This privacy statement serves to inform visitors to our websites about data processing when using NOVOMATIC AG websites.
Additionally, due to an existing video surveillance system the NOVOMATIC AG also fulfils its information obligation to data subjects under clause 5.9 of the Privacy Statement in accordance with Art. 13 General Data Protection Regulation of the European Union (abbreviated as GDPR).
The protection of your privacy is a very serious concern to the NOVOMATIC AG therefore we want you to be able to visit our web pages without being concerned about security issues. It is generally possible to use our website without the disclosure of personal data. The following Privacy Statement will provide you with an overview of how the NOVOMATIC AG guarantees the protection of your privacy, the types of data being collected as well as their main purpose.
Name and contact details of the data controller:
Your trust is very important to us. Should you have any further questions regarding the processing of your personal data by NOVOMATIC AG, please contact the Group Legal Compliance Department of NOVOMATIC AG in writing at:
Wiener Straße 158
Tel.: +43 2252 606 0
Contact details of the data protection officer: email@example.com
2. IP ADDRESS
The IP address is transmitted on every server request to let the server know where the response has to be sent. Your Internet Service Provider (ISP) gives you an IP address as soon as you connect to the Internet, and the ISP can retrace which IP address was assigned to which of its customers at any given time. For as long as the IP address is saved, it is theoretically possible to identify the owner of the Internet connection via the ISP. For this reason, we and our statistics providers do not save the IP address permanently but only temporarily for session recognition and for security reasons (for example to ward off hacker attacks). The IP address is then immediately deleted, so that any collected data are made anonymous and it is no longer possible to identify the user, not even via the ISP.
3.1. The Purpose of Cookies
To allow you to use the NOVOMATIC AG’s website without any restrictions, we use what are referred to as session cookies. Session cookies are tiny parcels of information that are automatically saved to the memory of the website visitor\'s computer. In a session cookie a randomly created and unique identification number is deposited, a so-called session ID. A cookie additionally contains information on its origin and its life span. These cookies are unable to save any other kind of data. Placing session cookies on your computer does not enable us to see the files on your computer.
After you conclude your session, i.e. after you close your browser window, the session cookies are automatically deleted.
You need to activate session cookies to be able to use website services which require authentication.
3.2. Tracking Cookies
Whenever you visit our website, some of the data we collect is used for statistical evaluation. The extent of such data is described below. The data are only used internally and serve primarily to continuously improve our website and adapt it to suit your business or personal requirements.
The following data are collected:
- Request (name of the requested data file) (e.g. www.beispiel.de/index.html) including parameters
- Browser type and version (e.g. Internet Explorer 6.0)
- Browser language (e.g. German)
- Operating system used (e.g. Windows XP)
- Internal resolution of your browser window
- Screen resolution
- Installed plugins (Java, Flash, Real, Quicktime, …)
- Cookies on/off
- Color bit depth
- Referrer URL (the previously visited website including parameters, e.g. search items in search engines, ...)
- IP address to identify country of origin. The IP address itself is only used for geographical allocation and to identify the provider, and is immediately deleted again afterwards.
- Time and date of accessing
Any personal details you have entered in one of our forms, either to request information, apply for a job or get in touch with us, are also saved. The NOVOMATIC AG will use your personal data exclusively in accordance with the relevant laws and regulations.
We process your personal data on the basis of your consent, which you have given us by the settings of your Internet browser as well as on the basis of our predominant legitimate interests.
3.4. Facebook Remarketing
Within the web-based content of NOVOMATIC AG, so-called „Facebook-Pixels“ of the social network Facebook (“Facebook”), which is being operated by Facebook Inc. (1 Hacker Way Menlo Park, CA 94025, USA) or if you are based in the EU, by Facebook Ireland Ltd. (4 Grand Canal square, Grand Canal Harbor, Dublin 2, Ireland) are being utilized.
With the help of the Facebook-Pixel, Facebook is able to designate you as a target group for the display of ads, so-called “Facebook-Ads”. Accordingly, we use the Facebook-Pixel to display these Facebook-Ads only to those Facebook-Users, who have shown interest in the web-based content of NOVOMATIC AG. In other words, with the help of the Facebook-Pixel, we want to make sure that our Facebook-Ads are in line with the potential interest of users and are not deemed annoying. With the help of a Facebook-Pixel, NOVOMATIC AG can also track the effectiveness of Facebook-Ads for statistical and market research purposes as well as track whether users have been redirected to the NOVOMATIC AG website after clicking on a Facebook-Ad.
The Facebook-Pixel is directly implemented by Facebook when being redirected to the NOVOMATIC AG websites and can place a so-called Cookie, which can be understood as placing a small file on your device. If you subsequently log in to Facebook or visit Facebook in the logged-in state, your visit to our websites will be recorded in your profile.
The data collected about you remains anonymous to NOVOMATIC AG and therefore does not enable any inference on the identity of any user. Nevertheless, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible. The processing of data by Facebook is part of Facebook’s data usage policy. Accordingly, you can view more information on how the “Remarketing-Pixel” works, and more generally how Facebook-Ads are displayed in Facebook’s Data Usage Policy at www.facebook.com/policy.
You may object to being designated by a Facebook-Pixel and the processing of your data for the display of Facebook-Ads. To that end, we kindly ask you to visit the Facebook page, where you can find more information about the usage-based advertising settings: www.facebook.com.
Any declaration of objection is available any time via the US website www.aboutads.info/choices or the EU website www.youronlinechoices.com. The settings are platform independent, meaning they apply for all devices such as desktop computers or mobile devices.
4.1. Privacy Principles
The protection of your privacy and the security of your personal data is a matter of great importance to us.
All data applications operated by NOVOMATIC AG comply with the provisions of the General Data Protection Regulation of the European Union (abbreviated as GDPR) as well as other area-specific regulations. In accordance with Article 5 GDPR, all employees are required to process your personal data in a lawful and fair manner, and in a way that is comprehensible to you and in compliance with data secrecy in accordance with Section 6 Data Protection Act (DPA).
Compliance with the data protection and data security regulations is guaranteed across the entire Group by the following binding measures:
- Privacy Concept
- Privacy Program
- Privacy Management System
4.2. Privacy Concept
4.4. Privacy Program
As part of the Privacy Program, data protection goals are continuously being specified and the measures to be implemented are defined in the form of a work program and provided with corresponding implementation deadlines.
4.5. Privacy Management System
The Privacy Management System defines the rules, policies, measures, resources, methods, responsibilities, procedures and organization structures for implementing and monitoring the Privacy Program.
4.6. Processing activities
In accordance with Article 30 GDPR, NOVOMATIC AG maintains a so-called "record of processing activities" in which the data applications operated by NOVOMATIC AG as well as the relevant processing activities are documented. This existing record should always be kept up-to-date in accordance with the data protection provisions of Article 30 GDPR.
4.7. Special categories of personal data
NOVOMATIC AG does not process any special categories of personal data within the meaning of Article 9(1) GDPR on its website.
4.8. Guaranteed Data Protection
In principle, we do not process your personal data without your consent or within the framework of the existing contractual relationship with you and for the agreed purpose. We store your personal data in accordance with the applicable prescribed statutory time periods.
4.9. Transferring and Surrendering Data
Any transfer of personal data to third parties is made only with your consent. Excepted from this are data transfers that are necessary due to a legal obligation or for fulfilment of a contract. The transfer of personal data to processors (service providers) shall, in principle, be limited to those undertakings providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing the personal data complies with the requirements of the GDPR and ensures the protection of the rights of the data subject.
4.10. Data Security
The technologies employed by the NOVOMATIC AG to process your personal data (hardware, software, network, infrastructure) comply with state-of-the-art security technologies. Appropriate technical and organisational measures have been set for these procedures, in order to comply with the requirements of the GDPR.
5. INFORMATION TO BE PROVIDED
We hereby inform you about the personal data processed within the framework of this website or within the framework of a (pre-) contractual business relationship and the privacy claims and rights to which you are entitled.
5.1. Categories of personal data
Personal data that you enter yourself when filling in the forms for "Information request”, "Application" and "Contact us" are processed. NOVOMATIC AG processes your personal data exclusively in the context of the purpose for which you voluntarily provided your data in exercising your right to informational self-determination. This consent to the processing your personal data for the stated purposes remains valid until you revoke it, at any time, within the scope of the data protection regulations.
5.1.1 Categories of data subjects
Customers and suppliers as well as interested parties
If you have a (pre-) contractual relationship with NOVOMATIC AG, the personal data you provide or request will be processed for the purpose of the (pre-) contract. This also includes master data and, if applicable, payment data and correspondence data.
Purpose of the processing: Data processing is carried out for the purpose of processing an existing or prospective business relationship.
Legal basis of the data processing: Art. 6 para. 1b GDPR in conjunction with the agreement. In a legal case, data may also be processed within the scope of a legitimate interest as defined by Art. 6 para. 1 f GDPR, which must be submitted to legal representatives and courts in the event of an existing business relationship or, after termination of a judicial dispute, which is necessary for the legal proceedings.
Storage period or criteria for determining the period: The storage period is subject to the statutory storage and limitation periods of the Austrian Federal Fiscal Code (BAO) and the Austrian Commercial Code (UGB).
Transmission to third parties: The data resulting from the contractual relationship may be transmitted to tax authorities, courts or other public bodies. A statutory obligation exists here. The data will also be transmitted to our tax advisors, auditors, legal representatives, banks and insurance companies, as required.
You can find details about your rights as a data subject in accordance with Chapter III GDPR below.
5.2. Right of access to personal data
In accordance with the provisions of the GDPR, you have the right to information at any time about the data processed in the NOVOMATIC AG to your person, their origin as well as possible recipients of transmissions and the purpose of the data use. Information can be obtained, based on your written request, from the Group Legal Compliance Department of the NOVOMATIC AG, listed under point 5.10. If all legal requirements for the processing of your request for access to personal data have been met, we will comply with it and grant you the relevant access to your personal data within a period of 1 (one) month.
5.3. Right to erasure
In accordance with the provisions of the GDPR, you have the right at any time to the erasure of your personal data which were processed by NOVOMATIC AG, provided that your request for erasure does not conflict with any potential statutory retention periods or other legal obligations. If all preconditions for implementing your request for erasure have been met, we will comply with it and erase your data within a period of 1 (one) month.
5.4. Right to object
In accordance with the provisions of the DSGVO, you have the right - insofar as the processing of your personal data is not provided for by law - to object to the violation of your overriding confidentiality interests, which are worthy of protection. If these preconditions have been met, we will delete your data within a period of 1 (one) month, taking into account any legal retention periods.
5.5. Right to restriction of processing
In accordance with the provisions of the GDPR, you have the right to restrict processing of personal data under certain conditions. If all statutory preconditions have been met, we will restrict the processing of your personal data within a period of 1 (one) month.
5.6. Recipient categories and automated decision making
The data will not be passed on to recipients who use this data for their own purposes. No transfer to recipients in a third country (outside the EU) or to an international organisation is envisaged. There is no automated decision-making process.
5.7. Right to data portability
In accordance with the provisions of the GDPR, you have the fundamental right to receive the personal data provided by you in a structured, common and machine-readable format.
5.8. Revocation of consent
In accordance with the provisions of the GDPR, you have the right to revoke your consent to the processing of your personal data at any time, without stating any reasons. In this case, we will not process your data further and will erase them, taking into account any statutory retention periods, within a period of 1 (one) month.
5.9. Information obligation in accordance with Art. 13 GDPR concerning video surveillance
Name and contact data of the controller:
Wiener Straße 158
Tel.: +43 2252 606 0
Contact details of the Data Protection Responsible: firstname.lastname@example.org
Purposes of the data processing:
Video surveillance with digital image recording for the purpose of self-protection (protection of business and operational secrets, protection of property and protection of the client's employees) and the protection of accountability (perception of traffic safety obligations) as well as for the purpose of preventing, containing and clarifying criminally relevant behavior, with exclusive evaluation in the case defined by the purpose.
Legal basis of data processing: Art. 6 lit. 1 f DSGVO in conjunction with §§ 12 and 13 DSG 2018
Legitimate interests, which are being pursued: Protection of property
Storage period: A maximum of 30 days
Transmission to third parties: The data will not be transferred to third parties. Video surveillance takes place for internal purposes and is only made available to the security authorities if necessary to help with work to solve potential crimes.
Rights of the data subject: Please note that your rights as a data subject vis-à-vis video surveillance are limited. In the event of not being able to clearly identify you as an individual pursuant to Art. 11 (1) and (2) GDPR, we cannot fulfill certain data subject rights for you without obtaining additional information that is not relevant for processing. For this reason, Art. 15 to 20 (right of access, right to rectification, right to erasure, right to restriction of processing, data portability) do not apply. However, if you provide us with additional information that identifies you as a data subject, we will process your request accordingly.
Video data is deleted automatically after the 30-day storage period has expired. Rectification or erasure within this period is not possible.
5.10. Complaints to the Austrian Data Protection Authority (DSB)
In accordance with the provisions of the GDPR and the Austrian Data Protection Act (DSG), you have the right to complain to the Austrian Data Protection Authority (www.dsb.gv.at) if you believe that the processing of your personal data violates the GDPR or the Austrian Data Protection Act.
5.11. Further Information
Your trust is very important to us. If you have further questions regarding the processing of your personal data by NOVOMATIC AG, please do not hesitate to contact the NOVOMATIC AG Group Legal Compliance Department in writing at this address
Wiener Straße 158