^

PRIVACY POLICY OF VIVATIS HOLDING AG

The protection of your personal data is of particular importance to us. We process your personal data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Data Protection Act. Below, we will inform you about our company as well as the type, scope, and purpose of data collection and use in accordance with the provisions of the GDPR:

The contact details of those responsible for data processing are as follows:

VIVATIS Holding AG
Lindengasse 8
4040 Linz
+43 (0)732/771933
datenschutz@vivatis.at

PRIVACY POLICY

Our privacy policy explains:

  • what information we collect and why
  • how we use this information
  • your rights as a data subject

LEGAL BASIS FOR DATA PROCESSING

The controller processes personal data solely on one of the following legal bases:

  • your consent
  • contractual obligations
  • legitimate interest

Data is processed on the website exclusively on the basis of the legal provisions (GDPR, TKG 2021).

RIGHTS OF DATA SUBJECTS

You have comprehensive rights under the General Data Protection Regulation, such as:

  • right of access (Art. 15 GDPR)
  • right to rectification (Art. 16 GDPR)
  • right to erasure (Art. 17 GDPR)
  • right to restriction of processing (Art. 18 GDPR)
  • right to data portability (Art. 20 GDPR)
  • right to object (Art. 21 GDPR)
  • right to withdraw consent (Art. 7(3) GDPR)
  • right to lodge a complaint (Art. 77 GDPR)

To exercise your rights, please contact:

• e-mail: datenschutz@vivatis.at


* Please include an official copy of your ID!

We cannot process requests from affected persons without prior successful identity verification. For this reason, we kindly ask you to assist with the identity verification process.

If you believe that the processing of your data violates data protection regulations or that your data protection rights have been infringed upon in any other way, you may lodge a complaint with the supervisory authority. In Austria, this is the Data Protection Authority, Barichgasse 40-42, 1030 Vienna.

DATA COLLECTION AND PROCESSING

CONTACT FORM

You can use a contact form to send us inquiries, suggestions and requests. To contact us, you need to provide us with your data:

Additionally, you must enter text in the designated text field.
You acknowledge that the aforementioned data will be processed by us for the purpose of handling and responding to your inquiry. We cannot process your request without this information.

Legal Bases:
• consent pursuant to Art. 6 para. 1 lit. a GDPR
• contract fulfillment or pre-contractual measures pursuant to Art. 6 lit. b GDPR

Retention Period:
• 7 years from receipt of the inquiry

APPLICANT MANAGEMENT TOOL/JOB BOARD

You have the opportunity to apply for a position with us or our Group’s companies via our applicant management tool/job portal. We look forward to receiving your application. We only process the personal data you provide when submitting your application. This includes, in particular: title, first and last name, street, postal code, city, country, nationality, date of birth, telephone number, e-mail address, CV, cover letter, as well as any additional information and documents you choose to share with us.

If you have explicitly given us your consent, your personal data will also be shared with other companies within the VIVATIS Group for an effective, Group-wide evaluation of potential employment and/or your data is retained for a maximum duration of 18 months.

Legal Bases:
• Consent pursuant to Art. 6 para. 1 lit. a GDPR
• Fulfillment of a contract or pre-contractual measures pursuant to Art. 6 para. 1 lit. b GDPR.

Retention Period:

• 6 months following a rejection; potentially longer if explicit consent is provided (maximum of 18 months).

WHISTLEBLOWER SYSTEM

We provide the opportunity on our website to report suspected compliance or legal violations. We use a whistleblowing system for this that is provided by EQS Group GmbH, Siebensterngasse 31/8, 1070 Vienna.

In principle, the whistleblowing system can be used without providing personal data, where legally permissible. However, you can voluntarily disclose personal data during the whistleblowing process, such as your identity, first and last name, country of residence, phone number or e-mail address.

We process your personal data to review the report you submitted through the whistleblowing system and to investigate the alleged compliance and legal violations. In doing so, we may have further questions for you. For this, we only use the whistleblowing system’s messaging platform (secure mailbox). Ensuring the confidentiality of the information you provide is our top priority.

The processing of your personal data is carried out based on the consent you provided when submitting a report through the whistleblower system (Art. 6 para. 1 lit. a GDPR).

Furthermore, we process your personal data insofar as this is necessary to fulfill legal obligations. This includes, in particular, reports concerning matters of criminal law, competition law and labor law (Art. 6 para. 1 lit. c GDPR).

Finally, the processing of your personal data is carried out where it is necessary to protect the legitimate interests of the company or a third party (Art. 6 para. 1 lit. f GDPR).

If you provide us with special categories of personal data, we process these based on your consent (Art. 9 para. 2 lit. a GDPR).

For further details, please refer to the data privacy notice of the whistleblower system.



SERVER LOG

When you access this website, your device’s browser automatically sends information to our website's server. This information is temporarily stored in what is known as a log file. The following information is collected without any action on your part and is stored until it is automatically deleted:

• IP address of the requesting device
• date and time of access
• name and URL of the accessed file
• website of origin (referrer URL)
• browser used, possibly the operating system of your device, and the name of your access provider

We currently take advantage of the possibility of using this data for purposes such as:

• ensuring a smooth connection to the website
• ensuring convenient use of our website
• evaluating system security and stability
• performing other administrative tasks

The collected data is never used to draw conclusions about your identity.

Legal basis:

• our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR

Retention period:

• 6 months from the time of collection

DATA TRANSFER/DATA TRANSMISSION

DATA TRANSFER TO THIRD PARTIES

Your personal data will not be transferred to third parties for purposes other than those listed below.

We only share your personal data with third parties if:

  • you have explicitly consented to this under Art. Art. 6 para. 1 lit. a GDPR,
  • the transfer is necessary under Art. 6 para. 1 lit. f GDPR to safeguard legitimate business interests, to assert, exercise or defend legal claims, and there is no reason to assume that you have an overriding interest that is worthy of not disclosing your data,
  • there is a legal obligation for the transfer under Art. 6 para. 1 lit. c GDPR, or
  • it is legally permissible and necessary under Art. 6 para. 1 lit. b GDPR for the performance of a contract with you.

The controller may share your personal data with service providers acting on our behalf and in accordance with our instructions.

The controller may also share your personal data with our affiliated companies and partners.

Furthermore, the controller may disclose your personal data if required to do so by law, legal proceedings, or governmental regulations, or if we believe that disclosure is necessary or appropriate to prevent physical harm or financial loss.

The controller reserves the right to transfer personal data we hold about you in the event of a sale or transfer of all or part of our business or assets (including in cases of restructuring, dissolution or liquidation).

DATA TRANSFERS

The controller may transfer your personal data to countries outside the country in which the information was originally collected. These countries may have different data protection laws than the country where you initially provided the personal data. When we transfer your data to other countries, we protect it as described in this privacy policy, and such transfers are subject to applicable law.

The countries to which we transfer personal data are:

• within the European Union or
• outside the European Union

When we transfer personal data from the European Union to countries or international organizations outside the European Union, the transfer is based on:

• a decision of adequacy by the European Commission;
• in the absence of such a decision, other legally permissible grounds, such as the existence of a legally binding and enforceable document between authorities or public bodies, binding internal company rules, standard data protection clauses, or approved or certified codes of conduct.

In exceptional cases, data transfers may also be conducted on the basis of Article 49 of the GDPR:

• Art. 49 para. 1 lit. a GDPR
The data subject has explicitly consented to the proposed transfer after having been informed of the potential risks to them of such data transfers due to the absence of an adequacy decision and appropriate safeguards.

• Art. 49 para. 1 lit. b GDPR
The transfer is necessary for the performance of a contract between the data subject and the controller or for the implementation of pre-contractual measures at the request of the data subject.

• Art. 49 para. 1 lit. c GDPR
The transfer is necessary for the conclusion or performance of a contract in the interest of the data subject between the controller and another natural or legal person.

Cookies

Our website does not use cookies.

However, if you wish to use our applicant management tool/job board, a cookie banner will notify you upon clicking the "Job Listings" button that the following functional (i.e., technically necessary) cookies and web analytics cookies are used during your use of the applicant management tool/job board:

Technically necessary cookies:

• sid
Domain name: vivatis-portal.rexx-systems.com. Expiration: 1 hour

Contains an anonymous user ID to associate multiple requests of a user with the same HTTP session.

• cookieconsent status
Domain name: vivatis-portal.rexx-systems.com. Expiration: 30 days

Stores your cookie preferences for this website.


Web analytics cookies:

• pk id*
Domain name: vivatis-portal.rexx-systems.com. Expiration: 13 months

Registers a unique ID for a website visitor to track how the visitor uses the site. The data is used for statistical purposes.

• pk ref*
Domain name: vivatis-portal.rexx-systems.com. Expiration: 6 months

This cookie is used as a reference for the anonymous tracking session on the site.

• pk ses*
Domain name: vivatis-portal.rexx-systems.com. Expiration: 30 minutes

This cookie stores a unique session ID.

• MATOMO SESSID
Domain name: vivatis-portal.rexx-systems.com. Expiration: This session cookie is deleted when the browser is closed

This cookie stores the website visit based on a session or visitor ID.


Please note that it is not possible to deselect the technically necessary cookies using the cookie banner; you can deselect the individual web statistics cookies at any time using the cookie banner. Cookies that have already been saved can also be deleted at any time.

Cookies are small text files that are sent to the website user’s hard drive and cached there when the user visits a website. When our website server is called the next time by the website’s user, the user’s browser sends the previously received cookie back to the server. The server can then analyze the information obtained by this procedure in different ways. Cookies can be used to manage ad placements or facilitate navigation within a website, for example. If you as the website user wish to prevent the use of cookies, you can do that by locally changing your settings in the Internet browser used by your computer, that being the program utilized to open and display web pages (e.g. Internet Explorer, Mozilla Firefox, Opera or Safari).

Status: 10.09.2024

Please note that disabling technically necessary cookies via the cookie banner is not possible. You can disable individual web analytics cookies via the cookie banner at any time. Previously stored cookies can also be deleted at any time.

Cookies are small text files that are sent when visiting a website and are temporarily stored on the user’s hard drive. When the corresponding server of our website is accessed again, the user’s browser sends the previously received cookie back to the server. The server can then evaluate the information obtained through this process in various ways. For example, cookies can control how advertisements are displayed or they can simplify navigation on a website. If you, as a website user, wish to prevent the use of cookies, you can do so by changing the settings in the internet browser (e.g., Internet Explorer, Mozilla Firefox, Opera, or Safari) on your computer.

SSL encryption


To protect the security of your data during transmission, we use encryption methods that are in line with current technology standards (e.g., SSL) over HTTPS. You can recognize an encrypted connection by the https:// prefix and the lock symbol in your browser's address bar.

Changes or additions

We reserve the right to make changes or additions to the informational content at any time and without prior notice. If parts or individual phrases of this text do not, no longer, or do not fully comply with the applicable legal situation, the remaining parts of the document will remain unaffected in terms of their content and validity.

Status: 10.09.2024