1. INTRODUCTION
This privacy statement serves to inform visitors to our websites about data processing when using NOVOMATIC AG websites.
Additionally, NOVOMATIC AG fulfills its obligation to inform data subjects of the existing video surveillance system on its premises in accordance with Art. 13 of the General Data Protection Regulation of the European Union (GDPR for short).
Such information is made availabe at the bottom of this page, after the Privacy Statement.
NOVOMATIC AG sets particular emphasis on protecting your personal data, enabling all visitors of our websites to use them without any concerns. In most cases it is possible to use our website without providing personal information. The following privacy statement provides an overview of how NOVOMATIC AG guarantees the protection of your personal data, along with which types of data are collected and for which purpose.
Name and contact details of the data controller:
Your trust is very important to us. Should you have any further questions regarding the processing of your personal data by NOVOMATIC AG, please contact the Group Legal Compliance Department of NOVOMATIC AG in writing at:
NOVOMATIC AG
Wiener Straße 158
2352 Gumpoldskirchen
Österreich
Tel.: +43 2252 606 0
E-mail: [email protected]
Privacy contact: [email protected]
2. IP ADDRESS
The IP address is transmitted on every server request to let the server know where the response has to be sent. Your Internet Service Provider (ISP) gives you an IP address as soon as you connect to the Internet, and the ISP can retrace which IP address was assigned to which of its customers at any given time. For as long as the IP address is saved, it is theoretically possible to identify the owner of the Internet connection via the ISP. For this reason, we and our statistics providers do not save the IP address permanently but only temporarily for session recognition and for security reasons (for example to ward off hacker attacks). The IP address is then immediately deleted, so that any collected data are made anonymous and it is no longer possible to identify the user, not even via the ISP.
3. COOKIES
3.1. Legal basis for the use of cookies
We use cookies in accordance with the statutory provisions of the Austrian Telecommunications Act (TKG) 2003 as well as the GDPR. The legal basis is your consent given by you to us via our cookie banner. You can revoke your consent at any time by opening the cookie banner again and clicking on “Reject cookies”, without this resulting in any disadvantages for you or restricting the use of our website.
In addition to these, there are certain cookies that are absolutely necessary in order to provide a service requested by you. The solely purpose of these cookies is to protect our website against unauthorized access and attacks. This means that no consent needs to be given for these cookies.
3.2. Required cookies
When you log on to our website with your user name and password, a session cookie containing a unique identification number is stored on your device. This cookie is required for our website to ensure that you have properly signed in, which means that does not need your consent in our cookie banner.
The session cookie is used exclusively to protect your content against unauthorized access and thus to ensure the security of our website. It is automatically deleted as soon as you end your session, i.e. close the browser.
3.3. Cookies for website statistics
We use a variety of data collected during visits to our website for statistical evaluations. Such data will only be processed internally and will not be passed on to third parties. We do this to continuously improve our website and to adapt it to your requirements.
We use the privacy-friendly analysis software Matomo (https://matomo.org/) to compile usage statistics. For this purpose, cookies are stored on your computer which identify your browser session and assign recurring accesses to our website. These cookies remain stored until you revoke your consent or delete them manually.
The following data are collected and evaluated when you visit our websites:
- Pages viewed (e.g. www.beispiel.de/index.html)
- Browser type and version (e.g: Internet Explorer 6.0)
- Browser language
- Operating system used (e.g: Windows 10)
- Internal resolution of the browser window
- Screen resolution
- JavaScript activation
- Plug-ins (Java, Flash, Real, QuickTime ...)
- Cookies on/off
- Depth of color
- The previously visited page incl. parameters (e.g: search engine with search terms)
- IP address to determine the country of origin and the provider
- Time stamp
- Clicks made
3.4. Social media pages
a) Facebook
NOVOMATIC AG is also active on Facebook where the “Insights function” is used to address specific interested parties in a more targeted way. NOVOMATIC AG is jointly responsible for this together with Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Privacy policy: https://www.facebook.com/about/privacy; Opt-out: Settings for advertisements: https://www.facebook.com/settings?tab=ads; Additional privacy-related information: Agreement on the joint processing of personal data on Facebook pages: https://www.facebook.com/legal/terms/page_controller_addendum, privacy policy for Facebook pages: https://www.facebook.com/legal/terms/information_about_page_insights_data.
Rights of data subjects: When the rights of data subjects are asserted, we would like to point out that these can only be fulfilled by Facebook, as NOVOMATIC AG does not have any access to user data.
b) LinkedIn and XING/kununu
NOVOMATIC AG also operates a company website on LinkedIn and Xing/kununu.
NOVOMATIC AG is jointly responsible as a Controller together with LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; website: https://www.linkedin.com. Privacy policy: https://www.linkedin.com/legal/privacy-policy; Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out; and Xing AG, Dammtorstraße 29-32, 20354 Hamburg, Germany; website: https://www.xing.de. Privacy policy: https://privacy.xing.com/en/privacy-policy and kununu, New Work SE, Am Strandkai 1, 20457 Hamburg, Germany; website: https://www.kununu.com. Privacy policy: https://privacy.xing.com/en/privacy-policy;
Rights of data subjects: When the rights of data subjects are asserted, we would like to point out that these can only be fulfilled by LinkedIn and XING/kununu, as NOVOMATIC AG does not have any access to user data.
c) YouTube
For the purpose of corporate presentation, NOVOMATIC AG is operating a YouTube channel. Doing so, NOVOMATIC AG is acting in Joint Controllership with Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland;
Website: https://www.youtube.com.
Privacy policy: https://policies.google.com/privacy
Your settings and choices as regards privacy can be accessed here: https://policies.google.com/privacy#infochoices
Rights of data subjects: When the rights of data subjects are asserted, we would like to point out that these can only be fulfilled by YouTube/Google, as NOVOMATIC AG does not have any access to user data.
d) Karriere.at
For the purpose of corporate presentation, NOVOMATIC AG is operating a business site on the platform karriere.at. Doing so, NOVOMATIC AG is acting in Joint Controllership with karriere.at GmbH, Donaupromenade 1, 4020 Linz.
Website: https://www.karriere.at,
Privacy policy: https://www.karriere.at/datenschutzerklaerung
Rights of data subjects: When the rights of data subjects are asserted, we would like to point out that these can only be fulfilled by karriere.at, as NOVOMATIC AG does not have any access to user data.
4. INFORMATION TO BE PROVIDED according to Art. 13 and 14 GDPR
We hereby inform you about the personal data being processed while visiting the NOVOMATIC AG website or in the course of a (pre-) contractual business relationship as well as about the privacy claims and rights to which you are entitled.
4.1. Categories of personal data
Personal data that you enter yourself when filling in the forms for "Information request”, "Application" and "Contact us" are processed. NOVOMATIC AG processes your personal data exclusively in the context of the purpose for which you voluntarily provided your data in exercising your right to informational self-determination. This consent to the processing your personal data for the stated purposes remains valid until you revoke it, at any time, within the scope of the data protection regulations.
4.1.1 Categories of data subjects
Customers and suppliers as well as interested parties
If you have a (pre-) contractual relationship with NOVOMATIC AG, the personal data you provide or request will be processed for the purpose of the (pre-) contract. This also includes master data and, if applicable, payment data and correspondence data.
Purpose of the processing: Data processing is carried out for the purpose of processing an existing or prospective business relationship.
Legal basis of the data processing: Art. 6 para. 1b GDPR in conjunction with the agreement. In a legal case, data may also be processed within the scope of a legitimate interest as defined by Art. 6 para. 1 f GDPR, which must be submitted to legal representatives and courts in the event of an existing business relationship or, after termination of a judicial dispute, which is necessary for the legal proceedings.
Storage period or criteria for determining the period: The storage period is subject to the statutory storage and limitation periods of the Austrian Federal Fiscal Code (BAO) and the Austrian Commercial Code (UGB).
Transmission to third parties: The data resulting from the contractual relationship may be transmitted to tax authorities, courts or other public bodies. A statutory obligation exists here. The data will also be transmitted to our tax advisors, auditors, legal representatives, banks and insurance companies, as required.
You can find details about your rights as a data subject in accordance with Chapter III GDPR below.
4.2. Right of access to personal data
In accordance with the provisions of the GDPR, you have the right to information at any time about the data processed in the NOVOMATIC AG to your person, their origin as well as possible recipients of transmissions and the purpose of the data use. Information can be obtained, based on your written request, from the Group Legal Compliance Department of the NOVOMATIC AG, listed under point 5.10. If all legal requirements for the processing of your request for access to personal data have been met, we will comply with it and grant you the relevant access to your personal data within a period of 1 (one) month.
4.3. Right to erasure
In accordance with the provisions of the GDPR, you have the right at any time to the erasure of your personal data which were processed by NOVOMATIC AG, provided that your request for erasure does not conflict with any potential statutory retention periods or other legal obligations. If all preconditions for implementing your request for erasure have been met, we will comply with it and erase your data within a period of 1 (one) month.
4.4. Right to object
In accordance with the provisions of the DSGVO, you have the right - insofar as the processing of your personal data is not provided for by law - to object to the violation of your overriding confidentiality interests, which are worthy of protection. If these preconditions have been met, we will delete your data within a period of 1 (one) month, taking into account any legal retention periods.
4.5. Right to restriction of processing
In accordance with the provisions of the GDPR, you have the right to restrict processing of personal data under certain conditions. If all statutory preconditions have been met, we will restrict the processing of your personal data within a period of 1 (one) month.
4.6. Recipient categories and automated decision making
The data will not be passed on to recipients who use this data for their own purposes. No transfer to recipients in a third country (outside the EU) or to an international organisation is envisaged. There is no automated decision-making process.
4.7. Right to data portability
In accordance with the provisions of the GDPR, you have the fundamental right to receive the personal data provided by you in a structured, common and machine-readable format.
4.8. Revocation of consent
In accordance with the provisions of the GDPR, you have the right to revoke your consent to the processing of your personal data at any time, without stating any reasons. In this case, we will not process your data further and will erase them, taking into account any statutory retention periods, within a period of 1 (one) month.
4.9. Complaining to the Data Protection Authority (DPA)
In accordance with the provisions of the GDPR and the Austrian Data Protection Act (DSG), you have the right to lodge a complaint with the Data Protection Authority (www.dsb.gv.at) if you believe that the processing of your personal data is in violation of the GDPR or the DSG.
5. PRIVACY POLICY
The NOVOMATIC AG regards privacy (data protection), information security and reliability as the basis for stable and successful customer relations. We would therefore like to take this opportunity to inform you about the Privacy Policy we have in place for the entire NOVOMATIC AG.
5.1. Privacy Principles
Protecting privacy and safeguarding your personal data is very important to us.
All data applications operated by NOVOMATIC AG comply with the provisions of the General Data Protection Regulation of the European Union (GDPR for short) and the Austrian Data Protection Act (DSG for short) as well as other industry-specific regulations. In accordance with Art. 5 para. 1 of the GDPR, all employees are obliged to process your personal data lawfully, in good faith and in a manner that can be understood by you, and to comply with the rules on data confidentiality as defined in Section 6 of the Austrian Data Protection Act (DSG).
Compliance with the data protection and data security regulations is guaranteed across the entire Group by the following binding measures:
- Privacy Concept
- Privacy Policy
- Privacy Program
- Privacy Management System
5.2. Privacy Concept
The Privacy Concept lays down the desired level of data protection security (the protection requirements) as defined by the legal representatives of the NOVOMATIC AG. This serves as the basis for the development of the demands on Privacy Policy and on the continuous privacy improvement process within the entire NOVOMATIC AG.
5.3. Privacy Policy
On account of the assessment of privacy-related processes and the relevant data protection legislation, a written Privacy Policy was drawn up for the NOVOMATIC AG to serve as a basis for the implementation of the Privacy Program and the establishment of the Privacy Management System.
5.4. Privacy Program
As part of the Privacy Program, data protection goals are continuously being specified and the measures to be implemented are defined in the form of a work program and provided with corresponding implementation deadlines.
5.5. Privacy Management System
The Privacy Management System defines the rules, policies, measures, resources, methods, responsibilities, procedures and organization structures for implementing and monitoring the Privacy Program.
Modeled on the international standards ISO 9001:2015 and ISO/IEC 27001:2017, our Privacy Policy was designed along the lines of the PDCA (Plan, Do, Check, Act) model to achieve continuous improvement.
5.6. Processing activities
In accordance with Article 30 GDPR, NOVOMATIC AG maintains a so-called "record of processing activities" in which the data applications operated by NOVOMATIC AG as well as the relevant processing activities are documented. This existing record should always be kept up-to-date in accordance with the data protection provisions of Article 30 GDPR.
5.7. Special categories of personal data
NOVOMATIC AG does not process any special categories of personal data within the meaning of Article 9(1) GDPR on its website.
5.8. Guaranteed Data Protection
In principle, we do not process your personal data without your consent or within the framework of the existing contractual relationship with you and for the agreed purpose. We store your personal data in accordance with the applicable prescribed statutory time periods.
5.9. Transferring and Surrendering Data
Any transfer of personal data to third parties is made only with your consent. Excepted from this are data transfers that are necessary due to a legal obligation or for fulfilment of a contract. The transfer of personal data to processors (service providers) shall, in principle, be limited to those undertakings providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing the personal data complies with the requirements of the GDPR and ensures the protection of the rights of the data subject.
5.10. Data Security
The technologies employed by the NOVOMATIC AG to process your personal data (hardware, software, network, infrastructure) comply with state-of-the-art security technologies. Appropriate technical and organisational measures have been set for these procedures, in order to comply with the requirements of the GDPR.
Information obligation in accordance with Art. 13 GDPR concerning video surveillance
Name and contact data of the controller:
NOVOMATIC AG
Wiener Straße 158
2352 Gumpoldskirchen
Österreich
Tel.: +43 2252 606 0
Privacy contact: [email protected]
Purposes of the data processing:
Video surveillance with digital image recording for the purpose of self-protection (protection of business and operational secrets, protection of property and protection of the client's employees) and the protection of accountability (perception of traffic safety obligations) as well as for the purpose of preventing, containing and clarifying criminally relevant behavior, with exclusive evaluation in the case defined by the purpose.
Legal basis of data processing: Art. 6 lit. 1 f DSGVO in conjunction with §§ 12 and 13 DSG 2018
Legitimate interests, which are being pursued: Protection of property
Storage period: A maximum of 30 days
Transmission to third parties: The data will not be transferred to third parties. Video surveillance takes place for internal purposes and is only made available to the security authorities if necessary to help with work to solve potential crimes.
Rights of the data subject: Please note that your rights as a data subject vis-à-vis video surveillance are limited. In the event of not being able to clearly identify you as an individual pursuant to Art. 11 (1) and (2) GDPR, we cannot fulfill certain data subject rights for you without obtaining additional information that is not relevant for processing. For this reason, Art. 15 to 20 (right of access, right to rectification, right to erasure, right to restriction of processing, data portability) do not apply. However, if you provide us with additional information that identifies you as a data subject, we will process your request accordingly.
Video data is deleted automatically after the 30-day storage period has expired. Rectification or erasure within this period is not possible.