Privacy Notice

Website Privacy Policy

AUSTRIACARD A.G. Group (hereinafter the “Group” or “we”), is strongly committed to privacy issues, and this privacy statement details our approach on issues regarding our web site. By using this site and submitting any personal data, you agree to the use by the Group of such data in accordance with this privacy statement.

If you have questions on privacy issues, please email us at:

dataprotection.austria@austriacard.com

dataprotection@lykos.gr

dataprotection@lykos.ro.

Data Controllers are the following companies of the Group:

“AUSTRIA CARD-Plastikkarten und Ausweissysteme Gesellschaft m.b.H.” with registered office at Lamezanstraße 4-8, A-1230 Vienna, Austria with VAT Number ATU14915403, Trade Register FN 98272v (AUSTRIA CARD GmbH)

and

“INFORM P. LYKOS S.A. Processing & Development of printed Information Systems”, with registered office at Koropi, Attica, Greece, 5th klm Vari – Koropi Av., with VAT Number EL094170977,  Trade Register N. 359201000 (INFORM P. LYKOS S.A.)

and

“S.C. INFORM LYKOS S.A.” with registered offices at Bucharest, str. Odai, nr. 347-363, 1st District , Romania, with tax code RO9030790, Trade Register registration no. J40/7278/2008 (S.C. INFORM LYKOS)

They are the data Controllers of any personal data collected through this website, and will process such data in accordance with the current EU Data Protection legislation and respective local legislation.

Data Collection

We collect identifiable personal data as per below:

  • Website usage data, via Google Analytics used to improve our website
  • Contact information including name, surname, company name, position name and email address for subscribing to our Newsletter.
  • Other information that is specifically and voluntarily provided by a visitor to our website. Visitors are able to trigger emails via website forms that are delivered to us or send email to us through contacts obtained from the website. Their messages will contain the user’s email address, as well as any additional information the user will include in the message. Based on the type of email contacts we provide, identifying information is collected to:
    • Enquire for further information for sales, data privacy or other issues
    • Submit a CV

Purpose of processing

The purpose of processing your personal data is to:

  • Ensure an efficient and secure use of our website
  • Develop our website for a better quality and broader scope of services
  • Communication between us and you and reply to your contact requests, inquiries and feedback
  • Provide marketing information for our products or services via targeted e-mails or interpersonal communication

Legal basis for processing

The legal basis for processing your personal data is:

  • Performance of a contractual relationship between you and us if you are a business partner
  • Legitimate Interest of  ours (e.g. observing our website usage in order to ensure an efficient and secure use of our website,  to develop our services, to provide customized content to make our services more relevant to you, to provide marketing material)
  • If you are not an existing customer, your consent will be asked before providing any e-mail marketing material to you. You can choose to withdraw your consent at any given time with immediate effect.
  • Your consent will be asked in relation to using website cookies. You will find additional information on how cookies are used in the Cookies Policy.
  • Processing is allowed or required by law.

Location of data and disclosure to third parties

Any personal data collected by our website are stored in the Controllers’ premises with the exception of Website usage data, via Google Analytics, as detailed in Cookies Policy

Personal data which has been submitted to us may be disclosed to other companies of the Group within the European Union, if this is necessary to meet the purpose for which the personal data are collected /received. By submitting personal data to this site, the visitor is providing explicit consent to the transfer of such data for the fulfilment of their voluntary requests.

We may disclose personal information collected by our website to law enforcement, regulatory, or other government agencies or to other third parties as required by, and in accordance with, applicable law or regulation.

Personal information is not shared with any companies of the Group for any secondary or unrelated purposes unless otherwise disclosed at the point of collection. If there is an instance where such information may be shared, the visitor will be asked for permission beforehand.

Any data provided by you via the feedback form or the newsletter registration form, will generate an email through our website’s host infrastructure located within EU.

Protection of personal data

We have developed and operate an Information Security Management System (ISMS), compliant with ISO 27001:2013, that includes a set of administrative and technical controls, so as to protect the information and information systems, including data collected from our website. More specifically, Information Security safeguards personal data regarding their confidentiality, integrity and availability. Only authorized and trained Controllers’ personnel are provided access to personal information and these employees have agreed to ensure confidentiality of this information. In addition, we take all other reasonable steps and all necessary technical and organizational measures required at all times to ensure the maximum level of security of processing and of the data involved.

However, we cannot eliminate risks associated with the use of Internet and the World Wide Web and thus we warn subjects to be fully aware of those risks.

Data Subjects rights

As web site visitor you have the following rights in respect to the processing of your personal data, to the extent provided and under the conditions set forth in applicable data protection legislation:

  • Right to Information and Access: You have the right to be informed and access data concerning you.
  • Right to Rectification: You have the right to request the rectification of inaccurate data concerning you.
  • Right to Erasure: You have the right to obtain from the Controller the erasure of personal data concerning you, given that such an erasure is permitted by applicable law.
  • Right to Restriction of Processing: You have the right to obtain from the Controller restriction of processing, if conditions set forth in applicable legislation are met.
  • Right to Data Portability: You have the right to receive the personal data concerning you, which you have provided to a Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another Controller without hindrance from the Controller, if such a possibility is provided by applicable legislation for the type of data concerned.
  • Right to Object: You have the right to object to processing of data concerning you, given that such a possibility is provided by applicable legislation.
  • Right to complain before the Data Protection Authority: If you think that your rights regarding your personal data are breached you have the right to file a complaint with the competent Data Protection Authority:

– for Austria, Österreichische Datenschutzbehörde, Wickenburggasse 8, 1080 Vienna, Austria, tel. +43 1 52 152-0, e-Mail: dsb@dsb.gv.at,

– for Greece, DPA, Kifisias Avenue 1– 115 23 – Athens, tel. +30 210 6475600, www.dpa.gr,

– for Romania, 28-30 G-ral Gheorghe Magheru Bld. District 1, post code 010336 Bucharest, Romania, tel. +40.318.059.211, anspdcp@dataprotection.ro)

or with a supervisory authority in the member state of your habitual residence or place of work.

In order to exercise any of your rights, as well as for any information or clarification in respect to those rights and their conditions, you can contact the Data Protection Officer at:

dataprotection.austria@austriacard.com

dataprotection@lykos.gr

dataprotection@lykos.ro

The Data Protection Officer will provide any further information and guidance for the steps that you must follow.

Data Retention

The personal data you submit to us will only be retained for as long as is required for the purposes for which it was collected or as required by law. In more detail:

  • Emails enquiring further information for sales, or other issues are kept for only the period of time considered reasonable to facilitate the visitor’s requests, and with a maximum of 1 year.
  • Contact details submitted for receiving Newsletter will by kept until a relevant unregistration is requested.
  • CVs submitted will be stored for a period detailed in “Privacy Notice regarding the processing of prospective employees personal data” (see below).
  • Cookies will be stored for a period detailed in Cookies Policy.

We handle your personal data that you have provided to us (such as requests, CV’s) separately from observed data about online service use and derived data. Observed or derived data about service usage is always stored using identifiers that are typically randomly generated and thus users cannot be personally identified from the identifiers.

Cookies

Our website uses small text files called ‘cookies’ which are placed on your device to assist in efficient and secure use of our website. The use of cookies is now a standard operating procedure for most websites. You can learn more about our cookies policy.

Upon entering our website you will be asked to provide your consent regarding our cookies policy.

Please also note that most browsers now permit users to opt-out of receiving them. After termination of the visit to our site, you can always delete the cookie from your system if you wish – for details, see AllAboutCookies.org. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed.

Privacy Notice regarding the processing of prospective employees personal data

1.Personal Data mentioned in the present are collected by the HR departments of the Controllers. They have appointed Data Protection Officers, with whom you can contact directly for any request or clarification:

dataprotection.austria@austriacard.com

dataprotection@lykos.gr

dataprotection@lykos.ro

2. The Controllers are collecting your personal data included in your CV, which you send by email to the following addresses:

ac.contact@austriacard.com

recruitment_romania@austriacardag.com

hr.greece@austriacard.com. s

These data include identification data, academic credentials, prior work experience and any other information that you, as a prospective candidate, may share with the company as prospective employer.

3. The legal basis for this processing is your explicit consent and the collection of personal data originate from you and extend only to those data that you chose to share with us. The personal data we will collect about you will be processed for Recruitment and selection of prospective employees for filling current or future open positions. If the purpose of processing for some reason changes, we will provide relevant information before assuming that particular processing.

4. The personal data we collect will be subject to following specific acts of processing:

  • Collection and management of applications
  • Evaluation of applications
  • Selection of candidates

5. Your personal data will be disclosed to the local HR teams and possibly to the HR or management of other companies of the Group  within the European Union (e.g. AUSTRIACARD S.R.L., Austria Card Polska Sp. Zoo), in order to manage & evaluate the applications, perform the interviews and select the preferred candidate. Our Group’s core systems are hosted in data centers located in the European Union (Austria, Romania, Poland, Greece).

6. If your application is unsuccessful, your personal data will be stored for a period of 6 months after the end of the respective application process. After this period your personal data will be deleted completely from our records.

7.  You have the following rights in respect to the processing of your personal data, to the extent provided and under the conditions set forth in applicable data protection legislation:

  • Right to Information and Access: You have the right to be informed and access data concerning you.
  • Right to Rectification: You have the right to request the rectification of inaccurate data concerning you.
  • Right to Erasure: You have the right to obtain from the Controller the erasure of personal data concerning you, given that such an erasure is permitted by applicable law.
  • Right to Restriction of Processing: You have the right to obtain from the Controller restriction of processing, if conditions set forth in applicable legislation are met.
  • Right to Data Portability: You have the right to receive the personal data concerning you, which you have provided to a Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another Controller without hindrance from the Controller, if such a possibility is provided by applicable legislation for the type of data concerned.
  • Right to Object: You have the right to object to processing of data concerning you, given that such a possibility is provided by applicable legislation.

In order to exercise any of your rights, as well as for any information or clarification in respect to those rights and their conditions, you have to contact the Data Protection Officer at given contact details under paragraph 1. The Data Protection Officer will provide any further information and guidance for the steps that you must follow.

9. You have the right to withdraw your consent for the processing of your personal data at any time without cost, by sending an email to the Data Protection Officer at the contact details provided under paragraph 1. In case you withdraw your consent, your personal data will be deleted completely from our records and any act of processing will cease.

10. We inform you that under applicable legislation you have the right, if you deem that the legislation about your personal data is violated, to file a complaint before the competent Data Protection Authority:

– for Austria, Österreichische Datenschutzbehörde, Wickenburggasse 8, 1080 Vienna, Austria, tel. +43 1 52 152-0, e-Mail: dsb@dsb.gv.at,

– for Greece, DPA, Kifisias Avenue 1– 115 23 – Athens, tel. +30 210 6475600, www.dpa.gr,

– for Romania, 28-30 G-ral Gheorghe Magheru Bld. District 1, post code 010336 Bucharest, Romania, tel. +40.318.059.211, anspdcp@dataprotection.ro)

or with a supervisory authority in the member state of your habitual residence or place of work.