Privacy statement

Privacy statement Privacy Policy and Information regarding Data Protection pursuant to Article 13 of the General Data Protection Regulation (GDPR) 

The protection of your personal data is of particular importance to us and as an accredited company we always handle your data with the utmost care. We therefore process your data exclusively on the basis of the applicable legal provisions, namely the Decreto Legislativo 10 agosto 2018, n. 101 and the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: GDPR).

 In the below Privacy Policy we are informing you about the most important aspects of data processing in connection with 

 a) the initiation of a contractual relationship for the purposes of the control and certification process 

 b) using/visiting our website 

 c) our information and public relations work 

 d) the procedure for candidate selection 

 1. Contact information

 Bio Garantie GmbH 

 Troyenbachstraße 1E 39030 Vintl- Vandoies 

 ITALY 

 2. Personal Data In terms of the data protection legislation, personal data are all data that contain information about personal or factual circumstances, such as name, address, email address, telephone number. 

 3. Purposes for Processing Your Data We process your data for the following purposes: 

 a) For answering your inquiries and follow-up questions, including preparing contractual offers for our services 

 b) For the operation and optimisation of our website for information purposes 

 c) For drawing up and sending information on current legal innovations and developments and for the descriptions of our controls and certifications as well as other services in the context of contractual performance 

 d) For evaluation of the professional and personal skills of applicants in order to fill vacant positions 

 4. Legal Basis for Data Processing Pursuant to GDPR. The data processing carried out with the purpose of (a) answering your inquiries and follow-up questions, including preparing contractual offers for our services, and for delivering our services within the framework of existing contracts takes place on the legal basis of contract performance or pre-contractual measures for the respective (potential) customers. The data processing carried out with the purpose of (b) the operation and optimisation of our website is based on the performance of existing contracts and the necessity for providing information regarding our services. Data processing (c) for information purposes is based on the performance of contracts or for pre-contractual measures. Data processing (d) in the context of candidate selection takes place on the legal basis of consent, of pre-contractual measures and on the legal basis of legitimate interest, namely the interest of checking suitability for the specific position in the company. If you are or want to become our customer, i.e. have an existing contract or want to enter into one, you are obliged - based on the contract - to provide certain personal data that are necessary in the context of the control and certification process. 

 5. The Recipients of the Data The personal data is transmitted to third parties as follows: 

 a) In the context of the control and certification services: to authorities; to private specification and standard service providers, if there is an order for that; to other control bodies, if this is necessary to perform the services; to the EASY-CERT platform for the publication of certificates in accordance with ISO 17065; to accredited laboratories for any sample analysis. Data is also transmitted to companies for the mailing and transport of letters, printed materials and parcels and to companies for the professional disposal of paper and files. Where necessary, data may also be transmitted to insurance companies, banks, tax consultants, auditing companies. 

 b) For the operation and optimisation of our website: to web designers and administrators of our homepage. 

 c) As part of our PR and information providing activity: to graphics designers, proofreaders and printing companies 

 d) As part of candidate selection: the data is processed internally Moreover, we undertake not to transmit your personal data to third parties, unless we are legally bound to or obliged to by an authority’s decision. 

 6. Data Transfer to a Third Country As part of the control and certification activities, personal data may be transferred to other companies outside Italy and outside the European Economic Area, in particular to Switzerland. Switzerland is considered a third country with adequate data protection (DSAV). 

 7. Period for Storing the Personal Data Personal data that we process are only stored until the purpose for which they are processed is fulfilled. The criteria for storing the data are: 

 a) As part of the control and certification activities: If the requirements of the accreditation authority and company law retention periods must be observed, the duration of the storage of control-relevant data must be at least seven years. Further criteria for storage derive from our obligations, the fulfilment of the requirement for adequate proof of records and the period of limitation of legal claims (duration depending on the legal basis). 

 b) In the context of operation and optimisation of our website: No personal data will be stored for making visitor statistics. 

 c) As part of our information and public relations work: For the period of the contractual relationship with our customers or, in the case of interested potentials, until we receive the withdrawal of their consent given previously. 

 d) As part of candidate selection: If no contractual relationship is established, the data will be stored up to 7 months after the application process has ended. If consent is given for keeping supporting documentation, it is stored until we receive the withdrawal of the consent.  

8. Your Rights As a data subject within the meaning of data protection law, you have the following rights in particular, provided that they do not conflict with our contractual relationship: 

 • Right to information about your personal data processed by us; 

 • Right to rectification or erasure of your personal data or restriction of processing, whereby the conditions of the control contract apply to customers with an existing contractual relationship;

 • Right to object to processing, whereby the conditions of the control contract apply to customers with an existing contractual relationship; 

 • Right to data portability. Should there be any changes to your personal data, we request that you notify us of those. If you believe that the processing of your data violates data protection law or that your data protection rights have otherwise been infringed, you can complain to the data protection authority. If the data processing is based on your consent, you can withdraw your consent to the data processing at any time by writing (email sufficient) to datenschutz@bio-garantie.at.  A withdrawal of consent does not affect the legality of the processing carried out based on the consent until the withdrawal. 

 9. Links to Other Websites Our website also contains links to other websites. However, the Privacy Policy described here does not apply to these websites. We therefore call on you to visit these websites directly in order to receive the data protection information for the respective websites there. Bio Garantie cannot be held responsible for measures taken on these websites or for their content. 

 10. Web server logs The web server automatically recognises certain personal data such as your IP address, date, time, user agent of the browser and the destination page. For technical reasons, these data are stored for 2 weeks and then automatically deleted. 

11. Cookies Our website uses so-called cookies. These are small text files that are stored by the browser on your device. They do no harm, and record following data: language settings, user tracking for web analysis. Our website uses so-called “session cookies”. These are cookies that are only active when you are visiting our website. Session cookies are consequently limited in time and are generally deleted when you close your browser/tab. We use cookies to make our offer user-friendly. Some cookies, however, remain on your device until you delete them. They enable us to recognise your browser the next time you visit our website. Should you not want this, you can set up your browser so that it informs you when it wants to set a cookie and you can allow or disallow this on an individual basis. If however you disallow the use of cookies, the functionality of our website may be impaired. 

 12. Web Analysis Our website uses the functions of the web analytics service by Google Analytics (Google Inc., Gordon House Barrow St Dublin 4 Ireland). Cookies are used for this purpose, which enable an analysis of the use of the website by its users. The information generated in this way is transferred to the provider's server and stored there. Some cookies, however, remain on your device until you delete them. You can prevent this by setting your browser so that no cookies are stored. If however you disallow the use of cookies, the functionality of our website may be impaired. The IP address is recorded, but is immediately anonymised by deleting the last digit. This entails, that only a rough localization will be possible. We have the appropriate contract for data processing with the provider in place. 

 13. Data security Your data is hosted at a provider that is located within the European Union. Both Bio Garantie and the provider use technical and organisational security measures to protect your data against manipulation, loss, destruction or against access by unauthorized persons. Regardless of the efforts to maintain a consistently high level of due diligence, it cannot be ruled out that information that you provide to us via the Internet will be viewed and used by other people. Please note that we therefore accept no liability whatsoever for the disclosure of information due to errors in data transmission that are not caused by us and/or due to unauthorized access by third parties (e.g. hacker attack on email account or telephone, interception of fax messages). 

 14. Amending this Privacy Policy We will amend this Privacy Policy from time to time in the course of ongoing development. These amendments will be announced in due time on our website. You should therefore regularly review this Privacy Policy in order to familiarise yourself with the current version. 

 Effective from: May 2018