we will ensure that:

  • processing is fair, lawful and transparent;
  • data is collected for specific, explicit, and legitimate purposes;
  • data collected is adequate, relevant and limited to what is necessary for the purposes of processing;
  • data is kept accurate and up to date. Data which is found to be inaccurate will be rectified or erased without delay;
  • data is not kept for longer than is necessary for its given purpose;
  • data is processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisation measures; and
  • we comply with the relevant GDPR procedures for international transferring of personal data;

B) Types of data held

We keep several categories of personal data on our prospective employees in order to carry out effective and efficient processes. We keep this data in a personnel file relating to each employee and we also hold the data within our computer systems, specifically, we hold the following types of data:

  • personal details such as name, address, phone numbers, and salary information;
  • name and contact details of your next of kin;
  • your photograph;
  • your gender, marital status, information of any disability you have or other medical information;
  • right to work documentation;
  • information on your race and religion for equality monitoring purposes;
  • information gathered via the recruitment process such as that entered into a CV or included in a CV cover letter;
  • references from former employers;
  • details on your education and employment history etc.
  • driving license; or
  • criminal convictions.

C) Collecting your data

You may provide several pieces of data to us directly during the recruitment period.

In some cases, we will collect data about you from third parties, such as employment agencies, and former employers when gathering references or credit reference agencies.

Should you be successful in your job application, we will gather further information from you, for example, your bank details and next of kin details, once your employment begins.

Personal data is kept in files or within the Company’s HR and IT systems.

D) Lawful basis for processing

The law on data protection allows us to process your data for certain reasons only. The information below categorises the types of data processing we undertake and the lawful basis we rely on.

E) Special categories of data

Under the GDPR ‘Special categories of data are those relating to your:

  • health;
  • sex life;
  • sexual orientation;
  • race;
  • ethnic origin;
  • political opinion;
  • religion;
  • trade union membership; or
  • genetic and biometric data.

We carry out processing activities using special category data:

  • for the purposes of equal opportunities monitoring;
  • in our sickness absence management procedures; or
  • to determine reasonable adjustments.

Most commonly, we will process special categories of data when the following applies:

  • you have given explicit consent to the processing;
  • we must process the data in order to carry out our legal obligations;
  • we must process data for reasons of substantial public interest; or
  • you have already made the data public.

F) Failure to provide data

Your failure to provide us with data may mean that we are unable to fulfil our requirements for entering into a contract of employment with you.

G) Criminal conviction data

We will only collect criminal conviction data where it is appropriate given the nature of your role and where the law permits us. This data will usually be collected at the recruitment stage, however, it may also be collected during your employment. We use criminal conviction data to determine your suitability, or your continued suitability for the role if appointed.

H) Who we share your data with

Employees within our company who have recruitment responsibilities will have access to your data which is relevant to their function. All employees with such responsibility have been trained in ensuring data is processed in line with the GDPR.

Data is shared with third parties for the following reasons: completion of the recruitment process, and reference checking.

We may also share your data with third parties as part of a Company sale or restructure, or for other reasons to comply with a legal obligation upon us. We have a data processing agreement in place with such third parties to ensure data is not compromised. Third parties must implement appropriate technical and organisational measures to ensure the security of your data.

I) Protecting your data

We are aware of the requirement to ensure your data is protected against accidental loss or disclosure, destruction and abuse. We have implemented processes to guard against such issues.

J) Retention periods

We keep your data for as long as we need it, which, in relation to unsuccessful candidates, is twelve months.

At the end of this period, we will delete or destroy your data, unless you have already withdrawn your consent to our processing of your data in which case it will be deleted or destroyed upon your withdrawal of consent.

Where you have provided consent to our use of your data, you also have the right to withdraw that consent at any time. This means that we will stop processing your data and there will be no consequences of withdrawing consent.

If your application is successful, your data will be kept and transferred to the systems we administer for employees. We have a separate privacy notice for employees, which will be provided to you.

K) Automated decision making

Automated decision-making means making decisions about you using no human involvement e.g. using computerised filtering equipment. No decision will be made about you, solely on the basis of automated decision making, which has a significant impact on you.

L) Employee rights

You have the following rights in relation to the personal data we hold on you:

  • the right to be informed about the data we hold on you and what we do with it;
  • the right of access to the data we hold on you. More information on this can be found in the section headed “Access to Data” below and in our separate policy on ‘Subject Access Requests’;
  • the right for any inaccuracies in the data we hold on you, however they come to light, to be corrected. This is also known as ‘rectification’;
  • the right to have data deleted in certain circumstances. This is also known as ‘erasure’;
  • the right to restrict the processing of the data;
  • the right to transfer the data we hold on you to another party. This is also known as ‘portability’;
  • the right to object to the inclusion of any information; and
  • the right to regulate any automated decision-making and profiling of personal data.

In addition to the above rights, you also have the unrestricted right to withdraw, at any time, consent that you have previously provided, to our processing of your data. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent although we may not be able to continue to process your application. However, in some cases, we may continue to use the data where so permitted by having a legitimate reason for doing so.

If you wish to exercise any of the rights explained above, please contact us at privacy@sensonic.com

M) Consent

Where you have provided consent to our use of your data, you also have the right to withdraw that consent at any time. This means that we will stop processing your data.

N) Making a complaint

You have the right to lodge a complaint with a data protection authority for your country or region or where any alleged infringement of applicable data protection law occurs. 

O) Data protection compliance

Sensonic is reinvigorating its data protection processes and committees to help ensure and maintain compliance with this regulation across the group. The Executive responsibility is with the CEO, Christian Pucher and CIO Johannes Nöbauer.

As a new part of this structure, we have appointed a Data Privacy Manager (“DPM”). The DPM ensures that guidelines and instructions are properly implemented and executed, campaigns and projects comply with the GDPR. The DPM is the connector between the day to day business and the governance structure.

P) Cookies

Cookies are electronic placeholders that are placed on your computer by websites to track your individual movements on that website over time. Sensonic uses two types of cookies:

  • Strictly necessary cookies – these cookies are essential so that you can move around the website and use its features. They are session-based and therefore last only for the duration of the user's session. Cookies are used by the Sensonic website to keep track of user sessions to balance the usage of this website on all Sensonic web servers. They are not tied to a specific identity — in general, no identifiable personal information about you is stored by them. However, where this information qualifies as Personal Data, we will treat it as such, and as set out in this privacy policy.

If you do not want a cookie placed on your computer as a result of using the Sensonic website, you can disable the necessary cookies altogether by modifying the preferences section of your web browser. Note that, if you do so, some aspects of Sensonic’s website may be unavailable to you.

Depending on your cookie consent selection of settings upon first visiting the website, Sensonic uses persistent cookies. This type of cookie remains on your hard drive and provides information about the session you are in and waits for the next time you use that site again. This provides useful information to Sensonic, enabling it to recognize repeat users, facilitate the user's access to and use of the site, and allow a site to track usage behaviour, which lets Sensonic make content improvements. Such cookies are used only for this purpose, and they are not used to identify users or to track their usage of other sites.

Depending on your cookie consent selection of settings upon first visiting the Sensonic website, tracking cookies and third-party cookies may be used to process additional information, enable non-core functionalities on the Sensonic website and enable referenced third-party functions (such as some social media "share" link).

Analytical cookies – these cookies are used to provide statistical information about our website – they are used for performance measurement and improvement. They are disabled by default, but if you do choose to accept all cookies, they will be turned on. This category is also known as Analytics. Activities like page visit counting, page loading speed, bounce rate and technologies sued to access the Sensonic website are included in this category. We use Google Analytics to track all those performance metrics.

Q) Google Analytics

Google Analytics is a web analytics service. Web analysis is the gathering, collection and analysis of data about the behaviour of visitors to websites. Among other things, a web analysis service collects data on which website a data subject has come to a website from (so-called referrers), which subpages of the website were accessed or how often and for which period of time a subpage was viewed. A web analysis is mainly used to optimize a website and for the cost-benefit analysis of Internet advertising.

The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Google Analytics uses cookies. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. Google might transfer the personal information collected via this technical procedure to third parties.

In addition, this website uses the Analytics feature UserID to track interaction data. This User ID will be additionally anonymized and encrypted and will not be linked with other data.

You can prevent the storage of cookies by a corresponding setting of your browser software; however, please note that if you do this, you may not be able to use all the features of this website to the fullest extent possible.

In addition, you may prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) by Google as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en

This browser add-on informs Google Analytics via JavaScript that no data and information about website visits may be transmitted to Google Analytics.

In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs.

Further information and Google‘s applicable privacy regulations can be found at https://policies.google.com/privacy?hl=en and https://marketingplatform.google.com/about/ The following link provides a further explanation of Google Analytics https://marketingplatform.google.com/about/.

R) Do Not Track (DNT)

There is currently no standard for how DNT consumer browser settings should work on commercial websites. However, the industry has self-regulatory initiatives designed to provide consumers with a choice in the types of ads they may see online and to conveniently opt-out from online behavioural ads served by some or all of the companies participating in these programs. Our website does not respond to DNT consumer browser settings.

S) External Links Disclaimer

Sensonic's website links to other sites created and maintained by other public- and/or private-sector organizations. Sensonic provides these links solely for your information and convenience. When you transfer to an outside website, you are leaving Sensonic’s domain, and Sensonic's information management policies no longer apply. Sensonic encourages you to read the privacy statement of each external website that you visit before you provide any Personal Data.

T) Security

Sensonic implements commercially reasonable technical and organizational security controls to protect your Personal Data against theft, loss or misuse. Your data will be stored in a secure operating environment that is not accessible without authorization. Sensonic applies mitigation measures following periodic risk assessments to ensure an adequate level of protection of your Personal Data.

Sensonic has put in place appropriate physical, technical and administrative procedures to safeguard and secure the information from loss, misuse, unauthorized access, disclosure, alteration or destruction. Sensonic cannot guarantee the security of information on or transmitted via the internet.

Personal Data about minors and children

Sensonic does not knowingly collect data from or about children under 16. If we learn that we have collected Personal Data from a child under 16, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 16, please contact us at privacy@sensonic.com.

Sensitive Personal Data

Unless we request it, we ask that you not send us, and you do not disclose, any sensitive Personal Data (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the website or otherwise to us.

Cross-Border Data Transfers

Your Personal Data may be stored and processed in any country where we have facilities or in which we engage service providers, and by using our services you understand that your information will be transferred to countries outside of your country of residence, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Data.

Additional Information Regarding the EEA: Some of the non-EEA countries are recognized by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available here:  https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en). For transfers from the EEA to countries not considered adequate by the European Commission, we have put in place adequate measures, such as standard contractual clauses adopted by the European Commission, to protect your Personal Information.

Your right to access Personal Data

In addition to the information that is available on Sensonic's website, you have the right to access the Personal Data that Sensonic holds about you, all subject to the exemptions as contained in applicable laws and regulations. If you request the data, then Sensonic will assist you. Your identity will need to be confirmed before you are provided with access to Personal Data. We ask that you put your request in writing to the address included in the section “Contact us” below, and include the following information:

  • Your full mailing address
  • Names of specific files or types of records to which you request access, including specific dates of those records, where possible

Please provide as much detail as possible.

We will respond to your request consistent with applicable law. You will be notified if access to the records you have requested is granted or denied, and which exemptions apply.

Your right to correct or amend Personal Data

If you believe there is a mistake in your Personal Data, you have a right to ask for the information to be corrected. We may ask you to provide documentation to show where Sensonic's files are incorrect. We will respond to your request consistent with applicable law, will amend the erroneous data without undue delay, and will notify you once the correction you have requested has been completed.

Your right to take Personal Data with you (portability)

You may obtain and reuse the Personal Data held by Sensonic for your own purposes across different services. Sensonic allows you to move, copy or transfer Personal Data easily from one IT environment to another in a safe and secure way, without hindrance to usability. This right applies to your Personal Data held by Sensonic, where the processing was automated and used in the light of our service provision within the contract you have with Sensonic, or where such processing was based on the consent you gave Sensonic for it.

Follow the instructions at "Your Right to Access the Personal Data" and indicate that you wish to obtain the information for reuse purposes, indicating your desire to take the Personal Data with you. We will respond to your request consistent with applicable law.

Your right to be forgotten

Sensonic does not store Personal Data without a predefined and documented purpose. We follow laws that require us to delete Personal Data if the reason for its collection and storage no longer exists. If, however, you wish to have your Personal Data deleted at an earlier date, please contact our privacy team at privacy@sensonic.com. We will respond to your request consistent with applicable law.

Questions or complaints

We encourage anyone who has questions about our use of Personal Data or is interested to raise any concerns about this, to contact us at privacy@sensonic.com or at the address provided in the section "Contact us" below. We will do our best to answer your questions and resolve any complaints and disputes regarding our use of Personal Data. Alternatively, individuals in the EEA have the right to lodge a complaint with a data protection authority for your country or region or where any alleged infringement of applicable data protection law occurs.  A list of data protection authorities is available at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.

Review and ratification

We may occasionally update or modify this privacy policy. To ensure that the importance of this privacy policy is communicated uniformly throughout the enterprise, all members of Sensonic's board of directors will review, update and ratify this privacy policy at least annually.

For material changes to this privacy policy, we will notify you by placing a prominent notice on the home page of our website or, if legally required, by directly sending you a notification. We encourage you to periodically review this privacy policy to stay informed about how we are helping to protect the Personal Data we collect. Your continued use of the service constitutes your agreement to this privacy policy and any updates.

Contact us

Sensonic GmbH is the company responsible for the collection, use and disclosure of your Personal Data under this privacy policy. If you have any questions, please contact us at privacy@sensonic.com or:

Sensonic GmbH
Bahnhofstraße 57a,
4780 Schärding, Austria

Because email communications are not always secure, please do not include credit card or other sensitive information in your emails to us.