ZTP.digital ZT-GmbH, branch office in Millennium Tower, Handelskai 94-96, A-1200 Vienna (“ZTP” or “we“) respects your privacy.
1. Who is responsible for data processing and whom can I contact?
Branch office in Millennium Tower
Contact us at:
Telephone: +43 1 5324686 0
Fax: +43 1 5324686 20
2. What personal data do we use?
By personal data we mean any information relating to an identified or identifiable natural person. We collect the personal data from you ourselves, if…
2.1. You send us an inquiry via our contact form
When you use our contact form we may collect the following personal data:
- Name (first name / last name),
- Company / authority
- City / town
- Telephone and
- other information that you voluntarily disclose to us (in the fields “Came to our attention through”, “Subject” and “Message”).
The provision of your personal data is voluntary. If however you do not provide certain information (e.g. your e-mail address), we may not be able to process your request.
2.2. You apply to us by e-mail for a vacant position
The provision of your personal data is voluntary.
3. Features and links to other websites
For your convenience or information, our website may contain features for which we work with other companies and also links to other websites. These features, which may include social networking and geographic tools as well as links to other websites, may be operated independently of ZTP. They may have their own privacy notices or policies; we strongly recommend that you review these upon visiting them. If these features and linked websites that you visit are not owned or controlled by ZTP we are not responsible for the content of the sites, their use or their privacy practices.
4. For what purpose and on what legal basis do we process your personal data?
4.1. based on a legitimate interest of ZTP (Art. 6 para. 1 lit. f GDPR)
Our overriding legitimate interest is that the personal data referred to in Point 2.1 is processed in order to deal with and respond to your request, complaint or even praise.
4.2. with your consent (Art. 6 para. 1 lit. a GDPR)
We process the personal data mentioned under Point 2.2 with your consent (Art. 6 para. 1 lit. a GDPR).
You can revoke this consent for the future at any time by sending an e-mail to firstname.lastname@example.org. The revocation of consent does not affect the lawfulness of the data processing performed on the basis of consent until the revocation.
5. Who receives my data?
Your data will fundamentally not be forwarded by us.
6. How long will my personal data be stored?
We process and store your personal data according to the following principles:
- Based on consent: If you provided your consent as part of the application process, we may store your personal data submitted under Point 2.2 for six months. The personal data will be deleted as soon as you revoke your consent for the future unless there are legal obligations for retention (these may arise, for example, from company law, tax law, federal fiscal code, etc.), or the personal data are necessary for the preservation of evidence within the framework of the legal statute of limitations.
- Based on legitimate interests: We store your personal data specified under Point 2.1 only as long as they are necessary for the purposes specified under Point 4.1. If our legitimate interest has ceased to exist, the personal data is regularly deleted, unless its – temporary – further processing is required for the fulfilment of legal obligations to retain data (these may result, for example, from company law, fiscal law etc.) or for the preservation of evidence within the framework of the legal statute of limitations. We may store anonymised data indefinitely.
7. What data protection rights do I have?
Under current law, you are entitled to, among other things:
- review what personal data we hold about you and obtain copies of that data,
- request the rectification, completion or deletion of your personal data which is incorrect or processed in a way that does not comply with the law,
- require us to restrict the processing of your personal data,
- object to the processing of your personal data in certain circumstances or revoke the consent previously given for processing,
- demand data portability,
- know the identity of any third party to whom your personal data may be disclosed, and
- lodge a complaint with the competent authority. The competent data protection authority for Austria is the Datenschutzbehörde [Data Protection Authority], Wickenburggasse 8, 1080 Vienna.
8. Definition of information security?
ZTP definiert den Begriff Informationssicherheit als:
The management, all employees and other third parties must be aware of their responsibilities regarding information security compliance, report security incidents and act in accordance with applicable ISMS requirements.
Violations of the information security policies have consequences for ZTP employees.
All employees receive awareness training regarding information security. Employees who perform specialist tasks are prepared for such tasks in special information security training activities.
Our data and IT systems in all areas are secured with regard to availability in such a way that downtimes as defined and agreed from business operations are achievable.
Adequate business continuity plans or contingency plans must be in place.
It must be ensured that information can only be viewed, processed or used by persons authorised for such activity in order to prevent intentional or unintentional unauthorised access to information or systems of ZTP. ZTP complies with the requirements of the Austrian Data Protection Act and GDPR, the intellectual property law and other laws regarding privacy and the protection of information.
The accuracy and completeness of information and processing methods must be ensured and protected. To achieve this, the intentional or accidental destruction and unauthorised modification of physical or electronic data must be prevented.
of the physical assets of the company
ZTP employees and their knowledge represent the most significant information value. Physical assets at ZTP include computer hardware, server rooms, networks, cabling, telephone systems and archive systems.
Anonymisation takes place within the European Union or within the European Economic Area. Only in exceptional cases shall the full IP address be sent to a Google server in the USA to be truncated there. We use the data collected by Google Analytics cookies to track the user behavior of visitors to our website.
The IP address sent by your browser in connection with Google Analytics will not be merged with other data by Google.
You can prevent Google Analytics cookies from being stored by deactivating the cookies when you initially visit our website (Opt-IN). Please note that in this case you may not be able to use the full functionality of the website.
Google reCAPTCHA/web form
We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) as a security measure for our web form on our website. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
ReCAPTCHA is used to verify whether data entered on our web form is entered by humans or by an automated program. For this purpose, reCAPTCHA analyses the behaviour of visitors to the website using various characteristics and methods. This analysis normally begins automatically when the website is called up, whereby, for example, the IP address, the time the user spends on the website or the mouse movements made by the user are evaluated. The data thus collected will be forwarded to Google. The analyses run entirely in the background, and there is no separate reference to an analysis of user behaviour.
reCaptcha is only activated by us after confirmation of our cookie bar – only then can the web form be successfully sent.
The data processing is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its web offers from abusive automated spying and SPAM.
For the uniform display of text content we use Google Fonts on our website, a service of Google Inc. (“Google”). This integration is usually performed by an external server call at Google in the USA, whereby it can be assumed that even more far-ranging information – for example IP addresses – are collected, stored and analysed in the process. For data protection reasons, we therefore refrain from such direct integration and provide these fonts locally via the web server used by us. If your browser does not support web fonts, a standard font of your computer will be used.
In addition to the user area (frontend), which is freely accessible to every visitor, our website also has its own admin area (backend). This is not part of the official menu structure and is reserved exclusively for our administrators for managing the content and functionality of the website. We of course have an increased and legitimate interest in protecting this area from unauthorised access. We use special security measures for this purpose, including the temporary or, if necessary, permanent storage of IP addresses and blocking of these from access if multiple incorrect and/or unauthorised login attempts (e.g. using incorrect access data) have been made from them.