Privacy policy

Version 1.0, published 07/23

PRIVACY POLICY

1.    General

Words of which the initial letter is capitalized have the same meaning as defined in the GDPR.

We (“Controller”, “us”) place utmost importance on safeguarding the personal data of our users. As such, we diligently adhere to relevant data protection regulations, including the General Data Protection Regulation (GDPR) and the national legal requirements, throughout the processing of your personal information.

Since we are not required by law, we have not appointed a data protection officer with the data protection authority. Nevertheless, we appointed a data protection coordinator.

Here are his contact details:

Mr Stefan Fankhauser

E-mail: data-protectiontrogroup.com

2.    Controller

Trodat Holding GmbH

Linzer Straße 156

4600 Wels

E-mail: data-protectiontrogroup.com

Phone: +43 7242 / 239 – 0

3.    Data processing on our website

Below you will find out which information we collect, process and use when you visit and use our website www.trodat.net/int/.

3.1    Provision and use of the website

Which data is processed:

Location data: If you are looking for a Trodat location near you, we process the location specified by you (address) in order to display the hits. We delete this information after your website visit.

Technical data: IP address of your device, data and time of the visit, the internet browser used, your operating system, your click behaviour on the website and the website from which you are visiting us.

This personal data can also be collected via cookies (see below).

Retention period: Personal data is only stored for as long as you use our website or as long as we need it to fulfil the purpose.

 

Legal bases: The legitimate interest (Art 6 para 1 lit f GDPR) and § 165 para 3 Telecommunications Act 2021 serve as the legal basis for data processing on the website.

Who gains access to your data: For the use of the website, the personal data is processed by a processor.

3.2    Electronic contact requests via the website

Which data is processed:

Contact and enquiry data: If you actively contact us (e.g. via e-mail or our contact form), the data and information (name, address, company, enquiry, telephone number, e-mail and content of the enquiry) will be processed.

 

Purpose: Processing of contact requests via e-mail or the website contact form.

Data Subjects: Website visitors, interested parties, customers, suppliers

Legal bases: The following legal bases serve for data processing on the website: Fulfilment of a contract, necessary for the implementation of pre-contractual measures (Art 6 para 1 lit b GDPR), legitimate interest (Art 6 para 1 lit f GDPR), § 165 para 3 Telecommunications Act 2021

Retention period: We store the data until the request has been answered. If there are statutory retention requirements, processing will be restricted until then.

Who gains access to your data: For the use of the website, the personal data is processed by a processor.

3.3    Cookies

We use cookies, as most websites do. Details and detailed descriptions can be found on our website under the fingerprint at the bottom left of our website www.trodat.net/int/.

3.4    Third-party services

3.4.1    Social media

Purpose: In addition to our website, we are also represented on social networks, in particular Facebook, Instagram, LinkedIn and YouTube, to increase awareness of our company and for marketing purposes. If you visit one of our online websites, personal data may be transmitted to the operator of the social network. Furthermore, the operator can link your profile to ours if you are logged into the respective network.

Data subjects: Visitors to our social media sites

The following data will be processed: Date and time of the actions performed, user ID (only for users who are logged in), location data (country/city), language setting, age/gender group (from the user profile for users who are logged in), previously visited website, type of hardware (computer/mobile device)

Legal bases: Consent (Art 6 para 1 lit a GDPR), legitimate interest (Art 6 para 1 lit f GDPR), express consent (Art 49 para 1 lit a GDPR).

 

Who gains access to your data: Operator of the visited social media platform

Transfer to third countries: USA: A transfer of the collected information to a third country without an adequate level of data protection safeguards cannot be ruled out.

With your express consent to the processing of cookies, you also agree to the possible processing of your data in the USA.

Details about the specific data collection and processing by the respective operator can be found in the following links:

Facebook https://www.facebook.com/about/privacy/previous

Instagram: https://help.instagram.com/155833707900388

YouTube: https://www.youtube.com/intl/ALL_uk/howyoutubeworks/our-commitments/protecting-user-data/

LinkedIn: https://www.linkedin.com/legal/privacy-policy

 

3.5    Customer care and marketing for own purposes

Purpose: Processing of own or purchased customer and interested party data for initial business contact regarding our own delivery or service offer as well as for the implementation of advertising measures and newsletter dispatch; customer relation management.

The information on intergroup joint processing activities is provided in Clause 7 Joint processing activities.

Data Subjects: Customers, interested parties

The following data will be processed: Master data

Legal bases: legitimate interest (Art 6 para 1 lit f GDPR), § 174 subparagraph 4 Telecommunications Act 2021,

Retention period: The data may be stored for up to three years after the last contact with the client, unless there are longer contractual or statutory retention periods.

Who gains access to your data: To send the information, the personal data is processed by a processor.

3.6    Customer and supplier management, accounting, logistics and bookkeeping

The provision of your personal data is required to fulfil the contract or implement pre-contractual measures. Without this data we cannot conclude a contract with you.

Purpose: Processing of personal data as part of any business relationships with customers and suppliers in the context of exercising a trade, including systematic recording of all business transactions relating to income and expenses.

 

Data Subjects: Customers, suppliers

 

The following data will be processed: Master data, payment information, financial data, bank details

Legal bases: Consent (Art 6 para 1 lit a GDPR), fulfilment of a contract, necessary to carry out pre-contractual measures (Art 6 para 1 lit b GDPR), in particular to contact you within the framework of the business relationship; fulfilment of a legal obligation (Art 6 para 1 lit c GDPR), legitimate interest, in particular defence, exercise and assertion of legal claims (Art 6 para 1 lit f GDPR).

Retention period: Your personal data will be stored by us for as long as is necessary to fulfil our obligations, depending on the necessity until the end of the business relationship or until the guarantee, warranty, statute of limitations and statutory retention periods (especially the tax retention requirements for business letters, invoices and receipts); as well as until the end of any legal disputes in which the data is required as evidence.

Who gains access to your data: If necessary for the fulfilment of the contract, your personal data will be passed on to the companies within the group of companies, or their sales and service partners in the countries concerned so that they can act on our behalf. Therefore, we will only transfer your data to third parties in order to fulfil our obligations. These include, in particular, the tax office, courts and authorities, suppliers, shipping companies, debt collection companies, banks involved in the payment to those concerned or third parties, legal representatives, chartered accountants.

3.7    Seminars

§    Purpose: Implementation of seminars, workshops or demo shops

§    Data Subjects: Interested parties, seminar participants, graduates

§    The following data will be processed:

Registration data: When you register for seminars, workshops or demo shops, we collect the specified registration data (name, company, address, e-mail, telephone, booked events). If you create stamp layouts using your personal data, this will also be stored.

Legal bases: Consent (Art 6 para 1 lit a GDPR), fulfilment of a contract, necessary to carry out pre-contractual measures (Art 6 para 1 lit b GDPR), in particular to contact you within the framework of the business relationship; fulfilment of a legal obligation (Art 6 para 1 lit c GDPR), legitimate interest, in particular defence, exercise and assertion of legal claims (Art 6 para 1 lit f GDPR).

§    Retention period: Your personal data will be stored by us for as long as is necessary to fulfil our obligations, depending on the necessity until the end of the business relationship or until the guarantee, warranty, statute of limitations and statutory retention periods (especially the tax retention requirements for business letters, invoices and receipts); as well as until the end of any legal disputes in which the data is required as evidence.

§    Who gains access to your data: If necessary for the fulfilment of the contract, your personal data will be passed on to the companies within the group of companies, or their sales and service partners in the countries concerned so that they can act on our behalf. These include, in particular, the tax office, courts and authorities, suppliers, shipping companies, debt collection companies, banks involved in the payment to those concerned or third parties, legal representatives, chartered accountants.

3.9    Applicant management

§    Purpose: Use and record keeping of personal data provided by applicants if this data was provided by the person concerned.

§    Data Subjects: Applicants

§    The following data will be processed: Master data, CV, photo

§    Legal bases: Consent (Art 6 para 1 lit a GDPR), express consent (Art 9 para 2 lit a GDPR) as well as assertion, exercise and defence of legal claims (Art 9 para 2 lit f GDPR) and legitimate interest (Art 10 GDPR in conjunction of § 4 para 3 clause 2 Data Protection Act)

§    Retention period: Applicant data will be deleted immediately after the advertised position has been filled or after any objection periods against the allocation of the job have expired, unless consent has been given to keep the record. Unsolicited applications are appropriately kept on record until they are revoked by the person concerned.

§    Who gains access to your data: Applicant data will not be forwarded to external bodies. The information on cross-group joint processing activities is explained in Clause 7.

3.10    Whistleblower system

§    Purpose: Processing information relating to possible or suspected infringements

§    Data Subjects: Whistleblower, reported person

§    The following data will be processed: Master data of the whistleblower, e-mail address, telephone number, if these are disclosed in the report and the personal data of the person named in the tip-off, data on potentially criminal actions by courts and administrative authorities (content data of the tip-off)

§    Legal bases: § 8 para 3 Austrian Whistleblower Protection Act, Art 6 para 1 lit e GDPR (for the performance of a task in the public interest), Art 9 para 2 lit f GDPR (processing for the assertion, exercise and defence of legal claims) and Art 9 para 2 lit g GDPR (processing based on union law and the law of a member state)

§    Retention period: 5 years, log data will be retained for 3 years from last use

§    Who gains access to your data: An internal position has been set up to process tip-offs. A processor is used to operate the whistleblower system. When a report is submitted, a lawyer carries out an initial assessment. If necessary, your data will be transferred to courts and authorities.

4.    Information about data transfers to third countries or to international organisations

Except in the cases already mentioned, the data processed by us will not be transferred to recipients in third countries without an appropriate level of security or international organisations.

5.     How does Trodat protect your data?

We take appropriate technical and organisational security measures within the meaning of Article 5 (1) (f) or Article 32 GDPR in order to protect your personal data against unintentional or unlawful deletion, modification or loss and against unauthorised disclosure or access. In addition, we and our employees are obliged to observe data secrecy.

6.     What are your rights?

6.1    Your rights as a data subject

You have a right of access to the personal data we process about you (Art 15 GDPR). You also have the right to have incorrect data corrected and deleted (Art 16 and 17 GDPR). You also have the right to restriction of processing (Art 18 GDPR) and the right to data portability (Art 20 GDPR). For the sake of completeness, we would like to point out that a request for deletion can only be met if there are no statutory retention requirements or other obligations.

6.2    Your right of objection

If the processing of your personal data is based on a balance of interests (Art 6 para 1 lit f GDPR: legitimate interests), you have the right to object to the processing at any time for reasons that arise from your particular situation. If you exercise your right to object, we ask you to explain to us your reasons why we should not process your personal data as we have done. We will check the situation and either stop or adapt the data processing or present you with our compelling legitimate reasons and continue the data processing. We will also continue data processing if it serves to assert, exercise or defend legal claims.

You can object to data processing for the purposes of direct advertising and data analysis at any time. In this case, we will stop processing the data.

6.3    Your right of withdrawal

If you have given us your consent to the processing of your personal data, you can revoke your consent at any time. Your revocation does not affect the legality of the data processing that has taken place up to the revocation.

6.4    Complaint to the supervisory authority

You can also contact the Austrian data protection authority (Barichgasse 40-42, 1030 Wien, phone: +43 1 52 152-0, E-mail: [email protected]) with a complaint. The data protection authorities of other countries can be found at ec.europa.eu/info/law/law-topic/data-protection/reform/what-are-data-protection-authorities-dpas_de.

If you have questions about your rights or data processing, you can also contact us. Our full contact details can be found under Clause 2.

7.    Joint processing activities

If companies process personal data jointly, there is joint responsibility if everyone jointly determines the purposes and means of processing. The joint controllers shall conclude an agreement to determine in a transparent manner who fulfils which obligation and shall inform the data subjects of the essential content of the agreement.

7.1    Other intergroup processing of applicant data

7.1.1    Who is involved in the joint processing?

TroGroup GmbH, AUT

Trotec Laser GmbH, AUT

Trodat Holding GmbH, AUT

Trodat GmbH, AUT

Iradion Laser Holding GmbH, AUT

Iradion Laser GmbH, DEU

Trotec Laser Deutschland GmbH, DEU

Trotec Laser Automation GmbH, DEU

Trodat Vertriebs GmbH, DEU

Purpose: Processing of applicant data for business initiation in relation to employment relationships, standardised human resource management.

Data Subjects: Applicants

The following data will be processed: Master data, application data

Retention period: In the case of cross-group vacancies and international job advertisements, we delete the data no later than 12 months after the position has been filled, unless the person concerned has given their consent or there are longer contractual or statutory retention periods. In the case of national advertisements and vacancies, the retention periods are based on national legal requirements.

7.2    Other intergroup processing

7.2.1    Who is involved in the joint processing

TroGroup GmbH, AUT

Trotec Laser GmbH, AUT

Trotec Laser Ltd., UK

Trotec Laser Canada Inc, CAN

Trotec Laser AG, CHE

Trotec Laser B.V., NLD

Trotec Laser S.r.l., ITA

Trotec Laser Japan Co. Ltd., JPN

Trotec Laser France SAS, FRA

Trotec Laser Espana S.L.U., ESP

Trotec Laser Deutschland GmbH, DEU

Trotec Laser Automation GmbH, DEU

Trodat Holding GmbH, AUT

Trodat GmbH, AUT

Trodat Vertriebs GmbH, DEU

Trodat Production s.r.l., ROU

Trodat Italia S.r.l., ITA

Trodat France S.A.S., FRA

Trodat Benelux B.V., NLD

Trodat Polska Sp.z.o.o., POL

Trodat UK Ltd, UK

Trodat Marking Canada Inc., CAN

Trodat Stamps (A-Pak) Limited, IRL

Ash Rubber Stamp Co.Ltd., UK

Motivation in Learning Ltd., UK

WJ Finanzierung GmbH, AUT

Iradion Laser Holding GmbH, AUT

Iradion Laser GmbH, DEU

Iradion Laser Inc., USA

Trotec Laser (Xiamen) Co. Ltd., CHN

Iradion Laser (Xiamen) Co. Ltd., CHN

Trotec Laser Inc., USA

Engravers Network LLC, USA

High Speed Laser Systems S de RL de CV, MEX

Trotec Laser PTY Ltd., AUS

Trotec Laser (Xiamen) Co. Ltd., CHN

Innovative Laminations Company Inc., USA

Trotec Laser Asia Pacific Pte. Ltd., SGP

Trodat USA Inc., USA

Tro Sellos Mexico S de RL de CV, MEX

Rubber Stamp&Engraving Co.Ltd., ZAF

Yocotrim Investments Ltd., ZAF

Trodat Marking India Pvt. Ltd., IND

Trodat Carimbos de Brasil Ltda, BRA

TRODAT RUS LLC, RUS

Trodat Marking Devices (Xiamen) Co.Ltd., CHN

7.2.2    Executive management

Purpose: Processing of data and contracts of managers with regard to employment relationships, group-wide human resource management for managers and group-wide human resources development.

Data Subjects: Managers of the members of the group of companies

The following data will be processed: Master data, data on the employment contract

Retention period: Until the end of the statutory retention periods, in particular the Austrian Commercial Code, Federal Fiscal Code and Product Liability Law. In addition, the data will be stored until the end of any legal disputes in which the data is required as evidence.

7.2.3    Customer/supplier management, accounting, logistics and bookkeeping

Purpose: All Controllers process the data in a shared ERP program. Data is currently stored in Europe at the TroGroup GmbH site. Each Controller will process data within this system, taking into account the respective authorisations.

Processing of personal data in the context of business relationships with customers and suppliers, including the systematic recording of all transactions relating to income and expenses.

Data Subjects: Customers, interested parties

The following data will be processed: Master data, VAT number

Retention period: Legal requirements; until the end of the business relationship or until the applicable guarantee, warranty, statute of limitations and statutory retention periods have expired; as well as until the end of legal disputes in which the data is required as evidence.

7.2.4    Marketing and management of customer relationships

Purpose: Processing of collected or purchased customer and prospective customer data for the acquisition of business from the Controller with regard to their product portfolio and the implementation of advertising measures and newsletter distribution; customer relation management.

Data Subjects: Customers, interested parties

The following data will be processed: Master data, account information, data on purchases (number, average order value), promotions (engagement by campaign), events

Retention period: The data will be stored until the end of the third year after the last contact with the client, provided there are no longer contractual or statutory retention periods.

7.2.5    Website

Purpose: The website is technically managed by Trodat Holding GmbH, TroGroup GmbH, Iradion Laser Holding GmbH and Trotec Laser GmbH. The content is provided locally by each company in the group. The receiving company will check the contact requests, book them into the joint customer database and, if necessary, send data to another company in the customer’s target area to answer requests.

In addition, the purposes consist of promoting the corporate identity, a standardised corporate image for the group of companies, improving services and the website.

Data Subjects: Customers, interested parties

The following data will be processed: IP address of the visitor, date and time of the request, time zone difference to GMT, content of the request (specific page), access status/HTTP status code, amount of data transferred, requesting website, browser, operating system and user interface, language, browser software version, contact and content data of requests

Retention period: up to 38 months, details and precise descriptions can be found on each of our websites in the data protection settings (cookies).

7.2.6    EHS (environmental, health and safety management)

Purpose: Improvement of health and safety standards within the group of companies, prevention of occupational accidents or environmental damage, training of safety officers

Data Subjects: Employees, suppliers

The following data will be processed: Employee master data, information about (near) accidents, injuries suffered, sick leave, training and prevention measures, reports to authorities and outcomes

Retention period: 30 years

7.2.7    Public Relation Management, standardised group communication

Purpose: Informing external stakeholders, building corporate culture and public image; maintenance and harmonisation of corporate communication within the group of companies; central contact point for crisis communication

Data Subjects: Employees, suppliers

The following data will be processed: Employee master data and the manager concerned, time of the incident, employees involved, statements, reports

Retention period: 30 years

7.2.8    Case management whistleblower system

§    Purpose: Group-wide processing of information relating to possible or suspected legal infringements

§    Data Subjects: Whistleblower, reported person

§    The following data will be processed: Master data of the whistleblower, e-mail address, telephone number, if these are disclosed in the report and the personal data of the person named in the tip-off, data on potentially criminal actions by courts and administrative authorities (content data of the tip-off)

§    Legal bases: Art 6 para 1 lit e GDPR (for the performance of a task in the public interest), Art 9 para 2 lit f GDPR (processing for the assertion, exercise and defence of legal claims) and Art 9 para 2 lit g GDPR (processing based on union law and the law of a member state)

§    Retention period: 5 years, log data will be retained for 3 years from last use

7.3    Point of contact for data subjects

If you have any questions about your rights or data processing, you can get in touch with the contact person for the data subjects:

TroGroup GmbH

Linzer Straße 156

4600 Wels

data-protectiontrogroup.com

7.4    Lead supervisory authority

The joint controllers have appointed the Austrian data protection authority (Barichgasse 40-42, 1030 Wien, phone: +43 1 52 152-0, E-mail: dsbdsb.gv.at) as the lead supervisory authority.

8.    Change management

The current version of this data protection declaration is available on our website. Questions about an earlier version should be sent to data-protectiontrogroup.com.