The protection of personal data of guests and visitors (hereinafter referred to as "Visitors") on our company and factory premises is of great importance to EDAG Engineering GmbH and its subsidiaries (hereinafter referred to as "EDAG"). Therefore, we hereby provide you with information on the extent to which EDAG processes personal data in accordance with applicable laws and regulations for the protection of personal data and data security.
The data controller within the meaning of the General Data Protection Regulation (hereinafter "GDPR") and other national data protection laws of the member states, as well as other data protection provisions, is:
EDAG Engineering GmbH
Kreuzberger Ring 40
65205 Wiesbaden
Tel: +49 611 7375-0
Fax: +49 611 7375-265
E-Mail: info(at)edag.com
The data protection officer of the data controller can be contacted at:
INTARGIA Managementberatung GmbH
Dreieich Plaza 2A
63303 Dreieich
Email: datenschutz(at)edag.com
1. Description and scope of data processing
Access to EDAG's company and factory premises is generally not freely accessible. Entry is only possible after registration, which requires the completion of a visitor questionnaire. As part of this process, personal data is collected directly from or by you.
This includes, among other things, the following information:
2. Legal basis for the processing of personal data
The legal basis for processing personal data from the visitor questionnaire is, on the one hand, the fulfillment and compliance with legal requirements pursuant to Article 6(1)(c) of the GDPR, and on the other hand, it is based on our legitimate interests pursuant to Article 6(1)(f) of the GDPR. In the context of the balancing of interests, our interest in ensuring general security on our company and factory premises and enforcing and monitoring our rights on the premises outweighs any conflicting interests of the visitors.
3. Purpose of data processing
The data processing serves the purpose of restrictive access control and thus the security of the employees working on the company and factory premises, but above all, it serves the compliance with and enforcement of our rights on the premises. This, in turn, serves, among other things, the confidentiality of EDAG's trade secrets, with which visitors may come into contact when entering the company and factory premises. Access should therefore only be granted to authorized persons. For this purpose, visitor registration and the collection of personal data in the visitor questionnaire are required. This also serves the documentation of visitor management, in particular to record and determine who is present or has been present in the business premises, as well as to comply with internal guidelines and requirements.
4. Data deletion and storage period
Unless an explicit storage period is specified during collection, your personal data collected will be deleted as soon as it is no longer necessary to fulfill the purpose of storage, unless their temporary further processing is necessary.
Your personal data from the visitor questionnaire will be retained for 3 years and then destroyed.
5. Recipients of the data
Within our company, only those departments or positions that require access to your data for the fulfillment of our contractual and legal obligations or for the purposes mentioned above will have access to it. Service providers and processors employed by us may also receive data for this purpose.
EDAG may disclose personal data to courts, law enforcement authorities, or law firms, for example, in the event of a breach of house rules, suspicion of a criminal offense, or when required by law. This is done only if there is a legal obligation under Article 6(1)(c) of the GDPR or if it is necessary under Article 6(1)(f) of the GDPR for the establishment, exercise, or defense of legal claims, and there is no reason to believe that our visitors have an overriding legitimate interest in not disclosing the data.
EDAG collaborates with service providers (so-called processors), such as IT maintenance service providers. These processors only act on the instructions of EDAG and are contractually obliged to comply with applicable data protection requirements. To this end, we conclude written data processing agreements with these service providers.
6. Data Transfer to Third Countries
EDAG may transfer personal data to other EDAG group companies for the purposes mentioned above, but only if and to the extent necessary to fulfill the aforementioned purposes.
If we transfer personal data to service providers or group companies outside the European Economic Area (EEA), the transfer will only take place if the third country has been confirmed by the European Commission to have an adequate level of data protection or if other appropriate data protection safeguards exist (such as binding corporate rules or EU standard contractual clauses).
If your personal data is processed by us, you are considered a data subject under the GDPR, and you have the following rights against the data controller:
1. Right to Information
You have the right to obtain information at any time under Article 15 of the GDPR about the personal data we process concerning you.
2. Right to Rectification and Completion
If your personal data is inaccurate or incomplete, you have the right to have it corrected and completed under Article 16 of the GDPR.
3. Right to Restriction of Processing
Under the conditions set out in Article 18 of the GDPR, you have the right to request the restriction of the processing of your personal data.
4. Right to Erasure
You can request the erasure of your personal data at any time under Article 17 of the GDPR, unless we are legally obliged or entitled to further process your data.
5. Right to Data Portability
If processing is based on your consent and carried out by automated means, you have the right to receive the personal data you have provided in a structured, commonly used, and machine-readable format, and to transmit this data to another controller, without hindrance, where technically feasible. This right applies unless it adversely affects the rights and freedoms of others, as specified in Article 20 of the GDPR.
6. Right to Object
You have the right to object to processing based on Article 21 of the GDPR, where the processing is carried out for direct marketing purposes or profiling. You can object to processing based on a legitimate interest, stating reasons arising from your particular situation.
7. Right to Withdraw Consent
You have the right to withdraw your consent to data processing at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
8. Right to Lodge a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or the place of the alleged infringement if you believe that the processing of your personal data violates the GDPR.
The supervisory authority to which the complaint has been submitted shall inform the complainant about the progress and outcome of the complaint, including the possibility of a judicial remedy under Article 78 of the GDPR.