The protection of your privacy is important to us. We strictly adhere to the legal provisions of the EU General Data Protection Regulation (GDPR), the Data Protection Act, and other applicable legislation on the protection, lawful handling, and confidentiality of personal data.
Hereinafter, we would like to inform you about the processing of your personal data. If you have any questions, please contact us using the contact details provided.
1. Controller and data protection officer
1.1 Name and address of the controller
The controller within the meaning of the EU General Data Protection Regulation (GDPR) is
Controller:
IMS Nanofabrication GmbH
Wolfholzgasse 20–24
2345 Brunn am Gebirge, Austria
External data protection officer:
Markus Dittrich | CASC – full service agentur GmbH
Address: Heigerleinstraße 2/4–9, 1160 Vienna, Austria
https://www.casc.at
Tel: +43 1 924 05 28
Email: datenschutzbeauftragter@casc.at
2. Purposes of processing and legal basis for the website
2.1 Logging of activities on our website (log files)
When you visit our website, we collect and store access data in log files (so-called log files or access logs) in order to ensure the permanent functionality of the website. We process the following data in this regard:
- IP address
- Date and time of access
- Websites from which you reach our site (referrer URL)
- Operating system
- Name of your Internet service provider
- Product and version information of the browser used
- Amount of data transferred, loading time
The legal basis for data processing is our legitimate interest according to Art. 6 para 1 lit. f GDPR. This interest lies in ensuring the functionality, security, and accessibility of the website for all site visitors, and, if necessary, in the collection, defence against and assertion of legal claims.
You have the right to object to this data processing (right of data subjects to object to data processing in the legitimate interest pursuant to Art. 21 para 1 GDPR). In this case, we will only process your data if there are compelling legitimate grounds worthy of protection for further processing on our part.
It is not possible to deduce your identity directly from this information. The data will be automatically deleted once the aforementioned purposes have been achieved.
Transfer of data: We only pass on your data collected on the basis of the use of our website to the extent that this is absolutely necessary to fulfil the stated purposes (e.g. operation and maintenance of the website via external service providers). However, we may also be legally or officially obliged to pass on data to third parties (e.g. transfer of data to law enforcement authorities).
Storage duration: We retain log file data for a period of 7 days from the end of your website visit.
2.2 Contact form
We provide a contact form on our website to make it easy to get in touch with us. To use this form, please provide us with the information indicated so that we can process and/or respond to your enquiry.
We process your personal data exclusively for the purpose of responding to your enquiry or contacting you. The data is used on the legal basis of legitimate interest Art 6 para 1 lit. f GDPR (our legitimate interest lies in the provision and use of low-threshold electronic contact and communication options as well as in the traceability of the communication process), and, where applicable, on the legal basis of contract fulfilment Art 6 para 1 lit b GDPR.
You have the right to object to data processing on the basis of a legitimate interest (data subject’s right to object pursuant to Art 21 para 1 GDPR). In this case, we will only process your data if there are compelling legitimate grounds worthy of protection for further processing on our part.
Alternatives to using the contact form include getting in touch via the email address provided, by phone, or by post.
Transfer of data: We only pass on your data to third parties to the extent that this is necessary to process the communication.
Storage duration: Data transmitted to us via the electronic contact form will be stored for a period of three years from the end of the calendar year in which the communication took place.
2.3 Job newsletter
On our website you will find an option to subscribe to our job newsletter, which regularly informs you about current vacancies matching your details.
For registration, please enter the required data in the registration form. We use your personal data to send you our job newsletter and for statistical analyses / success measurements (e.g. to determine whether the job newsletter has been opened, whether the links it contains have been clicked on, etc.).
The data is used on the basis of your consent under data protection law (Art. 6 para 1 lit. a GDPR) to the processing of personal data for the aforementioned purposes, which was given to us by selecting the checkbox and confirming. You can revoke your voluntary consent at any time with effect for the future. To do so, you can use the unsubscribe link in every job newsletter or contact us by post or email (see contact details of the controller): A revocation does not affect the legality of the data processing up to the time of revocation. You are not obliged to give us your consent/provide us with your personal data for the aforementioned purposes – however, if you do not give us your consent / do not provide us with your data, you will not be able to receive the job newsletter. Your personal data will be processed for the duration of the job newsletter subscription.
When registering for the job newsletter, the user’s IP address and the date and time of registration are stored. This serves to prevent misuse of the services or the data subject’s email address. This data is processed/stored on the basis of our legitimate interests according to Art. 6 para 1 lit. f GDPR. You have the right to object to this data processing (right of data subjects to object to data processing in the legitimate interest pursuant to Art. 21 para 1). In this case, we will only process your data if there are compelling legitimate grounds worthy of protection for further processing on our part.
To ensure the protection of personal data, we use a so-called double opt-in procedure for the online job newsletter registration. Your registration for the job newsletter is only considered valid/effective when you confirm a link that we send to your e-mail address.
Transfer of data: We pass on your data to our processor, rapidmail GmbH, for . We have concluded an order processing contract for this purpose.
Information on rapidmail can be found at https://www.rapidmail.at/datenschutz.
Storage duration: Data transmitted to us via the registration form will be stored for the duration of the consent.
2.4 Jobs/Applications
You can find job offers on our website. We process personal data that you provide to us
- by email
- LinkedIn or
- via the online form
to process the application procedure, to assess the extent to which the applicant is suitable for the position in question and, if necessary, to carry out necessary measures in connection with the establishment of an employment relationship (transfer to an employment relationship). In individual cases, the applicant data is also kept on file (in the event of non-consideration or no vacancies, as well the applicant’s consent to their data being kept on file). The same applies to unsolicited applications.
You have the option of copying a link to an advertised job using the “SHARE – COPY LINK” button and forwarding it yourself.
The legal basis for data processing is generally Article 6 para 1 lit. b GDPR (contract, pre-contractual relationship). Where applicants consent to their data being kept on file, the data processing is based on Art. 6 para 1 lit. a GDPR. In individual cases, we also process data on the basis of legitimate interests according to Article 6 para 1 lit. f GDPR (e.g. establishment, exercise of and defence against legal claims).
We only process special categories of personal data (such as health data, religious affiliation, degree of disability) if the applicant has consented to this or if a legal authorisation justifies the data processing (Art 9 para 2 lit. a GDPR or Art 9 para 2 lit. b GDPR).
Transfer of data: When using the online form, data is automatically transmitted to the company Sage GmbH (DPW).
For applications via LinkedIn: We have concluded a joint controllership agreement with LinkedIn Inc./Microsoft (Art. 26 GDPR). This agreement specifies which of the parties involved is responsible for which data processing operations. LinkedIn Inc./Microsoft uses the personal data and information collected for its own purposes and may also forward it to third parties (USA and other third countries).
For information on data processing by LinkedIn Inc./Microsoft, please refer to the company’s privacy policy:
https://www.linkedin.com/legal/privacy-policy?
Please note that we cannot rule out the possibility of your personal data being transferred to the USA. The “Adequacy decision for the EU-US Data Privacy Framework” exists in this regard.
Storage duration: Data transmitted to us will be stored for a period of 7 months after the end of the application process (i.e. decision as to which person is hired).
2.5 Contact via the internal whistleblower system
On our website, we link you to our whistleblowing system via the footer and provide you with a contact option for reporting information in accordance with the EU Whistleblowing Directive and the respective national law (in Austria the Whistleblower Protection Act).
Reports can be made anonymously and all cases are treated confidentially, regardless of whether names are mentioned or not.
We process the data and information provided exclusively for the purposes of reviewing the information received, the investigation procedure and responding to enquiries or contacting you, as provided for by the EU Whistleblowing Directive or the respective national law. In addition, documentation and logging are required by law.
The data is used on the legal basis of compliance with a legal obligation Art. 6 para 1 lit. c GDPR and our legitimate interest Art. 6 para 1 lit. f GDPR (internal administrative activities at affiliated divisions, clarification of compliance-relevant issues, establishment, exercise of and defence against legal claims).
You have the right to object to this data processing (right of data subjects to object to data processing in the legitimate interest pursuant to Art. 21 para 1 GDPR). In this case, we will only process your data if there are compelling legitimate grounds worthy of protection for further processing on our part.
Transfer of data: When using the reporting channel, data is automatically processed by Whistleblower Software ApS. for non-anonymous reports, where the technical implementation of the whistleblower system is carried out on our behalf. We have concluded a corresponding order processing contract.
We also exchange the data with our respective location concerned. The IMS Group operates internationally and has locations in various countries within and outside the European Union. The stored data can only be viewed by specially authorised persons within the Group. Insofar as this is necessary to fulfil the stated purpose, specially authorised persons from our subsidiaries may also be entitled to access the data as joint controllers. This is the case in particular if the investigation of your report is carried out in the country concerned. All persons authorised to inspect the data are expressly obliged to maintain confidentiality.
In order to fulfil the stated purpose, it may also be necessary for us to transfer your personal data to external bodies such as law firms, criminal or competition authorities, within or outside the European Union.
Where we disclose your personal data within the group or externally, internal data protection rules and/or appropriate contractual agreements ensure a consistent level of data protection. In all cases, the responsibility for data processing remains with the company. For our locations in the
Our locations in the table below are considered controllers within the meaning of the GDPR:
| USA – California | IMS Nanofabrication LLC
Mission Towers 1 3975 Freedom Circle, Suite 830, Santa Clara, CA 95054, USA 1-408-582-3103 |
| USA – Oregon | Office Hillsboro
7235 N.E. Evergreen Parkway, Suite 800 OR 97124 Hillsboro USA |
| USA – Idaho | Columbus Business Park B
2141 E Summersweet Drive Boise, ID 83716 USA 1-408-582-3103 |
| Taiwan – Tainan | No. 8, Daye 1st Road,
Southern Taiwan Science Park, Xinshi Dist., Tainan City 741, Taiwan R.O.C +886 (06) 5050585 |
| Taiwan – Hsinchu | No. 6–1, 3rd Floor,
Du Sing Road, Hsinchu Science Park East District, 300 Hsinchu City Taiwan R.O.C |
| Taiwan – Taichung | F16, No. 847, Sec. 4,
Taiwan Blvd., Xitun Dist., Taichung City Taiwan R.O.C |
| Korea – Dongtan | B2334, 27,
Dongtan Cheomdansaneop 1-ro, Hwaseong-si 18469 Republic of Korea 경기도 화성시 동탄첨단산업1로 27, B동, 2334호 (금강펜테리움IX타워), 18469 +82 31 8015 3039 |
| Korea – Cheongju | 706 Terra Square, 288-6, Bokdae-dong,
Heungdeok-gu, Cheongju-si, Chungcheongbuk-do, 28424, Korea |
| Austria – Brunn am Gebirge | Rennweg 83
2345 Brunn am Gebirge, Austria |
| Austria – Vienna | Dresdner Straße 47
1200 Vienna, Austria +43 1 214 48 94 |
Contact details for all locations for the whistleblower system:
Controller:
IMS Nanofabrication GmbH
Wolfholzgasse 20–24
2345 Brunn am Gebirge, Austria
Contact:
Ms Maria LEPUSCHITZ
Phone: +43 2236 373 10-393
Email: maria.lepuschitz@ims.co.at
We have specified the following in the Art. 26 GDPR contract:
- “IMS Nanofabrication GmbH is the central point of contact for you as a data subject. It is thus available to you for enquiries on all topics relating to joint responsibility.
- IMS Nanofabrication GmbH is responsible for the provision of data subject information in accordance with Art. 13 and 14 GDPR, as well as the exercise of data subject rights in accordance with GDPR. For the data processing carried out under joint responsibility, IMS Nanofabrication GmbH and the above-mentioned locations mutually transmit personal data to each other or synchronise them.
- A standardised level of protection and security applies to all data processing under joint responsibility.”
Storage duration: We retain data in this regard for a period of five years from the last processing or transmission and beyond that for as long as is necessary to carry out administrative or judicial proceedings or investigative proceedings that have already been initiated. Subsequently, the personal data will be deleted.
The log data on processing operations will be stored from the last processing or transmission until three years after the aforementioned retention obligation no longer applies.
3. Data transfer and recipients in general
We only pass on personal data to the extent that this is absolutely necessary to fulfil the stated purposes. For all data transfers, we ensure that we only transfer the information that is absolutely required and fulfil the data protection requirements for data transfer (e.g. strict obligation to follow instructions for processors via Art. 28 contracts, obligation to secrecy and confidentiality, obligation to end-to-end upholding of an adequate level of protection in the processing of personal data).
We might also be legally or officially obliged to pass on data to third parties (e.g. passing on data to law enforcement authorities and courts).
Details on data transfers and recipients can be found in the notes on the processing purposes.
Data transmission within the IMS Group
Within the IMS Group, your personal data will be transmitted if it is required for one of the reasons stated in the data protection declaration or if it is required for the purpose of internal administrative activities in affiliated company divisions due to legitimate interests within the meaning of Art. 6 para 1 lit. f GDPR. Our corporate organisation ensures that IMS companies comply with the level of data protection of the European Union.
You have the right to object to this data processing (right of data subjects to object to data processing in the legitimate interest pursuant to Art. 21 para 1 GDPR). In this case, we will only process your data if there are compelling legitimate grounds worthy of protection for further processing on our part.
4. Storage period of the data in general
Your data will only be stored for as long as is technically and organisationally necessary to achieve the stated purposes and to fulfil our legal obligations. If necessary, we may also retain your personal data for certain periods of time on the legal basis of legitimate interest (e.g. collection, assertion of and defence against legal claims). When determining the periods, we take care not to violate your rights and freedoms. If data retention is no longer required, we will delete your data immediately.
Detailed information on the specified storage period can be found under the respective processing purpose.
5. Profiling and automated decision-making
We do not carry out profiling measures (evaluation of certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location), nor do we make decisions based on this information.
6. Cookies
Cookies are used on our websites. Cookies are small files that are either stored in the cache of your Internet browser for the duration of your browser session (session cookies) or on your hard drive for a specified period of time (permanent cookies). Cookies allow you to be recognised so that, when you visit our website in the future, you can be provided with content that is tailored to your needs and wishes more quickly and in a more targeted manner.
As a rule, we obtain your express consent to the use of cookies via a cookie banner (legal basis: Art. 6 para 1 lit. a GDPR). The cookie banner allows you to select your cookie preferences. Cookies that are required to ensure the functionality of our websites are not included in the selection option. We use these on the legal basis of legitimate interest Art. 6 para 1 lit. f GDPR.
Overview of the cookies used:
6.1 Cookies
Technically required cookies
Borlabs Cookie:
Name: Borlabs Cookie
Purpose: This cookie stores consent information for service groups and individual services.
Storage duration: 60 days
Technical name(s):
borlabs-cookie
Analysis Cookies:
Google Analytics:
Name: Google Analytics
Purpose: Google Analytics is a web analytics service provided by Google that tracks and analyses our website traffic. It offers insights into user behaviour on our website and helps us to better understand our target group and optimise our online activities.
Storage duration: 2 years acc. to https://policies.google.com/technologies/cookies?hl=en
Technical name(s):
_ga
_ga_J1SL5NSSTY
6.2 Google Analytics
This website uses Google Analytics, a web analytics service provided by Google LLC. As a company based in the European Union, we cooperate with the Google subsidiary Google Ireland Limited (hereinafter “Google”).
The information generated by the cookie about the use of the website will be transmitted to and stored by Google on servers.
Google uses this information on our behalf to analyse your use of our website, to compile reports on website activity and to provide other services related to website usage and Internet usage to the website operator. The data transmitted may be used to create user profiles of visitors to our website.
Please note that we cannot rule out the possibility of your personal data being transferred to the USA. The “Adequacy decision for the EU-US Data Privacy Framework” exists in this regard.
The evaluation of your user behaviour on the website is based on your consent in accordance with Art. 6 para 1 lit. a GDPR. You can find more information on the terms of use and data protection of Google Analytics at
http://www.google.com/analytics/terms/de.html or https://policies.google.com/privacy?hl=en.
You can revoke your voluntary consent at any time with effect for the future. To do so, you can open the settings at the bottom left of the homepage or use the unsubscribe link below:
Deactivate Google Analytics [set LINK]
7. Rights of data subjects / your rights to protect your personal data
You have a number of rights in relation to your personal data processed by us. You can assert all these rights free of charge and informally (by e-mail, telephone or post), if necessary after providing proof of your identity, at the address given below. Your rights in detail:
Right to information: You may request at any time information about the data we process and without having to meet any formal requirements. In this case, we will inform you in writing of the data we have stored about you, the purposes for which we use it, the categories of recipients to whom we pass it on, and how long we intend to store it. We will comply with your request for information without delay, but within one month at the latest.
Right to erasure: You have the right to informally request at any time the erasure of your data processed by us. We will comply with this request if your data is no longer required for the purpose for which it was collected, if you revoke any existing consent, in the event of unlawful data processing, or if the deletion is necessary to fulfil a legal obligation.
Right to rectification: Should we mistakenly process incorrect or incomplete data about you, we will of course rectify it. An informal message addressed to us will suffice for this.
Right to restriction of processing: Should it not be possible to delete your data or should you not desire this, but if you do not consent to any use of the data beyond its storage, we are obliged to restrict the further processing of your personal data upon your notification.
Right to data portability: We will provide you with the data we have stored about you, which we have received based on a contract or your consent, free of charge in a common file format upon your informal notification. You can use this data for your own purposes and pass it on to future contractual partners. If you wish and if it is technically feasible, we can also transfer your data directly to a recipient named by you. In this case, we will inform you after the transfer has taken place. We will fulfil your request immediately, but within one month at the latest.
Right to revoke consents granted: You can revoke your consent to data processing at any time with effect for the future. In this case, we will stop processing the data. The legality of the data processing carried out up to this point is not affected by the withdrawal of consent.
Right to object: If we process your data on the basis of our legitimate interest, you have the right to object to the further processing of your data pursuant to the General Data Protection Regulation. If you exercise this right, we will no longer process your data for the purpose to which you have objected, unless there are legitimate reasons worthy of protection for further processing on our part that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise, or defend against legal claims.
8. Right to lodge a complaint
The EU General Data Protection Regulation and the Data Protection Act guarantee you the above-mentioned rights. If you believe that one of these rights has been violated by us, you have the option of lodging a complaint with a data protection supervisory authority.
The data protection authority responsible for us is the
Österreichische Datenschutzbehörde [Austrian Data Protection Authority]
Barichgasse 40–42
1030 Vienna, Austria
Phone: +43 1 52 152-0
Email: dsb@dsb.gv.at
Data Protection and Privacy Information, last amended: 10/2024
