Privacy Policy

The HTI Group is a global company, consisting of many different legal entities in different countries. As a user of the OneSecure ID, you are entitled to know, how the Skadii GmbH, as a part of the HTI Group, and its legal entities, process your personal data.

1. Skadii GmbH respects your privacy

Skadii GmbH is delighted that you have opted to use OneSecure ID. The protection of your privacy while processing your personal data as well as the security of all business data are important concerns to us. We process personal data gathered during your use of OneSecure ID in full confidence and only in accordance with statutory regulations.
Data protection and information security are included in our corporate policy.

2. Controller

Skadii GmbH is principally responsible for the provision of OneSecure ID. In this regard, your data will be collected and processed by Skadii GmbH and transferred for login purposes to the applications you use.
Our contact details are as follows:
Skadii GmbH Michael-Seeber-Str. 1 – 6410 Telfs, Austria
In addition, we process your data in accordance with the regulations of the General Data Protection Regulation (GDPR) and national data protection laws in joint responsibility with the persons responsible for the applications you use.
The use of further functions of OneSecure ID, in particular the administration of your master data and the provision of an overview of your applications, is the joint responsibility of those persons responsible for the applications you use.
For more information on the individual processing operations and your rights, please refer to section 13.

3. Collection, processing, and usage of personal data

3.1. Principles

Personal data comprises all information related to an identified or identifiable natural person. This includes names, addresses, phone numbers, email addresses, photographs, or any other data that are an expression of a person’s identity.
We collect, process, and use personal data (including IP addresses) only when there is either a statutory legal basis for this or if you have consented to this processing or use of personal data (e.g., by means of registration).

3.2. Processing purposes and legal basis

We and the service providers commissioned by us process your personal data for the processing purposes listed hereafter. We would like to point out that you have a special right to object to any processing on the legal basis of “legitimate interest” (see the section User rights):

3.3. Registration and login with OneSecure ID

In accordance with our terms of use and the contractual terms of the applications you use, your data will be processed for the purpose of the provision of OneSecure ID (registration and login with OneSecure ID).
For this purpose, the following data will be collected and processed by us: user ID (e-mail address or cell phone number), first name, last name, language, country, and a freely chosen password.
During registration, we will also record your agreement to our terms of use and your agreement to this data protection notice along with date and time of this agreement. Legal basis: contractual performance (Terms of use)

3.4. Overview and administration of your master data and applications with OneSecure ID

With OneSecure ID, we remove the need for you to continually enter and administer master data for applications that are connected to OneSecure ID. In the future, you will be able to independently administer, in your profile, the data you entered during registration (e-mail address, cell phone number, first name, last name, language, and country) and thereby ensure that your master data remain up to date at all times. Skadii GmbH processes these data for this purpose and, if required, shares them with applications that are connected to OneSecure ID.
We also provide an overview of all the applications connected via your OneSecure ID.
Legal basis: contractual performance (Terms of use)

3.5. Investigating service disruptions and ensuring security

We process your data in order to fulfill our legal obligations regarding data protection and to fulfill our contractual obligations.
Legal basis: legal obligations and contractual performance

3.6. Safeguarding and defending our rights

We process your data when there is a legitimate interest on our part in the assertion and defense of our rights.
Legal basis: legitimate interest

4. Log files

Each time you use the internet, your browser or your mobile device automatically transfers specific information, which we store in so-called log files.
We store log files for the exclusive purpose of investigating service disruptions and for ensuring security (e.g., to investigate cyberattacks). These log files are stored for a short period, after which they are deleted. Log files that need to be retained for evidence purposes are excluded from deletion until the respective incident has been resolved. In certain cases, these may be passed on to investigating authorities.
In particular, the following information is saved on log files:
IP address (internet protocol address) of the terminal device used to access OneSecure ID
  • Internet address of the website from which the online offer was accessed (so-called URL of origin or referrer URL)
  • Name of the service provider via which the online offer was accessed • Name of the files or information accessed
  • Date and time as well as duration of data retrieval
  • Amount of data transferred
  • Operating system and information about the internet browser used, including add-ons installed (e.g., Flash Player)
  • HTTP status code (e.g., “Request successful” or “File not found”)

5. Children

To register with OneSecure ID, you must be of legal age.

6. Data transfer

6.1. Data transfer to other controllers (general)

Your personal data will only be transferred to other companies in the scope necessary for the respective purpose and only if there is a necessary basis for this transfer.
In addition, data may be transferred to other controllers if we are obliged to do so due to statutory regulations or enforceable administrative or judicial orders, or if we ourselves, or a third party, have a legitimate interest in the data transfer.
Particulars on the legal basis can be found in the section Processing purposes and legal basis. Should data be transferred to third parties on the basis of a legitimate interest, this is explained in the present data protection notice.

6.2. Data transfer to other companies for the purposes of login with OneSecure ID

If you wish to use OneSecure ID to log in to the applications of other companies (“service providers”), this is done via a login screen provided by us. After we have verified that you are registered with OneSecure ID, we will confirm your authorization to the respective service provider and provide them with the data they need in order to enable you to log in and thereby use the specific application. These data are your e-mail address, first name, last name, language, country, and your OneSecure ID. Your password will not be communicated.

6.3. Transfer of data to other companies to provide an overview and enable the administration of your master data and applications via OneSecure ID

In the future, you will be able to administer your master data yourself with OneSecure ID and obtain an overview of all applications connected to OneSecure ID. This function is available at all times.
Any update to your master data will communicated to the applications connected to OneSecure ID. These data are only used by the applications for fixed purposes.
In this regard, no personal data will be transferred to us by the services or companies. These data remain with the service itself.

6.4. Service providers (general)

We contract external service providers with tasks such as sales and marketing, contract management, programming, data hosting, and hotline services We have chosen these service providers with great care, and we monitor them on a continual basis, particularly regarding their care in handling and protecting the data stored with them. We oblige all service providers to maintain confidentiality and to comply with the statutory provisions. Service providers may also be other companies within the Bosch Group.

6.5. Transfer to recipients outside the EEA

We also transfer personal data to recipients located outside the EEA, in so-called third countries. In such cases, we ensure prior to the transfer either that the recipient of the data maintains an appropriate level of data protection (e.g., on the basis of an adequacy decision of the EU Commission for the respective country or the agreement by the recipient to to so-called EU standard contractual clauses of the European Union) or that you have consented to the transfer of such data.
You are entitled to receive an overview of third-country recipients and a copy of the specifically agreed provisions that secure an adequate level of data protection. For this purpose, please follow the instructions in the section Contact.

7. Duration of storage; retention periods

We store your data for as long as is required to provide our online offer and services connected to this offer, or for as long as we have a legitimate interest in storing such data (e.g., after fulfillment of our contractual obligations, we may still have a legitimate interest in mail marketing). In all other cases – in particular, when you cancel your registration to OneSecure – we will delete all personal data with the exception of data that we are obliged to store in order to fulfill our legal obligations (e.g., due to retention periods under the tax and commercial codes, we are obliged to retain documents such as contracts and invoices for a certain period of time).

8. Usage of cookies

Cookies and tracking mechanisms may be used in connection with the provision of our online service. Cookies are small text files that may be stored on your device when visiting our online service. Tracking is possible by means of various technologies. In particular, we process information us-ing pixel technology and/or during log file analysis.

8.1. Categories

We distinguish between cookies that are necessary for the technical functioning of OneSecure ID and such cookies and tracking mechanisms that are not necessary for the technical functioning of OneSecure ID.
In general, it is possible to use OneSecure ID without those cookies that do not serve technical purposes.

8.2. Technically necessary cookies

By technically necessary cookies, we mean those cookies without which technical provision of OneSecure ID cannot be ensured. These include cookies that store data in order to ensure smooth reproduction of video or audio content. Such cookies will be deleted following the end of your visit. The cookies that we use serve to identify or authenticate our users and belong to the category of cookies that are necessary for technical functioning.

8.3. Cookies and tracking mechanisms that are not technically required

We only use such cookies and tracking mechanisms if you have specifically given us your prior consent.

9. External links

Our online offer may contain links to internet pages of third parties (i.e., providers who are not related to us). Once such a link has been clicked, we have no control over the collection, processing, and use of any personal data – such as the IP address or URL of the site on which the link is located – that are transferred by clicking on the link to the third party. This is because the conduct of third parties is naturally beyond our control. Therefore, we do not assume responsibility for the processing of such personal data by third parties.

10. Security

Our employees and the companies providing services on our behalf are obliged to maintain confidentiality and to comply with the provisions of the data protection laws currently in force.
We employ all necessary technical and organizational measures in order to ensure an appropriate level of security and to protect your personal data, as administered by us, against, in particular, the risks of unintended or unlawful destruction, manipulation, loss, alteration, unauthorized disclosure, or unauthorized access. Our security measures are subject to continuous improvement in line with technological developments.

11. User rights

To assert your rights, please use the details provided in the section Contact. In doing so, please ensure that you are clearly identifiable.

11.1. Right to information and access:

You have the right to obtain information from us regarding the processing of your personal data. For this purpose, you may assert a right of access to the personal information we process about you.

11.2. Right to correction and deletion

You have the right to require the correction of inaccurate personal data and – provided that stat-utory requirements are met – the completion or deletion of such data.
This does not apply to data that are required for billing or accounting purposes or that are subject to a statutory retention period. In the event that access to such data is not required, their processing is restricted (see the following).

11.3. Restriction of processing

Provided that statutory requirements are met, you can require us to limit the processing of your data.

11.4. Objection to data processing on the legal basis of “legitimate interest”:

In addition, you have the right to object at any time to the processing of your personal data if such processing is conducted on the legal basis of “legitimate interest.” We will then cease to process your data unless we can demonstrate, in line with legal requirements, compelling and legitimate grounds that override your rights.

11.5. Objection to direct marketing

In addition, you may object at any time to the processing of your personal data for purposes of direct marketing. We would like to point out, however, that we do not conduct any direct marketing in connection with OneSecure ID.

11.6. Revocation of consent:

If you have consented to the processing of your data, you have the right to revoke this consent at any time with future effect. The lawfulness of any processing of your data prior to this revocation remains unaffected.

11.7. Data portability

Under the General Data Protection Regulation (GDPR), which applies from May 25, 2018, you continue to have the right to require that any data you have provided be transferred to you in a structured, commonly used, and machine-readable format, or to require– if technically feasible – that such data be transferred to a third party.

11.8. Canceling your registration:

You may terminate your OneSecure ID user agreement at any time by canceling your registration. Please click the following link: My Profile. Please note that canceling your registration only results in the deletion of such data for which there are no legal retention periods.
After canceling your registration to OneSecure ID, a data-deletion request is sent to the applications connected to OneSecure ID. The decision whether to delete the data stored in individual applications lies with applications themselves.

11.9. Right to lodge complaint with supervisory authority:

You have the right to lodge a complaint with a data protection authority. In particular, you can appeal to the data protection authority that is responsible for your place of residence or for your federal state, or to the data protection authority that is responsible for our company location. The latter is: Österreichische Datenschutzbehörde
Barichgasse 40-42
1030 Wien
Phone: +43 1 52 152-0
E-Mail: dsb@dsb.gv.at

12. Contact

If you wish to contact us, you can reach us at the address given in the section Controller.

13. Information to be provided to data subjects in accordance with Art. 13 GDPR – Joint controllers

As the party responsible for OneSecure ID, Skadii GmbH exercises joint responsibility, together with third parties responsible for the application(s) you use, for the processing of your data in accordance with the provisions of the General Data Protection Regulation and national data protection laws. In accordance with Art. 26 of the GDPR (Joint controllers), we have agreed in writing to exercise joint responsibility for data processing. In particular, we have determined and agreed upon the responsibilities and liabilities of the parties involved. For detailed information on individual processing operations, please refer to the data protection notice of Skadii GmbH and the information sheet on data processing available at Data Protection Policy.

Information on joint responsibility with regard to data subjects, according to Art. 26 Par 2 GDPR

Party 1: Skadii GmbH Michael-Seeber-Str. 1 – 6410 Telfs, Austria
and
Party 2: All parties named in the list of parties

What is the basis for joint responsibility?

In connection with the provision of OneSecure ID as an exclusive single sign-on solution of the HTI Group, the aforementioned parties will work closely together. This also concerns the processing of your personal data. The parties have jointly determined the order in which this data is processed in individual process steps. As such, they are jointly responsible for the protection of your personal data during the process stages described below (Art. 26 GDPR).
As a data subject according to GDPR, you have a right to the following information from the aforementioned parties.

For which process stages is there joint responsibility?

  • Processing step: Registration and login with OneSecure ID
  • Responsibility lies with: Skadii GmbH
  • Processing step: Overview and administration of master data and applications with OneSecure ID
  • Responsibility lies with: Skadii GmbH

What have the parties agreed?

In line with their joint responsibility for data protection, the aforementioned parties have agreed which of them is responsible for meeting specific obligations under GDPR. In particular, this concerns the exercise of the rights of data subjects (Art. 15–21 GDPR) and the fulfillment of the obligations regarding provision of information (Art. 13–14 GDPR).
This agreement is required because during the provision and operation of OneSecure ID and its functions, personal data is processed in various process steps and by various systems operated either by Skadii GmbH or by all parties named in the list of parties.

What does this mean for you as data subject?

Although a joint responsibility exists, the parties shall fulfill the obligations under data protection law in accordance with their respective responsibilities for the individual processing activities as follows:
  • In accordance with their joint responsibility, the parties shall provide the data subject with any information required under Art. 13 and 14 GDPR in a precise, transparent, intelligible, and easily accessible form, using clear and plain language. This information shall be provided free of charge. For this purpose, each party shall provide the other party with all the necessary information from its area of operation.
  • The parties shall inform each other without delay of any legal positions asserted by you as data subject. They shall provide each other with all the information required to respond to requests for information.
  • As data subject, you will, in principle, receive the information from Skadii GmbH. Regardless of this internal agreement, you may also assert your rights, as data subject, directly against any party.

Who are the contracting parties?

All HTI entities that have signed the Adherence Letter to the Joint Controller Agreement are referred to as contracting parties.

List of parties