The protection of your personal data is of particular importance to us and as an accredited company we always handle your data with the utmost care. We therefore process your data exclusively on the basis of the applicable legal provisions, namely the Act CXII of 2011 on the Information Self-Determination and Freedom of Information and the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: GDPR).
a) the initiation of a contractual relationship for the purposes of the control and certification process
b) using/visiting our website
c) our information and public relations work
d) the procedure for candidate selection
1. Contact information
Bio Garancia Kft.
H-1036 Budapest, Dereglye utca 5/2., 1. emelet 5.
2. Personal Data
In terms of the data protection legislation, personal data are all data that contain information about personal or factual circumstances, such as name, address, email address, telephone number.
3. Purposes for Processing Your Data
We process your data for the following purposes:
a) For answering your inquiries and follow-up questions, including preparing contractual offers for our services
b) For the operation and optimisation of our website for information purposes
c) For drawing up and sending information on current legal innovations and developments and for the descriptions of our controls and certifications as well as other services in the context of contractual performance
d) For evaluation of the professional and personal skills of applicants in order to fill vacant positions
4. Legal Basis for Data Processing Pursuant to GDPR
The data processing carried out with the purpose of (a) answering your inquiries and follow-up questions, including preparing contractual offers for our services, and for delivering our services within the framework of existing contracts takes place on the legal basis of contract performance or pre-contractual measures for the respective (potential) customers.
The data processing carried out with the purpose of (b) the operation and optimisation of our website is based on the performance of existing contracts and the necessity for providing information regarding our services.
Data processing (c) for information purposes is based on the performance of contracts or for pre-contractual measures.
Data processing (d) in the context of candidate selection takes place on the legal basis of consent, of pre-contractual measures and on the legal basis of legitimate interest, namely the interest of checking suitability for the specific position in the company.
If you are or want to become our customer, i.e. have an existing contract or want to enter into one, you are obliged - based on the contract - to provide certain personal data that are necessary in the context of the control and certification process.
5. The Recipients of the Data
The personal data is transmitted to third parties as follows:
a) In the context of the control and certification services: to authorities; to private specification and standard service providers, if there is an order for that; to other control bodies, if this is necessary to perform the services; to the EASY-CERT platform for the publication of certificates in accordance with ISO 17065; to accredited laboratories for any sample analysis. Data is also transmitted to companies for the mailing and transport of letters, printed materials and parcels and to companies for the professional disposal of paper and files. Where necessary, data may also be transmitted to insurance companies, banks, tax consultants, auditing companies.
b) For the operation and optimisation of our website: to web designers and administrators of our homepage.
c) As part of our PR and information providing activity: to graphics designers, proofreaders and printing companies
d) As part of candidate selection: the data is processed internally
Moreover, we undertake not to transmit your personal data to third parties, unless we are legally bound to or obliged to by an authority’s decision.
6. Data Transfer to a Third Country
As part of the control and certification activities, personal data may be transferred to other companies outside Austria and outside the European Economic Area, in particular to Switzerland. Switzerland is considered a third country with adequate data protection (DSAV).
7. Period for Storing the Personal Data
Personal data that we process are only stored until the purpose for which they are processed is fulfilled. The criteria for storing the data are:
a) As part of the control and certification activities: If the requirements of the accreditation authority and company law retention periods must be observed, the duration of the storage of control-relevant data must be at least seven years. Further criteria for storage derive from our obligations, the fulfilment of the requirement for adequate proof of records and the period of limitation of legal claims (duration depending on the legal basis).
b) In the context of operation and optimisation of our website: No personal data will be stored for making visitor statistics.
c) As part of our information and public relations work: For the period of the contractual relationship with our customers or, in the case of interested potentials, until we receive the withdrawal of their consent given previously.
d) As part of candidate selection: If no contractual relationship is established, the data will be stored up to 7 months after the application process has ended. If consent is given for keeping supporting documentation, it is stored until we receive the withdrawal of the consent.
8. Your Rights
As a data subject within the meaning of data protection law, you have the following rights in particular, provided that they do not conflict with our contractual relationship:
• Right to information about your personal data processed by us;
• Right to rectification or erasure of your personal data or restriction of processing, whereby the conditions of the control contract apply to customers with an existing contractual relationship;
• Right to object to processing, whereby the conditions of the control contract apply to customers with an existing contractual relationship;
• Right to data portability.
Should there be any changes to your personal data, we request that you notify us of those. If you believe that the processing of your data violates data protection law or that your data protection rights have otherwise been infringed, you can complain to the data protection authority.
If the data processing is based on your consent, you can withdraw your consent to the data processing at any time by writing (email sufficient) to firstname.lastname@example.org. A withdrawal of consent does not affect the legality of the processing carried out based on the consent until the withdrawal.
9. Links to Other Websites
10. Web server logs
The web server automatically recognises certain personal data such as your IP address, date, time, user agent of the browser and the destination page. For technical reasons, these data are stored for 2 weeks and then automatically deleted.
Our website uses so-called cookies. These are small text files that are stored by the browser on your device. They do no harm, and record following data: language settings, user tracking for web analysis.
Our website uses so-called “session cookies”. These are cookies that are only active when you are visiting our website. Session cookies are consequently limited in time and are generally deleted when you close your browser/tab.
12. Web Analysis
The IP address is recorded, but is immediately anonymised by deleting the last digit. This entails, that only a rough localization will be possible.
We have the appropriate contract for data processing with the provider in place.
13. Data security
Your data is hosted at a provider that is located within the European Union. Both Bio Garancia and the provider use technical and organisational security measures to protect your data against manipulation, loss, destruction or against access by unauthorized persons. Regardless of the efforts to maintain a consistently high level of due diligence, it cannot be ruled out that information that you provide to us via the Internet will be viewed and used by other people.
Please note that we therefore accept no liability whatsoever for the disclosure of information due to errors in data transmission that are not caused by us and/or due to unauthorized access by third parties (e.g. hacker attack on email account or telephone, interception of fax messages).
Effective from: May 2018