Further information on our international locations:

Brazil
China
Great Britain
India
Italy
Japan
Malaysia
Mexico
Netherlands
Austria
Poland
Sweden
Switzerland
Spain
Czech Republic
Turkey
Hungary
USA

DATA PRIVACY FOR CLIENTS AND BUSINESS PARTNERS

Data privacy for clients and business partners

The protection of personal data of our contact persons at clients, sales partners, suppliers and partners (hereinafter referred to as "business partners") is an important concern of EDAG Engineering GmbH and its German subsidiaries (hereinafter referred to as "EDAG"). EDAG therefore processes personal data in accordance with the applicable legal provisions on the protection of personal data and data security. 

  • I. Name and address of the person responsible

      The controller within the meaning of the General Data Protection Regulation (hereinafter "GDPR") and other national data protection laws of the member states as well as other data protection regulations is  

      EDAG Engineering GmbH  
      Kreuzberger Ring 40  
      65205 Wiesbaden  
      Tel.: +49 611 7375-0  
      Fax: +49 611 7375-265  
      E-Mail: info[at]edag.com 

      Website: www.edag.com 

  • II. Name and address of the data protection officer
  • III. Description of data processing

      1. scope and purpose of data processing  
      In the context of cooperation with business partners, EDAG processes personal data for the following purposes:  
      On the basis of consents granted (Art. 6 para. 1 a GDPR): 

      • Carrying out customer surveys, marketing campaigns, market analyses, competitions, contests or similar activities and events;  

      For contract initiation, contract fulfilment and termination of contractual relationships (Art. 6 para. 1 b GDPR): 

      • General communication with business partners about products, services and projects, e.g. to process enquiries from business partners;  
      • Planning, execution and administration of the (contractual) business relationship between EDAG and the business partner, e.g. to process orders for products and services, to collect payments, for accounting, invoicing / billing and debt collection purposes and to carry out deliveries, maintenance activities or repairs;  

      Due to legal regulations (Art. 6 para. 1 c GDPR): 

      • Compliance with  
      • legal requirements (e.g. retention obligations under tax and commercial law),  
      • existing obligations to carry out compliance screenings (to prevent white-collar crime or money laundering) and  
      • EDAG guidelines and industry standards; and  
      • Settlement of legal disputes, enforcement of existing contracts and for the assertion, exercise and defence of legal claims;  

      On the basis of a legitimate interest (Art. 6 para. 1 f GDPR): 

      • Maintaining and protecting the security of our products and services and our websites, preventing and detecting security risks, fraudulent behaviour or other criminal or malicious acts. 

      EDAG may process the following categories of personal data for the aforementioned purposes:  

      • Contact information, such as first and last name, business address, business telephone number, business mobile phone number, business fax number and business email address;  
      • Payment data, such as information required to process payment transactions or prevent fraud, including credit card information and card verification numbers;  
      • Other information whose processing is necessary in the context of a project or the handling of a contractual relationship with EDAG or which is voluntarily provided by our contact persons, such as orders placed, enquiries made or project details;  
      • Information collected from publicly available sources, information databases or credit reference agencies; and  
      • Where required as part of compliance screenings: information on relevant legal proceedings and other legal disputes involving business partners.  

      If the aforementioned personal data is not provided or cannot be collected by EDAG, it may not be possible to fulfil the individual purposes described. 

      Selected data from our clients is transferred via an interface to our customer relationship management system (CRM) of the SAP Sales Cloud of SAP Deutschland SE & Co KG. The source of this data is, for example  

      • If you decide to use one of our services via HubSpot, e.g. e-mailings, blogs, whitepapers or contact forms  

      • If you decide to be included in our CRM system via your business card or a personal exchange during a trade fair or event, we will be happy to help you.  

      • You are already one of our existing customers with regular co-operation.  

      Further information on processing in our CRM system can be found at: www.edag.com/de/rechtliches/datenschutz 

      2. legal basis for the processing of personal data  
      The processing of personal data is necessary to fulfil the purposes stated in Section III.1, including the implementation of the (contractual) business relationship with the business partner. The legal basis for this is Art. 6 para. 1 sentence 1 lit. b) and lit. f) of the EU General Data Protection Regulation (hereinafter "GDPR") or, if consent has been expressly granted, Art. 6 para. 1 sentence 1 lit. a) GDPR.  

      3. data deletion and storage period  
      If no explicit storage period is specified at the time of collection (e.g. in the context of a declaration of consent), your personal data will be deleted if they are no longer required to fulfil the purpose of storage, unless their temporary further processing is necessary, in particular for the following purposes: 

      • Fulfilment of retention periods under commercial and tax law, e.g. in accordance with the German Commercial Code or Fiscal Code. The periods specified there are 2 to 10 years. 
      • Preservation of evidence within the framework of the statute of limitations (e.g. §§ 195ff. BGB). 

      4. recipients of the data  
      Within our company, those departments that require your data to fulfil our contractual and legal obligations or the above-mentioned purposes will have access to it. Service providers and vicarious agents employed by us may also receive data for this purpose. 

      EDAG may transfer personal data to courts, supervisory authorities or law firms if there is a legal obligation to do so in accordance with Art. 6 para. 1 sentence 1 lit. c) GDPR or if it is necessary for the assertion, exercise or defence of legal claims in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR and there is no reason to assume that our business partners have an overriding interest worthy of protection in not disclosing the data. 
       EDAG works together with service providers (so-called processors), such as service providers for IT maintenance services. These service providers only act on the instructions of EDAG and are contractually obliged to comply with the applicable data protection requirements. To this end, we conclude corresponding written order processing contracts with these service providers. 

      5 Data transfer to third countries  
      EDAG may transfer personal data to other EDAG Group companies for the above-mentioned purposes, but only if and insofar as this is necessary to fulfil the above-mentioned purposes.  

      If we transfer personal data to service providers or group companies outside the European Economic Area (EEA), the transfer will only take place if the third country has been confirmed by the EU Commission to have an adequate level of data protection or if other appropriate data protection guarantees (e.g. binding internal data protection regulations or EU standard contractual clauses) are in place. 

      6. revocability of granted declarations of consent  
      If our contact person has granted consent to process their personal data, the contact person has the right to revoke the granted consent at any time with effect for the future, i.e. the revocation does not affect the legality of the processing carried out before the revocation on the basis of the consent. After revocation, EDAG  
      may only continue to process the personal data to the extent that EDAG can base the processing on another legal basis.  

  • IV. Rights of the data subjects

      If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller: 

      1. right to information  
      You have the right to request information about your personal data that we process at any time within the scope of Art. 15 GDPR. 

      2. right to rectification and completion 
      If your personal data is incorrect or incomplete, you have the right to rectification and completion in accordance with Art. 16 GDPR. 

      3. right to restriction of processing  
      If the legal requirements are met, you can request a restriction of the processing of your personal data within the scope of Art. 18 GDPR.  

      4. right to erasure  
      You can request the erasure of your personal data at any time within the scope of Art. 17 GDPR, unless we are legally obliged or authorised to continue processing your data. 

      5. right to data portability 
      If processing is carried out on the basis of your consent and using automated procedures, you have the right to transfer the data provided by you within the scope of Art. 20 GDPR, provided that this does not adversely affect the rights and freedoms of other persons. 

      6 Right to object  
      You have the right to object to processing within the scope of Art. 21 GDPR if the data processing is carried out  
      for the purpose of direct marketing or profiling. You can object to processing on the basis of a balancing of interests by stating reasons that arise from your particular situation. 

      7. right to revoke the declaration of consent under data protection law  
      You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. 

      8. right to lodge a complaint with a supervisory authority  
      Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.  

      The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR. 

Status: Januar 2025