PRIVACY POLICY WEBSERVICES
Our company BHT Holding GmbH (the contact details can be found below) and its affiliated companies, are pleased about your registration for the BHT Webservices! The protection of your data and your privacy is of particular concern to us.
The purpose of this Privacy Policy is to provide you as a User of BHT Webservices (hereinafter referred to as "BHT Webservices") with transparent information about the processing of your personal data. We are committed to protecting your privacy and would like to inform you about what data we collect from you, how we use it and what rights you have in relation to your data.
The processing of personal data is always carried out in accordance with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to BHT Holding GmbH. By means of this privacy policy, our company would like to inform the public about the type, scope and purpose of the personal data collected, used and processed by us and to inform you about the rights to which you are entitled.
BHT Holding GmbH has taken appropriate technical and organizational measures to protect your data, which protect your data against loss, manipulation or unauthorized access, among other things. The measures taken are subject to regular review and are continuously adapted to the state of the art.
The privacy policy applies only to BHT Holding GmbH and the related BHT Webservices, but not to services controlled and operated by third parties. Please check services controlled and operated by third parties, as BHT Holding GmbH is not responsible for their content and data protection measures.
1. General
The privacy policy of BHT Holding GmbH is based on the terminology of the GDPR.
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. "Non-personal data" is anonymized and is information that cannot be traced back to data subjects under any circumstances. For this reason, non-personal data is not subject to data protection law.
"Data subject" means any identified or identifiable natural person whose personal data is processed by the controller.
"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination; the restriction, deletion or destruction.
"Controller" or "controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for by Union or Member State law.
"Third party" means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the data processor and the persons who, under the direct authority of the controller or the data processor, are authorised to process the personal data.
"Consent" means any freely and unambiguously indicated, specific, informed and unambiguous indication of the data subject's wishes in the form of a statement or other clear affirmative action by which the data subject signifies that he or she agrees to the processing of personal data concerning him or her. Personal data will only be processed by us in accordance with the applicable data protection regulations. If you correspond with us or fill in a form on our website with data, you acknowledge that the data you provide in the respective form will be processed for the purposes described below.
2. Name and address of the controller and the contact person
The controller within the meaning of the GDPR, other data protection laws applicable in the member states of the European Union and other provisions of a data protection nature is:
BHT Holding GmbH
Am See
5310 Mondsee
Austria
The Data Protection Officer voluntarily appointed by the Controller can be contacted at the following contact details:
Email: datenschutz@windhager.com
3. Processing of personal data
Your personal data will be processed exclusively for the purposes set out in this Privacy Policy and to the extent necessary to achieve these purposes. This data will not be passed on without your consent, except in the cases described in this privacy policy and in the case of mandatory national legislation.
In the case of certain offers on our BHT Webservices, the use – such as the user account – may require prior registration as well as the associated further processing of personal data. However, we will only use this data if you provide it to us and have expressly consented to its use in advance. However, in these cases, we will ask for your consent in prominent places.
The processing of your personal data is based on one or more of the following legal bases: your consent, the performance of a contract with you, the observance of our legal obligations or the legitimate interests of us or a third party.
3.1. Product Registration
You have the option of registering your BHT product in our BHT Webservices. When registering the BHT product, your personal data of the contact fields (title, name, address, telephone number, e-mail address and, to enable the exchange of data, the IP address) will be processed. The purpose of data processing is to send you information about products and services as well as to maintain and repair your product.
In the course of product registration, it is also possible to connect yourself and your device to a service partner. This means that a BHT service partner (partner company) who has the code supplied with the product (e.g. the executing installation company) can view the specified customer data, the product and the current status of the product in the BHT Webservices application of the service partner. However, the data exchange only takes place if the customer confirms the service partner via e-mail after registering the product in the system. Sharing this information with the service partner is for service purposes. Our partner companies may only use the information provided for the purpose of servicing our customers.
The legal basis for the processing is Article 6 (1) (a) GDPR. You can revoke your consent to the processing of the data at any time with effect for the future in accordance with Article 7 (3) GDPR. All you have to do is inform us of your withdrawal.
3.2. MyComfort App Permissions
The My Comfort app requires certain permissions to function properly and provide you with an optimal user experience. By installing and using the MyComfort app, you consent to the collection and processing of your personal data in accordance with the terms of this Privacy Policy.
Change or delete USB storage contents: This permission allows the app to modify or delete files on your USB storage. It is needed, for example, to store downloaded content or to manage temporary files. We assure you that your personal files will not be affected and that no unauthorized use will take place.
Retrieving data from the Internet: In order to provide you with up-to-date information and content, the app needs access to the Internet. This allows us to download updates, view online content, and share data with our servers. We treat the information you submit confidentially and take appropriate security measures to protect your privacy.
Get Network Connections: This permission allows the app to get information about your network connections. This helps optimize app performance, troubleshoot, and ensure a stable connection. No personal data is collected or stored about your network connections.
Pair Bluetooth devices: To connect wirelessly to Bluetooth devices, the app needs permission to pair with such devices. This allows, for example, the use of Bluetooth headsets or the transfer of files via Bluetooth. We guarantee that no unauthorized pairing with your devices will take place.
Get near-field communication: The app can access near-field communication technology to enable data to be transferred between compatible devices, for example. All data transmission via near-field communication is encrypted and we treat your personal information with the utmost care.
4.1. Processing of personal data by third parties
In providing the BHT Webservice, as well as for technical support in case of problems, your data will be processed by third parties who act on our behalf and only at our request.
Enterprise | Description | Agreement |
Conova GmbH, Salzburg | Providing Hosting | Art. 28. GDPR |
Loop GmbH, Salzburg | Technical support | Art. 28. GDPR |
The companies listed may commission subcontractors within the scope of their contractual activities, about which we as BHT Holding GmbH must be informed. In this case, data transmission outside the European Economic Area may occur.
4.2. International data transfer
We process your personal data within the European Economic Area ("EEA") or in countries that have an adequate level of protection as determined by the European Commission (third country with an adequate level of protection). Where we transfer personal data to third countries outside the EEA, we ensure an adequate level of data protection through standard contractual clauses adopted by the European Commission. For transfers of data to the United States, we use the EU-US Data Privacy Framework to provide you with an adequate level of protection under the current regulation.
5. Affiliates
Personal information is shared within our company and its affiliates (hereinafter referred to as "Affiliates").
For purposes of this Privacy Policy, "Affiliate" means, with respect to a Party, (a) any entity that controls, is controlled by, or is under common control with that Party, (b) any entity that is jointly owned by that Party, where common ownership means direct or indirect ownership of fifty percent (50%) or more of the voting shares of the ultimate parent company. where "control" means (i) the direct or indirect ownership of fifty percent (50%) or more of the shares or similar ownership interests entitled to elect directors or other persons in a similar capacity; or (ii) in the case of a legal entity that is not a corporation or corporation, the right to direct the management and business of that person.
Our Affiliates are also included in this Privacy Policy and are subject to the same privacy policies and procedures.
The sharing of personal information within our company and its affiliates serves a variety of purposes. This includes:
Providing our services: In order to provide you with the services we offer, we may share your personal information with certain departments or our affiliates who are responsible for fulfilling your requests or orders.
Improving the Services: In order to continuously improve the services we offer, we may analyze and evaluate personal information within the Company and its affiliates to gain insights into your preferences and usage patterns.
Customer Support: In the event of inquiries or complaints, your personal information may be shared with the appropriate departments within the Company or its Affiliates in order to provide you with the best possible customer support.
Access to your information is limited to authorized employees who need to know this information to perform their job duties.
The sharing of your personal data within our company and its affiliates is based on your consent, in order to fulfil the contractual relationship with you or for the purposes of our legitimate interests, unless these are overridden by your interests or fundamental rights and freedoms.
There is an agreement between us as data controllers and our affiliated companies as processors in accordance with Art. 26 and 28 GDPR. You have the right to receive copies of these contracts.
6. Storage period
We store your personal data, insofar as necessary, for the duration of the entire business relationship (from the initiation, processing to termination of a contract) and beyond, in accordance with the statutory retention and documentation obligations or for the defence of legal claims. The retention period thus results from the statutory retention periods or limitation periods. According to the Austrian Commercial Code (UGB) and the Federal Fiscal Code (BAO), these are 7 years and six months according to the Equal Treatment Act (GIBG). In certain cases, a longer retention period may also be required to defend legal claims or due to statutes of limitations.
7. Rights of data subjects
With regard to the data processing described in more detail below, users and data subjects have the right to:
- confirmation as to whether data concerning them is being processed, information about the data processed, further information about data processing and copies of the data (cf. also Art. 15 GDPR);
- to rectify or complete incorrect or incomplete data (cf. also Art. 16 GDPR);
- to the immediate deletion of the data concerning them (cf. also Art. 17 GDPR), or, alternatively, if further processing is necessary in accordance with Art. 17 (3) GDPR, to restriction of processing in accordance with Art. 18 GDPR;
- to receive the data concerning them and provided by them and to transmit this data to other providers/controllers (cf. also Art. 20 GDPR);
- to lodge a complaint with the supervisory authority, if they are of the opinion that the data concerning them is being processed by the provider in violation of data protection regulations (cf. also Art. 77 GDPR). In Austria, this is the data protection authority. In Germany, this is the state data protection authority of your place of residence.
In addition, the Provider is obliged to inform all recipients to whom data has been disclosed by the Provider of any correction or deletion of data or the restriction of processing that takes place on the basis of Art. 16, 17 para. 1, 18 GDPR. However, this obligation does not apply if this notification is impossible or involves disproportionate effort. Without prejudice to this, the user has a right to information about these recipients.
In accordance with Art. 21 GDPR, users and data subjects also have the right to object to the future processing of data concerning them, provided that the data is processed by the provider in accordance with Art. 6 (1) (f) GDPR. In particular, an objection to data processing for the purpose of direct marketing is admissible.
You can assert these rights at any time in writing directly to BHT Holding GmbH. Please note that we can only provide information about personal data if you provide appropriate proof of your identity.