Privacy Statement for Business Partners

header_contact

Privacy Statement
for Business Partners

We, ILF Consulting Engineers Austria GmbH (“ILF”), as the controller are obligated to comply with the applicable laws on data protection and data security, in particular the provisions of the General Data Protection Regulation (Regulation (EU) 2016/679 – “GDPR”) in it’s

currently valid version. We take this obligation very seriously and expect the same from our business partners.

Purpose of Data Processing

We may process business partners’ personal data for the following purposes:

  • Initiation, processing and management of contractual and pre-contractual business relations (e.g. for participation in tendering procedures, performing of contracts and rendering of services, use of third-party services, processing payment transactions and receivables management, accounting)
  • Communication with (future) business partners concerning other project-related requests
  • Compliance with legal obligations (e.g. compliance with statutory requirements to keep records in accordance with the Austrian Commercial Code (UGB) and Federal Fiscal Code (BAO)), establishment, exercise, defense of legal claims
  • Efficient internal management of business partners (management of an efficient client and supplier administration system) within the ILF Group
pic_core_values_clients
pic_career

Categories of Processed Personal Data

For the aforementioned purposes we may process the following categories of data:

  • Business contact information (name, function, title, contact person’s location) of business partners including company name, corporate structure, professional telephone and fax number, professional email address, VAT number of the company
  • Contract and payment data (account holder, name of the bank, SWIFT code, IBAN) as well as all data required for processing payment transactions
  • Data for the internal compliance management system (name, address, commercial register excerpt, trade register excerpt, date of birth, citizenship, bank details, copy of proof of identity, tax number)
  • Other personal data of (future) business partners, which require processing for the initiation, development and management of business relations, or which have been voluntarily submitted, such as recent orders, delivery modalities, project information, correspondence and further data relating to the cooperation
  • In addition to the data mentioned above, which are personally obtained from the data subject before being processed, the following other categories of personal data, obtained from publicly accessible databases, can also be processed: Commercial register data, trade register data, land register data, registry data (residency), insolvency data, criminal record data, creditworthiness data

Legal Basis for Data Processing

The legal basis for processing data for the purposes mentioned above is as follows:

  • According to Art. 6 (1) (b) GDPR, processing is necessary for the performance of a contract to which the data subject (or the company for which the data subject is working) is party or in order to take steps at the request of the data subject (or the company for which the data subject is working) prior to entering into a contract
  • According to Art. 6 (1) (c) GDPR, processing is necessary for compliance with a legal obligation to which the controller is subject (in particular statutory requirements to keep records in accordance with the Austrian Corporate Code (UGB) and Federal Fiscal Code (BAO))
  • According to Art. 6 (1) (f) GDPR, processing is necessary for the purposes of the legitimate interests pursued by ILF or third parties

Insofar as the legitimate interests pursued by ILF are part of the legal basis for the processing of data, it is within ILF’s interest, or in the interest of affiliated companies of the ILF Group and any other recipients of transferred personal data, to be able to operate an efficient client and supplier management system.

If the aforementioned personal data are not provided or are insufficiently provided this can have different consequences e.g. that the services cannot be properly rendered, a contract cannot be concluded, the controller cannot fulfil his contractual obligations or prepare an offer. If the processing of data is based on consent from a data subject, this consent can also be the legal basis for data processing (Art. 6 (1) (a) GDPR).

Transfer and Disclosure of Personal Data

Personal data will only be transferred to other controllers, if the processing of this data is necessary for contractual performance or project implementation, or if ILF has a legitimate interest in the transfer of the data or the data subject has given their consent.Categories of data recipients according to Art. 13 (1) (e) GDPR may include:

  • Affiliated companies of the ILF Group
  • Data processor(s)
  • Public authorities
  • Banks
  • Lawyers and tax consultants as well as experts for the establishment, exercise or defense of legal claims
  • Auditing companies for compliance with accounting obligations

In accordance with the statutory provisions, if recipients of personal data are located in countries outside of the European Union “EU” (in which applicable laws do not offer the same level of protection as the laws of the respective data subject’s home country), personal data will only be transferred if the European Commission decides that the third country has an adequate level of protection (Art. 45 (3) GDPR), if appropriate safeguards have been agreed with the recipient (Art. 46 GDPR), if binding corporate rules are implemented (Art. 47 GDPR) or if there is a derogation for specific situations in accordance with Art. 49 GDPR.

Further information and (where applicable) a copy of the implemented measures can be obtained from the contact person listed under point 7.

Rights of the Data Subject

According to the GDPR, data subjects have the following rights (with the exception of those listed in the respective regulations): right to information (Art. 15 GDPR), right to rectification (Art. 16 GDPR), right to erasure (Art. 17 GDPR), right to restriction of processing (Art. 18 GDPR), right to data portability (Art. 20 GDPR), right to object to the processing of personal data (Art. 21 GDPR), and right to lodge a complaint with a supervisory authority (Art. 77 GDPR).

If the processing of personal data is based on consent from the data subject, such consent can be withdrawn at any time without the need to give a reason. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Retention Period

We only store personal data as long as it is necessary to fulfill the purposes for which they were collected. Personal data will therefore be erased if the retention of the personal data is no longer necessary to fulfill the purposes for which they were collected, and if no statutory retention obligations or the establishment, exercise or defense of legal claims excludes the erasure of personal data.

In this context, the statutory retention obligation of 7 years in accordance with § 132 para. 1 of the Federal Fiscal Code (BAO) and § 212 of the Austrian Corporate Code (UGB), as well as the absolute period of limitation of a maximum 40 years (§§ 1478 and 1485 para. 1 of the Austrian Civil Code (ABGB)) for the assertion of claims for damages have to be observed by ILF.

Contact

If you have any questions or concerns regarding the processing of personal data or the assertion of the listed rights, please contact us using the following details:

ILF Consulting Engineers Austria GmbH
Feldkreuzstraße 3
A-6063 Rum bei Innsbruck / Austria
Company Register Number: FN 106300z
Tel. +43/512/2412-0
E-Mail: privacy.aut@ilf.com

Automated Decision Making

As a responsible company we refrain from automated decision making or profiling.

Hello UptimeRobot