Privacy Policy in accordance with Art. 13, 14 GDPR – Fulfilment of information obligations
1 Data Controller
The controller in accordance with Art. 4 (7) EU General Data Protection Regulation (GDPR) is
Tyromotion GmbH
Bahnhofgürtel 59
8020 Graz
Tel: +43 (316) 908 909
Fax: +43 (316) 2311 2391 44
Email: office@tyromotion.com
2 Background of personal data processing
2.1 Data processing in accordance with Art 13 GDPR
We process the data that data subjects provide to us, for example in the context of an enquiry by e-mail, for the purpose of initiating and concluding a contract or a business relationship.
2.2 Data processing in accordance with Art 14 GDPR
In addition, we process data of persons who may be part of a contractual relationship, which we have permissibly received in the context of information provided by third parties (e.g., managing directors provide us with the data of their employees or colleagues).
2.3 Data Subjects
We process the following data from interested parties: Company, name of contact person and professional contact data as well as address data.
We process the following data from customers: Company, title and names of contact persons, professional address data and contact data, bank details, contract data.
We process the following data from suppliers and business partners: Company, title and names of contact persons, professional address data and contact data, bank details, contract data.
From event participants we process the following data: Company, title and name of the registered person, professional contact data and address data.
2.4 Recipients of personal data
Recipients of personal data will only be third parties if it is necessary for the fulfilling of a contract or if it is required by law.
2.5 Data Retention
The data will be deleted by us as soon as storage is no longer necessary or legal retention periods have expired. If the basis of the processing is consent, we restrict the processing or delete the data upon withdrawal of the consent – unless there are legal provisions to the contrary.
2.6 Contact by E-Mail
When you contact us by e-mail, the data you provide will be stored by us based on your consent in order to answer your questions. We delete the data accruing in this context after the processing is no longer necessary or restrict the processing if there are legal retention periods.
2.7 Legal basis
The legal basis of data processing is:
- Initiation and fulfilment of a contract in accordance with Art. 6 para. 1 lit. b GDPR.
- Legal obligations in accordance with Art. 6 para. 1 lit. c GDPR, (for example, legally required storage and documentation obligations).
- Legitimate interests of our company according to Art. 6 para. 1 lit. f GDPR (for example statistical evaluations, usage of software).
Art 6 para. 1 lit. a GDPR when obtaining consent (for example when processing image data or for advertising purposes).
3 Data processing when contacting us via our website, subscribing to our newsletter, participating in online events, application
3.1 Contact
If you have asked us to contact you via one of our web forms (Product Information, Clinical Inquiry, General Inquiry, Technical Support) or if you have sent us a message, we will store the data from you that is necessary to contact you. The data will be deleted by us as soon as storage is no longer necessary, or you withdraw your consent.
Legal basis: Art. 6 para. 1 lit. a GDPR
3.2 Newsletter
If you register for our newsletter, the data you requested for this purpose, i.e., your e-mail address as well as your name and gender and – optionally – your address, will be transmitted to us. At the same time, we save the date and time of your registration. During the registration process, we obtain your consent to send you the newsletter. If you verbally inform us of your wish to receive our newsletter and of your consent to this, we will record this accordingly in our CRM system. You can unsubscribe at any time. Then, we will no longer use your data for sending the newsletter to you. If we do not have any business relationship with you and are not subject to any legal retention obligations, your data will be deleted after you have unsubscribed from the newsletter.
Legal basis: Art. 6 para. 1 lit. a GDPR
3.3 Participation in online events
Participation in our online events is generally free of charge if we are allowed to use the participant’s data for sending electronic information and advertising. The basis for data processing is thus a contract in which we, as Tyromotion, provide high-quality webinars on the one hand, and payment for participation is made by disclosing name and email address for the purpose of receiving electronic mailings on the other. This processed data is stored until you unsubscribe from receiving electronic mailings unless there is a legal retention period. You can declare your withdrawal from receiving information by clicking on the link provided in each mailing or by sending an e-mail to office@tyromotion.com.
Legal basis: Art. 6 para. 1 lit. b GDPR
3.4 Applicants
3.4.1 General
If you send us your application documents, we process your personal data contained therein as well as your CV and references for the purpose of personnel selection and filling the position. In the event of a rejection, we delete your documents 7 months after sending the rejection to you.
Legal basis: Art. 6 para. 1 lit. b GDPR
If you consent to be kept on file with us for the purpose of contacting you later, we will approach you with a separate request for the transmission of a consent. If you explicitly give us this consent, we will store your consent. If there is no further opportunity to fill a vacancy with us within one year, we will delete all your applicant data one year after you have sent us your consent.
Legal basis: Art 6 para 1 lit a GDPR
3.4.2 Applicant portal
People who are interested in working for our company can apply on our website using a form provided there. To do this, please create your own applicant profile with your email address and password. Furthermore, we need your title, your first and last name and your email address. You can also voluntarily provide us with your date of birth, address, and telephone number. You also have the possibility to upload your application documents (e.g., CV). In the event of a rejection, we will delete your documents no later than 7 months after the rejection has been sent to you.
Legal basis: Art. 6 para. 1 lit. b GDPR
If you agree to be kept on file with us for contact later, we will approach you with a separate request for the transmission of consent. If you explicitly give us this consent, we will store your consent. If there is no further opportunity to fill a position with us within one year, we will delete all your applicant data one year after you have sent us your consent.
Legal basis: Art 6 para. 1 lit a GDPR
4 Data processing when visiting our website
4.1 Informative use of the website
In the case of informative use of the website, we only collect the personal data that your browser transmits to our server. If you wish to view our website, the most data we collect is that which is technically necessary for us to display our website to you and to ensure its stability and security:
- IP address
- Date and time of the request
- Time zone difference to Coordinated Universal Time (UTC)
- Content of the request (specific page)
- Access status/HTTP status code
- Website from which the request came
- browser
- Operating system and its interface
- Language and version of the browser software.
Legal basis: Art. 6 para. 1 lit. f GDPR
4.2 Cookies
In addition to the data mentioned above, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive in relation to the browser you are using and which provide the party setting the cookie (in this case us) with certain information. Cookies cannot execute programs or transmit viruses to your computer.
The cookie enables you to be recognized when you visit the website without having to re-enter data that you have already entered previously.
The information contained in the cookies is used, for example, to determine whether you are logged in or what data you have already entered, or to recognize you as a user when a connection is established between our web server and your browser. Cookies are automatically accepted by most web browsers.
By using our websites, you agree to the use of these cookies, insofar as cookies are accepted according to your browser settings.
Cookie settings
4.2.1 Transient cookies
Transient cookies are automatically deleted when you close the browser. These include session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This enables your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.
4.2.2 Persistent cookies
Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
4.2.3 Third-party cookies
These come from providers other than the website operator. They can be used, for example, to collect information for advertising, custom content, and web statistics.
4.2.4 Browsers
Most browsers are set by default to accept all cookies. You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of our website may be limited.
You can remove cookies stored on your PC yourself at any time by deleting the temporary internet files.
Legal basis: Art. 6 para. 1 lit. f GDPR (in the case of technical cookies), Art. 6 para. 1 lit. a GDPR (for all other cookies).
4.3 Data processing in the USA
Eventually, it cannot be avoided that personal data will be transmitted to the USA when you visit our website. If this is the case, we point this out separately in this privacy policy.
The GDPR requires so-called suitable guarantees according to Art. 46 GDPR for a data transfer to a third country or to an international organization. Such guarantees do not exist for the USA.
Possible risks that cannot currently be excluded for you as a data subject in connection with the aforementioned information are in particular:
- Your personal data may be shared with other third parties (e.g.: US authorities) by the respective service provider.
- You may not be able to sustainably assert or enforce your rights of access against the respective service provider.
- There may be a higher probability of incorrect data processing because the technical organizational measures for the protection of personal data do not fully comply with the requirements of the GDPR in terms of quantity and quality.
With your consent to the processing of (advertising and marketing) cookies, you explicitly consent to the transfer of data to the USA. You can remove cookies stored on your PC by yourself at any time by deleting the temporary internet files.
Legal basis: Art. 6 para. 1 lit. a GDPR
5 Social Media
We operate social media channels such as LinkedIn, Xing, YouTube, Facebook. When visiting our social media channels, personal data, including IP addresses, is processed by the respective provider and cookies are used for data collection. Please refer to the privacy policy of the respective service provider. There you will also find information about contact options as well as for various settings.
We focus on comprehensive customer satisfaction and use these services primarily to be able to get in touch or to communicate with you.
In the case of services with US connections, the data collected is usually sent to a server in the USA and stored there. We have no influence or control over the type and scope of the data processed by these services, the type of processing and use or the transfer of this data to third parties. For options to restrict the processing of this data in the respective settings of these services, please refer to the detailed descriptions of the privacy policy of the respective providers.
Furthermore, we point out that you use the respective services and their functions on your own responsibility. This applies to the use of interactive functions (e.g., sharing, commenting, or rating).
The providers of the social media services and we concluded respective agreements – in most cases these are agreements on joint responsibility for data processing. The use of social media is based on our legitimate, operational interest.
Legal basis: Art. 6 para. 1 lit. f GDPR
6 Cloudflare Content Delivery Network
Our website uses a so-called “Content Delivery Network” (CDN) of the company Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA.
With this service, a transfer of personal data to the USA cannot be excluded! – For more details, see section 4.3 of this privacy policy.
The CDN service enables the content of our online offer to be delivered more quickly.
Further information can be found in the Cloudflare privacy policy: https://www.cloudflare.com/security-policy.
Legal basis: Art. 6 para. 1 lit. a GDPR
7 Facebook Pixel
Our website uses Facebook pixels (“Pixel”) of the social network Facebook (Meta Platforms Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland) for the analysis, optimisation and economic operation of our online offer.
Facebook can use the pixels to determine the website visitors as a target group for the display of advertisements (so-called “Facebook ads”). Accordingly, we use them to display the Facebook ads placed by us only to those Facebook users who have also shown interest in our online offer or who have certain characteristics (e.g., interests in certain topics or products determined based on the websites visited) that we transmit to Facebook (so-called “Custom Audiences”). The aim is to ensure that our Facebook ads correspond to user interest and do not have a harassing effect. On the other hand, we can use pixels to track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called “conversion”).
Your actions are stored in one or more cookies. These cookies allow Facebook to match your user data (such as IP address, user ID) with your Facebook account data. The data that is collected is anonymous and not visible to us and can only be used in the context of advertisements. If you would like to prevent the linking with your Facebook account, you have the option to log out before taking any action.
We have entered into a contract with Facebook Ireland, nevertheless it may happen that Facebook Ireland transfers personal data to Facebook USA.
With this service, a transfer of personal data to the USA cannot be excluded! – For more details, please refer to section 4.3 of this privacy policy.
For further information, please refer to Facebook’s data policy at https://en-gb.facebook.com/policy.php.
For specific information on Facebook Pixels, please refer to https://en-gb.facebook.com/business/help/742478679120153?id=1205376682832142.
Legal basis: Art. 6 para. 1 lit. a GDPR
8 Google Services
We have signed a contract with Google Ireland Limited (“Google”), a company incorporated and operated under the laws of Ireland (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland. Nevertheless, it may happen that data is transmitted from Europe to the USA, over which we as a company have no influence.
With this service, a transfer of personal data to the USA cannot be excluded! – For more details, see section 4.3 of this privacy policy.
Legal basis: Art 6 para 1 lit a GDPR
8.1 Google Analytics
This website uses the function “Activation of IP anonymization” (i.e. Google Analytics has been extended by the code “gat._anonymize Ip();” to ensure anonymized collection of IP addresses (so-called IP masking)). This means that your IP address is shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
According to Google, Google will use the information obtained to evaluate your use of the website, to compile reports on website activity and to provide us with other services related to website and internet use. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. Google may, however, transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. You can prevent the storage of cookies by setting your browser software accordingly. However, we would like to point out that in this case you may not be able to use all the functions of the website to their full extent. Furthermore, you can prevent the collection of the data generated by the cookie and related to your use of the websites (including your anonymized IP address) by Google as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link (https://tools.google.com/dlpage/gaoptout?hl=en).
For more information on the terms of use and data protection, please visit https://marketingplatform.google.com/about/analytics/terms/us/ or https://support.google.com/analytics/answer/6004245?hl=en.
8.2 Google Analytics Conversion Tracking (Google Ads)
This website also uses Google Conversion Tracking. Google Ads sets a cookie on your computer if you have accessed our website via a Google advertisement. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of the Ads client’s website and the cookie has not yet expired, Google and the client can recognize that the user clicked on the ad and was redirected to that page. Each Ads client receives a different cookie. Cookies can therefore not be tracked across Ads clients’ websites. The information obtained using the conversion cookie is used to create conversion statistics for Ads clients who have opted into conversion tracking. Ads clients learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that personally identifies users. If you do not wish to participate in the tracking procedure, you can also refuse the setting of a cookie required for this – for example, via a browser setting that generally deactivates the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser so that cookies from the domain “www.googleadservices.com” are blocked. Google’s privacy policy can be found here.
When you use SSL search, Google’s encrypted search feature, the search terms are usually not sent as part of the URL in the referring URL. However, there are some exceptions to this, for example if you are using certain fewer common browsers. For more information on SSL search, click here. Search queries or information in the referral URL could also be viewed through Google Analytics or an application programming interface (API). In addition, advertisers may receive information about the exact search terms that triggered a click on an ad. https://policies.google.com/faq?hl=en
8.3 Google Doubleclick
The website uses the online marketing tool DoubleClick. To help AdWords customers and publishers serve and manage ads on the web, the Google advertising network and certain Google services may be used. DoubleClick uses cookies to serve ads that are relevant to users, to improve campaign performance reports, or to prevent a user from seeing the same ads more than once. Google uses a cookie ID to record which ads are shown in which browser and can thus prevent them from being shown more than once. In addition, DoubleClick can use cookie IDs to record so-called conversions that are related to ad requests. This is the case, for example, when a user sees a DoubleClick ad and later calls up the advertiser’s website with the same browser and buys something there. According to Google, DoubleClick cookies do not contain any personal information. Due to the marketing tools used, your browser automatically establishes a direct connection with Google’s server. We have no influence on the scope and further use of the data collected by Google using this tool and therefore inform you according to our state of knowledge: Through the integration of DoubleClick, Google receives the information that you have called up the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider may obtain and store your IP address.
8.4 Google Fonts
We use Google Fonts. To ensure a uniform and appealing display of the fonts and icons, your browser loads the required fonts into your browser cache. To do this, it is necessary for the browser you are using to contact the Google Fonts servers, which results in Google Fonts becoming aware that our website has been accessed via your IP address.
You can find out what data is collected by Google and what it is used for at https://policies.google.com/privacy?hl=en
8.5 Google Gstatic
Gstatic is a domain used by Google to load static content into another domain name to reduce bandwidth usage and increase network performance for the end user.
8.6 Google reCaptcha
We use Google’s reCaptcha service to determine whether a human or computer is making a particular entry in our contact or newsletter form. Google uses the following data to check whether you are a human or a computer: IP address of the terminal device used, the website you visit with us on which the captcha is embedded, the date and duration of the visit, the recognition data of the browser and operating system type used, Google account if you are logged in to Google, mouse movements on the reCaptcha areas and tasks that require you to identify images.
9 LindkedIn Insights
Our website uses functions of the social media network LinkedIn. The provider is LinkedIn Corporation, 1000 Weste Maude Avenue Sunnyvale, CA 94085 USA.
With this service, a transfer of personal data to the USA cannot be excluded! – For more details, see section 4.3 of this privacy policy.
The LinkedIn Insight tag enables the collection of data on visits to our website, including URL, referrer URL, IP address, device and browser properties, timestamps and page views. This data is encrypted, anonymized within seven days and the anonymized data is deleted within 90 days. LinkedIn does not share any personal data with us, but only provides aggregate reports on website audience and ad performance. LinkedIn also provides retargeting for website visitors, so we can use this data to display targeted ads outside of our website without identifying the member. LinkedIn members can control the use of their personal data for advertising purposes in their account settings. You can find LinkedIn’s privacy policy here: https://www.linkedin.com/legal/privacy-policy
Legal basis: Art. 6 para. 1 lit. a GDPR
10 Server log files
To optimize this website in terms of system performance, user-friendliness, and the provision of useful information about our services, the website provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. This includes the internet protocol address (IP address) of the requesting computer (including mobile devices), browser and language setting, operating system, referrer URL, your internet service provider and date/time.
This data is not merged with personal data sources. We reserve the right to check this data retrospectively if we become aware of specific indications of unlawful use and to pass on the data to the law enforcement authorities if there has been a hacking attack. The data will not be passed on to third parties beyond this.
Legal basis: Art. 6 para. 1 lit. f GDPR
11 YouTube
We operate a YouTube channel and have integrated YouTube videos into our website, which are stored on http://www.YouTube.com. When you watch one of our YouTube videos, a connection to YouTube servers is established. This tells YouTube which pages you are visiting. The operating company of YouTube is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The use of this service results in the transfer of personal data to the USA, or such a transfer cannot be excluded! – For more details, see section 4.3 of this privacy policy.
Further information on data protection at “YouTube” can be found in the provider’s privacy policy at: https://policies.google.com/privacy?hl=en&gl=de.
Legal basis: Art 6 para 1 lit a GDPR
12 Your Rights
You have the following rights in relation to the personal data concerning you:
- Right to of access, right to rectification and erasure,
- Right to restriction of processing
- Right to object to processing
- Right to data portability
- Right to lodge a complaint with the Austrian Data Protection Authority, Barichgasse 40 – 42, 1030 Vienna, telephone: +43 1 52 152-0, e-mail: dsb@dsb.gv.at.
If you are of the opinion that we have violated Austrian or European data protection law when processing your data and thereby infringe your rights, we request that you contact us to clarify any questions you may have.
For this purpose, please direct your enquiries and concerns by e-mail to office@tyromotion.com or contact us using the contact details provided.
13 Changes to this privacy policy
We reserve the right to make changes to our privacy policy from time to time. We will post any changes to the Privacy Policy on this page. Please always refer to the current version of our privacy policy.