Technically organizational measures
Here you can download the technical and organizational measures of the organization as a PDF file.
Download TOM Report
List of processing activities
Here you can view all processing activities according to GDPR. Please click on the heading of the processing activity to get a detailed report.
- Accounting and Logistics
Processing and transmission of data in a business relationship with customers and suppliers, including automated and archived text documents (such as correspondence) in these matters.
- Administration of user IDs
System access control and management of user identifiers for the client's data applications, and management of the allocation of hardware and software to system users, including automated and archived text documents (such as correspondence) in those matters.
- Deletion and destruction of personal data and documents (digital / paper)
Deletion and destruction of company data acc. data protection principles. Destruction of data carriers that are no longer required (eg after expiry of the retention period) on which or in which personal data are stored (hard drives, SSD, CD / DVDm, USB stick, etc.) as well as files. Data is gem. Art. 5 (1) lit. DSGVO deleted immediately after completion of the purpose for processing by the person responsible within a maximum of one month.
- Personnel administration for private employment
The purpose of the processing activity is the processing, keeping of Evidence and transmission of personal data for payroll, remuneration and compliance with records, information and reporting obligations, as required by laws or standards of collective law or contractual obligations; The individual tasks of personnel administration include: - Creation and management of personnel files - activities in the hiring and introduction of new employees and leaving employees - processing of working, vacation and absences of employees - personal data management - payroll including executions - leadership of personnel statistics - time recording - sick leave - administration of employment contracts - performance of dismissals - job descriptions Processing of special categories of personal data of employees within the meaning of Articles 9 and 10 GDPR is permitted only on the basis of a legal authorization or legal obligations. Transfers of data shall be made to the extent necessary for the administration and performance of the obligations under the law. Data is gem. §§ 207 Abs. 2, 209 BAO for 10 years, insofar as they are required for official certificates for 30 years.
- Storage of data, correspondence and data backup
Storage of company data in general archive and file systems as well as securing of the email traffic. Ensuring the recovery of business processes in case of system failure, system failure and emergencies. Data will be kept for as long as determined by the particular processing activity from which it originates.
- Technical support, help desk
Providing helpdesk and maintenance services for the technical support of employees of the person in charge, an Austrian group company, by other group companies or external companies, including automated and archived text documents (such as correspondence) in these matters.
- Use of communication tools
Summary of communication services in an application environment such as: Real-time Collaboration, IP Telephony, Video Conferencing 8u.a. Skype for Business)