Sie sehen die Flagge von Österreich

BMD
Österreich

Sie sehen die Flagge von Deutschland

BMD
Deutschland

Sie sehen die Flagge der Schweiz

BMD
Schweiz

Sie sehen die Flagge von Ungarn

BMD
Magyarország

Sie sehen die Flagge der Slowakei

BMD
Slovensko

Sie sehen die Flagge von Tschechien

BMD
Česko

Sie sehen die englische Flagge

BMD
International

Sie sehen die englische Flagge EN
search

Privacy policy statement

1. DETAILS OF THE CONTROLLER

BMD SYSTEMHAUS GesmbH
Sierninger Straße 190
A–4400 Steyr
Phone: +43 (0)50 883
Fax: +43 (0)50 883 66
E-mail: bmd@bmd.at
Internet: www.bmd.com
Landesgericht Steyr, commercial register no. 118356d
VAT no.: ATU24168102


2. BMD WEBSITE AND NEWSLETTER

2.1. Visit to the website

If you use our website for informational purposes only (no registration and no transmission of any other information), we will collect personal data which is transferred from your browser to our servers. This is necessary for technical reasons in order to enable you to view our website and to ensure its stability and security. 
We process your data based on our legitimate interests (Art. 6 para. 1 lit. f GDPR), § 165 section 3 of the TKG 2021 (Telecommunications Act).
We process the following data: IP address, date and time of the request, time zone difference from GMT, content of the request (specific page), access status/HTTP status code, volume of data transferred in each case, website requesting access, browser, operating system and interface, language and version of the browser software. The data is stored for as long as you use our website.
Recipients/categories of recipients: Processor
By using this website, you consent to the storage and use of your data as described in this privacy policy statement. 

Any changes to this policy will be posted directly on this site so that you are always informed about which data BMD stores and uses.


2.2. Use and purpose limitation of the data

What information do we collect and for what purpose?


2.2.1. IP addresses

IP addresses are used to help diagnose problems, for website administration and to collect demographic information. When you visit our website, we recognize only your domain name and not your e-mail address. We will see your e-mail address only if you directly provide it by filling out a form or sending us an e-mail.


2.2.2. Cookies

Cookies are used to provide personalized content, to save you from having to enter your password repeatedly or to tailor the information being offered to the user's behaviour. 
Legal grounds: Consent (Art. 6 para. 1 lit. a GDPR), legitimate interest, especially to improve the offered services for the benefit of users (Art. 6 para. 1 lit. f GDPR), explicit consent (Art. 49 para. 1 lit. a GDPR), necessary to perform a task in the interest of the data subject (Art. 49 para. 1 lit. c GDPR).

List of Cookies


2.2.3. User registration

When you register, we will send you the requested information and/or products as well as other product information, news or promotional material.


2.2.4. E-mail addresses

If you provide your e-mail address, we will communicate with you by e-mail. We will not disclose your e-mail address to third parties outside of BMD. If you no longer wish to receive e-mails from us, you can unsubscribe at any time. When you send an e-mail to BMD, personal data might be transmitted automatically depending on the settings of your e-mail program. BMD will treat this data as confidential as well.


2.2.5. Registration for events

We provide registration forms on our website to enable you to request information on products and services. The data transmitted to BMD via these forms is used solely for this specific purpose.


2.2.6. Online store

When you place an order in our online store (seminars, software enquiries), your data will be forwarded to the operator of our online store. The data is stored within the EEA.

The following legal grounds are applicable for sections 2.2.3 to 2.2.6:
Consent (Art. 6 para. 1 lit. a GDPR), performance of a contract, necessary to take steps prior to entering into a contract (Art. 6 para. 1 lit. b GDPR), compliance with a legal obligation (Art. 6 para. 1 lit. c GDPR), legitimate interest, especially for establishment, exercise or defence of legal claims (Art. 6 para. 1 lit. f GDPR), explicit consent (Art. 9 para. 2 lit. a GDPR).


2.3. Links to other websites

Our website also contains links to other websites by third-party providers. BMD is not responsible for the privacy practices on or the content of other websites.


2.4. Newsletter and opt-out

BMD regularly sends out newsletters to users and seminar participants in order to ensure that they are always informed of current updates and changes to the program, events, seminars and BMD advertising activities. With your consent (Art. 6 para. 1 lit. a GDPR) you agree to receive the newsletter. In order to send you the newsletter, we process your master data. If you want to be removed from the BMD e-mailing list or the BMD Web registration database, simply send an e-mail to newsletter@bmd.at. Registered users can exercise their right to withdraw consent at any time in the BMD user profile. Details on unsubscribing from the respective newsletter can also be found in the newsletter itself.


2.5. Use of Google services

This website uses various services provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”) or, if you are a resident of the European Union, the European Economic Area or Switzerland, by Google Ireland Limited (registration number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland. In this section, we explain which specific services this website uses.


2.5.1. Use of Google Analytics 4

This website uses Google Analytics 4, a web analytics service provided by Google Inc. ("Google"). 

We use Google Analytics 4 with the aim of improving the services we provide, our website and direct advertising. For this purpose, we process the personal data of the visitors to our website. We analyze user behaviour in order to optimise both our website and our advertising activities.
The personal data that we process for the purpose of analysis include: the approximate location (region), the IP address (shortened), the technical information about the browser and the end devices you use (e.g. language settings, screen resolution), the internet provider of the website visitor, the referrer URL (the website or advertising medium that sent you to our website), device identifiers (brand, model and name of the device), the User-Agent string to identify the browser.

Google Analytics 4 starts processing your data when you visit the website and use one or more of the following functions (actions that trigger processing): download, registering for Info Days, Info Day download, clicking on "Apply", contact request, clicking on "Email", product enquiry, purchase, booking a seminar, requesting support, clicking on "Call".

Google will use this information to analyze how you use the website, to compile reports on advertising activities for us and to provide other services that are related to the use of the website. Google may also disclose this information to third parties if this is required by law or where such third parties process this data on behalf of Google. 
As of Google Analytics 4, IP anonymization is integrated by default. Google will shorten your IP address if, based on geolocation, you are located in a member state of the European Union. This process takes place within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and shortened there. Transfer of the collected information to a third country without a sufficient level of security cannot be ruled out.
We will only process your personal data if you have given your consent. By giving your explicit consent to the transfer of data, you also agree that your data may be processed in the United States. 

The personal information may also be passed on to contractual partners of Google. This includes, in particular, the following companies:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, 
Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. 

If you would like to generally disable Google Analytics, Google offers an add-on for Google Chrome, Mozilla Firefox, Apple Safari and Microsoft Edge which can be downloaded and installed under tools.google.com/dlpage/gaoptout.

Storage period: see "Change cookie settings" in the website footer. The user and event data will automatically be deleted after a period of 14 months.

We have concluded a contract for commissioned data processing with the service provider of Google Analytics 4 (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland), taking into account the EU standard contractual clauses.

You can find further information on data processing by Google here: support.google.com/analytics/answer/12017362


2.5.2. Use of Google Ads remarketing

This website uses cookies for the purpose of addressing visitors in the Google advertising network at a later point in time by using remarketing campaigns with online advertising. In order to place remarketing advertisements, third-party providers like Google use cookies from a previous visit of this website. As a user, you have the option to disable Google’s use of cookies under www.google.com/ads/preferences.


2.5.3. Google Tag Manager

This website uses Google Tag Manager, a tool provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland („Google“).

In the Google Tag Manager, we manage all our tools for website analysis.
Embedding the Google Tag Manager once allows us to use services for website analysis without having to change the source code of the website. The data is not stored and analyzed in the Google Tag Manager but in the respective application (e.g. Google Analytics). We make sure that the Google Tag Manager and the tools in use are configured in compliance with the data protection regulations.

Purpose: recording user interactions on the website and transferring the data to the connected tool; managing and changing tools for website analysis without any additional programming.
The following data is processed: depends on the respective tool in use.
Legal grounds: Art. 6 para. 1 lit. f GDPR
Storage period: the time it takes to transfer the data to the respective tool.


2.6. Facebook remarketing/retargeting (Custom Audiences)

The Facebook pixel by the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA is installed on our website. When you visit our site, the Facebook pixel establishes a direct link between your browser and the Facebook server. Facebook thus knows that you have visited our website including your IP address. This means that Facebook now can associate the visit to our website with your user account. We can use the information obtained in this way to display Facebook ads or for tracking. We would like to point out that as the provider of the website we do not have any knowledge of the content of the transferred data or on how Facebook uses it. Further information on this topic can be found in Facebook’s data policy under https://www.facebook.com/about/privacy/. If you do not want any data to be collected with Custom Audiences, you can deactivate it there.


2.7. LinkedIn Insight

We use the LinkedIn Insight Conversion Tool by the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. It provides us with information on your use of our website and allows us to show you personalized advertising content on other websites. For this purpose, a cookie is set in your browser, which expires after 120 days and enables LinkedIn to recognize you when you are visiting a website. LinkedIn uses this data to provide us with anonymized reports regarding advertising activities and information on how you interact with our website.
You can disable the LinkedIn Insight Conversion Tool and interest-based advertising by opting out using the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
If you are a member of LinkedIn, click on the button “Opt Out on LinkedIn”. Otherwise, click on “Opt Out”.
Further information on LinkedIn’s privacy policy can be found here: https://www.linkedin.com/legal/privacy-policy#choices-oblig


2.8. Hotjar

This website uses Hotjar, a product provided by Hotjar Ltd, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141, Malta.

  • Purpose: improving our web presence, evaluating information regarding the users of our website, optimizing user experience. Hotjar helps us better understand the experience of our users (for example how much time users spend on which pages, which links they click, what they do and do not like, etc.), which allows us to improve our services based on our users' feedback.
  • Legal grounds: consent (Art. 6 para. 1 lit. a GDPR), legitimate interest (Art. 6 para. 1 lit. f GDPR)
  • The following data is processed: IP address of the device (is only collected and stored in anonymized form while you use the website), screen size, device type (Unique Device Identifiers), information on the browser you use, location (the country only), preferred language for viewing our website.
  • Storage period: 365 days
  • Recipient/recipient category: processor

Hotjar is contractually prohibited from selling the data collected on our behalf. 

For further information on Hotjar and its privacy policy, please refer to: https://help.hotjar.com/hc/en-us/articles/360039027113-Processing-Personal-Data-in-Hotjar


2.9. Social media

In order to raise brand awareness and for marketing purposes, we are also present on other social networks besides our website, in particular Facebook, Instagram, LinkedIn, XING and YouTube. When you visit one of our social media sites, personal data might be transmitted to the provider of this social network. Moreover, the provider can associate your profile with ours if you are logged on to the respective network.

Legal grounds: Consent (Art. 6 para. 1 lit. a GDPR), legitimate interest (Art. 6 para. 1 lit. f GDPR), explicit consent (Art. 49 para. 1 lit. a GDPR), necessary to perform a task in the interest of the data subject (Art. 49 para. 1 lit. c GDPR).

Recipients/categories of recipients: For details on how specifically the data is collected and processed by the respective provider please refer to the following links:
Facebook: https://www.facebook.com/about/privacy/
Instagram: https://help.instagram.com/519522125107875
LinkedIn: https://www.linkedin.com/legal/privacy-policy
XING: https://privacy.xing.com/en/privacy-policy
YouTube: https://www.youtube.com/static?template=terms&hl=de&gl=GB and https://policies.google.com/privacy?hl=en.

Transfer of the collected information to a third country without a sufficient level of security cannot be ruled out.


3. Information on the transfer of personal data to third countries or to international organizations

The following information also applies to sections 2.5.1. Use of Google Analytics, 2.5.2. Use of Google Ads remarketing, 2.6. Facebook remarketing/retargeting (Custom Audiences), 2.7. LinkedIn Insight and 2.8. Social Media.

Note on data processing in the United States:
According to the court-law of the CJUE (Judgement of 16 July 2020, Case: C-311/18 “Schrems II”), the security level in the United States is not sufficient. In the United States, your data may be subject to government surveillance activities and it might not be possible for you to claim legal protection against these activities.

Legal grounds: Consent (Art. 6 para. 1 lit. a GDPR), legitimate interest, especially to improve the offered services for the benefit of users (Art. 6 para. 1 lit. f GDPR), explicit consent (Art. 49 para. 1 lit. a GDPR), necessary to perform a task in the interest of the data subject (Art. 49 para. 1 lit. c GDPR).


4. DATA PROTECTION INFORMATION – GENERAL INFORMATION

BMD stores data for the purposes of order fulfilment and other customer service:


4.1. Personal data and processing

E.g. name, company name, address, phone numbers, e-mail addresses, VAT number, commercial register number, industry affiliation, contact persons and in the case of SEPA direct debit mandates: bank details, correspondence, information on licences and updates according to the order, contact origin and login details for the clientsinfo. More detailed information in German is available in the clientsinfo under “Datenschutz” on the BMD website.
If you do not enter a purchase agreement, your data will be stored for advertising purposes. You have the option to have BMD delete your data at any time.


4.2. Disclosure of data to third parties

The data is only disclosed to third parties (e.g. licensors, mail-order companies, banks, legal representatives in the case of business transactions, public accountants, courts and administrative authorities where required, contributing contractual and business partners, IT service providers, insurance companies where required) if this is necessary for the performance of a contract.


4.3. Secrecy

BMD, its employees and its vicarious agents shall be obliged to secrecy regarding your data according to § 6 of the Austrian Data Protection Act (DSG) and Art. 28 para. 3 of the GDPR in their current versions. You can request a separate statement of confidentiality from BMD.


4.4. Agreement on Commissioned Data Processing in acc. with the GDPR

All information on the processing of your personal data can be found in our Agreement on Commissioned Data Processing. If BMD operates as the data processor, this agreement must be signed.


5. DATA PROTECTION INFORMATION - MAINTENANCE SERVICES

5.1. Information on services included in the maintenance agreement

When you use services that are included in the maintenance agreement, BMD electronically stores data in order to track the questions or problems reported, for error analyses and for related information provided by our support team etc. (phone calls, tickets).


5.2. Information on chargeable services

In the case of chargeable services, we create a work report which is then sent by e-mail to either yourself or the specified contact person in order to confirm the performance of the service. In addition, you can specify a general e-mail address for transmitting BMD work slips.


6. DATA PROTECTION INFORMATION – BMD CLOUD SERVICES

In order to provide the services specified in the BMD Cloud Service Agreement, it is necessary for us to store the following personal data:

  • User data (user, password, e-mail address)
  • IP addresses that are used to access the Cloud system
  • Names of the computers that are used to access the Cloud system
  • Name and version of the operating system that is used to access the Cloud system
  • Printer names
  • Data that is stored due to e-mail diagnostics (e-mail recipient, subject, size of the e-mail)


6.1. Your data sets

BMD is not obliged to check whether the data processing you commissioned is allowed according to the data protection regulations. You are entirely responsible for obtaining the requirements concerning consent, notification and/or confidentiality which might be necessary to use the services according to the data protection regulations (DSG - Data Protection Act, GDPR).


6.2. Storage of your data sets in the BMD Cloud

If you use the BMD Cloud, your data will be stored on the hardware of the service provider depending on the scope of the order. Your data is stored solely within the EEA (in accordance with Chapter 5 of the GDPR).


7. DATA PROTECTION INFORMATION – COMMISSIONED DATA PROCESSOR

As per GDPR, the term “commissioned data processing” includes the following services provided by BMD:


7.1. On-site support services at the ordering party’s premises

This includes trainings for the implementation of the software and other services which take place on site at your premises.


7.2. Support with remote maintenance access

In order for BMD to process your request, you grant direct access to your system.


7.3. Support with remote access using software

In order to process your request, BMD establishes an online session on your workstation. You have to confirm access to share your screen before the service can be performed.


7.4. Error analysis using the ordering party’s data

If your data is needed for error analysis or to perform services, it is transferred to BMD via a secured FTP server. In case it is not possible to transmit your data online, you can request a password-protected and secure data medium from BMD at your cost.
 

7.5. Use of the BMD hotline call-back service

If you use the call-back service of our hotline, both your telephone number and your customer number will be transmitted to VirtualQ, the provider of this service.


8. DATA PROTECTION INFORMATION – JOB APPLICATIONS

BMD collects and stores your data for the purpose of processing your job application.


8.1. Collection and use of applicant data

In the course of the application (online, by e-mail, by mail or in person), BMD collects personal data, such as name, address, date of birth as well as data that you have provided us with voluntarily. This data is used solely for the application process and is only available to a limited group of people at BMD.


8.2. External recruitment agencies

In exceptional cases, BMD works with external recruitment agencies. If this were the case for you, we would specifically point it out.


8.3. Entry into an employment contract 

If you enter into an employment contract, the data stored in the course of the application process will be used for pre-contractual measures (preparation of employment contract).


8.4. Online application

During your online application, all data and files which you enter and upload are stored temporarily. If you quit the online application process without agreeing to the privacy policy and thus without completing it, all your data and files will be deleted immediately.


8.5. Your data after the end of the job application process

After the end of the application process, we will inform you of the status of your application. All applicant data is deleted immediately after the position has been filled or after the end of the period for claim according to the Equal Treatment Act (7 months) unless you have agreed to our keeping your application on file. Speculative applications will be kept on file until the data subject withdraws their consent.


8.6. Erasure of your applicant data

If you want us to delete your applicant data, please send an e-mail to jobs@bmd.at.


9. Obligations of BMD

9.1. Data and processing results

BMD undertakes to process data and processing results exclusively within the framework of a written order or contract. If an authority compels BMD to disclose your data, BMD is obliged to notify you immediately.


9.2. Obligation of confidentiality

All employees of BMD shall commit themselves to confidentiality pursuant to Art. 28 para. 3 of the GDPR and § 6 of the Data Protection Act (DSG) in their current versions.


9.3. Obligation to provide notification

In the case of a breach of data protection, BMD will notify you immediately and at the latest within 24 hours of the breach becoming known. BMD will immediately inform you of any inspections or measures by supervisory authorities if they are related to your data.


9.4. Security measures

BMD declares that sufficient technical and organizational security measures in accordance with Art. 32 of the GDPR have been implemented and that it will always keep them up to date. In addition, BMD is certified to ISO 27001.


9.4.1. Admission control

The server rooms are protected by access control and can only be entered by authorized employees.


9.4.2. Access control

All systems are password-protected and subject to an authorization concept which ensures that only authorized persons can gain access to the data.


9.4.3. Data transfer control

The data is transferred by secure means (e.g. VPN connection).


9.4.4. Data entry control

Only authorized persons can enter, change and delete personal data. Entries in the BMD customer master data are logged.


9.4.5. Order control

The service provider shall act to the extent agreed upon with the ordering party (e.g. software order, service requests, maintenance agreement).


9.4.6. Availability control

BMD confirms that it ensures regular backups of the data and the monitoring of its operating requirements. If needed, emergency plans are available in order to minimize any possible failure of the operating requirements.


10. YOUR RIGHTS

You are entitled to check the proper implementation of the data protection regulations at BMD, to a reasonable extent, either yourself or by contracting a third party.


10.1. Right of access (Art. 15 GDPR)

Pursuant to Art. 15 of the GDPR, you have the right to obtain access to all your personal data stored by BMD. We set up a separate e-mail address for this purpose: datenschutz@bmd.at.


10.2. Right to rectification (Art. 16 GDPR)

If BMD processes incomplete or inaccurate personal data, you may at any time claim their rectification and/or completion.


10.3. Right to erasure (Art. 17 GDPR)

You have the right to obtain the erasure of your personal data at BMD if one of the following applies:
a) The personal data is no longer necessary in relation to the purposes for which it was collected and/or processed.
b) You withdraw your consent and there is no legal ground for further processing/saving your data.
c) You object to the processing of your data and there are no legitimate grounds for further processing.
d) Your data has been unlawfully processed.


10.4. Right to restriction of processing (Art. 18 GDPR)

You can obtain from BMD the restriction of processing if
a) you contest the accuracy of the personal data, for a period enabling BMD to verify the accuracy of your data.
b) the processing of the data is unlawful but you oppose the erasure of the data.
c) BMD no longer needs the personal data for the intended purposes but it is still required for the establishment or defence of legal claims.
d) you have objected to the processing of the data.


10.5. Right to data portability (Art. 20 GDPR)

You have the right to receive your personal data in a structured, commonly used and machine-readable format if the data has been stored by BMD based on your consent or in order to perform a contract and if the processing is carried out by automated means.


10.6. Right to object (Art. 21 GDPR)

If your personal data is processed by BMD on the basis of Art. 6 para. 1 lit. b or f, you have the right to object at any time unless there is an overriding interest to protect the data. You can object to being sent advertising material at any time and without giving reasons.

Please note that we can only provide information if you can identify yourself.


10.7. Right to withdraw your consent 

If you have agreed to our processing of your personal data, you may withdraw the consent at any time. Your withdrawal does not affect the legitimacy of the data processing which has been carried out up to the point of withdrawal. 

In order to exercise the aforementioned rights, you have to inform us in person, by phone or in writing:

BMD SYSTEMHAUS GesmbH
Sierninger Straße 190
A–4400 Steyr
Phone: +43 (0)50 883
Fax: +43 (0)50 883 66
E-mail: bmd@bmd.at


10.8. Right to lodge a complaint

You have the right to lodge a complaint with the appropriate supervisory authority if you think that BMD infringes the Austrian or European data protection law. You have the right to lodge a complaint with the supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement. 
If you want to lodge your complaint with the Austrian supervisory authority, please direct your complaint to the Austrian Data Protection Authority:

Österreichische Datenschutzbehörde
Barichgasse 40-42
1030 Wien


11. Changes to this privacy policy

We reserve the right to change this privacy policy at any time in accordance with the applicable legal provisions on data protection.
Latest version: October 2020

BMD Systemhaus GesmbH

Sierninger Straße 190

A-4400 Steyr

+43 50 883 or 0043 7252 883

bmd@bmd.at

Follow us

Follow us on Facebook
Follow us on Xing
Follow us on LinkedIn
Follow us on YouTube
Follow us on Kununu
Follow us on Instagram