Privacy policy
1. General
Words of which the initial letter is capitalized have the same meaning as defined in the GDPR.
We (“Controller”, “us”) place utmost importance on safeguarding the personal data of our users. As such, we diligently adhere to relevant data protection regulations, including the General Data Protection Regulation (GDPR) and the national legal requirements, throughout the processing of your personal information.
Since we are not required by law, we have not appointed a data protection officer with the data protection authority. Nevertheless, we appointed a data protection coordinator.
Here are his contact details:
Mr Stefan Fankhauser
E-mail: data-protectiontrogroup.com
2. Controller
Trodat Holding GmbH
Linzer Straße 156
4600 Wels
E-mail: data-protectiontrogroup.com
Phone: +43 7242 / 239 – 0
3. Data processing on our website
Below you will find out which information we collect, process and use when you visit and use our website www.trodat.net/int/.
3.1 Provision and use of the website
Which data is processed:
- Location data: If you are looking for a Trodat location near you, we process the location specified by you (address) in order to display the hits. We delete this information after your website visit.
- Technical data: IP address of your device, data and time of the visit, the internet browser used, your operating system, your click behaviour on the website and the website from which you are visiting us.
- This personal data can also be collected via cookies (see below).
- Retention period: Personal data is only stored for as long as you use our website or as long as we need it to fulfil the purpose.
- Legal bases: The legitimate interest (Art 6 para 1 lit f GDPR) and § 165 para 3 Telecommunications Act 2021 serve as the legal basis for data processing on the website.
- Who gains access to your data: For the use of the website, the personal data is processed by a processor.
3.2 Electronic contact requests via the website
Which data is processed:
- Contact and enquiry data: If you actively contact us (e.g. via e-mail or our contact form), the data and information (name, address, company, enquiry, telephone number, e-mail and content of the enquiry) will be processed.
- Purpose: Processing of contact requests via e-mail or the website contact form.
- Data Subjects: Website visitors, interested parties, customers, suppliers
- Legal bases: The following legal bases serve for data processing on the website: Fulfilment of a contract, necessary for the implementation of pre-contractual measures (Art 6 para 1 lit b GDPR), legitimate interest (Art 6 para 1 lit f GDPR), § 165 para 3 Telecommunications Act 2021
- Retention period: We store the data until the request has been answered. If there are statutory retention requirements, processing will be restricted until then.
- Who gains access to your data: For the use of the website, the personal data is processed by a processor.
3.3 Cookies
We use cookies, as most websites do. Details and detailed descriptions can be found on our website under the fingerprint at the bottom left of our website www.trodat.net/int/.
3.4 Third-party services
3.4.1 Social media
- Purpose: In addition to our website, we are also represented on social networks, in particular Facebook, Instagram, Pinterest, LinkedIn and YouTube, to increase awareness of our company and for marketing purposes. If you visit one of our online websites, personal data may be transmitted to the operator of the social network. Furthermore, the operator can link your profile to ours if you are logged into the respective network.
- Data subjects: Visitors to our social media sites
- The following data will be processed: Date and time of the actions performed, user ID (only for users who are logged in), location data (country/city), language setting, age/gender group (from the user profile for users who are logged in), previously visited website, type of hardware (computer/mobile device)
- Legal bases: Consent (Art 6 para 1 lit a GDPR), legitimate interest (Art 6 para 1 lit f GDPR), express consent (Art 49 para 1 lit a GDPR).
- Who gains access to your data: Operator of the visited social media platform
- Transfer to third countries: USA: A transfer of the collected information to a third country without an adequate level of data protection safeguards cannot be ruled out.
- With your express consent to the processing of cookies, you also agree to the possible processing of your data in the USA.
Details about the specific data collection and processing by the respective operator can be found in the following links:
Facebook: https://de-de.facebook.com/about/privacy/ (general privacy policy) and https://www.facebook.com/legal/terms/page_controller_addendum# (specific data collection for page insights)
Instagram: https://help.instagram.com/155833707900388
YouTube: https://www.youtube.com/static?gl=DE&template=terms&hl=de and https://policies.google.com/privacy.
LinkedIn: https://www.linkedin.com/legal/privacy-policy
Pinterest: https://policy.pinterest.com/de/privacy-policy
3.5 Customer care and marketing for own purposes
- Purpose: Processing of own or purchased customer and interested party data for initial business contact regarding our own delivery or service offer as well as for the implementation of advertising measures and newsletter dispatch; customer relation management.
- The information on intergroup joint processing activities is provided in Clause 7 Joint processing activities.
- Data Subjects: Customers, interested parties
- The following data will be processed: Master data
- Legal bases: legitimate interest (Art 6 para 1 lit f GDPR), § 174 subparagraph 4 Telecommunications Act 2021,
- Retention period: The data may be stored for up to three years after the last contact with the client, unless there are longer contractual or statutory retention periods.
- Who gains access to your data: To send the information, the personal data is processed by a processor.
3.6 Customer and supplier management, accounting, logistics and bookkeeping
The provision of your personal data is required to fulfil the contract or implement pre-contractual measures. Without this data we cannot conclude a contract with you.
- Purpose: Processing of personal data as part of any business relationships with customers and suppliers in the context of exercising a trade, including systematic recording of all business transactions relating to income and expenses.
- Data Subjects: Customers, suppliers
- The following data will be processed: Master data, payment information, financial data, bank details
- Legal bases: Consent (Art 6 para 1 lit a GDPR), fulfilment of a contract, necessary to carry out pre-contractual measures (Art 6 para 1 lit b GDPR), in particular to contact you within the framework of the business relationship; fulfilment of a legal obligation (Art 6 para 1 lit c GDPR), legitimate interest, in particular defence, exercise and assertion of legal claims (Art 6 para 1 lit f GDPR).
- Retention period: Your personal data will be stored by us for as long as is necessary to fulfil our obligations, depending on the necessity until the end of the business relationship or until the guarantee, warranty, statute of limitations and statutory retention periods (especially the tax retention requirements for business letters, invoices and receipts); as well as until the end of any legal disputes in which the data is required as evidence.
- Who gains access to your data: If necessary for the fulfilment of the contract, your personal data will be passed on to the companies within the group of companies, or their sales and service partners in the countries concerned so that they can act on our behalf. Therefore, we will only transfer your data to third parties in order to fulfil our obligations. These include, in particular, the tax office, courts and authorities, suppliers, shipping companies, debt collection companies, banks involved in the payment to those concerned or third parties, legal representatives, chartered accountants.
3.7 Seminars
- § Purpose: Implementation of seminars, workshops or demo shops
- § Data Subjects: Interested parties, seminar participants, graduates
- § The following data will be processed:
- Registration data: When you register for seminars, workshops or demo shops, we collect the specified registration data (name, company, address, e-mail, telephone, booked events). If you create stamp layouts using your personal data, this will also be stored.
- Legal bases: Consent (Art 6 para 1 lit a GDPR), fulfilment of a contract, necessary to carry out pre-contractual measures (Art 6 para 1 lit b GDPR), in particular to contact you within the framework of the business relationship; fulfilment of a legal obligation (Art 6 para 1 lit c GDPR), legitimate interest, in particular defence, exercise and assertion of legal claims (Art 6 para 1 lit f GDPR).
- § Retention period: Your personal data will be stored by us for as long as is necessary to fulfil our obligations, depending on the necessity until the end of the business relationship or until the guarantee, warranty, statute of limitations and statutory retention periods (especially the tax retention requirements for business letters, invoices and receipts); as well as until the end of any legal disputes in which the data is required as evidence.
- § Who gains access to your data: If necessary for the fulfilment of the contract, your personal data will be passed on to the companies within the group of companies, or their sales and service partners in the countries concerned so that they can act on our behalf. These include, in particular, the tax office, courts and authorities, suppliers, shipping companies, debt collection companies, banks involved in the payment to those concerned or third parties, legal representatives, chartered accountants.
3.8 Trodat Order Manager
- § Purpose: With the Trodat Order Manager you can place and manage orders with us. We will create a user account for you to use the Trodat Order Manager. Management of the created user profile, execution of orders, display of deliveries and invoices.
- § Data Subjects: Users who have been registered and activated for the Trodat Order Manager.
- § The following data will be processed: Master data, account data (username, password), content data of the orders, log data of the access
- § Legal bases: Consent (Art 6 para 1 lit a GDPR, § 174 para 3 Telecommunications Act 2021), fulfilment of a contract, necessary for the implementation of pre-contractual measures (Art 6 para 1 lit b GDPR), legitimate interest, in particular defence, exercise and assertion of legal claims (Art 6 para 1 lit f GDPR)
- § Retention period: The data may be stored until the end of the tax retention periods after the last contact with the client, unless there are longer or shorter contractual or statutory retention periods.
- § Who gains access to your data: Processor, transfer to the members of the group of companies responsible for processing
The provision of your personal data is required to fulfil the contract or implement pre-contractual measures. Without this data we cannot conclude a contract with you.
3.9 Applicant management
- § Purpose: Use and record keeping of personal data provided by applicants if this data was provided by the person concerned.
- § Data Subjects: Applicants
- § The following data will be processed: Master data, CV, photo
- § Legal bases: Consent (Art 6 para 1 lit a GDPR), express consent (Art 9 para 2 lit a GDPR) as well as assertion, exercise and defence of legal claims (Art 9 para 2 lit f GDPR) and legitimate interest (Art 10 GDPR in conjunction of § 4 para 3 clause 2 Data Protection Act)
- § Retention period: Applicant data will be deleted immediately after the advertised position has been filled or after any objection periods against the allocation of the job have expired, unless consent has been given to keep the record. Unsolicited applications are appropriately kept on record until they are revoked by the person concerned.
- § Who gains access to your data: Applicant data will not be forwarded to external bodies. The information on cross-group joint processing activities is explained in Clause 7.
3.10 Whistleblower system
- § Purpose: Processing information relating to possible or suspected infringements
- § Data Subjects: Whistleblower, reported person
- § The following data will be processed: Master data of the whistleblower, e-mail address, telephone number, if these are disclosed in the report and the personal data of the person named in the tip-off, data on potentially criminal actions by courts and administrative authorities (content data of the tip-off)
- § Legal bases: § 8 para 3 Austrian Whistleblower Protection Act, Art 6 para 1 lit e GDPR (for the performance of a task in the public interest), Art 9 para 2 lit f GDPR (processing for the assertion, exercise and defence of legal claims) and Art 9 para 2 lit g GDPR (processing based on union law and the law of a member state)
- § Retention period: 5 years, log data will be retained for 3 years from last use
- § Who gains access to your data: An internal position has been set up to process tip-offs. A processor is used to operate the whistleblower system. When a report is submitted, a lawyer carries out an initial assessment. If necessary, your data will be transferred to courts and authorities.
4. Information about data transfers to third countries or to international organisations
Except in the cases already mentioned, the data processed by us will not be transferred to recipients in third countries without an appropriate level of security or international organisations.
5. How does Trodat protect your data?
We take appropriate technical and organisational security measures within the meaning of Article 5 (1) (f) or Article 32 GDPR in order to protect your personal data against unintentional or unlawful deletion, modification or loss and against unauthorised disclosure or access. In addition, we and our employees are obliged to observe data secrecy.
6. What are your rights?
6.1 Your rights as a data subject
You have a right of access to the personal data we process about you (Art 15 GDPR). You also have the right to have incorrect data corrected and deleted (Art 16 and 17 GDPR). You also have the right to restriction of processing (Art 18 GDPR) and the right to data portability (Art 20 GDPR). For the sake of completeness, we would like to point out that a request for deletion can only be met if there are no statutory retention requirements or other obligations.
6.2 Your right of objection
If the processing of your personal data is based on a balance of interests (Art 6 para 1 lit f GDPR: legitimate interests), you have the right to object to the processing at any time for reasons that arise from your particular situation. If you exercise your right to object, we ask you to explain to us your reasons why we should not process your personal data as we have done. We will check the situation and either stop or adapt the data processing or present you with our compelling legitimate reasons and continue the data processing. We will also continue data processing if it serves to assert, exercise or defend legal claims.
You can object to data processing for the purposes of direct advertising and data analysis at any time. In this case, we will stop processing the data.
6.3 Your right of withdrawal
If you have given us your consent to the processing of your personal data, you can revoke your consent at any time. Your revocation does not affect the legality of the data processing that has taken place up to the revocation.
6.4 Complaint to the supervisory authority
You can also contact the Austrian data protection authority (Barichgasse 40-42, 1030 Wien, phone: +43 1 52 152-0, E-mail: dsbdsb.gv.at) with a complaint. The data protection authorities of other countries can be found at https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-are-data-protection-authorities-dpas_de.
If you have questions about your rights or data processing, you can also contact us. Our full contact details can be found under Clause 2.
7. Joint processing activities
If companies process personal data jointly, there is joint responsibility if everyone jointly determines the purposes and means of processing. The joint controllers shall conclude an agreement to determine in a transparent manner who fulfils which obligation and shall inform the data subjects of the essential content of the agreement.
7.1 Other intergroup processing of applicant data
7.1.1 Who is involved in the joint processing?
TroGroup GmbH, AUT
Trotec Laser GmbH, AUT
Trodat Holding GmbH, AUT
Trodat GmbH, AUT
Iradion Laser Holding GmbH, AUT
Iradion Laser GmbH, DEU
Trotec Laser Deutschland GmbH, DEU
Trotec Laser Automation GmbH, DEU
Trodat Vertriebs GmbH, DEU
- Purpose: Processing of applicant data for business initiation in relation to employment relationships, standardised human resource management.
- Data Subjects: Applicants
- The following data will be processed: Master data, application data
- Retention period: In the case of cross-group vacancies and international job advertisements, we delete the data no later than 12 months after the position has been filled, unless the person concerned has given their consent or there are longer contractual or statutory retention periods. In the case of national advertisements and vacancies, the retention periods are based on national legal requirements.
7.2 Other intergroup processing
7.2.1 Who is involved in the joint processing
TroGroup GmbH, AUT
Trotec Laser GmbH, AUT
Trotec Laser Ltd., UK
Trotec Laser Canada Inc, CAN
Trotec Laser AG, CHE
Trotec Laser B.V., NLD
Trotec Laser S.r.l., ITA
Trotec Laser Japan Co. Ltd., JPN
Trotec Laser France SAS, FRA
Trotec Laser Espana S.L.U., ESP
Trotec Laser Deutschland GmbH, DEU
Trotec Laser Automation GmbH, DEU
Trodat Holding GmbH, AUT
Trodat GmbH, AUT
Trodat Vertriebs GmbH, DEU
Trodat Production s.r.l., ROU
Trodat Italia S.r.l., ITA
Trodat France S.A.S., FRA
Trodat Benelux B.V., NLD
Trodat Polska Sp.z.o.o., POL
Trodat UK Ltd, UK
Trodat Marking Canada Inc., CAN
Trodat Stamps (A-Pak) Limited, IRL
Ash Rubber Stamp Co.Ltd., UK
Motivation in Learning Ltd., UK
WJ Finanzierung GmbH, AUT
Iradion Laser Holding GmbH, AUT
Iradion Laser GmbH, DEU
Iradion Laser Inc., USA
Trotec Laser (Xiamen) Co. Ltd., CHN
Iradion Laser (Xiamen) Co. Ltd., CHN
Trotec Laser Inc., USA
Engravers Network LLC, USA
High Speed Laser Systems S de RL de CV, MEX
Trotec Laser PTY Ltd., AUS
Trotec Laser (Xiamen) Co. Ltd., CHN
Innovative Laminations Company Inc., USA
Trotec Laser Asia Pacific Pte. Ltd., SGP
Trodat USA Inc., USA
Tro Sellos Mexico S de RL de CV, MEX
Rubber Stamp&Engraving Co.Ltd., ZAF
Yocotrim Investments Ltd., ZAF
Trodat Marking India Pvt. Ltd., IND
Trodat Carimbos de Brasil Ltda, BRA
TRODAT RUS LLC, RUS
Trodat Marking Devices (Xiamen) Co.Ltd., CHN
7.2.2 Executive management
- Purpose: Processing of data and contracts of managers with regard to employment relationships, group-wide human resource management for managers and group-wide human resources development.
- Data Subjects: Managers of the members of the group of companies
- The following data will be processed: Master data, data on the employment contract
- Retention period: Until the end of the statutory retention periods, in particular the Austrian Commercial Code, Federal Fiscal Code and Product Liability Law. In addition, the data will be stored until the end of any legal disputes in which the data is required as evidence.
7.2.3 Customer/supplier management, accounting, logistics and bookkeeping
- Purpose: All Controllers process the data in a shared ERP program. Data is currently stored in Europe at the TroGroup GmbH site. Each Controller will process data within this system, taking into account the respective authorisations.
- Processing of personal data in the context of business relationships with customers and suppliers, including the systematic recording of all transactions relating to income and expenses.
- Data Subjects: Customers, interested parties
- The following data will be processed: Master data, VAT number
- Retention period: Legal requirements; until the end of the business relationship or until the applicable guarantee, warranty, statute of limitations and statutory retention periods have expired; as well as until the end of legal disputes in which the data is required as evidence.
7.2.4 Marketing and management of customer relationships
- Purpose: Processing of collected or purchased customer and prospective customer data for the acquisition of business from the Controller with regard to their product portfolio and the implementation of advertising measures and newsletter distribution; customer relation management.
- Data Subjects: Customers, interested parties
- The following data will be processed: Master data, account information, data on purchases (number, average order value), promotions (engagement by campaign), events
- Retention period: The data will be stored until the end of the third year after the last contact with the client, provided there are no longer contractual or statutory retention periods.
7.2.5 Website
- Purpose: The website is technically managed by Trodat Holding GmbH, TroGroup GmbH, Iradion Laser Holding GmbH and Trotec Laser GmbH. The content is provided locally by each company in the group. The receiving company will check the contact requests, book them into the joint customer database and, if necessary, send data to another company in the customer’s target area to answer requests.
- In addition, the purposes consist of promoting the corporate identity, a standardised corporate image for the group of companies, improving services and the website.
- Data Subjects: Customers, interested parties
- The following data will be processed: IP address of the visitor, date and time of the request, time zone difference to GMT, content of the request (specific page), access status/HTTP status code, amount of data transferred, requesting website, browser, operating system and user interface, language, browser software version, contact and content data of requests
- Retention period: up to 38 months, details and precise descriptions can be found on each of our websites in the data protection settings (cookies).
7.2.6 EHS (environmental, health and safety management)
- Purpose: Improvement of health and safety standards within the group of companies, prevention of occupational accidents or environmental damage, training of safety officers
- Data Subjects: Employees, suppliers
- The following data will be processed: Employee master data, information about (near) accidents, injuries suffered, sick leave, training and prevention measures, reports to authorities and outcomes
- Retention period: 30 years
7.2.7 Public Relation Management, standardised group communication
- Purpose: Informing external stakeholders, building corporate culture and public image; maintenance and harmonisation of corporate communication within the group of companies; central contact point for crisis communication
- Data Subjects: Employees, suppliers
- The following data will be processed: Employee master data and the manager concerned, time of the incident, employees involved, statements, reports
- Retention period: 30 years
7.2.8 Case management whistleblower system
- § Purpose: Group-wide processing of information relating to possible or suspected legal infringements
- § Data Subjects: Whistleblower, reported person
- § The following data will be processed: Master data of the whistleblower, e-mail address, telephone number, if these are disclosed in the report and the personal data of the person named in the tip-off, data on potentially criminal actions by courts and administrative authorities (content data of the tip-off)
- § Legal bases: Art 6 para 1 lit e GDPR (for the performance of a task in the public interest), Art 9 para 2 lit f GDPR (processing for the assertion, exercise and defence of legal claims) and Art 9 para 2 lit g GDPR (processing based on union law and the law of a member state)
- § Retention period: 5 years, log data will be retained for 3 years from last use
7.3 Point of contact for data subjects
If you have any questions about your rights or data processing, you can get in touch with the contact person for the data subjects:
TroGroup GmbH
Linzer Straße 156
4600 Wels
data-protectiontrogroup.com
7.4 Lead supervisory authority
The joint controllers have appointed the Austrian data protection authority (Barichgasse 40-42, 1030 Wien, phone: +43 1 52 152-0, E-mail: dsbdsb.gv.at) as the lead supervisory authority.
8. Change management
The current version of this data protection declaration is available on our website. Questions about an earlier version should be sent to data-protectiontrogroup.com.