PRIVACY POLICY

a. If you only use our website for information purposes, i.e. if you do not register for a service or otherwise provide us with information - for example via a contact form - we only collect the (per-sonal) data that your browser transmits to our server. If you therefore wish to visit our website, we collect the data listed below which is technically necessary for us to display the website to you and ensure its stability and security in accordance with Art. 6 para. 1 (1) lit. f GDPR to ensure:

•    IP address
•    Date and time of request
•    Time zone difference to Greenwich Mean Time (GMT)
•    Content of the request
•    Access status/http status code
•    Amount of data transferred
•    Website from which the request comes
•    Browser used
•    Operating system and its interface
•    Browser software language and version

However, this data is not processed beyond the purpose of displaying our website.

b. In addition to the aforementioned data, first and third-party cookies are stored on your computer when you use our website; these are small text files that are stored on your browser's hard drive. The entity that sets a cookie (either by us or an explicitly named third party) receives certain infor-mation as a result.

We need these cookies to recognise you as a user of the website and also to be able to trace the use of our services. Finally, we may use cookies for marketing purposes to analyse your user behaviour and, if necessary, to send you targeted advertising.  

c. It is generally possible to differentiate between first-party cookies, third-party cookies and third-party requests.

•    First-party cookies

First-party cookies are stored by us or our website itself on your browser to provide you with the best possible user experience. These primarily include functional cookies, such as shopping basket cookies. We may also use cookies to identify you for subsequent visits if you have an account with us - otherwise you will need to log in again each time you visit.

•    Third-party cookies

Third-party cookies are stored on your browser by a third-party provider. These are usually tracking or marketing tools that evaluate your user behaviour and offer the third-party provider the option of recognising you on other websites visited. Retargeting marketing, for example, is based on the function of such cookies.

•    Third-party requests

Third-party requests are all requests you make to third parties as a user via our site - for example, if you interact with social network plug-ins or use a payment provider's services. In this case, no cookies are stored on your browser, but it cannot be ruled out that personal data will be sent to this third-party provider through the interaction. For this reason, we also provide you with detailed in-formation about the tools and applications we use in our Privacy Policy.

d. In order to provide you with comprehensive information about the cookies we use, we have de-signed a cookie banner in accordance with the jurisdiction of the ECJ of 1 October 2019, C-673/17 (Planet 49) and other relevant decisions, which is displayed to you the first time you visit our web-site. This cookie banner shows all cookies used, including their function, storage duration and origin. Only if you consent to the use of some or all of these cookies will they be stored by us; an exception to this may be technically necessary cookies, without which our website could not be displayed correctly.

e. You can change your browser settings at any time, for example, to refuse the acceptance of third-party cookies or all cookies. In this case, however, we must point out that you may no longer be able to use all functions of our website.

a. Website

Personal data that goes beyond the information stored by cookies is only processed by us in the context of the operation of our website if you voluntarily provide it to us, for example when you register with us, enter into a contractual relationship with us or otherwise contact us. This only con-cerns contact details and information about the requests you submit to us.

We use the personal data you provide only to the extent necessary to fulfil the respective purpose of processing (e.g. registration, sending newsletters, processing an order, sending information mate-rial and advertising, running a competition, answering a question, enabling access to certain infor-mation) and where this is permitted by law (in particular pursuant to Art. 6 or Art. 9 GDPR) (e.g. the sending of advertising and information material to existing customers pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR).

The purpose of processing your data is the operation of our website and the targeted provision of company-specific information as well as the presentation of the range of our goods and services (marketing).

Any further use of your data will only take place if you have previously expressly consented to this, if we need your data for the performance of a contract concluded with you or if we are obliged to store it due to a legal provision. You can withdraw any consent you have given at any time with effect for the future, as explained in more detail below.

b. Contract handling, marketing and more

In general, we use personal data of our customers, suppliers and other contractual and cooperation partners, e.g. contact persons, their contact data and marketing-relevant information, for the pur-pose of contract processing and within the scope of statutory retention obligations (e.g.: accounting) and also for legitimate interests, such as marketing and customer care purposes.

In addition, we collect personal data of interested parties (e.g. contact persons, their contact data and marketing-relevant information) as part of our acquisition and sales activities. We are always looking for potential contract partners on the Internet, at trade fairs and other events and maintain a marketing database for this purpose in order to enable targeted advertising for our products and services. All of the measures listed here are carried out in our legitimate interest for marketing pur-poses in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR in conjunction with Recital 47 for a period of three years from the end of a contractual relationship (customers & suppliers) or our first (ineffective) contact (prospective customers), unless the data subject has given express consent to do so.

If we do not collect personal data from the data subject for marketing purposes, we share with the data subject where we collected their data from in accordance with Art. 14 GDPR when contacting us for the first time.

Due to tax and administrative considerations, we have established various companies in Germany and abroad, with which we are partly jointly responsible in the sense of Art. 26 GDPR, partly within the framework of data processor relationships within the meaning of Art. 28 GDPR to jointly process personal data. One example of this is the common marketing database.

A complete list of our affiliated companies can be found at https://www.evva.com/int-en/aboutus/contact/international/. If we are to provide products and services that other companies affiliated with us offer as part of an ongoing business relationship or as a result of an explicit request from an interested party, we pass on the interested party’s personal data for marketing purposes to the companies affiliated with us that offer the products and services of interest to the specific data subject.

c. Application management

We collect data from applicants for job vacancies open to us for the purpose of initiating a possible employment relationship pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR or, if applicable, on the basis of explicit consent for evidence purposes.

We generally store data that you have provided to us exclusively for customer care or for marketing and information purposes for up to three years after our last contact. However, upon your request, we will also delete your data before the expiry of this period, unless there is a legal obstacle to this.

In the event of the initiation or conclusion of a contract, we process your personal data after the complete performance of the contract until the expiry of the warranty, guarantee, limitation periods and statutory retention periods applicable to us, in addition to the conclusion of any legal disputes in which the data is required as proof.

We will only store data that you provide to us as part of an application process for a period of 6 months without separate consent.

If retention is required by law, we comply with the period specified therein. If we process your per-sonal data - for example, for legitimate interests - for the purposes described in this Privacy Policy, we will inform you separately before starting the processing.

a. General
 
As a rule, your data will not be transferred to third parties unless we are legally obliged to do so, the transfer of data is necessary for the performance of a contractual relationship concluded between us or you have previously expressly consented to the transfer of your data.

External processors or other cooperation partners only receive your data if this is necessary for the performance of the contract, if we have a legitimate interest in this, which we always disclose sepa-rately on an ad hoc basis or if this is required due to special standards, with your consent.

We do not sell or otherwise market your personal data to third parties. If our contractual partners or processors are based in a third country, i.e. a country outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of services.

Insofar as one of our processors comes into contact with your personal data, we ensure that it com-plies with the provisions of data protection laws in the same way as we do.

b. Data transfer to the USA?

Occasionally, we offer some services in which a data transfer to the USA takes place or may take place. The transfer of data to the USA has always led to legal challenges in recent years. There are several legal bases for a legally compliant data transfer to the USA, whereby we basically rely on two different legal bases:

•    Data transfer on the basis of an adequacy decision

On 10 July 2023, the European Commission adopted a new adequacy decision pursuant to Art. 45 GDPR for the USA - namely the EU-U.S. Data Privacy Network.

However, this adequacy decision only applies to those data importers in the USA that are registered in the Data Privacy Framework List (https://www.dataprivacyframework.gov/s/participant-search).

For each of our service providers who are to receive personal data in the USA as data importers, we check whether they are registered in the Data Privacy Framework List. If this is the case, this is stated in our Privacy Policy for the respective service provider.

The EU Commission press release on the EU-U.S. Data Privacy Network can be found at: https://ec.europa.EU/commission/presscorner/detail/en/ip_23_3721.

•    Permissions

However, if a data importer is not registered in the Data Privacy Framework List, it is necessary - unless there is another justification, such as the fulfilment of contractual obligations - that you also consent to the use of your data collected via these services in the USA (Art. 49 para. 1 lit. a GDPR).

This is because we are not yet able to assess how jurisprudence is developing as a result of the EU-U.S. Data Privacy Network. Depending on the service, we record this consent via our cookie banner or separately by means of a corresponding declaration of consent directly before using a service offered.

Your consent is required because, according to recent decisions by authorities and courts and the case-law of the ECJ, the USA is not certified as having an adequate level of data protection when processing personal data (C-311/18, Schrems II). In particular, these decisions by authorities and courts critically demonstrate that access by US authorities (FISA 0702) is not extensively restricted by law, does not require approval by an independent body and no relevant legal remedies are available to the data subjects in the event of corresponding interventions.

Apart from contracts with US service providers, we have no direct influence on the access of US au-thorities to personal data transferred to service providers in the USA when using these services. Even if we assume that our service providers take the necessary steps to ensure the promised level of protection in accordance with the agreements concluded with us, access by US authorities to data processed in the USA is still conceivable.

We therefore ask for your consent to the processing of data in the USA before using such services. For each service or application, we will point out separately that there is a possibility of data being transferred to the USA.

You have the option to subscribe to our free newsletter. With this newsletter, you will receive all the latest news and information about our company as well as tailored advertising at regular intervals. To receive our newsletter, you need a valid email address.

We check the email address you entered in our registration screen to see if you actually wish to re-ceive newsletters. We do this by sending you an email to the email address you have provided, which you can confirm by clicking on the link contained therein. After confirming the email, you will be subscribed to our newsletter. (Double opt-in)

When you first subscribe to the newsletter, we store your IP address, the date and time of your reg-istration. This is done for security reasons in the event that a third party misuses your email address and subscribes to our newsletter without your knowledge. We do not collect or process any other data for the newsletter subscription; the data is used exclusively for the purpose of receiving the newsletter.

Unless you object, we may transfer your data to companies affiliated with our company under cor-porate law for the purpose of analysis and for the transmission of information for advertising pur-poses. Within the group of companies, the data you have provided to us for the purpose of receiv-ing the newsletter will be compared with data that may be collected by us elsewhere (e.g. when purchasing a product or booking a service).

Your data for registering for the newsletter will not be passed on to third parties who do not belong to the company group. You can unsubscribe from our newsletters at any time. You can find details on how to unsubscribe in the confirmation email and in each individual newsletter.

a. We use Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This service uses cookies, the functionality of which has already been explained in detail before. As a rule, the information generated by the cookie about your use of this website is transferred to a Google server in the USA where it is stored.

On behalf of the operator of this website, Google will use this information for the purpose of eval-uating your use of the website, compiling reports on website activity and providing other services relating to website activity and Internet usage for website operators. The IP address sent by your browser within the context of Google Analytics is not merged with other Google data.

You can prevent storage of cookies by configuring the corresponding setting on your browser soft-ware; however, we must inform you that certain functions of this website may not work correctly in this case. You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) as well as its transfer and processing by Google by downloading and installing the browser plug-in available at the following link: tools.google.com/dlpage/gaoptout

If you would like to find out more about the type, scope and purpose of the data collected by Google, we recommend that you read their data protection provisions. https://support.google.com/analytics/answer/6004245?hl=de
Google also processes your data in the USA. Before giving your consent to the storage of cookies by using Google Analytics, please read the information about this in our Privacy Policy.

Google LLC is registered in the Data Privacy Framework List.

b. We also use the services of Google Maps on our website. This allows us to show you interactive maps directly on our website and allows you to conveniently use the map function to find our loca-tion and make your journey easier.

When you visit our website, Google receives the information that you have accessed the corre-sponding subpage of our website and the personal data listed under 2. This happens regardless of whether you are logged in via a Google account or not. If you have logged in to Google, your data is directly assigned to your account. If you do not wish for this, you must log out of Google before using this service. Google uses your data for the purposes of advertising, market research and needs-based design of the website. You have the right to object to the use of your data in this re-gard, which you must address directly to Google.
 
Further information on the purpose and scope of data collection can be found in Google’s privacy policy at http://www.google.de/intl/de/policies/privacy. Google also processes your data in the USA. Before giving your consent to the storage of cookies by using Google Maps, please read the infor-mation about this in our privacy policy.

Google LLC is registered in the Data Privacy Framework List.

c. We also link to other websites on our website for information purposes only. These websites are not under our control and are therefore not subject to the provisions of this Privacy Policy. However, if you activate a link, it is possible that the operator of this website may collect data about you and process it in accordance with its privacy policy, which may differ from ours. Please also always check the current data protection provisions on the websites to which we link.

d. Our website also offers the option of interacting with various social networks via plugins. These include:

•    Facebook, operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The parent company, Meta Platforms Inc., Menlo Park, California, is registered in the Data Privacy Framework List.
•    Linked In, operated by LinkedIn Inc., 2029 Stierlin Court, Mountain View, CA 94043, USA
•    Youtube, operated by Youtube LLC, 901 Cherry Avenue, San Bruno, CA 94066 USA
•    XING, operated by XING SE, Dammtorstrasse 30, 20354 Hamburg, Germany
If you click on a social plugin of one of these networks, it is activated and a connection to the server of the respective network is established as described above.

By activating these plugins, you consent to the use of your data collected via these plugins in the USA, where applicable.

We have no influence on the scope and content of the data transmitted to the respective operator of this social network by clicking on the plugin or which may subsequently be subject to access by US authorities.

If you would like to find out about the type, scope and purpose of the data collected by the opera-tors of these social networks, we recommend that you read the data protection provisions of the respective social network.

Facebook fan page

We operate a Facebook fan page at https://www.facebook.com/EVVAgroup/. The purpose of this fan page is to share information about our company’s activities, to implement marketing measures and to offer another channel of communication with us.

In this context, we are “joint controllers” with Facebook, operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, which provides us with this service. In principle, Facebook allows you to select which personal data is shared with us in your settings. If you do not wish to do so, we will receive all information regarding the use of our fan page and per-sonal data about visitors in anonymised form.

For this purpose, we have concluded a so-called Art. 26 GDPR agreement with Facebook, which regulates the mutual rights and obligations of us and Facebook. This can be found at https://www.facebook.com/-legal/EU_data_transfer-_addendum/update. In this context, we also ask you to read Facebook’s privacy policy, which you can find at https://www.facebook.com/policy.php.

In the Art. 26 GDPR agreement we have concluded, Facebook undertakes to be the first point of contact for data subjects regarding the processing of Insights data and to fulfil the associated obli-gations and tasks.

You can therefore assert your rights as a data subject both against us in accordance with point 10 of this Privacy Policy and against Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

We use numerous technical and organisational security measures to protect your data against ma-nipulation, loss, destruction and access by third parties. Our security measures are continually im-proved in line with technological developments on the Internet. Should you have any further infor-mation on the type and scope of the technical and organisational measures we have taken, please do not hesitate to contact us in writing at any time.

In accordance with the General Data Protection Regulation and Data Protection Act, you have the following rights and remedies as a data subject of our data processing:

•    Right to information (Art. 15 GDPR)
As a data subject of the aforementioned and other data processing, you have the right to request information on whether and, if so, which personal data are processed about you. For your own protection - so that no unauthorised person receives access to your data - we will verify your iden-tity in a suitable form before providing access.

•    Right to rectification (Art. 16) and erasure (Art. 17 GDPR)
You have the right to request the immediate rectification of inaccurate personal data concerning you or - taking into account the purposes of data processing - the completion of incomplete personal data as well as the deletion of your data, provided that the criteria of Art. 17 GDPR are met.

•    Right to the restriction of processing (Art. 18 GDPR)
You have the right, subject to the legal conditions, to restrict the processing of all personal data col-lected. After requesting restriction, this data will only be processed with your individual consent or for the assertion and enforcement of legal claims.

•    Right to data portability (Art. 20 GDPR)
You can request the unhindered and unrestricted transfer of personal data that you have provided to us to you or a third party.

•    Right to object (Art. 21 GDPR)
You can object at any time to the processing of your personal data which is necessary to protect our legitimate interests or those of a third party, for reasons relating to your particular situation. Your data will no longer be processed after your objection, unless there are compelling legitimate grounds for its processing which override your interests, rights and freedoms or its processing serves the assertion, exercise or defence of legal claims. You can object to data processing for direct marketing purposes at any time with effect for the future.

•    Withdrawal of consent
If you have separately given your consent to the processing of your data, you can withdraw it at any time. Such a revocation affects the lawfulness of the processing of your personal data after you have expressed it to us.

If you choose to enforce your rights listed above under the GDPR, EVVA must immediately, but no later than one month after receipt of your request, comment on the requested action or respond to the request.

We will respond to all reasonable requests within the legal framework free of charge and as soon as possible.

The Data Protection Authority is responsible for requests concerning infringements of the right to information, the right to secrecy, the right to rectification or the right to erasure. Their contact details are as follows:

Österreichische Datenschutzbehörde (Austrian data protection authority)
Barichgasse 40-42
1030 Vienna
dsb(at)dsb.gv.at

a. Contact information of the data controller

EVVA Sicherheitstechnologie GmbH
Wienerbergstr. 59-65, Postfach 77 | A-1120 Vienna
T +43 1 811 65-0 | F +43 1 812 20 71
info(at)evva.com | www.evva.com

b. Contact details of the data protection officer

Lawyer Mag. Philipp Summereder
Summereder Pichler Wächter Rechtsanwälte GmbH
Dr. Herbert-Sperl-Ring 3, A - 4060 Leonding
office(at)spwr.at | +43,732 272887 | www.spwr.at
FN 441762a LG Linz | ADVM code P430533