Data protection

You have extensive rights under the General Data Protection Regulation, such as

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)
• Right to withdraw consent (Art. 7 para. 3 GDPR)
• Right to lodge a complaint (Art. 77 GDPR)

To exercise your rights, please contact us.

We cannot process requests from data subjects without first successfully establishing their identity. For this reason, we kindly ask you to support us in establishing your identity and to enclose a copy of your ID with your request.

If you are of the opinion that the processing of your data violates data protection regulations or that your data protection rights have been violated in any other way, you can lodge a complaint with the supervisory authority. In Austria, this is the Data Protection Authority, Barichgasse 40-42 1030 Vienna.

Online contact form

You can use a contact form to send us enquiries, suggestions and requests. In order to contact us, it is necessary for you to send us your data.

You must also enter a text in the corresponding field.

You acknowledge that the aforementioned data will be processed by us for the purpose of processing or responding to your enquiry. We cannot process your request without this information.

Legal basis:

• Consent pursuant to Art. 6 para. 1 lit.a GDPR
• Contract fulfilment or pre-contractual measure pursuant to Art. 6 para. 1 lit. b GDPR

Duration of storage:

• Until the purpose has been achieved
• 7 years from receipt of the enquiry (for tax-related enquiries)

By sending us your application, you expressly agree that we process your personal data and are authorised to process and use it. Disclosure, processing and use are limited to the purposes of recruitment and personnel administration.

Processing may also be carried out electronically. This is particularly the case if you have submitted your application documents electronically, for example by e-mail or via our career portal.

If the application results in a contract of employment, your submitted data will be processed in compliance with the statutory provisions.

However, if no employment contract is concluded, your application documents will be deleted after a 6-month retention period in accordance with the law, provided that no other legitimate interests prevent deletion.

Legal basis:

• Your consent pursuant to Art. 6 para. 1 lit a GDPR
• Contract fulfilment or pre-contractual measures pursuant to Art. 6 para. 1 lit. b GDPR

Duration of storage:

• 6 months from cancellation; possibly longer if we have your consent (max. 18 months)

When you visit this website, the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is collected without any action on your part and stored until it is automatically deleted

• IP address of the requesting computer,
• Date and time of access,
• Name and URL of the retrieved file,
• Origin website (referrer URL),
• the browser used and, if applicable, the operating system of your computer and the name of your access provider.

The possibility of using this data for purposes such as

• ensuring a smooth connection to the website,
• ensuring the convenient use of our website,
• analysing system security and stability and
• for further administrative purposes

is currently performed by us. Under no circumstances will the data collected be used to draw conclusions about your person.

Legal basis:

• Our legitimate interests pursuant to Art. 6 para. 1 lit.f GDPR

Duration of storage:

• 6 months from creation

Our website uses so-called cookies. These are small text files that are stored on your end device with the help of the browser. They do not cause any damage.

We use cookies to make our website more user-friendly. Some cookies remain stored on your end device until you delete them. They enable us to recognise your browser on your next visit.

If you do not want this, you can set up your browser so that it informs you about the setting of cookies and you only allow this in individual cases.

If you deactivate cookies, the functionality of our website may be restricted.

Data transfer to third parties

Your personal data will not be transferred to third parties for purposes other than those listed below.

We only pass on your personal data to third parties if:

• you have given your express consent in accordance with Art. 6 para. 1 lit. a GDPR,
• the disclosure pursuant to Art. 6 para. 1 lit. f GDPR is necessary to safeguard operational interests and for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
• in the event that there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 lit. c GDPR and
• this is legally permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 lit. b GDPR

The controller may disclose your personal data to suppliers who provide services on our behalf in accordance with our instructions.

The controller may also share your personal data with our affiliated companies and partners.

In addition, the controller may disclose your personal data if we are required to do so by law, regulation or governmental authority, or if we believe that disclosure is necessary or appropriate to prevent physical harm or financial loss.

The controller reserves the right to transfer personal data we hold about you if we sell or transfer all or part of our business or assets (including in the event of reorganisation, dissolution or liquidation).

Data transfers

The controller may also transfer your personal data to countries outside the country in which the information was originally collected. These countries may not have the same data protection laws as the country in which you originally provided the personal data. If we transfer your information to other countries, we will protect that information as described in this Privacy Policy and those transfers will be governed by applicable law.

The countries to which we transfer the personal data are

• within the European Union or
  – outside the European Union

When we transfer personal data from the European Union to countries or international organisations outside the European Union, the transfer is made on the basis

• an adequacy decision of the European Commission;
• In the absence of such a decision, on other legally permissible grounds such as the existence of a legally binding and enforceable document between the authorities or public bodies, binding corporate rules, standard data protection clauses and approved or certified codes of conduct.

In exceptional cases, data may also be transferred on the basis of Art. 49 GDPR:

• 49 para. 1 lit. a GDPR
  the data subject has expressly consented to the proposed data transfer after having been informed of the potential risks of such data transfers for them without an adequacy decision and without appropriate safeguards,
49 para. 1 lit. b GDPR
the transfer is necessary for the performance of a contract between the data subject and the controller or in order to take steps at the request of the data subject prior to entering into a contract,49 para. 1 lit. c GDPR
the transfer is necessary for the conclusion or fulfilment of a contract concluded by the controller with another natural or legal person in the interest of the data subject.

Data protection officer pursuant to Art. 37 ff GDPR

SCHLOSS MITTERSILL is a private company. We have appointed the following data protection officer to protect your data:

Mr Ronald Kopecky
KOMDAT Datenschutz GmbH
privacy@komdat.at

Google Maps

We use the maps of the service “Google Maps” of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

Google Fonts

We use fonts (“Google Fonts”) from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

Google ReCaptcha

We use the “ReCaptcha” function to prevent bots from making entries in online forms, for example. It is offered by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

Web analysis

Our website uses functions of the web analysis service Google Analytics. The provider is Google Inc. based at 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Cookies are used to analyse the use of the website by its users. The information generated in this way is transferred to the Google server in the USA and stored there. You can prevent this by configuring your browser so that no cookies are stored.

We have concluded a corresponding contract with the provider for order data processing.

Our concern within the meaning of the GDPR (legitimate interest) is the improvement of our offer and our website. As the privacy of our users is important to us, the user data is pseudonymised.

Your IP address is recorded but immediately pseudonymised (e.g. by deleting the last 8 bits). This means that only a rough localisation is possible.

Data processing is carried out on the basis of the legal provisions of § 96 para. 3 TKG and Art. 6 para. 1 lit a (consent) and/or f (legitimate interest) of the GDPR.

Google has been subject to an adequacy decision (implementing acts) of the EU Commission since 10 July 2023. The EU Commission continuously monitors developments in the relevant third countries and revokes, amends or suspends the decisions by means of implementing acts if there is information that the third country does not guarantee an adequate level of protection. Below you will find the link to the adequacy decision for the USA (EU-US Data Privacy Framework – https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en)

The user data is stored for a period of 14 months.

You can find detailed information on the use of data by Google, your options for settings and objections on the following Google websites: https://www.google.com/intl/de/policies/privacy/partners (“Data use by Google when you use our partners’ websites or apps”), http://www.google.com/policies/technologies/ads (“Use of data for advertising purposes”), https://adssettings.google.de/ “Manage information that Google uses to show you advertising”).

Google re/marketing services

Our concern within the meaning of the GDPR (legitimate interest) is the improvement of our offer and our website. We therefore use the marketing and remarketing services (“Google Marketing Services” for short) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”).

Google is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

With the help of Google Marketing Services, we can display adverts for and on our website in a targeted manner in order to present users only with adverts that potentially reflect their interests. To do this, Google executes a code and uses so-called (re-)marketing tags, with the help of which an individual cookie is stored in the user’s browser. For the use of cookies, see above.

The information collected can also be combined by Google with such information from other sources. If the user subsequently visits other websites, they can be shown adverts tailored to their interests.

In addition, the IP address of the user is recorded via Google Analytics, but immediately pseudonymised (e.g. by deleting the last 8 bits). This means that only a rough localisation is possible, the ads are not managed and displayed for a specific person, but for the cookie owner, regardless of who this cookie owner is. Of course, this does not apply if a user has expressly allowed Google to process the data without this pseudonymisation. The information collected by Google marketing services about users is transmitted to Google and stored on Google’s servers in the USA. The user’s IP address is not merged with the user’s data within other Google services.

Among other things, we use cookies from the Google marketing service “Google AdWords”; we may display third-party adverts on the basis of the Google marketing service “AdSense” and its cookies. Further information on the use of data for marketing purposes by Google can be found at https://policies.google.com/technologies/ads, Google’s privacy policy is available at https://www.google.com/policies/privacy.

We also use the “Google Tag Manager” to integrate the analysis and marketing services offered by Google into our website and to manage them centrally.

Youtube

Videos from the YouTube platform may also be integrated into our website. They are offered by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Privacy policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.

Mouse tracking

Our concern within the meaning of the GDPR (legitimate interest) is the improvement of our offer and our website. We therefore use Hotjar to better understand the needs of our users and to optimise the offer on this website. With the help of Hotjar technology, we gain a better understanding of our users’ experiences (e.g. how much time users spend on which pages, which links they click on, what they like and dislike, etc.) and this helps us to tailor our offering to our users’ feedback. Hotjar works with cookies (see above) and other technologies to collect information about the behaviour of our users and their end devices (in particular IP address of the device (is only recorded and stored in anonymised form), screen size, device type (unique device identifiers), information about the browser used, location (country only), preferred language for displaying our website). Hotjar stores this information in a pseudonymised user profile. The information is not used by Hotjar or by us to identify individual users or merged with other data about individual users. Further information can be found in Hotjar’s privacy policy: https://www.hotjar.com/legal/policies/privacy.

You can object to the storage of a user profile and information about your visit to our website by Hotjar and the setting of Hotjar tracking cookies on other websites by clicking on this opt-out link.

You have the option of subscribing to our newsletter via our website. In order to provide you with targeted information, we may also collect and process additional information that users provide voluntarily.

To send you our newsletter, we need your e-mail address and your declaration that you agree to receive the newsletter. As soon as you have registered for the newsletter, we will send you a confirmation e-mail with a link to confirm your registration.

You can cancel your subscription to the newsletter at any time. Please send your cancellation to the following email address: [EMAIL ADDRESS].

We will then immediately delete your data in connection with the newsletter dispatch.

Online presence in social media

We operate online presences within social networks and platforms in order to be able to communicate with users, interested parties and customers who are active there. When accessing these networks and platforms, the terms and conditions and data processing guidelines of the respective operators apply.

Unless otherwise stated in our privacy policy, we process users’ data when they communicate with us on social networks and platforms.

Use of Facebook social plugins

Our concern within the meaning of the GDPR (legitimate interest) is the improvement of our offer as well as the analysis, optimisation and economic operation of our website. We therefore use social plugins (“plugins”) from the social network facebook.com, which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The plugins can display content such as graphics, text contributions or videos or elements for interaction on the website. You can recognise them by one of the Facebook logos (“f” on a corresponding background, the “thumbs up” sign or the terms “Like” or “Gefällt mir”) or the label with the addition “Facebook Social Plugin”. You can view the list and appearance of the Facebook social plugins here: https://developers.facebook.com/docs/plugins/.

Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

Further information regarding data collection by Facebook, the further processing and use of the data as well as user rights and setting options to protect privacy can be found in Facebook’s data protection information: https://www.facebook.com/about/privacy/.

Instagram

Content and functions of the Instagram service may be integrated into our online offering. They are offered by Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA. This may include, for example, content such as images, videos or texts and buttons with which users can react to the content. If the users are members of Instagram, Instagram can assign the access to the content and functions to the respective profiles of the users. Instagram privacy policy: http://instagram.com/about/legal/privacy/.

LinkedIn

Content and functions of the LinkedIn service may be integrated into our online offering. They are offered by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. This may include, for example, content such as images, videos or texts and buttons with which users can react to the content. If the users are members of LinkedIn, LinkedIn can assign the access to the content and functions to the respective profiles of the users. LinkedIn privacy policy: https://www.linkedin.com/legal/privacy-policy.

LinkedIn is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active).

To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL) via HTTPS. You can recognise an encrypted connection by the character string “https://” and the lock symbol in your browser line

We reserve the right to make changes or additions to the information content at any time and without prior notice. If sections or individual terms of this statement are not legal or correct, the content or validity of the other parts remain uninfluenced by this fact.