MEDUZA Personal GmbH is committed to the privacy of your personal data. When processing your data, we comply with the provisions of the Austrian Data Protection Act (DSG), the General Data Protection Regulation (GDPR) and the up-to-date version of the Austrian Telecommunications Act (TKG).  Below we explain how we process your personal data.

Basic information

This privacy statement explains the nature, scope and purposes of the collection and use of users’ personal data by the website operator. It applies only to the content on our server and does not include external websites linked to from our website.

The website operator takes the privacy of your data very seriously, and will treat your personal data confidentially and in accordance with the legal regulations. New technologies and the continuous development of this website mean that this privacy statement may be updated. We therefore recommend that you come back to this privacy statement and read it through regularly.

For definitions of the terms used (e.g. “personal data” or “processing”), see Article 4 GDPR.

CONTACTING US

If you have any questions or concerns with regard to this privacy statement, please email:

Patrick Wagner
office@meduza-personal.at

Or write to:

Patrick Wagner
MEDUZA Personal GmbH
Miegerer Straße 25 – 29
9065 Ebenthal, Austria

Responsibility for data processing

The body responsible for processing your personal data is
MEDUZA Personal GmbH
Zellach 23
9413 Frantschach St. Gertraud, Austria

Legal basis for data processing

Your personal data are processed on the basis of the legal authorisation in accordance with Article 6(1)(b) GDPR, “for the performance of a contract or in order to take steps prior to entering into a contract”.
Personal data may also be processed on the basis of a declaration of consent, in accordance with Article 6(1)(a) GDPR, “Consent”.
On this website, data are processed exclusively on the basis of the legal provisions (DSG, GDPR, TKG).
With regard to the use of the “Google Analytics” tool, the data are processed on the basis of Article 6(1)(f) GDPR, “Legitimate interests”, with the purpose of improving the website and of measuring the success of online advertising.
IT data security measures have also been implemented on the basis of Article 6(1)(f) GDPR, “Legitimate interests”, with the purpose of ensuring the safety of our own IT systems.

Personal data we collect

Website
We use the personal data you send to us electronically via this website, such as a message or your email address, solely for the described purpose. These data are stored securely and are not passed on to third parties. The provider automatically collects and stores data on the web server, such as the browser used, operating system, referrer, IP address, time of access etc. These data cannot be associated with any individual without reviewing further data sources, and we will not analyse these data any further provided that no unlawful use of our website has been detected.

Data submitted in forms and comments
When you leave comments or enter data in forms, the data you enter and your IP addresses are saved. This is a security measure, in case any user submits illegal content (libel, extreme left or right-wing propaganda, hate speech etc.). If this occurs, we need to identify the author of this content.
Data submitted in forms (e.g. contact forms), including IP address data, are collected, processed and stored for the purposes of establishing contact.
If you do not consent to this, we ask that you refrain from using the forms on our website.

Contact via email or phone
We process the data you send when you contact us solely in order to respond to your query. It is necessary to collect your data, which you send to us voluntarily, in order to process your query. We do not use any automated decision-making systems or profiling when we process the data you send us.
We store your data only for the time it takes to fulfil the purpose of storing them. In addition, we only process the data required, as determined by the applicable legal regulations and retention obligations.

Contractual relationship
As part of our client management, we process the personal data you send us for the purpose of contract performance. In particular, this includes:

• Master and contact data (e.g. name, address, email address, phone number, role, department)
• Contract data
• Financial data

The data you send us are required in order to fulfil the contract or in order to take steps prior to entering into the contract.
Within MEDUZA Personal GmbH, only the departments and staff which require your data in order to fulfil the contractual, legal and supervisory obligations and in order to protect legitimate interests will have access your data.
Your personal data will be processed for the duration of the overall business relationship (from initiation, throughout the performance and until the termination of the contract) and beyond, in accordance with the legal retention and documentation obligations.
If we do not enter into a contract with you, your personal data will be stored for no longer than one year.

Processing the data you send us in your application documents
We process the application documents you send us in order to process your application (whether it is speculative or in response to an advertised opening), to assess your suitability for the job in question, to make contact with you and to keep records. If we decide to employ you, we will inform you separately about the processing of your personal data that this will involve.
Your personal data are processed in order to take steps prior to entering into the employment contract; they will not be processed for any other purpose.
The data required in order to process your application will be processed for a period of six months after the conclusion of the application process, in accordance with the applicable legal provisions. If you wish the records of your application to be stored for longer, you may give us your written consent in advance. You can withdraw consent you have given us at any time in writing by sending us an email.

Location of data processing

Your data are processed within the EU and within the European Economic Area.

Technical and organisational measures (TOMs)

The TOMs are implemented by MEDUZA Personal GmbH in accordance with the GDPR. They are continuously evaluated to review their feasibility and to ensure they are up to date, and if required they are updated in order to improve the levels of security and privacy.

Notification of data breaches

We, “ilogs DRiVEBOX GmbH”, are responsible for your data. We guarantee that data breaches will be detected quickly and that if necessary you and the supervisory authority (the Austrian Data Protection Authority) will be notified immediately of the breach, including the data categories which are affected.

Parties to whom we send your data

Once we enter into an employment relationship with you, as and when appropriate we will send your data to parties such as our accountant, lawyer, insurance company, bank, debt collection agency, the authorities, and, if the occasion arises, the court. In addition, processors (in particular IT staff) commissioned by us will have access to your data solely for the purpose of fulfilling the contract as required. We require all our processors to sign contractual agreements that they will only process your data to the extent required for the provision of services and in accordance with the relevant GDPR provisions, and that they will treat your data confidentially.
We will not send your data to third parties, neither through sale, exchange, lending nor any other means, unless you instruct us to do so by giving us your consent.

Your privacy rights

Right to be informed
Data subjects must be informed about the details of the data processing and about their rights (who / what / when / where / how / why).

Right of access
Data subjects must have access to the stored and processed data relating to their person, separate from the data of other persons.

Right to rectification
In order to avoid false evaluations.

Right to erasure (“right to be forgotten”)
Unless it is necessary or lawful to continue to store personal data, and unless the data subject has given their consent, personal data must be erased after the expiration of retention periods (e.g. after the termination of a business relationship).

Right to restriction of processing
For the duration of assessments or to safeguard legal rights. Without deleting the data, they must be excluded from processing.

Right to data portability
Data relating to a person must be transmitted to other service providers on request in an automated or structured form.

Right to object
If it is in the data subject’s best interests, a data subject can object and prevent the processing of their data.

Right to lodge a complaint
If you believe that the processing of your data infringes data privacy laws or that your privacy rights have been infringed in any other way, you can lodge a complaint with the supervisory authority. In Austria this is the Data Protection Authority (Datenschutzbehörde), Barichgasse 40-42, 1030 Vienna (https://www.dsb.gv.at/). 

Retention period for your data

We retain the personal data we collect from you for as long as a legitimate business interest and/or legal requirement exists, and/or as long as is required in order to fulfil the purposes described in this privacy statement, provided that no longer retention periods are required or authorised by law (e.g. for tax, legal, accounting or other purposes).
If there is no legitimate business interest in continuing to process your personal data, we will delete them within twelve months.

Children

Our website is not designed for children under the age of 14. We do not knowingly collect personal data relating to such persons. If you become aware that a child has sent us personal data, please contact us immediately. If we become aware that a child under the age of 14 has sent us personal data, we will take the necessary steps to delete these data immediately.

External links

Our website and online services may contain links to other websites, in the form of direct links or applications such as “Share” or “Like” buttons. Other websites may contain links to our website or online services. We have no control over these websites or their data privacy measures, which may differ from our measures as described in this privacy statement. We do not make any recommendations or take any positions with regard to external websites. The personal data you send to third parties not associated with us are not covered by this privacy statement. We recommend that you read the privacy statements of these external websites, online services and applications in order to understand how your data may be collected and used.

Data collected automatically

We collect some data automatically when you use or access our online services. These data do not directly reveal your identity, but they may contain information about the specific device you are using, e.g. the hardware model, the operating system version, the web browser software (e.g. Firefox, Safari or Internet Explorer) and your internet protocol (IP) address/MAC address/device identifier.
For technical reasons, the operator of this website automatically collects and stores server log data transmitted by your browser:

• Operating system
• Browser type/version
• Referrer (URL of the site from which you accessed our website)
• IP address (spam protection, unambiguous attribution)
• Time of your visit

The data stored by the server cannot and will not be associated with any natural person. The log data will be deleted automatically after 14 days or after a statistical analysis. Please be aware that server log data are necessary in order to secure and protect this online presence.

Potential reasons we may use these data include:

• To provide you with the online content
• To respond to your queries or provide you with information you have requested
• To obtain feedback or to better understand your user experience
• To improve the security, monitoring and verification of identity or service access, or to combat spam or other malware or security risks
• To provide you with marketing and advertising material (as far as permitted by law)
• To determine the effectiveness of marketing and advertising campaigns

Cookies

The operator of the website or the software installed on the server uses cookies, which are text files that contain data and give you increased functionality (such as spam protection checks in the contact form, if enabled). Cookies only store the data required for this purpose and can cause no harm to your computer. You can decide how long you want cookies to be stored in your browser profile, and you can delete cookies on your computer at any time. Cookies are necessary technology in order ensure the full functionality of this website at all times.

Google Maps privacy statement

We use Google Maps, a service provided by Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA), on our website. When you use the features of Google Maps, data are sent to Google. To find out which data Google collects, and what these data are used for, visit https://policies.google.com/privacy.

Google Analytics privacy statement

We use Google Analytics, a service provided by Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA), on our website to statistically analyse visitor data. Google Analytics uses targeting cookies. For more information about terms of service and data privacy, visit https://marketingplatform.google.com/about/analytics/terms/us/ or https://support.google.com/analytics/answer/6004245?hl=en.

Disabling data collection by Google Analytics

Website visitors can prevent Google Analytics from using their data by using the browser add-on to disable Google Analytics JavaScript (ga.js, analytics.js, dc.js). You can prevent Google from collecting and processing the data generated by the cookie and relating to your use of the website by downloading and installing the browser plug-in available at https://tools.google.com/dlpage/gaoptout?hl=en.  

Google Analytics Data Processing Amendment

We have a direct customer contract with Google to use Google Analytics as a result of accepting the Data Processing Amendment in Google Analytics. For more about the Google Analytics Data Processing Amendment, visit https://support.google.com/analytics/answer/3379636?hl=en&utm_id=ad.

Google Analytics reports on demographics and interests data

We have enabled the features for advertising reports in Google Analytics. The reports on demographics and interests data include information about age, gender and interests, which allows us – without being able to associate these data with any individuals – to understand our users better.

Google Fonts privacy statement

We use Google Fonts, a service provided by Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA), on our website. Google Fonts is used without authentication, and no cookies are sent to the Google Fonts API. If you have a Google account, none of your Google account data will be sent to Google while using Google Fonts. Google only collects data on the use of CSS and the fonts used, and it stores these data securely.

Facebook privacy statement

We use features from Facebook, a social media network provided by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, on this website. Visit https://developers.facebook.com/docs/plugins/ to find out which features (social plug-ins) Facebook provides. When you visit our website, data may be transmitted to Facebook. If you have a personal Facebook account, Facebook may be able to associate these data with your account. If you do not want this to happen, please log out of Facebook. The privacy guidelines concerning which data Facebook collects and how it uses them can be found at https://www.facebook.com/policy.php.

Disclaimer
This disclaimer is to be considered part of the internet service from which the reference was made to this website. If sections or individual phrases of this text do not, no longer or do not entirely correspond with the applicable laws, this shall not affect the remaining sections of the document in terms of their content and their validity.

Liability for the content of this website

Although the content of our web pages has been produced with the utmost care and attention, we assume no liability for its accuracy, completeness and currency. As a service provider, we are responsible for our own content on these sites in accordance with general legislation. However, we are not required to monitor external data that has been transmitted or stored, or to investigate circumstances which may indicate illegal activity. This does not affect our obligations to remove or block the use of data in accordance with general legislation. Any liability in this regard, however, is only incurred from the moment that we become aware of a specific legal infringement.
If we become aware of relevant legal infringements, we will immediately remove this content.

Liability for links to third-party websites

Our online service contains links to external websites. We do not have any influence on the content of these external websites, and we therefore assume no liability for this external content. The respective provider or operator of the web pages we link to is responsible for their content. At the time the links were created, we reviewed the web pages to check for potential legal infringements and no illegal content was found. However, unless there are concrete indications of legal infringements, it is not reasonable for us to permanently monitor the content of the web pages we link to. If we become aware of legal infringements, we will immediately remove the relevant links.

Copyright

The operators of this website make every effort to respect the copyrights of other persons and to use their own work or works which are in the public domain. The content and works created by the operators and used on this website are subject to copyright. Content from third parties is identified as such.
The reproduction, adaptation, distribution and any kind of exploitation outside the limits of copyright require written permission from the respective author or creator. Downloads and copies of this site are only permitted for personal, non-commercial use.
The layout of this website, as well as the graphics, texts and images used, are protected by copyright. The copyright for published images, graphics etc., and for those images, graphics etc. created by us, shall be retained solely by the respective copyright owner or by MEDUZA Personal GmbH. These images, graphics etc. must not be reproduced, transmitted, published, presented, cited, rendered, translated, adapted or processed without the express written permission of MEDUZA Personal GmbH.

Changes to this privacy statement

We will regularly review and update this privacy statement to ensure it is up to date with the changing legal, technological and commercial situation. When we update this privacy statement, we will indicate the date of the most recent update at the beginning of the statement. We recommend that you regularly read this privacy statement so that you are always aware of how we safeguard your data.