1 Controller and Contact
GKT GmbH
Attn: Data Protection Coordinator
Neusiedlerstrasse 15-19
2640 Gloggnitz
Austria
Email: privacy@aichhorn-group.at
2. General Information on Data Processing
We process personal data exclusively based on the applicable legal provisions, in particular the General Data Protection Regulation (GDPR), the Austrian Data Protection Act (DSG), and – where relevant for the use of cookies and similar technologies – the Telecommunications Act 2021 (TKG 2021).
Personal data is any information relating to an identified or identifiable natural person.
We process personal data only to the extent necessary for the provision of our website, the initiation and execution of business relationships, the conduct of application procedures, the fulfillment of legal obligations, the protection of legitimate interests, or based on consent.
3.Purposes and Legal Bases of Processing
The processing of personal data is carried out either based on appropriate legal provisions or your consent (Art. 6 para. 1 et seq. GDPR). Processing is carried out exclusively for a specific purpose. These purposes include the provision and technical security of our website, the handling of inquiries and communication, the initiation, conclusion and execution of contracts, the management of customers, suppliers and business partners, the conduct of application procedures, the fulfillment of legal documentation, retention, tax, duty and compliance obligations, the assertion and defense of legal claims, risk management as well as – where permitted – direct marketing toward prospective customers and contact persons in existing or developing business relationships.
Our website is hosted on WordPress.com via Automattic, Inc. Within the scope of hosting, those personal data are processed which are necessary for the operation, security and delivery of the website.
In particular, the following data are processed: IP address, date and time of access, requested content, amount of data transferred, browser type and browser version, operating system, referrer URL, hostname of the accessing computer, as well as further technically required log data.
Processing is carried out for the purpose of providing the website, ensuring system security, error analysis and detecting misuse.
The legal basis is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the secure and stable operation of the website.
Data is stored until the technical operation, system security and error analysis are ensured; deletion takes place as soon as these purposes no longer apply.
When using our website for informational purposes only, i.e. if you do not actively transmit information to us, data are automatically processed which your browser transmits to our server.
This includes IP address, date and time of the request, time zone difference to Greenwich Mean Time, content of the request, access status or HTTP status code, amount of data transferred, website from which the request originates, browser, operating system and its interface, as well as language and version of the browser software.
This data is processed to ensure the functionality, stability and security of the website.
The legal basis is Art. 6 para. 1 lit. f GDPR.
Data are stored as long as necessary to ensure security, stability and misuse detection; deletion takes place as soon as no security-relevant evaluation is required.
If you contact us by email, telephone, in writing or via a contact form, we process the data you provide for the purpose of handling your inquiry and in the event of follow-up questions.
In particular, the following data may be processed: name, contact details, company affiliation, content of the inquiry, communication and correspondence data as well as any additional information voluntarily provided.
The legal basis is Art. 6 para. 1 lit. b GDPR, insofar as your inquiry is aimed at the conclusion of a contract or the implementation of pre-contractual measures; otherwise, Art. 6 para. 1 lit. f GDPR based on our legitimate interest in the proper handling of inquiries.
Data are stored until the inquiry, and any follow-up questions have been fully processed; beyond that only as long as legal retention obligations or legitimate interests exist.
7. Cookies und Consent Management
Our website uses cookies and comparable technologies.
Where access to information in your terminal device or the storage of information is technically strictly necessary, this is carried out based on the relevant legal provisions. Where additional cookies or technologies – for analysis, marketing or personalization purposes – are used, this is carried out only after your prior consent via our consent management tool.
Legal bases: technically necessary cookies or technologies: Art. 6 para. 1 lit. b GDPR or lit. f GDPR; optional cookies or technologies: Art. 6 para. 1 lit. a GDPR.
You may withdraw or adjust your consent at any time with effect for the future via our privacy settings.
The storage period depends on the respective function of the cookie; deletion takes place upon fulfillment of the purpose or withdrawal of consent.
General note:
Where we use analytics or tracking technologies, we inform you separately in this section. Such technologies are described only to the extent used.
Salesforce Marketing Cloud Account Engagement (formerly “Pardot”)
We use Marketing Cloud Account Engagement – a B2B marketing solution of Salesforce, Inc., The Landmark at 1 Market Street, Suite 300, San Francisco, CA 94105, USA. Marketing Cloud Account Engagement is an application connected to Salesforce for recording and evaluating the use of a website-by-website visitors and an email marketing tool as well as for automating newsletter distribution. Insofar as Marketing Cloud Account Engagement processes personal data, processing is carried out exclusively on our behalf and according to our instructions. Personal data provided voluntarily are initially stored in Marketing Cloud Account Engagement and then processed together with the Salesforce CRM system for the purpose of contacting you and/or sending information. In addition, Salesforce also stores the IP address as an assignment feature. A transfer of personal data to the USA is based on the adequacy decision of July 10, 2023, of the European Commission pursuant to Art. 45 GDPR, the so-called EU-U.S. Data Privacy Framework.
When visiting our website, Marketing Cloud Account Engagement records your click path and creates an individual user profile using a pseudonym. For this purpose, cookies are used which enable recognition of your browser. The cookies set are a “visitor cookie” and a “Marketing Cloud Account Engagement session cookie”. The “visitor cookie” generates an identification number by means of which the browser of the website visitor is recognized. This identification number is a generated numerical code that has no meaning outside Marketing Cloud Account Engagement. The “Marketing Cloud Account Engagement session cookie” is only set when a customer logs in as a user via Marketing Cloud Account Engagement. All cookies contain only the generated numerical code.
Emails sent using Marketing Cloud Account Engagement use tracking technologies. We use this data to determine which topics are of interest to you by tracking whether our emails are opened and which links you click on. We use this information to improve the emails we send to you and the services we provide.
The legal basis is Art. 6 para. 1 lit. a GDPR based on your consent.
Data are stored until consent is withdrawn or the respective processing purpose ceases to apply; beyond that in accordance with the technically defined storage periods of the tools used.
YouTube
Our website uses plugins from the site YouTube operated by Google. The operator of the pages is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers is established. In the process, the YouTube server is informed which of our pages you have visited.
If you are logged into your YouTube account, you enable YouTube to assign your browsing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
Further information on the handling of user data can be found in YouTube’s privacy policy at: https://www.google.de/intl/de/policies/privacy
Data are stored until consent is withdrawn or the respective processing purpose ceases to apply; beyond that in accordance with the technically defined storage periods of the tools used.
We use “LinkedIn Advertising” from LinkedIn Ireland Unlimited Company (Ireland). This allows us to show personalized advertisements to people who visit our website while they are logged into LinkedIn.
LinkedIn’s privacy policy can be found at www.linkedin.com/legal/privacy-policy and www.linkedin.com/legal/cookie-policy.
The legal basis is Art. 6 para. 1 lit. a GDPR based on your consent.
Data are stored until consent is withdrawn or the respective processing purpose ceases to apply; beyond that in accordance with the technically defined storage periods of the tools used.
Plugins of the social network Facebook are integrated on our website. The provider is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.
When you access a page with such a plugin, a connection to Facebook’s servers is established. Your IP address and information about your visit to our website are transmitted to Facebook.
If you are logged into your Facebook account, Facebook can assign your visit to your user account. If you interact with the plugins (e.g. “Like” button), the corresponding information is also transmitted directly to Facebook and stored there.
Further information on data processing by Facebook can be found at:
https://www.facebook.com/privacy/policy/
The legal basis is Art. 6 para. 1 lit. a GDPR based on your consent.
Data are stored until consent is withdrawn or the respective processing purpose ceases to apply, beyond that in accordance with Meta’s storage periods.
Functions of the Instagram service are integrated on our website. The provider is also Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.
When you access a page with an Instagram plugin, a connection to Instagram servers is established. In the process, your IP address and information about your usage behavior are transmitted to Instagram.
If you are logged into your Instagram account, Instagram can assign your visit to your user account. Interactions with the integrated functions are also transmitted to Instagram.
Further information on data processing by Instagram can be found at:
https://privacycenter.instagram.com/policy/
The legal basis is Art. 6 para. 1 lit. a GDPR based on your consent.
Data are stored until consent is withdrawn or the respective processing purpose ceases to apply, beyond that in accordance with Meta’s storage periods.
Google Analytics
As Google Analytics is used on our website, it serves statistical analysis of the use of our website and the continuous improvement of our online offering.
In particular, the following data may be processed: shortened IP address, usage data, device and browser information, interaction data, page views, referrer information as well as cookie or comparable identifiers.
The legal basis is Art. 6 para. 1 lit. a GDPR based on your consent.
Data are stored until consent is withdrawn or the respective processing purpose ceases to apply; beyond that in accordance with the technically defined storage periods of the tools used.
9. External Content, Social Media and Similar Services
Die Daten werden nur im Rahmen der Nutzung verarbeitet; eine Speicherung erfolgt entsprechend den Richtlinien des jeweiligen Drittanbieters und endet mit Zweckerreichung oder Widerruf der Einwilligung.
Pure linking to social media profiles: insofar as only links to external social media profiles are integrated on our website, no automatic data transfer to these providers takes place when merely visiting our website. Data processing by the respective provider only takes place when you actively click the link.
Embedded content or plugins: insofar as content from third-party providers – such as videos, feeds, social plugins, pixels or advertising/tracking tags – is directly integrated on our website, a connection to the servers of the respective third-party provider may already be established when the respective page is accessed.
In the process, your IP address, device and browser data, usage data, referrer information and, if applicable, cookies or other identifiers are transmitted to the respective provider.
Such integrations are only activated after your prior consent, unless they are technically strictly necessary.
The legal basis is Art. 6 para. 1 lit. a GDPR based on your consent.
Data is processed only within the scope of use; storage is carried out in accordance with the policies of the respective third-party providers and ends upon fulfillment of the purpose or withdrawal of consent.
Die Daten werden gespeichert, solange das Abonnement besteht und bis zum Widerruf der Einwilligung.
If you subscribe to our newsletter, we process your email address as mandatory data and optionally voluntarily provided personal data such as first and last name as well as salutation data required for sending the newsletter for the purpose of sending the newsletter.
The legal basis is Art. 6 para. 1 lit. a GDPR based on your consent.
Data is stored if the subscription exists and until consent is withdrawn.
11. Prospective Customers and General Business Initiation
We process personal data of prospective customers and their contact persons insofar as this is necessary for initiating business contacts, communication, preparation of offers, documentation of contacts as well as – where legally permissible – direct marketing for our own services.
The following data are processed: name, address, contact details, company data, company affiliation, function or area of responsibility, language correspondence, support and communication data, data on visits, transmitted documents or marketing materials, response behavior as well as other information arising in connection with business initiation.
Legal bases: Art. 6 para. 1 lit. b GDPR for pre-contractual measures; Art. 6 para. 1 lit. f GDPR for communication, maintenance of business relationships, direct marketing within the legally permissible scope as well as further development of our business activities; Art. 6 para. 1 lit. a GDPR where consent has been obtained.
Insofar as personal data are processed exclusively for marketing purposes, data subjects may object to this processing at any time with effect for the future.
Data are stored for the duration of business initiation and beyond if a legitimate interest in further contact or direct marketing exists or until an objection is made.
If you apply to us, we will process your personal data for the purpose of carrying out the application procedure.
In particular, the following data may be processed: master data and contact data, application documents, CV, education and qualification data, certificates, correspondence data, information from interviews, data transmitted by recruitment agencies or public bodies if applicable, as well as other data you provide during the application process.
Insofar as applicants provide special categories of personal data within the meaning of Art. 9 GDPR, we process these only to the extent permitted by law and necessary for the application process or where valid consent exists.
If an application is not pursued further or a position is filled otherwise, the application is deleted after completion of the application process following the retention period, unless longer storage is legally required or you have expressly consented to retention in a candidate pool.
Legal bases: Art. 6 para. 1 lit. b GDPR, Art. 6 para. 1 lit. c GDPR, Art. 6 para. 1 lit. f GDPR.
Data are stored until completion of the application process; beyond that only as long as legal retention periods exist, for defense against legal claims or based on consent.
13. Customer, Contract and Project-Related Data
We process personal data from customers, clients, third parties involved in business transactions as well as their respective contact people insofar as this is necessary for initiating, executing and documenting contracts and projects.
In particular, the following categories of data may be processed: master and contact data, company data, offer, order and contract data, delivery and performance data, project and communication data, invoice and payment data, bank data, tax, customs and export control data, creditworthiness and risk data, payment and performance behavior data, reminder and claim data, data on involved third parties, marketing and support data as well as data of contact persons.
Legal bases: Art. 6 para. 1 lit. b, c and f GDPR.
Data are stored for the duration of the contractual relationship and beyond in accordance with legal retention obligations.
14. Supplier and Procurement Data
We process personal data of suppliers, service providers, subcontractors and their contact persons insofar as this is necessary for supplier setup, offer evaluation, ordering, performance execution, quality assurance, invoicing, payment and legal documentation.
The following data may be processed: master and contact data, company data, offer, order and contract data, delivery and performance data, creditworthiness and payment data, bank data, tax, customs and export control data, data on insurance and financing, reminder and claim data, data on involved third parties as well as communication data.
Legal bases: Art. 6 para. 1 lit. b, c and f GDPR.
Data are stored for the duration of the business relationship and in accordance with legal retention obligations.
Within our company, only those departments and people receive access to personal data who require it to fulfill their tasks.
In addition, personal data may be transmitted – where necessary and legally permissible – to IT and hosting service providers, software and system providers, communication and support service providers, tax advisors, auditors and legal advisors, banks and payment service providers, insurance companies, logistics and shipping providers, recruitment agencies, authorities, courts and other public bodies as well as other processors or service providers.
16. Transfers to Third Countries
A transfer of personal data to countries outside the EU or EEA takes place only insofar as this is technically necessary for certain services, a third-party service requested by you is integrated, we are legally obliged to do so, or appropriate safeguards pursuant to Chapter V GDPR exist or with your explicit consent.
We generally store personal data only as long as necessary for the respective purposes.
Beyond that, data are stored insofar and if legal retention obligations, limitation periods, defense or enforcement of legal claims, legitimate interests in documentation or consent for longer storage exist.
Data subjects have the following rights subject to legal requirements: right of access, right to rectification, right to erasure, right to restriction of processing, right to data portability.
To exercise these rights, you may contact us at any time using the contact details provided above.
Where we process data based on legitimate interests, you have the right to object to this processing on grounds relating to your situation. Where data are processed for direct marketing purposes, you may object at any time without stating reasons.
19. Right to Lodge a Complaint with a Supervisory Authority
If you believe that the processing of your personal data violates data protection law, you have the right to lodge a complaint with supervisory authority. The competent authority in Austria is in particular:
Austrian Data Protection Authority
Barichgasse 40-42
1030 Vienna
Austria
Phone: +43 1 52 152-0
Email: dsb@dsb.gv.at
20. Obligation to Provide Data
The provision of personal data is generally not legally required for the mere use of the website, but partly technically necessary; for inquiries to the extent that we otherwise cannot properly process them; for applications to the extent that participation in the application process is generally not possible without such data; for contracts and business relationships to the extent that conclusion or execution of a contract is not possible without such data.
21. Automated Decision-Making / Profiling
Automated decision-making, including profiling within the meaning of Art. 22 GDPR does not generally take place.
Should such procedures be used in individual cases, we will inform data subjects separately to the extent required by law.
Last updated: March 31, 2026