We appreciate your interest in Miba. As a family-owned company, Miba has been a responsible corporate citizen for 90 years now – as an employer, business partner and industry leader in Austria. Compliance with the applicable laws and other external and internal regulations is an integral part and the foundation of our business activities and decisions.
Miba AG (“Miba”), Dr.-Mitterbauer-Str. 3, 4663 Laakirchen, Austria, is the controller within the meaning of the GDPR. This means that Miba decides on the purposes and means of processing personal data.
Categories of Personal Data, Purposes and Legal Basis:
Miba processes the following categories of data or elements thereof. Please note that not all items on the list must apply to you. The specific data that is processed mainly depends on how you use our websites.
• User access data when you use our websites
In the course of your use of our websites, we process the following data:
– IP address and IP location
– Referrer URL (the Internet site visited before and after – traffic channel)
– Number, duration and time of access (your interaction with the website) and language
– The search engines and key words you used to find us
– Browser type, type of device, screen resolution, Internet Service Provider and operating system
We automatically collect these so-called log files (user access data) with the aid of cookies (see below for details).
The user access data collected during the use of our websites is only used for statistical analyses and – in pseudonymized form – for the purpose of operating, safeguarding and optimizing the websites (protecting Miba’s legitimate interests in processing your data in accordance with Art. 6 (1) lit. f GDPR).
• Responding to contact requests
When you contact us on the websites by filling out a form, we store and process the data you have provided (name, address, telephone number, e-mail address, your request and the relevant documents) for the purpose of processing the request and possible follow-up questions. Therefore, the data is processed for the purpose of taking steps prior to concluding a contract and, if applicable, performing a contract (Art. 6 (1) lit. b GDPR) and for protecting Miba’s legitimate interests in processing your data (Art. 6 (1) lit. f GDPR).
• Contact initiated by Miba for advertising purposes
Based on your separate consent, we may contact you for advertising purposes – including by e-mail (e.g., via newsletter) or telephone – to inform you about the Miba group and its products and services, to contact to you on special occasions (e.g., on anniversaries or holidays, such as Christmas) and to invite you to events, which we believe you would find interesting. In this case, the processing of your data is based on your consent (Art. 6 (1) lit. a GDPR).
You are not obliged to provide personal data to us. However, failure to provide such information may prevent us from fulfilling the listed purposes, depending on the category of data.
Our websites use so-called cookies. They are small text files placed on your terminal with the aid of your browser. They do no harm.
If you object to this, you can set your browser to inform you when cookies are being placed so you can permit this on a case-by-case basis. You can delete cookies already placed on your computer at any time. The procedure for doing so is different depending on the browser. Please look in your browser operating instructions (on the browser menu under “Help”). The deactivation of cookies can limit the functionality of our websites.
Google Tag Manager:
These websites use Google Tag Manager, which permits the installation of code snippets, such as tracking codes or conversion pixels on websites and mobile apps without interfering with the source code. The following tags are set:
• Click on application button
• Contact GGP by e-mail
• Use the search box
• eRecruiter tracking
• Page views
Based on your voluntary consent, which you have the right to revoke at any time, we use communication tools from the social media network Facebook Inc., 1601 Willow Road, Menlo Park, CA 94025, USA. In particular, we use Custom Audiences and Website Custom Audiences. In principle, your usage data generates a non-reversable and non-personal checksum (hash value), which can be transmitted to Facebook for analysis and marketing purposes. The Facebook cookie is activated for the Website Custom Audiences product. Communication tools help us measure the effectiveness of our advertising and to understand the actions people perform on our website. In particular, data is used to ensure that the advertisements are shown to the right people. Please find additional information on the purpose and scope of data collection and the further shared processing and use of data by Facebook as well as options for your settings to protect your privacy at Facebook’s Privacy Policies located https://www.facebook.com/ads/website_custom_audiences/ and https://www.facebook.com/privacy/explanation .
Simpli.fi web beacons:
These websites use a simpli.fi retargeting pixel. Ads are placed on landing pages, where users can click on them and arrive at our websites. User activities on the landing page and subsequent user behavior on the website are tracked: Impressions; clicks; actions; CTR; CPM; CPC; CPA; geo-fence reporting; keyword reporting; demographics; device reporting; domain reporting.
These websites use Google Analytics, a web analysis service provided by Google LLC (“Google”). Google Analytics uses so-called cookies, text files that are stored on your computer to permit analysis of your use of the websites.
The information generated by the cookie regarding your use of these websites (including your IP address) is generally transferred to a Google server in the US and stored there. An adequate level of protection is guaranteed because Google is certified under the EU-U.S. Privacy Shield Framework.
We use the “IP Anonymization in Analytics” function on this website, so that Google truncates your IP address within Member States of the European Union or other states party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the US and truncated there.
Google uses this information to analyze your use of the websites to compile reports on website activities for the operator and provide additional services related to website use and Internet use. Google may also transfer this information to third parties, if this is required by law or third parties process this data on behalf of Google.
You can prevent the installation of cookies by making an appropriate setting to your browser software. You can also prevent the transmission of data related to your use of the websites, which is generated by the cookie, to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: tools.google.com/dlpage/gaoptout
However, we must inform you that, in this case, you may not be able to fully use all the functions of these websites. By using these websites, you agree to the processing of the data about you collected by Google in the aforementioned manner and for the aforementioned purpose.
Our websites use social plug-ins (“plug-ins”) from various social networks:
• Use of Facebook plug-ins (“Like” button)
Plug-ins of the Facebook social network, 1601 South California Avenue, Palo Alto, CA 94304, USA, are integrated into our websites. You can recognize the Facebook plug-ins by the Facebook logo (white “f” on a blue tile) or by the term “Like” or the “Thumbs-up” icon on our website. An overview of Facebook plug-ins can be found at developers.facebook.com/docs/plugins.
If you do not want Facebook to associate the visit to our websites with your Facebook user account, please log out of your Facebook user account before accessing our websites.
• Use of Twitter
Our websites use plug-ins of the Twitter microblogging service, which is operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA (“Twitter”). The plug-ins are identified by a Twitter logo, e.g., in the form of a blue “Twitter bird.” An overview of the Twitter plug-ins and what they look like can be found at dev.twitter.com/web/tweet-button.
When you access one of our websites, which contains such a plug-in, your browser creates a direct connection to Twitter’s servers. The content of the plug-in is transferred directly to your browser by Twitter and integrated into the page. This integration informs Twitter that your browser has accessed the relevant page of our website, even if you have no Twitter profile and are not logged in to Twitter. Your browser transmits this information (including your IP address) directly to a Twitter server in the US and stores it there. If you are logged in to Twitter, Twitter can directly associate your visit to our website with your Twitter account. If you interact with the plug-ins, e.g., if you click on the “Twitter” button, the relevant information will also be directly transmitted to a Twitter server and stored there. The information will also be published in your Twitter account and shown to your contacts there.
If you do not want Twitter to directly associate the data collected via our website with your Twitter account, you must log out of Twitter before visiting our website. You can also completely prevent the loading of Twitter plug-ins with add-ons to your browser, such as the script blocker “NoScript” (http://noscript.net/).
• Use of WeChat
We use login plug-ins of the social network Tencent International Service Europe B.V., 26th floor of Amstelplein 54, 1096 BC Amsterdam, Netherlands (“WeChat”) on our websites. You can recognize the WeChat plug-in by two speech bubbles on a tile. When you interact with a plug-in (Login or Share Function), a direct connection is established to the WeChat servers. WeChat transmits the content of the plug-ins directly to your browser and integrates it into the website. Through the integration of the plug-ins, WeChat is informed that you have accessed the relevant page of our Internet website. If you are logged into WeChat, WeChat can associate the visit with your WeChat account. At no time do we have any knowledge of what personal data is processed by WeChat. Details on data collection [by WeChat] can be found at www.wechat.com/en/privacy_policy.html.
• Use of LinkedIn
We use plug-ins of the LinkedIn Ireland Unlimited Company (“LinkedIn”) social network on our websites. They are identified by the letters “IN” on a tile. When you access a website of ours, which contains such a plug-in, your browser creates a connection to LinkedIn.
In this way, LinkedIn learns which website you have just visited and processes your IP address. If you interact with the LinkedIn button and are logged into your LinkedIn account, you can share the contents of our pages over your LinkedIn connection. In this way, LinkedIn can associate the visit to our website and the action with your user account.
At no time do we have any knowledge of what personal data is processed by LinkedIn. Details on data collection by LinkedIn can be found at www.linkedin.com/legal/privacy-policy.
• Use of Google+
Plug-ins of the Google+ social network, operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”), are on our websites. The plug-ins can be identified, e.g., by the “+1” icon on a white or colored background. An overview of Google+ plug-ins and what they look like can be found at developers.google.com/+/web/.
When you access one of our websites, which contains such a plug-in, your browser creates a direct connection to the Google servers. Google transmits the content of the plug-in directly to your browser and integrates it into the website. Through this integration, Google is informed that your browser has accessed the relevant page of our website, even if you have no profile with Google+ or are not logged in to Google+. Your browser transmits this information (including your IP address) directly to a Google server in the US and stores it there.
If you are logged in to Google+, Google can directly associate the visit to our websites with your Google+ profile. If you interact with the plug-ins, e.g., by clicking on the “+1” button, the relevant information is also transmitted directly to a Google server and stored there. The information will also be published on Google+ and shown to your contacts there.
• YouTube videos
We also integrated YouTube videos into our websites, which are stored at www.youtube.com and can be played directly on our websites. They are integrated in such a way that no personal data regarding you as a user is transmitted to YouTube if you do not play the videos.
When you play the videos, YouTube cookies are stored on your computer and data is transmitted to Google, Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, which operates YouTube. When you play videos stored on YouTube, the following personal data is transmitted to Google, Inc.: IP address and cookie ID, the specific address of the page you accessed on our websites, the language setting on the browser, the system date and time of the access and the browser ID. The data will be transmitted regardless of whether you are registered with Google and logged in to Google. If you are logged in, this data will be associated directly with your account.
If you do not want this information to be associated with your profile, you must log out before clicking on the button. YouTube and Google, Inc. store this data as a user profile and use it for advertising purposes, market research and/or demand-based website design. In particular, this type of analysis is made (including for users who are not logged in) to provide demand-based advertising and inform other users of your activities on our websites. You have the right to object to the formation of this user profile. To exercise this right, you must contact Google Inc., which operates YouTube. You can obtain additional information regarding the purpose and scope of the collection and processing of data by Google, Inc. at www.google.at/intl/en/policies/privacy/. We do not process the personal data collected when YouTube videos are accessed.
We install plug-ins of the pinterest.com social network, a service of Pinterest, Inc., 808 Brannan Street, San Francisco, CA 94103, USA, on our websites. The plug-ins are identified by a Pinterest logo, such as a “P” in the form of an @ sign or alternatively with the additional word “Save” in white lettering on a red emblem or rectangle. You can find an overview of the Pinterest plug-ins at developers.pinterest.com/docs/widgets/save/.
When the plug-in is integrated into our page, the following personal data is transmitted to Pinterest: IP address and session ID, operating system used, statistical information and your browser ID. The data is transmitted regardless of whether you have a user account with Pinterest and are logged in to that account.
If you are logged in, this data will be associated directly with your account. If you do not want the information to be associated with your account, you must log out before clicking the button. Cookies for the collection and the control of use-based online advertising can be deactivated at www.youronlinechoices.com.
Additional information regarding the purpose and scope of the collection and processing of personal data by Pinterest can be found at policy.pinterest.com/en/privacy-policy. We do not process your personal data.
The processed personal data comes from you yourself and from the devices you use to access our websites.
We will not disclose the user access data collected during the use of our websites to third parties, unless it is necessary to meet our obligations, required by law or regulation or necessary to assert, maintain or defend legal claims. Possible recipients may be competent authorities, offices, institutions and courts.
If necessary to process your contact, your data will be disclosed to affiliated companies of Miba AG. An overview of Miba sites with contact data can be found on our website at www.miba.com/en/company/global-sites/.
We will only disclose the data we use with your consent to contact you for advertising purposes to third parties if you have consented to this.
Personal data will also be disclosed to processors (e.g., IT services providers) to the extent necessary for processing purposes. The processors can be third parties or other companies in the Miba group.
The personal data will only be stored for as long as necessary to fulfill the aforementioned purposes, for as long as required by any statutory retention obligation and for as long as legal claims can be asserted by or against Miba (within the applicable statutory limitation periods).
In general, you have a right of access as well as a right to rectification, erasure, restriction, data portability and objection. However, please note that Miba is not always required to fulfill a request for erasure, restriction or data portability or to comply with an objection. This must be determined case-by-case based on Miba’s statutory obligations and any applicable exceptions. If we (also) process your data to contact you for advertising purposes, you have the right to object to such processing for direct marketing purposes at any time. If processing is based on your consent, you have the right to revoke your consent at any time. Your revocation of consent will not affect the lawfulness of any processing that has occurred based on your consent prior to its revocation.
If you believe that the processing of your personal data violates data protection law or that your data protection law rights have been otherwise violated, please contact your Miba contact person or the Miba Data Protection Compliance Team (firstname.lastname@example.org), so that we can find a remedy. You also have the right to file a complaint with a data protection supervisory authority. The data protection supervisory authority with jurisdiction over us is the Austrian data protection authority.
Miba, September 2019