Data privacy information for customers and suppliers

Date 05.12.2022

 

We process your data exclusively on the basis of the statutory provisions in accordance with the EU General Data Protection Regulation (GDPR) and the Federal Act on the Protection of Individuals with regard to the Processing of Personal Data (Data Protection Act of Austria – DSG).

This information is intended for our existing and former customers and suppliers, interested parties and potential future customers and suppliers, as well as their respective shareholders, executive bodies and other employees.

 

Responsible party

Grundner Sondermaschinen GmbH

Gewerbepark Nord 1, 4621 Sipbachzell

Phone.:    +43 (0)7240/21010

Mail:     office@grundner.co.at

 

Data privacy officer:

Mr. Alexander Bauer

Phone.:    +43 (0)7240/21010 – 31

Mail:     a.bauer@grundner.co.at

 

Data categories and processing purposes

Data processing is carried out for the following purposes:

  • for the conclusion and fulfillment of contracts

  • for the fulfillment of legal obligations

  • to establish, manage and process the business relationship

  • for the preparation of statistics and reports

  • to strengthen the existing customer and supplier relationship or to establish a new customer and supplier relationship or to approach interested parties, including information about our offer (marketing)

  • if separately agreed for the purpose of referring to the existing or previous business relationship with the customer (references)

This includes the following categories of data:

  • Master data of contact persons, such as salutation, name, address, title, gender, date of birth, job title, department, correspondence language, scope of power of representation

  • Contact details, such as telephone number, e-mail address
  • Data for the processing of payment transactions, such as bank details, VAT number, payment data, data on creditworthiness
  • Data for business processing, such as inquiry, order and customer service data, order history
  • Image and video data (e.g. recordings of systems and system parts including system installation, commissioning, service activities)

As part of the business relationship, you must provide the personal data that is required for the establishment and implementation of the business relationship and that we are legally obliged to collect. If you do not provide us with this data, we will generally have to refuse to conclude the contract or execute the order. However, you are not obliged to give your consent to data processing with regard to data that is not relevant for the fulfillment of the contract or is not required by law.

 

Legal bases

We process your personal data on one of the following legal bases:

If the processing of your personal data is necessary to fulfill the contract concluded between you and us. (Art. 6 Abs. 1 lit. b DSGVO).

If the processing of your personal data is necessary for us to comply with a legal obligation to which we are subject. E.g. anti-money laundering, customs and export laws, secure supply chain requirements, product traceability requirements, legal disclosure and reporting obligations or similar compliance requirements that may oblige us to process certain personal data. (Art. 6 Abs. 1 lit. c DSGVO).

If the processing is necessary for the legitimate interests pursued by us or a third party. These legitimate interests are:

  • Development, optimization and improvement of our products and services

  • Optimization of internal communication and administration

  • Ensuring IT support and the detection and correction of errors

  • Direct advertising regarding our products and services

  • Documentation purposes and quality management

  • archiving purposes

  • Statistical purposes (e.g. customer satisfaction)

  • in the context of legal prosecution

As we process the data in our legitimate interests, you generally have the right to object if you have reasons arising from your particular situation that speak against this processing.

If you have given us your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw your consent at any time. You can withdraw your consent to the entire processing or for individual sub-areas. The withdrawal of consent does not affect the lawfulness of processing based on your consent before its withdrawal.

 

Recipients/recipient categories:

The data relevant in each individual case is transmitted to the following parties:

  • Competent administrative authorities, in particular tax authorities (tax office)

  • Labor inspectorate, traffic labor inspectorate and agricultural and forestry inspectorate, in particular pursuant to Section 8 of the Labor Inspection Act

  • Suppliers and subcontractors

  • Contractual or business partners who participate or are to participate in the delivery or service

  • Banks for the processing of payment transactions

  • Tax consultants

  • Legal representatives

  • Payroll accounting (external)

  • Courts

  • The Austrian Federal Statistical Office in accordance with § 9 of the Federal Statistics Act

  • Insurance companies on the occasion of the conclusion of an insurance contract for the delivery/service or the occurrence of an insured event

  • IT service providers

 

Data processing outside the EU/EEA

In principle, your data will not be processed outside the EU/EEA. Nevertheless, your data may also be processed, at least in part, outside the EU/EEA (e.g. during business trips to other EU countries). The appropriate level of protection for transfer to a country outside the EU/EEA is usually determined by:

  • an adequacy decision by the European Commission pursuant to Art. 45 GDPR

  • standard data protection clauses pursuant to Art 46 (2) (c) and (d) GDPR

  • an approved certification mechanism pursuant to Art 46 (2) (f) in conjunction with Art 42 GDPR

  • Exemption for specific cases pursuant to Art 49 (1) GDPR

 

Storage periods

We process your personal data, if necessary, for the duration of the entire business relationship (from the initiation, processing to the termination of a contract) and beyond in accordance with the statutory retention and documentation obligations, taking into account the statutory limitation periods.

If no contractual relationship is established, your data will be automatically deleted 5 years after the last contact. Unless deletion is requested at an earlier point in time, provided that the storage period is not shorter due to statutory retention and limitation periods.

 

Rights of data subjects

You have the following rights with regard to the personal data concerning you:

  • Right to information,

  • Right to rectification or erasure,

  • Right to restriction of processing,

  • Right to object to processing,

  • right to data portability.

Furthermore, you also have the right to lodge a complaint with the competent supervisory authority (in Austria the data protection authority). The data protection authority can be contacted at the following address:

 

Austrian Data Privacy Authority (Österreichische Datenschutzbehörde)

Barichgasse 40-42

1030 Wien

Phone.:     +43 1 52 152-0

Mail:     dsb@dsb.gv.at