1.1 Terminology used
‘Personal data’ is all information that relates to an identified or identifiable natural person (hereinafter referred to as the ‘data subject’). An identifiable natural person is a natural person who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of said natural person.
‘Processing’ refers to any operation or set of operations performed on personal data, whether or not by automated means. This is a broad term that covers virtually all handling of data.
The ‘controller’ is defined as the natural or legal person, public authority, agency or other body which alone or together with others makes decisions regarding the purpose and means of processing personal data.
Please see Art. 4 of the General Data Protection Regulation (GDPR) for further terminology.
1.2 Name and address of the controller
The controller, as defined by the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States together with any other data protection provisions, is
Getzner Textil Aktiengesellschaft (referred to as ‘we’ or ‘us’)
T +43 5552 601-0
F +43 5552 65650
and affiliated companies of the controller:
- Herbert Kneitz GmbH, Bad Mitterndorf, Austria – www.kneitz.at
- TFE Textil GmbH, Bludenz, Austria – www.tfe.at
- WR Weberei Russikon AG, Russikon, Switzerland – www.weberei-russikon.ch
- Getzner Handel GmbH, Lustenau, Austria – www.getzner-boutique.at
- Getzner Textil Weberei GmbH, Gera, Germany – www.getzner.at
- E. Schoepf GmbH, Stammbach, Germany – www.e-schoepf.de
- SR Webatex GmbH i.L., Bayreuth, Germany – www.getzner-technics.at
The data we collect is passed onto our subsidiaries and any sales partners only if this data processing is necessary for us to perform the business activity (purpose limitation).
1.3 Getzner Textil Group Data Protection Officer
The Getzner Textil Group Data Protection Officers and Coordinators are:
Getzner Textil AG Data Protection Coordinator
T +43 5552 601-0
Herbert Kneitz GmbH Data Protection Coordinator
8983 Bad Mitterndorf
T +43 5552 601-0
TFE Textil GmbH Data Protection Coordinator
T +43 5552 601-0
WR Weberei Russikon AG Data Protection Coordinator
T +43 5552 601-0
Getzner Handel GmbH Data Protection Coordinator
T +43 5552 601-0
Getzner Textil Weberei GmbH Data Protection Officer
Lange Straße 73
T +49 351 4250280
E. Schoepf GmbH Data Protection Officer
T +49 925680-0
SR Webatex GmbH i.L. Data Protection Officer
T +49 711 469 0580
1.4 Details of the personally identifiable data we process
We collect the following information to allow us to perform our business activities:
- Inventory data (e.g. names, addresses)
- Contact details (e.g. email address, telephone numbers)
- Application data of all types (e.g. photos, CVs, certificates)
- Content data (e.g. text entered, photographs, videos)
- Usage data (e.g. websites visited, interest in content, access times)
- Meta/communication data (e.g. device information, IP addresses)
You are not legally obliged to actually provide the data we ask you for. However, if you fail to do so, you will not be able to use all of the website’s features.
1.5 Categories of data subjects
These include visitors to and users of the online services, prospective candidates, customers and suppliers. In the following, we also refer to these data subjects collectively as ‘users’.
1.6 Purpose of the processing/performance of the business activity
- To provide, improve and further develop the website, its functions and its content
- To respond to contact requests and to communicate with users
- To initiate business
- To process your job application (if you apply via our application portal)
- Security measures to enable us to identify, prevent and investigate attacks on our website
- To measure reach, and compile usage statistics; for marketing
1.7 Legal bases for the processing
1.8 Collaboration with processors and third parties
Where, in the course of our processing, we disclose data to other people and organisations (processors or third parties), transmit these data to them, or otherwise grant them access to these data, this is solely on the basis of legal permission (e.g. where data needs to be transmitted to a third party such as a payment services provider pursuant to Art. 6(1)(b) GDPR to fulfil the contract), your consent, a legal obligation, or on the basis of our legitimate interest (e.g. when using agents, web hosts, etc.).
If we commission third parties with the processing of data on the basis of a so-called ‘order processing agreement’, we do so on the basis of Art. 28 GDPR.
1.9 Transmission to third countries
Where we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), or if this happens in the context of the use of third-party services or disclosure, or transfer of data to third parties, this is done only to fulfil our (pre)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or commission the processing of data in a third country only in the particular circumstances as set out in Art. 44 ff. GDPR. Thus, the processing is carried out, for example, on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to that of the EU (e.g. for the USA through the ‘Privacy Shield’) or compliance with officially recognised special contractual obligations (so-called ‘standard contractual clauses’).
1.10 Erasure of data
1.11 Data protection with respect to applications and during the application process
The controller collects and processes the personal data of applicants for the purpose of handling the application process. Processing may also take place by electronic means, in particular when an applicant submits the corresponding application documents to the processing controller by electronic means, for example via email or via a web form on the website. If the controller concludes an employment contract with an applicant, the data submitted for the purpose of progressing the employment relationship are stored in compliance with the statutory provisions, including GDPR. If we do not conclude an employment contract with the applicant, the application documents will be automatically erased six months after notification of the rejection decision, provided no other legitimate interests of the controller prevent erasure.
1.12 Rights of the data subject
As a data subject who is affected by the processing of your data, you may assert certain rights with us in accordance with GDPR and other relevant data protection provisions. The following section explains your rights as a data subject pursuant to GDPR. Depending on the nature and scope of your request, we will ask you to exercise these rights with us in writing:
1.12.1 Right of access
You may request confirmation from the controller as to whether we process your personal data. If such processing takes place, you may request the following information from the controller:
- The purposes for which personal data are processed
- The categories of personal data which are processed
- The recipients and the categories of recipients to whom your personal data have been or will be disclosed
- The planned period for which your personal data will be stored or, if no concrete details can be provided in this respect, the criteria used to determine the storage period
- The existence of a right to rectification or erasure of your personal data, a right to restriction of the processing by the controller or a right to object to this processing
- The existence of a right to lodge a complaint with a supervisory authority
- All available information concerning the origin of the data where the personal data were not collected from the data subject
- The existence of automated decision-making, including profiling pursuant to Art. 22(1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject
You have the right to request information regarding whether your personal data are transmitted to a third country or an international organisation. In this regard, you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in relation to the transmission of your data.
1.12.2 Right to rectification
You have a right to rectification and/or completion with respect to the controller where your personal data that have been processed are inaccurate or incomplete. The controller must perform the rectification without undue delay.
1.12.3 Right to restriction of processing
You may request restriction of the processing of your personal data under the following circumstances:
- if you contest the accuracy of the personal data for a period enabling the controller to verify the accuracy of the personal data
- if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead
- if the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims, or
- if you have submitted an objection to processing pursuant to Art. 21(1) GDPR and verification is pending as to whether the legitimate grounds of the controller override yours.
Where the processing of your personal data has been restricted, these data – with the exception of their storage – will be processed only with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If processing has been restricted under the circumstances above, you will be informed by the controller before the restriction of processing is lifted.
1.12.4 Right to erasure
a) Obligation to erase
You may ask the controller to erase your personal data without undue delay and the controller is obliged to erase said data without undue delay where one of the following grounds applies:
- Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
- You withdraw consent on which the processing is based pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR and there is no other legal basis for the processing.
- You object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR.
- Your personal data were processed unlawfully.
- Your personal data have to be erased to comply with a legal obligation in Union or Member State law to which the controller is subject.
- Your personal data have been collected in relation to the offer of information society services pursuant to Art. 8(1) GDPR.
b) Information provided to third parties
Where the controller has made your personal data public, and is obliged pursuant to Art. 17(1) GDPR to erase said data, the controller, taking account of available technology and the cost of implementation, must take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of these personal data.
There is no right to erasure where the processing is necessary
- to exercise the right of freedom of expression and information
- to comply with a legal obligation which requires processing by Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
- for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) as well as Art. 9(3) GDPR
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to. Art. 89(1) GDPR, insofar as the right referred to under section a) is likely to render impossible or seriously impair the achievement of the objectives of this processing, or
- to establish, exercise or defend legal claims.
1.12.5 Right to be informed
If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients, to whom your personal data have been disclosed, of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed of these recipients by the controller.
1.12.6 Right to data portability
You have the right to receive the personal data you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transmit these data to another controller without hindrance from the controller to which the personal data have been provided, where
- the processing is based on consent pursuant to. Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to. Art. 6(1)(b) GDPR, and
- the processing is carried out by automated means.
In exercising this right, you further have the right to have your personal data transmitted directly from one controller to another, where this is technically feasible. This must not affect the freedoms and rights of other persons. The right to data portability does not apply to processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
1.12.7 Right to object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data which is based on Art. 6(1)(e) or (f); this applies equally to profiling based on these provisions. The controller no longer processes your personal data unless the controller can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or to establish, exercise or defend legal claims. If your personal data are processed for direct marketing purposes, you have the right to object to the processing of your personal data for the purposes of such marketing at any time; this applies equally to profiling to the extent that it is related to such direct marketing. If you object to processing for the purposes of direct marketing, your data will no longer be used for these purposes. In the context of the use of Information Society Services – and notwithstanding Directive 2002/58/EC – you have the opportunity to exercise your right to object by automated means using technical specifications.
1.12.8 Right to withdraw the statement of consent under data protection law
You have the right to withdraw your statement of consent under data protection law at any time. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent up until the time of withdrawal.
1.12.9 Automated individual decision-making
You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects for you or similarly significantly affects you.
This does not apply where the decision
- is necessary for entering into, or the fulfilment of, a contract between you and the controller,
- is authorised by Union or Member State law to which the controller is subject, and the controller implements appropriate measures to safeguard your rights and freedoms as well as your legitimate interests, or
- is based on your explicit consent.
However, these decisions may not be based on special categories of personal data pursuant to Art. 9(1) GDPR, unless Art. 9(2)(a) or (g) applies, and appropriate measures have been implemented to safeguard your rights and freedoms as well as your legitimate interests.
With respect to the situations specified in (9.1.) and (9.3.), the controller implements appropriate measures to safeguard your rights and freedoms and your legitimate interests, including at least the right to obtain the intervention of a person on the part of the controller, to express a personal point of view and to contest the decision.
1.12.10 Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR. The supervisory authority with which the complaint has been lodged informs the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
1.13 Video surveillance (in the respective company)
For visitors, employees and other individuals in the area monitored.
The following content informs you about the processing of personal data – in this case, images of individuals, information on the behaviour of individuals and factual information (e.g. vehicle registration numbers) (hereinafter referred to as ‘data’) – in the context of video surveillance carried out in the companies.
Getzner Textil Aktiengesellschaft
Herbert Kneitz GmbH
8983 Bad Mitterndorf
TFE Textil GmbH
WR Weberei Russikon AG
Getzner Handel GmbH
Getzner Textil Weberei GmbH
Lange Straße 73
E. Schoepf GmbH
SR Webatex GmbH i.L.
1.13.2 Purpose and relevant legal basis
Data are processed on the basis of a legitimate interest pursuant to Art 6(f) GDPR. Legitimate interests include in particular:
- Video surveillance for the purpose of protecting property (to protect property belonging to the companies as well as employees and to meet our responsibility to protect (to comply with traffic safety obligations, contractual liability with respect to customers etc.)) as well as
- to prevent, contain and provide intelligence on relevant criminal behaviour where this affects the controller’s area of responsibility, and which is reviewed only in the circumstance defined in the purpose.
- Video surveillance (in real-time) of individual production plants for the purpose of smooth production processes.
1.13.3 Collaboration with processors and third parties
If we transmit data to other persons and companies (order processors or third parties) within the scope of our processing, or otherwise grant them access to the data, this is done only on the basis of legal permission, your consent (Art. 6(1)(a) GDPR), if prescribed by a legal obligation (Art. 6(1)(c) GDPR) or on the basis of our legitimate interest (e.g. when using agents, web hosts, etc.) (Art. 6(1)(f) GDPR).
Where we commission third parties with the processing of data on the basis of a so-called ‘order processing agreement’, we do so on the basis of Art. 28 GDPR.
1.13.4 Transmission to third countries
Transmission to recipients in a third country is currently not planned. If we nevertheless process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), or if this happens in the context of third-party service or disclosure, this is done only on the basis of (pre)contractual obligations (Art. 6(1)(b) GDPR), on the basis of your consent (Art. 6(1)(a) GDPR), on the basis of a legal obligation (Art. 6(1)(c) GDPR) or on the basis of our legitimate interest (Art. 6(1)(f) GDPR). Subject to legal or contractual permissions, we process or commission the processing of data in a third country only in the particular circumstances as set out in Art. 44 ff. GDPR. Thus, the processing is carried out, for example, on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to that of the EU (e.g. for the USA through the ‘Privacy Shield’) or compliance with officially recognised special contractual obligations (so-called ‘standard contractual clauses’).
1.13.5 Data retention period
Data are generally retained for 72 hours, and in justified cases in accordance with the works agreement, and where required for the duration of managing the process.
1.13.6 Rights of the data subject
As the data subject, you in general have the right to be informed, to rectification, erasure, restriction and objection. To exercise your rights, please contact the controller (using the contact details above).
If you believe that the processing of your data infringes data protection legislation, or that your rights under data protection law have otherwise been breached, you have the option to lodge a complaint with the data protection authority.
2. Online-specific data protection topics
Getzner Textil Aktiengesellschaft operates the following websites:
Below is detailed information about how to disable cookies in common browsers:
Rejecting cookies may restrict the functions on this online service!
The hosting services we use serve to provide the following services: Infrastructure and platform services, processing capacity, storage place and database services, security services as well as technical maintenance services which we use for the purpose of operating this online service. As part of this, we or our hosting provider process inventory data, contact details, content data, contract data, usage data, meta and communication data of customers, prospects and visitors to this online service on the basis of our legitimate interest in the efficient and secure provision of this online service pursuant to. Art. 6(1)(f) GDPR in conjunction with Art. 28 GDPR (conclusion of an order processing contract).
2.3 Collection of access data and log files
On the basis of our legitimate interest as defined by Art. 6(1)(f) GDPR, we (or our hosting provider) collect data about every access to the server on which this service is located; these are called server log files. These access data include the name of the website visited, file, date and time of access, volume of data transferred, notification of successful access, browser type and version, the user’s operating system, the referrer URL (the page visited beforehand), the IP address and the requesting provider.
For security reasons (to resolve misuse or fraudulent activities, for example), log file information is stored for a maximum duration of 7 days and then erased. Data that need to be stored for a longer period for the purpose of evidence are exempt from erasure until the specific incident is finally resolved.
2.4 Google Analytics
Google will use this information on our behalf to analyse the use of our online service by users, to compile reports about activities within this online service, and to provide us with additional services associated with the use of this online service and use of the internet. Pseudonymous usage profiles for users can then be compiled from the data that are processed.
We use Google Analytics with IP anonymisation activated. This means that the user’s IP address is truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional circumstances is the full IP address transmitted to a Google server in the USA and truncated there.
The IP address transmitted from the user’s browser is not merged with other Google data. Users can prevent cookies from being saved via the corresponding setting in their browser software. In addition, users can prevent Google from collecting the data generated by the cookie and relating to their use of the online service, and the processing of this data by Google by downloading and installing the browser plug-in available under this link.
You can find more information about Google’s use of data, settings and objection options on the following Google websites:
- ‘How Google uses data when you use sites or apps provided by our partners’
- ‘Use of data for advertising purposes’
- ‘Manage the information that Google uses to show you advertisements’
2.5 Facebook-Pixel, Custom audiences und Conversion
On our website, we use social network Facebook’s so-called ‘Facebook pixel’, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA or, if you are a resident in the EU, by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (‘Facebook’).
2.5.1 Scope of the processing
Facebook uses the Facebook pixel to define visitors to our online service as a target group that will then see specific advertisements (‘Facebook ads’). We therefore use the Facebook pixel to show our Facebook advertising campaigns only to those Facebook users who have also shown an interest in our online service or have certain characteristics (e.g. they have shown an interest in specific subjects or products, which are determined on the basis of the websites they have visited) which we communicate to Facebook (known as ‘custom audiences’). We also use the Facebook pixel to ensure that our Facebook ads meet the user’s potential interests and do not irritate them. The Facebook pixel also helps us to monitor the effectiveness of our Facebook advertising campaigns for statistical and market research purposes, as we can see whether users visit our website after clicking on a Facebook advertisement (known as ‘conversion’). Facebook processes the data within the scope of the Facebook data usage policy. You will find general information about how Facebook ads are displayed in the Facebook data usage policy. You can find specific information and details about the Facebook pixel on Facebook’s help pages.
2.5.2 Lawfulness of processing
The legal basis for the processing of a user’s personal data is Art. 6(1)(f) GDPR on the basis of our legitimate interest in the analysis, optimisation and economic operation of our online service.
2.5.3 Processing purpose
Legal basis: Facebook is certified under the Privacy Shield agreement and therefore guarantees compliance with European data protection legislation.
2.5.4 Duration of storage
The data will be irretrievably erased as soon as we no longer need it for tracking purposes. This is the case after 24 months.
2.5.5 Opt-out (objection and erasure option)
2.6 Online profiles on social media
We maintain online profiles on social networks and platforms so that we can communicate with customers, prospects and users who are active there and be able to inform them about our services. When the respective networks and platforms are accessed, the terms and conditions and data processing guidelines of the respective operators apply.
2.7 Integration of third-party services and content
As part of our online service, we use content or service providers on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online service as defined by Art. 6(1)(f) GDPR) to integrate content or services offered by third-party providers, such as videos or typefaces (hereinafter consistently referred to as ‘content’).
This is always subject to the third-party providers of this content being aware of the user’s IP address as they would be unable to send the content to the user’s browser without the IP address. The IP address is therefore necessary for displaying this content. We make every effort to use only such content whose respective providers use the IP address solely to deliver the content. Third-party providers may also use so-called ‘pixel tags’ (invisible graphics, also known as ‘web beacons’) for statistical or marketing purposes. These ‘pixel tags’ can be used to analyse information, such as visitor traffic, on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online service, as well as being linked to such information from other sources.
We integrate videos from the ‘YouTube’ platform provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
2.9 Social Media Plugins
We use social media plug-ins (e.g. for Facebook, Google+, Twitter, LinkedIn or Xing).
These plug-ins are disabled (‘greyed out’). You enable such a plug-in by clicking on it. This will initially transmit your IP address, our website’s URL and cookies to the respective social media service. If you actually want to make use of the plug-in and its features, you need to click on it a second time. We have no detailed knowledge of the purpose and extent of the data collected by the social media service and of how the service processes and uses this data further; this depends on the plug-in features and the social media service’s data protection provisions.