Personal data privacy and security policy

HARTL is entirely dedicated to the protection of personal data privacy that we collect, process and store.

This Policy on personal data privacy and security will help you understand:

  1. What are personal data
  2. What type of data we collect and the method of collecting
  3. How and why we are processing data
  4. To whom and why are we transferring personal data
  5. How do we protect personal data
  6. What are your rights
  7. How to contact us


In accordance with the Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR):

Personal data means any information relating to an identified or identifiable natural person. Different information which gathered together may lead to the identification of a certain data subject shall be also considered personal data.

Personal data may refer to: name and surname, address of residence, email address, such as; identification number, location data, internet protocol address (IP); cookie identifier, etc.



Data you submit via forms, either on paper or electronically, by e-mails or by phone calls.


When you access our website, the web server automatically stores access logs containing visitor’s IP address, web resource (document) accessed, as well as information about the operating system / browser used. We store the data in order to prevent fraud and to ensure the protection of our website and on our information therein.
Also, on our website we use cookies to improve the browsing experience of all our visitors, as well as to monitor the performance of our website. Through our cookies, we do not collect nor process any information based on which the visitor’s identity could be revealed. For further information, please access our `Cookies Policy`.

Depending on the services you use on our website, we collect different categories of information from you or about you.

We collect the content and other information you provide while you are using our services, including when you create an account on our websites.
We collect information on the way you are using our services, such as type of content you view, interact with or the frequency and time of your activities.
We collect contact information you provide to us.
In case you are using our purchase services, we collect information about your purchase. Amongst such information, there are your payment information, such as your credit or debit card number and other information related to your card, as well as other information about your account and log in details, invoicing, delivery and contact information.
We collect information from and about PCs, telephones or other devices from which you access our services, depending on the permissions limit you granted. Here are some device information we collect:

  • attributes, such as the operating system, hardware version, device settings, name and type of files and software and device identifiers;
  • device locations, including specific geographical locations, such as GPS, Bluetooth or Wi-Fi signals;
  • information about your connection, such as the name of your mobile phone provider or your Internet service provider (ISP), the type of browser, language and time zone, mobile telephone number and IP address.


Processing personal data: any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure to third parties by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;.

Storage: Retaining collected personal data on any electronic medium.

HARTL will be processing personal data for the following purposes:

  • To provide goods and services you required
  • To confirm goods and services ordered and to provide you additional information thereof
  • For tendering, borrowing and lending, and invoicing operations
  • To comply with the applicable laws
  • For HR specific activities, in case you are interested to join our team
  • To keep you informed on our promotions, newsletters about our products and services from our portfolio or to invite you to our actions/campaigns/activities organized by us.

We are processing your personal data for many purposes:

  • To provide, improve and develop our services intended for you
  • To perform questionnaires and researches in order to assess and develop products and services intended for you
  • To communicate with you
  • To send you marketing messages if you agree upon
  • To assess the performance of our services and products
  • To comply with applicable legal requirements (for employees, affiliates)


The privacy of personal data is one of the most important matters to us. We do not transfer this type of data to third parties unless it is reasonable necessary, and we transfer only data necessary to comply with the legal and contractual requirements in force.


Personal data are processed under safe conditions. HARTL has taken adequate technical and organizational measures on data security against unauthorised processing or alteration, loss or destruction, as well as, against unauthorised disclosure and access on the personal data transmitted, stored or processed. HARTL ensures the integrity, availability, privacy and authenticity on personal data.

HARTL uses advanced methods and technologies, together with policies applicable to its employees and work procedures to protect personal data processing, in accordance with the legal requirements in place.

HARTL has concluded an agreement according to which, the Internet services provider and host ascertains that all security measures have been taken, such as: limiting both physical, as well as, the remote access, being installed in data centre and subject to a security audit periodically.

HARTL makes all reasonable efforts commercially justified, to protect personal data we hold, to analyse new technologies in scope and, if applicable, to apply them in order to upgrade our security systems.
Also, we have implemented adequate technical and organizational measures in order to guarantee that only personal data necessary for the intended purposes are being used. The principle on the data protection by default shall be also followed for the development of new products and services.

Nevertheless, besides all our efforts for storing the collected information in a safe operational environment not available to the public, we cannot guarantee the full security of this information during transmission or in storage in our systems. In the event of a breach of security that endangers your privacy or personal information we undertake to inform you on such matters, either by our website or by other methods we have (email messages, phone calls, etc.).


Access, Rectification, Erasure and Objection

You may contact us, and we will inform you upon the personal information we have collected and processed related to you and upon the purposes they are being used. You are entitled to correct any incorrect, incomplete expired or useless information stored related to you, simply by contacting us.
You may object on the use of some personal information, including direct marketing, if such data are being processed for purposes other than those necessary in order to achieve our services or to comply with a legal obligation. Also, you may object to any further processing of your personal information after you have given prior agreement. If you object to further processing of your personal information, this may result in fewer options while using our services.

Erasure and the right to restrict the processing

Also, you may ask us to erase your personal information from our systems. We will respect this request unless there is a legitimate reason not to do it. Subsequent to data erasure, we may not be able to erase all residual copies of erased information from our systems. The copies shall be erased as soon as possible.
You can ask to restrict the processing of some personal information, but this may result in fewer options while using our services.

The right to portability

You have the right to receive personal information provided by you in a structured and commonly used form.

How can you exercise such rights

Such rights could be exercised by submitting a request on paper or by e-mail to the below addresses. The request shall include at least the following information: name, phone number and the content.
We may request you to provide additional information necessary to confirm your identity. We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded.
In the event you consider that our activities of processing your personal data do not comply with the applicable laws on data protection, you may submit a complaint to:

Österreichische Datenschutzbehörde 

  • Hohenstaufengasse 3
    1010 Wien


If you have concerns regarding data protection, you are welcome to contact us anytime at: