Privacy Policy

Data Protection Statement 

We at Burg Design GmbH - hereinafter referred to as "BURG" - attach immense importance to data protection, that is to say the protection of YOUR personal data. 

We treat your personal data in confidence and in compliance with the statutory data protection regulations and this Data Protection Statement. 

 

1. Scope 

This Data Protection Statement applies equally for all Internet offerings (“Website(s)”) for which BURG is considered the controller (see Section 2). 

2. Controller 

As defined in the EU General Data Protection Regulation (GDPR) as well as other national data protection laws of the member states, and other data protection provisions, the controller is: 

Burg Design GmbH 

Im Stadtgut Zone C1
A-4407 Steyr 
Austria 
Telephone: +43 / 7252 / 37142 - 0 
office(at)burg-design.com 

3. Principles of processing personal data 

3.1 Scope of personal data processing 

As a general rule we do not process our users’ personal data unless it is necessary to enable us to present a functioning website and our content and services. As a matter of course, our users’ personal data is not processed without the user’s consent. One exception would be cases in which it is not possible to obtain the consent beforehand for practical reasons, and/or if processing of the data is permitted by legal provisions. 

In particular, your data is processed for the following purposes: 

• The online services offered on our Websites (e.g., newsletter, contact form, etc.) are specifically designed to help us reach our business objectives. To this end, we need to continuously optimise the services we provide online (customer satisfaction, security, user friendliness, etc.). 

• The main reason we process data is if it is needed to substantiate the legal relationship, or to design or amend the content thereof. 

• To send you information, including advertising materials (e.g., the newsletter). 

• To lend our Websites still greater appeal; to identify points of particular interest and also publicise usage-based online advertising. 

• To analyse and evaluate visitor access events and also to detect any technical problems and respond to them in good time. 

3.2. Legal basis for processing personal data 

If we obtain consent from the data subject to carry out processing operations on personal data, our activities are governed by Art. 6 Para. 1 letter a GDPR as the legal basis therefor. 

If it is necessary to process personal data in order to fulfil a contract to which the data subject is a contracting party, our activities are governed by Art. 6 Para. 1 letter b GDPR as the legal basis. This also applies for processing activities essential for pre-contractual arrangements, in response to enquiries about our products or services, for example. 

If we need to process personal data to comply with a legal obligation to which our company is subject, (e.g., tax obligations), the legal basis for this is Art. 6 Para. 1 letter c GDPR. 

If it is essential to process personal data to protect the vital interests of the data subject or another natural person, the legal basis therefor is Art. 6 Para. 1 letter d GDPR. 

If such processing is essential in order to safeguard the legitimate interests of our company or of a third party and these interests are not outweighed by the interests, basic rights and basic freedoms of the data subject, Art. 6 Para. 1 letter f GDPR serves as the legal basis therefor. This applies e.g. to collections and analyses for statistical purposes, which we carry out to optimise our web offerings. 

3.3. Retention period and erasure of personal data 

We only process and store your personal data for the period necessary to fulfil the purpose for which it is stored. When its purpose has been fulfilled or ceases to exist, your personal data is erased or blocked. It can be stored for longer than this if such provisions appear in the European or national legislatures in legally binding ordinances, laws or other regulations of the European Union to which the controller is subject. The data is also blocked or erased when a retention period stipulated in the aforementioned norms expires, unless there is a pressing need for continued retention of the data to enable the conclusion or fulfilment of a contract. 

4. Application Form

• What personal data is collected and to what extent is it processed?

The data you enter into the fields of the application form and any uploaded files are fully processed to fulfill the purpose mentioned below.

• Legal basis for the processing of personal data

Right of access: You have the right to obtain information about your stored personal data (Art. 15 GDPR).
Right to rectification: You have the right to request the correction of inaccurate or incomplete data (Art. 16 GDPR).
Right to erasure: You have the right to request the deletion of your data if it is no longer necessary for the intended purpose (Art. 17 GDPR).
Right to restriction of processing: In certain circumstances, you can request the restriction of the processing of your data (Art. 18 GDPR).
Right to object: You have the right to object to the processing of your data for reasons arising from your particular situation (Art. 21 GDPR).

• Purpose of data processing

The purpose of data processing is to review and handle the application documents you have submitted via the form.

• Duration of storage

Your data will be deleted once the application has been processed and there is no longer any legitimate interest in retaining the application data. Therefore, if no employment relationship is established, your application documents will be deleted after a maximum of six months.

• Right to object and delete

Details about your rights and how to exercise them can be found in the lower section of this privacy policy.

• Necessity of providing personal data

The information requested in the application form is neither contractually nor legally required but is necessary for submitting and processing the application. If you do not fill out the mandatory fields, or do so incompletely, your application cannot be submitted or processed.
 

4.1 Processing Your Application

On our websites, you will find appropriate forms through which you can provide the necessary data for your application (e.g., name, address, email address, etc.).

If your application leads to the signing of an employment contract, the data you submitted may be stored in your (digital) personnel file for the purposes of standard organizational and administrative processes, in compliance with the relevant legal requirements.

The legal basis for processing data from the application forms is Art. 6 (1) lit. b GDPR. You have the right to object to any further processing of your data at any time.

If consent has been granted, your personal data from the application process (e.g., last name, first name, residential address, email address, phone numbers, cover letter, motivation letter, CV, certificates, references, details from the interview) may also be processed and used after the application process is complete, but for no longer than one year. This is to enable professional contact and potential consideration for job vacancies. Access to the data is granted to the HR department staff and decision-makers in the relevant departments. Consent can be revoked at any time and without explanation, with effect for the future. If consent is revoked, your data will no longer be considered for job openings. Your data will then be deleted in accordance with legal requirements.

5. Providing Websites and compiling logfiles 

Every time they are accessed, our Websites automatically capture a range of general data and information, which is stored temporarily in a server’s logfiles. 

In this context, the following data may be captured: 

• Access to the Website (date and time) 

• How you came to the Website (previous page, hyperlink etc.) 

• Which browser (and version) you use 

• The operating system you use 

• Which Internet service provider you use 

• Your IP address, which is assigned to your computer by your Internet service provider for when you connect to the Internet 

In rare cases, this (technical) data in the logfiles may be personal data. The temporary storage of the IP address by the system is necessary to enable the Website to be delivered to the user’s computer. To allow this, the user’s IP address has to remain stored for the duration of the session. As a rule, however, we only use this data if it is absolutely necessary for technical reasons to ensure operation and protect our Websites from attacks and misuse; in pseudonymised or anonymised form it is also used for purposes of advertising, market research and to help us design our services to meet current needs. This is why users’ IP addresses are stored as a technical precaution for a period not exceeding 7 days. They may be stored for longer. In this case, the users’ IP addresses are erased or masked so that it is no longer possible to make a connection to the accessing client. This data is not stored together with any of the user's personal data. 

The legalbasis for temporary storage of the data and logfiles is Art. 6 Para. 1 letter f GDPR. 

The capture of the data in order to deliver the Website and storage of the data in logfiles are both essential for enabling operation of the Website. Consequently, the user has no right of objection in this case. 

6. Answering your contact requests, enquiries, requests for spare parts 

On our Websites, you will find contact forms which you can use to communicate your wishes to us according to your area of interest. The data you supply in the input mask (e.g., your company, name, email address, etc.) is used by us to appropriately respond to your contact.

The legal basis for processing data where the user’s consent has been given is Art. 6 Para. 1 letter a GDPR. The legal basis for processing data associated with the contact form is Art. 6 Para. 1 letter f GDPR. If the email indicates an intent to enter into a contract, a further legal basis for processing is constituted by Art. 6 Para. 1 letter b GDPR. The data is erased as soon as it is no longer needed to fulfil the purpose for which it is collected. You can object to the further processing of your data at any time. 

7. Order processing (B2B webshop) 

As part of our B2B webshop, we process your customer data in all cases to help us manage the associated business processes. On the one hand, this involves the data that is needed directly for the ordering process, such as billing and delivery addresses, which may contain personal data. If such is necessary to enable the order to be carried out, this data may also be transmitted to the transport service provider we have tasked with delivery. On the other hand, the data each customer enters in the B2B webshop user administration system themself is also processed. This enables us to track which user has submitted which purchase order. The legalbasis for processing your personal data in the B2B webshop is Art. 6 Para. 1 letter b GDPR, since this data is used for purposes of fulfilling a contract within the meaning of Art. 6 Para. 1 letter b GDPR. You can object to the further processing of your data at any time, unless we are obliged to continue storing it to comply with statutory, incorporation-related or contractual retention requirements. For more information about the cookies we use in the B2B webshop, please refer to Section 11 “Cookies” in this Data Protection Statement. 

8. Newsletter mailing 

On our Website, you will find the option to subscribe to our free newsletter. When you register to receive the newsletter, the information you enter in the input mask - that is to say at least your email address - is transmitted to us. In order to be able to process information for the registration process, we obtain your consent and refer you to this Data Protection Statement. The consents to distribution are obtained on the basis of Art. 6 Para. 1 letter a, Art. 7 GDPR. For the registration to receive our newsletter, we use the “double opt-in” procedure. This means that after you have given us your consent to send you the newsletter as part of the registration process, we send you a confirmation email to your email address, in which we ask you to confirm your registration. If you do not provide this confirmation within 72 hours, your registration is deleted automatically. If you confirm your wish to receive the newsletter, we store your data until you unsubscribe from the newsletter. The only purpose for which this data is stored is to enable us to send you the newsletter. We also store your IP addresses and times when you send us your registration and confirmation to prevent your personal data from being misused (e.g., registration for the newsletter using a different email address). This other personal data which is collected in the course of the registration process is typically deleted after a period of seven days. 

You can withdraw your consent for us to send you the newsletter at any time. To notify us of your withdrawal, you simply need to click on the link which is provided in every newsletter email or send an email to newsletter(at)kurz.de. 

9. Delivery of online advertising 

In order to be able to present you with online advertising which is tailored individually to your usage behaviour on our Websites, we use the following services/technologies: 

Google AdWords Conversion 

Google Dynamic Remarketing 

Double Click by Google 

The provider of these services is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, 

These services rely on the use of cookies; for more information on this subject, please refer to Section 11. “Cookies” in this Data Protection Statement. 

10. YouTube 

The Websites use the YouTube video platform, which is operated by YouTube LLC, 901 Cherry Ave. San Bruno, CA 94066, USA. YouTube is a platform that enables the playback of audio and video files. 

When you access a page from our Internet presence, the player which is integrated in the page by YouTube creates a link to YouTube that ensures the technical transmission of the video and/or audio file. When the link to YouTube is created, data is transmitted to YouTube. The YouTube server receives information about the specific page of our Internet presence that you visited. If you also happened to be logged into your YouTube account, you would enable YouTube to associate your surfing behaviour directly with your personal profile. You can prevent this capability entirely by logging out of your YouTube account beforehand. 

For more information about the collection and use of your data by YouTube and your rights in this regard and setting options for protecting your privacy, please refer to the notes on data protection there under https://policies.google.com/privacy?hl=de. 

11. Cookies 

Our Websites use cookies under certain circumstances. Cookies are small text files which are stored in the Internet browser and/or on the user’s computer system and enable your use of the Website to be analysed. 

Cookies serve to make our Websites and online services more user-friendly, more effective and more secure. These and similar technologies are used for wide variety of purposes, including storing your settings, logging in and authentication, interest-related online advertising, analyses and statistics. 

The legal basis for processing personal data using cookies is Art. 6 Para. 1 letter f GDPR. When they access our Websites, users are informed about the use of cookies in an info banner and referred to this Data Protection Statement. 

Most of the cookies we use are of the type known as “session cookies”. They are deleted automatically at the end of your visit to our Website. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognise your browser again the next time you visit. 

You yourself decide on the use of cookies: 

You can make settings in your browser so that you are informed when cookies are set, and you can decide whether to accept them on a case by case basis, for certain cases, or to block them generally, and activate the automatic deletion of cookies when you close your browser. 

Deactivating cookies may have the effect of limiting the functionality of the Website. 

In the following section, we will provide details about the services on our Websites that use/implement cookies: 

11.1 Google AdWords Conversion 

In the context of Google-AdWords we use the "Conversion-Tracking” analysis service on our Websites.If you have come to our Website via a Google advertisement, a cookie is placed on your computer. These conversion cookies lose their validity after 30 days and are not used to dentify you personally. If you visit certain pages on our Websites and the cookie has not expired, we and Google can see that you as a user have clicked on one of the advertisements that were placed with Google and were consequently redirected to our page. 

Google uses the information collected with the aid of the conversion cookies to prepare visit statistics for our Website. From these statistics we learn the total time spent by users who have clicked on our advertisement, and also which pages of our Website were subsequently accessed by the respective user. However, neither we nor other providers who use Google-Adwords in our advertising receive any information that enables us to identify users personally. 

You can prevent the conversion cookies from being installed by making corresponding settings in your browser, for example with the browser setting that deactivates the automatic setting of 

cookies generally, or which specifically only blocks the cookies from the “googleadservices.com” domain. 

For more detailed information and the Google Data Protection Statement, please visit: 

- http://www.google.com/policies/technologies/ads/ 

- http://www.google.de/policies/privacy/ 

11.2 Google Dynamic Remarketing 

This function serves to present to visitors to the Website interest-specific advertisements for “similar target groups” within the Google advertising network. The browser of the Website user stores cookies which render the user recognisable when they return to Websites which belongs to the Google advertising network. On these pages, the user can then be presented with advertisements relating to the content the visitor viewed previously on Websites that use the Google Remarketing function. By its own account, Google does not collect any personal data in this process. 

Option to object 

If you still do not wish to have the Google Remarketing function on your computer, you can deactivate it generally by making the corresponding settings at http://www.google.com/settings/ads. 

Alternatively, you can deactivate the use of cookies for interest-specific advertising via the Advertising Network Initiative (NAI) by following the instructions at http://www.networkadvertising.org/managing/opt_out.asp. 

For more detailed information about Google Remarketing and the Google data protection statement, please visit: http://www.google.com/privacy/ads/

11.3 DoubleClick by Google 

DoubleClick by Google also uses cookies to offer you advertisements of interest specifically to you. In this case, a pseudonymised ID number is assigned to your browser to check which advertisements have been shown in your browser and which advertisements were accessed. The cookies contain no personal information. The use of the DoubleClick cookies only enables Google and its partner Websites to switch advertisements based on the previous visits to our or other Internet websites. The information generated by the cookies is transmitted to a server in the USA and stored there by Google for analysis. By using our Websites, you state that you agree to the processing of data collected about you by Google as well as the methods by which the data is processed and the stated purpose thereof as described above. 

Option to object 

You can deactivate the DoubleClick cookies by making the appropriate settings in Google directly: 

http://www.google.com/settings/ads or 

on a deactivation page of the network advertising initiative (NAI): 

http://www.networkadvertising.org/managing/opt_out.asp 

11.4 B2B Webshop 

We use the following cookie in our B2B webshop: 

• Session ID cookie: For this, a random-generated combination of letters and numbers is assigned to the respective user, e.g., to enable secure login or to store the progress in the ordering processes (products in the shopping cart). In addition his cookie is used to check whether the user has already accepted the cookie instructions (cookie banner) in the B2B webshop, which is shown on the page until it is confirmed. 

The cookie stored in the B2B webshop is deleted after 12 months or sooner. 

12. Data transfer 

For the purposes described in Section 3.1, your data is also transmitted to the responsible offices of BURG and to affiliates of BURG if this is necessary in order to fulfil the stated purposes and thus conforms to the legal permission regulations or if you have given your consent for the transmission. 

We are permitted to forward personal data to third parties if for example participations in promotional activities or competitions etc. are jointly offered by us with a third party provider. In these cases you will be advised in a separate notice that your personal data will be sent to third parties before it is transmitted. 

We use external service providers in some cases to process your personal data. These providers have been selected by us with extreme care and engaged in writing. They are bound by our instructions and are reviewed by us regularly. The service providers will not communicate this personal data to third parties. 

Furthermore, we ensure that your personal data is not communicated to third parties unless we are obliged to do so by law or unless you have explicitly stated that we may do so. 

13. Notes on data security 

13.1 Data security on the Internet 

The Worldwide Web is a publicly accessible system. If personal data is divulged online, this data is transmitted at the user’s risk. The data can be lost in transit or may fall into the hands of unauthorised third parties. BURG has adopted measures to guarantee the confidentiality and security of your personal data. 

Your data is protected conscientiously from being lost, destroyed, falsified, manipulated or exposed to unauthorised access or unauthorised disclosure e.g., by the following methods: 

• If you transmit your personal data to us via our Website or in an email, it will only be used for the purpose stated in Section 3.1. 

• Our employees are bound individually to observe a duty to confidentiality and are obliged to observe the principles of data secrecy. 

• Our security measures reflect the current state-of-the-art as far as reasonably possible. 

• The security of our systems is checked regularly, so that we can permanently protect the data entrusted to us from any damage, loss or access. 

13.2 Recommendations for improving your personal data security 

• You can configure your browser so that you are informed as soon as cookies are to be set, so that you can accept them globally or on a case by case basis, or reject them globally (see Section 11). 

• You can see whether an Internet connection is secure, among other things, from the address. If the address begins with https, this indicates that the connection is secure (e.g. https://….de). We are making every effort to convert all of our Websites to https where this has not yet been done. Another indicator is the symbol of a locked padlock in the bottom icon tray of your browser. 

• We will never ask you to communicate confidential data such as a PIN number or your password by email, over the phone or by SMS, nor will we ask you to return or specify this data or enter access data directly. 

14. Rights of data subjects 

If personal data about you is processed, you are a data subject within the meaning of the GDPR, and you have the following rights in respect of the controller. Regarding this matter, please contact us using the contact information provided in Section 2. 

14.1 Right to information 

You have the right require that we provide you with information about the personal data we have stored relating to you. 

14.2 Right to rectification 

You have the right to require that personal data relating to you be corrected and/or completed immediately. 

14.3 Right to restriction of processing 

You have the right to require that the processing of your personal data be restricted if you are contesting the accuracy of the data, if the processing is unlawful but you reject the option to have it erased and we do not need the data any more but you need it to enforce, exercise or defend your legal rights or you have submitted an objection to the processing in accordance with Art. 21 Para. 1 GDPR. If the processing of the personal data relating to you has been restricted, apart from saving it, this data can only be processed with your consent or in order to enforce, exercise or defend legal rights or to protect the rights of another natural or legal person or for reasons of substantive public interest of the union or of a member state. If the restriction of processing has been restrained pursuant to the above conditions, you will be informed by us before the restriction is cancelled. 

14.4 Right to erasure (“right to be forgotten”) 

You have the right to request the erasure of personal data relating to you that is stored with us, unless it is essential for the exercise of the right to the free exchange of opinion and information, processing to fulfil a legal obligation for reasons of public interest or for enforcing, exercising or defending legal rights. 

14.5 Right to notification 

If you have exercised your right to rectify, erase or restrict processing (15.2-15-4), we will notify all recipients to whom we have disclosed personal data relating to you of this rectification or erasure of the data or of the restriction of processing thereof unless this proves impossible or is associated with unreasonable additional effort. 

14.6 Right to data portability 

You have the right to have personal data that you provided to us delivered to you or a third party in a structured, standard, machine-readable format. If you require that the data be transmitted directly to another controller, this will only be done if it is technically possible. 

14.7 Right to object 

If your personal data is processed on the basis of legitimate interests as stipulated in Art. 6 Para. 1 letter f GDPR, you have the right to file an objection to the processing pursuant to Art. 21 GDPR. The controller will discontinue processing personal data relating to you unless it can prove the existence of compelling reasons worthy of protection for continuing to process it which outweigh your interests, rights and freedoms or if processing serves the cause of enforcing, exercising or defending legal rights. 

14.8 Right to withdraw consents relating to data protection law 

You have the right to withdraw your consent under data protection law at any time with effect for the future. The data that is collected before such withdrawal becomes legally enforceable is unaffected thereby. 

14.9 Right to lodge a complaint with a supervisory authority 

Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular within the Member State of your habitual residence, place of work or place of the alleged infringement, if the data subject considers that the processing of personal data relating to you infringes the GDPR. 

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR. 

15. Updating of this Data Protection Statement 

It may be necessary (e.g., in the light of changes to the law) to update our Data Protection Statement. We therefore reserve the right to amend or supplement this Data Protection Statement whenever necessary. We will publish the change here. We therefore recommend that you review this Data Protection Statement regularly to ensure that your knowledge is up to date.