|
|
PRIVACY STATEMENT
This statement regarding data privacy is addressed to users of this web site and other technical methods for contacting Pichler Engineering GmbH (PE). In accordance with the General Data Protection Regulation 2016/679 (GDPR) of the EU and the German Bundesdatenschutzgesetz you will be informed here about the scope, type and purpose of collection and processing of personal and sensitive data by PE.
Protection of personal or sensitive data is a high priority issue in our company, such data are treated strictly confidential and in accordance with applicable legal regulations.
1 Controller
Controller in the sense of the GDPR is:
Pichler Engineering GmbH
Oberfoehringerstraße 1-3
81925 Munich
Germany
Phone: +49 89 9200 7200
Fax: +49 89 9200 7299
Email:
This email address is being protected from spambots. You need JavaScript enabled to view it.
Please address your concerns regarding data protection to:
Pichler Engineering GmbH
Managing Director
Oberfoehringerstraße 1-3
81925 Munich
Germany
Email:
This email address is being protected from spambots. You need JavaScript enabled to view it.
2 Type and Scope of Data
PE processes personal data in the sense of GDPR, Art. 1 and sensitive data of Critical National Infrastructures which
a) are provided by clients for the fulfillment of contractual obligations and corresponding legal transactions;
b) are provided by applicants to jobs offered by PE, above all contact data, cover letter, CV, certificates, and references;
c) are provided by suppliers and service providers in the course of business generation and processing;
d) are accessible from sources open to the public like announcements made by the government, press, or internet;
e) arise during the use of our IT infrastructure like: IP-address, domain-name, operating system and browser in use, date/time of access, volume of data sent to the user, http-address from which our web site has been reached, http-command to open a web page.
3 Purpose of Data Storage and Processing
The data described under item 2, para a) are solely used for the fulfillment of contractual obligations towards the client who provided the data and for improvement of our products.
The data described under item 2, para b) are solely used for filling a job within PE.
The data described under item 2, para c) are solely used for evaluation and selection of suppliers and service providers, in case of a contractual relationship we use these data within the contractual and legal limits for our business.
The data described under item 2, para d) are used to process the orders we receive from our clients, above all for procurement of goods and services as well as performance assessment and credit assessment.
The data described under item 2, para e) are used for detection of and defense against cyber attacks directed towards our IT infrastructure and for improvement of our web site. These data are processed automatically for indications of illegal actions. Further processing is initiated in case of evidence of such an attack or illegal use or access. We do not merge these data with other data sources.
For business relationships characterized by trust and transparency we do not any profiling of the data.
4 Access to the Data
Within PE all data described under item 2 are accessible solely to employees who require these data for the fulfillment of their obligations described under item 3 and are bound to confidentiality. We forward these data to third party only to the extend necessary and only
a) When PE is obliged legally to do so
b) The person concerned has explicitly agreed to disclose these data to a third party
c) In case a Processor as defined by GDPR Art. 1 has been ordered by us to process these data and guarantees to meet the requirements of the GDPR and the German “Bundesdatenschutzgesetz”.
Personal as well as sensitive data are stored on devices which are located within the borders of the EU only, data storage and processing is protected against unauthorized access according to the standard of technology adequate to the risk involved.
5 Period of Data Storage
All data described under item 2, para a), para c) or para d) are stored as long as this is necessary for the fulfillment of our obligations towards our contractual partners or the government. This includes deadlines given by commercial and tax law from 2 to 10 years. Data required to protect and exercise our legal rights or of a third party acting for us or must be stored in accordance with the rules of professional conduct will be stored for 30 years.
Once these deadlines are expired the data are erased.
Data described under item 2, para b) are stored for 3 months after the application process has been closed, except the applicant has given his consent to store his data for a longer period. In case an employment contract is established, the applicable data are stored as required by legislation.
Data described under item 2, para e) are stored for 6 months.
6 Rights of the Data Subject
The Data Subject has the rights regarding his/her data stored by the Controller as listed below:
a) Obtain information about and the purpose these data are used for (GDPR Art.15)
b) Rectification (GDPR Art. 16)
c) Erasure (GDPR Art. 17)
d) Restriction of the processing (GDPR Art. 18)
e) Receive notification regarding rectification or erase or restriction of processing (GDPR Art. 19)
f) Portability (GDPR Art. 20)
g) Objection (GDPR Art. 21)
Any such claim shall be enforced by notification to the Controller as per item 1. In addition, the Data Subject may raise a complain about the Controller with the supervisory authority in charge for data privacy.
In case the Data Subject makes use of the data protection rights, the Controller as per item 1 will follow immediately, unless the Controller is able to prove interests to be valued higher or further processing or storage of the data is required to exercise or defend legal claims.
As far as the Controller as per item 1 suffers disadvantages in the fulfillment of its contractual duties due to the exercise of data protection rights under item 6 by the Data Subject, the exerciser must ensure adequate compensation.
From the data protection rights declared in this document, the Data Subject may not derive any claim to receive results of the work of the Controller for free.
|
|
