Data Protection Policy
Data protection declaration
”). This data protection policy applies to all personal data of natural persons that is processed by us, Kwapil & Co GmbH (“Kwapil & CoThe protection of said data is of utmost concern to us. Thus, we process data exclusively in accordance with legal regulations (GDPR, TKG 2003).
Responsible for data processing:
Responsible for data processing:
Kwapil & Co Ltd
The personal data we process includes the data that we have received from you as part of a business relationship or the initiation thereof. For example, when you contact us through a form on our website, through email or by calling us, when personal contact occurs (e.g. while visiting an exhibition), when you forward an offer to us or request an offer from us, or when you order from us, all provided data, including personal data, is processed by us (please refer also to section “purposes of data processing” below). This is done for the purpose of processing requests, in case of follow-up questions, for the processing of contracts, for direct marketing (especially sending out our “E-News”), as well as internal administrative purposes. In particular and in regard to data processing within the framework of our website, we try to collect personal data as sparingly as possible. Therefore, it is possible for you to look through our website without providing any personal data. However, if you wish to contact us through an online form or want to order a catalogue, you are required to fill out at least the personal data marked with an asterisk (*) in the according forms. This provided data will be saved by our data management and therefore processed and as well used for other forms of direct marketing (e.g. forwarding our “E-News”) as well as internal administrative purposes.
Furthermore, we process data that we have received permissibly from publicly accessible sources (media in all forms, including print media, websites, etc.; commercial registers, registers of association, land registers, etc.). Additionally, we occasionally process data that we have received from the credit protection association (KSV 1870).
Purposes of d ata processing
Personal data of natural persons are processed by us for the following purposes:
- management and answering requests regarding desired information about products and services of Kwapil & Co
- Managing customer relationships (such as but not limited to quotes, purchase orders, blanket orders, purchase orders, invoicing, resolving customer or product issues, complaints, repairs, any contract fulfillment).
- Managing relationships with suppliers or other business partners
- marketing, for example but not limited to forwarding our “E-News“, information about new products, sending out catalogues, invitations to exhibitions, et cetera. For example, we send out our newsletter “E-News” to our clients and other business partners. Through this newsletter tool, information about new products and offers is sent out regularly. Unsubscribing from this newsletter is possible at any time. Simply respond to a newsletter email with the word “Unsubscribe” in the subject heading.
- internal administrative purposes.
Legal bases for the processing
Lawful processing requires that either the data subject has given consent to the processing of his or her personal data for one or more specific purposes or it is based on any other legitimate legal basis, such as (non-exhaustive list) processing is necessary for compliance with a legal obligation to which the controller is subject, or processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, or processing is necessary in order to protect the vital interests of the data subject or of another natural person.
Our data processing is either based on
- legal obligations which have to be fulfilled by Kwapil & Co (certain legal obligations may require the processing of personal data), or
- the processing is necessary in order to fulfill a contract, whose contracting party is the data subject, or for the execution of pre-contractual measures that occur at the request of the data subject, or
- the processing is necessary for the purpose of pursuing legitimate interests of Kwapil & Co, as given for example in direct marketing and other forms of marketing and advertisement, in the forwarding of personal data within a corporate group for internal administrative purposes, in guaranteeing network and information security, and in the processing for research purposes, including market research.
- In case the processing of data is not covered by any of the conditions mentioned above, we will obtain the consent of the data subject before processing data. Data processing based on given consent will occur only according to the purposes set out in the declaration of consent and to the extent agreed within the declaration. If consent was given, it may be revoked at any time with effect for the future.
Personal data that are processed by us include
- first name and surname
- name and address of the company you are working for
- phone number (including mobile number) from the company you are working for
- your email addresses from the company you are working for
- product and service interests (measured from the company you are working for)
- information about the products and services which you purchased for your business
- information about the financial status of the company you are working for
Furthermore, we can gather personal data through Cookies and similar methods, including but not limited to (also refer to section “Access data”):
- Your IP addresses
- Your Cookie-ID
- Your web browser
- Your location
- The pages you visit on our website
For web statistics, access data is recorded in a log file when you visit the website: for example, browser type, date and time, IP address, country and place of origin of the IP address, length of stay, number of page views and downloads. This data is used for statistical purposes only.
Disclosure of personal data
Order processors commissioned by us receive your data from us insofar as they require it for the fulfillment of the order. Order processors are, among others, transport and forwarding companies, companies that support us in invoicing and accounting or that take over the central storage of our customer database. In individual cases, we transmit personal data to companies with which we cooperate for the purpose of checking the creditworthiness and security of our customers, suppliers, business partners (such as KSV).
Furthermore, personal data is transferred to group companies (group company(ies) are all companies of Interelectric AG) for the purpose of internal administration, this also includes third countries. Within the group companies, employees only receive access to personal data insofar as this is necessary for the fulfillment of their activities.
We are aware that a data transfer to third countries is only legally permissible if either an exemption exists for the specific data transfer or if an adequate level of data protection is ensured by additional measures taken (e.g. adequacy decision of the Commission).
Finally, we will disclose personal data to third parties within the framework of existing laws if we are legally obliged to do so or because this is necessary for the prosecution of criminal offenses or for the exercise and enforcement of our rights and claims.
Links to other websites and third party advertising
Our website may contain advertisements from third parties and links to other websites at certain points, for which we are not responsible.
Some of these other websites are operated independently of us and may have different privacy policies. We strongly encourage you to review the privacy policies of these other websites to understand how personal data is processed in connection with those websites, as we are not responsible for the content of websites that we do not own or maintain, or for the use and privacy practices of those websites.
We reserve the right to store personal data in a so-called cloud. This means that your personal data may be processed on our behalf by a cloud service provider and stored in different locations around the world. We will make organizational and contractual arrangements to protect your personal data. It is guaranteed that the personal data will only be used for the purposes mentioned above.
For the duration of the entire business relationship (from the initiation to the execution to the termination of a contract) and beyond in accordance with the statutory retention and documentation periods. These result, among other things, from the Austrian Commercial Code (UGB), the Federal Fiscal Code (BAO), the General Civil Code (ABGB), etc. In addition, the statutory limitation periods, which can be up to 30 years in certain cases under the ABGB, for example, must be taken into account in the storage period.
Data protection rights
We hereby draw your attention to the fact that you, as an affected party have extensive rights in relation to your personal data processed by us.
We refer to Art 15 of the GDPR, which regulates your right to informatio
We refer to Art 16 of the GDPR, which regulates your right to rectificatio
We refer to Art 17 of the GDPR, which governs your right to erasure.
We refer to Art 18 of the GDPR, which governs your right to restrict processing.
We refer to Art 20 of the GDPR, which regulates your right to data portability
We refer to Art 21 of the GDPR, which governs your right to object to processing.
We refer to Art 7 (3) of the GDPR, which regulates your right to withdraw consent should the processing be based on Article 6 (1) (a) or Art 9 (2) (a) (consent of the data subject).
We refer to Art 77 of the GDPR, which governs your right to complain to a supervisory authority.
Automated decision making
We do not make decisions about the establishment and performance of the business relationship that are based exclusively on automated processing (including profiling) within the meaning of Art. 22 DSGVO.
Protection of personal data
We are aware of our responsibility to protect the personal data entrusted to us from loss, misuse and unlawful access. We use various security technologies and organizational procedures to protect your personal data.
The security of personal data processed by us has a high priority for us. We therefore protect this data through technical and organizational measures to effectively prevent loss or misuse by third parties. In particular, our employees must observe data secrecy. Technical security measures to protect this data are regularly reviewed and, if necessary, adapted to the state of the art. These principles also apply to companies that process and use data on our behalf and according to our instructions.