Privacy
Welcome to the privacy policy of our website. As the operator of the website https://www.team.citrocasa.com/, we take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations, your selection in the cookie banner and this privacy policy.
Name and address of the responsible body
The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
Citrocasa GmbH
Industriezeile 47
4020 Linz
Austria
Phone: +43 732 750 173 – 0
Fax: +43 732 750 173 – 24
Email: office@citrocasa.com
If you have any questions about data protection, please contact our external data protection officer at Prico GmbH with the reference "Data protection homepage". Please send your enquiry to Sebastian Feldmann, s.feldmann@prico.de.
General information on data processing
Scope of processing personal data
We only process personal data of our users to the extent necessary to provide a functional website and the content and services. The processing of personal data is carried out regularly only with the consent of the user. An exception applies in cases where prior consent cannot be obtained for practical reasons and the processing of the data is permitted by law.
Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a) GDPR serves as the legal basis.
When processing personal data that is necessary for the performance of a contract to which the data subject is party, Art. 6 para. 1 lit. b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Art. 6 para. 1 lit. c) GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d) GDPR serves as the legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not override the aforementioned interest, Art. 6 para. 1 lit. f) GDPR serves as the legal basis for processing.
Data deletion and storage period
Your personal data will be deleted or blocked as soon as the purpose for which it was stored no longer applies and there are no legal retention periods or other requirements that prevent this.
Provision of the website and creation of log files
Description and scope of data processing
Every time you visit our website, data and information are automatically collected by the computer system of the requesting computer. The following data is collected:
- IP address of the requesting computer (host name)
- Date and time of access
- Name and URL of the file accessed
- Website from which access is made (referrer URL)
- Browser used and, if applicable, the operating system of your computer
- Name of your access provider
The data is also stored in our system's log files. This data is not stored together with other personal data of the user.
Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f) GDPR.
Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.
The data is stored in log files to ensure the functionality of the website. We also use the data to optimise the website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context. These purposes also constitute our legitimate interest in data processing pursuant to Art. 6 para. 1 lit. f) GDPR.
Duration of storage
The data is deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of data collection for the provision of the website, this is the case when the respective session has ended. In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymised so that it is no longer possible to assign them to the requesting client.
Right to object and right to erasure
The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. Consequently, there is no possibility for the user to object.
Contact form and email contact
Description and scope of data processing
You can contact us via the email address provided office@citrocasa.com or by post. If a website visitor makes use of this option, the data transmitted will be stored by us.
Legal basis for data processing
The legal basis for the processing of data transmitted in the course of sending an email or by post is Art. 6 para. 1 lit. f) GDPR. If the contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b) GDPR.
Purpose of data processing
The processing of personal data is used solely for the purpose of processing the contact request, which also constitutes the necessary legitimate interest in the processing of the data.
Duration of storage
The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. For personal data sent by email or post, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been finally clarified.
Right to object and right to erasure
The user can object to the processing of their data by email or by post. All personal data stored in the course of establishing contact will then be deleted. In such a case, the conversation cannot be continued.
Data transfer to third countries
Our website may include tools from companies based in so-called third countries (i.e. outside the European Union (EU) and the European Economic Area (EEA)). If these tools are active, your personal data may be transferred to the servers of the respective companies. We have no influence on this data processing.
If we process data in a third country or if processing takes place within the scope of the use of third-party services or the disclosure or transfer of data to other persons, bodies or companies, this will only be done in accordance with the following legal requirements pursuant to Art. 44 ff. GDPR:
- Basis for an adequacy decision
- Internal data protection regulations
- Approved rules of conduct
- Standard data protection clauses
- Approved certification mechanism pursuant to Art. 46 para. 2 lit. a) – f) GDPR
Use of cookies
Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in your Internet browser or by your Internet browser on your computer system. When a user accesses a website, a cookie may be stored on the user's operating system. These cookies contain a characteristic string of characters that enables the browser to be uniquely identified when the website is accessed again.
We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change. We also use cookies on our website that enable an analysis of users' surfing behaviour.
Legal basis for data processing
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f) GDPR. Insofar as cookies are set to analyse user behaviour, this is done on the basis of consent in accordance with Art. 6 para. 1 lit. a) GDPR.
Purpose of data processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognised even after a page change. As the website operator, we have a legitimate interest in storing cookies for the technically error-free and optimised provision of our services.
The user data collected by technically necessary cookies is not used to create user profiles. Analytical cookies are used for the purpose of improving the quality of our website and its content. Analytical cookies tell us how the website is used, enabling us to continuously optimise our offering.
Duration of storage, objection and removal options
Cookies are stored on the user's device and transmitted to our site. As a user, you therefore have full control over the use of cookies. You can disable or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may not be possible to use all functions of the website to their full extent.
Applicant data protection
If you apply to us electronically, i.e. by email or via our web form, we will collect and process your personal data for the purpose of processing your application and for the implementation of pre-contractual measures.
By submitting an application, you express your interest in working for us. In this context, you provide us with personal data that we use and store exclusively for the purpose of your job search/application. In particular, the following data is collected: first name and surname, email address, telephone number, LinkedIn profile if applicable.
You also have the option of sending documents such as a cover letter, your CV and references. These may contain additional personal data such as your date of birth, address, etc.
The legal basis for the processing of your applicant data is Art. 6 para. 1 lit. b) GDPR and Art. 9 para. 2 lit. b) GDPR. If special categories of personal data within the meaning of Art. 9 (1) GDPR are voluntarily provided during the application process, they will also be processed in accordance with Art. 9 (2) lit. b) GDPR (e.g. health data, such as severe disability).
Only authorised employees from the Human Resources department or persons involved in the application process have access to your data. Personal data will be stored exclusively for the purpose of filling the vacant position for which you have applied.
Your data will be stored for a period of 6 months after the end of the application process. This is usually done to fulfil legal obligations or to defend against any claims arising from legal regulations. We are then obliged to delete or anonymise your data.
Integration of additional services and content from third parties
This online offering may include content from third parties, such as videos, fonts or graphics from other websites. In order for this content to be displayed, it is necessary for the respective providers of this content ("third-party providers") to collect the IP address of the user. Without the IP address, it would not be possible to transmit the content to the user's browser, as it is necessary for display.
We endeavour to only integrate content whose providers use the IP address exclusively for the purpose of providing the content. However, we have no influence on whether third-party providers store the IP address for statistical purposes, for example. If we are aware of this, we will inform users accordingly. We use these integrations to provide and optimise our online offering.
The legal basis for the integration of further third-party services and content is Art. 6 para. 1 lit. f) GDPR. Our overriding legitimate interest lies in the best possible presentation of our online presence and in the user-friendly and economically efficient provision of our services. Please check the respective data protection conditions before you transmit personal data to these websites.
Other recipients of data
If the legal requirements are met (e.g. you have given your consent), we may share your personal data with other recipients who provide services to us. In accordance with the principle of data minimisation, we limit the disclosure of your personal data to the extent necessary. The service providers we use receive your personal data as processors (processing agreement in accordance with Art. 28 GDPR) or as independent data controllers. The following categories of service providers or data recipients may receive your data:
- Server operators & hosting providers
- Marketing agencies & website support
- External legal and tax advice
- Newsletter providers
- Recruitment service providers
- Postal and delivery service providers
- Other services and tools
Access to your data is only granted under strict conditions (confidentiality requirements).
Data security
Unfortunately, the transmission of information via the Internet is not completely secure, which is why we cannot guarantee the security of data transmitted to and via our website. However, we use technical and organisational measures to protect our website and other systems as best as possible against loss, destruction, access, modification or distribution of your data by unauthorised persons.
We take precautions to ensure the security of your personal data. Your data is conscientiously protected against loss, destruction, falsification, manipulation and unauthorised access or unauthorised disclosure.
Rights of the data subject
Right to information (Art. 15 GDPR)
You can request confirmation from the controller as to whether personal data concerning you is being processed by us. If such processing is taking place, you can request information including purposes, categories, recipients, storage duration, rights, source, and transfers to third countries including safeguards pursuant to Art. 46 GDPR.
Right to rectification (Art. 16 GDPR)
You have the right to obtain from the controller rectification of inaccurate personal data concerning you or completion of incomplete personal data. The controller shall undertake such rectification without undue delay.
Right to restriction of processing (Art. 18 GDPR)
You may request restriction of processing under certain conditions, e.g., contesting accuracy, unlawful processing with request to restrict instead of erase, data needed for legal claims, or pending an objection under Art. 21(1) GDPR. You will be informed before a restriction is lifted.
Right to erasure (Art. 17 GDPR)
Obligation to erase: You may request immediate deletion if, for example, data is no longer necessary, consent is withdrawn with no other legal basis, you object and there are no overriding grounds, data was unlawfully processed, erasure is required by law, or data was collected under Art. 8(1) GDPR.
Information to third parties: If personal data has been made public and must be erased, reasonable measures will be taken to inform controllers processing the data that you request deletion of links, copies, or replications.
Exceptions: The right does not apply where processing is necessary for freedom of expression and information, compliance with a legal obligation or public interest tasks, public health, archiving/research/statistics where erasure would impair objectives, or for legal claims.
Right to notification (Art. 19 GDPR)
If you have exercised your right to rectification, erasure or restriction of processing, we are obliged to notify all recipients to whom your personal data has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right to obtain information about these recipients.
Right to data portability (Art. 20 GDPR)
You have the right to receive personal data you provided in a structured, commonly used and machine-readable format and to transmit those data to another controller, where processing is based on consent or contract and carried out by automated means, without adversely affecting the rights and freedoms of others. This does not apply to tasks in the public interest or exercise of official authority.
Right to object (Art. 21 GDPR)
You have the right to object, on grounds relating to your particular situation, to processing based on Art. 6 para. 1 lit. e) or lit. f) GDPR. We will no longer process the data unless we demonstrate compelling legitimate grounds overriding your interests, rights and freedoms, or for legal claims. For direct marketing, you may object at any time; in that case, data will no longer be processed for such purposes. You may exercise this right by automated means using technical specifications.
Right to withdraw consent (Art. 7(3) GDPR)
You have the right to withdraw your consent at any time. The withdrawal does not affect the lawfulness of processing based on consent before its withdrawal. To withdraw consent or to object, simply send us an email.
Right to lodge a complaint (Art. 77 GDPR)
Without prejudice to any other remedy, you have the right to lodge a complaint with a supervisory authority, in particular in your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR. The authority will inform you about the progress and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.
Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless necessary for a contract, authorised by law with safeguards, or based on your explicit consent. Such decisions may not be based on special categories of personal data unless Art. 9(2) a) or g) applies with appropriate safeguards.
Changes to the data protection provisions
We reserve the right to amend this privacy policy at any time with future effect so that it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g. when introducing new services.
