—Privacy Policy
Candera GmbH (hereinafter “Candera”) recognizes its important responsibility to protect personal information with which it is entrusted and shall strive to protect said information. In regard to its handling of such information, Candera defines this Privacy Policy.
The purposes for which Candera shall use personal information are defined below. In the event that Candera obtains or uses personal information pertaining to an individual for a purpose other than those defined below, Candera shall explain the purpose for which it shall be used, by what means it shall be used, and the scope of its use to said individual. Candera shall then receive the individual’s consent before using the information.
Article I Company which shall Protect and Manage Personal Information
The name of the company, address of the company, and representative of the company which shall protect and manage personal information are as follows:
- Company Name:
・Candera GmbH
- Company Address:
・Semmelweisstrasse 34, 4020 Linz, Austria
Company Representative:
・General Manager Reinhard Füricht
- Contact Information:
Same as the contact information in Article XⅢ
Article Ⅱ Attainment and Use of Personal Information
- Candera shall obtain and use personal information for one or more of the purposes defined in Article Ⅳ below.
- Candera shall obtain and use personal information based on the following grounds:
・Consent (in the event that the handling of personal information is based on the consent of the individual in question, the individual retains the right to revoke their consent)
・Fulfillment of a contract
・Fulfillment of a legal obligation
・Protection of public interests/exertion of public authority
・Protection of the vital interests of the individual in question or those of a third party
・Protection of legitimate interests (performance of duties, improvement to products and services, etc.) of Candera in regards to the conducting of its business
Article III Protection of the Privacy of Children
Candera does not intend its websites to be used by children under the age of 16 (or under the age of majority of the jurisdiction in question). However, Candera acknowledges the possibility that a child may use its websites. Candera shall not intentionally gather information from children under the age of 16 (or under the age of majority of the jurisdiction in question). In the event that a child should want to use Candera’s websites or attempt to use Candera’s websites, Candera asks that the parent(s)/guardian(s) of the child be responsible for their child’s use of Candera’s websites, and that, in the event that the parent(s)/guardian(s) of the child should consent to the child’s use of Candera’s websites, the parent/guardian takes the necessary action(s) to grant consent.
Article IV Purposes of Use
- Candera shall use personal information provided by the individual for one or more of the purposes defined in each of the Items below. In the event that the purpose(s) for which the information would be used deviates from or exceeds the scope of one or more of the purposes of use, Candera shall receive consent from the individual to whom the information pertains in advance.
1) Personal information (such as names, addresses, and email addresses) entrusted to Candera by a client or business partner as part of outsourced work
・To perform work outsourced to Candera by a client or business partner, or to provide after-sales service
・To perform duties such as payment, the creation of invoices, or correspondence regarding such topics as the conducting of business or purchase of materials as it relates to the outsourced work
2) Personal information (such as names, addresses, and email addresses) entrusted to Candera by an individual as part of service duties (including such duties as the sale of products)
・For identity verification when using a given service
・To sell, provide, and lend services (including receipt of applications, payment of fees, shipment, etc.)
・For other services that go along with the sale, provision, and lending of services (including advertisements for additional goods/services, maintenance, and necessary correspondence or confirmation as part of the conducting of business)
・To send service-related campaign information, surveys, direct mail, or newsletters, or to send products, samples, or gifts
・For usage analyses, the results of which would be used for Candera service-related improvements, development, and advertising
・To identify persons who have violated this privacy policy or the separately defined Terms of Use, or persons using Candera’s services for improper purposes, and to subsequently terminate the person’s use of the services
・To respond to inquiries
3) Personal information (such as names, addresses, and email addresses) relating to other inquiries or consultations
・To contact or confirm with a party in regards to an inquiry, consultation, or complaint
4) Personal information (such as names, addresses, and email addresses) related to Candera employees or applicants for employment
・For affairs related to human resources regarding Candera employees, applicants for employment, or ex-employees, or correspondence or inquiries for other general business affairs
- Excluding cases in which a purpose of use other than those listed above is stated separately, Candera shall treat information relating to an individual (such as identifiers or behavior history) which it receives from third parties which do not possess information that can be used to identify the individual (such as a name) as personal information by linking the information received to an individual whose personal information Candera is managing. Candera shall use said information for the purposes detailed in the previous Section. In the event that Candera receives such information, it shall properly handle the personal information in accordance with the applicable laws and regulations.
- Personal information provided to Candera shall be in the possession of and be managed by Candera for the duration of the time in which it is under the obligation to possess the information, based on the period of time necessary to achieve the purpose(s) stated in Section 1, as detailed in Candera’s Personal Information Management Register, or based on other such laws or regulations. Candera shall not possess personal information for purposes other than those for which the information was obtained or for those required as part of the applicable laws or regulations.
Article V Provision of Personal Information to Third Parties
Candera shall handle personal information with stringency and, excluding the cases defined below, shall not disclose or provide personal information to a third party without the consent of the person to whom the information pertains. Candera, in accordance with the applicable laws and regulations, may provide an individual’s personal information to third parties (including affiliated or partner companies).
1) Cases in which it is necessary to protect a person’s life, physical well-being, or assets, and the consent of the individual to whom the information pertains is difficult to obtain, or the obtaining of said consent would take time
2) Cases in which it is specifically necessary to improve public health or promote the healthy development of a child or children, and the consent of the individual to whom the information pertains is difficult to obtain
3) Cases in which a government body, local public body, or a party acting on behalf of such a body requires cooperation as part of the legal duties of said body or party, and the act of obtaining of the consent of the individual to whom the information pertains poses a risk of impeding said legal duties
4) Cases in which, within the scope of one or more of the purposes of use, the handling of personal information is partially or wholly entrusted to another party in order to smoothly conduct business operations
5) Cases in which personal information is provided as part of a transfer of work due to a merge or other such reasons
6) Cases permitted by other laws or regulations
Details of third parties to which personal information may be provided are as follows:
Name of the Party (Country) |
Timing and Method of Transfer |
Personal Information Provided |
Purpose(s) of Use |
Duration of Use |
N/A |
– |
– |
– |
– |
Article VI Provision of Personal Information to Parties for Outsourced Work
Candera, within the scope of one or more of the purposes of use, may partially or wholly entrust the handling of personal information to an outside party. In such an event, Candera shall thoroughly evaluate the qualifications of the outside party, enter into a contract with the outside party which includes an obligation to confidentiality, and appropriately supervise the outside party as necessary.
Details of the parties to which personal information may be provided for outsource work are as follows:
Name of the Party (Country) |
Timing and Method of Transfer |
Personal Information Provided |
Purpose(s) of Use |
Duration of Use |
N/A |
– |
– |
– |
– |
Article VII Transfer of Personal Information to Foreign Countries
Candera may transfer personal information of an individual to Candera’s group company, Candera Japan, Inc. (located in Japan), or one of the countries or regions listed below (including places to which work from that company is outsourced). The country to which the information is transferred may have different laws regarding the protection of personal information than that of the country in which the individual resides. In such an event, Candera, in accordance with the applicable laws and regulations, shall take necessary and proper measures to ensure the safety of the personal information of the individual.
Location to which the information may be transferred: United States of America
Name of the above location: Google (Measures taken by Google to protect personal information)
The following provisions apply to customers residing in Europe, the Middle East, and Africa (EMEA):
Candera may transfer personal information pertaining to an individual from the EEA or UK to countries or regions outside the EEA or UK. In such an event, Candera’s general policy shall be to, in accordance with the applicable laws and regulations, rely on the Adequacy Certification of the country to which the information is transferred in the event that such certification has been granted, or otherwise enter into Standard Contractual Clauses (SCC) with the country in question.
Article VIII Use of Cookies etc.
1) As part of the services that it provides, Candera uses cookies for such purposes as obtaining information to allow individuals to more conveniently use this website and improving its services. Cookies are data files sent from a website to the computer of the individual accessing the website and are used to enable the website to identify when it is being accessed by the same individual again. The information registered to the website for cookies does not contain the individual’s name, address, phone number, or any such other information that could be used to identify the individual. Additionally, cookies have no direct adverse effect on the individual’s computer. It is possible to change one’s browser settings to reject incoming cookies. However, please keep in mind that doing so may prevent some features from being able to be used.
2) Google Analytics
As part of the services that it provides, Candera may use Google Analytics for such purposes as providing features included in the services, showing advertisements, or for usage analysis. In such an event, Google may send advertisements to the individual.
3) Google reCAPTCHA
In order to ensure sufficient data security when submitting forms, Candera may use Google reCAPTCHA. This service is used to distinguish whether the input is made by a real person or by an automated process. Google reCAPTCHA includes the sending to Google of an individual’s IP address and, if necessary, other data required for the reCAPTCHA service.
4) Google Web Fonts
This website uses web fonts provided by Google in order to uniformly display fonts. When an individual opens a web page, the individual’s browser loads the required web fonts into the browser cache in order to correctly display text and fonts. To do this, the browser being used must connect to Google’s servers. As a result, Google gets informed via the individual’s IP address that Candera’s website has been accessed. Candera uses Google Web Fonts to present Candera’s online services in a consistent and attractive manner. This constitutes a legitimate interest as detailed in the General Data Protection Regulation (GDPR) Article 6 Section 1 Point (f). If an individual’s browser does not support web fonts, a default font will be used by the individual’s computer. More information about Google Web Fonts can be found here.
5) Google Maps
This website uses the mapping service Google Maps, provided by Google via an API. To use the features of Google Maps, it is necessary to save the user’s IP address. This information is usually transmitted to and stored by Google on servers in the United States of America. The provider of this page has no influence on this transfer of data. Candera uses Google Maps to present Candera’s online services in an attractive manner and so that individuals can easily find places specified on the website. This constitutes a legitimate interest as detailed in the General Data Protection Regulation (GDPR) Article 6 Section 1 Point (f).
6) HubSpot
Candera uses HubSpot for online marketing activities. HubSpot offers integrated software solutions which Candera uses to cover various aspects of online marketing, mainly reporting (traffic sources, access, etc.). All information Candera collects is subject to this Privacy Policy. All information collected is used only to optimize marketing measures. The legal basis for the use of Hubspot’s services is Article 6 Section 1 Point (f) of the General Data Protection Regulation (GDPR). Candera’s legitimate interest in using this service is to optimize marketing measures and improve the quality of services provided on Candera’s website. HubSpot is a software company from the United States of America with a branch in Ireland. Information about the cookies used by HubSpot can be found here and here.
Information from HubSpot regarding EU data protection regulations
7) Social Plug-ins
This website uses social plug-ins functions of Facebook, YouTube, Xing, LinkedIn, and Twitter. For the protection of data and personal information, these are deactivated by default and must be activated by the user. Before activating these plug-ins, please read the following information regarding each of the providers:
(1)Facebook
This website uses social plug-ins of facebook.com, which is operated by Meta Platforms, Inc. Activating the plug-in establishes a direct connection between the individual’s browser and Facebook’s servers. When this happens, Facebook gets informed that the individual has visited this website, along with the individual’s IP address. A user may click the Facebook “Like” button while logged into Facebook to link the content of Candera’s webpages to the user’s Facebook profile. This allows Facebook to associate the visiting of Candera’s webpages with the user’s account. As the provider of the webpages, Candera is not notified of the contents of the data transmitted or its use by Facebook. Facebook’s privacy policy can be found here. Candera asks that individuals who do not want Facebook to be able to associate visiting Candera webpages with their Facebook account log out of their Facebook account.
(2) YouTube
This website uses plug-ins from YouTube. YouTube is operated by Google LLC. An individual visiting one of Candera’s YouTube-enabled websites will be connected to YouTube’s servers. This will inform the YouTube server which of Candera’s webpages have been visited by the individual. If the individual is logged into their YouTube account, the individual’s browsing behavior will become associated with that individual’s personal profile. The individual may log out of their YouTube account to prevent this.
(3) LinkedIn
This website uses components provided by LinkedIn. LinkedIn is a subsidiary of the Microsoft Corporation. Each time this website receives an access request equipped with a LinkedIn component, the component prompts the user’s browser to download an image of the component from LinkedIn. Through this process, LinkedIn is informed of which page of this website is being accessed. By clicking the “Recommend” button on LinkedIn while logged into a LinkedIn account, the user can link content from this website to their LinkedIn profile. This allows LinkedIn to associate the user’s visit to Candera’s website with that user’s LinkedIn account.
Candera has no control over the data that LinkedIn collects, nor over the extent of the data that LinkedIn collects. Candera also does not have any knowledge of the contents of data transferred to LinkedIn. Details about data collection by LinkedIn, users’ rights in this regard, and browser settings related to this can be found in LinkedIn’s Data Privacy Policy.
(4) Xing
This website uses components provided by XING.com. Each time this website receives an access request equipped with a XING component, the component prompts the user’s browser to download an image of the component from XING. To Candera’s knowledge, XING does not store any personal information from the user obtained through the user’s accessing of this website. XING also does not store IP addresses. In addition, no analysis of user activity occurs through the use of cookies in relation to the “Share” button on XING. XING’s privacy policy related to the “Share” button can be found here.
(5) Twitter
Candera uses multiple plug-ins from the social media network twitter.com, which is operated by Twitter Inc. Individuals can recognize these plug-ins either by one of the Twitter logos (the letter “t” or the bird graphic) or by identifying of the plugin with the words “tweet” or “twitter”. Details about the collection and use of data by Twitter, users’ rights in this regard, and the options for protecting an individual’s private sphere can be found in Twitter’s Privacy Policy.
8) Candera asks that individuals refer to the website of the proprietor of their browser for information on how to cease the provision of information for cookies.
Article IX Exertion of Rights Related to Personal Information (Disclosure/Correction/Deletion/Cessation of Use)
Candera shall, upon request of an individual and in accordance with the applicable laws and regulations, notify or disclose (including disclosure of the record of Candera’s provision of personal information to third parties) the purposes of use of the personal information which it possesses pertaining to the individual in question, or supplement, delete, or cease the use of said personal information.
1) Disclosure
In the event that an individual requests information pertaining to themselves to be disclosed, Candera shall disclose the information to the individual without delay. Candera shall attempt to disclose the information via the method of contact requested by the individual. However, in the event that any of the following would apply as a result of said disclosure, Candera may refrain from partial or full disclosure of the information. In the event that Candera decides to refrain from partial or full disclosure of the information, Candera shall notify the individual to whom the information pertains without delay.
(i) In the event that there is a risk of harm being done to the life, physical well-being, assets, or other rights and interests of the individual to whom the information pertains or a third party
(ii) In the event that there is a risk of a remarkable impediment to the proper conduct of Candera’s business operations
(iii) In the event that any law or regulation would be violated
2) Correction/Deletion of Incorrect Information
(i) In the event that personal information which Candera possesses is incorrect, upon request of the individual to whom the information pertains, Candera, following the procedure that it has established, shall correct or delete the information.
(ii) In the event that Candera deems that it is necessary to fulfill a request as described in (i), it shall correct or delete the personal information without delay and notify the individual to whom the information pertains of its correction or deletion.
3) Deletion/Cessation of Use of Information
In the event that an individual requests Candera to delete or cease the use of personal information pertaining to themselves for one or more of the following reasons, Candera shall conduct a necessary investigation without delay.
・The information was used for a purpose other than those detailed in Article V
・The information was obtained via improper means
・The information was used in a manner that was liable to incite or promote illegal or improper acts
・Candera no longer has a need to use the information
・The information was leaked, lost, or damaged
・There was a risk that the rights and interests of the individual would be infringed upon due to how the information was handled
Based on the results of said investigation, Candera shall take such actions as deleting or ceasing the use of the information and notify the individual to whom the information pertains of such actions. However, in the event that the deletion or cessation of use of the personal information would involve a large financial cost or in the event that it would be difficult to delete or cease the use of the information for other reasons, Candera shall take necessary alternative measures to protect the rights and interests of the individual to whom the information pertains, in the event that there are alternative measures that can be taken.
4) Request Form
Individuals requesting the disclosure/correction/deletion/cessation of use of personal information pertaining to themselves must provide the information detailed below, along with a document that can be used to verify the identity of the individual. In the event that the request is being carried out by a proxy, a document that can verify that the proxy is a representative of the individual to whom the information pertains (such as a letter of attorney) must also be provided. All of the necessary information/documents must be sent to the Personal Information Contact found in Article XIV. Candera shall reply upon verifying the identity of the individual and once it has done so, in accordance with its internal policy, shall immediately dispose of the documents used for confirming the identity of the individual. Candera shall not charge individuals for submitting such a request.
Information to provide:
・Name, address, telephone number, and email address
・Kind of request (e.g. disclosure, correction, addition, deletion, cessation of use by Candera/a third party to whom information was provided with consent of the individual as outlined in Article V of this Privacy Policy.)
・Description of request
The following provisions apply to customers residing in Europe, the Middle East, and Africa (EMEA):
An individual may check personal information pertaining to themselves by the method prescribed by Candera and correct, update, or delete the information themselves. Notwithstanding this Article, Candera shall, upon request from the individual, and in accordance with the applicable laws and regulations, provide access to, allow the correction, deletion, restriction, objection to the handling of, or allow the exertion of the right to data portability in regard to the personal information pertaining to the individual which Candera possesses. To the extent permissible by the applicable laws and regulations Candera may charge a reasonable fee to respond to such requests. The individual retains the right to object to Candera’s handling of personal information pertaining to themselves via a regulatory agency. The contact information for exercising the aforementioned rights is as described in Article XIII.
Article X Security Measures
- Candera’s websites employ SSL (Secure Socket Layer) encryption. SSL is a communication protocol that encrypts data sent over IP networks such as the internet. SSL encrypts transmissions between two devices that send and receive data, preventing the falsification or modification of data by other devices on the same network, such as a communication relay.
- Candera shall handle personal information appropriately, in accordance with the Personal Information Protection Act and this Privacy Policy. To handle personal information in an appropriate manner, Candera shall properly enact the following security measures:
1) Appointment of a person(s) to be responsible for the handling of personal information
2) Clear identification of the employees who handle personal information and the scope of the personal information which they handle, and the establishment of a reporting system to the responsible person(s) in the event that a violation of the Personal Information Protection Act or internal rules regarding the handling of personal information has occurred, or in the event that indications that such a violation could occur become apparent
3) Periodic education of employees on the proper handling of personal information
4) Management of the access to the personal information of employees who handle other personal information, restriction of usage of devices and entry to rooms, and implementation of measures to prevent unauthorized persons from viewing personal information
- Candera shall regularly review its information security guidelines to ensure the proper implementation of the security measures defined in the previous Section.
- In the event that Candera outsources the handling of personal information to a third party, Candera shall enter into a contract with the party to whom the information was outsourced and properly oversee their business operations.
- In the event of an incident (leakage, loss, damage, or infringement) related to personal information (including the threat of such an incident), Candera shall immediately conduct an internal investigation to establish the cause of and facts surrounding the incident, take measures to prevent the occurrence of such an incident in the future, and report the incident to the overseeing authorities and the individual to whom the information pertains in accordance with the applicable laws and regulations.
The following stipulations apply to individuals residing in the State of California, United States of America:
With respect to the handling of personal information of individuals residing in the State of California, United States of America, in addition to this Privacy Policy (hereinafter “Statement”), the following special provisions (hereinafter “Special Provisions”) shall apply. In the event that any conflict between the Statement and the Special Provisions arise, the Special Provisions shall take precedence.
1. Types, Purposes, and Sources of Personal Information Collected The types of personal information which Candera may collect or has collected during the twelve (12) months prior to the last revision of the Statement and the Special Provisions and the purposes of use for said personal information are as described in Article VI of the Statement. The source of such personal information is the individual to whom the personal information pertains. 2. Sharing of Personal Information 1) Candera shall not sell personal information, including that of minors, and have not sold any personal information in the twelve (12) months prior to the last revision of the Statement and the Special Provisions. “Sell” refers to the sale, lease, publication, disclosure, dissemination, allowing the use of, transferring, or communication orally, in writing, electronically, or by any other means of personal information of a consumer, from Candera to another business or third party, for money or other forms of compensation. 2) The types of information that may have been disclosed for business purposes during the twelve (12) month period prior to the last revision of the Statement and the Special Provisions are as stated in Article IV of the Statement. The types of third parties to whom personal information may have been disclosed are as stated in Articles V and VI of the Statement. 3. Disclosure and Deletion Requests 1) An individual may check personal information by the method prescribed by Candera and correct, update, or delete the information themselves. Notwithstanding Article VIII, Candera shall, upon request from the individual, and in accordance with the applicable laws and regulations, provide access to or delete personal information pertaining to the individual which Candera possesses. The details of such disclosure and deletion are as follows: (1) Access: An individual retains the right to, up to twice within a 12-month period, request the disclosure of the following information pertaining to themselves that Candera has collected, used, or disclosed in the 12-month period prior to the disclosure request. a. Types of personal information collected b. Specific pieces of personal information collected c. Types of sources Candera used to collect personal information d. Purposes of use for personal information collected e. Types of third parties with whom Candera shares personal information (2) Deletion: An individual retains the right to request the deletion of specific personal information that Candera has collected from the individual in question.
2) For access or deletion requests, please contact Candera via the following: ◆Candera GmbH Mailing address: Semmelweisstrasse 34 4020 Linz, Austria Email address: [email protected] Phone number: + 43-732-90305-0
3) In order for Candera to protect the privacy of individuals and maintain security, it shall verify the identity of an individual before providing said individual with access to personal information pertaining to themselves or responding to a deletion request. (1) Candera shall review access or deletion requests from unique accounts only in the event that the request relates to the personal information associated with a password-protected account that has been sufficiently verified as belonging to the individual in question. (2) In the event that the individual does not possess a password-protected account with Candera or is unable to access their password-protected account, Candera shall validate the access or deletion request according to one of the following procedures: a. In the event that the product or service associated with the individual has an inquiry function, Candera shall review requests submitted via the inquiry function (the inquiry function performs sufficient verification). However, in the event that Candera suspects that the request was made by an individual other than the actual user of the product or service, Candera shall request the individual to provide information that could only be recognizable by the actual user of the product or service in order to verify the identity of the individual. b. In the event that the product or service associated with the individual does not have an inquiry function, Candera shall verify the identity of the individual by sending a customer number through the notification function of the applicable product or service and request a response using the same number. However, in the event that the product or service does not have a notification function, or the individual is unable to use the notification function, Candera shall request the individual to provide information that could only be recognizable by the actual user of the product or service in order to verify the identity of the individual. (3)In the event that the individual makes an access or deletion request through a representative, Candera may request that the individual (i) provide the representative with a signed document granting permission to make the request, (ii) make direct contact with Candera in order to verify the identity of the individual in question, or (iii) confirm directly with Candera that the individual has given their representative permission to submit the request.
4) In the event that the individual chooses to exercise any of the rights detailed in this Section, the individual retains the right to be treated without discrimination by Candera. To the extent permitted by the applicable laws, Candera may charge a reasonable fee to respond to the request of the individual. |
Article XI Updates to the Privacy Policy
Candera shall strive to appropriately revise and improve this Privacy Policy. In the event that this Privacy Policy gets updated, Candera shall notify users of this website via its established means of contact. The updated Privacy Policy shall come into effect from the time it is posted on the Candera website.
Article XII Compliance to Laws, Ordinances, and Standards
Candera complies with Austrian laws, ordinances, and other standards applicable to personal information that Candera possesses.
Article XIII Contact Information
For inquiries regarding the use of personal information at Candera, please use the contact information below.
◆Candera GmbH
Semmelweisstrasse 34
4020 Linz, Austria
Phone: + 43-732-90305-0
Fax: + 43-732-90305-100
Established January 1, 2016
Revised September 21, 2022