Data Protection Declaration
The protection of your personal data is very important to us. We therefore process your data exclusively as provided by law. In this Data Protection Declaration, we will inform you about the most-important aspects of this data processing.
We reserve the right to update this Data Protection Declaration as necessary. We therefore urge you to visit this website regularly and to check it for changes.
In this Data Protection Declaration, the words „we“ or „us“ refer to Thöni Industriebetriebe and/or affiliated companies (referred to collectively as the Thöni Group).
Scope of this Data Protection Declaration
The collection and further processing of personal data by the Thöni Group are described in the following provisions. The terms „personal data“ or „data“ encompass all information pertaining to identified or identifiable persons.
Thöni Industriebetriebe GmbH bears the responsibility for the operation of this website.
According to Article 4 Z.7 of the E.U. General Data Protection Regulation (GDPR), Thöni Industriebetriebe GmbH or a subsidiary of the Thöni Group is responsible for the processing of personal data, depending upon the type of collected data and its processing. You can find the corresponding contact data here under the heading „Locations.“
If you contact us personally, by e-mail, by telephone, or by regular mail, the data you provide will be used exclusively for the given purpose. The legal basis for the data processing is Article 6, paragraph 1 b), c) or f) of the GDPR. The desire of members of the Thöni Group to process inquiries by business partners, customers, and interested parties is the legal basis for this legitimate interest.
In order to process inquiries and to respond to any subsequent follow-up questions, we store your personal data for a duration of 60 days.
Visiting one of our locations
If you visit one of our locations, your first name, last name, the place, date, and time of your visit as well as the contact data you supply will be documented. The purpose of processing this data is to protect your health and the health of our coworkers as well as to maintain a list of visitors. The legal basis for this data processing is Article 6, paragraph 1 f) of the GDPR. The desire to prevent the spreading of SARS-CoV-2 and to document visitors and thus to maintain house rules and factory safety is the legal basis for this legitimate interest.
Unless a longer retention period is required by law, we will store your data for a duration of 37 months. The data will not be passed on to third parties. Your refusal to provide the necessary personal data can result in your being denied entrance to our premises.
Processing the data of business partners
In the framework of working together with business partners, we process the personal data of the contact persons of our customers, interested parties, sales partners, suppliers, and partners (collectively: „business partners“), including first and last names, position/function in the company, business address, business telephone number, business cell phone number, business fax number, business e-mail address, customer number, tax number, payment data (e.g., banking connection), or other information necessary to process payment procedures as well as further data that you have voluntarily provided to us.
The data is processed for the purpose of unambiguously identifying and communicating with business partners, of processing inquiries on products and services, of initiating and conducting projects and contracts, of assessing securities, of complying with statutory provisions and legal requirements, of carrying out compliance screenings to prevent economic criminality and money-laundering, of enforcing claims, and also of accounting and invoicing.
The legal basis for the data processing is Article 6 paragraph 1 b), c) and f) of the GDPR. The desire to process inquiries from our business partners, to maintain personal contact, and to successfully initiate and conduct contracts and projects is the legal basis for this legitimate interest in data processing.
If no retention period is required by law, we will store your personal data as long as necessary for the given purpose. As a rule, this will be until the legal expiration of any claims which may result from the business relationship.
Data processing for marketing purposes
We employ personal data for marketing purposes, especially for invitations to trade fairs as well as for newsletters with information and offerings about our products and services.
This data is processed for the purpose of informing business partners about products and services of the Thöni Group.
As a rule, the legal basis for this data processing is the Declaration of Consent you submit. You have the right, at all times, to revoke the use of your contact data for marketing purposes by sending an e-mail to email@example.com or by invoking your right to opt out as set forth in the message which you have received.
Fundamentally, your personal data will be stored for as long as necessary for the purpose for which it was collected. If you exercise your right to opt out of the use of your contact data for marketing purposes, your data will be immediately deleted, unless it is being stored for other, legally permissible purposes.
Provision of personal data
Fundamentally, the provision of personal data is entirely voluntary. However, if the provision of the data is required by law or by contract or for the conclusion of a contract, the refusal to provide your personal data can mean that it will be impossible to respond to your inquiry, to initiate or conclude a contract, or for you to attend an event.
Categories of recipients
Transmission of personal data within the Thöni Group: Insofar as the data processing is necessary, your inquiry and the related personal data will be transmitted to other members of the Thöni Group.
Within the Thöni Group, your personal data will be distributed as necessary for marketing purposes to other members of the Thöni Group.
Transmission of personal data to third parties: Fundamentally, personal data shall not be transmitted to persons who do not belong to the Thöni Group. However, we will transmit your personal data to third parties – e.g., sales partners or suppliers – if this is necessary in the context of initiating, conducting, or concluding business relations.
Furthermore, we can transmit your personal data to third parties if required by law.
For any other purpose, your previous express agreement is necessary.
The legal basis for the data processing is Article 6 paragraph 1 b) and f) of the GDPR. The desire to process inquiries from our business partners and to successfully initiate and conduct contracts and projects is the legal basis for this legitimate interest in data processing. When consent has been provided, Article 6, paragraph 1 a) of the GDPR represents the legal basis or, in the case of legal requirements, Article 6, paragraph 1 c) of the GDPR.
In exceptional cases, data is processed by external processors to whom this task has been outsourced. These external processors are required by Article 28 of the GDPR to protect your rights.
Data transmission to third countries: In order to fulfill the purposes set forth in this Data Protection Declaration, in some circumstances, your personal data will be transmitted to countries outside of the European Economic Area (E.E.A.) in which the same level of data protection does not necessarily prevail as in the country in which you originally provided your personal data. Your personal data will be transmitted to non-E.E.A. countries only under the following prerequisites:
- if the European Commission has decided that the given third country offers a sufficient level of protection (Adequacy Decisions);
- if suitable safeguards for the protection of your data are in place, in particular through the contractual agreement of corresponding standard protection provisions according to the requirements of the European Commission;
- if you have agreed to the transmission;
- if the transmission is necessary to the fulfillment of a contract concluded between you and the responsible party;
- if the transmission is necessary to carry out pre-contractual measures at your request; or
- if there is any other legal basis for the data transmission.
Data transmission to unsafe third countries: Fundamentally, we avoid transmitting your personal data to unsafe third countries. However, insofar as this is necessary to fulfill the contract concluded between you and the responsible party or insofar as this is necessary for carrying out pre-contractual measures at your request, it may be that we will transmit your data to an unsafe third country. This is particularly the case if personal data is exchanged with Thoeni North America Inc.
Furthermore, your personal data may be transmitted to unsafe third countries if you have expressly consented to this or if there is some other legal basis for transmission.
If your personal data is transmitted to an unsafe third country, we expressly state that the European Commission has not certified that this country provides an adequate level of data protection. As a consequence, you will run the risk that access to this data by governmental agencies in that country is not restricted to the mandatory extent, that no court orders are required for accessing the data, and that E.U. citizens have no effective legal recourse against it.
The United States of America is an unsafe third country as specified by GDPR. For this reason, there is a special risk here that your data may be accessed by U.S. authorities for monitoring and surveillance purposes and that you will have no legal right to redress. Thus, such U.S. laws as the Foreign Intelligence Surveillance Act (FISA) allow mass surveillance; if your data has been transmitted to the U.S., then it, too, could be affected by this.
Visiting our website
Webpage: When you visit our website, we collect data on each access to the server on which this service is located. The access data includes the name of the visited website, the date and time of the visit, the browser type and version, the user’s operating system, the referrer URL (the previously visited website), and the hostname of the user’s computer (IP address). For security reasons (e.g., to resolve cases of misuse or fraud), log file information are stored for a maximum of 14 days and then deleted. Data which must, for evidentiary reasons, be stored for a longer period are excepted from deletion until the given case has been completely resolved.
The legal basis for the data processing is Article 6, paragraph 1 f) of the GDPR. The desire to improve the quality of our website and to resolve cases of misuse or fraud is the legal basis for this legitimate interest in data processing.
- Session cookies: These cookies are of a temporary nature and are deleted when the browser is closed.
- Persistent cookies: These cookies remain in existence until a certain period of time elapses or they are manually deleted.
- Web beacons: These are graphical and pixel images which enable recordings or analyses.
If you do not wish to have such cookies, you can set up your browser so that you are informed about the placement of cookies and thus given the opportunity to allow this only in individual cases. When the cookies are deactivated, this can limit the functionality of our website.
The following cookies are employed:
Necessary cookies / Cookies necessary for the website’s functionality
You can prevent this from happening by adjusting your browser so that no cookies are stored or, when visiting our website for the first time, by deselecting the cookies for „statistics.“
The legal basis for the data processing is Article 6, paragraph 1 a) of the GDPR. You can revoke your consent at any time by setting an „opt-out“ cookie. To do this, click on the „OFF“ button next to the description „statistics.“ Please note that you will have to reset this „opt-out“ cookie after you have deleted your browser cookies.
We use Google Analytics only with activated IP anonymization. This means that, within Member States of the European Union or in other parties to the Treaty on the European Economic Area, the user’s IP address is shortened by Google. Only in exceptional cases is the full IP address transmitted to a server in the U.S. and shortened only there.
Your data will be stored for a period of 14 months on the user and event level before being automatically deleted from the Analytics servers. The retention period applies to the user and event level which are linked with cookies, user names (e.g., user IDs) and advertising IDs (e.g., doubleclick cookies, Android advertising IDs, IDFA [Apple ID for advertisers]).
The European Court of Justice has not certified the U.S.A. with an adequate data protection level – the U.S.A. is therefore an unsafe third country according to GDPR. The European Court of Justice criticizes in particular that access to the data by U.S. authorities is not limited to the mandatory extent, that no court orders are required for accessing the data, and that E.U. citizens have no effective legal recourse against it. There is thus a special risk here that your data may be accessed by U.S. authorities for monitoring and surveillance purposes and that you will have no legal right to redress. U.S. laws such as the Foreign Intelligence Surveillance Act (FISA) allow mass surveillance; data processed by Google could thus be affected by this.
YouTube: We use the platform YouTube.com to present our own videos and make them publicly accessible. YouTube is an offering of YouTube LLC, domiciled in 901 Cherry Ave., San Bruno, CA 94066, USA.
We also incorporate videos stored with YouTube directly on our website. This incorporation allows the YouTube internet site to be presented in parts of a browser window. However, the YouTube videos will be played only if you activate them by clicking. This method is referred to as „framing.“ If you click a sub-page of our internet offering in which YouTube videos are incorporated in this way, a connection is the YouTube servers is established and the contents presented on the internet page by means of a notification to your browser.
The incorporation of YouTube contents takes place only in the „expanded data protection mode.“ YouTube itself provides this mode, thus ensuring that YouTube does not initially store any cookies on your device. However, when clicking the relevant site, the IP address and other further data described above are transmitted and in particular a notification thus sent about which of our internet pages you have visited. However, this information cannot be associated with you unless you have, prior to clicking on the page, registered yourself or are permanently registered with YouTube or another Google service (e.g., Google+).
As soon as you start playing an incorporated video by clicking it, YouTube stores (in the expanded data protection mode) only those cookies on your device which contain no personally identifiable data – unless you are currently registered with a Google service. It is possible to prevent these cookies by adjusting or expanding your browser accordingly.
Processing of data of job applicants
Thöni Industriebetriebe GmbH is the party responsible for the processing of personal job-applicant data according to Article 4 Z.7 of the GDPR. Your data will, of course, be treated with confidentiality.
The job portal of the Thöni Group is operated by an external service provider, which processes your data on behalf of Thöni Industriebetriebe GmbH. The external service provider is the eRecruiter GmbH with registered office in Am Winterhafen, A-44020 Linz and as a processor of Thöni Industriebetriebe GmbH obliged to protect your rights according to art. 28 GDPR.
In the context of your job application, we process the data you supply us with and also any additional data necessary for further processing. Such data includes in particular your personal contact data, place and date of birth, sex, language, banking connection, and all documents submitted with your application (e.g., curriculum vitae, school transcripts, certificates, photographs). Submitting incomplete data may result in your being excluded from the application process.
When you give consent, the legal basis for the data processing is Article 6, paragraph 1 a) of the GDPR; otherwise: Article 6, paragraph1 b) or f) of the GDPR. The desire to oppose any claims of rejected applicants is the legal basis for this legitimate interest in data processing according to f).
Insofar as there is no legally required retention period (e.g., in the case of compensation for travel expenses), we will store your personal data for as long as required by the given purpose or there is a legitimate interest. In the event that your application is not successful, your data will be deleted as a rule 7 months (for Thöni Deutschland GmbH und Thöni Italia S.r.l. 6 months) after conclusion of the application process or, in the case of an unsolicited application, 7 months (for Thöni Deutschland GmbH und Thöni Italia S.r.l. 6 months) after receipt of the application.
If you are invited to a job interview at one of our locations, your first and last name, place, date and time of the visit, and the contact data you have supplied will be documented. The legal basis for the data processing is Article 6, paragraph 1 f) of the GDPR. The desire to document visitors in order to maintain house rules and factory safety is the legal basis for this legitimate interest in data processing. Unless a longer retention period is required by law, we will store your data for a duration of 37 months.
If your application cannot be considered at the time of its submission, but we would nonetheless like to retain it for future consideration, we will expressly request your consent. In this case, we will store your data for a duration of 3 years, starting with the point in time of your consent.
Because our job portal is operated by Thöni Industriebetriebe GmbH and it also provides services in the areas of HR and IT to other companies in the Thöni Group, Thöni Industriebetriebe GmbH will transmit your data to that other member of the Thöni Group for which you have applied.
Rights of affected persons
Right to information: According to Article 15 of the GDPR, you have the right to demand a confirmation about whether your personal data have been processed. If this is the case, then you have the right to demand information about these personal data and also to the information set forth in Article 15 of the GDPR.
Right to correction: According to Article 16 of the GDPR, you have the right to correct and complete any incorrect personal data pertaining to you.
Right to deletion: In the event that the prerequisites set forth in Article 17 of the GDPR are given, you have the right to demand the immediate deletion of the personal data pertaining to you.
Right to limitation of processing: According to Article 18 of the GDPR, you have the right to demand the restriction of the processing of your personal data if one of the prerequisites set forth in Article 18 of the GDPR is given. If the processing was restricted, this personal data – with the exception of their storage – can be processed only with your consent or when it is necessary for the establishment, exercise, or defense of legal claims, for the protection of the rights of another person, or for reasons of substantial public interest of the European Union or of a Member State.
Right to data transfer: According to Article 20 of the GDPR, you have the right to receive the relevant data you provided in a structured, common, and machine-readable format and to freely transmit this data to another responsible party insofar as the process of this data is required for the fulfillment of a contract with you or for carrying out pre-contractual measures as the result of your inquiry and insofar as the processing takes place using automatic methods. You also have the right to demand the direct transmission of this data by us to a third party insofar as this is technically possible.
Right to object: According to Article 21 of the GDPR, you have the right, for reasons related to your special situation, to raise an objection at any time to the processing of personal data pertaining to you on the basis of Article 6, paragraph 1 e) or f) of the GDPR. We will then no longer process your personal data unless there are demonstrably compelling legitimate reasons for further processing which override your interests, rights, and freedoms or the processing serves the establishment, exercise, or defense of legal claims.
Right of revocation: According to Article 13, paragraph 2 c) of the GDPR, you have the right, if the date processing is carried out on the basis of a consent according to Article 6, paragraph 1 a) or Article 9, paragraph 2 a) of the GDPR, to revoke your consent at any time. The legality of the processing which has taken place on the basis of your consent up until your revocation is unaffected.
If you wish to lodge a complaint or establish any of the aforementioned rights, please address yourself to the following contact address:
Thöni Industriebetriebe GmbH
The Thöni Group will strive to address all of your complaints and inquiries and to deal with them. The processing is carried out in a timely manner, free of charge, insofar as the processing does not require any excessive or disproportionate effort. Under some circumstances, we will request that you provide additional information necessary to confirm your identity.
Right to complain to a supervisory agency: According to Article 77 of the GDPR, you have the right to lodge complaints with a supervisory authority and in particular in the Member State in which you reside, of your workplace, or where the alleged violation occurred if you are of the view that the processing of the personal data pertaining to you violates the data protection provisions.