The protection of your personal data is of particular concern to us. This privacy policy informs you about how we process your personal data when you visit this website and when you contact us to initiate business. We attach great importance to the protection, accuracy and integrity of your personal data.

All data disclosed or transmitted by the user/visitor will be stored and used in compliance with the provisions of the national Data Protection Act (DPA), the European Data Protection Regulation (GDPR) and the Telecommunications Act (TCA), in each case as amended.

If you have any questions regarding the use of your data, please contact us at privacy@s7-rail.com or +43 7613 44700 0.

1. CONTROLLER

System7 Rail Holding GmbH
Gewerbegebiet Süd 11
4664 Laakirchen, Austria

E-mail: office@s7-rail.com

Telephone number: +43 7613 44700 0

2. GENERAL INFORMATION ON DATA PROCESSING

Personal data are all data that contain information about personal or factual circumstances, for example name, address, e-mail address, telephone number, date of birth, age, sex, etc.

We collect, process and store your personal data when you visit our website and when you contact us. In principle, these are processed and stored to the extent that this is necessary for the fulfilment of contractual or legal obligations in accordance with Art 6 (1) lit b and c GDPR. “Sensitive” data may also be affected, in particular in relation to conduct relevant under criminal law in accordance with Art 10 GDPR, especially for the assertion, exercise or defence of legal claims. If the processing is necessary to protect our legitimate interests or those of a third party and this interest does not outweigh your interest in confidentiality, we base the processing of your personal data on Art 6 (1) lit f GDPR. We delete or store your personal data protected from access as soon as the purpose of the processing ceases to apply, provided that we as the responsible party have no legal obligation to store the data beyond the period of fulfilment of the purpose. Furthermore, we reserve the right to store your personal data for as long as specific legal claims are asserted against us.

2.1. We reserve the right to amend this privacy policy at any time in compliance with the applicable data protection regulations.

3. PROCESSING ACTIVITIES

In the following, we inform you in detail in particular about the scope and purpose of the processing of the data and also about the transfer of your data to third parties.

3.1. Visiting the website

When you visit our website, personal data is processed.

3.1.1. Scope of data processing

When you access our website, we automatically collect and store information in so-called server log files, which your browser automatically transmits to us. These are:

• Browser type
• Browser version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Date and time of the server request
• Your IP address

3.1.2.Purpose of the data processing

We process this data for the purposes of logging system usage, the authorisation process and the evaluation of server log files for our problem analysis. If you do not provide us with your data, access may not be possible under certain circumstances.

3.1.3. Legal basis of the data processing

The processing of the aforementioned data is in our legitimate interest as the operator of the website in accordance with Art 6 (1) f GDPR. In principle, the individual data records are not merged, but we reserve the right to check the data if we become aware of concrete indications of illegal use, in particular malicious attacks.

You can object to the processing of your personal data in accordance with Art. 21 GDPR at any time by stating your reasons. To do so, please send a message to privacy@s7-rail.com or call +43 7613 44700 0.

3.1.4. Recipients of the data

• For the operation of our website, including hosting, as well as for reasons of ensuring the security of our IT systems, we use eSYS Informationssysteme GmbH, Alm 21, A-4845 Regau as a service provider, which could possibly gain access to your personal data in the course of your activities. If necessary, sub-service providers are used. The service provider is contractually obliged to protect your personal data at all times, to implement suitable technical and organisational measures with regard to data security and under no circumstances to process your data for its own purposes or to pass it on to third parties.

• Furthermore, we reserve the right to forward the data collected for this purpose to the competent authorities and courts in the event of justified suspicion. This is done on the basis of our legitimate interest in proper legal prosecution in accordance with Art 6 (1) f GDPR.

Your personal data will not be transferred to third countries..

3.1.5. Storage period

The data collected here is rotated daily and automatically stored for a period of 31 days after one day of retention. In addition, we delete your data before this time in the event of a successful objection. If we have reasonable suspicion of abusive behaviour and forward the data to the relevant public authorities, this data is stored on a separate data carrier and deleted after the end of the legal proceedings.

3.1.6. Further processing of the data

The data processed for this purpose will not be further processed for any other purpose.

3.1.7. Automated decision making

The data processed in the course of visiting our website is neither processed for automated decision-making nor do we carry out so-called “profiling”.

3.2. Initiation of contact

3.2.1. Scope of data processing

We process your personal data only to the extent necessary to process your contact request. This includes usually the following data, depending on the information you provide us with in your enquiry:

Surname, first name, title, gender, e-mail address, company name or business name, telephone number, address data, details of company affiliation, department and position in the company, date and time of the enquiry, content of the enquiry.

3.2.2. Purpose of the data processing

The processing of your data as part of the contact initiation serves the sole purpose of offering facilitated communication in order to process the contact and correspondence as efficiently and quickly as possible. We use automation-based systems for this purpose. Of course, we have taken all technical and organisational measures to ensure the security of your data.

3.2.3. Legal basis of the data processing

The processing of this data takes place in fulfilment of the (pre-)contractual measures according to Art 6 (1) lit b GDPR, insofar as the establishment of contact serves to initiate business. For other purposes, in particular for the mere collection of information about our products, the processing takes place on the basis of our legitimate interest according to Art 6 (1) (f) GDPR. No data relevant under criminal law pursuant to Art 10 GDPR and no special category personal data pursuant to Art 9 GDPR are processed, unless this is necessary in the context of asserting, exercising and/or defending legal claims pursuant to Art 6 (1) (b) GDPR in conjunction with Art 9 (2) (f) GDPR in the event of abusive conduct.

Failure to provide the required data means that we are unfortunately unable to respond to your enquiry..

If we process your data on the basis of our legitimate interest pursuant to Art 6 (1) (f) GDPR, you may object to the processing of your personal data pursuant to Art 21 GDPR at any time by stating your reasons. To do so, please send a message to privacy@s7-rail.com or call +43 7613 44700 0.

3.2.4. Recipients of the data 

• For the provision of electronic contact initiation as well as for reasons of ensuring the security of our IT systems, we use eSYS Informationssysteme GmbH, Alm 21, A-4845 Regau as a service provider, which could possibly gain access to your personal data in the course of your activities. If necessary, sub-service providers are used. The service provider is contractually obliged to protect your personal data at all times, to implement suitable technical and organisational measures with regard to data security and under no circumstances to process your data for its own purposes or to pass it on to third parties.

Furthermore, we reserve the right to forward the data collected for this purpose to the competent authorities and courts in the event of justified suspicion. This is done on the basis of our legitimate interest in proper legal prosecution in accordance with Art 6 (1) f GDPR.

Within the scope of this processing activity, your personal data will not be transferred to third countries.

3.2.5. Storage period

Data that we collect in the course of contacting you will be stored by us for three months after the last contact for the purpose of processing your enquiry for logging reasons. In addition, we already delete your data before this time in the event of a successful objection. Furthermore, the data will be stored for as long as concrete claims are asserted against us. If we have reasonable suspicion of abusive behaviour and forward the data to the responsible public authorities, this data will be kept on a separate data carrier and deleted after the legal proceedings have ended.

3.2.6. Further processing of the data

The data processed for this purpose will not be further processed for any other purpose.

3.2.7. Automated decision making

The data processed in the course of visiting our website is neither processed for automated decision-making nor do we carry out so-called “profiling”.

4. YOUR PRIVACY RIGHTS

As a data subject of our data processing, you have the following rights. To assert your rights, please contact privacy@s7-rail.com or call +43 7613 44700 0.

4.1. Right to information

You have the right to request information at any time and informally about which data relating to you are processed by us as the data controller – together with further information such as their processing purposes and recipients, information about the origin of the data and information about automated decision-making including the logic involved. Furthermore, you have the right to request information on whether the personal data concerning you is transferred to a third country or to an international organisation, including the right to be informed about the appropriate safeguards in accordance with Art. 46 of the GDPR.

4.2. Right to rectification and right to restriction of processing

You may request that inaccurate or incomplete data be corrected or completed.  You also have the right to request a restriction on the processing of data that may only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest, for example if the accuracy of the data is disputed.

4.3. Right to data portability

You may request that a copy of the data, insofar as it has been made available to us, be sent to you – or, insofar as this is technically feasible, to a third party that can be determined – in a structured, common and machine-readable format.

4.4. Right to deletion

You can request the deletion of your data in certain circumstances, for example if it is not processed in accordance with data protection regulations.

4.5. Right of objection

You have the right to object to the processing of personal data at any time, stating your reasons. In this case, we will no longer process the personal data relating to you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, or the processing serves the purpose of asserting, exercising or defending legal claims.

4.6. Right to withdraw your declaration of consent

You have the right to revoke your declaration of consent under data protection law at any time and without giving reasons by sending an e-mail to privacy@s7-rail.com or by calling +43 7613 44700 0.  The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. We will delete your data immediately unless legal provisions require us to retain it.

4.7. Supervisory authority

If you are of the opinion that the processing of your data violates your right to confidentiality or your data protection rights have been violated in any other way, you can complain to the competent supervisory authority. In Austria, the competent authority is the

Austrian Data Protection Authority

Barichgasse 40-42, 1030 Vienna.

This is without prejudice to the possibility of filing an action with the regional court pursuant to § 29 para 2 DSG and any other legal remedies.

5. ADAPTATION OF THE DATA PROTECTION DECLARATION

We reserve the right to adapt this data protection declaration at any time in compliance with the applicable data protection regulations. Users are requested to inform themselves regularly about the content of the data protection declaration.

Status: April 2021