Privacy Policy

Data protection information

In this data protection notice, we inform you about the processing of personal data and about the access and storage of information on your end device when using our website cyclotech.at. 

1. Controller and contact person

The contact person and so-called controller for the processing of your personal data when you visit this website within the meaning of the General Data Protection Regulation (GDPR) is

Cyclotech GmbH

Franzosenhausweg 53a

4030 Linz

Austria

+4373237160510

officecyclotech.at

2. Data Protection Officer

If you have any questions about data protection in connection with our products or the use of our website, you can also contact our data protection officer at any time. This can be reached at the above postal address and at the e-mail address privacycyclotech.at (keyword: "Attn. data protection officer"). We expressly point out that when using this e-mail address, the contents are not exclusively taken note of by our data protection officer. If you wish to exchange confidential information, please contact us directly via this e-mail address first.

3. Purposes of data processing

We process your personal data for the following purposes 

• Enabling you to visit our website, ensuring the permanent functionality and security of our systems, general maintenance of our website for administrative purposes, including the storage of log files in order to determine the cause and take measures in the event of repeated or criminally relevant accesses that jeopardise the stability and security of our website (Art. 6 para. 1 lit. b, f GDPR);
• Management, implementation and creation of website content, structure, functions, scripts and design (Art. 6 para. 1 lit. f GDPR);
• Management of consents to optional services via the consent banner (Art. 6 para. 1 lit. f GDPR;)
• Provision and dispatch of our newsletter, including the storage of registration data for documentation purposes (Art. 6 para. 1 lit. a GDPR)
• Processing and answering your contact enquiries and providing a contact form (Art. 6 para. 1 lit. b, f GDPR)
• Provision and management of a company page on social networks, including communication with interested parties and customers (Art. 6 para. 1 lit. b, f GDPR)
• Receipt and processing of applications for the selection of applicants for a possible employment relationship, including the provision of a digital career page, the management of incoming applications and, if applicable, storage in an applicant pool (Art. 6 para. 1 lit. b, a GDPR);
• Processing and responding to data protection enquiries from data subjects and storing these for documentation and evidence purposes (Art. 6 para. 1 lit. f GDPR);
• Protecting the website from abusive or harmful data traffic, ensuring security and maintaining optimal performance by distinguishing legitimate users from automated access attempts (Art. 6 para. 1 lit. f GDPR);
• Use of analysis and marketing tools to identify and track user interactions across sessions, assign unique user identifiers and store behavioural data to evaluate marketing performance and profile contact persons (Art. 6 para. 1 lit. a GDPR);
• Recording, administration and evaluation of contacts of interest for the processing of enquiries, implementation of marketing activities and for the analysis and optimisation of communication processes (Art. 6 para. 1 lit. a, f GDPR)

• Analysis and optimisation of our web presence, including the measurement of user behaviour and the technical management of tracking technologies via a tag management system (Art. 6 para. 1 lit. a GDPR).

   

4. Candidate Applications

You can apply for open positions for the purposes specified in section 3 by email or via our career platform. Please note that we cannot guarantee the confidentiality of applications sent via unencrypted email. 

• We use the SmartRecruiters platform provided by SmartRecruiters GmbH, Wilhelmstr. 118, 10963 Berlin, to provide our career platform at https://careers.smartrecruiters.com/CycloTech and to manage applications. We have concluded a data processing agreement with SmartRecruiters, according to which SmartRecruiters processes personal data only on behalf of and in accordance with the instructions of CycloTech.
• If you contact our Human Resources department via LinkedIn or apply directly for an advertised position, your personal data will be processed for the purposes specified in section 3.

• When you use the ‘Apply easily’ function via LinkedIn, LinkedIn uses the data from your profile to fill in the form. This data is temporarily stored by LinkedIn and then passed on to SmartRecruiters.

   

5. Recipients of your personal data

The data collected by us will only be passed on if:

• you have given your express consent to this in accordance with Art. 6 para. 1 lit. a GDPR, or
• this is permitted by law and is necessary for the performance of contractual relationships with you or for the implementation of pre-contractual measures taken at your request in accordance with Art. 6 para. 1 lit. b GDPR, or
• we are legally obliged to disclose data in accordance with Art. 6 para. 1 lit. c GDPR, or
• the disclosure pursuant to Art. 6 para. 1 lit. f GDPR is necessary for the establishment, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data.

In particular, your personal data will be passed on to the following recipients

• Hosting provider: Junge Digitale, A-4020 Linz, Hausleitnerweg 32a, Linz
• Consent management platform "CookieFirst": Digital Data Solutions B.V., Plantage Middenlaan 42A, 1018DH Amsterdam, Netherlands - Privacy Policy: https://cookiefirst.com/legal/privacy-policy/;
• Google (Google Analytics, Google Tag Manager, YouTube, Google reCAPTCHA): Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland - Privacy Policy: https://business.safety.google/privacy/;
• SmartRecruiters (for the provision of our career portal): SmartRecruiters GmbH, Wilhelmstr. 118, 10963 Berlin – Privacy policy: https://www.smartrecruiters.com/de/legal/general-privacy-policy/;
• LinkedIN (company page in the social network): LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland - Privacy Policy: https://www.linkedin.com/legal/privacy-policy; 

• X (company page in the social network): X Internet Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland - Privacy Policy: https://x.com/de/privacy;

   

6. Data transfer to third countries

We may use services whose providers are partly located in so-called third countries (outside the European Union or the European Economic Area) or transfer personal data there, i.e. countries whose level of data protection does not correspond to that of the European Union. 

If an adequacy decision of the European Commission (Art. 45 GDPR) exists for these countries, we base the data transfer on this. This applies, for example, to transfers to Argentina, Israel, Japan, Canada, the Republic of Korea, New Zealand, Switzerland, Uruguay or the United Kingdom. In the case of the USA, this only applies if the US recipient has certified itself for the EU-US Data Privacy Framework.

If no adequacy decision has been issued for the country in question, we have taken appropriate precautions to ensure an adequate level of data protection for any data transfers. These include the standard contractual clauses of the European Union or binding internal data protection regulations (Art. 46 GDPR).

Where this is not possible, we base the data transfer on exceptions under Art. 49 GDPR, in particular your express consent or the necessity of the transfer for the fulfilment of the contract or for the implementation of pre-contractual measures.

If a transfer to a third country is planned and there is no adequacy decision or suitable guarantees, it is possible and there is a risk that authorities in the respective third country (e.g. secret services) may gain access to the transferred data in order to collect and analyse it, and that the enforceability of your data subject rights cannot be guaranteed. If your express consent is obtained, you will also be informed of this.

In particular, your data may be transferred to the following recipients in third countries

• Google (Google Analytics, Google Tag Manager, YouTube, Google reCAPTCHA): Google LLC, 1600 Amphiteatre Parkway, Mountain View, CA 94043, USA (adequacy decision, certified under the EU-US Data Privacy Framework);
• SmartRecruiters (for the provision of our career portal): SmartRecruiters, Inc., 166 Geary St 15th Floor Suite #1612, San Francisco, CA 94108, USA (adequacy decision, certified under the EU-US Data Privacy Framework);
• LinkedIN (company page in the social network): LinkedIN Cooperation, 2029 Stierlin Ct. Ste. 200 Mountain View, California 94043, USA (adequacy decision, certified under the EU-US Data Privacy Framework);

• X (company page in the social network): X Corp, 865 FM 1209, Building 2, Bastop, TX 78602, USA (adequacy decision, certified under the EU-US Data Privacy Framework).

   

7. Storage period

In principle, we only store personal data for as long as necessary to fulfil the purposes for which we collected the data. We then delete the data immediately, unless we still need the data until the statutory limitation period expires for evidence purposes for civil law claims or due to statutory retention obligations. For evidence purposes, we must retain contractual data for three years from the end of the year in which the business relationship with you ends. Any claims expire at the earliest at this time in accordance with the statutory limitation period. Even after this time, we must still store some of your data for accounting reasons. We are obliged to do so due to statutory documentation obligations, which arise in particular from the German Commercial Code and the German Fiscal Code. The periods specified there for the retention of documents are two to ten years.

Your data is stored for the following periods in particular:

• Connection data: for the duration of your visit and beyond that for a limited period in log files;
• Contact data: for the duration necessary to process your enquiry and for at least three years in the case of data protection enquiries;
• Applicant data: for the duration of your employment relationship (if we accept your application) or for a maximum of six months (if we reject your application), possibly beyond this period if you have given us your express consent;

• Newsletter data: for the duration of your subscription and beyond to fulfil documentation obligations

   

8. Automated decision-making

Automated decision-making, including profiling in accordance with Art. 22 GDPR, which produces legal effects or similarly significantly affects you, does not take place.

9. Necessity of the provision of data

In principle, there is no obligation to provide your data. It is generally possible to use our website without providing personal data. If personal data (e.g. name, address or e-mail address) is collected on our website, this is always done on a voluntary basis as far as possible.

*Ifthe provision of your data is necessary to fulfil legal obligations, to contact you or to use other services and functions (e.g. newsletter subscription), the corresponding input fields are marked as mandatory fields (usually with an asterisk). In these cases, the respective service cannot be provided or the function cannot be used without providing the required data.

Other information that is not marked as mandatory is voluntary. The entry of such data is not required for the service or the use of the function and has no influence on the fulfilment of the contract.

10. Access to and storage of information on your end device

We only access information on your end device or store such information if this is absolutely necessary to provide the digital service you have requested - i.e. for the main functions of our website - or if you have given your prior consent, for example for optional services, in accordance with the implementation laws of the ePrivacy Directive of the EU member states.

You can view the cookies used at any time in the cookie settings under "Cookies".

11. Your rights

You have the following rights as a data subject:

• Right to withdraw consent (Art. 7 para. 3 GDPR).
• Right to object to the processing of your personal data (Art. 21 GDPR)
• Right to information about your personal data processed by us (Art. 15 GDPR)
• Right to rectification of your incorrect personal data stored by us (Art. 16 GDPR)
• Right to erasure of your personal data stored by us (Art. 17 GDPR)
• Right to restriction of the processing of your personal data (Art. 18 GDPR)
• Right to data portability of your personal data (Art. 20 GDPR)
• Right not to be subject to a decision based solely on automated processing which produces legal effects or similarly significantly affects you, including, where applicable, the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision (Art. 22 GDPR)
• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR).

To assert your rights described here, you can contact us at any time using the contact details provided above. If the respective legal requirements are met, we will comply with your data protection request  Your requests to assert data protection rights and our responses to them will be stored for documentation purposes for a period of up to three years and, in individual cases, beyond this period if there are grounds for the assertion, exercise or defence of legal claims. The legal basis is Art. 6 para. 1 lit. f GDPR, based on our interest in the defence against any civil law claims pursuant to Art. 82 GDPR, the avoidance of fines pursuant to Art. 83 GDPR and the fulfilment of our accountability obligation pursuant to Art. 5 para. 2 GDPR.

Finally, you have the right to lodge a complaint with the data protection supervisory authority responsible for us. You can assert this right with a supervisory authority in the member state of your place of residence, your place of work or the place of the alleged infringement.

Right of cancellation (Art. 7 para. 3 GDPR)

You have the right to revoke your consent to us at any time in accordance with Art. 6 para. 1 lit. a GDPR. As a result, we will no longer continue the data processing that was based on this consent in the future. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Right to object (Art. 21 GDPR)

General objection: If we process your data on the basis of Art. 6 para. 1 lit. f GDPR (legitimate interests) or Art. 6 para. 1 lit. e GDPR, you can object to the processing at any time for reasons arising from your particular situation. 

Objection to direct marketing: If we process your data for direct marketing purposes, you can object to the processing at any time without giving reasons.

Assertion of your rights

If you wish to exercise your right of cancellation or objection, simply send an informal message to the contact details above.