This privacy policy provides an overview of the nature, scope, and purposes of the processing of personal data when you visit our website. Personal data is all information with which you can be personally identified, including your IP address.
Furthermore, this privacy policy contains a further section with general information on data protection, which applies to all our processing activities.
The terms used in this declaration are based on the definitions in Art. 4 of the EU General Data Protection Regulation (GDPR).
OMV New Zealand Ltd can be contacted in the following ways:
PO. Box 2621
Wellington 6140
NEW ZEALAND
+64 (0)4 910 2500
info.nz@omv.com
On the one hand, your data is collected by you communicating it to us; on the other hand, data, in particular, technical data, is collected automatically when you visit our website. Some of the data is collected in order to ensure that our website functions correctly. Other data may be used for analysis. You can find out more about this in the next section.
We use cookies to make our website as user-friendly and functional as possible for you. Some of these cookies are stored on the device you use to access the site.
Cookies are small packages of data that are exchanged between your browser and our web server whenever you visit our website. They do not cause any damage and are used solely to recognise website visitors. Cookies can only store information provided by your browser, e.g. information that you have entered into your browser or that is available on the website. Cookies cannot execute code and cannot be used to access your terminal device.
The next time you access our website using the same device, the information stored in the cookies can then either be sent back to us (“first-party cookie”) or to a web application of third party to whom the cookie belongs (“third-party cookie”). The information that is stored and sent back allows each web application to recognise that you have already accessed and visited the website using the browser on your device.
Cookies contain the following information:
We classify cookies in the following categories depending on their purpose and function:
Depending on the storage period, we also divide cookies into session and persistent cookies. Session cookies store information that is used during your current browser session. These cookies are automatically deleted when the browser is closed. No information remains on your device. Persistent cookies store information between two visits to the website. Based on this information, you will be recognized as a returning visitor on your next visit and the website will react accordingly. The lifespan of a persistent cookie is determined by the provider of the cookie.
The legal basis for using technically necessary cookies is our legitimate interest in the technically fault-free operation and smooth functionality of our website. The use of statistics and marketing cookies is subject to your consent. You can withdraw your consent for the future use of cookies at any time. Your consent is voluntary. If consent is not given, no disadvantages arise. For more information about the cookies we actually use (specifically, their purpose and lifespan), refer to this Privacy Policy and to the information in our cookie banner about the cookies we use.
You can also set your web browser so that it does not store any cookies in general on your device or so that you will be asked each time you visit the site whether you accept the use of cookies. Cookies that have already been stored can be deleted at any time. Refer to the Help section of your browser to learn how to do this.
Please note that a general deactivation of cookies may lead to functional restrictions on our website.
On our website, we also use so-called local storage functions (also called "local data"). This means that data is stored locally in the cache of your browser, which continues to exist and can be read even after you close the browser - as long as you do not delete the cache or data is stored within the session storage.
Third parties cannot access the data stored in the local storage. If special plug-ins or tools use the local storage functions, you are informed within the description of the respective plug-in or tool.
If you do not wish plug-ins or tools to use local storage functions, you can control this in the settings of your respective browser. We would like to point out that this may result in functional restrictions.
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, e-mail: support-de@google.com
Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Purpose: Web analysis, performance measurement, conversion tracking, collection of statistical data
Category: Statistics
Recipient: EU, USA
Processed data: IP address, details of the website visit, user data
Data subjects: Website visitors
Technology: JavaScript call, cookies (details in the cookie list), fingerprinting, local storage
Legal basis: Consent (purpose)
Certifications: EU-U.S. Data Privacy Framework, Swiss-U.S. Data Privacy Framework, UK Extension to the EU-U.S. Data Privacy Framework
Further information:
https://policies.google.com/privacy
https://safety.google/intl/de/principles/
https://business.safety.google/adsprocessorterms/
Here you can find out exactly where Google data centers are located: https://www.google.com/about/datacenters/locations/
On our website, we use the functions of the web analysis service Google Analytics to analyze user behavior and to optimize our website. The reports provided by Google are used to analyze the performance of our website and to measure the success of possible campaigns via our website.
Google Analytics uses cookies that enable us to analyze the use of our website. All details (name, purpose, storage duration) of the cookies can be found in our specific list of cookies used.
Google Analytics can use local storage. This is an alternative to using cookies to store the client ID. This makes it possible to track user behavior without setting cookies.
Information about the use of the website such as browser type/version, operating system used, the previously visited page, host name of the accessing computer (IP address), time of the server request are usually transmitted to a Google server and stored there. We have concluded a contract with Google for this purpose.
Google will use this information on our behalf to evaluate the use of our website, to compile reports on the activities within our website and to provide us with further services associated with the use of our website and the Internet.
We only use Google Analytics with IP anonymization activated by default. This means that the IP address of a user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. According to Google, the IP address transmitted by a user's browser as part of Google Analytics is not linked to other Google data.
During the website visit, user behavior is recorded in the form of so-called events. These can be the following:
is also recorded:
This data is essentially processed by Google for its own purposes, such as profiling (without us being able to influence this).
The data on the use of our website will be deleted immediately after the end of the retention period set by us. Google Analytics specifies a standard retention period of 2 months for user and event data, with a maximum retention period of 14 months. This retention period also applies to conversion data. The following options are available for all other event data: 2 months, 14 months, 26 months (Google Analytics 360 only), 38 months (Google Analytics 360 only), 50 months (Google Analytics 360 only). We choose the shortest storage period that corresponds to our intended use. You can ask us at any time about the retention period we have currently set.
Data whose retention period has been reached is automatically deleted once a month.
Additional details can be found in the linked further information. It is recommended that you check these links regularly for changes, as Google Analytics may update its functions and privacy policy. Further information on rights and contact details can be found in the general section of this privacy policy.
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC (USA)
Purpose: Personalized Advertising, Conversion Tracking, Remarketing, Campaign Performance Measurement
Category: Marketing
Recipients: EU, USA
Data processed: IP Address, Website Visit details, User data
Data subjects: Users
Technology: JavaScript Call, Cookies
Legal basis: Consent, Data Privacy Framework, https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Website: https://www.google.com
Further information:
https://policies.google.com/privacy
https://safety.google/intl/de/principles/
https://business.safety.google/adsprocessorterms/
Here you can find out where exactly Google data centers are located: https://www.google.com/about/datacenters/inside/locations/
On this website, the Google Ads service is used for the purpose of advertising our products and services. Google Ads is Google's in-house online advertising system.
It is important for us to know whether an interested visitor ultimately becomes our customer. To be able to measure this, there is the so-called conversion tracking. Furthermore, we would like to be able to address visitors to our website again and in a targeted manner. We achieve this through so-called remarketing (retargeting).
Google Ads serves both conversion tracking and remarketing, i.e. we can see what happened after you clicked on one of our ads. In order for this service to work, cookies are used and visitors are sometimes included in remarketing lists in order to be served only with certain advertising campaigns.
This is done by means of a pseudonymous identification number (pID), which the browser of a user receives and is assigned to him. This pID enables the service to recognize which ads have already been displayed to a user and which have been called up. The data is used to serve ads across websites by enabling Google to identify the pages visited by the user.
Our goal is that the offer of our website through the use of Google Ads targeted to those visitors who are actually interested in our offer. The data from conversion tracking allows us to measure the benefit of individual advertising measures and optimize our website for our visitors. Conversion can be measured through the use of cookies.
The information generated is transferred by Google to a server in the U.S. for evaluation and stored there. A transfer of data by Google to third parties only takes place due to legal regulations or in the context of commissioned data processing. Under no circumstances will Google link data of a user with other data collected by Google.
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC (USA)
Purpose: Launching Tools and Plugins
Category: Technically Required
Recipients: EU, USA (possible)
Data processed: IP Address
Data subjects: User
Technology: JavaScript Call
Legal basis: legitimate interest, Data Privacy Framework, https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Website: https://www.google.com
Further information:
https://policies.google.com/privacy
https://safety.google/intl/en/principles/
https://business.safety.google/adsprocessorterms/
Here you can find out where exactly Google data centers are located: https://www.google.com/about/datacenters/locations/
The Google Tag Manager service is used on our website.
The Tag Manager is a service that allows us to manage website tags via an interface. This allows us to include code snippets such as tracking codes or conversion pixels on websites without interfering with the source code. In doing so, the data is only forwarded by the Tag Manager, but neither collected nor stored. The Tag Manager itself is a cookie-less domain and does not process any personal data, as it serves purely to manage other services in our online offering.
When the Google Tag Manager is started, the browser establishes a connection to Google's servers. These are mainly located in the U.S. Through this, Google obtains knowledge that our website was called up via the IP address of a user.
The Tag Manager ensures the resolution of other tags, which in turn may collect data. However, the Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, this remains in place for all tracking tags that are implemented with the Tag Manager.
In the process of hosting our website, we store all data related to the operation of our website. This is necessary for enabling operation of our website. Therefore, we process this data on the legal grounds of our legitimate interest in optimising our website. To provide access to our website, we use the services of web hosting providers, to whom we supply the aforementioned data within the context of contractual processing.
On our website, we use the open-source service jsDelivr to deliver content from our website as quickly as possible and in a technically flawless manner to various end user devices. The provider of this service is Prospect One sp. z o.o., Królewska 65A/1, PL-30-081 Kraków, Poland ("jsDelivr").
jsDelivr is a content delivery network (CDN) that mirrors the content on our website across different servers to ensure optimal accessibility worldwide. To make this possible, a CDN always uses servers that are geographically close to the respective user of our website. It can therefore be assumed that users within the EU are also provided with content by servers within the EU. In order to display content, jsDelivr uses user data such as the IP address.
According to the provider, jsDelivr does not set cookies or use other tracking mechanisms, but is only necessary for the technical reasons mentioned above. The legal basis for the transmission of personal data is therefore our legitimate interest in processing your personal data pursuant to Art 6 paragraph 1 lit f GDPR.
jsDelivr keeps personal data, as long as it is necessary for the provision of the described service or for the fulfillment of legal obligations.
To prevent this service, you can install a JavaScript blocker. However, this may result in the website no longer functioning as usual.
For more information on the use of your data, please refer to the provider's privacy policy at https://www.jsdelivr.com/terms/privacy-policy-jsdelivr-net
We offer various ways to get in touch with us on our website. Whenever you contact us, your information is used to process and handle your contact request in the course of fulfilling pre-contractual rights and obligations. To handle and answer your request it is necessary for us to process your data; otherwise we are unable to answer your request or only able to partially answer it. Your information can be stored in a database of customers and leads on the grounds of our legitimate interest in direct marketing.
We delete your request and contact information when your request has been definitively answered and there is no legally required time limit for storing this data prior to deletion (e.g. pursuant to a subsequent contractual relationship). This is usually the case when there is no further contact with you for three years in a row.
For technical reasons, particularly to ensure a functioning and secure website, we process the technically necessary data about accesses to our website in so-called server log files which your browser automatically sends to us.
The access data we process includes:
This data cannot be traced back to any natural person and is used solely to perform statistical analyses and to operate and improve our website while also optimising our site and keeping it secure. This data is sent exclusively to our website operator. The data is neither connected nor aggregated with other data sources. In case of suspicion of unlawful use of our website, we reserve the right to examine the data retroactively. This data processing takes place on the legal grounds of our legitimate interest in maintaining a technically fault-free and optimal website.
The access data is deleted within a short period of time after serving its purpose (usually within a few days) unless further storage is required for evidence purposes. In such cases, the data is stored until the incident is definitively resolved.
Within your visit to our website, we use the widespread SSL procedure (Secure Socket Layer) in conjunction with the highest level of encryption supported by your browser. You can tell whether an individual page of our website is transmitted in encrypted form by the closed representation of the key or lock symbol in the lower status bar of your browser. We use this encryption procedure on the basis of our justified interest in the use of suitable encryption techniques.
We also make use of suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments and kept state-of-the-art.
Provider: DataReporter GmbH, Zeileisstraße 6, 4600 Wels, Austria.
Purpose: Consent Management
Category: technically required
Recipient: EU, AT
Data processed: IP Address, Consent Data
Data subjects: Users
Technology: JavaScript call, Cookies, Swarmcrawler
Legal basis: Legitimate interest, consent (swarmcrawler to evaluate search results)
Website: https://www.datareporter.eu/
Further information: https://www.datareporter.eu/company/info
On our website, we use the Webcare tool for consent management. Webcare records and stores the decision of each user of our website. Our Consent Banner ensures that statistical and marketing technologies such as cookies or external tools are only set or started if the user has expressly consented to their use.
We store information on the extent to which the user has confirmed the use of cookies. The user's decision can be revoked at any time by accessing the cookie setting and managing the declaration of consent. Existing cookies are deleted after revocation of consent. For the storage of information about the status of the consent of the user, a cookie is also set, which is referred to in the cookie details. Furthermore, the IP address of the respective user(s) is transmitted to DataReporter's servers when this service is called up. The IP address is neither stored nor associated with any other data of the user, it is only used for the correct execution of the service.
With the help of Webcare, our website is regularly checked for technologies relevant to data protection. This investigation is only carried out for those users who have expressly given their consent (for statistical or marketing purposes). The search results of the users are evaluated by Webcare in an anonymous form and only in relation to technologies and used for the fulfillment of our information obligations. To start the Swarmcrawler technology, a request is sent to our servers and the IP address of the user is transmitted for the purpose of data transfer. Servers are selected which are geographically close to the respective location of the user. It can be assumed that for users within the EU, a server with a location within the EU will also be selected. The IP address of the user is not stored and is removed immediately after the end of the communication.
The WebCare statistics function enables us to anonymously record the interactions of the users of our website with our Consent Banner. The statistics only record whether the Consent Banner was opened and which actions were carried out (purposes of consent, revocation). Only statistical data and no activities related to the specific user are stored. The visitor's IP address is only used for the purpose of the connection and is completely deleted after the connection is terminated.
The use of the WebCare statistics function is based on our legitimate interest in reviewing the performance of our Consent Banner and the related accessibility of our online offer.
The statistical data is stored for 30 days, older data is automatically deleted.
You can find more information about this function in the provider's help section at: https://help.datareporter.eu/docs/webcare/webcare_consent_statistic/
Further information on data protection can be found at: https://www.datareporter.eu/company/info
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC (USA)
Purpose: Integration of Video Content, Collection of Statistical Data
Category: Statistics
Recipients: EU, USA
Data processed: IP Address, Website Visit Details, User Data
Data subjects: Users
Technology: JavaScript Call, Cookies, Device Fingerprinting, Local Storage
Legal basis: Consent, Data Privacy Framework, https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Website: https://www.youtube.com
Further information: https://www.youtube.com/intl/ALL_at/howyoutubeworks/user-settings/privacy/
https://policies.google.com/privacy
https://safety.google/intl/en/principles/
https://support.google.com/youtube/answer/10364219?hl=en
On our website, we use the YouTube service to embed videos.
We have activated the extended data protection mode on YouTube. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch a video. However, the disclosure of data to YouTube partners is not excluded by the extended data protection mode.
As soon as you start a YouTube video, a connection to YouTube's servers is established. This tells YouTube which of our pages you have visited. If you are logged into your YouTube account, you thereby enable YouTube to assign your surfing behaviour directly to your personal profile. This can be prevented by logging out of your account.
Furthermore, YouTube can save various cookies on your end device after starting a video or use comparable technologies (e.g. device fingerprinting). YouTube also uses the local storage on your end device. In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience and prevent fraud attempts
If you send us enquiries by e-mail, your details including the contact details you provided will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We expressly point out that data transmission on the Internet (e.g. communication by e-mail) is subject to security gaps and cannot be completely protected against access by third parties.
The use of the contact data of our imprint or our website for commercial advertising is expressly not desired unless we give a written consent. All persons named on this website hereby object to any commercial use and disclosure of this data.
OMV Aktiengesellschaft, Trabrennstraße 6-8, 1020 Wien, Austria
The protection of your personal data is important to us.
Personal data is information that can be individually assigned to you. Examples include your name, postal address, email address or telephone number. Details such as the number of users who visit a website are not personal data because they are not assigned to a specific person.
We treat personal data in accordance with the statutory data protection regulations, in particular, the EU General Data Protection Regulation and in accordance with this privacy policy as well as the applicable national data protection laws.
You have the right:
The responsible supervisory authority for OMV Aktiengesellschaft is:
Österreichische Datenschutzbehörde
Barichgasse 40-42, 1030 Wien, Österreich
Phone: +43 1 52 152-0, dsb@dsb.gv.at
You yourself decide on the use of your personal data. If you wish to exercise any of the above rights against us, you are welcome to contact us by email at info@omv.com. Please send a copy of an official photo ID together with your request for unambiguous identification and support us in concretizing your request by answering questions from our responsible staff regarding the processing of your personal data. In your inquiry, please state the role (employee, applicant, supplier, customer, etc.) and the period in which you have been in contact with us. This enables us to process your request promptly.
Pursuant to Art. 5 paragraph 1 lit. e GDPR, we are obliged to delete personal data immediately as soon as the purpose for processing has been fulfilled. In this context, we would like to point out that legal storage obligations and periods are a legitimate purpose for the processing of personal data.
In any case, data will be stored and retained by us in personal form until the termination of the business relationship or until the expiry of applicable warranty, guarantee or limitation periods; furthermore until the termination of any legal disputes in which the data is required as evidence; or in any case until the expiry of the third year after the last contact with a business partner.
Your personal data will not be transferred to third parties for purposes other than those listed below.
We will only pass on your personal data to third parties if:
you have given your express consent pursuant to Art. 6 paragraph 1 lit. a GDPR, the disclosure pursuant to Art. 6 paragraph 1 lit. f GDPR is necessary to safeguard operational interests and to assert, exercise or defend legal claims, and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data, in the event that the disclosure is necessary due to a legal obligation in accordance with Art. 6 para. 1 letter c GDPR, as well as this is legally permissible and necessary according to Art. 6 paragraph 1 lit. b GDPR for the execution of contractual relationships with you.
If we commission third parties with the processing of data on the basis of an order processing contract, this is done on the basis of Art. 28 GDPR.
If we process data in a third country or if this occurs in the context of the use of third party services or disclosure or transfer of data to other persons or companies, this will only occur for the reasons described above for the transfer of data. Subject to express consent or contractual necessity, we will only process or have the data processed in third countries with a recognized level of data protection, including US processors certified under the "Privacy Shield" or on the basis of special guarantees, such as contractual obligations under so-called standard contractual clauses of the EU Commission, the existence of certifications or binding corporate rules (Art. 44 - 49 GDPR).
In accordance with Art 32 GDPR, we take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk, taking into account the state of the art, the implementation costs and the nature, extent, circumstances and purposes of the processing as well as the different probabilities of occurrence and severity of the risk to the rights and freedoms of natural persons.
Measures shall include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical access to, inputting, disclosure, securing and separation of data. In addition, we have established procedures to ensure the exercise of data subjects' rights, the deletion of data and the response to data threats. Furthermore, the protection of personal data is already taken into account during the development or selection of hardware, software, and procedures, in accordance with the principle of data protection through technology design and data protection-friendly default settings (Art 25 GDPR).
Due to the further development of our website and offers about it or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can call up and print out the current privacy policy on our website at any time.