Privacy Information
Information on the processing of your personal data
Table of Contents
- Controller and Data Protection Officer
- Purposes of Processing and Legal Basis for the Website
2.1 Logging of Activities on Our Website (Logfiles)
2.2 Jobs/Applications
2.3 Map Display via Google Maps - Social Media Presence - Linkedin
3.1 Facebook
3.2 LinkedIn
3.3 Instagram
3.4 YouTube - General Data Sharing and Recipients
- General Data Retention Period
- Profiling and Automated Decision-Making
- Cookies
7.1 Cookies
7.2 Google Analytics
7.3 Google Tag Manager
7.4 Facebook Pixel - Your Rights to Protect Your Personal Data
- Right to Lodge a Complaint
The protection of your privacy is important to us. We strictly adhere to the legal provisions of the EU General Data Protection Regulation (GDPR), the Data Protection Act, and other applicable legal regulations concerning the protection, lawful handling, and confidentiality of personal data.
Below, we would like to inform you about the processing of your personal data. If you have any questions, please contact us using the provided contact details.
1. Controller and Data Protection Officer
1.1 Name and Address of the Controller
The controller within the meaning of the EU General Data Protection Regulation (GDPR) is:
Controller:
W. Hamburger GmbH
Aspanger Str. 252
2823 Pitten
Austria
Phone: +43 (0)2627 800-0
Fax: +43 (0)2627 800-400
E-Mail: officepit@hamburger-containerboard.com
Contact for the Data Protection Officer:
E-Mail: dataprotection@hamburger-containerboard.com
2. Purposes of Processing and Legal Basis for the Website
2.1 Logging of Activities on Our Website (Logfiles)
When you visit our website, we collect and store access data in log files (so-called logfiles or access logs) in order to ensure the permanent functionality of the website. In this context, we process the following data:
- IP address
- Date and time of access
- Websites from which you arrived on our site (referrer URL)
- Operating system
- Name of the Internet Service Provider
- Product and version information of the browser used
- Data volume transmitted and loading time
The legal basis for the data processing is our legitimate interest pursuant to Article 6(1)(f) of the GDPR. This legitimate interest lies in ensuring the functionality, security, and accessibility of the website for all visitors, as well as for the collection, defense, and assertion of legal claims if necessary.
You have the right to object to this data processing (the right to object to data processing based on legitimate interests in accordance with Article 21, paragraph 1 of the GDPR). In such cases, we will only process your data if there are compelling legitimate reasons on our part for further processing.
A direct inference to your identity based on the information is not possible. The data will be automatically deleted once the aforementioned purposes have been achieved.
Data transfers: As a general rule, we only transfer the data collected based on your use of our website to the extent necessary to fulfill the stated purposes (e.g., operation and maintenance of the website via external service providers). However, we may also be legally or administratively obligated to disclose data to third parties (e.g., data transfer to law enforcement authorities).
Storage duration: We retain log file data for a period of 7 days after your visit to the website.
2.2 Jobs/Applications
We process personal data that
• You transmit to us via email, or
• Are forwarded to us through careers.prinzhorn-holding.com
for the purpose of handling the application process, assessing the suitability for the respective position, and if applicable, for carrying out necessary measures related to the establishment of an employment relationship (transition to employment relationship). In individual cases, applicants’ data may also be retained for future reference (in case of rejection or lack of open positions, with the consent of the applicants to retain their data). The same applies to unsolicited applications.
The legal basis for data processing is generally Article 6(1)(b) GDPR (contract, pre-contractual relationship). If applicants consent to the retention of their data, data processing is based on Article 6(1)(a) GDPR. We also process your data based on legitimate interests under Article 6(1)(f) GDPR (e.g., for the execution and safeguarding of our recruitment process and, if necessary, for the collection, assertion, and defense of legal claims).
Special categories of personal data (such as health data, religious affiliation, degree of disability) will only be processed if the applicant has consented to such processing, or if a legal provision justifies the data processing (Article 9(2)(a) GDPR or Article 9(2)(b) GDPR).
Storage duration: Data transmitted to us will be stored for 7 months after the end of the application process (i.e., decision on which person will be hired).
Further information on applicant data protection can also be found at: www.prinzhorngroup.com/myhr/job-application-data-privacy
2.3 Map Display via Google Maps
We use the "Google Maps" service on our website. Google Maps is a tool provided by Google Ireland Limited (hereinafter referred to as "Google") that allows for easier location of our company and offices.
We request your consent for this data processing (legal basis is Article 6(1)(a) GDPR). Your consent is voluntary and can be revoked at any time with future effect by disabling it through the website's cookie banner. You can access the cookie banner by clicking on the ‘fingerprint icon’ (bottom left).
Data transfers: When using Google Maps services, data is automatically transmitted to Google Ireland Limited (Google). Google subsequently uses this data for its own purposes (advertising, market research, service development, etc.). For information on how Google processes data, see policies.google.com/privacy.
Please note that we cannot exclude the possibility that your personal data may be transferred to the USA. In this context, the “Adequacy decision for the EU-US Data Privacy Framework” applies.
Storage duration: The personal data collected by the Google Maps service is not stored/retained by us. For information on the duration of data storage by Google Ireland Limited, please refer to policies.google.com/privacy.
3. Social Media Presence
We operate publicly accessible profiles on social networks/social media for the purposes of public relations, presenting our offerings and services, and providing electronic contact channels.
These channels are linked from our website.
We may share joint data protection responsibility with the operators of social networks for certain aspects of data processing that occur when you visit our profiles. In such cases, we have concluded a contract on joint responsibility (Article 26 GDPR) with the respective operator. You can exercise your rights (for more details, see the section on data subject rights in this privacy policy) both against us and the respective social network operator.
Please note that, despite any joint responsibility with the social network operators, we have limited influence over their data processing activities. Our options are largely determined by the corporate policies of the respective operator. We make use of all available options to limit the scope of data processing (e.g., restricting the collection of personal data, limiting the retention period, etc.) and adjust the settings accordingly.
Our legal basis for data usage is legitimate interest (Article 6(1)(f) GDPR). This includes public relations, building and fostering trust in our company, and enabling the reach of specific target groups. You have the right to object to this data processing (the right to object to data processing based on legitimate interests in accordance with Article 21(1) GDPR). In such cases, we will only process your data if there are compelling legitimate reasons on our part for further processing.
The operators of social networks use personal data for their own purposes, which may include analyzing your user behavior through analysis and tracking functions and personalized advertising based on your interests. For more detailed information, please refer to the privacy policies of the operators.
3.1 Facebook
We operate a fan page on the “Facebook” platform of Meta Platforms Ireland Limited (Meta) and are – for parts of the data processing (Facebook Insights) – jointly responsible for data protection together with Meta. We have entered into a joint controller agreement with Meta (Art. 26 GDPR). This agreement determines which of the parties is responsible for which data processing operations. Meta uses the collected personal data and information for its own purposes and may also share it with third parties (USA and other third countries).
For information about Meta’s data processing, please refer to the company’s privacy policy: www.facebook.com/about/privacy/.
You can adjust your ad settings independently in your Facebook user account. To do so, click the following link and log in: www.facebook.com/settings.
Data sharing: We share your data with Meta Platforms Ireland Limited.
Please note that we cannot rule out that your personal data may be transferred to the USA. There is an adequacy decision in place: “Adequacy decision for the EU-US Data Privacy Framework.”
3.2 LinkedIn
We maintain a profile on the platform “LinkedIn” of the company LinkedIn Inc./Microsoft and are jointly responsible with LinkedIn Inc./Microsoft for parts of the data processing. We have entered into an agreement on joint responsibility (Article 26 GDPR) with LinkedIn Inc./Microsoft. This agreement specifies which data processing operations each party is responsible for. LinkedIn Inc./Microsoft uses the collected personal data and information for its own purposes and may also transfer it to third parties (including the USA and other third countries).
For information on the data processing activities of LinkedIn Inc./Microsoft, please refer to the company’s privacy policy:
de.linkedin.com/legal/privacy-policy
Data transfers: We forward your data to LinkedIn Inc./Microsoft.
Please note that we cannot exclude the possibility that your personal data may be transferred to the USA. In this context, the “Adequacy decision for the EU-US Data Privacy Framework” applies.
3.3 Instagram
We maintain a presence on the “Instagram” platform of Meta Platforms Ireland Limited (Meta) and are – for parts of the data processing (Instagram Insights) – jointly responsible for data protection together with Meta. We have entered into a joint controller agreement with Meta (Art. 26 GDPR). This agreement specifies which party is responsible for which data processing operations. Meta uses the collected personal data and information for its own purposes and may also pass it on to third parties (USA and other third countries).
For information about Meta’s data processing, please refer to the company’s privacy policy:
de-de.facebook.com/help/instagram/519522125107875.
You can adjust your ad settings independently in your Instagram user account. For information on how to do this, please visit help.instagram.com/131112217071354.
Data sharing: We share your data with Meta Platforms Ireland Limited.
Please note that we cannot rule out the possibility that your personal data may be transferred to the USA. There is an adequacy decision in place: “Adequacy decision for the EU-US Data Privacy Framework.”
3.4 YouTube
We maintain a profile on the platform YouTube, operated by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland), and are jointly responsible with Google Ireland Limited for parts of the data processing. We have entered into an agreement on joint responsibility (Article 26 GDPR) with Google Ireland Limited. This agreement specifies which data processing operations each party is responsible for. Google Ireland Limited uses the collected personal data and information for its own purposes and may also transfer it to third parties (including the USA and other third countries).
For information on Google’s data processing, please refer to Google’s privacy policy and terms of service:
policies.google.com
Please note that we cannot exclude the possibility that your personal data may be transferred to the USA. In this context, the “Adequacy decision for the EU-US Data Privacy Framework” applies.
4. General Data Sharing and Recipients
We only share personal data to the extent necessary to fulfill the stated purposes. For all data transfers, we ensure that only the absolutely necessary information is transmitted, and we comply with data protection regulations for data sharing (e.g., strict instructions for data processors through Article 28 contracts, obligation to confidentiality, and obligation to fully comply with adequate protection standards in the processing of personal data).
We may also be legally or administratively required to disclose data to third parties (e.g., data transfer to law enforcement authorities and courts).
Details on data transfers and recipients can be found in the explanations regarding the processing purposes.
5. General Data Retention Period
Your data will only be stored for as long as is technically and organizationally necessary to achieve the stated purposes, as well as to fulfill our legal obligations. If applicable, we may also retain your personal data on the legal basis of legitimate interest (e.g., collection, assertion, and defense of legal claims) for certain periods of time. When determining these periods, we ensure that your rights and freedoms are not violated. When data retention is no longer necessary, we will delete your data promptly.
Detailed information on the specified retention periods can be found under the respective processing purpose.
6. Profiling and Automated Decision-Making
We do not carry out profiling measures (evaluation of certain personal aspects relating to a natural person, particularly to analyze or predict aspects such as job performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements), nor do we make decisions based on such information.
7. Cookies
We use cookies on our website to enhance its functionality and performance. Cookies are small files that are stored in your browser’s memory (session cookies) or on your hard drive (persistent cookies). They help us recognize you on your next visit and tailor content to your preferences more quickly.
The legal basis for the use of cookies is your consent (Article 6(1)(a) GDPR), which is obtained via the cookie banner when you visit our website. You can adjust your cookie preferences at any time via the cookie banner. Please note that technically necessary cookies, which are essential for the website’s functionality, are not subject to this consent and are processed on the basis of our legitimate interest (Article 6(1)(f) GDPR).
Overview of cookies used:
7.1 Cookies
Technically Necessary Cookies
- Name: cookie_optin
- Purpose: Managing users' consent to cookies
- Retention Period: 1 year
Analytics and Marketing Cookies
- Name: _ga, _ga_SY11SZNB1M (Google Analytics)
- Purpose: Traffic analysis, user behavior tracking, technical data, marketing, and conversion tracking
- Retention Period: 1 year
- Name: _fbp (Facebook)
- Purpose: Conversion tracking, remarketing, optimization of advertisements, audience creation, and reporting
- Retention Period: 3 months
- Name: bcookie, li_gc, lidc (LinkedIn)
- Purpose: Remarketing, advertising, storing browser details, and cookie consent for proper functionality
- Retention Period: 1 year (bcookie), 6 months (li_gc), 1 day (lidc)
External Content
- Name: Google Maps Plugin - API
- Purpose: Providing maps, location-based services, improving user experience, analytics, and reporting
- Retention Period: As per Google’s default or documentation
7.2 Google Analytics
This website uses Google Analytics, a web analytics service of Google LLC. As a company based in the European Union, we cooperate with Google’s subsidiary, Google Ireland Limited (hereinafter referred to as “Google”).
The information generated by the cookie about the use of the website is transmitted to Google’s servers and stored there.
On our behalf, Google uses this information to evaluate your use of our website, compile reports on website activity, and provide other services related to website and internet usage to the website operator. User profiles of the visitors to our website may be created from the transmitted data.
Please note that we cannot exclude the possibility that your personal data may be transferred to the USA. In this context, the “Adequacy decision for the EU-US Data Privacy Framework” applies.
The evaluation of your user behavior on the website is based on your consent in accordance with Article 6(1)(a) GDPR. For more information regarding Google Analytics’ terms of use and data protection, please refer to:
www.google.com/analytics/terms/de.html or policies.google.com/privacy.
You can withdraw your voluntary consent at any time with future effect. To do this, you can open the cookie settings on the homepage and disable Google Analytics there.
7.3 Google Tag Manager
We use the “Google Tag Manager” service as a central tool for collecting, capturing, and forwarding personal data associated with website visits (a service provided by Google LLC – as a company based in the EU, we cooperate with its subsidiary, Google Ireland Limited, hereinafter referred to as “Google”).
The Google Tag Manager service consolidates the applications we use into a central management interface, making it easier for us to administer website applications. The use of Google Tag Manager requires the placement of a Google cookie and the forwarding of data to Google (the information generated by the cookie about the use of the website is transmitted to Google’s servers and stored there).
Please note that we cannot exclude the possibility that your personal data may be transferred to the USA. In this context, the “Adequacy decision for the EU-US Data Privacy Framework” applies.
Our legal basis for using Google Tag Manager is your voluntary data protection consent provided via the selection in the cookie banner in accordance with Article 6(1)(a) GDPR.
For information on how Google handles user data, please refer to Google’s privacy policy:
policies.google.com/privacy.
7.4 Facebook Pixel
We use Facebook Pixel, a service provided by Meta Platforms Ireland Limited (Meta). This allows us to measure the effectiveness of our advertising by analyzing the actions people take on the website.
For information on Meta’s data processing practices, please refer to the company’s privacy policy: www.facebook.com/about/privacy/.
Please note that we cannot exclude the possibility that your personal data may be transferred to the USA. In this context, the “Adequacy decision for the EU-US Data Privacy Framework” applies.
Our legal basis for using Facebook Pixel is your voluntary data protection consent provided via the selection in the cookie banner in accordance with Article 6(1)(a) GDPR.
8. Your Rights to Protect Your Personal Data
In relation to your personal data processed by us, you have several rights. You can exercise all of these rights free of charge and without formalities (via email, phone, or postal mail), after providing proof of your identity if necessary, by contacting us at the address provided below. Your rights in detail:
Right of access: You can request information about the data we process about you at any time without formalities. In this case, we will inform you in writing which data we have stored about you, the purposes for which we use it, the categories of recipients to whom we disclose it, and how long we intend to store it. We will respond to your request for information without delay, but no later than within one month.
Right to erasure: You have the right to request the erasure of your data processed by us at any time without formalities. We will comply with this request if your data is no longer necessary for the purpose for which it was collected, if you withdraw any consent you may have given, in the case of unlawful data processing, or if deletion is necessary to fulfill a legal obligation.
Right to rectification: If we mistakenly process inaccurate or incomplete data about you, we will correct it without hesitation. A simple informal communication to us is sufficient.
Right to restrict processing: If the deletion of your data is not possible, or if you do not want it to be deleted, but you do not agree with further processing of the data beyond mere storage, we are obliged, upon your notification, to restrict the further processing of your personal data.
Right to data portability: Upon your informal request, we will provide you with the data we have stored about you, which we have obtained based on a contract or your consent, free of charge in a common file format. You can use this data for your own purposes and transfer it to future contract partners. If you wish and if it is technically feasible, we will also directly transfer your data to a recipient you have specified. In this case, we will inform you once the transfer has been completed. We will comply with your request without delay, but no later than within one month.
Right to withdraw consent: You can withdraw your consent to data processing at any time with future effect. In this case, we will cease processing your data. The lawfulness of the data processing carried out up to that point is not affected by the withdrawal of consent.
Right to object: If we process your data based on our legitimate interest, you have the right to object to further processing of your data under the General Data Protection Regulation. If you exercise this right, we will no longer process your data for the purpose you have objected to, unless there are compelling legitimate grounds for further processing on our part that outweigh your interests, rights, and freedoms, or if the processing serves the assertion, exercise, or defense of legal claims.
To exercise these rights, please contact us at the contact details provided above.
9. Right to Lodge a Complaint
The EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) guarantee you the rights mentioned above. If you believe that any of these rights have been violated by us, you have the right to file a complaint with a data protection supervisory authority.
The data protection authority responsible for us is:
Österreichische Datenschutzbehörde
Barichgasse 40-42
1030 Vienna
Tel: 01/52 152-0
Email: dsb@dsb.gv.at
Last updated: 08/2024