Privacy policy

Thank you for using our website and your interest in data protection matters. Careful management of personal data is of utmost importance to us. Thus, we process your personal data solely in accordance with the EU General Data Protection Regulation.

We have taken comprehensive technical and corporate protection measures to protect your data from incidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our safety procedures are reviewed and adapted to technological advance regularly.

In the below paragraphs we would like to inform you comprehensively about the processing of the data of visitors of our website, customers, suppliers, interested parties and job applicants taking into consideration the applicable statutory data protection regulations.

This privacy policy will address which data we process for which purpose and based on which legal foundations. We would like to make you aware especially that we will inform you about your rights as the data subject as per GDPR specifying to which entity you may direct your questions regarding data protection or requests to exercise your rights.

Note:

  • Personal data are any data with which you can be personally identified.
  • To make texts easier to read, the term data is used usually even though personal data are meant. Statutory provisions without specifications solely refer to those of the GDPR unless otherwise specified.
  • Please note that data transmission on the internet (e.g. e-mail communication) may be subject to security breaches. Complete protection of data from access by third parties is not possible.
  • This privacy policy will be updated from time to time. The date of the last update is specified at the end of this document.
I. Controller

The company responsible for the processing of your data as from May 25, 2018 is that company of the Doppelmayr/Garaventa Group with whom you have a business relationship or whom you have entrusted with your data.

The company responsible for the data collection on this website is Doppelmayr Transport Technology GmbH as specified in the site notice.

In the event that you have any questions regarding the protection and security of your data or wish to exercise your rights and claims relating to data protection, please contact dataprotection@doppelmayr.com.

II. Processing of personal data, purpose of the processing and legal bases

Depending on whether you visit our website, send us a message through the contact form on our website, register in our service portal subscribe to a newsletter, apply for a job with us or are an interested party, customer or supplier we collect and process different personal data concerning you. For detailed information regarding the data categories collected and processed in each case, the purpose of the processing, storage periods, and revocation options please refer to the below paragraphs of this privacy policy.

Legal basis for the data collection

According to articles 13 and 14 GDPR, we communicate the legal bases for our data processing activities.

Insofar as we obtain consent of the data subject for the processing activities of personal data, article 6(1) (a) GDPR serves as the legal basis.

For the processing of personal data that are required for the fulfilment of a contract one of whose contracting parties is the data subject, article 6(1) (b) GDPR serves as the legal basis. This also applies for processing activities that are required to carry out precontractual measures.

Insofar as the processing of personal data is required for the fulfilment of a legal obligation that our company is subject to, article 6(1) (c) serves as legal basis.

If the processing is required to preserve a legitimate interest of our company or a third party and the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the first-mentioned interest, article 6(1) (f) GDPR serves as legal basis for the processing.

If the processing of personal data is based on article 6(1) (f) GDPR, our legitimate interest is the performance of our business activities for the benefit of well-being of all our employees and shareholders.

In accordance with § 6 (1) Data Protection Act 2018, your personal data from the data processing are kept confidential irrespective of other statutory obligations to secrecy, insofar as there are no legally permissible reasons for the transmission of the personal data that were entrusted or became accessible.

1. Data processing on our website

Who is responsible for the data collection on this website?

The data collected on this website are processed by Doppelmayr Transport Technology GmbH as specified in the site notice. If you have any questions regarding data protection, please contact dataprotection@doppelmayr.com.

Links to websites of other providers

Our website contains links to websites of other providers to which this privacy policy does not extend. Insofar as the collection, processing or use of personal data is related to the use of websites of other providers / companies, observe the privacy policy of the website in question.

How do we collect your data?

For one thing, data are collected when you provide them to us. Such data may, for example, be data you enter into a contact form.

Other data are collected automatically by our IT systems when you visit the website. Such data are primarily technical data such as the browser, operating system you are using or when you access the website. These data are collected automatically as soon as you enter our website.

Cookies and analytical tools

When using our website, your surfing behaviour may be analysed statistically. This primarily is carried out using cookies and so-called analytical programs. The analysis of your surfing behaviour usually is anonymous; i.e. it will not be possible to track the surfing behaviour back to you. You can object to this analysis or prevent it by not using certain tools. For detailed information regarding this matter, refer to the below paragraphs of this privacy policy.

SSL or TLS encryption

This website uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the enquiries you send to us as the site operator. You can recognize an encrypted connection in your browser's address bar when it changes from http:// to https:// and the lock icon is displayed in your browser's address bar.
If SSL or TLS encryption is activated, the data you transfer cannot be read by third parties.

What do we use your data for?

Part of the data that are collected automatically when visiting the website is used to ensure proper functioning of the website. Other data can be used to analyse how visitors use the site.

Server location

20537 Hamburg, Germany

1.1. Data collection on the website in detail

Below you find data protection information relating to data that are collected automatically when you visit our website.

a. Cookies

Our website uses cookies. Cookies are text files that are stored in your browser or on your computer by the browser. When you access our website, a cookie can be stored in your operating system. This cookie contains a specific character string that allows clear identification of the browser when the website is accessed again.

Technically necessary cookies:

We use cookies to make our website more user-friendly. Most of the cookies we use are so-called 'session cookies'. They are automatically deleted after your visit. Other cookies remain in your device's memory until you delete them. These cookies make it possible to recognize your browser when you next visit the website.

The following data are stored and transmitted in the cookies:

  • Hiding the cookie notice

Not-technically necessary cookies:

Furthermore, our website uses cookies that allow to analyse your surfing behaviour. The following data can be transmitted:

  • Redirection to correct language
  • Siteimprove analytics

The data concerning the users that are collected in this way are pseudonymized by technical means. Thus, attributing data to the user is no longer possible. Those data are not stored together with all the other personal data concerning the users. When accessing our website, an information banner informs you about the use of cookies for analytical purposes and refers you to this privacy policy. Furthermore, instructions are given on how to configure your browsers to reject the storage of cookies.

Legal basis of the data processing

The legal basis for the processing of your data using technically necessary cookies is article 6(1) (f) GDPR. For cookies that are used for analytical purposes, the legal basis, if you give consent to the storage, is article 6(1) (a) GDPR.

Purpose of the processing

Technically necessary cookies are used for facilitating the use of websites for the users. This purpose also encompasses our legitimate interest in processing your data as per article 6(1) (f) GDPR. Some functions of our website cannot be offered without using cookies. Such functions require that the browser is recognized even after accessing another website.

The user data collected by means of technically necessary cookies are not used to create user profiles. The (not-technically necessary) analytical cookies are issued for the purpose of improving the quality of our website and its contents. Analytical cookies let us know how our website is used and allow us to continually optimize our offer.

Duration of the storage, revocation, and possibility of erasure

Cookies are stored on the user's computer and from there transmitted to our website. Consequently, you have complete control over the use of cookies. By means of changing the settings of your browser you can deactivate or restrict the use of cookies. Already stored cookies can be deleted at any time. This process can be automated as well. There are several ways of administrating cookies. The help button in the toolbar of most browsers shows you how you can stop the acceptance of cookies, how to be notified every time a new cookie is set, and how to reject cookies completely. If you reject cookies, you might be unable to register, log in or use the full scope of services.

b. Server log files

The website provider automatically collects and stores information that your browser automatically transmits to us in so-called server log files.

The visit to our website is registered in server log files and stored for a limited period of time. The data stored are specified below.

These are:

  • Browser type and version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

The data will not be combined with other data sources.

Legal basis of the data processing

The legal basis for the data processing is article 6(1) (f) GDPR.

Purpose of the processing

The data are processed for enabling the use of the website (connection establishment), system security, technical administration of the network, infrastructure as well as optimizing the internet offer. These exclusively are information that do not allow drawing conclusions concerning your person.

Duration of the storage, revocation, and possibility of erasure

The last 14 files of the error and access log are stored on the server. The collection of the data for the provision of the website and the storage of the data in log files is imperative for the operation of the website.

c. Web analytics service Google Analytics

The controller of this website has the component Google Analytics (with anonymization function) integrated in the website. Google Analytics is a web analytics service. Web analytics is the compilation, collection, and evaluation of data on the behaviour of visitors of websites. A web analytics service, among other things, collects data on the website that lead a person to a website (so-called referrers), which subsites they accessed or how often and how long a subsite was viewed. Web analytics mainly are used to optimize a website and carry out cost-benefit analyses of internet advertisements.

Google Analytics is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

IP anonymization

The controller of the website uses the add-on "_gat._anonymizeIp" for web analytics via Google Analytics. This add-on serves for Google to shorten and anonymize the IP address of the internet connection of the data subject, if the access to our website comes from a member state of the European Union or another party to the Agreement on the European Economic Area.

Google Analytics sets a cookie in the IT system of the data subject. An explanation of what cookies are has been given above. Setting the cookie allows Google to analyse the use of the website. Each access to an individual page of this website that is operated by those responsible for the data processing and has the Google Analytics tool integrated causes the Google Analytics tool to trigger the browser of the IT system of the data subject to automatically transmit data to Google for online analysis. As part of this technical process, Google receives personal data, such as the IP address of the data subject that, among other things, serve Google to reproduce the origin of the visitors and clicks and, consequently, enable commission settlements.

The cookies serve to store personal information, for example the access time, location of origin of the access, and the frequency of visits to our website by the data subject. Upon each visit to our website, these personal data, including the IP address of the internet connection used by the data subject, are transmitted to Google in the United States of America. Google might possibly pass on these personal data collected by means of the technical process to third parties.

Demographic features of Google Analytics

This website uses the 'demographic features' function of Google Analytics. This allows creating reports that contain information on the age, gender, and interests of the visitors of the site. These data come from interest-based advertising by Google as well as visitor data from third parties. These data cannot be correlated to a specific person. You can deactivate this function at any time in the settings of your Google account or generally reject the collection of your data by Google Analytics as described above.

More information on how Google Analytics handles user data can be found in the privacy policy of Google: https://support.google.com/analytics/answer/6004245?hl=en .

Legal basis

Google Analytics cookies are stored based on article 6(1) (f) GDPR. The operator of the website has a legitimate interest in analysing user behaviour to optimize both their website and the advertising.

Purpose of the processing

The purpose of the Google Analytics tool is the analysis of visitor flows on our website. Google uses the data and information obtained, among other things, to evaluate the use of our website, to compile online reports for us that represent the activities on our website and to provide other services related to the use of our website.

Storage period

The data are deleted as soon as they are no longer required for our recording purposes. In our case, this will be after 26 months.

Browser plugin

Furthermore, the data subject can object to the collection of data generated by Google Analytics and relating to the use of this website as well as the processing of those data and prevent this. For this, the data subject must download a browser add-on under the link https://tools.google.com/dlpage/gaoptout?hl=en and install it. This add-on uses JavaScript to tell Google Analytics that no data and information relating to the use of websites may be transmitted to Google Analytics. Google understands the installation of this add-on as an objection. If the IT system of the person in question is deleted, formatted or newly set-up at a later point of time, the add-on must be re-installed to deactivate Google Analytics. If the add-on is uninstalled or deactivated by the person in question or another person that is part of their area of control, it can be re-installed or re-activated.

Objection to the collection of data

You can prevent the collection of data by Google Analytics by clicking the following link. An opt-out cookie will be set to prevent your data from being collected during future visits to this site: set opt-out cookie.

d. Plugins and tools


YouTube Plugin

Our website uses plugins from YouTube, which is operated by Google. The operator of the page is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

If you visit one of our pages featuring a YouTube plugin, a connection to the YouTube servers is established. The YouTube server is informed which of our pages you have visited.

If you are logged in with your YouTube account, you allow YouTube to associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account.

YouTube is used to help make our website appealing. This constitutes a legitimate interest pursuant to article 6(1) (f) GDPR.

Further information about the handling of user data can be found in the privacy policy of YouTube: https://policies.google.com/privacy?hl=en.

Vimeo

Our website uses plugins of the Vimeo video portal. This is provided by Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.

If you visit one of our pages featuring a Vimeo plugin, a connection to the Vimeo servers is established. The Vimeo server is informed which of our pages you have visited. Furthermore, Vimeo will learn your IP address. This also applies if you are not logged into your Vimeo account or do not have a Vimeo account. The information collected by Vimeo are transmitted to the Vimeo server in the USA.

If you are logged into your Vimeo account, you allow Vimeo to associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your Vimeo account.

Further information about the handling of user data can be found in the privacy policy of Vimeo: https://vimeo.com/privacy.

Google web fonts

For the uniform representation of fonts, this page uses web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.

For this purpose, your browser must establish a connection to the Google servers. Thus, Google learns that your IP address was used to access our website. Google web fonts are used in the interest of a uniform and attractive presentation of our website. This constitutes a legitimate interest pursuant to article 6(1) (f) GDPR.

If your browser does not support web fonts, a standard font from your computer is used.

Further information about Google web fonts can be found at https://developers.google.com/fonts/faq and in the privacy policy of Google: https://policies.google.com/privacy?hl=en.

Google Maps

This site uses the Google Maps service via an API. The service is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

To use the functions of Google Maps it is necessary to save your IP address. This information is generally transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.

Google Maps is used in the interest of making our website appealing and to facilitate locating the places specified by us on our website. This constitutes a legitimate interest pursuant to article 6(1) (f) GDPR.

More information regarding the handling of user data can be found in the privacy policy of Google: https://policies.google.com/privacy?hl=en.

1.2. Contact form

If you send us questions or enquiries via the contact form, we will collect the data entered into the form, including the contact details you provide, to process the enquiry and any possible follow-up questions. We will not share this information without your permission.

Thus, the data entered into the contact form are processed only with your consent as per article 6(1) (a) GDPR. You can revoke this consent at any time. An informal notification by e-mail to dataprotection@doppelmayr.com. is sufficient for this. The lawfulness of the data processing carried out until the revocation remains unaffected by this.

We will retain the data you entered into the contact form until you request their deletion, revoke your consent for their storage or the purpose of the data storage is no longer given (e.g. after fulfilling the enquiry). Any mandatory statutory provisions, in particular data retention periods, remain unaffected.

1.3. Newsletter

If you would like to receive the newsletter offered on our website, we require a valid e-mail address as well as information that allows us to verify that you are the owner of the specified e-mail address and agree to receiving this newsletter (title, first name, last name, e-mail, language, optional: company, position). Other data are not collected or only on a voluntary basis. We only use these data to send out the information requested and will not pass them on to third parties.

Therefore, we process any data entered into the newsletter subscription form only with your consent as per article 6(1) (a) GDPR. You can revoke your consent to the storage of your data and e-mail address as well as their use for sending the newsletter at any time, e.g. through the unsubscribe link in the newsletter. The lawfulness of the data processing carried out until the revocation remains unaffected by this.

The data you provided when subscribing to the newsletter will be stored by us until you cancel your subscription and then be deleted. Data we have stored for other purposes (e.g. e-mail address for the member section) remain unaffected.

MailChimp

This website uses the services of MailChimp to send newsletters. This service is provided by Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

MailChimp is a service that organizes and analyses the distribution of newsletters. If you enter any data to subscribe to the newsletter (e.g. e-mail address), those data are stored on the servers of MailChimp in the USA.

MailChimp is certified under the EU-US Privacy Shield. The Privacy Shield is an agreement between the European Union and the USA to ensure compliance with the European privacy standards in the US.

MailChimp allows us to analyse our newsletter campaigns. When you open an e-mail sent with MailChimp, a file included in the e-mail (called a web beacon) connects to MailChimp's servers in the USA. This allows us to determine if a newsletter message has been opened and which links have been clicked. In addition, technical information are collected (e.g. time of retrieval, IP address, browser type and operating system). This information only serves for the statistical analysis of newsletter campaigns. The results of these analyses can be used to tailor future newsletters better to the recipients' interests.

If you do not want to be part of the analysis by MailChimp, you have to unsubscribe from the newsletter. For this purposes, we provide an unsubscribe link in every newsletter we send.

The data are processed with your consent as per article 6(1) (a) GDPR. You can revoke your consent at any time by unsubscribing from the newsletter. The lawfulness of the data processing carried out until the revocation remains unaffected by this.

The data you provided when subscribing to the newsletter will be stored by us until you cancel your subscription. Data we have stored for other purposes (e.g. e-mail address for the member section) remain unaffected.

For details refer to the privacy policy of MailChimp: https://mailchimp.com/legal/privacy/.

1.4. Registration for the service portal

On our website, customers can register to use additional functions (access to the sections "Library" and "Ropeway Assistant" of the site. We will only use the data entered during the registration for the use of the respective offer or service for which you registered. The following data are collected during the registration process: gender*, first name*, last name*, profession, customer number, e-mail address*, company, telephone number, street*, postal code, city*, country*. The mandatory information* requested for the registration must be provided; otherwise, the registration cannot be completed.

In case of important changes, such as in the scope of products and services offered or technically necessary modifications, we use the e-mail address you provided during the registration to inform you accordingly.

The data provided during the registration are processed with your consent as per article 6(1) (a) GDPR. You can revoke this consent at any time. An informal e-mail to dataprotection@doppelmayr.com is sufficient for this. The lawfulness of the data processing carried out until the revocation remains unaffected by this.

The data you provided when registering for the service portal will be stored by us until you cancel your registration and then be deleted. Any mandatory statutory provisions, in particular data retention periods, remain unaffected.

2. Information for interested parties, customers and suppliers regarding the handling of your data

Below we inform you about the handling of your personal data that we process as part of our business relationship with you (hereinafter referred to as 'data'); whereby those are only personal data to the extent that they identify a natural person or make a natural person identifiable.

2.1. Categories of data processed

a. Interested parties

If you are interested in purchasing our products, we process the following data concerning you:

  • Company
  • Business address
  • E-mail address or other information required for addressing that result from modern means of communication
  • Data of our contact person with you

    • Title, name, gender
    • Additional data for addressing with you, including telephone numbers, mobile numbers and e-mail addresses or other information required for addressing that result from modern means of communication
    • Position with you
    • Scope of the power of representation

  • Business transactions processed
  • Possible key for data exchange

b. Customers

If you buy one of our products, we process the following data concerning you:

  • Customer number
  • Company
  • Business address
  • Bank details
  • Terms of financing and payment
  • Data regarding credit rating
  • Purchase price
  • Account / receipt data
  • Credit card data
  • Bank guarantees, bonds
  • Data concerning insurance and / or customs clearance
  • Data concerning tax liability and tax calculation
  • Data concerning credit management
  • Data concerning the performance
  • Various blocking data:

    • Contact ban
    • Invoice block
    • Delivery block
    • Posting block
    • Payment stop

  • Reminder / claim data
  • Data of our contact person with you

    • Title, name, gender
    • Additional data for addressing with you, including telephone numbers, mobile numbers and e-mail addresses or other information required for addressing that result from modern means of communication
    • Position with you
    • Scope of the power of representation

  • Business transactions processed
  • Possible key for data exchange
  • Image data from the identified video surveillance areas

c. Sub-contractors / Suppliers

If you are our supplier or sub-contractor, we process the following data concerning you:

  • Supplier number
  • Company
  • Business address
  • Telephone number
  • E-mail address or other information required for addressing that result from modern means of communication
  • Fax number
  • VAT identification number
  • Object of supply or service
  • Terms of delivery and performance, e.g. place of delivery, delivery date
  • Commercial register data
  • Data regarding credit rating
  • Bank details
  • Account / receipt data
  • Credit card data
  • Bonus, commission data and similar
  • Terms of financing and payment, including advance payments, valuation allowances
  • Bank guarantees, bonds
  • Data concerning insurance and / or customs clearance
  • Data concerning tax liability and tax calculation
  • Data concerning credit management
  • Data concerning the performance
  • Various blocking data:

    • Contact ban
    • Invoice block
    • Delivery block
    • Posting block
    • Payment stop

  • Reminder / claim data
  • Data of our contact person with you

    • Title, name, gender
    • Additional data for addressing with you, including telephone numbers, mobile numbers and e-mail addresses or other information required for addressing that result from modern means of communication
    • Position with you
    • Scope of the power of representation

  • Business transactions processed
  • Possible key for data exchange
  • Image data from the identified video surveillance areas
2.2. Purpose of the processing and legal basis of the data processing

Depending on our business relationship with you, we process the data for different purposes and based on varying legal provisions.

a. Interested parties

The purpose of the processing is the processing and transfer of the data for the initiation of a business relationship set in motion by your interest in one of our products, including automatically created and archived text documents (such as correspondence) in these matters.

The lawfulness of the data processing results from the necessity for the performance of pre-contract measures in reaction to your enquiry or, if dealing with data of our contact person with you, from our primarily legitimate interest in processing your enquiry and entering into a business relationship with you, article 6(1) (b) and (f) GDPR.

b. Customers

The purpose of the data processing is the processing and transfer of data as part of the business relationship with you, including automatically created and archived text documents (such as correspondence) in these matters.

The lawfulness of the data processing results from the necessity for the fulfilment of the contract entered into with you or, if dealing with data of our contact person with you, in our primarily legitimate interest in maintaining the business relationship with you and fulfilling the contracts with you.

Apart from the processing of your data to handle your queries and orders, we also use your data to carry out marketing measures, such as marketing campaigns with product and service recommendations, customer surveys, market analyses and events, either via e-mail or postal services. The purpose of the processing of your personal data in this context is informing you about current developments relating to our products. The legal basis for the processing of these data results from our mainly legitimate interest in achieving this purpose.

You can object to the use of your personal data for advertising purposes at any time. A notice to dataprotection@doppelmayr.com is sufficient.

The purpose of the processing of the image data from video surveillance systems is the surveillance of places that are subject to our householder's right. The processing of these data is subject to our legitimate interest that results from guaranteeing safety standards.

c. Sub-contractors / Suppliers

The purpose of the data processing is the processing and transfer of the data as part of the business relationship with you, including automatically created and archived text documents (such as correspondence) in these matters.

The lawfulness of the data processing results from the necessity for the fulfilment of the contract entered into with you or, if dealing with data of our contact person with you, in our primarily legitimate interest in maintaining the business relationship with you and fulfilling your deliveries and / or the contracts with you, article 6(1) (b) and (f) GDPR.

The purpose of the processing of the image data from the video surveillance system is the surveillance of places that are subject to our householder's rights. The processing of these data is subject to our legitimate interest that results from guaranteeing safety standards.

2.3. Recipients of the data

Depending on the business relationship we maintain with you, data that are relevant on a case-by-case basis may be passed on to different recipients:

a. Interested parties

Where applicable, your data are transmitted to companies of the Doppelmayr/Garaventa Group, if this is necessary to fulfil the purposes described above.

b. Customers

Customer data may be communicated to the following recipients:

  • companies of the Doppelmayr/Garaventa Group, insofar as it is required for the fulfilment of the purposes described above
  • our tax consultant and auditors, insofar as it is required for the fulfilment of their task
  • our sub-contractors / suppliers who contribute to the performance of our services, insofar as it is required for the fulfilment of their respective task
  • administrative and financial authorities
  • our legal representatives in reminder and debt collection matters, insofar as it is required for the fulfilment of their task
  • courts
  • IT service providers

c. Sub-contractors / Suppliers

If you are our supplier or sub-contractor, we pass on the information processed to the following recipients, if necessary:

  • companies of the Doppelmayr/Garaventa Group, insofar as it is required for the fulfilment of the purposes described above
  • banks for handling of payment transactions
  • our tax consultant and auditors, insofar as it is required for the fulfilment of their task
  • our customers as recipients of your services
  • administrative and financial authorities
  • our legal representatives in reminder and debt collection matters, insofar as it is required for the fulfilment of their tasks
  • courts
  • IT service providers
2.4. Data storage (storage period)

Depending on the business relationship we maintain with you, the data are stored for different periods of time, which are as follows:

a. Interested parties

These data are deleted once they are no longer necessary to fulfil the purpose described above, unless statutory retention periods prevent the deletion.

b. Customers

These data are stored until the termination of the business relationship and until the expiration of the warranty, damages, limitation and statutory retention periods we are subject to; beyond that, until the termination of possible legal disputes for which the data are required as evidence.

c. Sub-contractors / Suppliers

These data are stored until the termination of the business relationship and until the expiration of the warranty, damages, limitation and statutory retention periods we are subject to; beyond that, until the termination of possible legal disputes for which the data are required as evidence.

d. Data that we process based on consent given as well as image data from the marked video surveillance areas

Data that we process based on your consent given are stored until receiving the revocation of said consent and beyond that for as long as statutory terms stipulate it.
Any consent given can be revoked at any time and independent of consent given for any other purpose without the lawfulness of the processing carried out based on the consent until the revocation being effected.
Your image data from the video surveillance system are stored for a maximum period of two weeks unless the end of this is a Sunday, public holiday, Good Friday or December 24. In this case, your data are stored until the next day that is not one of the aforementioned days. In the case of an incident covered by the purpose of the video surveillance, the image data are stored for as long as is necessary as evidence.

3. Applicants

The measures, rights and obligations based on this information apply for both the application form on our website as well as for unsolicited applications or applications subjected by other means to a company of the Doppelmayr/Garaventa Group.

3.1. Categories of processed data

We process those data concerning you that you enter into the application form and provide to us through your curriculum vitae and other documents, such as correspondence or certificates.

The provision of the data marked as mandatory fields (first name, last name, gender, date of birth, nationality, source, e-mail address, telephone number, street, postal code, city, country, cover letter, curriculum vitae) are required to process your application. If you do not provide these data, the application process cannot be completed.

The data will be used only for the processing of your application.

3.2. Purpose and legal basis of the data processing

The purpose of the data processing is the processing of your application.

The lawfulness of the data processing results from your express consent as per article 6(1) (a) GDPR and our legitimate interest in a positive conclusion of the application process as per article 6(1) (f) GDPR.

The lawfulness of the transmission of the data to the companies of the Doppelmayr Group specified under item 2 results from your express consent as per article 6(1) (a) GDPR.

3.3. Recipients of the data

The application data may be communicated to other companies to check the availability of other similar vacancies within the Doppelmayr/Garaventa Group.

If you do not wish this, you can object to it by contacting your contact person in our Human Resources Department or dataprotection@doppelmayr.com In that case, your data will only be processed for the application for the vacancy you expressly applied for.

Some of the companies of the Doppelmayr/Garaventa Group listed above have their headquarters outside of your country or process your personal data there. The data protection level in other countries potentially might not correspond with the protection level in your country. We only will transfer your personal data to countries that are classified by the EU Commission as having an adequate data protection level or we take measures to ensure that all recipients have a suitable data protection level as per article 44 ff GDPR.

3.4. Data storage (storage period)

If your application is not successful, the data are stored by the controller for another twelve months as from the date of the rejection letter to be able to answer any possible questions relating to your application and its rejection. Then, your data are deleted; unless, continued storage would be required for the defense against claims or you expressly give your consent for the storage.

If you do not wish that your application data are stored beyond the specified period, you can revoke the consent given for this at any time. In that case, please approach your contact person in our Human Resources Department or dataprotection@doppelmayr.com.

III. Rights of the user (rights of the data subject)

If personal data concerning you are processed, you are the data subject in line with the GDPR and you have the following rights towards us as the responsible party:

1. Right of access by the data subject as per article 15 GDPR

You can request written information on whether we process personal data that refer to you.

If such processing is carried out, you have the right to obtain information regarding the following:

The purpose and categories of personal data that are processed, including the recipients or categories of recipients to whom personal data have been or will be disclosed as well as the envisaged period for which the personal data will be stored. In the event that we use profiling technologies, we must provide meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you. Furthermore, we must inform you about your right to file a complaint with the data protection authority. In addition, you have the right to request information about whether your data are transferred to a third country or international organisation.

2. Right to rectification as per article 16 GDPR

You have the right to rectification and / or completion if your personal data that are processed are inaccurate or incomplete. Where applicable, we will carry out the rectification without undue delay.

3. Right to erasure (right to be forgotten) as per article 17 GDPR

You have the right to obtain the erasure of personal data concerning you. Prerequisite for the right to erasure is the application of one of the following reasons:

  • The personal data are no longer necessary in relation to the purpose for which they were collected or otherwise processed.
  • The data subject withdrew consent for the data processing (and there is no other legal ground); this applies in particular for data of a child that were collected in connection with a service of the information society offered to them.
  • The data subject objected to the processing (and there are no overriding legitimate grounds for the processing).
  • The personal data have been unlawfully processed.
  • The erasure of the personal data is required for the compliance with a legal obligation in Union or Member State law.


The right to erasure does not apply, if the data processing is necessary

  • to comply with a legal obligation that requires the processing (e.g. with regards to authorities and administrative bodies) or to perform a task that is in the public interest that we were commissioned with;
  • for the establishment, exercise of defense of legal claims.
4. Right to restriction of processing as per article 18 GDPR

You can request a restriction of the processing of your data subject to the following conditions:

  • if you contest the accuracy of the personal data concerning you, for a period enabling us to verify the accuracy of the data;
  • the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
  • we no longer need the personal data for the purposes of the processing, but you need them for the establishment, exercise or defense of legal claims; or
  • you have objected to the processing pending the verification whether our legitimate grounds override yours.


Where processing has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person.

If the processing has been restricted in accordance with the above conditions, we will inform you before the restriction is lifted.

5. Right to object as per article 21 GDPR

You shall have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on article 6(1) (e) or (f) GDPR; this includes profiling based on those provisions.

In that case, we no longer process your personal data unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

Where your personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing; which includes profiling to the extent that it is related to such direct marketing.
Where you object to the processing for direct marketing purposes; the personal data shall no longer be processed for such purposes.

6. Right to withdraw the data protection declaration of consent

You shall have the right to withdraw your declaration of consent concerning data protection at any time. The withdrawal of the consent does not affect the lawfulness of the processing carried out based on the consent until the withdrawal


7. Right to lodge a complaint with the data protection authority

Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint as per article 24ff Data Protection Act 2018 with the data protection authority, if you consider the processing of personal data concerning you infringes the GDPR.

The data protection authority shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy.

 

Wolfurt, June 2018.