The protection of personal data is of great importance to EDAG Engineering GmbH and its subsidiaries (hereinafter referred to as "EDAG"). Therefore, we would like to inform you below about the extent to which EDAG processes personal data in accordance with applicable data protection laws and regulations for the protection of personal data and data security.
The data controller within the meaning of the General Data Protection Regulation (hereinafter referred to as "GDPR") and other national data protection laws of the Member States, as well as other data protection regulations, is:
EDAG Engineering GmbH
Kreuzberger Ring 40
65205 Wiesbaden
Tel: +49 611 7375-0
Fax: +49 611 7375-265
E-Mail: info(at)edag.com
The data protection officer of the data controller can be contacted at:
INTARGIA Management consulting GmbH
Dreieich Plaza 2a
63303 Dreieich
E-Mail: datenschutz[at]edag.com
1. Description and Scope of Data Processing
a) The premises and facilities of EDAG are generally not freely accessible. Access controls, including intercom systems, are in place that enable the transmission of real-time images upon ringing the doorbell. The corresponding areas are marked with the sign "Caution Video Surveillance" and a camera symbol.
b) In certain customer projects, video surveillance of the door to the assigned project rooms is a requirement for the information security in the customer project. Unnecessary image sections are blackened and are not subject to recording (see Clause No. 75 in the workplace agreement). These areas are also marked with a notification sign.
2. Legal Basis for the Processing of Personal Data
a) The legal basis for processing personal data when using the above-mentioned intercom systems with image transmission is EDAG's overriding legitimate interest (Art. 6(1)(f) GDPR) in ensuring general security on the company premises, safeguarding property rights, protecting assets, and pursuing criminal offenses, administrative offenses, vandalism, and other disturbances.
b) The legal basis for processing personal data in internal projects involving video recordings is EDAG's legitimate interest (Art. 6(1)(f) GDPR) in fulfilling customer requirements regarding information security and protecting customer property.
3. Purpose of Data Processing
a) The data processing carried out through the intercom systems aims at strict access control, ensuring the safety of employees working on the company premises, and upholding and safeguarding property rights. Additionally, it serves to address unauthorized access. This, in turn, contributes to maintaining the confidentiality of EDAG's trade secrets, which external individuals may come into contact with when accessing the company premises. Therefore, access should only be granted to authorized individuals.
b) The purpose of using the system is to fulfill customer requirements regarding information security and protect customer property.
4. Data Deletion and Storage Period
a) The collection of video data through the intercom system solely involves the transmission of live images after the doorbell is rung. No further storage takes place.
b) The retention period for customer-specific video surveillance requirements is contractually determined by the customer and is set at 7 days. After the expiration of the 7-day period, the recorded data is automatically deleted.
5. Recipients of the Data
Within our company, only those departments or individuals who require access to your data to fulfill our contractual and legal obligations or the purposes mentioned above will have access to it. Our appointed service providers and processors may also receive data for this purpose.
EDAG may disclose personal data to courts, law enforcement agencies, or law firms, for example, in the event of a violation of house rules, suspicion of a criminal offense, or if required by law, provided that there is a legal obligation under Art. 6(1)(c) GDPR, or it is necessary for the establishment, exercise, or defense of legal claims under Art. 6(1)(f) GDPR.
EDAG collaborates with service providers (so-called data processors), such as IT maintenance service providers. These service providers act only on EDAG's instructions and are contractually obliged to comply with applicable data protection requirements. We enter into written data processing agreements with these service providers.
6. Data Transfer to Third Countries
EDAG may transfer personal data to other EDAG group companies for the purposes mentioned above, but only if and to the extent necessary to fulfill the aforementioned purposes.
If we transfer personal data to service providers, customers, or group companies outside the European Economic Area (EEA), the transfer will only take place if the non-EEA country has been confirmed to have an adequate level of data protection by the European Commission or if other appropriate data protection safeguards exist (such as binding corporate rules or EU standard contractual clauses)
If your personal data is processed by us, you are considered a data subject under the GDPR, and you have the following rights against the controller:
1. Right to Information:
You have the right to obtain information at any time under Art. 15 GDPR about your personal data that we process.
2. Right to Rectification and Completion:
If your personal data is inaccurate or incomplete, you have the right under Art. 16 GDPR to have it rectified or completed.
3. Right to Restriction of Processing:
Under the conditions specified in Art. 18 GDPR, you have the right to request the restriction of processing of your personal data.
4. Right to Erasure:
You can request the erasure of your personal data at any time under Art. 17 GDPR, provided we are not legally obligated or authorized to further process your data.
5. Right to Data Portability:
If the processing is based on your consent and carried out by automated means, you have the right under Art. 20 GDPR to receive the personal data you have provided in a structured, commonly used, and machine-readable format, and to transmit those data to another controller, where technically feasible, without hindrance from us.
6. Right to Object:
You have the right to object, on grounds relating to your particular situation, at any time under Art. 21 GDPR, to the processing of your personal data for direct marketing purposes or for profiling purposes. You can provide reasons based on your specific situation for objecting to processing that is based on a legitimate interest.
7. Right to Withdraw Consent:
You have the right to withdraw your consent to data processing at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
8. Right to Lodge a Complaint with a Supervisory Authority:
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you believe that the processing of your personal data violates the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant about the progress and the outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR. The competent supervisory authority for these matters is located in Hesse.