1. General
In accordance with our legal obligation as responsible person for data processing, we would like to inform you about the processing of personal data that we receive when you use this website. This website is SSL encrypted. Your data is, therefore, encrypted and secured. This also sets forth what kind of personal data is collected/secured when using our SecuReveal whistleblower system (the Whistleblower System).
We have made every reasonable effort to ensure that the information provided on this website is accurate and complete as of the date of its publication. Nevertheless, unintentional and accidental errors may have occurred. We would like to apologise for this.
Information about the responsible person: Christof Holding GmbH; Glacisstrasse 37, 8010 Graz; office@christof-group.com; Company Register Number: FN233467i; Commercial register court: Regional Court for Civil Matters Graz.
We process personal data in accordance with and pursuant to the EU General Data Protection Regulation (the GDPR) as well as the applicable national data protection laws. Unless otherwise defined in this policy, the terms used herein have the same meanings as given to them in the GDPR. Additionally, Article 6 (1) (c) GDPR serves as legal basis for processing of data under the Whistleblower System is – fulfillment of a legal obligation, namely the provision of an internal whistleblower system in accordance with Section 8 in conjunction with Section 11 of the Whistleblower Protection Act (HSchG).
2. How we process the personal data you provide us with
2.1. Which data about you we process
In the course of your visit to this website, we will collect the following information: the date and time you access a page on our website, your IP address, the name and version of your web browser, the web page (URL) you visited before accessing this website, certain cookies (see point 2.2 below), the operating system and its interface, and any information you provide yourself (e.g. by filling out our contact form).
2.1.1. Contact us
If you contact us via the contact form on this website or via email, telephone, or fax, we will process your personal data (email, name, telephone number, fax number, company, and your inquiry) or related documents for the purpose of processing your inquiry in order to respond to you accordingly.
2.1.2. Contact form for applicants
On our website you have the opportunity to find out about vacancies and apprenticeships and to apply on-line using our contact form. For the application via contact form, we require some personal data such as your name, email address, and street address. In addition to the data marked as mandatory fields, you can also voluntarily enter further information and upload documents.
Before you actually send the data via the contact form, you agree that as part of the application process we may transfer your data to us as well as to our affiliated companies, and that your data may be passed on to the employees involved in the selection process.
2.2. Cookies
This website uses “cookies” A cookie is a small file that can be stored on your computer when you visit a website. Cookies are generally used to provide users with additional functions on a website. For example, they may be used to assist you in navigating a website, to enable you to continue using a website where you left it, and/or to store your preferences and settings when you return to the website. Cookies cannot access, read, or modify other data on your computer.
Most cookies on this website are “session cookies”. They are automatically deleted when you leave our website. Persistent cookies, on the other hand, remain on your computer until you manually delete them from your browser. We use such persistent cookies to recognise you the next time you visit our website.
If you want to control cookies on your computer, you can set your browser settings to notify you when a web site wants to store cookies. You can also block or delete cookies once they are already stored on your computer. If you would like to know more about how to set these steps, please use the “Help” function in your browser.
Please note that blocking or deleting cookies may affect your on-line experience and prevent full usage of this site.
2.3. Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses cookies, which are text files that are stored on your computer and which enable the analysis of your use of the website. The information about your use of this website generated by the cookies is usually transferred to a Google server in the US and stored there. However, if IP anonymization is enabled on this website, your IP address will first be truncated by Google within the member states of the European Union or other states party to the agreement on the European Economic Area. Only in exceptional circumstances will the full IP address be transmitted to a Google server in the US and truncated there. On behalf of the operator of this site, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide other services related to the use of the website. The IP address transferred as part of Google Analytics cannot be merged with other data from Google. You can object to the the use of cookies by selecting the appropriate settings on your browser software. However, you may not be able to utilise all the functions of this website when doing so. You can also prevent your data (including your IP address) from being processed by Google by downloading and installing the following plug-in available at the following link (http://tools.google.com/dlpage/gaoptout?hl=de).
You can prevent Google Analytics from collecting data by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected in the future when you visit this website: Deactivate Google Analytics
Further information on terms of use and data protection can be found at http://www.google.com/analytics/terms/de.html or https://www.google.de/intl/de/policies/.
2.4. Social media
2.4.1. General
We currently use the following social media plug-ins: LinkedIn. Thereby we use the so-called “two-click solution”. This means that if you visit our site, initially no personal data will be passed on to the providers of these plug-ins. You can recognise the provider of the plug-in by the marking of the box above its initial letter or logo. We offer you the option to directly communicate with the provider of the plug-in via the button. Only if you click on the marked field and thereby activate it will the plug-in provider receive the information that you have called up the corresponding website of our on-line service. In addition, the data referred to in point 2.4.2 of this declaration will be transmitted. By activating the plug-in, your personal data will be transferred to the respective plug-in provider and stored there (in the case of US providers in the US). Because the plug-in provider collects data via cookies in particular, we recommend that you delete all cookies via your browser’s security settings before clicking on the greyed-out box.
We have no leverage upon the data collected and the data processing operations. We are also not aware of the full scope of data collection, the purposes of processing, and the storage periods. We also have no information about the deletion of the data collected by the plug-in provider.
2.4.2. Data collection and dissemination
The plug-in provider stores the data collected about you as user profiles and uses these for the purposes of advertising, market research, and/or the needs-based design of its website. Such evaluation is also made for users who are not logged in, to display customised advertising and to inform other users of the social network about your activities on our website. You have a right to object to the creation of these user profiles. You must contact the respective plug-in provider to exercise this right. Through the plug-ins, we offer you the possibility to interact with social networks and other users so that we can improve our offer and make it more interesting for you as a user.
The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, your data collected with us will be directly assigned to your existing account with the plug-in provider. When activating the activated button and link the page, for example, the plug-in provider also stores this information in your user account and communicates this to your contacts in public. We recommend that you log out regularly after using a social network, especially before activating the button, as this way you can avoid being assigned to your profile with the plug-in provider.
For more information on the purpose and extent of the data collection and its processing by the plug-in provider, please refer to the privacy statements of these providers provided below. There you will also find further information on your rights in this regard and setting options to protect your privacy.
2.4.3. Addresses of the respective plug-in providers and URL with their data protection information
https://de.linkedin.com/legal/privacy-policy
https://de.linkedin.com/legal/l/dpa
LinkedIn Ireland Unlimited Company
Wilton Place,
Dublin 2, Ireland
https://www.linkedin.com/legal/impressum
(i) Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de. Google hat sich dem EU-US-Privacy-Shield unterworfen, https://www.privacyshield.gov/EU-US-Framework
(i)
(ii) Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
2.4.4 Notices via the Whistle Blower System
When using/visiting the whistleblower system via our website, your browser automatically transmits your IP address and other information about the system you are using (such as the browser used and the browser version). The processing of this data is necessary in order to make our website available to you correctly on your respective device. The firewall of our processor checks this connection data using automatically created log files in order to be in the position to detect and prevent hostile/harmfull attacks on our system. Legal basis: Art 6 Para 1 lit f GDPR – legitimate interest in maintaining the functionality, stability and security of our website.
The Whistleblower System is designed to guarantee whistleblowers the highest possible level and standard of data protection. The whistleblower system can be used anonymously without providing personal data, so that the anonymity of the whistleblower can be fully preserved when submitting a report.
The Whistleblower System provides for special encryption methods ensuring that only the respective whistleblower and our responsible compliance officers have access to the report(s) provided. Within our company, the data contained in the report will, hence, only be passed on to the relevant compliance officer, passing on to third parties (with the exception of any passing on to the competent authorities or courts and auditors for further tracking of the facts on which the report is based) does not take place. In particular, there is no possibility of access to data contained in the report by our processors.
Depending on the data you make available to us, we process the following personal data:
(i) Identification data of the whistleblower and the accused (e.g. name, personnel number)
(ii) (private) contact information of the whistleblower (e.g. address, e-mail address, telephone number)
(iii) Position within the company
(iv) Details of the facts and issue(s)
(v) Communication with the compliance officer
(vi) Details of follow-up actions (e.g. investigations)
(vii) Technical secondary data (IP address of access to the Whistleblower System)
It is also possible to submit reports via our Whistleblower System without providing any information/data on your identity. In such case you remain anonymous.
3. Purposes of data processing
3.1. General
We will process your personal data for the following purposes:
(i) to make this website available to you and to further enhance and develop this website
(ii) to create usage statistics
(iii) to detect, prevent, and investigate attacks on our website
(iv) to respond to your requests
(v) in line with the Whistleblower System
(vi) to process your applicant data if you have applied for an open position at Christof Holding GmbH or another Group company or sent an unsolicited application
3.2. Application process
The personal data entered by you during the application process as well as your uploaded documents will be collected, processed, and used by us exclusively for the purposes of application processing and in the course of recruitment process. Your data will be stored and processed by us according to the valid data protection regulations and will not be passed on to third parties. However, data may be transferred to individual group companies in accordance with your declaration of consent. Your data will only be used for the internal job comparison. If no vacant position can be offered to you at present and if we come to the conclusion that, based on your profile, your application could also be interesting for other areas, your application data will be stored in our applicant pool for up to one year so that we will be able to offer you further interesting positions. In this case, you will be contacted by us and asked for your consent to be included in our applicant pool.
4. Legal basis for the processing of your personal data
We only process your personal data if there is a valid interest (Article 6 (1) (f) GDPR) in the operation of this website (in particular for answering enquiries as well as for the operation and administration of this website and for guaranteeing the network and data security), if we are obliged for legal reasons to carry out pre-contractual measures, or if you have agreed to the processing (e.g. for the purpose of the application).
The legal basis for the use of the plug-ins is provided for by Article 6 (1) (f) GDPR.
5. Transmission of your personal data
For the purposes mentioned above, we will transfer your personal data to the following recipients:
(i) IT service providers or contract processors used by us
(ii) if inquiries or applications are addressed to certain companies within the Group, to these respective companies
(iii) for the technical hosting of the Whistleblower System: RBS Responsible Business Solutions GmbH with its seat in Vienna (no content-related data of the report is transmitted, only technical secondary data) as well as the technical sub-processors A1 Telekom Austria AG and Wolf Rechtsanwälte GmbH & Co KG; and
(iv) in case and to the extent disclosure is required (i) by law or regulation; or (ii) to establish, exercise or defend legal claims, we may also disclose personal data to competent authorities, such as supervisory, regulatory or criminal authorities, courts or to third parties who advise us in this context (e.g. lawyers, forensic experts or auditors).
6. Duration of storage
6.1. Website
We only store your personal data for as long as we need it to fulfil the aforementioned purposes and obligations as well as our contractual or legal obligations. When we no longer need your personal information, we will delete it from our systems and records or make it anonymous so that you can no longer be identified. We store your data (except applicant data) for a period of three months. A longer storage may take place in order to examine attacks detected on our website (but only as far as this is necessary).
6.2. Applicant
If your application is successful, the data you entered can be used for the employment relationship. In the event of an unsuccessful application, we will keep your personal data and documents in our applicant database for six months in order to be able to process questions relating to your application. After these six months we will delete your data from our applicant database unless you have agreed that we can keep your applicant data on file for a longer period of time.
6.3. Whistelblower System
Technical secondary data (IP address of access to the whistleblower system) is processed exclusively in the processor’s firewall and deleted after 24 hours.
7. Your rights in connection with personal data
7.1. General
You can request information on the processing of your data (Article 15 GDPR). You can request the correction of incorrect data (Article 16 GDPR). You can request the deletion of your data provided that the requirements of Article 17 GDPR are met. If the requirements of Article 18 GDPR are met, you may request that your data be restricted for processing. You may request the transmission of your data in a common format if you have provided us with this data and if the processing is based on consent or a contract and the processing is carried out using automated procedures (Article 20 GDPR). Under the conditions of Article 21 GDPR, you may object to the processing of your data.
Finally, you can lodge a complaint with the data protection authority (Wickenburggasse 8, 1080 Vienna), https://www.dsb.gv.at/).
If you have any questions about your personal data, you can contact us at -datenschutz@christof-group.com.
7.2. Revocation of consent with regard to applicant data
You are entitled to revoke your consent to the use of your personal data at any time with effect for the future and to withdraw your application. To do this, you can send us an email to datenschutz@christof-group.com.
8. Miscellaneous
This information represents the information valid from 5th September 2023 and until further notice within the meaning of Article 13 GDPR. From time to time, we will make adjustments if necessary.