Privacy Policy / Website www.plansee.com

Privacy policy for this website and further information required pursuant to Art. 13 GDPR when personal data is collected from a data subject.

Data protection

We, Plansee SE, are responsible for this website and as a teleservice provider are required to inform you at the start of your visit to our website about the manner, scope and purpose of collecting and using personal data in a precise, transparent, understandable and easily accessible form in clear and simple language. The contents of the notice must be accessible to you at any time. We are therefore required to inform you about which personal data is collected or used. Personal data is any information relating to an identified or identifiable natural person.

We place great importance upon the security of your data and compliance with data protection regulations. The collection, processing and use of personal data are subject to the requirements of currently applicable European and national laws.

In the following privacy policy we will explain how we handle your personal data and how you can contact us:

Plansee SE
Metallwerk-Plansee-Straße 71
6600 Reutte
Austria
Company Register No.: FN 53042 d
Executive officers: Mag. Andreas Feichtinger, Mag. Ulrich Lausecker
Telephone: +43 5672 600-0
E-mail: info@plansee.com

Our data protection coordination
E-mail: datenschutz@plansee.com

A. General

For the sake of clarity, no gender-specific distinction is made in our data protection declaration. The terms used apply equally to both genders in accordance with the principle of equal treatment.

Definitions of the terms use, for example "personal data" or the "processing" thereof, can be found in Article 4 of the EU General Data Protection Regulation (GDPR).

The users' personal data processed in the context of this online service includes inventory data (e.g. customers' names and addresses), contract data (e.g. services used, name of person responsible, payment information), usage data (e.g. websites of our online service visited, interest in our products) and content data (e.g. input in the contact form).

The term "user" here includes all categories of persons affected by the data processing. These include, for example, our business partners, customers, interested parties and other visitors to our online service.

B. Specific

Privacy policy
We guarantee that we will only collect, process, store and use your data in connection with the processing of your requests as well as for internal purposes and providing the services that you have requested or to make content available.

Basis of data processing
We process users' personal data only in compliance with the relevant data protection regulations. Users' data is only processed if any of the following statutory conditions apply:

• in order to render our contractual services (e.g. processing of orders) and online services, or
• if we have your consent, or
• on the basis of our legitimate interests (i.e., interest in analysis, optimization and commercial operation as well as security of our online service as defined by Art. 6 (1) f. GDPR, in particular with range measurement, creation of profiles for advertising and marketing purposes as well as collection of access data and the use of services of third party providers)

We will explain where the above legal grounds are regulated in the GDPR:                                               

Consent – Art. 6 (1) a. and Art. 7 GDPR
Processing for the performance of our services and implementation of contractual measures – Art. 6 (1) b. GDPR
Processing to safeguard our legitimate interests – Art. 6 (1) f. GDPR

Data transfer to third parties
Data is only forwarded to third parties within the framework of the legal provisions. We only forward users' data to third parties when this is necessary, for example, for contractual purposes or based on our legitimate interests in the economic and the effective operation of our business.

In the event that we use subcontractors to provide our services, we take suitable legal precautions as well as appropriate technical and organizational measures, to provide protection for personal data in accordance with relevant legal requirements.

We would like to point out that, due to the use of Google services such as Google Analytics, DoubleClick and GA Audience, as well as services such as LinkedIn Marketing, Facebook Ads and Hotjar, a data transfer takes place when using our online service. For more information, please refer to the relevant sections of this document.

Data transfers to a third country or an international organization
Third countries are countries in which the GDPR is not a directly applicable law. This includes essentially all countries outside the EU or the European Economic Area.

Data is transferred to a third country under the standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2021/914 of the European Parliament and of the Council issued by the Commission of the European Union.

Duration of storage of your personal data
We comply with the principles of data economy and data avoidance. This means that data you make available to us is only retained as long as it is needed to fulfill the above-mentioned purposes or for the various storage periods stipulated by the legislator. If the relevant purpose no longer applies or the appropriate relevant periods have expired, your data will be blocked automatically or erased in accordance with legal requirements.

We have developed a company-internal concept to guarantee this procedure.

Making contact
If you make contact with us by email, telephone, fax, contact form etc. you consent to electronic communication. Personal data will be collected when you contact us. The information you provide will be stored exclusively for the purpose of processing the inquiry and for any follow-up questions.

We will explain the legal grounds:

Processing for the performance of our services and implementation of contractual measures – Art. 6 (1) b. GDPR Processing to safeguard our legitimate interests – Art. 6 (1) f. GDPR

We use software to maintain customer data (CRM system) or comparable software on the basis of our legitimate interests (processing users' inquiries quickly and efficiently).

For this purpose we have concluded a data processing agreement with the provider in which the latter undertakes to process user data only in accordance with our instructions and in compliance with the EU level of data protection.

We must advise you that emails can be read or changed, unnoticed and without authorization, during transmission. We also draw your attention to the fact that we use software to filter unwanted emails (spam filter). Emails can be rejected by the spam filter if they are incorrectly identified as spam due to the presence of certain characteristics.

What are your rights?
a) Right to information
You have the right to obtain information about your stored data free of charge. Upon request, we will inform you in writing, in accordance with applicable law, which of your personal data we have stored. This also includes the origin and recipients of your data as well as the purpose of the data processing.

b)  Right to rectification
If the data stored by us is incorrect, you have the right to have it corrected. You may demand a restriction of processing of your personal data, e.g. if the accuracy of your personal data is contested.

c)   Right to blocking
You may also have your data blocked. To facilitate blocking of your data at any time, the data must be held in a lock file for control purposes.

d)   Right to erasure
You can also demand erasure of your personal data, provided no legal storage obligations apply. If such an obligation exists, we will block your data on request. If the relevant statutory requirements apply, we will even erase your personal data without a request from you.

e)   Right to data portability
You are entitled to demand that the personal data transferred to us be made available in a format which enables it to be transferred to another location.

f)    Right to lodge a complaint with a regulatory authority
You have the option to contact a data protection supervisory authority
with a complaint.

Österreichische Datenschutzbehörde [Austrian Data Protection Authority]
Wickenburgstraße 8, 1080 Vienna, Austria
Telephone: +43 1521 52-2569

The Austrian Data Protection Authority provides a complaint form on its website. Further relevant documents can be obtained by following this link: https://www.dsb.gv.at/dokumente

g)   Right to object
You have the option to object at any time to the use of your data for internal purposes with effect for the future. To do this, simply send an email to datenschutz@plansee.com.  However, such an objection does not affect the legality of processing operations which we have already carried out. This does not affect the processing of data on other legal grounds, such as contract initiation (see above).

Protection of your personal data
We take state-of-the-art contractual, organizational and technical security measures to ensure compliance with the provisions of the data protection laws and, therefore, to protect the data that we process against accidental or deliberate manipulation, loss, destruction or access by unauthorized persons.

The security measures include in particular the encrypted transfer of data between your browser and our server. A 256-bit SSL (AES 256) encryption technology is used for this purpose.

In this process your personal data is protected with regard to the following points (extract)
a) Ensuring the confidentiality of your personal data
To ensure the confidentiality of the personal data that we store, we have taken various measures to control access.

b)   Ensuring the integrity of your personal data
To ensure the integrity of the personal data that we store, we have taken various measures to control transfer and input.

c)   Ensuring the availability of your personal data
To ensure the availability of the personal data that we store, we have taken various measures to control orders and availability.

The security measures employed undergo continual improvement as the technology develops. Despite these precautions, we are unable to guarantee the security of your data transfers to our online service due to the insecure nature of the Internet. For this reason, all data transfers from you to our online service are undertaken at your own risk.

Protection of minors
Persons under the age of 14 may only provide us with their personal information with the express consent of their parents or guardians. This data is processed in accordance with this privacy policy.

Server log files
The website provider automatically collects and stores information that your browser transmits to us automatically in server log files. This includes:

• browser type and browser version
• operating system used
• referrer URL
• host name of the accessing computer
• time of the server inquiry
• IP address

This data is not combined with other data sources.

The basis for data processing is Art. 6 (1) f. GDPR which permits data processing to safeguard our legitimate interests and/or Art. 6 (1) b GDPR which allows the processing of data to perform a contract or for pre-contractual measures.

Cookies
We use cookies. Cookies are small text files that are stored locally in your Internet browser's cache. Cookies enable the Internet browser to be recognized. The files are used to help the browser navigate the online service and to make full use of all functions.

Use of first party cookies (Google Analytics cookie)
Logging Google Analytics:

• Unique user – Google Analytics cookies record and group your data. All the activities during your visit our summarized. Setting Google Analytics cookies makes a distinction between users and unique users.
• Users' activities – Google Analytics cookies also store data about the start and end time of the visit to the website and the number of pages you have viewed. When the browser is closed or if the user has been inactive for a prolonged period (default = 30 minutes), the user session is ended and the cookie registers the visit as terminated. The date and time of the first visit are also recorded. The total number of visits per unique user is likewise recorded. External link: http://www.google.com/analytics/terms/de.html

You can prevent Google from recording the data generated by the cookie about your use of the website (including your IP address) and from processing this data by downloading and installing this browser plugin.
External link: http://tools.google.com/dlpage/gaoptout?hl=de

For further information, see below under "Web analytics service Google Analytics / Universal Analytics".

Deactivating or removing cookies (Opt-Out)
Every browser provides options for restricting or deleting cookies. Further information about this can be obtained from the following websites:

• Microsoft Edge: Delete cookies in Microsoft Edge – Microsoft-Support
• Firefox: Cookies – Information that websites store on your computer
• Google Chrome: Clear, allow and manage cookies in Chrome
• Safari: 
• Clear the history and cookies from Safari on your iPhone, iPad or iPod touch
• Clear cookies in Safari on Mac

Web analytics service Google Analytics / Universal Analytics
We use Google Analytics, a web analytics service provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). Google Analytics uses cookies, i.e. text files that are stored on your computer and used to analyze the use of the website. Information about your use of this online service generated by the cookie is normally sent to a Google server in the USA and stored there. This can also involve transfer to the servers of Google LLC. in the USA.
However, if IP anonymization is enabled in our online service, your IP address will first be truncated by Google within the member states of the European Union or other signatories to the Agreement on the European Economic Area.

Google will use this information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity and providing us with other services relating to website activity and Internet use. Processing to safeguard our legitimate interests - in accordance with Art. 6 (1) f. GDPR. The IP address transmitted from your browser in the context of Google Analytics will not be combined with other data by Google.

Furthermore, our website uses Google Analytics for cross-device analysis of visitor flows, which is carried out via a Google User ID and Google Signals. When a page is opened for the first time, the user is given a unique, permanent and anonymous ID which is used across different devices. This makes it possible to assign interaction data from various devices and from different sessions to an individual user. We use Google Analytics reports to record demographic features and interests. The user ID does not include any personal data and it does not transfer any personal data to Google.

We would like to point out that this online service uses Google Analytics with anonymization of the IP address. It is possible to object at any time to the collection and storage of data via the user ID with effect for the future. In order to do this, you must disable Google Analytics on all systems that you use, e.g. in another browser or on your mobile device.

You can prevent storage of cookies by entering appropriate settings in your browser software. You should be aware, however, that in this case you may not be able to make full use of all the functions of our website.

The stored data will be erased automatically after 14 months. Further information about terms of use and data protection is available at:

• Google Privacy & Terms
• Personalized ads settings

You can also prevent Google from recording the data generated by the cookie about your use of the website (including your IP address) and from processing this data by downloading and installing this browser plugin.

Web analytic service DoubleClick by Google
We use the online marketing tool DoubleClick provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("DoubleClick").
DoubleClick uses cookies to show ads that are relevant to users, to improve campaign performance reports, or to prevent a user from seeing the same ads multiple times. Google uses a cookie ID to determine which ads are running in which browser and can prevent them from being displayed multiple times.

Furthermore, with the help of cookie IDs DoubleClick can count conversions related to ad requests. This is the case if, for example, a user sees a DoubleClick ad and later goes to the advertiser's website with the same browser and buys something there. Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no control over the extent and further use of the data collected through the use of this tool by Google and we can therefore only inform you to the best of our knowledge that integrating DoubleClick means that Google is informed that you have accessed the corresponding part of our website or clicked on an ad from us. If you are registered with a service provided by Google, Google may associate the visit with your account. Even if you are not registered with Google or have not logged in, it is possible that the provider will find and store your IP address.

We would like to point out that this online service uses Google Analytics with anonymization of the IP address.

You can opt out of participation in this tracking process by disabling cookies for conversion tracking. To do this, set your Google "personalized ads settings" as appropriate, but note that this setting will be deleted if you delete your cookies. Alternatively, you can obtain information about setting cookies from the Digital Advertising Alliance and choose your settings accordingly. Finally, you can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, allow the setting of cookies in specific cases or generally exclude the setting of cookies. Disabling cookies may limit the functionality of our online service.

Further information about the privacy policy of Google's digital marketing services can be found at the web address below:

• Google DoubleClick Digital Marketing
• Google Privacy & Terms
• Browser add-on to disable Google Analytics

GA Audience
We use GA Audience, a service provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. GA Audience uses, among other things, cookies, that are stored on your computer and other mobile devices (e.g. smartphones, tablets etc.) and which facilitate analysis of how the devices are used. In some cases, the data is evaluated across all devices. Google Audience has access to the cookies created using Google Ads and Google Analytics.

During use, data such as, in particular, the IP address and users' activities may be transmitted to a Google server and stored there. Google may transfer this information to third parties if required to do so by law or if such data is processed by third parties.

You can prevent Google from collecting the data generated by the Google cookie that relates to your use of the website (including your IP address) and from processing this data by downloading and installing this browser plugin. Follow this link for further information about data protection when using GA Audience: Policy requirements for Google Analytics Advertising Features. 

LinkedIn Marketing
We use the online advertising tool LinkedIn Marketing, which is operated by LinkedIn, Wilton Place, Dublin 2, Ireland. LinkedIn Marketing uses cookies to show ads that are relevant to users, to improve campaign performance reports, or to prevent a user from seeing the same ads multiple times. The consent you give in the cookie banner enables this function.

LinkedIn may also use the LinkedIn cookie to collect so-called goals related to ad requests. This is the case if, for example, a user sees a LinkedIn ad and later goes to the advertiser's website with the same browser and buys something there.

Due to the marketing tools used, your browser automatically establishes a direct connection to the LinkedIn server. LinkedIn is informed that you have clicked on an ad from us.

If you are a registered LinkedIn user, LinkedIn can link the visit to your account. Even if you are not registered with or logged into LinkedIn, it is possible that the provider will register and store your anonymized IP address. You can opt out of participation in this tracking process by disabling cookies for conversion tracking. You can do this at LinkedIn Manage your Ad Account Settings.

Note that these settings may be deleted when you delete your cookies.

The stored data will be erased after 180 days. For more information visit:

• LinkedIn Privacy Policy
• LinkedIn Cookie Policy
• Manage your Ad Account Settings
• https://www.linkedin.com/help/linkedin/answer/a1336675?lang=en

Facebook Ads
We use the online marketing tool Facebook Ads operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Facebook Ads uses cookies and the Facebook Pixel-ID to show ads that are relevant to users, to improve campaign performance reports, or to prevent a user from seeing the same ads multiple times. Meta may also use your Facebook ID for this purpose.

Facebook Ads may also use the Facebook cookie to collect so-called goals related to ad requests. This is the case if, for example, a user sees a Facebook ad and later goes to the advertiser's website with the same browser and buys something there.

Further information about the content of Facebook cookies and Pixel ID can be found at Meta Cookies Policy.

During use, data such as, in particular, the IP address and users' activities may be transmitted to a Meta server and stored there. Meta may transfer this information to third parties if required to do so by law or if such data is processed by third parties.

You can opt out of participation in this tracking process by disabling cookies for conversion tracking. You can do this at Manage Settings.

For more information on how ads are controlled on Facebook, see Control the ads you see on Facebook.

The stored data will be erased after 90 days. For more information visit:

• Facebook Privacy Policy
• Facebook Privacy Center  
• Facebook Terms of Use

Hotjar
We use Hotjar in order to better understand our users' needs and to optimize the service on this website. Using Hotjar's technology, we get a better understanding of our users' experiences (e.g. how much time they spend on which pages, which links they click, what users like and don't like, etc.), and this helps us to tailor our offering to our users' feedback. Hotjar uses cookies and other technologies to collect data on our users' behavior and their devices (in particular the device's IP address (recorded and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website). Hotjar stores this information in a pseudonymized user profile. Neither Hotjar nor or we will ever use this information to identify individual users or to match it with further data about individual users. For further details, see Hotjar's Privacy Policy.

You can opt out of having Hotjar store your user profile and collect information about your visit to our website and from the setting of Hotjar tracking cookies on other websites.

Cookie Consent
We use the application "Cookie Consent" provided by TrustArc Inc, 2121 N. California Blvd. Suite 290, Walnut Creek, CA 94596, USA. This is a plugin that makes it possible to obtain consent for the use of cookies and/or tracking technologies. "Cookie Consent" does not collect any personal data. Details of this tool can be found at  Trustarc cookie consent manager.

Transfer of personal data for order processing
The personal data collected by us will be forwarded to the transport companies instructed to carry out the delivery in the context of contract processing insofar as this is necessary for delivery of the goods. We pass on payment data to the appointed bank as part of the payment process.

If we incur expense in advance (only in the case of purchase on account), we reserve the right to carry out a credit check to safeguard our legitimate interests. Personal data required for a credit check will be forwarded by us to Bisnode D&B Deutschland GmbH, Robert-Bosch-Straße 11, D-64293 Darmstadt. The credit check may contain probability values (known as score values). Insofar as score values are included in the result of the credit check, these are based on a scientifically recognized mathematical and statistical process. Calculation of score values includes address data amongst other things. The result of the credit check will be used only for the purposes of establishing, implementing or terminating a contractual relationship. The data forwarded in this way may only be used by the recipient to fulfill their responsibility. No other use of the information is permitted.

With payment via PayPal, credit card via PayPal, direct debit via PayPal or – if available – "purchase on account" via PayPal, we will forward the payment data as part of the payment process to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"). PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or – if available – "purchase on account" via PayPal. The result of the credit check relating to the statistical probability of default is used by PayPal to decide whether to allow the relevant method of payment. The credit check may contain probability values (known as score values). Insofar as score values are included in the result of the credit check, these are based on a scientifically recognized mathematical and statistical process. Calculation of score values includes address data amongst other things. Please see further information about data protection, including information about the credit agencies used, in PayPal's privacy policy.

Changes in our data protection provisions
We reserve the right to adjust our privacy policy as and when required to ensure that it always complies with current legal requirements or to implement changes in our services in the data privacy policy. This could apply for example to the introduction of new services. Any new visit to our website will then be subject to the new privacy policy.