Privacy policy B2B
Dear customer or interested party,
In accordance with the provisions of Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR), we hereby inform you of the processing of personal data collected about you and your rights in this regard under the statutory provisions. Which data are processed in detail and how they are used depends primarily on the requested or agreed services. In order to ensure that you are fully informed about the processing of your personal data in the context of the performance of a contract or the implementation of pre-contractual measures, please take note of the following information.
1. The Controller pursuant to data protection law
engineering people GmbH
Söflinger Str. 70
89077 Ulm
+49 (0) 731 20790-0
info@ep-group.de
www.ep-group.de
2. Contact details of our data protection officer
datenschutz@ep-group.de
3. Purposes and legal basis of data processing
We process your personal data in accordance with the provisions of the European Union General Data Protection Regulation (EU-GDPR) and the German Federal Data Protection Act (BDSG), insofar as this is necessary for the establishment, implementation and fulfilment of a contract as well as for the implementation of pre-contractual measures. Insofar as the provision of personal data is necessary for the initiation or implementation of a contractual relationship or in the context of the implementation of pre-contractual measures, processing is lawful pursuant to Art. 6 (1) b. GDPR. If you give us express consent to process personal data for specific purposes (e.g. forwarding to third parties, evaluation for marketing purposes or advertising), the lawfulness of this processing is given on the basis of your consent in accordance with Art. 6 (1) a. GDPR. Consent given can be revoked at any time, with effect for the future. If necessary and legally permissible, we process your data beyond the actual contractual purposes for the fulfilment of legal obligations pursuant to Art.6 (1) c. GDPR. In addition, processing may be carried out to protect the legitimate interests of us or third parties in accordance with Art. 6 (1) f. GDPR. If necessary, we will inform you separately, stating the legitimate interest, insofar as this is required by law.
4. Categories of personal data
We only process data which are related to the establishment of the contract or the pre-contractual measures. These may be general data about you or persons in your company (name, address, contact details etc.) as well as other data which you may provide to us in the course of establishing the contract.
5. Data sources
We process personal data which we receive from you in the course of contacting you or establishing a contractual relationship or in the course of pre-contractual measures which we receive from you or which you provide via our sources.
6. Recipients of the data
We only pass on your personal data within our company to those divisions and persons that require these data to fulfil our contractual and legal obligations or to implement our legitimate interests. We may transfer your personal data to our affiliates to the extent permitted by the purposes and legal bases set out in section 3 of this privacy notice. Your personal data is processed on our behalf on the basis of order processing contracts in accordance with Art. 28 GDPR. In these cases, we ensure that the processing of personal data is carried out in accordance with the provisions of the GDPR. The categories of recipients in this case are providers of internet services and providers of customer management systems and software. Otherwise, data will only be passed on to recipients outside the company if this is permitted or required by law, if the transfer is necessary for the processing and thus the fulfilment of the contract or, at your request, for the implementation of pre-contractual measures, if we have your consent or if we are authorised to provide information. Under these conditions, recipients of personal data may be, for example: public offices and institutions (e.g. public prosecutor's office, police, supervisory authorities, tax office) if there is a legal or official obligation, recipients to whom the disclosure is directly necessary for the justification or fulfilment of the contract.
7. Data transfer to third countries
Transfer to a third country is not intended.
8. Period of data storage
Insofar as necessary, we process and store your personal data for the duration of our business relationship or for the fulfilment of contractual purposes. This also includes, among other things, the initiation and execution of a contract. In addition, we are subject to various storage and documentation obligations resulting from the German Commercial Code (HGB) and the German Fiscal Code (AO), among others. The periods prescribed there for storage or documentation are two to ten years. Finally, the storage period also depends on the statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code (BGB), are usually three years, but in certain cases can be up to thirty years.
9. Your rights
Every data subject has the right to information under Article 15 of the GDPR, the right to rectification under Article 16 of the GDPR, the right to deletion under Article 17 of the GDPR, the right to restriction of processing under Article 18 of the GDPR, the right to notification under Article 19 of the GDPR and the right to data portability under Article 20 of the GDPR. Furthermore, you have the right to lodge a complaint with a data protection supervisory authority in accordance with Art.77 of the GDPR if you are of the opinion that the processing of your personal data is not lawful. The right of appeal is without prejudice to any other administrative or judicial remedy. If the processing of data is based on your consent, you are entitled to revoke your consent to the use of your personal data at any time in accordance with Art.7 GDPR. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected by this. Please also note that we may need to retain certain data for a certain period of time in order to comply with legal requirements (see section 8 of this data protection information).
Insofar as the processing of your personal data is carried out in accordance with Art. 6 (1) f. GDPR for the protection of legitimate interests, you have the right, in accordance with Art. 21 GDPR, to object to the processing of these data at any time for reasons arising from your particular situation. We will then no longer process these personal data unless we can demonstrate compelling legitimate grounds for the processing. These must override your interests, rights and freedoms, or the processing must serve the assertion, exercise or defence of legal claims. In individual cases, we process your personal data in order to carry out direct advertising. You have the right to object to processing for the purpose of such advertising at any time. This also applies to profiling insofar as it is connected with this direct advertising. If you object to processing for purposes of direct marketing, the personal data are no longer processed for these purposes. You are welcome to contact us to protect your rights.
10. Requirement to provide personal data
As a rule, the provision of personal data for the purpose of establishing, implementing or fulfilling a contract or for the performance of pre-contractual measures is not required by law or by the contract. You are therefore not obliged to provide information on personal data. Please note, however, that these are usually necessary for the decision on the conclusion of a contract, the fulfilment of the contract or for pre-contractual measures. If you do not provide us with personal data, we may not be able to make a decision within the framework of contractual measures. We recommend that you only ever provide personal data that is required for the conclusion of the contract, the fulfilment of the contract or pre-contractual measures.
11. Automated decision-making
For the establishment, fulfilment or implementation of the business relationship as well as for pre-contractual measures, we generally do not use fully automated decision-making pursuant to Art. 22 GDPR. If we use these procedures in individual cases, we will inform you separately here or obtain your consent if this is required by law.