General
1. Preamble
1.1 We are the Fronius International GmbH, Froniusstraße 1, 4643 Pettenbach, Austria, a technical leader in the fields of welding technology, photovoltaics and battery charging technology and Controller within the meaning of the General Data Protection Regulation (GDPR) (hereinafter referred to as "Fronius").
This data privacy statement applies to any form of processing of personal data by third parties by Fronius application.
1.2 In the following, Fronius would like to inform you in particular about what data Fronius processes, how and for what purpose they are used and what are the rights of data subjects. All data is processed by us in compliance with the relevant legal regulations on data protection and data security of the European Union and the Republic of Austria.
1.3 You can view, download or print our current data privacy statement at any time at https://www.fronius.com. The data privacy statement also represents an integral part of our Terms and Conditions of Use and Webshop, also available at https://www.fronius.com.
2. Legal bases and purpose of the processing
2.1 Fronius processes personal data within the meaning of Article 6 GDPR because the processing
- is necessary for the fulfilment of a contract,
- for the fulfilment of a legal or legal obligation or
- for the protection of the legitimate interests of Fronius or a third party or
- because the data subject has given his consent to the processing.
2.2 Fronius processes personal data, especially in the context of a business connection with the data subject or with a company that is represented by the data subject, especially in the area of contractual and, on request, also of pre-contractual relationships (Art. 6, para. 1, lit. b, GDPR). These data comprise the name of the data subject, his contact information (such as e-mail address, phone number, address), account data, possibly information regarding creditworthiness, if necessary social security data, information of the data subject in connection with the fulfilment of the contractual relationship, in the form of system data, service data, documentation, documents and correspondence between Fronius, the contract partner, if need be the contractor and the data subject, delivery, sales and billing data.
2.3 Furthermore, the processing of personal data is carried out to the extent necessary to fulfil a statutory / legal obligation to which Fronius is subjected (e.g. retention and documentation obligations according to the Austrian Commercial Code (UGB), Federal Fiscal Code (BAO) and others, reporting obligations as an employer toward social insurance; Art 6, para. 1, lit. c, GDPR) or the processing is necessary for the performance of a task carried out in the public interest (Art. 6, para. 1, lit. e, GDPR). Here, in particular, business-related correspondence and all relevant tax documents relating to the contractual relationship with the data subject or the company represented by him are processed.
2.4 Likewise, processing of personal data occurs on the basis of a data subject's consent for processing that can be cancelled at any time (Art. 6, para. 1, lit. a, GDPR). Here, in particular, the personal data of data subjects is processed, for which the data subject has given his prior consent, such as the publication of photographs of the data subject for documentation or advertising purposes.
2.5 In addition, the processing is also carried out for the necessary, proportionate protection of legitimate interests of Fronius (Article 6, para. 1, lit. f, GDPR), such as in particular for the protection of business interests such as internal administration and optimization of the business process, enforcement of rights, exercise or defence of legal claims and, if there is no reason to believe that the data subject has an overriding legitimate interest in not disclosing his data, prevention of physical damage or financial losses, for the implementation of direct advertising (marketing and information measures, in particular on products and services offered by the controller), for IT security and technical administration as well as for the purposes of file, customer and supplier administration. The processing here includes all data processed within the framework of the relationship between Fronius and the data subject, if this is necessary to achieve the purpose. The legitimate interest of Fronius or its group companies and of recipients of communications is also to be capable of operating a group-wide customer and supplier management system for the purpose of administrative optimization and simplification.
2.6 Insofar as data is not collected by the data subject within the meaning of Art. 14 GDPR, the following personal data is also collected either in publicly accessible databases (e.g. land register, commercial register, central association register, edict database, central register of residents, creditworthiness databases), information on the data subject by search engines, social networks or various websites, at Fronius group companies or with cooperation partners or any funding agencies.
2.7 In order to guarantee the security of the personal data of the data subjects, Fronius has implemented a number of technical and organisational measures within the meaning of Art. 32 GDPR, in particular encryption of the services using state-of-the-art encryption methods (e.g. SSL), user authentication controls, secured network infrastructures, restriction of access to personal data, network monitoring solutions, area-restricted alarm systems as well as video surveillance, employee administrative instructions, obligation to da-ta secrecy.
2.8 Fronius does not process personal data for automatic decision-making or profiling purposes.
3. Recipient of personal data
3.1 All personal data is processed by Fronius exclusively by Fronius and its group companies, strictly confidential and not transmitted to other recipient categories other than those specified in this data privacy statement without the express consent of the data subject. Fronius only transfers or discloses personal data to third parties if they agree with the same level of data protection that Fronius itself applies. Fronius has concluded agreements in accordance with Article 26 of the GDPR for the purpose and means of processing.
3.2 Disclosure to third parties by Fronius is allowed, if there is a contractual or legal obligation to do so. This applies, for example, to the proper execution of contractual relationships and to obligations related to the prevention, investigation, detection and prosecution of criminal offences or the execution of sentence including protection against and the prevention of threats to the public security. There are the following categories of recipients within the meaning of Art 13, para. 1, lit e, GDPR:
- group companies of Fronius (these are in particular the subsidiaries listed under https://www.fronius.com/de/kontakt#!/),
- processors which require the data for the performance of their tasks,
- public authorities, public bodies in the case of the existence of a statutory obligation,
- operators and participants of information systems relevant to creditworthiness for the purpose of creditor protection and risk reduction,
- third-party providers and cooperation partners (e.g. customers, suppliers, payment service providers),
- credit and financial institutions or other comparable institutions,
- legal and tax advisors as well as experts for the examination, establishment, exercise or defence of legal claims,
- courts for establishment, exercise or defence of legal claims.
3.3 A transfer of personal data to countries outside the EEA may take place in order to implement pre-contractual measures or in the performance of a contract with the data subject or the company represented by him, in particular by Fronius group companies or due to the use, in particular, of cloud solutions for communication and collaboration, for video conferencing, for maintaining information and data security and for customer care. If need be, the processing of personal data may also take place when used for advertising purposes on social media channels (e.g. Facebook, Instagram) or websites outside the EEA. Such transmission takes place primarily on the basis of binding corporate rules according to Art 47 in conjunction with Art 46, para. 2, lit b, GDPR, European Commission's adequacy decisions according to Art 45 GDPR; standard data protection clauses according to Art 46, para. 2, lit c and d, GDPR. In exceptional cases, a data transfer also takes place on the basis of Art. 49 GDPR, either because the data subject has expressly consented to the proposed data transfer, after having been informed about possible risks existing for him from such data transfers without an adequacy decision and without appropriate safeguards, because the transmission is necessary for the fulfilment of a contract between the data subject and Fronius or for the implementation of pre-contractual measures at the request of the data subject, or because the transmission is necessary for the conclusion or fulfilment of a contract concluded with another natural or legal person in the interests of the data subject by Fronius.
4. Storage period/erasure
4.1 Fronius will store personal data for as long as the purpose of the processing exists, in particular for the performance of a contract with the data subject or for the fulfilment of a statutory/legal obligation or as long as is necessary for the establishment, exercise or defence of legal claims or an overriding legitimate interest of Fronius in the processing exists.
4.2 In particular, Fronius must comply with the following statutory retention obligations or limitation periods:
a) Accounting, tax and customs law
- tax retention obligations under § 132 para. 1 BAO: 7 years, and beyond as long as the data for the tax authority is of importance in a pending case;
- company law retention obligation according to §§ 190, 212 Austrian Commercial Code (UGB): 7 years;
- turnover tax retention obligation according to § 11 para. 2 3. subparagraph Value Added Tax Act (UStG): 7 years;
- records according to § 23 para. 2 of the Zollrechts-Durchführungsgesetz (Act to implement customs law): 5 years.
b) Contract administration
- warranty according to § 933 of the Austrian civil code (ABGB): 2 years (movable property), 3 years (immovable property);
- claim for purchase price for movable property according to § 1062 in conjunction with § 1486 Austrian Civil Code: 3 years;
- claim for purchase price for immovable property (e contrario § 1486 Austrian Civil Code): 30 years;
- claims from a contract for work according to § 1486 Austrian Civil Code (if the service is provided as part of a commercial or other business operation): 3 years;
- General compensation according to § 1489 Austrian Civil Code (compensation claims): 3 years (if damage and injuring party are known) / otherwise absolute limitation period 30 years (for example, work accidents within the meaning of § 1325 Austrian Civil Code);
- liability claims according to § 13 of the Product Liability Act (PHG): 10 years.
4.3 Data from applicants who are not employed will be erased seven months after completion of the application procedure, unless consent for record keeping has been given. When a service relationship is established, the applicant data will be stored until it is terminated or beyond for the purposes stated above. In the case of a consent (in particular when sending electronic messages), the storage takes place until the data subject’s revocation which is possible at any time, whereby the revocation does not affect the processing carried out up to this date.
5. Rights of data subjects
5.1 The data subject has the right to:
a) access to personal data processed by Fronius,
b) rectification of the personal data in the case of incorrectness or incompleteness,
c) restriction of processing of the personal data, where certain conditions are fulfilled, particularly in case of considerable suspicion of unlawful processing or contradiction,
d) data portability of the personal data in a common, structured and machine-readable format,
e) erasure of the personal data in the case of any existing legal reasons,
f) objection with regard to the processing of the personal data pertaining to you, unless Fronius provides compelling and legitimate reasons for it,
g) revocation in case of consent of the data subject to the processing of the personal data; and
h) complaint to Fronius, if you believe that Fronius is unlawfully processing your personal data. In addition, you also have the right to lodge a com-plaint with the Austrian Data Protection Authority, Wickenburggasse 8, 1080 Vienna.
5.2 In this respect, please contact us or send your request by mail, e-mail or fax to the contact address below. The processing of your request or your data does not affect the legitimacy of the processing already carried out until the receipt of your request. The processing of your request or your data must be reasonable for Fronius.
Data processing when using Fronius online services or Fronius apps
6. System / device data and connection data
6.1 Our websites and apps can be visited depending on availability at any time without having you having to provide immediate information about your person. Fronius stores the following data without direct personal reference (connection data):
a) Browser type and version
b) Operating system
c) Referrer URL (the specific visited website)
d) Host name of the accessing computer (IP ad-dress)
e) Time and date of the server request
f) Device
6.2 This data of non-registered users is evaluated and used in an anonymous form by Fronius or in an anonymous form by a third party for the proper functioning of our website, for the provision of its contents, for the detection and tracking of misuse as well as for the improvement of our offer (e.g. by means of scientific research, data analysis, etc.).
6.3 Fronius also processes the data listed in section 6.1 from registered users, whereby any use occurs exclusively in anonymised form pursuant to section 6.2. A conclusion on data subjects based on this data is not possible by the authorized third party.
6.4 Arising from the use of Fronius websites as well as Fronius apps and services by registered or activated users, Fronius also collects non-personal or anonymised system/device data. The data is stored in a form that allows no conclusion on a specific person. Fronius may collect, use, share and disclose non-personal data for any purpose.
Example: Fronius uses aggregate data from all systems of a given region to determine the duration and intensity of solar radiation in this region. The region is sufficiently broadly defined that a conclusion on a person or its system is excluded. Fronius is also entitled to disclose such non-personal or anonymised da-ta to third parties.
7. Immediate personal data
7.1 A direct reference to your person or to the respective user can only be established by Fronius after successful registration. Registration requires your con-sent to disclose your personal data. In this context, our websites and apps collect and store the following personal data:
a) User data: Title, first name, last name, company, street, house number, postal code, city, state, country, time zone, phone number, fax number, e-mail address, date of birth, customer number, user name, password
b) System data: System name, system identifier, commissioning date/time, company, street, house number, postal code, city, state, country, time zone, longitude, latitude, height, system performance, manufacturer, module type, system description, system image
c) Operator / customer data: Title, first name, last name, company, street, house number, postal code, city, state, country, time zone, phone number, fax number, e-mail address, customer number, sales tax identification number
d) Connection data: Data pursuant to section 6.1.
7.2 Fronius collects personal data for the provision of the requested services, for the performance of pre-contractual measures, for the management of contracts and for the improvement of our services and products.
7.3 After registering, you can make your user name visible to other members. In addition, you can share or release more data of your profile or your system and make it visible to other members. Within your profile, you have the option to adjust by appropriate settings the extent to which your data will be released. It is entirely at your discretion to decide which and to what extent this data will be shared with other users or re-leased. Details are further explained by the respective function on the websites.
7.4 To the extent that we use data for a purpose that re-quires your consent pursuant to statutory provisions, we will seek your express consent. Your consent is documented in accordance with the data protection regulations. You can withdraw your given consent at any time with future effect and/or object to the future use of your data for purposes of advertising, market and opinion research. A simple message to Fronius is sufficient to revoke a consent or for an objection. To guarantee rapid processing, please use the below contact data. You will incur no additional costs for the contact.
8. Use of cookies
8.1 Our website uses software to analyse the use of the website. By evaluating this data, valuable insights into the needs of users can be obtained. These insights contribute to further improve the quality of what we offer.
8.2 In this context, so-called cookies are used. Cookies are text files that are stored on the computer of the visitor of the website and thereby make it possible to recognize a visitor on an anonymous basis. Cookies can generally be rejected or deleted by appropriate browser settings. We use cookies, which:
a) are absolutely necessary for the use of the website;
b) limit the number of requests;
c) identify the repeated visits of a single user;
d) identify a sequence of http requests from a single user;
e) contain the encrypted IP address and port of the target server;
f) register a unique ID that is used to generate statistical data such as how the user uses the website;
g) enable the user to download documents;
h) serve to better understand the needs of our users and optimize the offer on our website.
8.3 A regularly updated list of cookies used can be found at: https://www.fronius.com/en/cookie-policy.
9. Google Analytics: Data protection and opt-out option
9.1 The Fronius website uses Google Analytics, a web analysis service provided by Google Inc. ("Google"). Google Analytics uses so-called "cookies", text files that are stored on your computer and which help analyse your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymisation is enabled on this website, your IP address will first be truncated by Google within the member states of the European Union or other states party to the agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website in order to compile reports about the website activity for us as website operators and to provide other services associated with the use of the website. The IP address that your browser transmits within the scope of Google Analytics will not be associated with any other data held by Google.
9.2 You can refuse the storing of cookies by selecting the appropriate settings on your browser software; however, we must point out that in this case you may not be able to use all the features of this website. You can also prevent the data generated by cookies concerning your use of the website (including your IP address) from being passed on to Google as well as the processing of these data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de
9.3 You can find more information on Terms of Use and data protection at http://www.google.com/analytics/terms/de.html or at http://www.google.com/intl/de/analytics/privacyoverview.html.
9.4 The Google tracking codes of this website use the extension "_anonymizeIP()" so that IP addresses are only processed in abbreviated form in order to prevent direct personal references.
10. Google Analytics Remarketing
10.1 The Fronius websites use the features of Google Analytics Remarketing combined with the cross-device capabilities of Google AdWords and Google DoubleClick. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.This function enables the advertising target groups created with Google Analytics Remarketing to be linked with the cross-device functions of Google AdWords and Google DoubleClick. This allows advertising messages to be displayed based on your personal interests, identified from your previous usage and surfing behaviour on one device (e.g. your mobile phone), on other devices (such as a tablet or computer).
10.2 Once you have given your consent, Google will associate your web and app browsing history with your Google Account for this purpose. That way, any device that signs in to your Google Account can use the same personalised advertising messages.
10.3 To support this feature, Google Analytics collects Google-authenticated IDs of users, which are temporarily linked to our Google Analytics data to define and create target groups for cross-device advertising. You can permanently object to cross-device remarketing/targeting by deactivating personalized advertising in your Google account; follow this link: https://www.google.com/settings/ads/onweb/
10.4 The summary of the data collected in your Google Account is based solely on your consent, which you can submit or revoke to Google (Art. 6 par. 1 lit. a, GDPR). For data collection operations that are not merged into your Google Account (for example, because you do not have a Google Account or have op-posed the merge), the collection of data is based on Article 6, para. 1, lit f of the GDPR. The legitimate interest arises from the fact that the website operator has an interest in anonymous analysis of website visitors for advertising purposes. Further information and the privacy policies can be found in Google's Data Privacy Statement at: https://www.google.com/policies/technologies/ads/
11. Display&Video 360
We also use cookies from Display&Video 360 to measure the effectiveness of our advertising campaigns, to limit the frequency with which you see a particular ad, and to display only ads that are relevant to you and your interests. In particular, information about the time of your visit, the ads you clicked on, and your previous user behaviour on third-party websites is collected and stored. This information is not passed on to third parties, but is only used for campaign management and campaign control. In addition, user profiles are created which are used for our own market research purposes – based in particular on the interests identified. You can find further information at https://www.google.com/policies/privacy/ads/ or https://www.google.com/settings/u/0/ads/authenticated
12. Google Marketing Platform
12.1. Google Marketing Platform by Google is a service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (‘Google’).
12.2. Google Marketing Platform by Google uses cookies to serve ads relevant to you. Your browser is assigned a pseudonymous identification number (ID) to check which ads have been displayed in your browser and which ads have been called. The cookies do not contain any personal information. The use of Google Marketing Platform cookies only allows Google and its partner websites to serve ads based on previous visits to our or other websites on the Internet. The information generated by the cookies is transmitted by Google to a server in the USA for analysis and stored there. Under no circumstances will Google match your data with other data collected by Google.
12.3. By using our online service, you consent to the processing of data about you by Google and the manner of data processing described above as well as the named purpose.
12.4. You may refuse the use of cookies by selecting the appropriate settings on your browser. You can also prevent Google from collecting the data generated by the cookies and relating to your use of the website and from processing this data by Google by downloading and installing the browser plug-in available under the following link under ‘Extension for Google Marketing Platform deactivation’.
12.5. For more information about Google Marketing Platform by Google and privacy, please visit: https://policies.google.com/technologies/ads?hl=en
13. Google Marketing Platform Floodlight
13.1. Our online service uses the Google Marketing Platform Floodlight service, an online advertising program from Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (‘Google’).
13.2. Google Floodlight allows us to track and document the actions of users who visit our online service after you have seen or clicked on one of our ads. For this purpose, so-called floodlight tags or visitor pixels and cookies are set on our online service (so-called Google Marketing Platform cookie). We use Google Floodlight to determine the efficiency of our online campaigns in terms of sales and user activity on our online service. These cookies and tags do not contain any personal data and are therefore not used for personal identification. For example, we can determine the number of users who have purchased a product or completed an online form and evaluate it for statistical purposes, but we cannot identify you personally.
14. Hotjar: Data protection and opt-out option
14.1 We use Hotjar to better understand the needs of our users and to optimise the offerings on our websites. Using Hotjar's technology, we get a better understanding of our users' experiences (e.g. how much time users spend on which pages, which links they click, what they like and what not, etc.) and that helps us to align our offer to our users' feedback. Hotjar uses cookies and other technologies to collect information about the behaviour of our users and their devices (in par-ticular, the IP address of the device (is recorded and stored in anonymous form only), screen size device type (unique device identifiers), information about the used browser, location (only country), preferred language for displaying our website). Hotjar stores this information in a pseudonymous user profile. The information will not be used by Hotjar or by us to identify individual users nor will it be aggregated with other data about individual users. Further information can be found in Hotjar’s privacy policy: https://www.hotjar.com/legal/policies/privacy/.
14.2 You can object to the storage of a user profile and information about your visit to our website by Hotjar and the setting of Hotjar tracking cookies on other websites.
15. Newsletter
15.1 If you have given your consent for the subscription of news in connection with the regular receipt of interesting offers via e-mail, the rules of this provision apply. Your e-mail address will not be disclosed to other companies. The consent for the use of your e-mail address for advertising purposes may be withdrawn at any time with effect for the future by clicking on the "Unsubscribe" link at the bottom of the newsletter or by sending a message to cancellation(at)fronius.com.
15.2 If you subscribe to our newsletter, we use the data necessary or separately provided by you to regularly send you our e-mail newsletter according to your consent.
15.3 We use the e-mail marketing software mailworx to send and analyse our newsletters, which records the opening and clicking behaviour. Specifically, the following information is tracked: Time of delivery, time of opening, duration of opening, IP address of the opening, e-mail program used (mail client), which link was clicked and the time of the click. The storage and processing of this data takes place exclusively for the purpose of being able to send the recipients tailored and relevant content. The data will not be disclosed to third parties or merged with other data. The data storage is done until cancellation of the newsletter subscription.
15.4 We are entitled to check your e-mail address based on your additional information as to its authenticity and accuracy.
Participation in events
16. Specific data protection information for participation in events organized by Fronius
16.1 When you sign up to participate in an event organized by Fronius, various personal data are collected and if need be your name and company affiliation is disclosed to other participants (e.g. in a list of participants). In addition to the data categories mentioned above, additional data, such as account data (for fee-based events), time data or attendance times during the event, may also be collected and processed.
16.2 Special categories (Art. 9 and 10 GDPR) of personal data (e.g. data on allergies for the planning of caterings) we will process exclusively on the basis of your consent. We would like to point out that if you provide us with data in accordance with Art. 9 and 10 GDPR, we assume that the consent to processing was grant-ed with the transmission.
16.3 As part of events, we regularly create visual and audio recordings to document the event, which may be published in media or in publications about the event. We will only process recordings based on your consent.
16.4 The processing of the listed personal data is necessary to achieve the stated purposes. If the data is not provided by you or is not made available to the required extent, participation in the event may not take place.
17. Contact details
17.1 Controller
Fronius International GmbH
Froniusstraße 1
A-4643 Pettenbach
Austria
E-Mail: contact@fronius.com
Phone: +43 7242 241-0
Fax: +43 7242 241-3013
17.2 Management
Elisabeth Engelbrechtsmüller-Strauß
17.3 Contact
For any inquiries related to data protection or data security, please contact us at the e-mail address dataprotection@fronius.com.