Name and address of the data controller
The data controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection provisions is:
BPG Alternative Minerals Reserves AG
Wipplingerstraße 24-26/9
1010 Vienna
Austria
Tel. +43 1 413-0030
E-Mail: privacy@bpg-amr.com
Website: www.bpg-amr.com
If you have any questions regarding the processing of personal data or data protection in general, you can contact us at privacy@bpg-amr.com.
General
The protection of your personal data is very important to us. We process your data exclusively on the basis of the applicable legal provisions, in particular the General Data Protection Regulation (GDPR) and the applicable national data protection laws. It is generally possible to use our website without providing personal data. We collect and use personal data from our users only to the extent necessary to provide a functional website and our content and services or information or if you voluntarily provide it (e.g., when contacting us). If consent is required for certain processing operations, we will obtain it in advance.
In this privacy policy, we provide information about the personal data we process, the purposes for processing it, and your rights in this regard.
Definitions
The following privacy policy of BPG Alternative Minerals Reserves AG is based on the requirements and definitions set out in Art. 4 GDPR. To ensure clarity for visitors to this website, we define the most important terms used below:
Personal data
Information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”).
Data subject
Person whose data is being processed.
Controller
The natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data.
Processor
A natural or legal person, public authority, agency or other body that processes data on behalf of and in accordance with the instructions of the controller.
Recipient
A natural or legal person, public authority, agency or other body to which personal data are disclosed.
Third party
A ‘third party’ is any entity outside the controller and the processor that processes personal data under their responsibility without being bound by their instructions.
Processing
Any handling of personal data (e.g. collection, storage, use, deletion).
Restriction
Limitation of the use of personal data.
Consent
The voluntary consent of the data subject to the processing of personal data.
Withdrawal
Withdrawal of consent.
Pseudonymisation
Pseudonymization means processing in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to appropriate technical and organizational measures.
Processing operations
Data collection when visiting our website
Each time you visit our website, certain access data is automatically collected and stored in server log files by our web server.
Scope
This may include the following information in particular:
- Browser type and browser version
- Operating system of the end device
- Pages/files accessed on our web server (including entry and exit pages)
- Date and time and duration of access
- IP address
- Internet service provider
- Country/region and duration of access
Purpose
The technical processing and short-term storage of the IP address is necessary to establish a connection between your device and our server and to deliver the website to your device. For this purpose, the IP address is processed for the duration of the respective session.
In addition, technical access data is stored in log files to ensure the proper functioning of the website. The log files support, in particular, error analysis, the stability and optimisation of the website, and the prevention and investigation of security incidents and misuse (e.g. attack detection). This data is not used for advertising or marketing purposes.
Legal basis for data processing
Art. 6 (1) lit. f GDPR forms the legal basis for the temporary storage of data and log files. Our legitimate interest lies in the secure, stable and functional operation of the website and in the protection of our information technology systems.
Data deletion and storage period
We only store personal data for as long as is necessary for the respective purposes or as long as there are legal retention obligations. Server log files are only stored for as long as is necessary to ensure technical operation and IT security.
Contact option via the website
Scope
A contact form is available on our website, which you can use to contact us electronically. If you use this form, the data you enter in the input mask will be transmitted to us and processed exclusively for the purpose of processing your enquiry. This includes, in particular, the information you provide (e.g. name, e-mail address and the content of the message).
At the time of sending, the user’s IP address and the date and time of sending are stored.
Reference is made to this privacy policy during the sending process.
Alternatively, you can contact us via the email address provided. In this case, we will process the personal data you provide to us in the course of email communication (e.g. email address, message, signature data, if applicable) exclusively for the purpose of processing your enquiry.
Data will only be passed on to third parties in accordance with the section “Data transfer / Recipients”.
Purpose
The processing of personal data serves exclusively to process your enquiry and to communicate with you.
The additional technical data processed during the sending process (e.g. IP address, time stamp) is processed to prevent misuse and to ensure the security and functionality of our information technology systems.
Legal basis for data processing
The legal basis for the processing of data transmitted in the context of establishing contact is Art. 6 (1) lit. f GDPR. Our legitimate interest lies in processing enquiries and communicating.
If the purpose of the contact is to conclude or perform a contract, Art. 6 (1) lit. b GDPR applies.
Data deletion and storage period
We only store the data processed when you contact us for as long as necessary to process your enquiry. Beyond that, we store data only if there are legal retention or documentation obligations or if this is necessary to assert, exercise or defend legal claims.
Cookies
Cookies are small text files that are stored on your device (e.g. computer, tablet or smartphone) via your browser when you visit our website. They do not cause any damage and are primarily used to recognise your browser or device when you visit our website again at a later date.
If you visit our website again later using the same device, the information stored in the cookie may be transmitted back to our website (so-called “first-party cookies”) or to another website to which the cookie belongs (so-called “third-party cookies”).
You can configure your browser so that cookies are not stored or so that you are asked for your consent each time before cookies are set. You can delete cookies that have already been stored at any time.
Pll_language cookie
Our website uses the technically necessary first-party cookie ‘pll_language’, which is set by the WordPress plugin Polylang. It stores the language you have selected (e.g. German or English) so that the website is automatically displayed in the appropriate language on subsequent visits.
This cookie is used exclusively to store your language settings and to ensure basic website functionality. It is not used for analysis, marketing or profiling purposes; furthermore, no personal data is stored.
Matomo
We use the web analytics software Matomo (www.matomo.org) to compile access statistics, analyse general usage behaviour on our website and optimise our web presence. Processing is carried out on the basis of Art. 6 (1) lit. f GDPR, as we have a legitimate interest in the ongoing improvement and secure, economical operation of our website. Matomo is configured in a data protection-friendly manner: no cookies are stored on your device and your IP address is only processed in anonymised form. In addition to the pages accessed, only the information that your browser transmits when you visit the website is collected; this data collection is limited to the respective session. In addition, the data transmitted by the browser, together with the anonymised IP address, is irrevocably replaced by a pseudonym ID on a session basis, so that no determinability and thus no personal reference can be established.
Photo and video recordings at events
During our events, we take photos and make video recordings for public relations and reporting purposes (e.g. website, social media, print). The legal basis for this is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR in documenting and promoting our activities. If you do not wish to be photographed or filmed, please inform a representative of our company on site.
Applications
Personal data is processed for the purpose of conducting and handling the application process. If you send us your application documents by email or via the online application form, the processing will be carried out electronically. Depending on the application and the information you provide, the following data in particular will be processed:
- Master data and contact details (e.g. first name and surname, e-mail address, telephone number, address/location if applicable, title, date of birth, nationality)
- Application documents and content (e.g. CV, education, professional experience, qualifications, skills, language skills, letter of motivation)
- Job-specific additional information (e.g. driving licence)
- Optional: application photo
- Other documents/files that you submit (e.g. references)
If no employment relationship is established, we will delete your application data no later than 7 months after completion of the application process, unless there are legal retention obligations or longer storage is necessary for the enforcement or defence of legal claims. If you give us your consent to do so, we will continue to keep you on file as an applicant and store your application data for 12 months; after that, it will be deleted unless you revoke your consent beforehand.
The legal basis for this processing is the implementation of pre-contractual measures (Art. 6 (1) lit. b GDPR), your consent (Art. 6 1 lit. a GDPR), where applicable, and the protection of our legitimate interests (Art. 6(1) lit. f GDPR), namely the optimisation of our application processes.
Our website contains a link to LinkedIn. When you click on it, you will be redirected to the LinkedIn website; from this point on, LinkedIn processes data on its own responsibility.
Rights of data subjects
If we process your personal data, you as the data subject have the following rights under the GDPR:
Right of access (Art. 15 GDPR)
You can request information about the processing of your data and a copy of the processed data.
Right to rectification (Art. 16 GDPR)
You can request the rectification of inaccurate data and the completion of incomplete personal data.
Right to erasure (Art. 17 GDPR)
You may request the erasure of your data if the conditions of Art. 17 GDPR are met.
Right to restriction of processing (Art. 18 GDPR)
You may request the restriction of processing if the requirements of Art. 18 GDPR are met.
Right to be informed (Art. 19 GDPR)
You may request that we inform recipients of any rectification, erasure or restriction, where necessary.
Right to data portability (Art. 20 GDPR)
You may receive data you have provided in a structured, commonly used and machine-readable format or transfer it to another controller, provided that the processing is based on consent or a contract and is carried out electronically.
Right to object (Art. 21 GDPR)
You may object to processing based on legitimate interests for reasons relating to your particular situation; you may object to direct marketing at any time.
Right to withdraw consent (Art. 7 (3) GDPR)
You may withdraw your consent to the processing of personal data at any time.
Automated decisions, including profiling (Art. 22 GDPR)
You have the right not to be subject to a decision based solely on automated processing, unless it has legal effect or similarly significantly affects you.
Right to lodge a complaint (Art. 77 GDPR)
You may lodge a complaint with a data protection supervisory authority if you believe that the data processing violates the provisions of the GDPR.
Data transfer
We may pass on your contact details to carefully selected processors (e.g. IT service providers) who process personal data exclusively on our behalf and in accordance with our instructions.
We conclude appropriate contracts with all processors to ensure compliance with the GDPR and appropriate protective measures.
If necessary, we will also forward requests to exercise your rights as a data subject within the scope of Art. 19 GDPR to recipients of your data so that the implementation of your rights is guaranteed there.