Privacy Statement for Business Partners

pic_GIS_header

Privacy Statement
for Business Partners

We, ILF Con­sul­ting Engi­neers Aus­tria GmbH (“ILF”), as the con­trol­ler are obli­ga­ted to com­ply with the app­li­ca­ble laws on data pro­tec­tion and data secu­ri­ty, in par­ti­cu­lar the pro­vi­si­ons of the Gene­ral Data Pro­tec­tion Regu­la­ti­on (Regu­la­ti­on (EU) 2016/679 – “GDPR”) in it’s

cur­r­ent­ly valid ver­si­on. We take this obli­ga­ti­on very serious­ly and expect the same from our busi­ness partners.

Purpose of Data Processing

We may pro­cess busi­ness part­ners’ per­so­nal data for the fol­lowing purposes:

  • Initia­ti­on, pro­ces­sing and manage­ment of con­trac­tu­al and pre-con­trac­tu­al busi­ness rela­ti­ons (e.g. for par­ti­ci­pa­ti­on in ten­de­ring pro­ce­du­res, per­forming of con­tracts and ren­de­ring of ser­vices, use of third-par­ty ser­vices, pro­ces­sing pay­ment tran­sac­tions and receiva­bles manage­ment, accounting)
  • Com­mu­ni­ca­ti­on with (future) busi­ness part­ners con­cer­ning other pro­ject-rela­ted requests
  • Com­pli­an­ce with legal obli­ga­ti­ons (e.g. com­pli­an­ce with sta­tu­to­ry requi­re­ments to keep records in accordance with the Aus­tri­an Com­mer­cial Code (UGB) and Federal Fis­cal Code (BAO)), estab­lish­ment, exer­cise, defen­se of legal claims
  • Effi­ci­ent inter­nal manage­ment of busi­ness part­ners (manage­ment of an effi­ci­ent cli­ent and sup­plier admi­nis­tra­ti­on sys­tem) wit­hin the ILF Group
pic_core_values_clients
pic_career

Categories of Processed Personal Data

For the afo­re­men­tio­ned pur­po­ses we may pro­cess the fol­lowing cate­go­ries of data:

  • Busi­ness con­ta­ct infor­ma­ti­on (name, func­tion, tit­le, con­ta­ct person’s loca­ti­on) of busi­ness part­ners inclu­ding com­pa­ny name, cor­po­ra­te struc­tu­re, pro­fes­sio­nal tele­pho­ne and fax num­ber, pro­fes­sio­nal email address, VAT num­ber of the company
  • Con­tract and pay­ment data (account hol­der, name of the bank, SWIFT code, IBAN) as well as all data requi­red for pro­ces­sing pay­ment transactions
  • Data for the inter­nal com­pli­an­ce manage­ment sys­tem (name, address, com­mer­cial regis­ter excerpt, tra­de regis­ter excerpt, date of birth, citi­zenship, bank details, copy of pro­of of iden­ti­ty, tax number)
  • Other per­so­nal data of (future) busi­ness part­ners, which requi­re pro­ces­sing for the initia­ti­on, deve­lo­p­ment and manage­ment of busi­ness rela­ti­ons, or which have been vol­un­ta­ri­ly sub­mit­ted, such as recent orders, deli­very moda­li­ties, pro­ject infor­ma­ti­on, cor­re­spon­dence and fur­ther data rela­ting to the cooperation
  • In addi­ti­on to the data men­tio­ned abo­ve, which are per­so­nal­ly obtai­ned from the data sub­ject befo­re being pro­ces­sed, the fol­lowing other cate­go­ries of per­so­nal data, obtai­ned from publicly acces­si­ble data­ba­ses, can also be pro­ces­sed: Com­mer­cial regis­ter data, tra­de regis­ter data, land regis­ter data, regis­try data (resi­den­cy), insol­ven­cy data, cri­mi­nal record data, credit­wort­hi­ness data

Legal Basis for Data Processing

The legal basis for pro­ces­sing data for the pur­po­ses men­tio­ned abo­ve is as follows:

  • Accord­ing to Art. 6 (1) (b) GDPR, pro­ces­sing is necessa­ry for the per­for­mance of a con­tract to which the data sub­ject (or the com­pa­ny for which the data sub­ject is working) is par­ty or in order to take steps at the request of the data sub­ject (or the com­pa­ny for which the data sub­ject is working) pri­or to ent­e­ring into a contract
  • Accord­ing to Art. 6 (1) © GDPR, pro­ces­sing is necessa­ry for com­pli­an­ce with a legal obli­ga­ti­on to which the con­trol­ler is sub­ject (in par­ti­cu­lar sta­tu­to­ry requi­re­ments to keep records in accordance with the Aus­tri­an Cor­po­ra­te Code (UGB) and Federal Fis­cal Code (BAO))
  • Accord­ing to Art. 6 (1) (f) GDPR, pro­ces­sing is necessa­ry for the pur­po­ses of the legi­ti­ma­te inte­rests pur­sued by ILF or third parties

Inso­far as the legi­ti­ma­te inte­rests pur­sued by ILF are part of the legal basis for the pro­ces­sing of data, it is wit­hin ILF’s inte­rest, or in the inte­rest of affi­lia­ted com­pa­nies of the ILF Group and any other reci­pi­ents of trans­fer­red per­so­nal data, to be able to ope­ra­te an effi­ci­ent cli­ent and sup­plier manage­ment system.

If the afo­re­men­tio­ned per­so­nal data are not pro­vi­ded or are insuf­fi­ci­ent­ly pro­vi­ded this can have dif­fe­rent con­se­quen­ces e.g. that the ser­vices can­not be pro­per­ly ren­de­red, a con­tract can­not be con­clu­ded, the con­trol­ler can­not ful­fil his con­trac­tu­al obli­ga­ti­ons or pre­pa­re an offer. If the pro­ces­sing of data is based on con­sent from a data sub­ject, this con­sent can also be the legal basis for data pro­ces­sing (Art. 6 (1) (a) GDPR).

Transfer and Disclosure of Personal Data

Per­so­nal data will only be trans­fer­red to other con­trol­lers, if the pro­ces­sing of this data is necessa­ry for con­trac­tu­al per­for­mance or pro­ject imple­men­ta­ti­on, or if ILF has a legi­ti­ma­te inte­rest in the trans­fer of the data or the data sub­ject has given their consent.Categories of data reci­pi­ents accord­ing to Art. 13 (1) (e) GDPR may include:

  • Affi­lia­ted com­pa­nies of the ILF Group
  • Data processor(s)
  • Public aut­ho­ri­ties
  • Banks
  • Lawy­ers and tax con­sul­tants as well as experts for the estab­lish­ment, exer­cise or defen­se of legal claims
  • Audi­t­ing com­pa­nies for com­pli­an­ce with accoun­ting obligations

In accordance with the sta­tu­to­ry pro­vi­si­ons, if reci­pi­ents of per­so­nal data are loca­ted in coun­tries out­side of the Euro­pean Uni­on “EU” (in which app­li­ca­ble laws do not offer the same level of pro­tec­tion as the laws of the respec­ti­ve data subject’s home coun­try), per­so­nal data will only be trans­fer­red if the Euro­pean Com­mis­si­on deci­des that the third coun­try has an ade­qua­te level of pro­tec­tion (Art. 45 (3) GDPR), if appro­pria­te safe­guards have been agreed with the reci­pi­ent (Art. 46 GDPR), if bin­ding cor­po­ra­te rules are imple­men­ted (Art. 47 GDPR) or if the­re is a dero­ga­ti­on for spe­ci­fic situa­tions in accordance with Art. 49 GDPR.

Fur­ther infor­ma­ti­on and (whe­re app­li­ca­ble) a copy of the imple­men­ted mea­su­res can be obtai­ned from the con­ta­ct per­son lis­ted under point 7.

Rights of the Data Subject

Accord­ing to the GDPR, data sub­jects have the fol­lowing rights (with the excep­ti­on of tho­se lis­ted in the respec­ti­ve regu­la­ti­ons): right to infor­ma­ti­on (Art. 15 GDPR), right to rec­ti­fi­ca­ti­on (Art. 16 GDPR), right to era­su­re (Art. 17 GDPR), right to restric­tion of pro­ces­sing (Art. 18 GDPR), right to data por­ta­bi­li­ty (Art. 20 GDPR), right to object to the pro­ces­sing of per­so­nal data (Art. 21 GDPR), and right to lodge a com­p­laint with a super­vi­so­ry aut­ho­ri­ty (Art. 77 GDPR).

If the pro­ces­sing of per­so­nal data is based on con­sent from the data sub­ject, such con­sent can be with­drawn at any time without the need to give a rea­son. The with­dra­wal of con­sent shall not affect the law­ful­ness of pro­ces­sing based on con­sent befo­re its withdrawal.

Retention Period

We only store per­so­nal data as long as it is necessa­ry to ful­fill the pur­po­ses for which they were collec­ted. Per­so­nal data will the­re­fo­re be era­sed if the reten­ti­on of the per­so­nal data is no lon­ger necessa­ry to ful­fill the pur­po­ses for which they were collec­ted, and if no sta­tu­to­ry reten­ti­on obli­ga­ti­ons or the estab­lish­ment, exer­cise or defen­se of legal claims exclu­des the era­su­re of per­so­nal data.

In this con­text, the sta­tu­to­ry reten­ti­on obli­ga­ti­on of 7 years in accordance with § 132 para. 1 of the Federal Fis­cal Code (BAO) and § 212 of the Aus­tri­an Cor­po­ra­te Code (UGB), as well as the abso­lu­te peri­od of limi­ta­ti­on of a maxi­mum 40 years (§§ 1478 and 1485 para. 1 of the Aus­tri­an Civil Code (ABGB)) for the asser­ti­on of claims for dama­ges have to be obser­ved by ILF.

Contact

If you have any ques­ti­ons or con­cerns regar­ding the pro­ces­sing of per­so­nal data or the asser­ti­on of the lis­ted rights, plea­se con­ta­ct us using the fol­lowing details:

ILF Con­sul­ting Engi­neers Aus­tria GmbH
Feld­kreuz­stra­ße 3
A‑6063 Rum bei Inns­bruck / Aus­tria
Com­pa­ny Regis­ter Num­ber: FN 106300z
Tel. +43/512/2412–0
E‑Mail: privacy.aut@ilf.com

Automated Decision Making

As a respon­si­ble com­pa­ny we refrain from auto­ma­ted decisi­on making or profiling.

Hello UptimeRobot