Data and Privacy Policy

 

Aeroset Technology GmbH (“Aeroset Technology GmbH”, “we”, “us” or “our”) respects your privacy and is committed to protecting your personal data. This Data Privacy Policy explains how we collect, use, disclose and store personal data when you visit our website [https://aeroset.org/] contact us, apply for a job, purchase or use Aeroset Technology GmbH products or services, or otherwise interact with us.

This policy is intended to provide transparent information under the EU General Data Protection Regulation (“GDPR”) and applicable Austrian data protection law. It does not apply to third-party websites or services that are not controlled by us, even if they are linked from our website.

1. Controller and privacy contact

The controller responsible for the processing described in this policy is:

• Aeroset Technology GmbH
• Registered address: Philipsstrasse 27, 8403 Lebring, Austria
• Company register number: FN 575888 w
• UID: ATU77934737
• Privacy contact email: office@aeroset.org
• Telephone: +43 59 889 – 50

 

You may contact us at the privacy contact above for questions about this policy or to exercise your data protection rights.

2. Key definitions and our privacy principles

“Personal data” means any information relating to an identified or identifiable natural person. This includes, for example, names, contact details, online identifiers, customer numbers, application documents and communication content.

We process personal data only where we have a legal basis, for specified purposes and only to the extent necessary. We apply data minimisation, purpose limitation, storage limitation, integrity and confidentiality, and accountability principles. We do not sell personal data.

3. Personal data we process, purposes, legal bases and retention

The categories below describe our main processing activities. Depending on how you interact with us, not all categories will apply to you.

3.1 Website visits and server logs

You can visit our website without providing any information about yourself, and we save only the initial access data in a log. We understand initial access data to mean the date and time of access, the IP address in anonymous form (the last three digits are not displayed), the session ID, the pages accessed on our website and for how long it was accessed, the name of the website from which our website was accessed and information about the browser used. We evaluate this data exclusively to improve our website, and no conclusions are drawn about your person. You can also disable the storage of this anonymized data via opt-out.

Purposes: website delivery, technical administration, troubleshooting, security monitoring, prevention of misuse, and improvement of website performance.

Legal bases: our legitimate interests in providing a secure and functional website (GDPR Art. 6(1)(f)); where processing is necessary to provide a service requested by you, performance of a contract or pre-contractual steps (GDPR Art. 6(1)(b)).

Retention: server logs are kept for [insert server-log retention period, e.g. 30 days] and are then deleted or anonymised unless longer retention is necessary to investigate security incidents, enforce legal claims or comply with legal obligations.

3.2 Cookies and similar technologies

Our website may use cookies, local storage, pixels, tags and similar technologies. Some technologies are strictly necessary to operate the website. Others may be used for preferences, analytics, marketing, product recommendations or embedded third-party content, but only where the required consent or other legal basis exists.

Depending on your choices, cookies and similar technologies may process data such as cookie IDs, IP address, device and browser information, pages viewed, referrer URLs, approximate location, language settings, consent status and interaction data.

Legal bases: strictly necessary technologies are processed based on our legitimate interest in operating the website or, where applicable, to provide a service requested by you (GDPR Art. 6(1)(f) or Art. 6(1)(b)). Non-essential analytics, marketing and third-party technologies are used based on your consent (GDPR Art. 6(1)(a)) where required.

Retention: cookie retention depends on the cookie or technology. Please see our Cookie Policy and cookie settings for details, including cookie name, provider, purpose, category, duration and any third-party recipients.

You can change or withdraw your cookie consent at any time via the footer of our website. You can also manage cookies in your browser settings. If you reject non-essential cookies, some optional features may not be available.

3.3 Contact requests and communications

If you contact us by email, telephone, contact form, or other channels, we process the data you provide. This may include your name, company, role, contact details, message content, attachments, date and time of receipt, sender and recipient details, subject line and internal handling notes.

Purposes: responding to your request, routing it to the responsible department, customer service, documentation of communication, and follow-up questions.

Legal bases: our legitimate interests in responding to inquiries and managing business communications (GDPR Art. 6(1)(f)); if the request relates to a contract or pre-contractual steps, GDPR Art. 6(1)(b); if we are legally required to retain or process the communication, GDPR Art. 6(1)(c).

Retention: contact requests are retained for 12 months, unless longer retention is necessary for contracts, legal claims or statutory retention duties.

3.4 Customers, prospects and product users

If you purchase, use or inquire about Aeroset Technology GmbH products or services, or if you act as a contact person for a customer, we may process identification and contact data, company and role information, customer number, order data, product data, delivery and billing data, payment status, support requests, contract documents, correspondence, preferences and records of meetings or calls.

Purposes: handling inquiries, preparing offers, concluding and fulfilling contracts, delivering products and services, billing and accounting, support and warranty handling, product safety and product liability documentation, customer relationship management, internal reporting, fraud prevention, compliance with legal obligations and, where permitted, marketing to existing customers.

Legal bases: performance of a contract or pre-contractual steps (GDPR Art. 6(1)(b)); legal obligations, including tax, accounting, commercial and compliance duties (GDPR Art. 6(1)(c)); legitimate interests in business operations, customer support, product improvement, fraud prevention and legal claims (GDPR Art. 6(1)(f)); consent where we rely on consent for optional marketing or other processing (GDPR Art. 6(1)(a)).

Retention: contract and customer data is retained for the contract term and thereafter as long as required for statutory retention obligations or legal claims. Accounting-relevant records are generally retained for 7 years under applicable Austrian retention rules. For product liability purposes, selected data such as name, address, product and date may be retained for 10 years. Longer retention may apply where required by law or in connection with disputes or claims.

3.5 Vendors, external service providers and other business partners

If you provide products or services to Aeroset Technology GmbH, or act as a contact person for a vendor, service provider or business partner, we may process identification and contact data, company and role information, supplier number, contract data, order and invoice data, bank/payment details, tax data, delivery information, correspondence and compliance documentation.

Purposes: supplier selection, procurement, contract management, receipt of goods and services, payment processing, accounting, audits, compliance, risk management and legal claims.

Legal bases: performance of a contract or pre-contractual steps (GDPR Art. 6(1)(b)); legal obligations (GDPR Art. 6(1)(c)); legitimate interests in managing vendors and business operations (GDPR Art. 6(1)(f)).

Retention: supplier and accounting records are retained for the contract term and thereafter as required by statutory retention obligations, generally 7 years for accounting-relevant records, or longer where necessary for claims, audits or legal obligations.

3.6 Job applicants

If you apply for a job at Aeroset Technology GmbH, we process the information you provide in your application and during the recruitment process. This may include your name, contact details, CV, cover letter, qualifications, employment history, references, interview notes, assessment results, salary expectations, work permit information and correspondence.

Please avoid sending special category data, such as health information, religious beliefs, trade union membership or other sensitive information, unless it is necessary for your application or required by law. If such data is provided, we process it only as permitted by applicable law.

Purposes: reviewing and managing applications, communicating with applicants, conducting interviews and assessments, deciding on employment, documenting the recruitment process and, if you consent, considering you for future roles.

Legal bases: pre-contractual steps at your request (GDPR Art. 6(1)(b)); legal obligations relating to employment and equal treatment (GDPR Art. 6(1)(c)); legitimate interests in recruitment administration and legal claims (GDPR Art. 6(1)(f)); consent for optional talent pool retention or specific optional processing (GDPR Art. 6(1)(a)).

Retention: unsuccessful applications are retained for 6 months after completion of the recruitment process unless longer retention is necessary for legal claims or you consent to longer talent-pool retention. If you are hired, relevant application data becomes part of your personnel file and is retained under the applicable employee privacy notice and employment-law retention rules.

3.7 Data from third parties and public sources

We may receive personal data from third parties where lawful, such as business partners, event organisers, publicly available company registers, credit information providers, recruitment agencies, references or social/business networks. We use this data only for the purposes described in this policy or as otherwise communicated to you.

Legal bases depend on the context and may include performance of a contract or pre-contractual steps (GDPR Art. 6(1)(b)), legal obligations (GDPR Art. 6(1)(c)), legitimate interests (GDPR Art. 6(1)(f)) or consent (GDPR Art. 6(1)(a)).

4. Whether you must provide personal data

You are generally not required to provide personal data to us. However, certain data is necessary to use parts of our website, respond to your inquiries, send requested communications, process applications, enter into or perform contracts, issue invoices, comply with legal obligations or provide support. If you do not provide necessary data, we may not be able to provide the requested service, conclude or perform a contract, process an application or respond fully to your request.

5. Recipients and processors

We disclose personal data only where necessary and lawful. Recipients may include:

• Aeroset Technology GmbH departments and authorised employees who need the data for their work;
• IT, hosting, security, maintenance and support providers;
• providers of CRM, email, newsletter, analytics, cookie-consent, accounting, ERP, applicant-management, cloud, storage and collaboration tools;
• payment providers, banks, shipping and logistics providers, professional advisers, auditors and insurers;
• business partners involved in fulfilling contracts or supporting products and services;
• public authorities, courts, regulators or law-enforcement bodies where legally required or necessary to protect our rights;
• potential acquirers, advisers or successor entities in the context of a lawful restructuring, merger, acquisition or asset transfer.

Where we use processors, we require them to process personal data only on our instructions, keep it confidential and implement appropriate technical and organisational safeguards.

6. International transfers

We aim to process personal data within the European Economic Area (“EEA”) where practical. If personal data is transferred outside the EEA, we will use an appropriate transfer mechanism under the GDPR, such as an adequacy decision, the EU Standard Contractual Clauses, supplementary safeguards where required, Binding Corporate Rules or a statutory derogation.

For transfers to the United States, we may rely on the EU-U.S. Data Privacy Framework only where the recipient is certified for the relevant data and processing. Otherwise, we use another valid transfer mechanism where required.

7. Automated decision-making and profiling

We do not make decisions based solely on automated processing, including profiling, that produce legal effects concerning you or similarly significantly affect you. If this changes, we will inform you separately as required by law.

Where we use analytics or marketing segmentation, this is used to understand audience interests and improve communications and is subject to consent where required.

8. Security

We implement appropriate technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These measures may include access controls, role-based permissions, encryption where appropriate, backups, logging, secure development and system maintenance, employee confidentiality obligations and vendor due diligence.

No website, email system or IT environment can be guaranteed to be completely secure. If you believe that your interaction with us is no longer secure, please contact us promptly using the privacy contact above.

9. Your data protection rights

Subject to the conditions and limitations under applicable law, you may have the following rights:

• right to information and access to your personal data;
• right to rectification of inaccurate or incomplete data;
• right to erasure (“right to be forgotten”);
• right to restriction of processing;
• right to data portability;
• right to object to processing based on legitimate interests and to object to direct marketing at any time;
• right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before withdrawal;
• right not to be subject to solely automated decisions that produce legal or similarly significant effects.

To exercise your rights, contact us using the privacy contact above. We may need to verify your identity before responding. We will respond within the period required by applicable law.

You also have the right to lodge a complaint with a supervisory authority. In Austria, the competent authority is the Austrian Data Protection Authority (Datenschutzbehörde), Barichgasse 40-42, 1030 Vienna, Austria, email: dsb@dsb.gv.at.

10. Third-party websites and external content

Our website may contain links to third-party websites or services, or may embed third-party content such as maps, videos, social media plug-ins or other external services. We do not control those third parties and are not responsible for their privacy practices. Please review their privacy notices before providing personal data or interacting with external content.

Where third-party content sets cookies or processes personal data through our website, we will obtain consent where required and provide additional information in our Cookie Policy or cookie settings.

11. Changes to this policy

We may update this Data Privacy Policy from time to time to reflect changes in our processing activities, systems, services or legal requirements. The current version will be made available on our website. Material changes will be communicated where required by law.