The processing of personal data, such as the name, address, email address, or telephone number of a data subject, is carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to CLEANTEC hygiene technology gmbh. Through this privacy policy, our company seeks to inform the public about the nature, scope, and purpose of the personal data we collect, use, and process. Furthermore, this privacy policy explains the rights to which data subjects are entitled.
CLEANTEC hygiene technology gmbh, as the data controller, has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, internet- based data transmissions can generally have security vulnerabilities, making it impossible to guarantee absolute protection. For this reason, every data subject is free to transmit personal data to us via alternative means, such as by telephone.
The privacy policy of CLEANTEC hygiene technology gmbh is based on the terms used by the European legislator when adopting the General Data Protection Regulation (GDPR). Our privacy policy aims to be easy to read and understand for the public, as well as for our customers and business partners. To ensure this, we would like to first explain the terms used.
In this privacy policy, we use the following terms, among others:
a) Personal Data
Personal data refers to any information relating to an identified or identifiable natural person (hereinafter referred to as the "data subject"). A natural person is considered identifiable if they can be identified, directly or indirectly, particularly by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
b) Data Subject
A data subject is any identified or identifiable natural person whose personal data is processed by the data controller.
c) Processing
Processing is any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
d) Restriction of Processing
Restriction of processing is the marking of stored personal data with the aim of limiting its processing in the future.
e) Profiling
Profiling means any form of automated processing of personal data that involves using personal data to evaluate certain personal aspects relating to a natural person, particularly to analyze or predict aspects concerning that natural person's work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
f) Pseudonymization
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
g) Controller or Data Controller
The controller or data controller is the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
h) Processor
A processor is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.
i) Recipient
A recipient is a natural or legal person, public authority, agency, or another body to which personal data is disclosed, whether a third party or not. However, public authorities that may receive personal data in the context of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
j) Third Party
A third party is a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
k) Consent
Consent is any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.
The data controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union, and other provisions related to data protection is:
CLEANTEC hygiene technology gmbh
Am Fischhof 3/6
1010 Vienna, Austria
Tel: +43 1 997 1686 0
E-Mail: office@cleantec.eu
Website: www.cleantec.eu
The website of CLEANTEC hygiene technology gmbh collects a range of general data and information each time a data subject or automated system accesses the site. This general data and information is stored in the server log files. The data collected may include:
(1) The browser types and versions used, (2) The operating system used by the accessing system, (3) The website from which an accessing system arrives on our website (so-called referrers), (4) The subpages that are accessed on our website, (5) The date and time of access to the website, (6) An Internet Protocol (IP) address, (7) The Internet service provider of the accessing system, and (8) Other similar data and information that serve to avert danger in the event of attacks on our IT systems.
When using this general data and information, CLEANTEC hygiene technology gmbh does not draw any conclusions about the data subject. Instead, this information is needed to:
(1) Deliver the contents of our website correctly, (2) Optimize the contents of our website and advertising for it, (3) Ensure the long-term functionality of our IT systems and website technology, and (4) Provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack.
These anonymously collected data and information are therefore statistically evaluated by CLEANTEC hygiene technology gmbh and further analyzed with the aim of increasing the data protection and data security of our company to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data from the server log files are stored separately from all personal data provided by a data subject.
The data controller processes and stores personal data of the data subject only for the period necessary to achieve the purpose of storage or where required by European directives, regulations, or other laws to which the data controller is subject.
If the purpose of storage no longer applies, or if a storage period prescribed by European directives, regulations, or another applicable legislator expires, the personal data will be routinely blocked or deleted in accordance with legal requirements.
a) Right to Confirmation
Each data subject has the right, granted by the European legislator, to obtain confirmation from the data controller as to whether personal data concerning them is being processed. If a data subject wishes to exercise this right, they may, at any time, contact an employee of the data controller.
b) Right to Access
Each data subject aWected by the processing of personal data has the right, granted by the European legislator, to obtain free information about the personal data stored about them, as well as a copy of this information. Additionally, the European legislator has granted the data subject access to the following information:
o The purposes of the processing,
o The categories of personal data being processed,
o The recipients or categories of recipients to whom the personal data has been or will be disclosed, particularly recipients in third countries or international organizations,
o If possible, the planned duration for which the personal data will be stored, or, if not possible, the criteria used to determine that duration,
o The existence of the right to request rectification or erasure of personal data, or restriction of processing of personal data concerning the data subject, or to object to such processing,
o The existence of the right to lodge a complaint with a supervisory authority,
o Where the personal data is not collected from the data subject, any available information as to its source,
o The existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR, and, at least in such cases, meaningful information about the logic involved, as well as the significance and intended consequences of such processing for the data subject.
Furthermore, the data subject has the right to be informed as to whether personal data is transferred to a third country or an international organization. If this is the case, the data subject has the right to be informed of the appropriate safeguards relating to the transfer.
If a data subject wishes to exercise this right to access, they may, at any time, contact an employee of the data controller.
c) Right to Rectification
Each data subject has the right, granted by the European legislator, to obtain the rectification of inaccurate personal data concerning them without undue delay. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.
If a data subject wishes to exercise this right to rectification, they may, at any time, contact an employee of the data controller.
d) Right to Erasure (Right to Be Forgotten)
Each data subject has the right, granted by the European legislator, to obtain from the data controller the erasure of personal data concerning them without undue delay, where one of the following grounds applies, as long as the processing is not necessary:
o The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
o The data subject withdraws consent to which the processing is based according to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, and where there is no other legal ground for the processing.
o The data subject objects to the processing pursuant to Article 21(1) GDPR, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR.
o The personal data has been unlawfully processed.
o The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the data controller is subject.
o The personal data has been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
If one of the aforementioned reasons applies, and a data subject wishes to request the erasure of personal data stored by CLEANTEC hygiene technology gmbh, they may, at any time, contact an employee of the data controller. The employee of CLEANTEC hygiene technology gmbh will ensure that the erasure request is complied with promptly.
If CLEANTEC hygiene technology gmbh has made the personal data public and is obliged pursuant to Article 17(1) GDPR to erase the personal data, CLEANTEC hygiene technology gmbh, taking into account available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other data controllers processing the personal data that the data subject has requested erasure by such controllers of any links to, or copy or replication of, that personal data, as far as processing is not required.
The employee of CLEANTEC hygiene technology gmbh will arrange the necessary measures on a case-by-case basis.
e) Right to Restriction of Processing
Every data subject whose personal data is being processed has the right, as granted by European legislation and regulations, to obtain restriction of processing from the controller if one of the following conditions applies:
o The accuracy of the personal data is contested by the data subject, for a period allowing the controller to verify its accuracy.
o The processing is unlawful, and the data subject opposes the erasure of the personal data and instead requests the restriction of its use.
o The controller no longer needs the personal data for processing purposes, but the data subject requires it for the establishment, exercise, or defense of legal claims.
o The data subject has objected to the processing pursuant to Article 21(1) of the GDPR, and it has not yet been determined whether the legitimate grounds of the controller override those of the data subject.
If one of the above conditions applies and a data subject wishes to obtain the restriction of processing of personal data stored by CLEANTEC hygiene technology gmbh, they may contact an employee of the controller at any time. The employee of CLEANTEC hygiene technology gmbh will arrange for the restriction of processing.
f) Right to Data Portability
Every data subject whose personal data is being processed has the right, as granted by European legislation and regulations, to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used, and machine-readable format. They also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, or on a contract pursuant to Article 6(1)(b) GDPR, and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, in exercising their right to data portability under Article 20(1) GDPR, the data subject has the right to have personal data transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of others.
To exercise the right to data portability, the data subject may contact an employee of CLEANTEC hygiene technology gmbh at any time.
g) Right to Object
Every data subject whose personal data is being processed has the right, as granted by European legislation and regulations, to object at any time, on grounds relating to their particular situation, to the processing of their personal data based on Article 6(1)(e) or (f) GDPR. This also applies to profiling based on these provisions.
CLEANTEC hygiene technology gmbh will no longer process the personal data in the event of an objection unless compelling legitimate grounds for the processing can be demonstrated that override the interests, rights, and freedoms of the data subject or the processing is necessary for the establishment, exercise, or defense of legal claims.
If CLEANTEC hygiene technology gmbh processes personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of their personal data for such marketing, which also includes profiling related to such direct marketing. If the data subject objects to processing for direct marketing purposes, CLEANTEC hygiene technology gmbh will no longer process the personal data for these purposes.
Additionally, the data subject has the right, on grounds relating to their particular situation, to object to the processing of their personal data for scientific or historical research purposes or for statistical purposes under Article 89(1) GDPR, unless the processing is necessary for the performance of a task carried out in the public interest.
To exercise the right to object, the data subject may directly contact any employee of CLEANTEC hygiene technology gmbh or another employee. The data subject is also free, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise their right to object through automated means using technical specifications.
h) Automated Individual Decision-Making, Including Profiling
Every data subject whose personal data is being processed has the right, as granted by European legislation and regulations, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them, unless the decision:
(1) Is necessary for entering into or performing a contract between the data subject and the controller,
(2) Is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights, freedoms, and legitimate interests, or
(3) Is based on the data subject’s explicit consent.
If the decision is necessary for entering into or performing a contract between the data subject and the controller, or is based on the data subject’s explicit consent, CLEANTEC hygiene technology gmbh will implement suitable measures to safeguard the rights, freedoms, and legitimate interests of the data subject, including at least the right to obtain human intervention on the part of the controller, to express their point of view, and to contest the decision.
If the data subject wishes to exercise rights concerning automated decision-making, they may contact an employee of the controller at any time.
i) Right to Withdraw Consent for Data Protection
Every data subject whose personal data is being processed has the right, as granted by European legislation and regulations, to withdraw their consent to the processing of their personal data at any time.
If a data subject wishes to exercise their right to withdraw consent, they may contact an employee of the controller at any time.
The legal basis for processing operations requiring consent for a specific purpose is Article 6(1)(a) GDPR. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party (e.g., for the delivery of goods or provision of services), the processing is based on Article 6(1)(b) GDPR. If the processing is required to comply with a legal obligation, such as for fulfilling tax obligations, the processing is based on Article 6(1)(c) GDPR. In rare cases, processing may be necessary to protect vital interests of the data subject or another natural person, in which case Article 6(1)(d) GDPR applies.Processing may also be based on Article 6(1)(f) GDPR if it is necessary for the purposes of legitimate interests pursued by the controller or a third party, provided these do not override the interests, rights, or freedoms of the data subject.
If the processing of personal data is based on Article 6(1)(f) GDPR, our legitimate interest is the performance of our business activities in favor of the well-being of all our employees and shareholders.
The criterion used to determine the duration of the storage of personal data is the respective statutory retention period. After the expiration of that period, the corresponding data is routinely deleted, provided it is no longer necessary for the fulfillment of the contract or the initiation of a contract.
We clarify that providing personal data is partially required by law (e.g., tax regulations) or may also result from contractual provisions (e.g., details on the contracting party). Sometimes, it may be necessary for the conclusion of a contract that the data subject provides us with personal data, which must subsequently be processed by us. For example, the data subject is obligated to provide us with personal data when our company signs a contract with them. The non-provision of personal data would result in the contract with the data subject not being concluded.
Before personal data is provided by the data subject, the data subject must contact one of our employees. The employee clarifies for the data subject whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data, and the consequences of non-provision of the personal data.
As a responsible company, we do not use automated decision-making or profiling.