Privacy Policy in accordance with Art. 13 GDPR
1 Controller
Responsible according to Art. 4 para. 7 EU Data Protection Basic Regulation (DSGVO) is
VENTREX Automotive GmbH
Johann-Sebastian-Bach-Gasse 1-5
8010 Graz
Phone: +43 316 46 76-0
E-mail: ventrex@ventrex.com
2 The company’s data processing
We process the data that data subjects provide to us through their own statements, for example in the context of an enquiry by e-mail, for the purpose of initiating and concluding a contract or a business relationship.
2.1 Data subjects
We process the following data from interested parties: Company, name of contact person and professional contact and address data.
We process the following data from customers: Company, title and names of contact persons, professional address data and contact data, bank details, contract data.
We process the following data from suppliers and business partners: Company, title and names of contact persons, professional address data and contact data, bank details, contract data.
2.2 Passing on data
Personal data will only be passed on to third parties by us if this is necessary for the purpose of contract processing and contract fulfilment or due to legal regulations.
2.3 Data retention
The data will be deleted by us as soon as storage is no longer necessary or legal retention periods have expired. If the basis of the processing is consent, we restrict the processing or delete the data upon revocation of the consent - unless there are legal provisions to the contrary.
2.4 Contact by e-mail
When you contact us by e-mail, the data you provide will be stored by us on the basis of your consent in order to answer your questions. We delete the data accruing in this context after the processing is no longer necessary or restrict the processing if there are legal retention periods.
2.5 Legal basis
The below points are the legal basis of data processing:
- Initiation and fulfilment of the contract in accordance with Art. 6 para. 1 lit. b GDPR.
- Legal obligations in accordance with Art. 6 para. 1 lit. c GDPR, (for example, legally prescribed storage and documentation obligations).
- Legitimate interests of our company within the meaning of Art. 6 para. 1 lit. f GDPR (e.g. statistical evaluations).
- Art 6 para. 1 lit. a GDPR when obtaining consent (for example when processing image data or for advertising purposes).
3 Data processing via our website
3.1 Contact
If you have asked us to contact you via our web form or if you have sent us a message, then we store the data from you that is necessary to contact you. These are your name, and your Mail address. We process other data if you provide it to us voluntarily. The data will be deleted by us as soon as storage is no longer necessary or you object to the processing.
Legal basis: Art. 6 para. 1 lit. a GDPR
3.2 Applicants
If you send us your application documents, we will process your personal data contained therein as well as your CV and references for the purpose of personnel selection and filling the position. In the event of a rejection, we will delete your documents after the legal retention periods have expired.
Legal basis: Art. 6 para. 1 lit. b GDPR
Should you consent to be kept on record with us for contact at a later date, we will approach you with a separate request to provide consent. If you explicitly give us this consent, we will store your consent. If there is no further opportunity to fill a position with us within one year, we will delete all of your applicant data one year after you have sent us your consent.
Legal basis: Art 6 para 1 lit a GDPR
3.3 Application form
For persons who are interested in working for our company, there is the possibility to apply directly on our website via a form provided there. For this purpose, please create your own user account with your email address and password. Furthermore, we need your title, your first and last name, your e-mail address, your date of birth and your place of residence; voluntarily, you can also provide us with your telephone number. In the further application process, you have the possibility to upload your application documents (e.g., CV). In the event of a rejection, we will delete your documents no later than 7 months after sending the rejection to you.
Legal basis: Art. 6 para. 1 lit. b DSGVO
Should you consent to be kept on record with us for contacting you at a later date, we will approach you with a separate request to transmit consent. If you explicitly give us this consent, we will store your consent. If there is no further opportunity to fill a position with us within one year, we will delete all of your applicant data one year after you have transmitted your consent to us.
Legal basis: Art 6 para 1 lit a DSGVO
4 Data processing when visiting our website
4.1 Informational use of the website
When you use our website for information purposes only, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect at most the data that is technically necessary for us to display our website to you and to ensure its stability and security:
- IP address
- Date and time of the request
- Time zone difference from Coordinated Universal Time (UTC)
- Content of the request (concrete page)
- Access Status/HTTP Status Code
- Website from which the request comes
- Browser
- Operating System and its interface
- Language and version of the browser software.
Legal basis: Art. 6 para. 1 lit. f GDPR
4.2 Cookies
In addition to the data mentioned above, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive in relation to the browser you are using and which provide the party setting the cookie (in this case, us) with certain information. Cookies cannot execute programs or transmit viruses to your computer.
The cookie allows you to be recognized when you visit the website without having to re-enter data that you have already entered previously.
The information contained in the cookies is used, for example, to determine whether you are logged in or which data you have already entered, or to recognize you as a user when a connection is established between our web server and your browser. With most web browsers, cookies are automatically accepted.
By using our websites, you agree to the use of these cookies, as far as cookies are accepted according to your browser settings.
4.2.1 Transient cookies
Transient cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This enables your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.
4.2.2 Persistent cookies
Persistent cookies are automatically deleted after a predefined period of time, which may differ depending on the cookie. You can delete the cookies at any time in the security settings of your browser.
4.2.3 Third-party cookies
These originate from providers other than the website operator. They can be used, for example, to collect information for advertising, custom content, and web statistics.
4.2.4 Browser
Most browsers are set by default to accept all cookies. You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of our website may be limited.
You can remove cookies stored on your PC yourself at any time by deleting the temporary internet files.
Legal basis: Art. 6 para. 1 lit. f GDPR (in the case of technical cookies), Art. 6 para. 1 lit. a GDPR (for all other cookies)
4.3 Data processing in the USA
It cannot be ruled out that personal data will be transmitted to the USA when visiting our website. If this is the case, we will point this out separately in this privacy policy. The GDPR requires so-called appropriate safeguards according to Art. 46 GDPR for a data transfer to a third country or to an international organization. Such guarantees do not exist for the USA.
Possible risks that cannot currently be ruled out for you as a data subject in connection with the aforementioned information are in particular:
- Your personal data may be shared with other third parties (e.g.: US authorities) by the respective service provider beyond the actual purpose of fulfilling the order.
- You may not be able to sustainably assert or enforce your rights of access against the respective service provider.
- There may be a higher probability that incorrect data processing may occur because the technical organizational measures for the protection of personal data do not fully comply with the requirements of the GDPR in terms of quantity and quality.
With your consent to the processing of (advertising and marketing) cookies, you explicitly agree to the transfer of data to the USA. You can remove cookies stored on your PC yourself at any time by deleting the temporary internet files.
Legal basis: Art. 6 para. 1 lit. a GDPR
5 Data processing when using server log files
In order to optimize this website in terms of system performance, user-friendliness, and the provision of useful information about our services, the website provider automatically collects and stores information in so-called server log files that your browser automatically transmits to us. This includes the internet protocol address (IP address) of the requesting computer (including mobile devices), browser and language setting, operating system, referrer URL, your internet service provider and date/time.
This data is not merged with personal data sources. We reserve the right to check this data retrospectively if we become aware of concrete indications of unlawful use and to pass on the data to the law enforcement authorities if there has been a hack attack. The data will not be passed on to third parties beyond this.
Legal basis: Art. 6 para. 1 lit. f GDPR
6 Social media presence
We operate social media sites such as LinkedIn, Xing, YouTube, Facebook, etc. When visiting our social media presence, personal data, including the IP address, is processed and cookies are used for data collection. Which information exactly is transmitted, please refer to the privacy policy of the respective service. There you will also find information about contact options as well as for various settings.
We focus on comprehensive customer satisfaction and use these services primarily to be able to get in touch or to communicate with you. Furthermore, we see it as an additional possibility to our other existing information offers.
In the case of services with a US connection, the data collected is usually sent to a server in the USA and stored there. We have no influence or possibility of control over the type and scope of the data processed by these services, the type of processing and use or the transfer of this data to third parties. For options to restrict the processing of this data in the respective settings of these services, please refer to the detailed descriptions of the privacy statements of the respective providers.
Furthermore, we point out that you use the respective services and their functions on your own responsibility. This applies in particular to the use of interactive functions (for example, sharing, commenting or rating).
7 Data processing for services provided by Google
We have signed a contract with Google Ireland Limited ("Google"), a company incorporated and operated under the laws of Ireland (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland. Nevertheless, it is possible that data may be transferred from Europe to the USA, although we as a company have no influence over this.
Through the use of this service, a transfer of personal data to the USA takes place or cannot be ruled out! - For more details, see 3.5 of this declaration.
Legal basis: Art 6 para 1 lit a GDPR
7.1 Google Tag Manager
To recognize your user behavior, we use so-called Google Tag Manager. The Google Tag Manager is a solution that marketers can use to manage website tags via an interface. The tool itself processes the following personal data: IP address of the user. The tool takes care of triggering other tags, which in turn may collect data. Google Tag Manager does not access this data. Google Tag Manager can set cookies, at least in the administrator's preview and debug mode, but also outside of it. If a deactivation has been made at the domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager.
More detailed information is available here: https://support.google.com/tagmanager/?hl=en#topic=3441530
Legal basis: Art. 6 para. 1 lit. a DSGVO
7.2 Google DoubleClick
The website uses the online marketing tool DoubleClick. To help AdWords customers and publishers serve and manage ads on the web, the Google advertising network and certain Google services may be used. DoubleClick uses cookies to serve ads that are relevant to users, to improve campaign performance reports, or to prevent a user from seeing the same ads more than once. Via a cookie ID, Google records which ads are displayed in which browser and can thus prevent them from being displayed more than once. In addition, DoubleClick can use cookie IDs to record so-called conversions that are related to ad requests. This is the case, for example, when a user sees a DoubleClick ad and later calls up the advertiser's website with the same browser and buys something there. According to Google, DoubleClick cookies do not contain any personal information. Due to the marketing tools used, your browser automatically establishes a direct connection with Google's server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of DoubleClick, Google receives the information that you have called up the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is the possibility that the provider learns your IP address and stores it.
7.3 Google Fonts
We use Google Fonts. Google Fonts is used without authentication and no cookies are sent to the Google Fonts API. If you have an account with Google, none of your Google account data is transmitted to Google during the use of Google Fonts. Google only records the use of CSS and the fonts used and stores this data securely. You can find out more about these and other issues at https://developers.google.com/fonts/faq.
You can find out what data Google collects and what it is used for at https://policies.google.com/privacy?hl=en
7.4 Google APIS /AJAX and JQUERY
To optimize the loading speed, usability and indexing of our website, we use JavaScript technologies as well as corresponding program libraries and CDNs (Content Delivery Networks) from external providers, in this specific case the JavaScript library jQuery from the jQuery Foundation, the program interface Google APIs and the Google AJAX Search API from Google. By calling up our website, these external providers may receive personal information about your visit to our website, in particular through the transmission of your IP address. Processing of this data outside the EU is possible. You can prevent this by installing a JavaScript blocker or disabling JavaScript in your browser. Disabling or blocking JavaScript may result in functional restrictions on Internet pages with JavaScript technologies. For further information on data processing by Google, please refer to Google's privacy policy, currently available at: https://policies.google.com/privacy?hl=en&gl=deand, in the case of jQuery, on the pages of the JS Foundation at: js.foundation/about/governance/privacy-policy.
Legal basis: Art. 6 para. 1 lit. a DSGVO
7.5 Google reCaptcha
We use the Google service reCaptcha to determine whether a human or a computer is making a certain entry in our contact or newsletter form. Google uses the following data to check whether you are a human or a computer: IP address of the terminal device used, the website that you visit with us and on which the captcha is embedded, the date and duration of the visit, the recognition data of the browser and operating system type used, Google account if you are logged in to Google, mouse movements on the reCaptcha areas and tasks that require you to identify images.
8 Data processing for services provided by Facebook
8.1 Facebook Plugins
We operate a Facebook page and have social plugins ("Plugins") of Meta Platforms Ireland Ltd, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland on our website for this purpose. The Plugins are recognizable by one of the Facebook logos (dark gray or black "f" on light gray circle or white "f" on blue tile, or the terms "Like", "Like" or a "thumbs up" sign) or are marked with the addition "Facebook Social Plugin". The list and appearance of Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/.
We have entered into a contract with Facebook Ireland, nevertheless it may happen that Facebook Ireland transfers personal data to Facebook USA.
By using this service, a transfer of personal data to the USA takes place or cannot be excluded! - For more details, see 4.3 of this statement.
When a user calls up a website of this offer that contains such a plugin, his browser establishes a direct connection with the servers of Facebook. Facebook transmits the content of the plugin directly to your browser and integrated by it into the website. We therefore have no influence on the scope of the data that Facebook collects with the help of this plugin and therefore informs users according to its level of knowledge:
The data collected in this way is anonymous for us, which means that we do not see the personal data of individual users. However, this data is stored and processed by Facebook, about which we inform you according to our level of knowledge. Facebook may associate this data with your Facebook account and also use it for its own advertising purposes, according to Facebook's Data Use Policy https://www.facebook.com/about/privacy/. You may allow Facebook and its partners to serve ads on and off Facebook. Furthermore, a cookie may be stored on your computer for these purposes.
Legal basis: Art. 6 para. 1 lit. a DSGVO
8.2 Facebook Pixel
Our website uses Facebook pixels ("Pixel") of the social network Facebook (Meta Platforms Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland) for the analysis, optimization and economic operation of our online offer.
Facebook can use the pixels to determine website visitors as a target group for the display of ads (so-called "Facebook Ads"). Accordingly, we use them to display the Facebook ads placed by us only to those Facebook users who have also shown interest in our online offering or who have certain characteristics (e.g., interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called "Custom Audiences"). The aim is to ensure that our Facebook ads correspond to user interest and do not have a harassing effect. On the other hand, we can use pixels to track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").
Your actions are stored in one or more cookies in the process. These cookies allow Facebook to match your user data (such as IP address, user ID) with your Facebook account data. The data that is collected is anonymous and not visible to us and can only be used in the context of advertisements. If you would like to prevent the linking with your Facebook account, you have the option to log out before taking any action.
We have entered into a contract with Facebook Ireland, nevertheless it may happen that Facebook Ireland transfers personal data to Facebook USA.
By using this service, a transfer of personal data to the USA takes place or cannot be excluded! - For more details, please refer to 4.3 of this statement.
For more information, please refer to Facebook's data policy at https://www.facebook.com/policy.php.
For specific information on Facebook Pixels, please refer to https://www.facebook.com/business/help/742478679120153?id=1205376682832142.
Legal basis: Art. 6 para. 1 lit. a DSGVO
9 Data processing for services provided by Instagram
On our website we use functions of the social media network Instagram of the company Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA.
Through the use of this service, a transmission of personal data to the USA takes place or cannot be excluded! - For more details, see 4.3 of this statement.
With the functions for embedding Instagram content (embed function), we can display images and videos. By calling up pages that use such functions, data (IP address, browser data, date, time, cookies) are transmitted to Instagram, stored and evaluated. Should you - while surfing on our website - be logged into your Instagram account, this data will be assigned to your personal account. The privacy policy, which information Instagram collects and how they use it can be found at https://help.instagram.com/519522125107875/?maybe_redirect_pol=0.
Legal basis: Art. 6 para. 1 lit. a DSGVO
10 Data processing for services provided by LinkedIn
Our website uses functions of the social media network LinkedIn, and we also operate our own LinkedIn profile. The provider is LinkedIn Corporation, 1000 West Maude Avenue Sunnyvale, CA 94085 USA.
Through the use of this service, a transfer of personal data to the USA takes place or cannot be excluded! - For more details, see 4.3 of this statement.
Each time one of our websites containing LinkedIn functions is accessed, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited our web pages with your IP address. If you click on the buttons of LinkedIn and are logged into your account at LinkedIn, it is possible for LinkedIn to assign your visit to our website to you and your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by LinkedIn. For more information on this, please refer to LinkedIn's privacy policy at: https://www.linkedin.com/legal/privacy-policy?.
Legal basis: Art. 6 para. 1 lit. a DSGVO
11 Data processing for services provided by XING
Our website uses functions of the social media network XING, and we also operate our own XING profile. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Each time one of our pages containing XING functions is accessed, a connection to XING servers is established. XING may be informed that you have visited our web pages with your IP address. If you click on the XING buttons and are logged into your XING account, it may be possible for XING to associate your visit to our website with you and your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by XING. Further information on data protection at XING can be found in the data protection declaration at https://privacy.xing.com/en/privacy-policy.
Legal basis: Art. 6 para. 1 lit. a DSGVO
12 Data processing for services provided by YouTube
We operate a YouTube channel and have embedded YouTube videos into our website, which are stored on http://www.youtube.com. When you watch one of our YouTube videos, a connection to YouTube servers is established. This tells YouTube which pages you are visiting. The operating company of YouTube is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
By using this service, a transmission of personal data to the USA takes place or cannot be excluded! - For more details, see 4.3 of this statement.
Further information on data protection at "YouTube" can be found in the privacy policy of the provider at: https://policies.google.com/privacy?hl=en&gl=de.
Legal basis: Art 6 para 1 lit a DSGVO
13 Your rights
You have the following rights in relation to personal data relating to you:
- Right of access, right to rectification and erasure
- Right to restriction of processing
- Right to object to processing
- Right to data portability
Please direct your enquiries and requests by email to ventrex@ventrex.com or contact us using the contact details provided.
If you believe that we have violated Austrian or European data protection law in the processing of your data and that your rights have been infringed as a result, please contact us so that we can clarify any issues you may have.
You also have the right to complain to the supervisory authority, which is the Austrian Data Protection Authority:
Österreichische Datenschutzbehörde
Barichgasse 40-42
1030 Wien
Telephone: +43 1 52 152-0
Mail: dsb@dsb.gv.at
14 Data processing when using hCaptcha
We use hCaptcha from Intuition Machines, Inc. based in the USA on our website. This service makes it possible to distinguish whether a contact request originates from a natural person or is automated by means of a programme.
Through the use of this service, a transfer of personal data to the USA takes place or cannot be ruled out! – Die DSGVO setzt für eine Datenübermittlung in ein Drittland oder an eine internationale Organisation sogenannte geeignete Garantien nach Art. 46 DSGVO voraus. Solche liegen für die USA derzeit nicht vor, da insbesondere US-Geheimdienste auf Ihre Daten zugreifen können, ohne Sie darüber im Vorhinein in Kenntnis zu setzten. Aus diesem Grund hat der Europäische Gerichtshof den früheren Angemessenheitsbeschluss (Privacy-Shield) in der Rechtssache C-311/18 für ungültig erklärt. For more details, see 4.3 of this statement.
For more information, please see the privacy policy of hCaptcha: https://www.hcaptcha.com/privacy.
Legal basis for data processing: Consent pursuant to Art 49 (1) (a) in conjunction with Art 6 (1) (a) DSGVO.
15 Changes to this privacy policy
We reserve the right to modify this privacy policy at any time. Changes to this privacy policy will be published by us on this page. Please refer to the current version of our privacy policy in this regard.
16 Disclaimer
VENTREX Automotive GmbH takes no responsibility for the content of external websites to which links are provided. The operators of the linked sites are solely responsible for their content.