Data protection declaration

Data Privacy Statement Pursuant to Art. 13 and 14 GDPR

Controller for the purpose of the GDPR: STIWA Holding GmbH

The protection of personal data of data subjects is very important to STIWA Holding GmbH, Salzburger Straße 52, Attnang-Puchheim, Austria. Therefore, personal data are processed exclusively on the basis of the applicable privacy regulations, especially the EU General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG). STIWA Holding GmbH is part of the STIWA Group. Presently, the following enterprises are part of the STIWA Group: STIWA Holding GmbH, STIWA AMS GmbH, STIWA Automation GmbH, STIWA Advanced Products GmbH, AMS Research GmbH, STIWA Deutschland GmbH, STIWA US Inc. and STIWA (Nantong) Automation Machinery Production Co. Ltd., and TISP Aufschließungs- und Betreibergesellschaft mbH.

Hereinafter, we’d like to inform you about the processing of personal data.

At present, we have not appointed a privacy officer as there is no legal obligation to do so. However, we are glad to help you if you have any questions regarding data privacy – please use only our electronic data protection mailbox .

1. Information pursuant to Art. 13 GDPR

Where personal data are collected directly from the data subject, STIWA Holding GmbH herewith complies with its obligation to provide information pursuant to Art. 13 of the General Data Protection Regulation (GDPR) as follows:

1.1 Controller

STIWA Holding GmbH | FN 105266 d

Salzburger Straße 52, 4800 Attnang-Puchheim, Austria
Phone: +43 7674 603-0
E-Mail:

1.2 Your rights

You as a data subject have the right to obtain information as to whether or not personal data concerning you are processed, to have them rectified, erased or ported to others, and to demand a restriction of processing, to object to data processing or to withdraw your consent. Moreover, you have the right to file a complaint with a supervisory authority.

1.2.1 Right of access (Art. 15 GDPR)

You have the right to demand from us a confirmation about whether or not we process data concerning you. Where that is the case you are also entitled to obtain information about the scope of such data processing.

1.2.2 Right to rectification (Art. 16 GDPR)

You have the right to demand from us the immediate rectification of inaccurate data as well as the completion of incomplete data concerning you.

1.2.3 Right to erasure (Art. 17 GDPR)

You have the right to demand from us the immediate erasure of data we have processed concerning you, if, for example, the purpose for which the data were collected initially has ceased to exist, if data processing is illegal, if you withdraw your consent or there is no other legal ground for the processing, or if you object to the processing and we are not able to substantiate any predominantly compelling and legitimate grounds for the processing. In some cases, however, there may be certain reasons that do not allow an immediate erasure.

1.2.4 Right to restriction of processing (Art. 18 GDPR)

You have the right to demand a restriction of processing any data concerning you if you contest the accuracy of your data for a period enabling us to verify such accuracy, if the processing is unlawful and you demand the restriction instead of an erasure, if we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims, or if you have objected to processing pending the verification whether our legitimate grounds predominate.

1.2.5 Right to data portability (Art. 20 GDPR)

You have the right to receive the personal data concerning you which you have provided to us in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from us. However, this shall apply only if data processing is based on your consent or on a contract and is carried out by automated means.

1.2.6 Right to object (Art. 21 GDPR)

You have the right to object to the processing of data concerning you any on grounds you can specify. In the event of your objection, a process of weighing interests will be performed, and we will no longer process your data if we are not able to demonstrate any predominantly compelling and legitimate grounds for processing, or the processing is not required for the establishment, exercise or defense of legal claims. However, the right to object shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority or in safeguarding our legitimate interests or those of a third party.

You have the right to object any time to the processing of data concerning you for direct marketing purposes without stating any reasons. In this case we will no longer process your data for direct marketing purposes (objection to advertising).

1.2.7 Right of revocation

If you have granted your consent to our processing your data, you are entitled to withdraw such consent any time and without stating any reasons. A revocation ensures that, from this time onward, we will no longer process data concerning you for the purpose stated in the declaration of consent. Therefore, your revocation applies to the future. It does not affect the lawfulness of data processing up to the time of revocation.

1.2.8 How you can exercise your rights

If you intend to exercise your above-mentioned rights, please contact us in writing by mail to  STIWA Holding GmbH, Salzburger Straße 52, Attnang-Puchheim, Austria or by sending an e-mail to .

Please bear in mind that it may be necessary for you to identify yourself (e.g. by sending a copy of an ID card).

If you want to withdraw your declaration of consent or change your data, you can also perform this directly via the respective links in the newsletter e-mail.

1.2.9 Right of appeal before a supervisory authority

If you believe that the data processing performed by us violates any applicable data protection regulation, we kindly ask you to contact us. Of course, you may also file a complaint with a supervisory authority. If you want to file a complaint with the Austrian supervisory authority (www.dsb.gv.at), please address it to Österreichische Datenschutzbehörde, Barichgasse 40-42, 1030 Wien, Austria.

We will adapt this Data Privacy Statement as needed from time to time. The processing of personal data is subject to the version as amended.

1.3 Visiting our website

1.3.1 Why do we process your data?

When you visit our website, your browser will transmit personal data to our web server. This transmission takes place even if you do not register or identify yourself, using our website only for information. When our website is called via a http/s call, personal data such as your IP address are transmitted to our web server. This processing of connection data is technically necessary for us to be able to show you our website in the first place and to make it available in a stable and secure manner. If you specify personal data in form sheets, these form sheet data will also be processed by our web server.

1.3.2 What is the legal basis for processing your data?

Generally, the processing of personal data is based on our legitimate interests pursuant to Art. 6, para. 1 (f) of the GDPR and Section 96 para. 3 of the Telecommuncations Act 2003. The legitimate interest pursued by us is the secure and stable provision of the requested website to visitors.

If you use our website to initiate a business relationship and/or agreements with us, we process your personal data pursuant to Art. 6, para. 1 (b) of the GDPR.

1.3.3 To which receivers and/or categories of receivers do we transfer your data?

Your personal data are not disclosed to any third party. However, our website is hosted by a processor, and therefore your data are processed on our behalf by the webhosting supplier (“ALL-INKL.COM – Neue Medien Münnich“) (processor).

1.3.4 How long do we store your data?

We store connection data only for the duration of your visit on our website. Beyond this, we store your data only if there are any statutory storage obligations or until any legal disputes for which the data are needed as evidence are concluded.

1.3.5 Is there an obligation to disclose information?

You cannot use our website without our processing the connection data. We cannot handle your requests without any form sheet data.

1.3.6 Is there any automated decision making or profiling?

There is no automated decision making or profiling.

1.4 Contact requests

1.4.1 Why do we process your data?

In case of contact requests by e-mail or phone, we process the personal data you have given us (name, e-mail address, phone number, as well as the specific request and any other documents submitted by you) for the purpose of handling your request.

1.4.2 What is the legal basis for processing your data?

The processing of personal data for the purpose of handling your request associated with the initiation or performance of a contract is based on Art. 6, para. 1 (b) of the GDPR.

The processing of personal data for the purpose of handling general requests is based on Art. 6, para. 1 (f) of the GDPR. Our legitimate interest lies in the handling of correspondence and/or requests.

1.4.3 To which receivers and/or categories of receivers do we transfer your data?

Your personal data are processed only internally. If necessary, your personal data will also be forwarded to other STIWA Group companies for the purpose of handling your request. Such forwarding is based on Art. 6, para. 1 (b) or Art. 6, para. 1 (f) of the GDPR.

1.4.4 How long do we store your data?

We process the personal data provided by you for the above-mentioned purpose until your request is settled completely and there is no longer any need for processing and/or no legal retention period to be observed. Beyond this, we store your data only if there are any statutory storage obligations or until any legal disputes for which the data are needed as evidence are concluded.

1.4.5 Is there an obligation to disclose information?

Contact requests by e-mail or phone cannot be processed without personal data being provided.

1.4.6 Is there any automated decision making or profiling?

There is no automated decision making or profiling.

1.5 Career Newsletter

1.5.1 Why do we process your data?

We process your data (name, gender, e-mail address, address, highest completed level of education, year of completion of education, place, and interests) for the purpose of sending you information about vacancies within STIWA Group through electronic means, provided you have given us your consent.

1.5.2 What is the legal basis for processing your data?

The processing of personal data for the purpose of electronic mailing regarding vacancies within STIWA Group (Career Newsletter) is based on Art. 6, para. 1 (a) of the GDPR (Consent).

1.5.3 To which receivers and/or categories of receivers do we transfer your data?

Your personal data are not disclosed to any third party. For mailing newsletters we use the services of a processor. Therefore, your data will be processed on our behalf by eworx Network & Internet GmbH (processor).

1.5.4 How long do we store your data?

We store the data provided by you for the above-mentioned purpose until your revocation, but no longer than three years after the last contact. Beyond this, we store your data only if there are any statutory storage obligations or until any legal disputes for which the data are needed as evidence are concluded.

1.5.5 How can I withdraw my consent?

If you have granted your consent to our processing your data, you are entitled to withdraw such consent any time and without stating any reasons. A revocation ensures that, from this time onward, we will no longer process data concerning you for the purpose stated in the declaration of consent. Therefore, your revocation applies to the future. It does not affect the lawfulness of data processing up to the time of revocation.

1.5.6 Is there an obligation to disclose information?

We cannot send any newsletter without you providing your personal data.

1.5.7 Is there any automated decision making or profiling?

There is no automated decision making or profiling.

1.6 Newsletter informing about events in amsec IMPULS

1.6.1 Why do we process your data?

We process your data (name, e-mail address, time of delivery, time of opening, duration of opening, IP address of opening, e-mail program used (mail client), links clicked as well as time of clicking) for the purpose of electronic mailing of information and analysis regarding events (e.g. invitations) in amsec IMPULS, provided you have given us your consent.

1.6.2 What is the legal basis for processing your data?

The processing of personal data for the purpose of electronic mailing regarding vacancies within STIWA Group is based on Art. 6, para. 1 (a) of the GDPR (Consent).

1.6.3 To which receivers and/or categories of receivers do we transfer your data?

Your personal data are not disclosed to any third party. For mailing newsletters we use the services of a processor. Therefore, your data will be processed on our behalf by eworx Network & Internet GmbH (processor).

1.6.4 How long do we store your data?

We store the data provided by you for the above-mentioned purpose until your revocation, but no longer than three years after the last contact. Beyond this, we store your data only if there are any statutory storage obligations or until any legal disputes for which the data are needed as evidence are concluded.

1.6.5 How can I withdraw my consent?

If you have granted your consent to our processing your data, you are entitled to withdraw such consent any time and without stating any reasons. A revocation ensures that, from this time onward, we will no longer process data concerning you for the purpose stated in the declaration of consent. Therefore, your revocation applies to the future. It does not affect the lawfulness of data processing up to the time of revocation.

1.6.6 Is there an obligation to disclose information?

We cannot send any newsletter without you providing your personal data.

1.6.7 Is there any automated decision making or profiling?

There is no automated decision making or profiling.

1.7 Video surveillance at business premises and server rooms of STIWA Group

1.7.1 Why do we process your data?

The purpose of video surveillance is the protection of property and the domiciliary right, as well as the prevention, control, and investigation of criminal offenses.

1.7.2 What is the legal basis for processing your data?

The processing of personal data for the purpose of video surveillance is based on Section 12, para. 2 of the DSG, Art. 6, para. 1 (f) of the GDPR, Sections 353 et seq. of the General Civil Code (Protection of Property), as well as a Works Agreement dated 25.3.2018. Our legitimate interest lies in the protection of property as well as the prevention of criminal offences.

1.7.3 To which receivers and/or categories of receivers do we transfer your data?

If necessary, your personal data may be disclosed to solve criminal offenses, especially to furnish evidence to security authorities, the prosecution, and courts. If necessary, your data will also be disclosed to insurance companies (exclusively for the purpose of settling insurance claims).

1.7.4 How long do we store your data?

We will store your personal data for the purpose of video surveillance for no longer than 14 days. Beyond this, we may store your data for some longer period if required for any specific occasion, but no longer than until any legal disputes for which the data are needed as evidence are concluded.

1.7.5 Is there an obligation to disclose information?

You are not obligated to disclose your personal data. However, in this case you cannot enter our business premises.

1.7.6 Is there any automated decision making or profiling?

There is no automated decision making or profiling.

1.8 Cookies

We set cookies on our website. Cookies are little text files which are stored on your hard disk associated with the browser you use, through which the placer of the cookie (which is our company in this case) is provided with certain information. Cookies cannot execute any programs or transfer any viruses to your computer. They are intended to improve the website in terms of user friendliness and effectiveness.

We use the following kinds of cookies, the scope and functioning of which is explained below:

  • Transient cookies are deleted automatically as soon as you close the browser. One special type of transient cookies are session cookies. They store a so-called session ID via which various requests of your browser can be assigned to one common session. Therefore, your computer can be recognized as soon as you return to our website. The session cookies are deleted when you log out or close the browser.
  • Persistent cookies are deleted automatically after a period determined by us, which may vary according to the cookie concerned. You can delete the cookies any time in the security settings of your browser.

You can also configure the settings of your browser according to your wishes, for example you may refuse the acceptance of third-party cookies or all cookies. Please note, however, that you may not be able to use all functions of the website if you deactivate all cookies.

If you disapprove of the use of cookies to the extent specified here, you can deactivate this function for your browser any time:

1.9 Integrated third-party provider tools

1.9.1 Google Analytics

The website uses Google Analytics, a web analysis service of Google Inc. (“Google“). Google Analytics uses so-called “cookies“, text files stored on your computer that allow an analysis of your use of the website. The information generated by the cookie about your use of the website will generally be transmitted to and stored by a Google server in the USA. If, however, the IP anonymization feature is activated on this website, Google will truncate you IP address before its transmission within the member states of the European Union or other states that are party to the Agreement on the European Economic Area. Only in exceptional cases, the full IP address will be sent to and truncated by a Google server in the USA. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports about website activities, and to render further services related with the use of the website and the Internet to the operator of the website.

The IP address transmitted by your browser within the scope of Google Analytics is not combined with other data collected by Google.

Through settings of your browser software you can prevent that cookies are stored on your computer; but please note that, in this case, you may not be able to fully use all functions of this website. Moreover, you can prevent the recording and processing of the data generated by the cookie and related to your use of the website (incl. your IP address) by Google through downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

This website uses Google Analytics with the extension „_anonymizeIp()“. This means that IP addresses are anonymized by truncating them. Thus, no personal data are processed. So, if any reference to persons is possible through the data collected about you, this is excluded immediately, and the personal data are deleted promptly.

We use Google Analytics to analyze the use of our website and to be able to improve it continually. Via the statistics thus obtained we can improve our offer and render it more interesting for you as a user. As regards the exceptional cases where personal data are transmitted to the USA, Google has submitted itself to the EU-US Privacy Shield , https://www.privacyshield.gov/EU-US-Framework. The legal basis for using Google Analytics is Art. 6, para. 1 (f) of the GDPR.

Information about the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
User conditions: http://www.google.com/analytics/terms/de.html,
Overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html,

as well as the data privacy statement: http://www.google.de/intl/de/policies/privacy.

1.9.2 Google Maps

On this website, we use the services of Google Maps. This enables us to show you interactive maps directly in the website and allow you the convenient use of the map function. Google Maps is provided by Google Ireland Limited (“Google”), a company registered and operated under the laws of Ireland (registration number: 368047) headquartered at Gordon House, Barrow Street, Dublin 4, Ireland. Moreover, data are transmitted to Google. This happens regardless of Google providing a user account via which you are logged in or there being no user account at all. When you are logged in with Google, your data are directly assigned with your account. If you do not wish your profile to be assigned by Google, you have to log out before activating the button. Google will store your data as user profiles and utilize them for purposes of advertising, marketing research and/or the needs-oriented design of its website. Such evaluation (even of users who are not logged in) is performed especially to provide needs-based advertising and to inform other users of the social network about your activities on our website. You are entitled to object to the generation of such user profiles. To exercise this right, you have to turn to Google.

More information regarding the purpose and scope of data gathering and processing by the plug-in provider can be obtained from the provider’s data privacy statement where you can also get more information about your related rights and setting options to protect your privacy: http://www.google.de/intl/de/policies/privacy.

Google also processes your personal data in the USA and has submitted itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

1.9.3 YouTube

Our online offer also includes YouTube videos that are stored on http://www.youtube.com and can be directly played from our website. By visiting the website, YouTube is informed that you called the respective sub-site of our website. Moreover, data are transmitted to Google. This happens regardless of YouTube providing a user account via which you are logged in or there being no user account at all. When you are logged in with Google, your data are directly assigned with your account. If you do not wish your profile to be assigned by YouTube, you have to log out before activating the button. YouTube will store your data as user profiles and utilize them for purposes of advertising, marketing research and/or the needs-oriented design of its website. Such evaluation (even of users who are not logged in) is performed especially to provide needs-based advertising and to inform other users of the social network about your activities on our website. You are entitled to object to the generation of such user profiles. To exercise this right, you have to turn to YouTube. More information regarding the purpose and scope of data gathering and processing by YouTube can be obtained from its data privacy statement where you can also get more information about your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy.

Google also processes your personal data in the USA and has submitted itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

2. Information pursuant to Art. 14 GDPR

No information required.

3. Data privacy statement – STIWA Group in social media

STIWA Holding GmbH provides various publicly accessible profiles in social networks to get in touch with its customers and prospective buyers and to provide current information. When social media are used, personal data are processed by various providers of social media and by STIWA Holding GmbH . The providers of social media process personal data and are able to analyze your user behavior, create user profiles and thus provide target-oriented advertising. We as the operator of the profiles in social media can see only your public profile. Through the personal settings of your profile you decide which information is visible there. Providers of social media process personal data for their own purposes. For more detailed information in this respect, please read the privacy policy and user conditions of the respective social media provider.

3.1 Who is responsible for the data?

If you visit a STIWA Group profile of a social network, the controller for processing personal data pursuant to Art. 26 GDPR (ECJ, C-210/16) is STIWA Holding GmbH together with the provider of the social network. If you want to file an application to exercise your data subject rights or to withdraw your consent, please use the information provided in the privacy statement of the respective social network.

3.2 Why do we process your data?

We process your data for the purpose of maintaining profiles in social networks so we can be present on the Internet and quickly provide you with relevant information and answer your questions.

3.3 What is the legal basis for processing your data?

The processing of personal data for this purpose is based on Art. 6, para. 1 (f) of the GDPR. Our legitimate interest lies in being present on the Internet and being able to quickly provide you with current information.

3.4 How long do we store your data?

We process the personal data provided by you for the above-mentioned purpose until your request is settled and there is no longer any other need for processing and/or no legal retention period to be observed. Beyond this, we store your data only if there are any statutory storage obligations or until any legal disputes for which the data are needed as evidence are concluded.

3.5 Facebook

The Facebook pages belonging to the STIWA Group are operated by STIWA Holding GmbH, FN 105266 d, Salzburger Straße 52, 4800 Attnang-Puchheim. Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland) and STIWA Holding GmbH as the operator of a Facebook page are the joint controllers for the purpose of Art. 26 of the GDPR (ECJ, C-210/16).

Information regarding the joint liability in the processing of personal data with Facebook can be found using the following link: https://www.facebook.com/legal/terms/page_controller_addendum

Information regarding the processing of personal data by Facebook and requests to exercise your data subject rights and to withdraw your consent relating to your visit on our Facebook pages can be found directly in the privacy policy of Facebook: https://www.facebook.com/policy.php

Via the following link you can change your advertising settings directly in your Facebook account: https://www.facebook.com/settings?tab=ads

3.6 Instagram

We have an Instagram account. Information regarding the processing of personal data by Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour

Dublin 2 Ireland) and requests to exercise your data subject rights and to withdraws your consent can be found directly in the privacy policy of Instagram: https://help.instagram.com/519522125107875/

3.7 Twitter

We use the microblogging service provided by Twitter (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 IRELAND).

You can change your data privacy settings for your Twitter account using the following link:

https://twitter.com/personalization

Information regarding the processing of personal data by Twitter and requests to exercise your data subject rights and to withdraw your consent can be found directly in the privacy policy of Twitter:  https://twitter.com/de/privacy

3.8 LinkedIn

We have a LinkedIn page (LinkedIn Ireland Unlimited Company, Wilton Plaza Wilton Place, Dublin 2, Ireland).

Information regarding the processing of personal data by LinkedIn and requests to exercise your data subject rights and to withdraw your consent can be found directly in the privacy policy of LinkedIn: https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy

3.9 XING

We have a XING page (XING SE, Dammtorstraße 30, 20354 Hamburg, Germany).

Information regarding the processing of personal data by XING and requests to exercise your data subject rights and to withdraw your consent can be found directly in the privacy policy of XING: https://privacy.xing.com/de/datenschutzerklaerung

3.10 KUNUNU

We have a profile on KUNUNU (kununu GmbH, Neutorgasse 4-8, Top 3.02, A – 1010 Vienna and/or XING SE, Dammtorstraße 30, 20354 Hamburg, Germany).

Information regarding the processing of personal data by KUNUNU and requests to exercise your data subject rights and to withdraw your consent can be found directly in the privacy policy of KUNUNU: https://privacy.xing.com/de/datenschutzerklaerung

3.11 YouTube

We have a profile on YouTube (Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland).

Information regarding the processing of personal data by YouTube and requests to exercise your data subject rights and to withdraw your consent can be found directly in the privacy policy of YouTube: https://policies.google.com/privacy?hl=de&gl=de