Privacy policy

Last updated: March 29, 2023

Thank you for your interest in the information on our website!
With the help of this privacy policy, we would like to inform the users of our website about the nature, scope and purposes of the processing of personal data. Personal data in this context is all information with which you can be personally identified as a user of our website (theoretically, possibly via detours or by means of linking various data), including your IP address. Information that is stored in cookies is generally not personal or is only personal in exceptional cases; however, these are covered by a special regulation that makes the permissibility of the use of cookies largely dependent on the user’s active consent, depending on their purpose.
In a general section in this Privacy Policy, we provide you with privacy information that generally applies to our processing of data, including data collection on our website. In particular, you as data subjects will be informed of the rights to which you are entitled.
The terms used in our Privacy Policy and our data protection practices are governed by the provisions of the EU General Data Protection Regulation (“GDPR”) and other relevant national legal provisions.

RESPONSIBLE

ANGER MACHINING GmbH
FN 79383 s
Zaunermühlstrasse 3-5
4050 TraunAustria
E: marketing@anger-machining.com
T: +43 7229 71041-0

DATA COLLECTION ON OUR WEBSITE

All contents of our website are protected by copyright. We expressly permit the use of all data for private, non-commercial use. In case of duplication, the copyrights and property rights of ANGER MACHINING GmbH must be expressly referred to. Content may not be modified in any way and may not be used on other Internet sites or networked computers without written permission. Any use for public or commercial purposes requires the consent of ANGER MACHINING GmbH. Violation of these conditions obligates the immediate destruction of all content. We reserve the right to assert further claims for damages.

APPLICANT

On our website you have the opportunity to find out about vacancies and apply online at the same time.
In doing so, we process your data that you have provided to us as part of an application only for the purpose of and as part of the application process in accordance with the statutory provisions. Insofar as your application relates to a specific job advertisement, we process the data provided only for the purpose of processing it for this specific job. The processing of your applicant data is carried out for the implementation of pre-contractual measures at the request of an applicant in accordance with Art. 6 para. 1 lit. b GDPR.
Beyond the conclusion of the application process for a position, we process your application data only to the extent that this is necessary pursuant to Art. 6 para. 1 lit. f DSGVO is necessary to protect our legitimate interest (e.g. to defend against unjustified claims) or if you expressly consent to the processing of your application data for future job postings in accordance with Art. 6 para. 1 lit. a DSGVO have agreed to. The same applies to unsolicited applications after comparing your application requirements and qualification profile with our job offers.
The absolutely required applicant data are marked as such or result from the respective job description. In addition, applicants may voluntarily provide us with additional information.
By submitting your application to us, you consent to the processing of your data for the purposes of carrying out the application process in the manner and to the extent set out in this Privacy Policy.
Insofar as special categories of personal data within the meaning of Art. 9 para. 1 DSGVO are communicated, their processing is carried out in accordance with Art. 9 para. 2 lit. b DSGVO (e.g. health data, such as severely disabled status) or on the basis of your consent pursuant to Art. 9 para. 2 lit. a DSGVO (e.g. health data, insofar as this is necessary for the assessment of suitability to exercise the profession).
We point out that the processing of special categories of personal data may entail increased risks for the rights and freedoms of data subjects. Insofar as the processing of special categories of personal data is carried out by us, this is done exclusively for the purpose of checking suitability for the exercise of the profession and we will provide further information on this separately.
The data provided to us in an online form is transmitted to us in encrypted form in accordance with the state of the art. Furthermore, you can also send us your application by e-mail. However, we would like to point out that e-mails are generally not sent in encrypted form and that you would have to provide encryption yourself in order to ensure optimum security.
The data you provide may be further processed by us for the purposes of the employment relationship in the event of a successful application. Otherwise, if the application for a job offer is unsuccessful, the applicants’ data will be deleted after the expiry of the statutory periods or, if you have expressly consented to longer-term storage for a specific purpose, after the expiry of this period.
Unless you have given your consent for us to store your data for a longer period, it will be deleted after a period of seven months so that we can answer any follow-up questions about the application and meet our obligations to provide evidence under the Equal Treatment Act. Invoices for any reimbursement of travel expenses are archived in accordance with tax law requirements.

COOKIES AND LOCAL STORAGE

We use cookies on our website to make our internet presence more user-friendly and functional. Some cookies remain stored on your terminal device.
Cookies are small data packets that are exchanged between your browser and the/our web server when you visit our website. These do not cause any harm and only serve the recognition of the website visitors. Cookies can only store information supplied by your browser, i.e. information that you yourself have entered into the browser or that is present on the website. Cookies cannot execute code and cannot be used to access your terminal device.
The next time you visit our website with the same terminal device, the information stored in cookies may subsequently be sent back either to us (“first-party cookie”) or to a third-party web application to which the cookie belongs (“third-party cookie”). Through the stored and returned information, the respective web application recognizes that you have already called up and visited the website with the browser of your end device.

Cookies contain the following information:

  • Cookie name
  • Name of the server from which the cookie originally originated
  • Cookie ID number
  • A date when the cookie is automatically deleted
  • Depending on their purpose and function, we divide cookies into the following categories:
  • Technically necessary cookies to ensure the technical operation and basic functions of our website. This type of cookie is used, for example, to maintain your settings while you navigate the website; or they can ensure that important information is retained throughout the session (e.g. login, shopping cart).
  • Statistics cookies to understand how visitors interact with our website by collecting and analyzing information anonymously only. In this way, we gain valuable insights to optimize both the website and our products and services.
  • Marketing cookies to set targeted advertising activities for users:inside our website.
  • Unclassified cookies are cookies that we are currently trying to classify together with individual cookie providers.

Depending on the storage period, we also divide cookies into session and permanent cookies. Session cookies store information used during your current browser session. These cookies are automatically deleted when you close the browser. No information remains on your end device. Persistent cookies store information between two visits to the website. Based on this information, you will be recognized as a returning visitor on your next visit and the website will respond accordingly. The lifetime of a persistent cookie is determined by the cookie provider.
The legal basis for the use of technically necessary cookies is based on our legitimate interest in the technically flawless operation and smooth functionality of our website pursuant to Art 6 para. 1 lit. f GDPR. Our website cannot function properly without these cookies. The use of statistics and marketing cookies requires your consent pursuant to Art 6 para. 1 lit. a GDPR. You can withdraw your consent to the use of cookies in accordance with Art 7 para. 3 DSGVO at any time for the future. The consent is voluntary. If it is not granted, no disadvantages will arise. For more information about the cookies we actually use (in particular, their purpose and storage period), please see this Privacy Policy and the information about the cookies we use in our Cookie Banner.
You can also set your Internet browser to generally prevent cookies from being saved on your end device or to ask you each time whether you agree to cookies being set. Once cookies have been set, you can delete them at any time. You can find out how all this works in detail in the help function of your browser.
Please note that a general deactivation of cookies may lead to functional restrictions on our website.
On our website, we also use so-called local storage functions (also called “local storage”). In the process, data is stored locally in the cache of your browser, which continues to exist and can be read even after you close the browser – as long as you do not delete the cache or it is the session storage.
Third parties cannot access the data stored in the local storage. As far as special plugins or tools use the local storage functions, this is described with the respective plugin or tool.
If you do not want plugins or tools to use local storage features, then you can control this in the settings of your respective browser. We would like to point out that this may result in functional restrictions.

GOOGLE ANALYTICS

Purpose: StatisticsReceiving country: USA
On our website, we use the functions of the web analysis service Google Analytics to analyze user behavior and to optimize our website. The provider of this service is Google Ireland Limited, Barrow Street, Dublin 4, Ireland (“Google”).
ATTENTION! Within the scope of this service, data transfer to the USA takes place or cannot be ruled out. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of data protection in the case of data transfer to the USA and that there are therefore various risks (such as possible access by US intelligence services, among others).
Google Analytics uses cookies, which allows an analysis of the use of our website.
Information about the use of the website such as browser type/version, operating system used, the previously visited page, host name of the accessing computer (IP address), time of server request are usually transmitted to a Google server and stored there. We have concluded a contract with Google for this purpose.
On our behalf, Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. According to Google, the IP address transmitted by your browser is not merged with other Google data.
We use Google Analytics only with IP anonymization enabled by adding the code “anonymizeIP” to this website. This guarantees the masking of your IP address so that all data is collected anonymously. Only in exceptional cases is the full IP address transmitted to a Google server and shortened there.
During the website visit, the following data is collected, among others:

  • the pages you have called up, your “click path
  • Achievement of “website goals” (conversions, e.g. newsletter sign-ups, downloads, purchases)
  • Your user behavior (for example, clicks, dwell time, bounce rates)
  • Your approximate location (region)
  • Your IP address (in shortened form)
  • technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
  • Your Internet provider
  • the referrer URL (via which website / via which advertising medium you came to our website)

The data about the use of our website will be deleted immediately after the end of the retention period set by us in each case. Google Analytics gives us the following options for the retention period: 14 months, 26 months, 38 months, 50 months, do not delete automatically. You can ask us at any time for the current retention period set by us.
The processing of your data with the help of Google Analytics is based on your express consent within the meaning of Art 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future.
In addition, you can prevent the collection of data by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout
Here you can find out where exactly Google data centers are located: https://www.google.com/about/datacenters/inside/locations/
For more information about Google’s use of data, settings and opt-out options, please see Google’s privacy policy at https://policies.google.com/privacy.
The data processing terms and conditions for Google products and the standard contractual clauses for data transfers to third countries can be found at https://business.safety.google/adsprocessorterms/.

GOOGLE TAG MANAGER

Our website uses the Google Tag Manager service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

ATTENTION! Within the scope of this service, data transmission to the USA takes place or cannot be ruled out. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of data protection in the case of data transfer to the USA and that there are therefore various risks (such as possible access by US intelligence services, among others).

When you start Google Tag Manager, your browser connects to Google’s servers. These are mainly found in the USA. This gives Google knowledge that our website was accessed via your IP address. Here you can find out where exactly Google data centers are located: https://www.google.com/about/datacenters/inside/locations/

Tag Manager is a service that allows us to manage website tags through an interface. This allows us to include code snippets such as tracking codes or conversion pixels on websites without interfering with the source code. In this case, the data is only forwarded by the tag manager, but neither collected nor stored. The Tag Manager itself is a cookie-less domain and does not process any personal data, as it serves purely to manage other services in our online offering. In any case, this constitutes a legitimate interest based on Art. 6 para. 1 lit f DSGVO. The Tag Manager takes care of resolving other tags, which in turn may collect data. However, the Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, it will remain for all tracking tags implemented with Tag Manager.
To prevent this service, you can install a JavaScript blocker. However, this may cause the website to stop working as usual.

Further information on data protection can be found on the following Google web pages:
Privacy Policy: https://policies.google.com/privacy FAQ Google Tag Manager: https://www.google.com/intl/de/tagmanager/faq.html Terms of Use Google Tag Manager: https://marketingplatform.google.com/intl/de/about/analytics/tag-manager/use-policy/ Google Ads Data Processing Terms including Standard Contractual Clauses for Third Country Transfers: https://business.safety.google/adsprocessorterms/

HOSTING

As part of the hosting of our website, all data to be processed in connection with the operation of our website is stored. This is necessary to enable the operation of the website. We therefore process the data accordingly on the basis of our legitimate interest pursuant to Art 6 para. 1 lit. f DSGVO in the optimization of our website offer. To provide our online presence, we use the services of web hosting providers to whom we provide the above-mentioned data as part of order processing pursuant to Art 28 DSGVO.

CONTACT

When contacting us, your data will be used for the processing of the contact request and its handling in the context of the fulfillment of pre-contractual rights and obligations pursuant to Art. 6 para. 1 lit. b DSGVO used. The processing of your data is necessary for the handling and answering of your request, otherwise we will not be able to answer your request or at best only to a limited extent. The information may be used on the basis of our legitimate interest according to. Art 6 par. 1 lit. f DSGVO on direct marketing are stored in a customer and prospect database.

We will delete your inquiry and your contact data, provided that your inquiry has been conclusively answered and the deletion does not conflict with any legal retention periods, e.g. in the context of a subsequent contract processing. This is usually the case if there has been no contact with you for three years in a row.

NEWSLETTER

On our website we offer the possibility to register for a newsletter. Our newsletter contains information about our products or services as well as accompanying information, offers or promotions.
The consent to our newsletter takes place in a so-called double opt-in process. I.e. after registration you will receive an email asking you to confirm your registration. This confirmation is necessary so that no one can log in with a foreign e-mail address. Subscriptions to the newsletter are processed in accordance with Art 6 para. 1 lit. f DSGVO on the basis of our legitimate interest in traceability. This includes the storage of the login and confirmation time, as well as the IP address. Likewise, the changes to your stored data are logged.

The newsletter is sent on the basis of your consent in accordance with. Art. 6 par. 1 lit. a DSGVO or, if consent is not required, on the basis of our legitimate interests in direct marketing for similar products and services pursuant to Art. 6 para. 1 lit. f GDPR. However, we will only send a newsletter without your consent if we have already received your email address in connection with another order, the newsletter relates to similar products or services of ours, and you had the opportunity at the time your contact data was collected to prohibit its use for marketing purposes and did not object to this. In the context of sending the newsletter, we also process your response behavior on the basis of our legitimate interest pursuant to Art. Art 6 par. 1 lit. f GDPR.

You can unsubscribe from receiving our newsletter at any time by revoking your consent with effect for the future pursuant to Art. 7 para. 3 DSGVO or object to the processing. You will find an option for this in the respective newsletter itself or simply contact us by email. In the event of a revocation or objection, we may use your e-mail address for up to three years on the basis of our legitimate interests pursuant to Art. Art 6 par. 1 lit. f DSGVO before we delete them, in order to be able to prove consent formerly given by you.

SERVER-LOG-FILES

For technical reasons, in particular to ensure a functional and secure Internet presence, we process technically necessary data about accesses to our website in so-called server log files, which your browser automatically transmits to us.

The access data we process includes:

  • Name of the retrieved website
  • browser type used incl. Version
  • Operating system used by the visitors
  • the previously visited page of the visitor(s) (referrer URL)
  • Time of the server request
  • Data volume transferred
  • Host name of the accessing computer (IP address used)

This data is not assigned to any natural person and is only used for statistical evaluations and for the operation and improvement of our website as well as for the security and optimization of our Internet offering. This data is only transmitted to our website hoster. This data is not linked or merged with other data sources. If there is any suspicion of illegal use of our website, we reserve the right to check this data retrospectively. The data processing is based on our legitimate interest pursuant to Art 6 para. 1 lit. f DSGVO in the technically error-free presentation and optimization of our website.
The access data is deleted shortly after the purpose has been fulfilled, usually after a few days, unless further storage is required for evidence purposes. Otherwise, the data will be retained until final resolution of an incident.

SSL ENCRYPTION

For your visit to our website, we use the widespread SSL (Secure Socket Layer) procedure in conjunction with the highest encryption level supported by your browser. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the status bar of your browser. The use of this procedure is based on our legitimate interest according to. Art 6 par. 1 lit. f GDPR on the use of appropriate encryption techniques.
In addition, we use suitable technical and organizational security measures in accordance with. Art 32 DSGVO to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments and kept state of the art.

WEBCARE

In order to obtain privacy-compliant consent for the use of cookies and tools on our website, we use DataReporter WebCare’s Consent Banner. This is a service provided by DataReporter GmbH, Zeileisstraße 6, 4600 Wels, Austria (“DataReporter”).
For more information about this company, visit www.datareporter.eu. The Consent Banner captures and stores the decision of each user of our website. It is guaranteed by our Consent Banner that statistical and marketing cookies are only set when the user has given his explicit consent to their use.
For this purpose, we store information on the extent to which the user has confirmed the use of cookies. The user’s decision can be revoked at any time by accessing the cookie setting and managing the consent form. Existing cookies are deleted after revocation of consent. A cookie is also set to store information about the status of the user’s consent, which is indicated in the cookie details. Furthermore, the IP address of the respective user is transmitted to DataReporter servers when this service is called up. The IP address is neither stored nor associated with any other data of the user, it is only used for the correct execution of the service. The use of the above data is therefore based on our legitimate interest in the legally compliant design of our website pursuant to Art. 6 para. 1 lit. f GDPR.
For more information, please see DataReporter’s privacy policy at https://www.datareporter.eu/de/privacystatement.html. Please feel free to direct inquiries about this service to office@datareporter.eu.

WEBCARE PROOF OF CONSENT

On our website, we have enabled the WebCare Proof of Consent feature. Provider of the Service is DataReporter GmbH, Zeileisstraße 6, 4600 Wels, Austria (“DataReporter”).
The Consent Evidence feature on WebCare allows us to both evidence consent from users of our website via our Consent Banner, as well as provide users themselves with transparency and traceability of their personal consent history.
Through this feature, a unique Consent ID is generated for each user and any action involving consent or revocation via our Consent Banner is recorded in conjunction with the Consent ID. The history of the user’s decisions is stored in a protected memory area and can be viewed by the user himself at any time. For us as a website operator, an assignment of a history to a specific person can only take place after knowledge of the respective Consent ID.
Each action on a user’s Consent Banner is kept for 60 days and then automatically deleted. The location for the proof of consent is Frankfurt / Germany (EU). No logs are kept on the server that store the IP or other personal data, except for the Consent ID and the data about the actions.
The use of this function is based on our documentation and accountability obligations according to Art 5 DSGVO. We assume that these obligations to provide evidence of the consent of data subjects will be further strengthened in view of the expected ePrivacy Regulation in the online sector.
You can find more information about this function in the help of the provider at: https://help.datareporter.eu/docs/webcare/webcare_consent_conserve/
For further information on data protection, please visit: https://www.datareporter.eu/de/privacystatement.html

WEBCARE STATISTICS

On our website we have activated the WebCare Statistics function. The provider of this service is DataReporter GmbH, Zeileisstraße 6, 4600 Wels, Austria (“DataReporter”).
The statistics function at WebCare allows us to collect in an anonymous way the interactions of the users of our website with our Consent Banner. The statistics only record whether the Consent Banner was opened and what actions were performed (purposes of consent, revocation). Only statistical data and no activities related to the specific user are stored. The visitor’s IP address is only used for the purpose of the connection and is completely deleted after the connection is terminated.
The use of the WebCare statistics function is based on our legitimate interest in reviewing the performance of our Consent Banner and the related usability and accessibility of our online offering.
The statistics data is stored for 30 days, older data is automatically deleted.
You can find more information about this function in the help of the provider at: https://help.datareporter.eu/docs/webcare/webcare_consent_statistic/
For further information on data protection, please visit: https://www.datareporter.eu/de/privacystatement.html

YOUTUBE

Purpose: External mediaReceiving country: USA
On our website we use the service “YouTube” to embed videos. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“YouTube”).
ATTENTION! Within the scope of this service, data transmission to the USA takes place or cannot be ruled out. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of data protection in the case of data transfer to the USA and that there are therefore various risks (such as possible access by US intelligence services, among others).
We have activated the extended data protection mode on YouTube. According to YouTube, this mode causes YouTube not to store information about visitors to this website before they watch a video. However, the disclosure of data to YouTube partners is not excluded by the extended data protection mode.
As soon as you start a YouTube video, a connection to YouTube’s servers is established. This gives YouTube knowledge of which of our pages you have visited. If you are logged into your YouTube account, you thereby enable YouTube to assign your surfing behavior directly to your personal profile. This can be prevented by logging out of your account.
Furthermore, YouTube may store various cookies on your end device after starting a video or use comparable technologies (e.g. device fingerprinting). YouTube also uses the local storage on your end device. In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience, and prevent fraud attempts.
YouTube is used in the interest of an appealing presentation of our website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent was requested, the processing is based exclusively on Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time for the future.
The applicable YouTube privacy policy can be found at: https://www.google.com/policies/privacy/, opt-out option: https://adssettings.google.com/authenticated

GENERAL INFORMATION ON DATA PROTECTION

The following provisions apply in their principles not only to data collection on our website, but also generally to other processing of personal data.

PERSONAL DATA

Personal data is information that can be assigned to you individually. Examples include, but are not limited to, your address, name, and mailing address, email address, or phone number. Information such as the number of users who visit a website is not personal data, because it does not allow attribution to an individual person.

LEGAL BASES FOR THE PROCESSING OF PERSONAL DATA

Unless more specific information is provided in this Privacy Policy (e.g., for the technologies used), we may process personal data from you on the basis of the following legal grounds:

  • Consent according to Art. 6 para. 1 lit. a GDPR – The data subject has given consent to the processing of his/her personal data for one or more specific purposes.
  • Contract fulfillment and pre-contractual measures according to Art. 6 para. 1 lit. b DSGVO – The processing is necessary for the performance of a contract to which the data subject is party or for the performance of pre-contractual measures.
  • Legal obligation according to Art. 6 para. 1 lit. c DSGVO – Processing is necessary for compliance with a legal obligation.
  • Protection of vital interests according to Art. 6 para. 1 lit. d GDPR – Processing is necessary to protect the vital interests of the data subject or another natural person.
  • Legitimate interests according to Art. 6 para. 1 lit. f DSGVO – Processing is necessary for the purposes of protecting the legitimate interests of the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

Please note that in addition to the provisions of the GDPR, national data protection regulations in your or our home country may apply.

TRANSMISSION OF PERSONAL DATA

Your personal data will not be transferred to third parties for purposes other than those listed in this privacy policy.
We will only share your personal information with third parties if:

  • You have provided us with your personal data in accordance with Art. 6 para. 1 lit. a DSGVO have given express consent to this,
  • the disclosure pursuant to Art. 6 para. 1 lit. f DSGVO is necessary for the protection of legitimate interests and for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data,
  • for the transfer according to Art. 6 para. 1 lit. c DSGVO a legal obligation exists, as well as this is legally permissible and / or
  • it in accordance with Art. 6 para. 1 lit. b DSGVO is necessary for the processing of contractual relationships with you.

COOPERATION WITH CONTRACT PROCESSORS

We carefully select our service providers who process personal data on our behalf. If we commission third parties with the processing of personal data on the basis of a contract processing agreement, this is done in accordance with Art. 28 DSGVO.

TRANSMISSION TO THIRD COUNTRIES

If we process data in a third country or do so in the context of using third-party services or disclosing or transferring data to other persons or companies, this will only be done on the basis of the legal grounds outlined above for the transfer of data.

Subject to explicit consent or contractual necessity, we process or have processed the data in accordance with Art. 44-49 GDPR only in third countries with a level of data protection recognized as adequate or on the basis of special guarantees, such as a contractual obligation by so-called standard contractual clauses of the EU Commission, the existence of certifications or binding internal data protection rules.

DATA TRANSFER TO THE USA / DISCONTINUATION OF THE PRIVACY SHIELD

We would like to expressly point out that as of July 16, 2020, due to a legal dispute between a private individual and the Irish supervisory authority, the so-called “Privacy Shield”, an adequacy decision of the EU Commission pursuant to Art 45 GDPR, which confirmed an adequate level of data protection to the USA under certain circumstances, is no longer valid with immediate effect.
The Privacy Shield is therefore no longer a valid legal basis for the transfer of personal data to the USA!
If a data transfer by us to the USA takes place at all or if a service provider based in the USA is used by us, we explicitly refer to this in this privacy policy (see in particular the description of the technologies on our website).
What can the transfer of personal data to the USA mean for you as a user and what are the risks in this context?
In any case, the risks for you as a user are the powers of the U.S. intelligence services and the legal situation in the U.S., which currently, according to the ECJ, no longer ensure an adequate level of data protection. Among other things, these are the following:

  • Section 702 of the Foreign Intelligence Surveillance Act (FISA) provides no limits on the surveillance activities of the intelligence community and no safeguards for non-U.S. citizens.
  • Presidential Policy Directive 28 (PPD-28) does not provide affected individuals with effective remedies against actions taken by U.S. authorities and does not provide barriers to ensuring proportionate measures.
  • the Ombudsman provided for in the Privacy Shield does not have sufficient independence from the executive branch; he cannot issue binding orders to the intelligence services.

Legally compliant transfer of data to the USA based on standard contractual clauses?
The standard contractual clauses adopted by the Commission in 2010 (2010/87/EU of 05.02.2010), Art. 46 para. 2 c GDPR, are still valid, but a level of protection for personal data equivalent to that in the European Union must be ensured. Thus, not only the contractual relationships with our service providers are relevant here, but also the possibility of access to the data by authorities in the USA and the legal system there (legislation and jurisdiction, administrative practice of authorities).
The standard contractual clauses cannot bind authorities in the U.S. and therefore do not yet provide adequate protection in cases where authorities have the authority under U.S. law to interfere with the rights of data subjects without additional action by us and our service provider.
Legally compliant transfer of data to the USA based on your consent?
It is currently disputed whether informed consent and thus a deliberate and knowing restriction of parts of your fundamental right to data protection is legally possible at all.
What measures do we take to ensure that data transfers to the USA are legally compliant?
Where US providers offer the option, we choose to process data on EU servers. This should technically ensure that the data is located within the European Union and that access by US authorities is not possible.
Furthermore, we are carefully evaluating European alternatives to deployed U.S. tools. However, this is a process that does not happen overnight, as it also involves technical and economic consequences for us. Only if for technical and / or economic reasons the use of European tools and / or the immediate shutdown of the US tools is impossible for us, US service providers are currently further used.
We take the following measures for the continued use of US tools:
As far as possible, your consent will be requested before using a US tool and you will be informed transparently in advance about how a service works. The risks of transferring data to the USA can be found in this item.
With US service providers, we strive to conclude standard contractual clauses and to demand additional guarantees. In particular, we require the use of technologies that make it impossible to access data, e.g., the use of encryption that cannot be broken even by U.S. services or anonymization or pseudonymization of the data, where only the service provider can make the assignment. At the same time, we require additional information from the service provider if access to data by third parties actually occurs or the exhaustion of all legal remedies by the service provider until access to data is granted at all.

STORAGE PERIOD IN GENERAL

If no explicit storage period is specified when data is collected (e.g. as part of a declaration of consent), we are obliged to store the data in accordance with Art. 5 para. 1 lit. e GDPR requires personal data to be deleted as soon as the purpose of its processing no longer exists. In this context, we would like to point out that legal retention obligations to which we are subject constitute a legitimate purpose for the further processing of the personal data collected thereby.
As a matter of principle, we store and retain data in personal form until the termination of a business relationship or until the expiry of applicable guarantee, warranty or limitation periods, and beyond that until the termination of any legal disputes in which the data are required as evidence, or in any case until the expiry of the third year after the last contact with a business partner.

STORAGE PERIOD IN PARTICULAR

Within the description of individual technologies on our website, there are specific references to the storage period of data. In our cookie table you will be informed about the storage period of individual cookies. In addition, you always have the possibility to ask us directly about the specific storage period of data. To do so, please use the contact information provided in this privacy statement.

RIGHTS OF AFFECTED

Data subjects have the right:

  • (i) pursuant to Art. 15 DSGVO, to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details;
  • (ii) pursuant to Art. 16 DSGVO, to demand the correction of inaccurate or incomplete personal data stored by us without undue delay;
  • (iii) pursuant to Article 17 of the GDPR, to request, under certain circumstances, the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defense of legal claims;
  • (iv) pursuant to Art. 18 DSGVO, to request the (temporary) restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure, we no longer need the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing pursuant to Art. 21 DSGVO;
  • (v) pursuant to Article 20 of the GDPR, to receive from us your personal data that you have provided to us in a structured, commonly used and machine-readable format, or to request its direct transfer to another controller; However, this only covers those of your personal data that we process with the help of automated processes after your consent or on the basis of a contract;
  • (vi) pursuant to Article 21 of the GDPR, if your personal data are processed on the basis of our legitimate interest, to object to the processing of your personal data, provided that there are grounds for doing so which arise from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation;
  • (vii) pursuant to Art. 7 para. 3 DSGVO to revoke your consent once given to us at any time. As a result, we may no longer continue the data processing that was based on this consent in the future. Among other things, you have the option to revoke your once granted consent to the use of cookies on our website with effect for the future by accessing our cookie settings;
  • (viii) complain to a supervisory authority in accordance with Article 77 of the GDPR regarding unlawful processing of your data by us. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.

The competent supervisory authority for ANGER MACHINING GmbH is:
Austrian Data Protection AuthorityBarichgasse 40-42, 1030 Vienna, AustriaTel.: +43 1 52 152-0, dsb@dsb.gv.at

ASSERTION OF DATA SUBJECT RIGHTS

You yourself decide on the use of your personal data. Therefore, if you wish to exercise any of your above rights against us, you are welcome to contact us by e-mail at marketing@anger-machining.com or by mail, as well as by telephone.
Please assist us in specifying your request by answering questions from our responsible employees regarding the specific processing of your personal data. If there is reasonable doubt about your identity, we may request a copy of your identification.
If you have any questions regarding data protection, please contact us at marketing@anger-machining.com or at the other contact details listed in this data protection declaration.

Traun, March 29, 2023