Privacy policy

I. Name and address of the data controller

The data controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection provisions is:


STRABAG SE
Konzerndatenschutz
Donau-City-Str. 9
1220 Wien
Österreich
Tel. +43 1 22422-1012

data-protection-group@strabag.com.
Website: www.strabag.com

If you have any questions regarding the processing of personal data or data protection in general, you can contact Group Privacy at data-protection-group@strabag.com.


II. General information on data processing

1. Scope of the processing of personal data

As a matter of principle, we process personal data of our users only insofar as this is necessary for the provision of a functioning website as well as our contents and services. The processing of personal data of our users is regularly only carried out with the consent of the user. An exception applies in those cases where it is not possible to obtain prior consent for factual reasons and the processing of the data is permitted by legal regulations.


2. Legal basis for the processing of personal data

If we obtain the consent of the data subject for processing operations involving personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Article 6 (1) (b) of the GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Insofar as processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) lit. c DSGVO serves as the legal basis.

In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) lit. d DSGVO serves as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) lit. f DSGVO serves as the legal basis for the processing.



3. Data deletion and storage period

The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage no longer applies. Storage may take place beyond this if this has been provided for by European or national legislation in Union regulations, laws or other regulations to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or performance of a contract.


III. Provision of the website and creation of log files

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.
The following data is collected:

(1) Information about the browser type and version used
(2) The operating system of the user
(3) The Internet service provider of the user or
(4) The IP address of the user
(5) Date and time of access
(6) Websites from which the user's system accessed our website
(7) Websites that are accessed by the user's system via our website

This data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Article 6 (1) f DSGVO.

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the IP address of the user must remain stored for the duration of the session.

The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

These purposes also include our legitimate interest in data processing according to Art. 6 para. 1 lit. f DSGVO.

4. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

In the case of the storage of data in log files, this is the case after 180 days at the latest.

5. Possibility of objection and removal

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.

IV. Use of cookies

a) Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.

The following data is stored and transmitted in the cookies:

(1) Search behavior

We also use cookies on our website to analyze the surfing behavior of users.

The following data can be transmitted in this way:

(1) Search terms entered
(2) Frequency of page views
(3) Use of website functions

The user data collected in this way is pseudonymized by technical precautions. It is therefore no longer possible to assign the data to the calling user. The data is not stored together with any other personal data of the user.

When accessing our website, users are informed by an information banner about the use of cookies for analysis purposes and are referred to this data protection declaration. In this context, there is also a reference to how the storage of cookies can be prevented in the browser settings.

When accessing our website, the user is informed about the use of cookies for analysis purposes and consent to the processing of personal data used in this context is obtained. In this context, a reference to this privacy policy is also made.

b) Legal basis for data processing

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 (1) lit. f DSGVO.
The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 para. 1 lit. a DSGVO if the user has given his or her consent in this regard.

c) Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.
We require cookies for the following applications:

(1) Remembering search terms

The user data collected by technically necessary cookies are not used to create user profiles.

The use of analysis cookies is for the purpose of improving the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimize our offer.

In these purposes also lies our legitimate interest in the processing of personal data in accordance with Art. 6 para. 1 lit. f DSGVO.

d) Storage duration, possibility of objection and elimination

Cookies are stored on the user's computer and transmitted from it to our site. Therefore, you as the user have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.



V. Contact form and e-mail contact

1. Description and scope of data processing

Our website contains a contact form that can be used for electronic contact. If a user makes use of this option, the data entered in the input mask is transmitted to us and stored. These data are:

At the time of sending the message, the following data are also stored:

(1) The IP address of the user
(2) Date and time of registration

For the processing of the data, your consent is obtained during the sending process and reference is made to this privacy policy.

Alternatively, it is possible to contact us via the e-mail address provided. In this case, the personal data of the user transmitted with the e-mail will be stored.

No data will be passed on to third parties in this context. The data will be used exclusively for processing the conversation.

2. Legal basis for data processing

The legal basis for processing the data, if the user has given his or her consent, is Art. 6 Para. 1 lit. a DSGVO.

The legal basis for processing the data transmitted in the course of sending an e-mail is Art. 6 Para. 1 lit. f DSGVO. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.

3. Purpose of data processing

The processing of personal data from the input mask serves us solely to process the contact. In the event of contact being made by e-mail, this constitutes the necessary legitimate interest in processing the data.
The other personal data processed during the submission process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Storage duration

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is terminated when the circumstances indicate that the matter in question has been conclusively clarified.

The additional personal data collected during the sending process will be deleted at the latest after a period of seven days.

5. Possibility of objection and elimination


The user has the possibility at any time to revoke the consent to the processing of personal data. If the user contacts us by e-mail, he or she can object to the storage of personal data at any time. In such a case, the conversation cannot be continued.

If you wish to exercise your right to object, simply write to us by email to karriere@strabag.com.

All personal data stored in the course of contacting us will be deleted in this case.

VI. Disclosure to service providers

We only disclose your personal data to third parties if service providers act on our behalf to manage our data. The legal basis for this is § 6 para. 1 lit. f DSGVO. We have concluded order processing agreements with our service companies in order to ensure data protection with regard to your personal data in this regard as well.

VII. Use of Matomo Analytics
We use the web analysis software Matomo (www.matomo.org) to generate access statistics and to analyze general usage behavior on the website and for purposes of optimizing our web presence. The legal basis for this is Art. 6 para. 1 lit. f) DS-GVO.
In doing so, we have configured Matomo in such a way that:
- no cookies are stored in your terminal equipment;
- the IP address is shortened by the last two bytes and thus anonymized;
- in addition to the pages called up, only those data are collected that are transmitted by your browser when you call up the website / this data collection is limited to the respective duration of the session;
- when calling up the website, your data transmitted by the browser as well as the anonymized IP address are irrevocably replaced by a pseudonymID on a session basis, so that no identifiability and thus no personal reference can be established, whereby this pseudonymID is also deleted after a maximum of 24 hours.
We use our own Matomo instance on our company's servers within the EEA, so that no data is transmitted to Matomo or other third parties.
At the same time, you have the option of activating the "Do Not Track" option in your browser so that Matomo cannot store or process any of the data from your website visit.
If you have not activated the "Do Not Track" option and do not agree to the storage and analysis of the aforementioned data by Matomo, you can of course also object to this data processing by Matomo on our website at any time. For this purpose, we provide you below with a special inline frame that is linked to our Matomo system and with which, by deactivating the checkbox (opt-out), a cookie is stored on your terminal device that prevents the collection and processing of any session data on our website by Matomo. Please note here that the complete deletion of your cookies means that this cookie is also deleted and may have to be reactivated by you.



VIII. Rights of the data subject

If your personal data is processed, you are a data subject or data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

1. Right of access
2. Right to rectification
3. Right to restriction of processing
4. Right to erasure
5. Right to information
6. Right to data portability
7. Right to object
8. Right to revoke declaration of consent under data protection law
9. Automated decision in individual cases including profiling
10. Right to complain to a supervisory authority


IX. Addendum to the Data Protection Statement for Australian visitors

 
This addendum applies to visitors of our website who are located in Australia and supplements our Data Protection Statement. We comply with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (Privacy Act) when handling personal information.
A. Anonymity and Pseudonymity

Where practicable, you have the option to interact with us anonymously or using a pseudonym. However, please note that in some cases, we may not be able to provide our services without certain personal information.
B. Cross-border Disclosure

We may transfer your personal information to recipients located outside of Australia. We take reasonable steps to ensure that any overseas recipients comply with the APPs and that your personal information is protected.

C. Security of Personal Information

We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorized access, modification, or disclosure. This includes implementing appropriate technical and organizational measures.

D. Complaints Handling
If you have any questions, concerns or complaints about how we handle your personal information, please contact us at the details provided in our general Data Protection Statement. We will acknowledge your complaint and investigate it in a timely and fair manner. We will also take steps to remedy any breach of the APPs or the Privacy Act that we identify as a result of our investigation. If you are not satisfied with our response or resolution, you have the right to lodge a complaint with the OAIC at www.oaic.gov.au or by calling 1300 363 992.