Data protection

In this data protection statement, you will find information concerning the mode, scope and purpose of the data processing (compare art 13, 14 and 21 of the general data protection regulation [EU] [EU]2016/679 [GDPR][DSGVO]). This refers to personal data of visitors, users, interested parties and customers (contractual partners) of ProMetall GmbH, Ared Strasse 36 (ARED-PARK), A-2544 Leobersdorf. If, hereafter, the “company” is referred to, the specified company is meant, to the degree it is responsible under data protection law. “Person[s] concerned” refers to the specified visitors, users, interested parties, customers.

(A) GENERAL

The company collects personal data if the persons concerned provide it in the framework of visiting and using the website, in the framework of an enquiry, any (other) contact (e.g. contact form or email) or in the course of setting up a customer account. The type of data collected is evident from the input forms or the queries by the company’s employees.

The following information is collected in the course of your visit to the website: The date and time a page of our website was called up, the IP-address, name and version of the web browser, certain cookies (see below point [j] and any information the user provides, for example by filling in a contact form or registering on the website.

There is no obligation to provide the requested data. If, however, the data is not provided, you will not be able to use all the functions of the website.

(B) NAME AND CONTACT DETAILS OF THE RESPONSIBLE ENTITY

ProMetall GmbH
Ared Straße 36 (ARED-PARK) A-2544 Leobersdorf
UID: ATU43522309
Phone: +43 2256 62541-0
Email: sales@prometall-europe.com

The company does not appoint a data protection officer.

(C) PROCESSING PURPOSES AND LEGAL BASES

Personal data of the persons concerned are used for the following purposes:

  • for performance of a contract or implementation of pre-contractual measures that are carried out at the request of the person concerned (consultancy, preparation of quotes etc.),
  • for compliance with legal documentation and transfer obligations, in particular with regards to tax and levies, and
  • for compliance with any reporting obligations towards the interested parties, customers and authorities in the event of a breach of data protection.

The following points are the legal basis for data processing:

  • the transaction concluded with the person concerned (see above), whereby a contract that is concluded with a legal entity and requires processing of personal data for its fulfilment (contact) is considered the same,
  • the pre-contractual provisions at the request of the person concerned and
  • if this does not include any health-related information or other sensitive data, the company’s legitimate interest (Art 6 para 1 lit b and f GDPR) as well as
  • consent (as described below).

The following is considered legitimate interest:

  • the introduction of business transactions by the company,
  • provision of adequate information to interested parties and customers concerning the products and services, events, campaigns etc., i.e. advertising, offered and facilitated by the company. This includes transferring data to principals for this purpose, if this is necessary for the implementation of this or any other marketing measures, statistical evaluations etc.,
  • the internal administration within the group, if the company is part of a group or connected with a group,
  • in the processing by the processor (e.g. external accounting)
  • in preventing cases of fraud or illegal use of the website. Apart from the latter case, the data automatically collected and recorded by the provider on the web server, such as the browser used, operating system, referring site, IP-address, time, are not evaluated and not attributed to a specific person. In the event of commentaries or form entries, the data entered and their IP-addresses are stored for the purpose of the prosecution of illegal contents.

In the below cases the declaration of consent given by the person concerned is the legal basis for processing:

  • Upon registration for a newsletter, the person concerned consents to the use of the data required or separately transferred by the person concerned, for emailing newsletters on a regular basis.
  • Upon publishing postings on the company’s Facebook page, the person concerned consents to the postings being published by the company, e.g. on a so-called “social wall”.
  • Inclusion in a list of participants at events and presentations and provision of those lists to the participants, as well as subsequent processing of the data specified in the lists, is also based on the consent given therein by the person concerned.


This consent may be recalled (also on an individual basis) at any point in time by means of notification to the contact listed above in lit.(b) or by clicking the respective tick box (“box”). This recall does not render the processing until that time unlawful (no retroactive effect of the recall).

As any processing is based on the company’s legitimate interest, as specified, the person concerned has the right of appeal in accordance with Art 21 GDPR, in this respect. We refer to the separate information at the end of this data protection statement.

(D) NECESSITY

The provision of personal data to the company is necessary for the conclusion and fulfilment of the contract. Non-provision would result in the company not being able to act and therefore not being able to conclude a contract.

Personal data must be provided to the company for registration for a newsletter and for sending the newsletter. Non-provision would result in the company not being able to send the newsletter. Non-provision does not affect the company’s activities or the later conclusion of a contract, it is therefore expressly not a condition.

The provision of personal data is required for publishing postings on the company’s Facebook page. Without provision of the data the postings cannot be published. Non-provision does not affect the company’s activities or the later conclusion of a contract, it is therefore expressly not a condition.

The provision of personal data is required for participation in events and presentations and for provision of the data to the participants and subsequent processing of the data provided. Without provision of the data participation would be impossible. Non-provision does not affect the company’s activities or the later conclusion of a contract, it is therefore expressly not a condition.

(E) RECIPIENT OF THE DATA

As a matter of principle, the personal data provided by the person concerned will not be disclosed to any recipients other than the company (natural or legal entities, authorities, institutions and other bodies) (see also the notes in points j, k and l). The following are exempt from this rule:

  • Authorities that may receive personal data in the framework of a specific investigation mandate in accordance with union law or Austrian law; this data must be processed by the specified authorities in accordance with the current data protection provisions;
  • processors who process the personal data on behalf of the company. For example, payment data necessary for processing payments are disclosed to the bank or the selected payment service that is charged with making the payment.

The company does not intend to transfer personal data to a third country or an international organisation.

(F) UPDATE

Interested parties’ and customers’ data are primarily updated on the basis of direct feedback or amendment notices by the interested parties and customers to the company. Publicly accessible information (e.g. professional and sector directories) is used as an exception. The data categories collected in this context, depending on availability, are listed below: Name, age, date of birth, address, economic status, payment history.

(G) DURATION OF DATA STORAGE

The personal data are stored until

  • they are no longer necessary for the purpose they were collected or otherwise processed for;
  • in the event data are processed on the basis of a declaration of consent, until the person concerned withdraws their consent;
  • in any event, as long as the storage is necessary for meeting legal obligations (e.g. statutory retention obligations) or for the assertion, exercise or defence of the company’s legal claims.

(H) RIGHTS OF THE PERSON CONCERNED

In accordance with Art 15 GDPR, the person concerned is entitled to demand confirmation from the responsible person – upon proof of their identity – whether the respective personal data are processed. In this case, the respective person is also entitled

  • to information concerning this personal data and
  • the information specified in Art 15 para 1 GDPR, such as e.g. the categories of personal data and further information (note: they correspond to the information contained in this statement).

The person concerned is entitled to demand that the responsible entity immediately rectifies any incorrect personal data relating to them (right to rectification in accordance with Art 16 GDPR).

In accordance with the provisions in Art 17 GDPR, the person concerned has the right to erasure (“right to be forgotten”) of the personal data relating to them, for example,

  • if the data are no longer necessary for the purpose it was collected or otherwise processed for, or
  • are processed illegally, or
  • in the event data are processed on the basis of a declaration of consent if the respective person withdraws their consent.

If the company published the personal data that must be deleted, it has the following obligation in accordance with Art 21, para 2 GDPR:

Under consideration of the available technology and the resulting costs, appropriate measures are taken to inform other responsible entities about the deletion to be carried out. This relates to responsible entities that process personal data. They must be notified of the fact that the respective person demanded the erasure of all links to these personal data, of copies and replications of these personal data.

The right of erasure does not apply,

  • if there is no ground for erasure (i.e. if none of the above grounds applies) or
  • if the exceptions specified in Art 17 para 3 GDPR apply, for example, if processing is necessary for meeting a legal obligation in accordance with EU-law or Austrian law (e.g. statutory retention periods) or for assertion, exercise or defence of legal claims.

In accordance with Art 18 GDPR, the person concerned has the right to restriction of processing, e.g.

  • if the data subject contests the accuracy of the data processed,
  • the processing is unlawful or
  • it is disputed between the company and the data subject whether a right to erasure exists. In this case, the company will only store the data in question, but will not process it in any other way.

The data subject has the right to object to the processing of personal data concerning him or her for the purposes of direct marketing, pursuant to Art 21 para 2 of the GDPR. The data subject may also object only to the processing of individual categories of data concerning him or her, e.g. the use of his or her email address for advertising purposes.

If the person concerned demands the erasure or restriction or objects, they will immediately be notified of the measures taken or of the grounds the company considers contrary to implementation.

In accordance with Art 20 GDPR, the person concerned has the right to receive the personal data relating to them that they provided to the company, in a structured, current and machine-readable format. This applies only if processing takes place by means of automated procedures.

They also have the right to transmit this data to another responsible entity. The responsible entity that was provided with the personal data must not hinder them in this respect (right to data portability) . If technically possible, they are entitled to direct transfer from one responsible entity to another.

(I) RIGHT TO COMPLAIN TO THE REGULATORY AUTHORITY

The person concerned has the right to complain to the data protection authority, if they feel that the processing of the personal data relating to them is in breach of the GDPR or of § 1 of Article 2 1. main part of the data protection law (DPA) in the version of the data protection amendment law 2018.

(J) COOKIES

Cookies are small files that enable this website to store unique, user-specific information on the visitor’s computer during their visit to our website. Cookies help us to determine the user frequency and the number of users on our internet pages, and to design our offer in a convenient and efficient way.

On the one hand, we use session cookies that are stored temporarily for the duration of your use of our website only, and on the other hand, permanent cookies to record information about visitors who access our website repeatedly. These cookies are used to enable us to offer optimum user guidance and to recognise our visitors and to present an attractive website and interesting contents in case of repeated use. The content of a permanent cookie is restricted to an identification number. Name, IP-address etc. are not stored. We do not create an individual profile of your user behaviour.

You can use our offer without cookies.

You can deactivate storage of cookies in your browser, restrict storage to certain web pages or adjust your web browser’s settings (Chrome, IE, Firefox, …) in such a way that you will be notified as soon as a Cookie is sent. You can also delete Cookies from your computer’s hard disk at any point in time. Please note: in this case, you should expect limited display of the page and limited user guidance.

Change Cookie-Settings

(K) USE OF MATOMO ANALYTICS

This website uses Matomo Analytics, a service for website analysis by InnoCraft Ltd, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand („InnoCraft“). Matomo Analytics uses so-called “cookies”, they are data files that are stored on your computer and allow analysis of your use of the website.

The information concerning your use of this website created by the cookie (including the shortened IP-address) is processed on the system that our website is located on. There is no data transmission to third parties.

Processing is carried out in accordance with art. 6 para. 1 lit. f GDPR (DSGVO) on the basis of our justified interest in the statistic analysis of user behaviour for optimisation and marketing purposes.

Matomo Analytics uses this information to evaluate your use of the website, to compile reports on the website activities and to provide other services in connection with the use of the website and the internet to us.

For further notes on Matomo Analytics see: https://matomo.org/privacy/

You can prevent storage of the cookies by means of the respective setting in your browser software. We would, however, like to point out that in this case you may not be able to fully use all functions of this website.

You can also prevent us from recording the data created by the cookie and concerning your use of the website (incl. your IP-address) by giving your consent by clicking on the below button or by withholding it.

(L) GOOGLE MAPS

On our micro sites we use the service Google Maps API. This is a service provided by Google, Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. As a result of including the service in our site, at least the following data are transferred to Google, Inc.: IP-address, time of the visit to the website, visitor’s screen resolution, URL of the website (referrer), identification of the browser (user-agent) and search terms. Data transfer happens irrespective of whether you have a Google user account that you use to log in or whether you do not have a user account. If you are logged in, your data will be directly allocated to your account.

If you do not consent to the allocation to your profile, you must log out before activating the button. Google, Inc. stores these data as user profiles and uses them for the purpose of advertising, market research and/or needs-based design of its website. You have the right to object to the creation of these user profiles, whereby you must contact Google Inc. to exercise this right.

For further information on purpose and extent of the data collection and processing by Google, Inc. see www.google.at/intl/de/policies/privacy/. By using the Google Maps service, you consent to data processing by Google, Inc. The responsible entity does not process the respective data.

———-

Separate information in accordance with Art 21 para 4 GDPR:

As any processing is based on the company’s legitimate interest, the person concerned has the right to object in accordance with Art 21 para 1 GDPR. This applies only if there are grounds resulting from your special situation. Any general objection to storage and other processing by the person concerned alone would not be sufficient. Rather, the person must provide personal grounds why – unlike other customers and users – (subsequent) processing of data concerning them is unacceptable. If this is specified, subsequent processing of personal data will only be permitted in two instances:

  • the company demonstrates compelling reasons for processing, which are worthy of protection and outweigh the interests, rights and freedoms of the person concerned, or
  • the processing serves the purpose of assertion, exercising or defence of legal claims.

(M) Google reCAPTCHA

On our website we use Google reCAPTCHA to check and prevent unauthorised access to our internet page, for example by so-called bots. This is a service by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland(“Google”). This service enables Google to determine the website that sent a request and which IP-address you use for reCAPTCHA. In addition to your IP-address other information that I necessary for offering and ensuring our service may be collected by Google.
Art. 6 para. 1 lit. f) GDPR is the legal basis. Our legitimate interest is the safety of our internet presence and the prevention of undesired automatic access to our contact from via spam etc.
See https://policies.google.com/privacy for further information on general handling of your user data by Google