DATA PROTECTION

Privacy Policy


Last updated:September 25, 2022

Thank you for your interest in the information on our website!

With the help of this privacy policy, we would like to inform users of our website about the nature, scope, and purposes of the processing of personal data. Personal data in this context is any information that can be used to personally identify you as a user of our website (theoretically, possibly indirectly or by linking various data), including your IP address. Information stored in cookies is generally not considered personal data, or only in exceptional cases; however, this is covered by a special regulation which largely makes the permissibility of using cookies dependent on their purpose and the active consent of the user.

In a general section of this privacy policy, we provide you with information on data protection that generally applies to our processing of data, including data collection on our website. In particular, you, as a data subject, are informed about your rights.

The terms used in our privacy policy and our data protection practices are governed by the provisions of the EU General Data Protection Regulation (“GDPR”) and other relevant national legal provisions.


Responsible

Katocut eU
FN FN 512216 i
Liebenstein 22
4252 Liebenau
Austria

E:info@katocut.com
T:43 664 426 21 11

Data Protection Coordinator:
Mr. Alexander Hackl, Engineer


Data collection on our website

Your personal data is collected on the one hand when you explicitly provide it to us, and on the other hand, data, particularly technical data, is automatically collected when you visit our website. Some of this data is collected to ensure the proper functioning of our website. Other data may be used for analytical purposes. However, you can generally use our website without having to provide any personal information.


Technologies on our website: Cookies and Local Storage

We use cookies on our website to make our online presence more user-friendly and functional. Some cookies remain stored on your device.

Cookies are small data packets that are exchanged between your browser and our web server when you visit our website. These do not cause any harm and are used solely to recognize website visitors. Cookies can only store information provided by your browser, i.e., information that you have entered into the browser yourself or that is present on the website. Cookies cannot execute code and cannot be used to access your device.

The next time you visit our website using the same device, the information stored in cookies can subsequently be sent back either to us ("first-party cookie") or to a third-party web application to which the cookie belongs ("third-party cookie"). The stored and returned information allows the respective web application to recognize that you have already accessed and visited the website using your device's browser.

Cookies contain the following information:

  • Cookie Name
  • Name of the server from which the cookie originally originated
  • Cookie ID number
  • A date on which the cookie is automatically deleted.

    • Depending on their purpose and function, we divide cookies into the following categories:

    • Technically necessary cookies to ensure the technical operation and basic functions of our website. This type of cookie is used, for example, to retain your settings while you navigate the website; or they can ensure that important information is retained throughout the session (e.g., login, shopping cart).
    • We use statistics cookies to understand how visitors interact with our website by collecting and analyzing information anonymously. This gives us valuable insights to optimize both the website and our products and services.
    • Marketing cookies are used to set targeted advertising activities for users on our website.
    • Unclassified cookies are cookies that we are currently trying to classify together with individual cookie providers.

      • Depending on their storage duration, we also divide cookies into session and persistent cookies. Session cookies store information used during your current browser session. These cookies are automatically deleted when you close your browser. No information remains on your device. Persistent cookies store information between visits to the website. This information allows the website to recognize you as a returning visitor on your next visit and respond accordingly. The lifespan of a persistent cookie is determined by the cookie provider.

      The legal basis for the use of technically necessary cookies is our legitimate interest in the technically flawless operation and smooth functionality of our website, in accordance with Article 6(1)(f) GDPR. Our website cannot function properly without these cookies. The use of statistics and marketing cookies requires your consent in accordance with Article 6(1)(a) GDPR. You can withdraw your consent to the use of cookies at any time for the future in accordance with Article 7(3) GDPR. Giving consent is voluntary. There are no disadvantages if you do not give it. You can find further information about the cookies we actually use (in particular their purpose and storage duration) in this privacy policy and in the information about the cookies we use in our cookie banner.

      You can also configure your internet browser to generally prevent cookies from being stored on your device, or to ask you each time whether you agree to the setting of cookies. You can delete cookies that have already been set at any time. For detailed instructions on how to do this, please refer to your browser's help function.

      Please note that disabling cookies entirely may result in limited functionality on our website.

      Our website also uses so-called local storage functions (also known as "local storage"). This involves storing data locally in your browser's cache, which remains even after you close the browser – unless you clear the cache or it is session storage – and can still be accessed.

      Third parties cannot access data stored in Local Storage. If specific plugins or tools use Local Storage functions, this will be described in the respective plugin or tool description.

      If you do not want plugins or tools to use local storage functions, you can control this in your browser settings. Please note that this may result in limited functionality.


      Hosting

      As part of hosting our website, all data processed in connection with its operation is stored. This is necessary to enable the website to function. We therefore process this data based on our legitimate interest in optimizing our website, in accordance with Article 6(1)(f) of the GDPR. To provide our online presence, we use services from web hosting providers, to whom we transfer the aforementioned data as part of commissioned data processing in accordance with Article 28 of the GDPR.


      Contact

      When you contact us, your information will be used to process and handle your inquiry in accordance with Article 6(1)(b) GDPR, thereby fulfilling our pre-contractual rights and obligations. Processing your data is necessary to handle and respond to your inquiry; otherwise, we will be unable to respond or can only do so to a limited extent. Based on our legitimate interest in direct marketing pursuant to Article 6(1)(f) GDPR, your information may also be stored in a customer and prospect database.

      We will delete your inquiry and your contact details once your inquiry has been fully answered and there are no legal retention periods that prevent deletion, for example, in connection with subsequent contract processing. This is usually the case if there has been no contact with you for three consecutive years.


      Server log files

      For technical reasons, in particular to ensure a functional and secure website, we process technically necessary data about access to our website in so-called server log files, which your browser automatically transmits to us.

      The access data we process includes:

      • Name of the accessed website
      • Browser type and version used
      • visitor's operating system
      • The visitor's previously visited page (referrer URL)
      • Time of server request
      • amount of data transferred
      • Hostname of the accessing computer (IP address used)

        • This data is not linked to any individual and is used solely for statistical analysis, the operation and improvement of our website, and the security and optimization of our online services. This data is only transmitted to our website host. It is not combined or merged with other data sources. If there is suspicion of unlawful use of our website, we reserve the right to subsequently review this data. This data processing is based on our legitimate interest, pursuant to Article 6(1)(f) GDPR, in the technically flawless presentation and optimization of our website.

        The access data is deleted shortly after the purpose has been fulfilled, usually after a few days, unless further retention is required for evidentiary purposes. Otherwise, the data is retained until the incident is fully resolved.


        General information on data protection

        The following provisions apply in principle not only to data collection on our website, but also generally to the processing of personal data in general.


        Personal data

        Personal data is information that can be individually linked to you. Examples include your address, name, postal address, email address, and telephone number. Information such as the number of users visiting a website is not personal data because it does not allow for identification of a single person.

        .

        Legal basis for the processing of personal data

        Unless more specific information is provided in this privacy policy (e.g. regarding the technologies used), we may process your personal data on the basis of the following legal grounds:

        • Consent pursuant to Art. 6 para. 1 lit. a GDPR– The data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes.
        • Contractual performance and pre-contractual measures pursuant to Art. 6 para. 1 lit. b GDPR– The processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract.
        • Legal obligation pursuant to Art. 6 para. 1 lit. c GDPR– The processing is necessary for compliance with a legal obligation.
        • Protection of vital interests pursuant to Art. 6 para. 1 lit. d GDPR– The processing is necessary to protect the vital interests of the data subject or another natural person.
        • Legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR- Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.


          • Please note that in addition to the GDPR regulations, national data protection regulations may apply in your or our home country.


          Transfer of personal data

          Your personal data will not be transferred to third parties for purposes other than those listed in this privacy policy.

          We will only share your personal data with third parties if:

          • You according toArticle 6 paragraph 1 letter a GDPRexpressconsenthave granted permission
          • the transfer according toArticle 6 paragraph 1 letter f GDPRto safeguard thelegitimate interestsas well as being necessary for the establishment, exercise or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
          • for forwarding toArticle 6 paragraph 1 letter c GDPRonelegal obligationexists, insofar as this is legally permissible and/or
          • according toArticle 6 paragraph 1 letter b GDPRfor theHandling of contractual relationshipsis required with you.


            • Cooperation with data processors

            We carefully select our service providers who process personal data on our behalf. If we engage third parties to process personal data on the basis of a data processing agreement, this is done in accordance with Article 28 of the GDPR.


            Transfer to third countries

            If we process data in a third country, or if this occurs in the context of using third-party services or disclosing or transferring data to other persons or companies, this will only be done on the basis of the legal grounds outlined above for the transfer of data.

            Subject to explicit consent or contractual necessity, we process or have data processed in accordance with Articles 44-49 GDPR only in third countries with a level of data protection recognized as adequate or on the basis of special guarantees, such as a contractual obligation through so-called standard contractual clauses of the EU Commission, the existence of certifications or binding internal data protection rules.


            Data transfer to the USA / Loss of the Privacy Shield

            We would like to expressly point out that, as of July 16, 2020, due to a legal dispute between a private individual and the Irish supervisory authority, the so-called “Privacy Shield”, an adequacy decision of the EU Commission pursuant to Article 45 GDPR, which confirmed an adequate level of data protection for the USA under certain circumstances, is no longer valid with immediate effect.


            The Privacy Shield therefore no longer constitutes a valid legal basis for the transfer of personal data to the USA!


            If we transfer any data to the USA or use a service provider based in the USA, we will explicitly refer to this in this privacy policy (see in particular the description of the technologies on our website).


            What could the transfer of personal data to the USA mean for you as a user, and what risks are involved?


            Risks for you as a user include the powers of US intelligence agencies and the legal situation in the US, which, according to the European Court of Justice (ECJ), no longer guarantees an adequate level of data protection. These risks include, among others, the following points:

            • Section 702 of the Foreign Intelligence Surveillance Act (FISA) does not provide for any restrictions on surveillance measures by intelligence agencies and does not offer any guarantees for non-US citizens.
            • Presidential Policy Directive 28 (PPD-28) does not provide effective legal remedies for affected individuals against actions by US authorities and does not include any safeguards to ensure proportionate measures.
            • The ombudsman provided for in the Privacy Shield does not have sufficient independence from the executive branch; he cannot issue binding orders to the intelligence services.


              • Legally compliant transfer of data to the USA based on standard contractual clauses?

              The standard contractual clauses adopted by the Commission in 2010 (2010/87/EU of 5 February 2010), Art. 46 para. 2 c GDPR, remain valid; however, a level of protection for personal data equivalent to that in the European Union must be ensured. Therefore, not only the contractual relationships with our service providers are relevant, but also the possibility of access to the data by authorities in the USA and the legal system there (legislation and jurisprudence, administrative practice of authorities).

              Standard contractual clauses cannot bind authorities in the USA and therefore do not provide adequate protection in cases where authorities in the USA are authorized to interfere with the rights of data subjects without additional measures by us and our service provider.


              Legally compliant transfer of data to the USA based on your consent?

              It is currently controversial whether informed consent, and thus a willful and knowing restriction of parts of your fundamental right to data protection, is even legally possible.


              What measures do we take to ensure that data transfers to the USA comply with the law?

              Where US providers offer this option, we choose to process data on EU servers. This should technically ensure that the data is located within the European Union and that access by US authorities is not possible.

              Furthermore, we are carefully examining European alternatives to the US tools we currently use. However, this is a process that will not happen overnight, as it also involves technical and economic consequences for us. Only if the use of European tools and/or the immediate shutdown of the US tools is impossible for us for technical and/or economic reasons will we continue to use US service providers.


              We are taking the following measures regarding the continued use of US tools:

              Where possible, your consent will be requested before using any US tool, and you will be informed transparently about how the service works in advance. Information on the risks of transferring data to the USA can be found here.

              With US service providers, we strive to conclude standard contractual clauses and demand additional guarantees. In particular, we require the use of technologies that prevent unauthorized access to data, such as encryption that cannot be broken even by US services, or anonymization or pseudonymization of the data, where only the service provider can identify the data subject. At the same time, we require additional information from the service provider should any unauthorized access to data by third parties actually occur, and we demand that the service provider exhaust all legal remedies before granting access to the data.


              Storage duration in general

              Unless an explicit storage period is specified when data is collected (e.g., within the framework of a consent declaration), we are obligated under Article 5(1)(e) GDPR to delete personal data as soon as the purpose for its processing no longer exists. In this context, we would like to point out that statutory retention obligations to which we are subject constitute a legitimate purpose for the further processing of the personal data collected as a result.

              We generally store and retain personal data until the termination of a business relationship or until the expiry of applicable warranty, guarantee or limitation periods, and beyond that until the conclusion of any legal disputes in which the data is required as evidence, or in any case until the end of the third year after the last contact with a business partner.


              Storage duration in particular

              Specific information regarding data retention periods can be found in the descriptions of individual technologies on our website. Our cookie table provides information about the storage duration of individual cookies. Additionally, you can always contact us directly to inquire about the specific data retention period. Please use the contact details provided in this privacy policy for this purpose.


              Rights of those affected

              Affected persons have the right to:

              • (i)pursuant to Article 15 GDPR,Informationto request information about your personal data processed by us. In particular, you can request information about the purposes of the processing, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, as well as the existence of automated decision-making, including profiling, and, where applicable, meaningful information about the logic involved.
              • (ii)pursuant to Article 16 GDPR,immediatelyCorrectionto request correction or completion of your personal data stored with us;
              • (iii)pursuant to Article 17 GDPR,under certain circumstances thedeletionto request the deletion of your personal data stored with us, unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
              • (iv)pursuant to Article 18 GDPR,the (temporary)Restriction of processingto request your personal data if you contest the accuracy of the data, the processing is unlawful but you object to its erasure, we no longer need the data but you require it for the establishment, exercise or defense of legal claims, or you have objected to the processing pursuant to Article 21 GDPR;
              • (v)pursuant to Article 20 GDPR,You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format, or to request its direct transmission to another controller; however, this only covers those personal data of yours that we process using automated procedures based on your consent or on the basis of a contract;
              • (vi)pursuant to Article 21 GDPR,if your personal data is processed on the basis of our legitimate interest,Contradictionto object to the processing of your personal data, provided there are grounds for doing so arising from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right to object, which we will implement without requiring you to specify a particular situation;
              • (vii)pursuant to Article 7(3) GDPRYour consent, once given, can be given to us at any timerevokedThis means that we will no longer be permitted to continue processing data based on this consent. Among other things, you have the option to revoke your previously granted consent to the use of cookies on our website with effect for the future by accessing our cookie settings.
              • (viii)pursuant to Article 77 GDPRYou have the right to lodge a complaint with a supervisory authority regarding our unlawful processing of your data.complain. As a rule, you can contact the supervisory authority of your usual place of residence or work, or our company headquarters.


                • The competent supervisory authority for Katocut OG is:

                Austrian Data Protection Authority
                Barichgasse 40-42, 1030 Vienna, Austria
                Tel.: 43 1 52 152-0, dsb@dsb.gv.at


                Assertion of data subject rights

                You decide how your personal data is used. Therefore, if you wish to exercise any of your rights mentioned above, please feel free to contact us by email atinfo@katocut.comor contact us by mail or telephone.

                Please help us clarify your request by answering questions from our staff regarding the specific processing of your personal data. If there are legitimate doubts about your identity, we may request a copy of your identification.

                For questions regarding data protection, you can reach us atinfo@katocut.comor using the other contact details listed in this privacy policy.

                Liebenau, on September 25, 2022


KATOCUT stands for Quality & Precision Made in Austria