The purposes for which Candera shall use personal information are defined below. In the event that Candera obtains or uses personal information pertaining to an individual for a purpose other than those defined below, Candera shall explain the purpose for which it shall be used, by what means it shall be used, and the scope of its use to said individual. Candera shall then receive the individual’s consent before using the information.
Article I Company which shall Protect and Manage Personal Information
The name of the company, address of the company, and representative of the company which shall protect and manage personal information are as follows:
- Company Name:
- Company Address:
・Semmelweisstrasse 34, 4020 Linz, Austria
・General Manager Reinhard Füricht
- Contact Information:
Same as the contact information in Article XⅢ
Article Ⅱ Attainment and Use of Personal Information
- Candera shall obtain and use personal information for one or more of the purposes defined in Article Ⅳ below.
- Candera shall obtain and use personal information based on the following grounds:
・Consent (in the event that the handling of personal information is based on the consent of the individual in question, the individual retains the right to revoke their consent)
・Fulfillment of a contract
・Fulfillment of a legal obligation
・Protection of public interests/exertion of public authority
・Protection of the vital interests of the individual in question or those of a third party
・Protection of legitimate interests (performance of duties, improvement to products and services, etc.) of Candera in regards to the conducting of its business
Article III Protection of the Privacy of Children
Candera does not intend its websites to be used by children under the age of 16 (or under the age of majority of the jurisdiction in question). However, Candera acknowledges the possibility that a child may use its websites. Candera shall not intentionally gather information from children under the age of 16 (or under the age of majority of the jurisdiction in question). In the event that a child should want to use Candera’s websites or attempt to use Candera’s websites, Candera asks that the parent(s)/guardian(s) of the child be responsible for their child’s use of Candera’s websites, and that, in the event that the parent(s)/guardian(s) of the child should consent to the child’s use of Candera’s websites, the parent/guardian takes the necessary action(s) to grant consent.
Article IV Purposes of Use
- Candera shall use personal information provided by the individual for one or more of the purposes defined in each of the Items below. In the event that the purpose(s) for which the information would be used deviates from or exceeds the scope of one or more of the purposes of use, Candera shall receive consent from the individual to whom the information pertains in advance.
1) Personal information (such as names, addresses, and email addresses) entrusted to Candera by a client or business partner as part of outsourced work
・To perform work outsourced to Candera by a client or business partner, or to provide after-sales service
・To perform duties such as payment, the creation of invoices, or correspondence regarding such topics as the conducting of business or purchase of materials as it relates to the outsourced work
2) Personal information (such as names, addresses, and email addresses) entrusted to Candera by an individual as part of service duties (including such duties as the sale of products)
・For identity verification when using a given service
・To sell, provide, and lend services (including receipt of applications, payment of fees, shipment, etc.)
・For other services that go along with the sale, provision, and lending of services (including advertisements for additional goods/services, maintenance, and necessary correspondence or confirmation as part of the conducting of business)
・To send service-related campaign information, surveys, direct mail, or newsletters, or to send products, samples, or gifts
・For usage analyses, the results of which would be used for Candera service-related improvements, development, and advertising
・To respond to inquiries
3) Personal information (such as names, addresses, and email addresses) relating to other inquiries or consultations
・To contact or confirm with a party in regards to an inquiry, consultation, or complaint
4) Personal information (such as names, addresses, and email addresses) related to Candera employees or applicants for employment
・For affairs related to human resources regarding Candera employees, applicants for employment, or ex-employees, or correspondence or inquiries for other general business affairs
- Excluding cases in which a purpose of use other than those listed above is stated separately, Candera shall treat information relating to an individual (such as identifiers or behavior history) which it receives from third parties which do not possess information that can be used to identify the individual (such as a name) as personal information by linking the information received to an individual whose personal information Candera is managing. Candera shall use said information for the purposes detailed in the previous Section. In the event that Candera receives such information, it shall properly handle the personal information in accordance with the applicable laws and regulations.
- Personal information provided to Candera shall be in the possession of and be managed by Candera for the duration of the time in which it is under the obligation to possess the information, based on the period of time necessary to achieve the purpose(s) stated in Section 1, as detailed in Candera’s Personal Information Management Register, or based on other such laws or regulations. Candera shall not possess personal information for purposes other than those for which the information was obtained or for those required as part of the applicable laws or regulations.
Article V Provision of Personal Information to Third Parties
Candera shall handle personal information with stringency and, excluding the cases defined below, shall not disclose or provide personal information to a third party without the consent of the person to whom the information pertains. Candera, in accordance with the applicable laws and regulations, may provide an individual’s personal information to third parties (including affiliated or partner companies).
1) Cases in which it is necessary to protect a person’s life, physical well-being, or assets, and the consent of the individual to whom the information pertains is difficult to obtain, or the obtaining of said consent would take time
2) Cases in which it is specifically necessary to improve public health or promote the healthy development of a child or children, and the consent of the individual to whom the information pertains is difficult to obtain
3) Cases in which a government body, local public body, or a party acting on behalf of such a body requires cooperation as part of the legal duties of said body or party, and the act of obtaining of the consent of the individual to whom the information pertains poses a risk of impeding said legal duties
4) Cases in which, within the scope of one or more of the purposes of use, the handling of personal information is partially or wholly entrusted to another party in order to smoothly conduct business operations
5) Cases in which personal information is provided as part of a transfer of work due to a merge or other such reasons
6) Cases permitted by other laws or regulations
Details of third parties to which personal information may be provided are as follows:
Name of the Party (Country)
Timing and Method of Transfer
Personal Information Provided
Purpose(s) of Use
Duration of Use
Article VI Provision of Personal Information to Parties for Outsourced Work
Candera, within the scope of one or more of the purposes of use, may partially or wholly entrust the handling of personal information to an outside party. In such an event, Candera shall thoroughly evaluate the qualifications of the outside party, enter into a contract with the outside party which includes an obligation to confidentiality, and appropriately supervise the outside party as necessary.
Details of the parties to which personal information may be provided for outsource work are as follows:
Name of the Party (Country)
Timing and Method of Transfer
Personal Information Provided
Purpose(s) of Use
Duration of Use
Article VII Transfer of Personal Information to Foreign Countries
Candera may transfer personal information of an individual to Candera’s group company, Candera Japan, Inc. (located in Japan), or one of the countries or regions listed below (including places to which work from that company is outsourced). The country to which the information is transferred may have different laws regarding the protection of personal information than that of the country in which the individual resides. In such an event, Candera, in accordance with the applicable laws and regulations, shall take necessary and proper measures to ensure the safety of the personal information of the individual.
Location to which the information may be transferred: United States of America
Name of the above location: Google (Measures taken by Google to protect personal information)
The following provisions apply to customers residing in Europe, the Middle East, and Africa (EMEA):
Candera may transfer personal information pertaining to an individual from the EEA or UK to countries or regions outside the EEA or UK. In such an event, Candera’s general policy shall be to, in accordance with the applicable laws and regulations, rely on the Adequacy Certification of the country to which the information is transferred in the event that such certification has been granted, or otherwise enter into Standard Contractual Clauses (SCC) with the country in question.
2) Google Analytics
As part of the services that it provides, Candera may use Google Analytics for such purposes as providing features included in the services, showing advertisements, or for usage analysis. In such an event, Google may send advertisements to the individual.
3) Google reCAPTCHA
In order to ensure sufficient data security when submitting forms, Candera may use Google reCAPTCHA. This service is used to distinguish whether the input is made by a real person or by an automated process. Google reCAPTCHA includes the sending to Google of an individual’s IP address and, if necessary, other data required for the reCAPTCHA service.
4) Google Web Fonts
This website uses web fonts provided by Google in order to uniformly display fonts. When an individual opens a web page, the individual’s browser loads the required web fonts into the browser cache in order to correctly display text and fonts. To do this, the browser being used must connect to Google’s servers. As a result, Google gets informed via the individual’s IP address that Candera’s website has been accessed. Candera uses Google Web Fonts to present Candera’s online services in a consistent and attractive manner. This constitutes a legitimate interest as detailed in the General Data Protection Regulation (GDPR) Article 6 Section 1 Point (f). If an individual’s browser does not support web fonts, a default font will be used by the individual’s computer. More information about Google Web Fonts can be found here.
5) Google Maps
This website uses the mapping service Google Maps, provided by Google via an API. To use the features of Google Maps, it is necessary to save the user’s IP address. This information is usually transmitted to and stored by Google on servers in the United States of America. The provider of this page has no influence on this transfer of data. Candera uses Google Maps to present Candera’s online services in an attractive manner and so that individuals can easily find places specified on the website. This constitutes a legitimate interest as detailed in the General Data Protection Regulation (GDPR) Article 6 Section 1 Point (f).
7) Social Plug-ins
This website uses social plug-ins functions of Facebook, YouTube, Xing, LinkedIn, and Twitter. For the protection of data and personal information, these are deactivated by default and must be activated by the user. Before activating these plug-ins, please read the following information regarding each of the providers:
This website uses plug-ins from YouTube. YouTube is operated by Google LLC. An individual visiting one of Candera’s YouTube-enabled websites will be connected to YouTube’s servers. This will inform the YouTube server which of Candera’s webpages have been visited by the individual. If the individual is logged into their YouTube account, the individual’s browsing behavior will become associated with that individual’s personal profile. The individual may log out of their YouTube account to prevent this.
This website uses components provided by LinkedIn. LinkedIn is a subsidiary of the Microsoft Corporation. Each time this website receives an access request equipped with a LinkedIn component, the component prompts the user’s browser to download an image of the component from LinkedIn. Through this process, LinkedIn is informed of which page of this website is being accessed. By clicking the “Recommend” button on LinkedIn while logged into a LinkedIn account, the user can link content from this website to their LinkedIn profile. This allows LinkedIn to associate the user’s visit to Candera’s website with that user’s LinkedIn account.
8) Candera asks that individuals refer to the website of the proprietor of their browser for information on how to cease the provision of information for cookies.
Article IX Exertion of Rights Related to Personal Information (Disclosure/Correction/Deletion/Cessation of Use)
Candera shall, upon request of an individual and in accordance with the applicable laws and regulations, notify or disclose (including disclosure of the record of Candera’s provision of personal information to third parties) the purposes of use of the personal information which it possesses pertaining to the individual in question, or supplement, delete, or cease the use of said personal information.
In the event that an individual requests information pertaining to themselves to be disclosed, Candera shall disclose the information to the individual without delay. Candera shall attempt to disclose the information via the method of contact requested by the individual. However, in the event that any of the following would apply as a result of said disclosure, Candera may refrain from partial or full disclosure of the information. In the event that Candera decides to refrain from partial or full disclosure of the information, Candera shall notify the individual to whom the information pertains without delay.
(i) In the event that there is a risk of harm being done to the life, physical well-being, assets, or other rights and interests of the individual to whom the information pertains or a third party
(ii) In the event that there is a risk of a remarkable impediment to the proper conduct of Candera’s business operations
(iii) In the event that any law or regulation would be violated
2) Correction/Deletion of Incorrect Information
(i) In the event that personal information which Candera possesses is incorrect, upon request of the individual to whom the information pertains, Candera, following the procedure that it has established, shall correct or delete the information.
(ii) In the event that Candera deems that it is necessary to fulfill a request as described in (i), it shall correct or delete the personal information without delay and notify the individual to whom the information pertains of its correction or deletion.
3) Deletion/Cessation of Use of Information
In the event that an individual requests Candera to delete or cease the use of personal information pertaining to themselves for one or more of the following reasons, Candera shall conduct a necessary investigation without delay.
・The information was used for a purpose other than those detailed in Article V
・The information was obtained via improper means
・The information was used in a manner that was liable to incite or promote illegal or improper acts
・Candera no longer has a need to use the information
・The information was leaked, lost, or damaged
・There was a risk that the rights and interests of the individual would be infringed upon due to how the information was handled
Based on the results of said investigation, Candera shall take such actions as deleting or ceasing the use of the information and notify the individual to whom the information pertains of such actions. However, in the event that the deletion or cessation of use of the personal information would involve a large financial cost or in the event that it would be difficult to delete or cease the use of the information for other reasons, Candera shall take necessary alternative measures to protect the rights and interests of the individual to whom the information pertains, in the event that there are alternative measures that can be taken.
4) Request Form
Individuals requesting the disclosure/correction/deletion/cessation of use of personal information pertaining to themselves must provide the information detailed below, along with a document that can be used to verify the identity of the individual. In the event that the request is being carried out by a proxy, a document that can verify that the proxy is a representative of the individual to whom the information pertains (such as a letter of attorney) must also be provided. All of the necessary information/documents must be sent to the Personal Information Contact found in Article XIV. Candera shall reply upon verifying the identity of the individual and once it has done so, in accordance with its internal policy, shall immediately dispose of the documents used for confirming the identity of the individual. Candera shall not charge individuals for submitting such a request.
Information to provide:
・Name, address, telephone number, and email address
・Description of request
The following provisions apply to customers residing in Europe, the Middle East, and Africa (EMEA):
An individual may check personal information pertaining to themselves by the method prescribed by Candera and correct, update, or delete the information themselves. Notwithstanding this Article, Candera shall, upon request from the individual, and in accordance with the applicable laws and regulations, provide access to, allow the correction, deletion, restriction, objection to the handling of, or allow the exertion of the right to data portability in regard to the personal information pertaining to the individual which Candera possesses. To the extent permissible by the applicable laws and regulations Candera may charge a reasonable fee to respond to such requests. The individual retains the right to object to Candera’s handling of personal information pertaining to themselves via a regulatory agency. The contact information for exercising the aforementioned rights is as described in Article XIII.
Article X Security Measures
- Candera’s websites employ SSL (Secure Socket Layer) encryption. SSL is a communication protocol that encrypts data sent over IP networks such as the internet. SSL encrypts transmissions between two devices that send and receive data, preventing the falsification or modification of data by other devices on the same network, such as a communication relay.
1) Appointment of a person(s) to be responsible for the handling of personal information
2) Clear identification of the employees who handle personal information and the scope of the personal information which they handle, and the establishment of a reporting system to the responsible person(s) in the event that a violation of the Personal Information Protection Act or internal rules regarding the handling of personal information has occurred, or in the event that indications that such a violation could occur become apparent
3) Periodic education of employees on the proper handling of personal information
4) Management of the access to the personal information of employees who handle other personal information, restriction of usage of devices and entry to rooms, and implementation of measures to prevent unauthorized persons from viewing personal information
- Candera shall regularly review its information security guidelines to ensure the proper implementation of the security measures defined in the previous Section.
- In the event that Candera outsources the handling of personal information to a third party, Candera shall enter into a contract with the party to whom the information was outsourced and properly oversee their business operations.
- In the event of an incident (leakage, loss, damage, or infringement) related to personal information (including the threat of such an incident), Candera shall immediately conduct an internal investigation to establish the cause of and facts surrounding the incident, take measures to prevent the occurrence of such an incident in the future, and report the incident to the overseeing authorities and the individual to whom the information pertains in accordance with the applicable laws and regulations.
The following stipulations apply to individuals residing in the State of California, United States of America:
1. Types, Purposes, and Sources of Personal Information Collected
The types of personal information which Candera may collect or has collected during the twelve (12) months prior to the last revision of the Statement and the Special Provisions and the purposes of use for said personal information are as described in Article VI of the Statement. The source of such personal information is the individual to whom the personal information pertains.
2. Sharing of Personal Information
1) Candera shall not sell personal information, including that of minors, and have not sold any personal information in the twelve (12) months prior to the last revision of the Statement and the Special Provisions. “Sell” refers to the sale, lease, publication, disclosure, dissemination, allowing the use of, transferring, or communication orally, in writing, electronically, or by any other means of personal information of a consumer, from Candera to another business or third party, for money or other forms of compensation.
2) The types of information that may have been disclosed for business purposes during the twelve (12) month period prior to the last revision of the Statement and the Special Provisions are as stated in Article IV of the Statement. The types of third parties to whom personal information may have been disclosed are as stated in Articles V and VI of the Statement.
3. Disclosure and Deletion Requests
1) An individual may check personal information by the method prescribed by Candera and correct, update, or delete the information themselves. Notwithstanding Article VIII, Candera shall, upon request from the individual, and in accordance with the applicable laws and regulations, provide access to or delete personal information pertaining to the individual which Candera possesses. The details of such disclosure and deletion are as follows:
(1) Access: An individual retains the right to, up to twice within a 12-month period, request the disclosure of the following information pertaining to themselves that Candera has collected, used, or disclosed in the 12-month period prior to the disclosure request.
a. Types of personal information collected
b. Specific pieces of personal information collected
c. Types of sources Candera used to collect personal information
d. Purposes of use for personal information collected
e. Types of third parties with whom Candera shares personal information
(2) Deletion: An individual retains the right to request the deletion of specific personal information that Candera has collected from the individual in question.
2) For access or deletion requests, please contact Candera via the following:
Mailing address: Semmelweisstrasse 34
4020 Linz, Austria
Email address: [email protected]
Phone number: + 43-732-90305-0
3) In order for Candera to protect the privacy of individuals and maintain security, it shall verify the identity of an individual before providing said individual with access to personal information pertaining to themselves or responding to a deletion request.
(1) Candera shall review access or deletion requests from unique accounts only in the event that the request relates to the personal information associated with a password-protected account that has been sufficiently verified as belonging to the individual in question.
(2) In the event that the individual does not possess a password-protected account with Candera or is unable to access their password-protected account, Candera shall validate the access or deletion request according to one of the following procedures:
a. In the event that the product or service associated with the individual has an inquiry function, Candera shall review requests submitted via the inquiry function (the inquiry function performs sufficient verification). However, in the event that Candera suspects that the request was made by an individual other than the actual user of the product or service, Candera shall request the individual to provide information that could only be recognizable by the actual user of the product or service in order to verify the identity of the individual.
b. In the event that the product or service associated with the individual does not have an inquiry function, Candera shall verify the identity of the individual by sending a customer number through the notification function of the applicable product or service and request a response using the same number. However, in the event that the product or service does not have a notification function, or the individual is unable to use the notification function, Candera shall request the individual to provide information that could only be recognizable by the actual user of the product or service in order to verify the identity of the individual.
(3）In the event that the individual makes an access or deletion request through a representative, Candera may request that the individual (i) provide the representative with a signed document granting permission to make the request, (ii) make direct contact with Candera in order to verify the identity of the individual in question, or (iii) confirm directly with Candera that the individual has given their representative permission to submit the request.
4) In the event that the individual chooses to exercise any of the rights detailed in this Section, the individual retains the right to be treated without discrimination by Candera. To the extent permitted by the applicable laws, Candera may charge a reasonable fee to respond to the request of the individual.
Article XII Compliance to Laws, Ordinances, and Standards
Candera complies with Austrian laws, ordinances, and other standards applicable to personal information that Candera possesses.
Article XIII Contact Information
For inquiries regarding the use of personal information at Candera, please use the contact information below.
4020 Linz, Austria
Phone: + 43-732-90305-0
Fax: + 43-732-90305-100
Established January 1, 2016
Revised September 21, 2022