Data Privacy Statement
of Panomax GmbH, hereinafter referred to as Panomax.
- Data protection
1.1. Data protection by Panomax. Personal data of the controller or its relevant employees are processed by Panomax for the purpose of performing the contract based on the controller’s voluntary consent (e.g. in case of special categories of personal data), the existing legal relationship and legal provisions.
There is no obligation to give that consent (e.g. in case of special categories of personal data) and to conclude the contract. However, as a consequence of a failure to give that consent or to conclude the contract, the order cannot be accepted.
1.2. Further processing. For the purpose of performing the contract, Panomax will further process data for direct marketing in forms not requiring consent, such as addressed advertising materials sent by post, on the basis of an agreement to be concluded.
Personal data are further processed for the purpose of direct marketing in forms for which a consent is necessary, such as advertisements sent by email or the placing of personal ads only on the basis of the Controller’s additional voluntary consent. The controller is not obliged to give that consent. If that consent is not given, the controller would simply not receive any form of advertising for which its consent is necessary.
1.3. Transfer. All data are subject to the agreed or legal obligation of confidentiality and the protection of personal data. Except for the transfer of data to typical commercial recipients such as banks, tax advisers, lawyers, mail-handling services providers etc., the controller’s data are transferred only on the basis of legal provisions and in agreement with the controller.
1.4. Worldwide processing. The controller consents to the worldwide processing of its data, in particular to allow Panomax remote access to carry out processing operations in relation to orders, for example in cases of emergency while Panomax travels on business.
1.5. Storage period. The controller’s data will be stored for a maximum period of thirty years after completion of the orders for the purpose of documentation and to meet legal obligations.
1.6. Right of withdrawal. The controller may withdraw its consent at any time. If consent was given in writing, the right of withdrawal must also be exercised in writing; a consent to receipt of advertising by email may be withdrawn also by clicking the unsubscribe link. In this case, we will cease all processing operations, unless there is any other legal basis. The exercise of the right of withdrawal does not affect the lawfulness of data processed until that right was exercised.
1.7. Right to object. The controller may object to the processing of its personal data for the purpose of direct mail. In this case, we will no longer process your personal data for the purpose of direct mail.
1.8. Rights of data subjects. The controller and its relevant employees have the right to information, to rectification and erasure of their personal data, the right to restrict processing, the right to data portability and the right to file a complaint with the data protection authority (Österreichische Datenschutzbehörde, Wickenburggasse 8, 1080 Vienna, phone: +43 1 531 15 - 202525, E-Mail: email@example.com).
- Final provisions.
2.1. Terms and conditions. The terms and conditions of Panomax are applicable.
Framework Data Processing Agreement
of Panomax GmbH, hereinafter referred to as Panomax .
- Data processing.
1.1. Scope of application. This Framework Agreement will enter into force automatically if Panomax qualifies as processor in relation to the controller.
1.2. Processing, data, data subjects. The subject-matter (e.g. sending of newsletters), purpose (e.g. sending of e-mails), type (using a sending tool) and duration (limited, indefinite) of processing, the type of personal data (e.g. contact details ) and the categories of data subjects (e.g. employees, prospective buyers, customers, suppliers, website visitors ) are defined in the written specifications of Panomax.
1.3. Standard processing operations. Standard processing operations are carried out if the contractual processing operations
- include only an insignificant level of personal data on criminal data and criminal convictions or special categories of personal data, and
- involve no or only a low risk, and
- Panomax has defined technical and organizational standard measures for the relevant processing operation.
The standard processing operations are governed by the technical and organizational standard measures; the currently valid version is available at www.panomax.com/tom/.
1.4. Special processing operations. Special technical and organizational measures shall be agreed for all other processing operations to appropriately guarantee the protection of data.
1.5. Controller. As the controller under data protection law, the customer shall define the content of the contractual processing of personal data, the resulting risks, the commissioned processing operations, and the required level of protection.
1.6. Sufficient guarantees. The controller was informed of and examined the technical and organizational measures and confirmed these to constitute sufficient guarantees.
1.7. Evaluation and updates. Where agreed in writing, for example in a maintenance agreement, Panomax shall reasonably evaluate and update these measures. Otherwise, the controller is responsible for the evaluation and updating of the measures.
The current technical and organizational standard measures can be found on Panomax’s website. The controller shall review and confirm these measures at regular intervals.
The controller will be informed of any other special measures that are updated later on at least once a year for review and confirmation.
- Special provisions
2.1. Conformity with the law. Article 28 (2), (3) and (4) GDPR and the provisions incorporated by reference therein shall be applicable.
2.2. Requirement to observe instructions. Panomax processes personal data only on documented instruction of the controller, also in respect of the transmission of personal data to a third country or to an international organization, unless it has such an obligation according to Union law or the laws of the Member States to which Panomax is subject; in such a case, Panomax will inform the controller of these legal obligations prior to processing, unless the law prohibits such information on important grounds of public interest.
2.3. Involvement of employees. Panomax guarantees that the persons authorized to process personal data have accepted an obligation of confidentiality or are subject to an appropriate legal obligation of confidentiality.
2.4. Technical and organizational measures. Panomax will take all necessary measures according to Article 32 GDPR.
2.5. Rights of data subjects. In view of the type of processing, Panomax takes appropriate technical and organizational measures to assist the controller in its obligation to address requests to exercise the rights of data subjects according to Chapter III GDPR.
2.6. Security of processing. In consideration of the type of processing operations and the information available to it, Panomax will assist the controller in the fulfilment of the obligations laid down in Articles 32 to 36 GDPR.
2.7. Completion of processing operations. After completion of the processing operations, Panomax shall either erase or return all personal data at the controller’s election, unless there is an obligation under Union law or the laws of the Member States to store the personal data.
2.8. Obligation to provide evidence and information. Panomax provides the controller with all necessary information to prove the fulfilment of the obligations set out in this paragraph and allows and assists in examinations - including inspections - which are carried out by the controller or by another inspector appointed by it. Panomax will immediately inform the controller if he considers that any instruction infringes the GDPR or other data protection provisions of the European Union or the Member States.
2.9. Other processors. Panomax may generally engage other sub-contractors as processors to process personal data. However, in each particular case, the appointment of other processors must be notified to the controller in due time to allow the controller to object. If Panomax appoints another processor to carry out certain processing activities on behalf of the controller, the same data protection obligations defined in the contract between the controller and Panomax will be imposed on that other processor by way of a contract, and sufficient guarantees must be provided that appropriate technical and organizational measures are taken to ensure that the processing operations are carried out in accordance with the requirements of GDPR. If the other processor fails to fulfil its data protection obligations, Panomax shall be liable to the controller for the discharge of the other processor’s obligations.
- Final provisions.
3.1. Terms and conditions. The terms and conditions of Panomax are applicable.