Information according to article 13 of General Data Protection Regulation (valid as of 25 May 2018)
It is very important to us that your personal data is thoroughly protected. Therefore, we process your personal data (briefly “data”) solely on the basis of legal provisions. With the aid of this data privacy statement, we would like to comprehensively inform you about processing your data in our company and about the data protection claims and rights you are entitled to as per article 13 of the European General Data Protection Regulation (GDPR).
- Responsible body
eos projekt GmbH
Am Fischereihafen 2
26506 Norden (Germany)
Tel.: + 49–511–8988160
Represented by: Managing Director: Dipl. Ing. Henning Mueller (graduate in civil engineering)
Data Protection Commissioner
Prof. Ulf Glende
- Which data will be processed and what sources does this data come from?
We process data which we have received from you in the framework of contract initiation and contract handling on the basis of consents or as part of your application you submitted to us or in the framework of your employment in our company.
Your master data/contact details, this includes, for example, a customer’s first name and family name, address, contact details (e-mail address, telephone number, fax number), bank data, image recordings.
For applicants and employees, this includes, for example, first name and family name, address, contact details (e-mail address, telephone number, fax number), date of birth, CV data and job references, bank data, religious affiliation, image recordings.
For business partners, this includes, for example, name of their representatives for legal relations, company, commercial register number, value added tax identification no., company number, address, contact partner details (e-mail address, telephone number, fax number), bank data.
In addition, we also process other personal data as listed in the following:
- Information about type and content of contract data, order data, sales and receipt data, customer and supplier history as well as consulting documents,
- Advertising and sales data,
- Information stemming from electronic correspondences between you and us (e.g. IP address, log-in data),
- Any other data which we have received from you in the framework of our business relationship (e.g. in customer dialogue),
- Data which we generate ourselves from master data/contact details as well as other data, e.g. with the aid of customer demand and customer potential analysis,
- Documenting your declaration of approval regarding the receipt of, for example, newsletters. Photographs in the context of events.
- For what purposes and on what legal basis will the data be processed?
To fulfil (pre-) contractual obligations (article 6, paragraph 1 lit. b GDPR):
Your data is processed online for contract handling or in one of our branch offices. For contract handling of your employment this will be done in our company. Data is processed together with you particularly when a business is initiated and when contracts are implemented.
To fulfil legal obligations (article 6, paragraph 1 lit. c GDPR):
Processing of your data is required for the purpose of fulfilling various legal obligations, e.g. obligations stemming from Commercial Code or from General Tax Code.
To protect legitimate interests (article 6, paragraph 1 lit. f GDPR):
Owing to a balance of interests, we or third parties may process data beyond an actual fulfilment of the contract in order to protect legitimate interests. For instance, data processing for the sake of protecting legitimate interests may be done in the following cases:
- Advertising or marketing (see no. 4),
- Measures for business management and further development of services and products;
- Keeping a corporation-wide customer database to improve customer service
- As part of legal action.
In the context of your consent (article 6, paragraph 1 lit. a GDPR):
If you have granted us your consent to process your data.
At any time in the future, you may revoke the consent you have once granted. An adequate statement is possible in an informal manner in this respect.
- Processing personal data for the purpose of advertising
At any time, you may object completely or for individual measures to using your personal data for advertising purposes. You may do so without having to bear costs other than those incurring for transmission as per basic rates.
According to legal requirements of § 7, section 3 of UWG (Law against Unfair Competition), we are entitled to use the e-mail address you provided with contract conclusion for direct advertising for our own similar goods or services. You will receive the respective product recommendations regardless of whether you have subscribed to a newsletter.
If you do not wish to receive such recommendations via e-mail from us, you may object to using your address for this purpose at any time without having to bear costs other than those incurring for transmission as per basic rates. For this objection, it is sufficient to notify us in form of a brief written text. Of course, every e-mail always contains a link to unsubscribe.
- Who will receive my data?
Data will only be used within our enterprise and thus will be passed on to the particular departments. In principle, your personal data will not be transferred to third parties in terms of data protection laws.
Exceptions to this rule only apply insofar as this would be necessary to carry out contractual relationships with you. In particular, this includes the transfer to service providers (so-called processors) or other third parties commissioned by us whose activities are necessary for contract management (e.g. courier companies or banks). Third parties may use the transferred data exclusively for aforementioned purposes. The processors are bound to us in accordance with article 28 of GDPR and are subject to our authority to give directives. Authorities and courts as well as external auditors may be the recipients of your data if there is a legal obligation as well as in the framework of some legal action. Furthermore, insurance companies, banks, enquiry agencies and service providers may be recipients of your data for the purpose of contract initiation and contract fulfilment.
- Will personal data be transmitted to any third country?
In principle, we do not transmit any data to a third country. In individual cases, a transmission will only be carried out on the basis of an adequacy decision of the European Commission, standard contractual clauses, appropriate guarantees or your express consent.
- How long will my data be stored?
We will process your data until the end of the business relationship or until statutory retention periods expire (for example, from Commercial Code, General Tax Code, home work act or working hours act). Moreover, we will process your data until the end of any possible civil disputes for which the data is needed as evidence.
If no hire has occurred, the end of the given period is regularly reached six months after completion of the application procedure at the latest. If no hire has occurred, however, your application is still of interest for us, we would ask you if we are allowed to retain your application for future staffing.
- Which data protection rights do I have?
At any time, you have the right to information, amendment, deletion or restriction of processing your stored data. You also have a right of objection against processing as well as a right to data portability and to appeal as per prerequisites of the data protection right.
Right to information (article 15 GDPR):
You may request information of us as to whether and to what extent we process your data.
Right to amendment (article 16 GDPR):
If we process data of you which is incomplete or incorrect, you may at any time demand from us to correct and complete the data accordingly.
Right to deletion (article 17, paragraph 1 GDPR):
You may request of us to delete your data if we process it unlawfully or if processing interferes disproportionately with your legitimate interests in terms of protection. Please note that there might be reasons that are opposed to deleting data immediately, e.g. in case of legally regulated storage obligations.
Irrespective of asserting your right to have data deleted, we will immediately and completely delete your data unless there is a conflicting contractual or legal storage obligation in this respect.
Right to restriction of processing (article 18 GDPR):
You may demand from us to restrict processing of your data, if
- You deny the data’s accuracy for a period that allows us to verify accuracy of the data.
- Data processing is unlawful, however, you reject to have it deleted and instead you demand a restriction of data usage,
- We no longer need the data for the intended purpose, however, you still require this data in order to assert or defend legal claims, or
- You have objected to processing of data.
Right to data portability (article 20 GDPR):
You may demand from us to provide you with the data, which you have before made available to us, in a structured, common and machine-readable format and that you may transfer this data to another person responsible without being hindered by us, if
- We process this data on the basis of a consent which you have granted and which is revocable or in order to fulfil a contract between the two parties of us, and
- This processing is carried out with the aid of automated procedures.
You may demand from us to directly transfer your data to another person responsible if this is technically feasible.
Right of objection (article 21 GDPR):
If we process your data for the sake of a legitimate interest, you may object to this data processing at any time. This would also apply to a profiling that is based on the respective provisions. We will then no longer process your data unless we can prove compelling legitimate reasons for processing which overbalance your interests, rights and your freedom or unless processing conduces to enforcing, pursuing or defending legal claims. You may object to processing your data for the purpose of direct mail at any time without having to state any reason. If you exercise the rights mentioned above, we will verify whether legal prerequisites are met in this respect.
Right of appeal:
If you are of the opinion that we violate German or European data protection laws when processing your data, we would like to ask you to contact us in order to clarify any issues. Naturally you have the right to turn to the respective supervisory authority, the particular state office for data protection control (German Landesamt fuer Datenschutzaufsicht).
Die Landesbeauftragte fuer den Datenschutz Niedersachsen (regional representative for data protection in Lower Saxony, Germany)
30159 Hannover (Germany)
Telephone: 0511-120 4500
Fax: 0511-120 4599
If you wish to assert one of the afore-mentioned rights against us, please contact our data protection commissioner. If there is any doubt, we may request additional information to confirm your identity.
- Am I obligated to provide data?
Processing your data is required to conclude or fulfil your contract which you have signed with us. If you do not provide us with the respective data, we will generally have to refuse to conclude a contract or we will be unable to execute an existing contract any longer and consequently we will have to terminate it. However, you are not obliged to agree to data processing regarding data that is not relevant or legally not required for fulfilment of a contract.
- Automated decision-making or profiling
We will not use automated decision-making including profiling.