Data protection

2.1 Data processing in accordance with Art. 13 GDPR

We process the data that data subjects provide to us, for example in the context of an enquiry by e-mail, for the purpose of initiating and concluding a contract or a business relationship.

2.2 Data processing in accordance with Art. 14 GDPR

In addition, we process data of persons who may be part of a contractual relationship, which we have permissibly received in the context of information from third parties (e.g. managing directors provide us with the data of their employees).  

2.3 Data Subjects

We process the following data from interested parties: Company, name of contact person and professional contact data as well as address data.

We process the following customer data: Company, title and names of contact persons, professional address data and contact data, bank details, contract data.

We process the following data from suppliers and business partners: Company, title and names of contact persons, professional address data and contact data, bank details, contract data. In addition, image data for publication in print media and on our website on the basis of consent.

We process the following data from newsletter recipients: Email address and name data.

2.4 Recipients of personal data

Recipients of personal data will only be third parties if it is necessary for the fulfilling of a contract or if it is required by law.

2.5 Data Retention/Deletion

1. Expiration of contractual obligations: If there are contractual provisions that stipulate how long personal data must be retained, the controller shall ensure that these deadlines are met. Once these deadlines have expired, the data is deleted or anonymized by the controller.
2. Withdrawal of consent: If a person withdraws their consent to the processing of their personal data, the controller deletes this data unless there is another legal basis for the processing.
3. Expiration of legal obligations: In some cases, there may be exceptions that not only allow, but even oblige the controller to continue retaining personal data for a defined period. This may be the case if there are statutory deadlines that require the retention of personal data for a defined period of time, such as the storage of tax or accounting records. Once these statutory deadlines have expired, the controller also ensures that the data is anonymized or deleted.

2.6 Contact via email

When you contact us by e-mail, the data you provide will be stored by us in order to respond to your inquiries. We will delete this data once it is no longer necessary for processing or restrict the processing if legal retention periods apply.

Legal basis: Art. 6 para. 1 lit. f GDPR

2.7 Publication of the names of originators

We are legally obliged to disclose the names of the authors of image data (photos or videos) whenever image data is published. We automatically delete this personal data as soon as we stop using the image data.

2.8 Legal basis

The legal basis for data processing is

• the initiation and fulfillment of the contract in accordance with Art. 6 para. 1 lit. b GDPR.
• legal obligations in accordance with Art. 6 para. 1 lit. c GDPR (e.g. statutory retention and documentation obligations, publication obligations under copyright law).
• legitimate interests of our company according to Art. 6 para. 1 lit. f GDPR (e.g. use of software)
• 6 para. 1 lit. a GDPR when obtaining consent (e.g. when processing image data or for advertising purposes).

3.1 Contact us

If you have asked us to contact you via our web form or if you have sent us a message, we will store the data required to contact you. This is your name and your email address. The data will be deleted by us as soon as storage is no longer necessary or you object to the processing.

Legal basis: Art. 6 para. 1 lit. f GDPR

3.2 Newsletter

You have the possibility to subscribe to our newsletter. For this we need at least your first and last name and your email address. You can unsubscribe from the newsletter at any time. Once you have unsubscribed, we will no longer use your data to send you the newsletter. If we have no business relationship with you and are not subject to any statutory retention obligations, your data will be deleted after you unsubscribe from the newsletter.

Legal basis: Art. 6 para. 1 lit. a GDPR

3.3 Applicants

3.3.1 General

If you send us your application documents, we process your personal data contained therein as well as your CV and references for the purpose of personnel selection and recruitment. In the event of a rejection, we will delete your documents 7 months after sending you the rejection.

Legal basis: Art. 6 para. 1 lit. b GDPR

If you consent to be kept on file with us for the purpose of contacting you later, we will approach you with a separate request for the transmission of a consent. If you explicitly give us this consent, we will store your consent. If there is no further opportunity to fill a position with us within one year, we will delete all your applicant data one year after you have given us your consent.

Legal basis: Art. 6 para. 1 lit. a GDPR

3.3.2 Applicant portal

People who are interested in working for our company can apply directly on our website using the form provided there. The application process runs via the Onlyfy service of New Work SE, Am Strandkai 1, 20457 Hamburg, Germany. For this purpose, you will be informed by means of a separate data protection declaration for applicants, with which ZETA GmbH fulfills its information obligations.

Legal basis: Art. 6 para. 1 lit. b GDPR

If you consent to be kept on file with us for the purpose of contacting you later, we will approach you with a separate request for the transmission of a consent. If you explicitly give us this consent, we will store your consent. If there is no further opportunity to fill a position with us within one year, we will delete all your applicant data one year after you have given us your consent.

Legal basis: Art. 6 para. 1 lit. a GDPR

3.3.3 You have the opportunity to apply for various locations on our website:

Responsible for data processing within the meaning of the GDPR is (depending on which company or location you are applying to) one of the following companies:

ZETA GmbH
Zetaplatz 1
8501 Lieboch
Phone: +43 3136 9010 – 0
Fax: +43 3136 9010 – 9100
E-mail: office@zeta.com

ZETA GmbH
Zeppelinstraße 1
85399 Hallbergmoos
Phone: +49 8161 965-6000
E-mail: info.automation@zeta.com

ZETA CZ s.r.o. Moravany
Modřická 66
CZ-664 48 Moravany
Phone: + 420 517 327 710
E-mail: office-cz@zeta.com

3.4 White Paper

On our website, we offer you a selection of white papers available for free download. To provide these to you, we collect the necessary contact details, such as your name, company, phone number, and email address. By downloading, you simultaneously agree to subscribe to our newsletter. Your data will be deleted as soon as it is no longer needed or you object to the processing.

Legal basis: Art. 6 para. 1 lit. f GDPR

4.1 Informative use of the website

When using the website for information purposes only, we only collect the personal data that your browser transmits to our server (server log files). If you wish to view our website, we collect at most the data that is technically necessary for us to display our website to you and to ensure stability and security:

• IP address
• Date and time of the request
• Time zone difference to Coordinated Universal Time (UTC)
• Content of the request (specific page)
• Access status/HTTP status code
• Website from which the request comes
• Browser
• Operating system and its interface
• Language and version of the browser software.

This data is not merged with personal data sources. We reserve the right to check this data retrospectively if we become aware of specific indications of unlawful use and - if there has been a hacking attack - to pass the data on to the law enforcement authorities. The data will not be passed on to third parties beyond this.

Legal basis: Art. 6 para. 1 lit. f GDPR

4.2 Cookies

Cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive in relation to the browser you are using and which provide the party setting the cookie (in this case us) with certain information. Cookies cannot execute programs or transmit viruses to your computer.

The cookie allows you to be recognized when you visit the website without having to re-enter data that you have already entered.

The information contained in the cookies is used, for example, to determine whether you are logged in or what data you have already entered, or to recognize you as a user when a connection is established between our web server and your browser.

We distinguish between technical cookies that are used exclusively to ensure the operation of a website and other cookies that are set by us or third-party providers for the purposes of statistical analysis, tracking or advertising/marketing.

Legal basis: Art. 6 para. 1 lit. f GDPR (for technical cookies), Art. 6 para. 1 lit. a GDPR (for all other cookies)

4.3 Data processing in the USA

It cannot be ruled out that personal data will be transmitted to the USA when you visit our website. If this is the case, we will point this out separately in this privacy policy.

The GDPR requires so-called appropriate safeguards in accordance with Art. 46 GDPR for data transfers to a third country or an international organization.

The European Commission has adopted an adequacy decision for the EU-US data protection framework. This decision stipulates that American companies that have submitted to the EU-US Privacy Framework guarantee an adequate level of protection for personal data. Personal data may be exchanged with these companies without additional guarantees.

However, in cases of data processing by US data recipients who are not certified under the EU-US Data Privacy Framework or the Privacy Shield, certain risks cannot be entirely ruled out for you as data subjects. These risks include:

• Your personal data may be shared with other third parties (e.g. US authorities) by the respective service provider.
• You may not be able to assert or enforce your rights of access against the respective service provider.
• There may be a higher probability that incorrect data processing may occur because the technical organizational measures for the protection of personal data do not fully meet the requirements of the GDPR in terms of quantity and quality.

By consenting to the processing of (advertising and marketing) cookies, you explicitly consent to the transfer of data to the USA. You can remove cookies stored on your PC yourself at any time by deleting the temporary internet files.

Legal basis: Art. 6 para. 1 lit. a GDPR

We operate the following social media sites: LinkedIn, Xing, YouTube, Facebook, Instagram, TikTok, Vimeo. When you visit our social media presence, personal data, including the IP address of the respective provider, is processed and cookies are used for data collection. For detailed information on the specific data transmitted, please refer to the privacy policy of each service. There you will also find information about contact options and various privacy settings.

We prioritize comprehensive customer satisfaction and use these services primarily to be able to get in touch and communicate with you. We also see it as an additional option to our other existing information offerings.

In the case of US-based services, the data collected is generally sent to a server in the USA and stored there. We have no influence or control over the nature or extent of the data processed by these services, the type of processing and use or the transfer of this data to third parties. To limit the processing of this data in the respective settings of these services, please refer to the detailed descriptions in the privacy policies of the respective providers.

We would also like to point out that you use the respective services and their functions on your own responsibility. This applies in particular to the use of interactive functions (e.g. sharing, commenting or rating).

The providers of the social media services have provided us with corresponding agreements - in most cases these are agreements on joint responsibility for data processing. The use of social media is based on our legitimate, operational interests.

Legal basis: Art. 6 para. 1 lit. f GDPR

6.1 Purpose of the processing

We have set up a whistleblowing online portal on our website. The whistleblowing system makes it possible to contact us and report compliance and legal violations without fear of reprisals. If legally permissible, the report can also be made without providing personal data. We process personal data disclosed to us, in order to check the report made via the reporting office and to investigate the suspected compliance and legal violations. We may have queries in this regard. We use communication via the whistleblower system for this purpose.

6.2 Data processing in accordance with Art. 13 GDPR

We process the data that the whistleblower provides to us in the context of the report.

6.3 Data processing in accordance with Art. 14 GDPR

In addition, we process data of persons named by the whistleblower in the course of reporting violations (e.g. name data or functions of the persons who caused the violation, name data or functions of the persons who are also affected by a violation, description of behavior or actions of the person concerned in connection with the reported misconduct that could contribute to their identification).

6.4 Personal data, forwarding and legal basis

It is possible to use the whistleblowing system – as far as legally permissible - without providing personal data. However, personal data may be provided voluntarily as part of the whistleblowing process, in particular details of identity, first name and surname, country of residence, telephone number or email address.

When using anonymous communication with us, the IP address and current location are not stored at any point. After submitting a report, the person submitting the report will receive access data to the mailbox of the online portal so that they can continue to communicate with us in a protected manner.

To fulfill the stated purpose, it may also be necessary for us to transfer the personal data to external parties such as law firms, criminal or competition authorities, within or outside the European Union.

We process personal data we have received, insofar as this is necessary to fulfill legal obligations in terms of whistleblower protection on the basis of Art. 6 para. 1 lit. c GDPR and local data protection laws.

6.5 Responsible body

ZETA Holding GmbH, which can be contacted using the contact details provided, is responsible for the processing of personal data.

We use the whistleblowing online portal as a member of the ZETA Group.

The whistleblower system is operated by the business consultants commissioned by us, who act as independent controllers within the meaning of the EU General Data Protection Regulation. The company in question is VMCON OG, Opernring 2, 8010 Graz.

For data protection questions concerning VMCON OG, please contact "datenschutz@meineberater.at".

The whistleblowing system (.LOUPE) is provided by our processor, the software provider fobi solutions GmbH, Steinsiedlung 11, 4222 St. Georgen an der Gusen, Austria, with whom a corresponding data processing agreement has been concluded.

7.6 Duration of storage

We only store personal data for as long as is necessary to process your message or as long as we have a legitimate interest in storing your personal data. Data may be stored for longer if this has been stipulated by national or European legislation to fulfill legal obligations, such as retention obligations.

We neither collect nor store personal data that is not required for processing a reference. They will be deleted immediately if necessary.

After completion of the investigation, all reports and associated data are archived for a period of 5 years. After this period, we guarantee the irretrievable deletion or anonymization of all data. In addition, the data will be stored for as long as is necessary for official or legal proceedings that have already been initiated.

6.7 Your rights

Data subject rights in accordance with Art. 13 to 21 GDPR do not apply to persons affected by a tip-off in accordance with Section 8 (9) HSchG if this is necessary to protect the person providing the information or to investigate information (e.g: Right to information, right to access, right to erasure, right to object). The general data protection regulations apply to reports outside the scope of the HSchG.

If you are of the opinion that we have violated Austrian or European data protection law when processing your data and thereby infringed your rights, you have the right to lodge a complaint with the Austrian Data Protection Authority, Barichgasse 40 - 42, 1030 Vienna, telephone: +43 1 52 152-0, e-mail: dsb@dsb.gv.at

As part of our efforts to provide you with personalized content and advertising, we use the AdvertServe advertising tool. AdvertServe is operated by AdvertServe, Inc. Renegade Internet, Inc. New Castle, PA 16105, USA.

AdvertServe processes certain data from users of our website in order to provide personalized ads based on their interests and behavior. The data processed includes anonymized information about your interactions with the website, such as page views and clicks.

Legal basis: Art. 6 para. 1 lit. a GDPR

Amazon CloudFront is a content delivery network (CDN) operated by the US provider Amazon Web Services, Inc (AWS), 410 Terry Avenue North, Seattle WA 98109. With the CDN service, website content such as web videos or other large media can be provided quickly and securely. Proxy servers store the files locally and thus improve the access speed when downloading.

The CDN service processes the IP address of the website visitor. The IP address is automatically deleted from the CloudFront logs.

Through the use of this service, a transfer of personal data to the USA cannot be ruled out. Amazon Web Services, Inc. has certified itself in accordance with the adequacy decision for the transfer of personal data to the USA. The European Commission concludes that there is an adequate level of protection for personal data transferred from the EU to a company certified under the EU-US data protection framework in the USA, which is why data transfer is permitted under Art 45 GDPR.

Legal basis: Art. 6 para. 1 lit. a GDPR

We have integrated social plugins from Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland on our website. The use of social plugins enables website users to share or like content from our website on Facebook.

We have entered into a contract with Meta Ireland, however, Meta Ireland may transfer personal data to Meta USA. Meta Platforms, Inc. has certified itself under the EU-U.S. Data Privacy Framework for the transfer of personal data from the EU to the United States. The European Commission has determined that there is an adequate level of protection for personal data transferred from the EU to a company in the United States certified under the EU-U.S. Data Privacy Framework. Consequently, the data transfer is permissible in accordance with Article 45 of the GDPR.

For the data processing that takes place as part of the integration of the plugin, we are joint controllers together with Facebook/Meta Ireland within the meaning of Art. Art 26 GDPR.

Data is not transmitted to Facebook/Meta Ireland as soon as the website is accessed. Only when a user interacts with a post, i.e. shares or likes a post, is your IP address transmitted to Facebook/Meta Ireland and stored on Facebook's servers.

If you are logged in to Facebook as a website user, Facebook/Meta Ireland can assign your profile directly when you visit our website. If you interact with our website, this information will also be displayed on your Facebook profile. Facebook/Meta Ireland may use this information to analyze your behavior on our website in connection with the advertisements displayed on Facebook, to inform other Facebook users of your activities and to provide other services.

For more information, please refer to the Facebook/Meta Ireland privacy policy at https://www.facebook.com/about/privacy/. You can make individual settings for data processing by Facebook/ Meta Ireland in your profile settings on Facebook: https://www.facebook.com/settings?tab=ads.

Legal basis: Art. 6 para. 1 lit. a GDPR

We have signed contract with Google Ireland Limited ("Google"), a company incorporated and operated under Irish law (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland . Nevertheless, data may be transferred from Europe to the USA, over which we as a company have no influence.

Google has certified itself under the EU-U.S. Data Privacy Framework for the transfer of personal data from the EU to the United States. The European Commission has determined that there is an adequate level of protection for personal data transferred from the EU to a company in the United States certified under the EU-U.S. Data Privacy Framework. Consequently, the data transfer is permissible in accordance with Article 45 of the GDPR.

10.1 Google Ads Remarketing for Google Analytics

We have integrated Google Ads Remarketing on our website. This service enables us to place interest-based advertisements for website visitors. In doing so, the browser stores cookies that enable the website user to be recognized if the website user visits other websites that belong to the Google advertising network. There, the user can be shown advertising campaigns relating to content that the user has previously accessed on other websites.

10.2 Google Analytics

We have integrated Google Analytics on our website, a web analysis service from Google, which enables us to analyze visitor flows and the time spent on our website.

According to Google, Google will use the information obtained to evaluate your use of the website, to compile reports on website activity and to provide us with other services related to website and internet use. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. However, Google may transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. You can prevent the storage of cookies by selecting the appropriate settings in your browser software. However, we would like to point out that in this case you may not be able to use all functions of the website to their full extent. Furthermore, you can also prevent Google from collecting the data generated by the cookie and relating to your use of the websites (including your anonymized IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link (https://tools.google.com/dlpage/gaoptout?hl=de).

Further information on terms of use and data protection can be found at https://www.google.com/analytics/terms/de.html or at https://support.google.com/analytics/answer/6004245?hl=de.

Legal basis: Art. 6 para. 1 lit. a GDPR

10.3 Google Analytics Conversion Tracking (Google Ads)

This website also uses Google Conversion Tracking. Google Ads sets a cookie on your computer if you have accessed our website via a Google ad. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of the Ads client's website and the cookie has not yet expired, Google and the client can recognize that the user clicked on the ad and was redirected to this page. Each Ads customer receives a different cookie. Cookies can therefore not be tracked via the websites of Ads customers. The information obtained using the conversion cookie is used to generate conversion statistics for Ads clients who have opted into conversion tracking. Ads clients learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. If you do not wish to participate in the tracking process, you can also refuse the setting of a cookie required for this - for example, by using a browser setting that generally deactivates the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser to block cookies from the domain "www.googleadservices.com". You can find Google's privacy policy here: https://policies.google.com/privacy?hl=de.

If you use SSL search, Google's encrypted search feature, the search terms are usually not sent as part of the URL in the referring URL. However, there are some exceptions to this, for example if you use certain less common browsers. You can find more information about SSL searches here: https://support.google.com/websearch/answer/173733?hl=de. Search queries or information in the referral URL may also be viewed via Google Analytics or an Application Programming Interface (API). In addition, advertisers may receive information about the exact search terms that triggered a click on an ad.

For more information, please refer to the Google FAQ: https://policies.google.com/faq?hl=de

Legal basis: Art. 6 para. 1 lit. a GDPR

10.4 Google Doubleclick

The website uses the online marketing tool DoubleClick. To help AdWords customers and publishers serve and manage ads on the web, the Google advertising network and certain Google services may be used. DoubleClick uses cookies to serve ads that are relevant to users, to improve campaign performance reports or to prevent a user from seeing the same ads more than once. Google uses a cookie ID to record which ads are displayed in which browser and can thus prevent them from being shown more than once. In addition, DoubleClick can use cookie IDs to record so-called conversions that are related to ad requests. This is the case, for example, when a user sees a DoubleClick ad and later visits the advertiser's website with the same browser and makes a purchase there. According to Google, DoubleClick cookies do not contain any personal information. Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our level of knowledge: Through the integration of DoubleClick, Google receives the information that you have called up the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider will find out your IP address and store it.

Legal basis: Art. 6 para. 1 lit. a GDPR

10.5 Google Gstatic

Gstatic is a domain used by Google to load static content into a different domain name to reduce bandwidth usage and increase network performance for the end user.

Legal basis: Art. 6 para. 1 lit. a GDPR

10.6 Google Maps

We use the Google Maps service on this website. This allows us to show you interactive maps directly on the website and enables you to use the map function conveniently. When you visit the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the data already mentioned under "Informational use of the website" is transmitted. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or designing its website in line with requirements. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.

Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the provider's privacy policy. There you will also find further information on your rights in this regard and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy.

Legal basis: Art. 6 para. 1 lit. a GDPR

10.7 Google Photos

For a user-friendly experience, we use the cloud-based storage service Google Photos. When you access images on our website, your browser establishes a connection to Google's servers. Your IP address is transmitted to Google for this purpose. In order to display the images correctly, the required pages are loaded into your browser cache.

You can find more detailed information here: https://www.google.com/photos/. The privacy policy and terms of use can be found here: https://policies.google.com/

Legal basis: Art. 6 para. 1 lit. a GDPR

10.8 Google reCAPTCHA

We use the Google service reCAPTCHA to determine whether a human or a computer is making a certain entry in our contact or newsletter form. Google uses the following data to check whether you are a human or a computer: IP address of the end device used, the website that you visit on our site and on which the captcha is integrated, the date and duration of the visit, the identification data of the browser and operating system type used, Google account if you are logged in to Google, mouse movements on the reCAPTCHA areas and tasks in which you have to identify images.

Legal basis: Art. 6 para. 1 lit. a GDPR

10.9 Google Tag Manager

We use Google Tag Manager to recognize your user behavior. Google Tag Manager is a solution that allows marketers to manage website tags via an interface. The tool itself processes the following personal data IP address of the user. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data.  Google Tag Manager can set cookies, at least in the administrator's preview and debug mode, but also outside of it. If deactivation has been carried out at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.

You can find more detailed information here: https://www.google.com/intl/de/tagmanager/faq.html

Legal basis: Art. 6 para. 1 lit. a GDPR

10.10 Google Videos

For a user-friendly experience, we also use the cloud-based storage service Google Photos for videos. This is the domain that was originally known as Google Video. Since 2021, Google Videos has been operated as a video search engine.

You can find the privacy policy here https://policies.google.com/privacy

Legal basis: Art. 6 para. 1 lit. a GDPR

We use Hotjar, an analysis software from Hotjar Ltd ("Hotjar") (http://www.hotjar.com, Malta, Europe), to better understand the needs of our users and to optimize the offer on this website. Hotjar's technology helps us to gain a better understanding of our users' experiences (e.g. how much time users spend on which pages, which links they click on, what they like and dislike, etc.) and this helps us to tailor our offering to our users' feedback. Hotjar works with cookies and other technologies to collect information about the behavior of our users and their devices (in particular IP address of the device (only collected and stored in anonymized form), screen size, device type (Unique Device Identifiers), information about the browser used, location (country only), preferred language for displaying our website). Hotjar stores this information in a pseudonymized user profile.  The information is not used by Hotjar or by us to identify individual users or merged with other data about individual users. You can prevent the collection of data by Hotjar by clicking on the following link and following the instructions there: https://www.hotjar.com/opt-out.

Further information can be found in Hotjar's privacy policy https://www.hotjar.com/legal/policies/privacy

Legal basis: Art. 6 para. 1 lit. a GDPR

On our website, we use functions of the social media network Instagram, operated by Meta Platforms Ireland Ltd, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland.

We have entered into a contract with Meta Ireland, however, Meta Ireland may transfer personal data to Meta USA. Meta Platforms, Inc. has certified itself under the EU-U.S. Data Privacy Framework for the transfer of personal data from the EU to the United States adequacy decision for the transfer of personal data to the USA.  The European Commission has determined that there is an adequate level of protection for personal data transferred from the EU to a company in the United States certified under the EU-U.S. Data Privacy Framework. Consequently, the data transfer is permissible in accordance with Article 45 of the GDPR. The European Commission concludes that there is an adequate level of protection for personal data transferred from the EU to a company certified under the EU-US data protection framework in the USA, which is why data transfer is permitted under Art 45 GDPR. We can display images and videos using the functions for embedding Instagram content (embed function). When you access pages that use such functions, data (IP address, browser data, date, time, cookies) is transmitted to Instagram, stored and analyzed. If you are logged into your Instagram account while browsing our website, this data will be assigned to your personal account. The privacy policy, what information Instagram collects and how they use it can be found at https://privacycenter.instagram.com/policy/.

Legal basis: Art. 6 para. 1 lit. a GDPR

Our website uses functions of the social media network LinkedIn, and we also operate our own LinkedIn profile. The provider is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Dublin.

With this service, a transfer of personal data to the USA cannot be excluded! LinkedIn has certified itself under the EU-U.S. Data Privacy Framework for the transfer of personal data from the EU to the United States. The European Commission has determined that there is an adequate level of protection for personal data transferred from the EU to a company in the United States certified under the EU-U.S. Data Privacy Framework. Consequently, the data transfer is permissible in accordance with Article 45 of the GDPR.

Each time you visit one of our websites that contains LinkedIn functions, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited our website with your IP address. If you click on the LinkedIn buttons and are logged into your LinkedIn account, LinkedIn is able to associate your visit to our website with you and your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by LinkedIn. Further information on this can be found in LinkedIn's privacy policy at: https://www.linkedin.com/legal/privacy-policy.

Legal basis: Art. 6 para. 1 lit. a GDPR

We use Leadfeeder, an analysis tool from Liidio OY / Leadfeeder, Mikonkatu 17, 00100 Helsinki, Finland. The tool makes it possible to manage existing customer contacts in the B2B sector and to generate new ones. A "lead" is a qualified prospective customer who is interested in a company or product, provides their contact details in return and is highly likely to become a customer. In addition, the user behavior of B2B contacts on our website can be recorded and analyzed, giving us good feedback on our processes.

For this purpose, Leadfeeder accesses evaluations from Google Analytics by matching and linking the IP addresses of website visitors with information about companies that can be found on the internet under these addresses. Since Google Analytics shortens these IP addresses by default, no direct personal reference is established. However, such a link may arise when the company information is reviewed.

Further information can be found in Leadfeeder's privacy policy at https://www.leadfeeder.com/privacy/ and at https://www.leadfeeder.com/leadfeeder-and-gdpr/

Legal basis: Art. 6 para. 1 lit. a GDPR

We have integrated the web analysis service Matomo (www.matomo.org), formerly Piwik, from the provider InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, ("Matomo") on our website for the statistical analysis of user behavior and for optimization and marketing purposes. The EU Commission has certified an adequate level of data protection for New Zealand, which is why data transfer is permitted in accordance with Art. 45 GDPR.

The following data is processed: Browser type, browser version, operating system, country of origin, date and time of the server request, number of visits, time spent on the website and the external links you click on. The IP address is anonymized before it is saved. Pseudonymized user profiles can be created and evaluated from this data. The data collected is processed on our servers and is not passed on to third parties.

The information generated in the pseudonymous user profile is not used to personally identify the website visitor and is not merged with personal data about the bearer of the pseudonym.

For more information, please refer to Matomo's privacy policy at https://matomo.org/gdpr/.

Legal basis: Art. 6 para. 1 lit. a GDPR

We use the e-recruiting system "Onlyfy" from New Work SE, Am Strandkai 1, 20457 Hamburg, T +49 40 419 131-0, F +49 40 419 131-11, info@xing.com (hereinafter "Onlyfy") for the application process (advertisement, receipt of applications, communication with applicants).

Onlyfy processes personal data in the context of these activities solely on behalf of and for the purposes of ZETA and is therefore a so-called processor within the meaning of Art. 4 (8) GDPR.

You will receive further information about your application or the application process in a separate data protection declaration for applicants, with which the ZETA Group fulfills its information obligations.

You can find Onlyfy's privacy policy at: https://onlyfy.com/de/datenschutz/

Legal basis: Art. 6 para. 1 lit. b GDPR or in the case of consent to record keeping: Art. 6 para. 1 lit. a GDPR.

Our website uses TikTok Pixel ("Pixel") of the social network TikTok, provided by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, for the analysis, optimization and economic operation of our online offer.

TikTok can use the pixels to determine the website visitors as a target group for the display of ads (so-called "TikTok ads"). Accordingly, we use them to display the TikTok ads placed by us only to those TikTok users who have also shown interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to TikTok. The aim is to ensure that our TikTok ads correspond to user interest and are not annoying. With the help of pixels, we can also track the effectiveness of TikTok ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a TikTok ad (so-called "conversion").

Your actions are stored in one or more cookies. These cookies enable TikTok to match your user data (such as IP address, user ID) with the data of your TikTok account. The data that is collected is anonymous and cannot be viewed by us and can only be used in the context of advertisements. If you wish to prevent the link to your TikTok account, you have the option of logging out before taking any action.

We have entered into a contract with TikTok Ireland, however, TikTok Ireland may transfer personal data to other companies within the TikTok group of companies. These companies may be based in a third country (e.g. China).

The GDPR requires so-called appropriate safeguards in accordance with Art. 46 GDPR for data transfers to a third country or an international organization. Such guarantees do not exist for third countries such as China.

Possible risks that cannot currently be ruled out for you as the data subject in connection with the aforementioned information are in particular

• Your personal data may be shared with other third parties by the respective service provider.
• You may not be able to assert or enforce your rights of access against the respective service provider.
• There may be a higher probability that incorrect data processing may occur because the technical organizational measures for the protection of personal data do not fully meet the requirements of the GDPR in terms of quantity and quality.

With your consent to the processing of (advertising and marketing) cookies, you explicitly consent to the transfer of data to a third country. You can remove cookies stored on your PC yourself at any time by deleting the temporary internet files.

Legal basis: Art. 6 para. 1 lit. a GDPR

For more information, please refer to the TikTok Ireland Data Policy at https://www.tiktok.com/legal/page/eea/privacy-policy/de-DE.

For specific information on TikTok pixels, please refer to https://ads.tiktok.com/help/article/using-cookies-with-tiktok-pixel

Legal basis: Art. 6 para. 1 lit. a GDPR

We use plugins from the provider Vimeo on our website. Vimeo is operated by Vimeo, LLC, headquartered at 555 West 18th Street, New York, New York 10011.

Through the use of this service, a transfer of personal data to the USA takes place or cannot be ruled out. Vimeo LLC has certified itself under the EU-U.S. Data Privacy Framework for the transfer of personal data from the EU to the United States. The European Commission has determined that there is an adequate level of protection for personal data transferred from the EU to a company in the United States certified under the EU-U.S. Data Privacy Framework. Consequently, the data transfer is permissible in accordance with Article 45 of the GDPR.

When you call up the website provided with such a plugin, a connection to the Vimeo servers is established and the plugin is displayed. The Vimeo server is then informed which website you have accessed. An assignment to your personal user account takes place if you are logged in as a member of Vimeo. By clicking on the plugin, e.g. the play button at the beginning of a video, this information is also assigned to the respective user account. If you do not agree with the assignment, you can prevent this. To do this, please log out of your account before accessing our website and delete the relevant cookies.

Further information on data processing and notes on data protection by Vimeo can be found at https://vimeo.com/privacy.

Legal basis: Art. 6 para. 1 lit. a GDPR

We operate a YouTube channel and have integrated YouTube videos into our website, which are stored on http://www.YouTube.com. The operating company of YouTube is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube videos in extended data protection mode. With this setting, YouTube does not store any cookies when you visit our website. A connection to YouTube's servers is only established when you start playing the embedded videos. YouTube uses cookies for data collection and statistical data analysis. YouTube is informed which pages you visit. If you are logged in to YouTube, your data will be assigned directly to your account. YouTube uses your data for advertising and market research purposes.

By using this service, personal data is transferred to the USA or such a transfer cannot be ruled out. Google has certified itself under the EU-U.S. Data Privacy Framework for the transfer of personal data from the EU to the United States. The European Commission has determined that there is an adequate level of protection for personal data transferred from the EU to a company in the United States certified under the EU-U.S. Data Privacy Framework. Consequently, the data transfer is permissible in accordance with Article 45 of the GDPR.

The integration of YouTube leads to the reloading of Google services on our website, in particular Google Doubleclick, Google APIs, Google Video, Google Photos, Google Static and Google Fonts.

Further information on data protection at "YouTube" can be found in the provider's privacy policy at: https://www.google.de/intl/de/policies/privacy/

Legal basis: Art. 6 para. 1 lit. a GDPR

Our website uses functions of the social media network XING, and we also operate our own XING profile. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Each time one of our pages containing XING functions is accessed, a connection to XING servers is established. XING may be informed that you have visited our website with your IP address. If you click on the XING buttons and are logged into your XING account, it may be possible for XING to associate your visit to our website with you and your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by XING. Further information on data protection at XING can be found in the privacy policy at https://www.xing.com/privacy.

Legal basis: Art. 6 para. 1 lit. a GDPR

You have the following rights vis-à-vis us with regard to your personal data:

• Right of access, right to rectification and erasure
• Right to restriction of processing
• Right to object to the processing
• Right to data portability
• Right to lodge a complaint with the Austrian data protection authority

Barichgasse 40 - 42, 1030 Vienna, Telephone: +43 1 52152-0

E-mail: dsb@dsb.gv.at

If you are of the opinion that we have violated Austrian or European data protection law in the processing of your data and thereby infringed your rights, please contact us so that we can clarify any questions you may have.

Please send your inquiries and requests by e-mail to office@zeta.com or contact us using the contact details provided.