Data protection information

according to General Data Protection Regulation

Status: May 2018

Data protection is important to us: For this reason, we collect and process your data in accordance with the statutory provisions, in particular the General Data Protection Regulation, GDPR and the Data Protection Act (DSG) as well as other statutory provisions such as the Telecommunications Act (TKG) in the field of electronic communication. With the following information we would like to give you an overview of the processing of your personal data by us and your rights under data protection law.

1. Who is responsible and contact information?

Responsible is:

BUHLER MANAGEMENT INTERNATIONAL

You can contact our data protection officer at:

MMag. Maria Th. BUHLER
Ballgasse 6/21
A - 1010 Vienna

Mobile: 0664 416 55 22
Phone: 01 96 83 777

Goldenthalweg 21
CH - 4104 Oberwil
Mobile: 079 331 79 66

E-mail address: maria.buehler@buehler-mgmt.com

2. What sources and data do we use?

BUHLER MANAGEMENT collects personal data directly from you. We only collect those personal data which are necessary for the respective contractual purpose (principle of data economy) or which you have voluntarily provided to us within the scope of our business relationship. BUHLER MANAGEMENT collects and processes:

  • Candidate data such as name, address, other contact data (telephone, e-mail address), date and place of birth, gender, nationality, marital status;
  • professional career data (including school and university education, job references, letters of recommendation, other qualifications, etc.);
  • Information on consent to advertising, use of your e-mail address or telephone number for advertising by BUHLER MANAGEMENT and for the creation of professionals, presentations.

As a rule, you provide us with this data starting with your inquiry. In certain cases, however, we may receive personal data from third parties.

During the contract initiation phase and during the business relationship, in particular through personal, telephone or written contacts initiated by you or by us, further personal data, e.g. information about contact channel, date, cause and result, (electronic) copies of written communication as well as information about participation in direct marketing measures.

3. What is the data processed for and on what legal basis?

We collect and process your data for the following purposes:

  • conclusion of the contract, performance of the contract and customer service;
  • for information about services of BUHLER MANAGEMENT;
  • for the placement of vacant top management or VP-level positions for interim managers;
  • to fulfil legal obligations or official requirements.

We process the personal data outlined above in accordance with the provisions of the GDPR and the DSG.

The processing is carried out regularly to fulfil the contractual obligations assumed by us towards you (Art. 6 Para. 1 lit. b) GDPR).

If necessary, we process your data beyond the actual fulfilment of the contract to protect the legitimate interests of us or third parties (Art. 6 Para. 1 letter f) GDPR), for example to assert legal claims and defence in legal disputes or to prevent criminal offences.

If you have given us your consent to process personal data for specific purposes (e.g. inclusion of your applicant data in our applicant database or forwarding of your applicant data to potential interested parties), this processing is legal on the basis of your consent (Art. 6 para. 1 lit. a) GDPR). A given consent can be revoked at any time. This also applies to the revocation of declarations of consent issued to us prior to the validity of the GDPR, i.e. before 25 May 2018. Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected by this.

4. Who can be the recipient of the personal data?

Your personal data is collected by BUHLER MANAGEMENT. It stores all data necessary for contract fulfilment and customer service in its IT systems. Within BUHLER MANAGEMENT those departments receive access to your data which are required to fulfil our contractual and legal obligations.

In order to provide our contractual services, BUHLER MANAGEMENT makes use of selected service companies, which receive access to your data to the respectively required extent and may use it exclusively for the fulfilment of orders placed by us.

Possible data recipients are therefore

  • potential interested parties for applicants with vacant management positions;
  • IT service and consulting companies;
  • external service providers;
  • management consultancies and accounting and tax auditing firms;
  • Authorities, including financial management.

In the event of a possible delay in payment, we reserve the right to transfer your data to debt collection agencies or lawyers for the purpose of recovery.

All service companies commissioned by us are checked for their data protection standards before placing an order and are obliged to comply with the legal data protection requirements. Data will not be passed on to third parties commissioned by us unless we are legally entitled or obliged to do so or you have given us your prior consent.

5. Is personal data transferred to a third country or an international organisation?

Data will only be transferred to countries outside the EU or the EEA (so-called third countries) if this is necessary to fulfil the contractual obligations assumed towards you, if this is prescribed by law (e.g. tax reporting obligations), if you have given us your consent or in the context of order data processing. If service providers are used in third countries, they are obliged to comply with the data protection level in Europe in addition to written instructions by the agreement of the EU standard contractual clauses.

6. How long is personal data stored?

BUHLER MANAGEMENT stores your data for the period of the existing business relationship with you as well as in case of a justified interest (e.g. outstanding payments) beyond the duration of the business relationship.

We process and store your personal data as long as it is necessary for the fulfilment of our contractual and legal obligations. It must be borne in mind that our business relationship is a long-term debt relationship that is planned to run for several years. If the data are no longer required for the fulfilment of contractual or legal obligations, they are regularly deleted, unless their temporary further processing is required for the following purposes:

  • Compliance with company and tax law retention periods: These include the Austrian Business Code (UGB) and the Tax Code (AO). The retention and documentation periods specified there are seven years.
  • Preservation of evidence under the statute of limitations. According to the standards of the General Civil Code (ABGB), these limitation periods can be up to 30 years, whereby the regular limitation period is three years.

7. What rights do I have as a data subject under the GDPR?

Each person concerned has

  • the right to information according to Art. 15 GDPR,
  • the right to correction under Article 16 GDPR,
  • the right to cancellation under Article 17 GDPR,
  • the right to restrict processing under Article 18 GDPR,
  • the right to appeal under Article 21 GDPR and
  • the right to data transferability under Art. 20 GDPR.

The restrictions according to §§ 26 and 27 DSG apply to the right to information and the right of cancellation. In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 GDPR in conjunction with § 31 DSG).

You can revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent issued to us prior to the validity of the GDPR, i.e. before 25 May 2018. Please note that the revocation will only take effect in the future. Processing that took place before the revocation is not affected by this.

8. Is there an obligation for you to provide personal data?

In the context of our business relationship you must provide those personal data which are necessary for the establishment, execution and termination of a business relationship and the fulfilment of the associated contractual obligations or which we are legally obliged to collect. Without these data we will usually have to refuse the conclusion of the contract or the execution of the order or we will no longer be able to execute an existing contract and may have to terminate it.

9. Does an automated decision making process take place?

In principle, we do not use fully automated decision making according to Art. 22 GDPR to establish and carry out the business relationship.