DATA PRIVACY STATEMENT FOR CUSTOMERS AND BUSINESS PARTNERS
The protection of personal data of our contacts at customers, sales partners, suppliers and partners (hereinafter referred to as “business partners”) is an important concern of EDAG Production Solutions GmbH & Co. KG (hereinafter referred to as “EDAG”). Therefore EDAG processes personal data in accordance with the applicable legal regulations for the protection of personal data and for data security.
I. NAME AND ADDRESS OF THE PERSON RESPONSIBLE
The responsible person in terms of the basic data protection regulation and other national data protection laws of the member states and other data protection regulations is:
EDAG Production Solutions GmbH & Co. KG
Tel.: +49 661 – 6000 150
Fax: +49 661 – 6000 319
II. NAME AND ADDRESS OF THE DATA PROTECTION OFFICERN
The data protection officer responsible can be contacted at the following:
INTARGIA Managementberatung GmbH
Dreieich Plaza 2a
III. GENERAL DATA PROCESSING INFORMATION
1. Scope and purpose of data processing
Within the scope of cooperation with business partners, EDAG processes personal data for the following purposes:
On the basis of consents granted (Art. 6 para. 1 a DSGVO):
- Carrying out customer surveys, marketing campaigns, market analyses, prize draws, competitions or similar campaigns and events;
To initiate, implement and terminate contractual relationships (Art. 6 para. 1 b DSGVO):
- General communication with business partners on products, services and projects, e.g. to deal with business partner enquiries
- Planning, implementation and administration of the (contractual) business relationship between EDAG and the business partner, e.g. to process the order of products and services, to collect payments, for accounting, billing and debt collection purposes and to carry out deliveries, maintenance activities or repairs;
On the basis of legal requirements (Art. 6 Para. 1 c DSGVO):
- Compliance with
o legal requirements (e.g. of tax and commercial law retention obligations),
o existing obligations to carry out compliance screenings (to prevent white-collar crime or money laundering); and
o EDAG guidelines and industry standards; and
- Settlement of legal disputes, enforcement of existing contracts and the assertion, exercise and defence of legal claims;
Based on a legitimate interest (Art. 6 para. 1 f DSGVO):
- Maintaining and protecting the security of our products and services as well as our websites, preventing and detecting security risks, fraudulent actions or other criminal acts or acts committed with intent to cause damage.
For the above-mentioned purposes EDAG processes the following categories of personal data if necessary:
- Contact information, such as first and last name, business address, business telephone number, business mobile phone number, business fax number and business e-mail address;
- payment data, such as information required for the processing of payment transactions or fraud prevention, including credit card information and card verification numbers;
- Further information, the processing of which is necessary within the framework of a project or the handling of a contractual relationship with EDAG or which is voluntarily provided by our contact persons, such as orders placed, enquiries made or project details;
- Information collected from publicly available sources, information databases or credit agencies; and
- Where required in the context of compliance screenings: information on relevant court proceedings and other legal disputes involving business partners.
If the aforementioned personal data is not made available or EDAG is unable to collect it, the individual purposes described may not be achieved.
2. Legal basis fort he processing of personal data
The processing of personal data is necessary to achieve the purposes mentioned under point III.1., including the execution of the (contractual) business relationship with the business partner. The legal basis for this is Art. 6 para. 1 sentence 1 lit. b) and lit. f) of the EU Basic Data Protection Regulation (hereinafter “DSGVO”) or, where express consent has been gi
iven, Art. 6 para. 1 sentence 1 lit. a) DSGVO.
3. Data erasure and storage duration
If no explicit storage period is specified during collection (e.g. in the context of a declaration of consent), your personal data will be deleted if they are no longer required to fulfil the purpose of storage, unless their temporary further processing is required in particular for the following purposes:
- Fulfilment of commercial and tax law retention periods, e.g. in accordance with the German Commercial Code or the German Fiscal Code The periods mentioned there are 2 to 10 years.
- Preservation of evidence within the scope of the statute of limitations (e.g. §§ 195ff. BGB).
4. Recipient of the data
Within our company, access to your data is granted to those entities that require it to fulfil our contractual and legal obligations or the above-mentioned purposes. Service providers and agents employed by us may also receive data for this purpose.
EDAG may transmit personal data to courts, supervisory authorities or law firms if there is a legal obligation to do so under Art. 6 Para. 1 S. 1 lit. c) DSGVO or if it is necessary under Art. 6 Para. 1 S. 1 lit. f) DSGVO to assert, exercise or defend legal claims and there is no reason to assume that our business partners have an overriding interest worthy of protection in not passing on the data.
EDAG works together with service providers (so-called contract processors), such as service providers for IT maintenance services. These service providers only work according to EDAG’s instructions and are contractually bound to comply with the applicable data protection requirements. For this purpose we conclude written contracts with these service providers.
5. Data transfer to third countries
EDAG may transfer personal data to other EDAG group companies for the above-mentioned purposes, but only if and insofar as this is necessary to fulfil the above-mentioned purposes.
Should we transfer personal data to service providers or group companies outside the European Economic Area (EEA), the transfer will only take place if the third country has been confirmed by the EU Commission as having an adequate level of data protection or if other appropriate data protection guarantees (e.g. binding internal company data protection regulations or EU standard contract clauses) are in place.
6. Revocability of granted declarations of consent
If our contact person has given his consent to process his personal data, the contact person has the right to revoke the given consent at any time with effect for the future, i.e. the revocation does not affect the lawfulness of the processing carried out before the revocation on the basis of the consent. After revocation EDAG may only process the personal data to the extent that EDAG can base the processing on another legal basis.
IV. RIGHTS OF DATA SUBJECTS
If personal data are processed by you, you are the data subject within the meaning of the DSGVO and you are entitled to the following rights in relation to the person responsible:
1. Right of information
You have the right to request information about your personal data that we process at any time in accordance with Art. 15 DSGVO.
2. Right of correction and supplementation
If your personal data is incorrect or incomplete, you have the right to correct and supplement it in accordance with Art. 16 DSGVO.
3. Right to restrict processing
If the legal requirements are met, you can demand a restriction of the processing of your personal data in accordance with Art. 18 DSGVO.
4. Right of deletion
Within the scope of Art. 17 DSGVO, you can request the deletion of your personal data at any time, unless we are legally obliged or entitled to further process your data.
5. Right to data transferability
If processing is carried out on the basis of your consent and with the aid of automated procedures, you have the right, within the scope of Art. 20 DSGVO, to transfer the data you have provided, provided that this does not affect the rights and freedoms of other persons.
6. Right of objection
You have the right to object to processing within the scope of Art. 21 DSGVO if the data processing is carried out for the purpose of direct advertising or profiling. You may object to processing based on a weighing of interests by stating reasons arising from your particular situation.
7. Right to revoke the declaration of consent under data protection law
You have the right to revoke your data protection declaration of consent at any time. Revocation of your consent does not affect the legality of the processing that has taken place on the basis of your consent until revocation.
8. Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you are resident, your place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you is in breach of the DPA.
The supervisory authority to which the complaint has been submitted will inform the complainant of the status and the results of the complaint, including the possibility of a judicial remedy under Art. 78 DSGVO.