Data Privacy Statement
This Privacy statement aims to inform you about (i) how your personal data is processed when you make contact with us or use one of our services, (ii) for which purpose your personal data is processed as well as (iii) your corresponding rights.
Semperit AG Holding, Am Belvedere 10, A-1100 Vienna, Austria (“Semperit”) (and if applicable, jointly together with its subsidiaries) is the controller of your personal data that are processed, unless otherwise explicitly stated.
How does Semperit process your personal data?
We process personal data which is provided directly from you if you:
- are representing your organization; or
- have applied for a job; or
- have made an information request, an enquiry or a complaint; or
- want to or have attended our events; or
- ubscribed to one of our services.
We also receive personal data indirectly (e.g. by third parties):
- from your company when they share your personal data with us for business purposes; or
- where you have made your contact information available publicly and we use this to contact you and your organization for business purposes; or
- from recruiters or agencies we hired for employment or consultancy services; or
- when we get your personal data from public authorities, regulators or law enforcement bodies; or
- when whistleblowers include information about you in their reports.
Semperit processes your personal data when you visit our website, our premises, apply for a job or when you as a business partner or your employees conduct business with us. When you contact or use one of our undertaking, affiliates services they are the controllers of personal data they process. For the purposes of conducting our business we might exchange personal data among our group companies following compliance with applicable legislation.
Semperit needs to process personal data (in particular contact information) of our business partners and their employees to perform its contractual relationship and to respect legal obligations. This includes receiving and executing your requests, commissioning and accepting services provided by you, but also for invoicing, business-related accounting and file storage purposes, and related activities pertaining to your business relationship with Semperit, such as subsequent improvement or support services. Semperit also processes your data in our Global Career Portal for recruiting purposes. For the purpose of choosing the right candidate we share and transfer data with our subsidiaries, also outside EU.
Semperit is also processing personal data when it is necessary for compliance with a legal obligation. Sometimes processing requires a particular declaration of informed consent for one or more specific purposes. You are entitled to revoke your consent at any time, which will prevent Semperit from further processing your personal data for the purposes indicated in the consent declaration. When an individual reasonably expects us to use their personal data in a predicted way and where there is limited privacy impact on the individual we process personal data on our legitimate interests. Such legitimate interests could be, for instance, when the processing is of a clear benefit to Semperit or third parties, to the ability to ensure smooth business relations and corporate processes, use of client or employee data, marketing, fraud prevention, legal claims, due diligence checks ahead of corporate acquisitions, intra-group transfers, or IT security.
Sharing your personal data
In connection with the performance of our contractual and pre-contractual relationship and/or legal obligations, it might be necessary to share your or your employees’ personal data with partners or service providers of Semperit. We therefore use data processors. These third parties provide different services for us for which we have contracts in place. We instruct them what they can do with your personal data and also require them not to share your personal data forward without approval and in line with our contractual agreement. We request them to protect personal data and retain it for the period we instruct.
In some circumstances we are legally obliged to share information, for example under court order or authorities investigation. We might also share information with other regulatory bodies based on law.
We will not share your information with any third parties for the purposes of direct marketing.
In any event we only transfer your or your employees’ personal data as far as required for the respective purpose based on or required by applicable law, legitimate interest or your consent.
Some of our partners processing your or your employees’ personal data are located outside the EU/EEA. The level of data protection in other countries may not be exactly equal to the level of protection in the EU/EEA. To the extent possible, we will ensure that the European level of data protection and the European data security standards are maintained. For this reason, we will transfer your personal data only to countries which the EU Commission decided having an appropriate level of data protection, or we will take measures to ensure that all recipients maintain an appropriate level of data protection; for this purpose we will conclude the so-called EU-standard contractual clauses.
We process personal data in business transactions. We process contact details of individuals acting in their capacity as representatives of their organizations based on our legitimate interest. We process personal information for tender process purposes.
More information here.
Apply for a job or work?
When you apply in Global Career Portal of our data processor, we assess your suitability for a job or work you have applied for. Processing is necessary to perform a contract or to take steps at your request, before entering a contract. We also have a data processor for occupational personality profile assessments that helps us decide. We use your contact data to inform you about the process. If you are unsuccessful in our recruiting process you can consent to join our talent pool. Sometimes we use recruiters and agencies as data processors. We also process data for the purposes of developing and improving our recruitment process.
Visitors to the premises
We meet our visitors, job applicants, suppliers, customers, tradespeople stakeholders and organizations. When you make an appointment or your visit is planned we inform our receptionist and we might provide you with a badge. We might ask visitors to register at reception and show a form of ID only for verification purposes. For security and safety purposes we have a closed-circuit television (CCTV) in some of our premises which covers our entries. The information processed on legitimate interest is viewed by authorized personal only. When business processes requires, we might record audio and video of training sessions delivered by external training providers and when we do, we obtain an agreement with them.
Complaints and Whistleblowing Reports
When you complaint or blow a whistle we process your personal data for the purposes of managing your complaint and/or investigating the case and to take necessary actions. We treat the information you provide as confidential and won’t disclose it unless legal obligations require us to. Semperline, our whistleblowing line, enables also anonymous reporting and a safe channel for anonymous communication. We have a third party provider (Business Keeper AG, Bayreuther Straße 35, 10789 Berlin in Germany). which assures confidentiality of information exchange. Personal data entered into the system are saved in a database operated by Business Keeper AG in a high-security data processing center. Access to the data is granted only to a small number of expressly authorized legal consultants and employees at Semperit, who are subject to strict confidentiality obligations. Neither Business Keeper AG nor other third parties have access to the data. This is ensured with a certified process by means of extensive technical and organizational measures (e. g. communication between the computer of the whistleblower and the whistleblowing system over an encrypted connection; storing of data within the whistleblowing system with multiple layers of password protection).
When you communicate with us and make an enquiry, we collect information and your personal data for the purpose of response.
We use encryption and protect email traffic in line with known standards on email security. We monitor emails and file attachments sent to us for viruses or malicious software. You must ensure that any email or content you send is within the bounds of the law.
Attending our events
We collect your contact data and other needed information based on your consent so we can organize and host an event, conference, training or similar and provide you with proper service. You can withdraw your consent any time. We use data processors to support us when organizing events. We might collect registration information through an online platform. When we host a video conference, webinar or similar we process your personal data based on your consent, including video, audio and photos. If an event is being recorded we will always notify you in advance. We use different platforms to publish events. We use Microsoft Teams to deliver our events or to communicate with you therefore we transfer data outside EU/EEA.
Links to other websites
Our website may contain links to websites of third parties. Please beware that this privacy statement is valid only for Semperit website. We have no control over the content, or the data protection practices, of these websites. Please read the privacy policies on the other websites if you visited them though the links you found on our website.
I want change my cookie preferences
You can change your cookie preferences at any time by changing settings here. Do not forget to save and close your selection and refresh your page for new preferences to take effect.
You can also control your cookies in your web browsers through the browser settings (visit the browser developer's website). We have chosen the most popular for you:
To find information relating to other browsers, visit the browser developer's website.
To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout.
We use a third-party providers for communication with you. Our website is provided with an opportunity to interact with various (social) media networks via plug-ins. Your messages sent to us through social media, will be stored by providers based on agreed retention period. It will not be shared with any other organizations. When contacting Semperit through social media platforms, please read their privacy information.
Our website visitors and analytics
When you visit www.semperitgroup.com, we use a third-party service for analytics. Through the tool we collect standard internet log information and details of visitor behavior patterns. We want to know how many visitors visited various parts of our website and to make improvements to our service. We collect this data only if you consent to it. We have measures to protect the information collected.
How long will your personal data be retained?
Semperit processes your personal data based on exact purposes and stores it during the existence of our contractual relationship, until you withdraw your consent, based on our business decision or legislation obligations. Retention periods are specific to each data processing activity. In addition, Semperit is required to satisfy multiple statutory data retention obligations, due to which Semperit needs to store some of your data beyond the termination of our contractual relationship. Moreover, Semperit retains your data for as long necessary for the establishment, exercise or defense of claims relating to our relationship.
The data protection regulation grants you a number of rights regarding the processing of your personal information. The rights that always apply:
Your right to access (Art 15 GDPR)
You have the right to know what personal data we are using or storing, why and how we are using your data, how long we will keep your data and with whom are we sharing it. You have the right to request information about the origin of your data, the categories of data processed, retention periods applicable to your data, the recipients in case of data transfers, the information on profiling, the legal basis and the purposes of the data processing, among other things.
Your right to a copy of your personal data (Art 15 GDPR)
You can ask for a copy of your personal data. If you send us and electronic request, and do not specifically ask otherwise, we will send you a copy in a commonly used format. We will ask you to authenticate yourself to protect your data. If you request additional copies we might charge you a reasonable fee based on our administrative costs.
Your right to rectification (Art 16 GDPR)
If Semperit processes data about you that is inaccurate or incomplete you can ask for your data to be rectified or completed in written. We will ask you to authenticate yourself to protect your data.
Your right to restriction of processing (Art 18 GDPR)
You can ask for the processing activities to be restricted. You can do this under certain conditions.
Some rights you exercise may be limited by legislation and special conditions.
Your right to erasure (Art 17 GPDR)
The right to be forgotten is also known as the right to erasure. Under certain conditions you can ask for your data to be deleted:
- when we no longer need your data;
- when you withdraw your consent;
- if your data have been unlawfully processed;
- when you object to the processing and Semperit has no reason to continue processing your data;
- when data erasure is necessary for compliance with a legal obligation (EU law or national law).
Your right to object to processing (Art 21 GPDR)
Even if your personal data are correct and complete and legitimately processed by Semperit you are entitled to object to the processing of your data. However, this right to objection is limited to justified individual instances only. You have the right to object to processing if we are able to process your information because the process forms part of our business tasks under our legitimate interests.
Your right to data portability (Art 20 GPDR)
This right only applies under specific circumstances and only to information you have given to Semperit. You have the right to ask that we transfer the information you gave us from one organization to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.
Your right to lodge a complaint
Although Semperit goes to great lengths to ensure your personal data's confidentiality and integrity, differences in opinion may nevertheless occur from time to time. You can contact the Semperit Compliance Team email@example.com in case you have any queries regarding the processing of personal data or if you wish to file a complaint. You can also use our channel:
Additionally, you have the right to lodge a complaint with the competent supervisory authority in your country, e.g. if you believe that we have violated your privacy rights or have not adequately enforced your data subject rights.
In Austria: Austrian Data Protection Authority, Barichgasse 40-42, A-1030 Vienna.
To prevent unauthorized access to personal data or their exposure, to keep the accuracy and proper use of your personal data and data we ensure technical and organizational measures for data protection.
Privacy Statement Information Update