We are delighted to welcome you to the website of Capri Sun Austria GmbH, a part of Capri Sun AG (Capri-Sun website). This statement aims to underline the protection of your personal data.
Capri Sun Austria GmbH takes your legitimate interests in data protection very seriously and observes the provisions of the European General Data Protection Regulation (GDPR), the German Telemedia Act and, where applicable, the provisions of other applicable data protection regulations.
Capri Sun Austria GmbH handles the data transmitted by you carefully and with due diligence. As far as data of any kind is collected, processed or used, this is always done within the scope of the applicable legal provisions or after obtaining explicit consent from you.
Protecting the individual’s privacy on the Internet is crucial to the future of Internet-based business models and the move toward a true Internet economy. Capri Sun Austria GmbH has created this privacy statement to demonstrate its firm commitment to the individual’s right to privacy. This policy outlines Capri Sun Austria GmbH’s personal information handling practices for this website.
This Privacy Statement covers this website and all other sites that reference this Privacy Statement. We encourage you to read the privacy statements of each of the websites you visit.
The controller according to Art. 4 Para. 7 of the General Data Protection Regulation (GDPR) is:
Capri Sun Austria GmbH
AT 1080 Wien
Firmenbuchnummer: FN 351888 h
You can contact Capri Sun Austria GmbH’s data protection officer at:
Capri Sun Austria GmbH
Global Privacy Fundamentals
Our privacy practices reflect current global principles and standards on handling personal information. These principles include notice of data use, choice of data use, data access, data integrity, security, onward transfer, and enforcement/oversight. Capri Sun Austria GmbH abides by the EU General Data Protection Regulation (GDPR).
By using this website, you consent to the electronic collection and use of the information as described here. If Capri Sun Austria GmbH decides to make changes to this Privacy Statement, we will post the changes on this site so that you will always know what information we collect, and how we use it.
From time to time, as may be required by applicable law, we may also seek your explicit consent to process certain data and information collected on this website or volunteered by you.
Collection and Processing of Your Personal Data
To serve you better and understand your needs and interests, Capri Sun Austria GmbH collects, exports, and uses personal information with adequate notice and consent, along with required filings with data protection authorities, when applicable.
We may further collect and process any information and data that you volunteer to us, e.g. when you register for events, subscribe to newsletters, participate in online surveys, discussion groups or forums, or when you make purchases.
Use and Purpose of Collected Personal Data
The information Capri Sun Austria GmbH collects to understand your needs and interests helps Capri Sun Austria GmbH deliver an optimized and personalized experience. Capri Sun Austria GmbH will use such information only as described in this Privacy Statement. We will not subsequently change the way your personal data is used without your consent unless this is otherwise permitted by law.
We always process your personal data for a specific purpose.
In particular, we process your personal data for the following purposes:
- To manage our relationship with you, e.g. through our databases, in which we collect data about you from our various sources in order to get an overview of the collaboration; also, to improve and individualize our understanding of your preferences and our communication with you;
- To process your orders and deliver the products and services that you have ordered.
- To implement tasks in preparation of or to perform existing contracts;
- To evidence transactions and ensure transparency on transfers of value;
- To provide you with appropriate and current information about research as well as our products and services;
- To improve the quality of our products and services by adapting our offering to your specific needs;
- To answer your requests and provide you with efficient support;
- To manage communications and interactions with you;
- To track our activities (e.g. measuring interactions or sales, number of appointments/calls, issues discussed, documents presented);
- To invite you to events sponsored or used by us (e.g. speaker events, conferences);
- To grant you access to our specified IT systems so that you can use certain services of Capri Sun Austria GmbH;
- To manage our IT resources, including infrastructure management and business continuity;
- To preserve the company’s economic interests and ensure compliance and reporting (such as complying with our policies and local legal requirements, tax and deductions, internally defined contribution caps, managing alleged cases of misconduct or fraud; conducting audits and defending litigation);
- To support recruitment inquiries;
- Billing and invoicing; and
- any other purposes imposed by law and authorities.
- In certain cases, we are legally obliged to transfer certain data to the requesting government agency (institution or authority). The legal basis for the processing is Art. 6. Para. 1 (c) GDPR
- In some cases, business partners require personal information from our customers. This is usually done for the purpose of order fulfillment (e.g. in case of complaints). This is expressly provided for by law. In this case, Capri Sun Austria GmbH remains responsible for the protection of your data – in addition, the processor may also be responsible. The service provider works strictly in accordance with our instructions, which Capri Sun Austria GmbH ensures by means of strict contractual regulations.
- To fulfil legal obligations to record, document and report to the responsible authorities.
We use IP addresses to help diagnose problems, to administer our website, and to gather demographic information. We may also use IP addresses or other information you have shared on this website to determine which pages on our sites are being visited and topics that may be of interest so we can provide you with information about relevant products and services. As a matter of principle, Capri Sun Austria GmbH will aggregate such data only in an anonymous way and will not tie it to a particular individual unless he or she has given consent.
Capri Sun Austria GmbH will only gather information related to your visit to the Capri Sun Austria GmbH website. We do not track or collect personal information from your visits to websites of companies or entities outside the Capri Sun Austria GmbH.
b) In addition, to further improve usability, we also use temporary cookies that are stored on your device for a specified period of time. If you visit our website again to use our services, we will automatically determine that you have already visited our website and what inputs and settings you have made in order to avoid having to re-enter them.
d) The data processed by cookies are necessary for the purposes mentioned in order to safeguard our legitimate interests and the interests of third parties under Art. 6 Para.1 Sent. 1 (f) GDPR.
e) Most browsers accept cookies automatically. You can, however, configure your browser in such a way that no cookies are stored on your computer or that a notice is displayed before a new cookie is created. Disabling cookies completely, however, may mean that you will not be able to all the features on our website.
If you choose to give us your email address or submit it through our contact form, we will communicate with you via email. We do not share your email address with third parties. You can opt out from receiving future emails from Capri Sun Austria GmbH at any time.
External Service Providers
We work with service providers that process certain data on our behalf. This is done exclusively in accordance with the applicable data protection laws. In particular, we have entered into commissioned data processing agreements with our service providers which satisfy the requirements of Art. 28 GDPR.
Notes on newsletter and consents
The following notes inform about the contents of our newsletter and about your rights to object.
Content of the newsletter
We send newsletters and e-mails for information purposes (subsequent “newsletter”).
Double Opt-In and Logging
The subscription to our newsletter follows the so-called double opt-in procedure. This means after having subscribed to our newsletter, you get an e-mail in which you are asked to confirm your subscription. This confirmation is necessary so no one can subscribe with somebody else’s e-mail addresses. The subscriptions to the newsletter are logged to proof the subscription process in accordance with the legal requirements. This includes the storage of the time of subscription and confirmation and the IP address.
From time to time we conduct competitions on the social media channels of Capri Sun Austria GmbH. The personal data, which we collect in line with your participation in the competition, is only used for conducting the competition and only if you have previously given explicit consent.
Data Transfer, Transfer to a Third Country
Your personal data will not be transferred to third parties for any purposes other than those set out below. We will only transfer your personal data to third parties if:
a) You have given your express consent in accordance with Art. 6 Para. 1 Sent. 1 (a) GDPR,
b) The transfer is necessary in accordance with Art. 6 Para. 1 Sent. 1 (f) GDPR for the purpose of asserting, exercising or defending legal claims, and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data.
c) in the event that there is a legal obligation to transfer the data pursuant to Art. 6 Para. 1 Sent. 1 (c) GDPR and
d) this is legally permissible and necessary under Art. 6 Para. 1 Sent. 1 (b) GDPR, for the execution of a contractual relationship with you or for pre-contractual measures at your request.
Capri Sun Austria GmbH may also share such information with business partners, service providers, authorized third-party agents, or contractors in order to provide a requested service or transaction, including processing orders, providing customer support, or providing you with information on products and services that may be of interest to you.
We do not sell or rent your personal data to third parties for marketing purposes unless you have granted us permission to do so.
Capri Sun Austria GmbH may respond to subpoenas, court orders, or legal process by disclosing your personal data and other related information, if necessary. We also may choose to establish or exercise our legal rights or defend against legal claims.
Circumstances may arise where, whether for strategic or other business reasons, Capri Sun Austria GmbH decides to sell, buy, merge, or otherwise reorganize businesses. Such a transaction may involve, in accordance with applicable law, the disclosure of personal information to prospective or actual purchasers. It is Capri Sun Austria GmbH’s practice to seek appropriate protection for information in these types of transactions.
In the context of events of Capri Sun Austria GmbH, you have the possibility to give us your personal contact information. By doing so, you give us permission to forward your data to third parties, which are organizers or hotels in this case.
Connections with Social Networks
On some pages, the Capri Sun Austria GmbH website contains special programmes (so-called plug-ins), which can establish a connection to social networks such as Facebook, Instagram, or YouTube. You recognize each of these plug-ins by the button containing a logo which refers to the social network.
These plug-ins only become active after you clicked them once. You recognize the activation due to the visual chance of the plug-ins. After the activation, the plug-ins collect, process and use data as following:
As soon as you activate a plug-in, it establishes a short connection from your internet browser to the server of the relevant network. From there, the content of the plug-in will be forwarded to your internet browser.
By doing so, the operator of the social network gets to know your IP address. In certain cases, the operator of the social network also tries to save a cookie on your computer, which will be deleted as soon as you close the internet browser.
If you use a plug-in by (for example) reconfirming the button of the plug-in after the activation or sending a text via the plug-in, the relevant information will be forwarded from your internet browser to the operator of the social network, who will store relevant information.
If you have a user account at a social network and want to avoid that information about your visit on the website of Capri Sun Austria GmbH is connected with your user account at the relevant social network after the plug-in is activated, you have to log out of the social network before the plug-in is being activated.
For Facebook plug-ins in particular, the following applies: our website partially uses plug-ins of the social network facebook.com, like the so-called “Like”-button. These plug-ins are offered and operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (subsequent “Facebook”). They are marked with a Facebook logo, like for example a white “f” on a blue tile.
On www.facebook.com/help/ you can find out which information is being forwarded to Facebook by using Facebook plug-ins. On www.facebook.com/about/privacy/ you can additionally find out how Facebook processes and uses your data, which you disclose as a facebook.com user, and to what extent you can restrict the publication of your data.
For Twitter plug-ins in particular, the following applies: our website possibly uses social plug-ins of the social network Twitter, which are offered and operated by Twitter, Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (subsequent “Twitter”). You recognize these plug-ins by the usage of one of the Twitter logos. You can find an overview of the Twitter logos on twitter.com/about/resources/logos.
On twitter.com/privacy you can find out how Twitter processes and uses your data, which you disclose as a Twitter user, and to what extent you can restrict the publication of your data.
The Capri Sun Austria GmbH website contains links on the social network www.facebook.com. You can only use the site if you have a facebook user account and are logged into your account. On www.facebook.com/about/privacy/ you can find out how Facebook processes and uses your data, which you disclose as a facebook.com user, and to what extent you can restrict the publication of your data.
The tracking measures listed below and used by us are carried out based on Art. 6 Para. 1 Sent. 1 (f) GDPR. With the tracking measures used, we want to ensure a needs-based design and the continuous optimization of our website. Furthermore, we use tracking measures to statistically record the use of our website and to analyze it for the purpose of optimizing our website offerings. These interests are considered legitimate within the meaning of the afore mentioned provision. For the respective data processing purposes and data categories, please refer to the corresponding tracking tools described in detail below.
a) Google Analytics uses “cookies”, which are text files placed on your computer to help analyze how you use the website. The information generated by the cookie about your use of this website will be generally transmitted to and stored by Google on servers in the United States of America. If IP anonymization is activated on this website, however, Google will truncate your IP address within member states of the European Union or in other member states of the European Economic Area. Only in exceptional cases will your full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity, and providing the website operator with other services relating to website activity and internet usage.
b) You may refuse the storing of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website. Furthermore, you can prevent the collection of data generated by the cookie about your use of the website (including your IP address) and its processing by Google by downloading and installing the browser plug-in provided under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
c) This website uses Google Analytics with the add-on „_anonymizelp()“. This means that IP addresses are processed in abbreviated form, so as to eliminate any direct tracking to a specific person. If data collected about you refers to a specific person, it is therefore eliminated immediately and the personal data thus immediately deleted.
d) We use Google Analytics to be able to analyze the use of our website and regularly improve it. The statistics we compile enable us to improve our offering and make it more engaging for you as a user. With regard to the exceptional cases in which personal data is transferred to the USA, Google is subject to the EU-US Privacy Shield at https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 Para. 1 Sent. 1 (f) GDPR.
e) Information on the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, fax: +353 (1) 436 1001. User conditions: https://www.google.com/analytics/terms/us.html, data protection overview: https://support.google.com/analytics/answer/6004245?hl=en, and privacy statement: https://policies.google.com/privacy?hl=en&gl=en.
This website uses Google AdSense, a service to integrate ads of the Google Inc. (“Google”). Google AdSense uses so-called “cookies”, text files which are saved on your computer and which enable an analysis of the use of this website. Google AdSense also uses so-called web beacons (invisible graphics). These web beacons make it possible to evaluate information like the visitor traffic on these pages.
The information generated by cookies and web beacons about the use of this website (including your IP address) and the distribution of ad formats will be transmitted to a server of Google in the USA and will also be stored there. Google can forward this information to contracting parties of Google. However, Google will not amalgamate your IP address with other data stored about you.
You can prevent the installation of cookies with a relevant setting in your browser software. We inform you, however, that in this case you possibly might not be able to use all functions of this website to the fullest extent. By using this website, you agree with the processing of the data collected about you by Google in the previously described manner and the previously stated purpose.
Privacy Statement for the Use of YouTube Plug-Ins
Our website employs plug-ins provided by the Google-operated website YouTube. Operator of this site is: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, fax: +353 (1) 436 1001.
When you visit a site equipped with a YouTube plug-in, a connection is established to the YouTube servers. In the process, the YouTube server is informed which of our pages you have visited. If you are logged in to your YouTube account, you enable YouTube to associate your browsing behavior with your personal profile. You can prevent this by logging out of your YouTube account.
If you do not wish to participate in the tracking process, you can disable the automatic setting of cookies in your browser settings. You can also choose to block only specific cookies for conversion tracking by modifying your browser settings so that cookies from the domain “googleadservices.com” are not allowed.
With your permission, our website uses the conversion tracking pixel service of Facebook, Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA (“Facebook”). This gives us permission to track the actions of users after they are forwarded to a website of a provider by clicking a Facebook ad. Thus, we are able to document the effectiveness of Facebook ads for statistical and market research purposes. The collected data remains anonymous. This means that we cannot see the personal data of individual users. The collected data will, however, be stored and processed by Facebook. We inform you about this matter according to our latest information. According to the Facebook data policies www.facebook.com/about/privacy/, Facebook can match the data with the data of your Facebook account and uses the data for their own advertising purposes. Facebook conversion tracking allows Facebook and its partners as well to show you advertisements in- and outside of Facebook. Additionally, a cookie is saved on your computer for these purposes.
Please click here to revoke your consent: www.facebook.com/ads/website_custom_audiences/.
Remarketing tags of the social network Facebook, 1601 South California
Please click here to revoke your consent: www.facebook.com/ads/website_custom_audiences/
Only users aged 13 and older can give their permission. If you are younger than 13 years, please contact your legal guardian.
Functions of the service Twitter are integrated on our pages. These functions are offered by Twitter Inc., Twitter, Inc. 1355 Market St, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the “retweet” function, the pages you visit are matched with your Twitter account and disclosed to other users. In doing so, data will also be transferred to Twitter.
You can configure your privacy settings on Twitter in the account settings: http://twitter.com/account/settings.
Links to Other Sites
Our website may contain links to other sites. Capri Sun Austria GmbH is not responsible for the privacy practices or the content of other websites outside of Capri Sun Austria GmbH.
Capri Sun Austria GmbH will not retain your personal data longer than is necessary to fulfill the purposes for which it was collected or as required by applicable laws or regulations.
Applicant Privacy Notice
(1) We process applicant data only for the purpose and in the context of the application procedure in accordance with the legal requirements. The processing of the applicant data takes place in order to fulfil our (pre)contractual obligations within the scope of the application procedure pursuant to Art. 6 Para. 1 (b). GDPR, Art. 6 para. 1 (f) GDPR insofar as data processing becomes necessary for us.
(2) The application process requires that applicants provide us with their data. Necessary applicant data are personal details, postal and contact addresses and the documents accompanying the application, such as cover letter, curriculum vitae and certificates. In addition, applicants may voluntarily provide us with additional information.
(3) By submitting the application to Capri Sun Austria GmbH, applicants agree to the processing of their data for the purposes of the application process in accordance with the type and scope set out in this Privacy Statement.
(4) Insofar as special categories of personal data pursuant to Art. 9 Para. 1 GDPR are voluntarily disclosed in the application process, they are additionally processed in accordance with Art. 9 Para. 2 (b) GDPR (e.g. health data, e.g. severely disabled status or ethnic origin). Insofar as special categories of personal data pursuant to Art. 9 Para. 1 GDPR are requested from applicants in the application process, they are additionally processed in accordance with Art. 9 para. 2 lit. a GDPR (e.g. health data, if these are required for exercising the profession).
(5) Applicants can send us their application by mail or by e-mail. At this, please note that e-mails are not sent encrypted by default, hence, applicants have to take care of the encryption themselves. Thus, we cannot take responsibility for the transmission path of the application between the sender and the receipt on our server. If the applicant has any doubts about the security of sending the application documents by e-mail, we recommend sending the application documents by mail.
(6) The data provided by the applicants may be further processed by us in the event of a successful application for employment purposes. Otherwise, if the application for a job opening is not successful, the applicants’ data will be deleted. Applicants’ data will also be deleted if an application is withdrawn, which the applicants are entitled to at any time.
(7) We delete the documents, subject to legitimate revocation of the applicant, as soon as the application process expires after 12 months. The reason we do so is that we can answer possible follow-up questions concerning the application and that we can fulfil our burdens of proof in accordance with the Equal Treatment Act.
In case you consented to a further storage of your personal data, we will transfer your data to our pool of applicants. The data in this pool will be deleted after the time frame of two years expires.
If you receive the confirmation of employment for a position within the framework of an application procedure, we will transfer the data from our application data system to our human resource management system.
Invoices for any reimbursement of travel expenses are archived in accordance with tax regulations.
Data Subject Rights
You have the right
a) in accordance with Art. 15 GDPR, to request information about your personal data processed by us. In particular, you may request information about the purposes of processing, the categories of personal data concerned, the categories of recipients to whom your personal data have been or will be disclosed, the planned storage period, the existence of the right to rectification, deletion, restriction or objection of processing of personal data, the right to lodge a complaint with a supervisory authority, the origin of your data where the personal data was not collected by us, and the existence of automated decision-making and, if applicable, meaningful information about the logic involved;
b) in accordance with Art. 16 GDPR, to demand without delay the correction of incorrect data or the completion of your personal data stored by us;
c) to request the deletion of your personal data stored with us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
d) in accordance with Art. 18 GDPR to restrict the processing of your personal data if you dispute the accuracy of the data, if the processing is unlawful but you reject its deletion and we no longer need the data, but you need it to assert, exercise or defend legal claims, or if you have filed an objection to the processing in accordance with Art. 21 GDPR;
e) in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request its transfer to another person responsible;
f) in accordance with Art. 7 Para. 3 GDPR, to revoke your consent to us at any time. As a result, we will no longer be allowed to continue processing the data based on this consent in the future and
g) in accordance with Art. 77 GDPR, to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or of the registered office of our company.
The competent supervisory authority for data protection for Capri Sun Austria GmbH is:
Telefon: +43 1 52 152-0
For the assertion of the afore mentioned rights as well as for questions regarding data protection, you can contact the person responsible or send an email to email@example.com.
Right to object
If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 para. 1 S. 1 lit. f) GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR if there are reasons, which result from your particular situation or if the objection aims against direct advertising. In the latter case, you have a general right to object, that will be implemented by us without naming a particular situation. If you want to make use of your right to revoke or your right to object, it is enough to send an e-mail to firstname.lastname@example.org.
a) While you visit our website, we use the common SSL procedure (Secure Socket Layer) with the highest possible encryption level supported by your browser. As a general rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we will resort to128-bit v3 technology instead. Whether an individual page of our website is transmitted in encrypted form is indicated by the display of the closed key/lock symbol in the lower status bar of your browser.
b) We also use appropriate technical and organizational security measures to protect your data against accidental or intentional tampering, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
Additionally, each member of our staff commits to data protection and secrecy in accordance with the GDPR.
Changes to This Privacy Statement
In the event of new developments such as changes to the applicable data privacy laws, we will, if necessary, update this privacy statement accordingly.
Last updated: July 1, 2020