Back to ILF- X

Privacy Statement for Business Partners

pic_GIS_header
  1. Home
  2. Privacy Statement for Business Partners

Privacy Statement
for Business Partners

We, ILF Consulting Engineers Austria GmbH (“ILF”), as the controller are obligated to comply with the appli­cable laws on data protection and data security, in parti­cular the provi­sions of the General Data Protection Regulation (Regulation (EU) 2016/679 – “GDPR”) in it’s

currently valid version. We take this obligation very seriously and expect the same from our business partners.

Purpose of Data Processing

We may process business partners’ personal data for the following purposes:

  • Initiation, processing and management of contractual and pre-contractual business relations (e.g. for parti­ci­pation in tendering proce­dures, performing of contracts and rendering of services, use of third-party services, processing payment transac­tions and receivables management, accounting)
  • Commu­ni­cation with (future) business partners concerning other project-related requests
  • Compliance with legal obliga­tions (e.g. compliance with statutory requi­re­ments to keep records in accordance with the Austrian Commercial Code (UGB) and Federal Fiscal Code (BAO)), estab­lishment, exercise, defense of legal claims
  • Efficient internal management of business partners (management of an efficient client and supplier adminis­tration system) within the ILF Group
pic_core_values_clients
pic_career

Categories of Processed Personal Data

For the afore­men­tioned purposes we may process the following categories of data:

  • Business contact infor­mation (name, function, title, contact person’s location) of business partners including company name, corporate structure, profes­sional telephone and fax number, profes­sional email address, VAT number of the company
  • Contract and payment data (account holder, name of the bank, SWIFT code, IBAN) as well as all data required for processing payment transactions
  • Data for the internal compliance management system (name, address, commercial register excerpt, trade register excerpt, date of birth, citizenship, bank details, copy of proof of identity, tax number)
  • Other personal data of (future) business partners, which require processing for the initiation, develo­pment and management of business relations, or which have been volun­tarily submitted, such as recent orders, delivery modalities, project infor­mation, corre­spon­dence and further data relating to the cooperation
  • In addition to the data mentioned above, which are perso­nally obtained from the data subject before being processed, the following other categories of personal data, obtained from publicly acces­sible databases, can also be processed: Commercial register data, trade register data, land register data, registry data (residency), insol­vency data, criminal record data, credit­wort­hiness data

Legal Basis for Data Processing

The legal basis for processing data for the purposes mentioned above is as follows:

  • According to Art. 6 (1) (b) GDPR, processing is necessary for the perfor­mance of a contract to which the data subject (or the company for which the data subject is working) is party or in order to take steps at the request of the data subject (or the company for which the data subject is working) prior to entering into a contract
  • According to Art. 6 (1) © GDPR, processing is necessary for compliance with a legal obligation to which the controller is subject (in parti­cular statutory requi­re­ments to keep records in accordance with the Austrian Corporate Code (UGB) and Federal Fiscal Code (BAO))
  • According to Art. 6 (1) (f) GDPR, processing is necessary for the purposes of the legitimate interests pursued by ILF or third parties

Insofar as the legitimate interests pursued by ILF are part of the legal basis for the processing of data, it is within ILF’s interest, or in the interest of affiliated companies of the ILF Group and any other recipients of trans­ferred personal data, to be able to operate an efficient client and supplier management system.

If the afore­men­tioned personal data are not provided or are insuf­fi­ci­ently provided this can have different conse­quences e.g. that the services cannot be properly rendered, a contract cannot be concluded, the controller cannot fulfil his contractual obliga­tions or prepare an offer. If the processing of data is based on consent from a data subject, this consent can also be the legal basis for data processing (Art. 6 (1) (a) GDPR).

Transfer and Disclosure of Personal Data

Personal data will only be trans­ferred to other controllers, if the processing of this data is necessary for contractual perfor­mance or project imple­men­tation, or if ILF has a legitimate interest in the transfer of the data or the data subject has given their consent.Categories of data recipients according to Art. 13 (1) (e) GDPR may include:

  • Affiliated companies of the ILF Group
  • Data processor(s)
  • Public autho­rities
  • Banks
  • Lawyers and tax consul­tants as well as experts for the estab­lishment, exercise or defense of legal claims
  • Auditing companies for compliance with accounting obligations

In accordance with the statutory provi­sions, if recipients of personal data are located in countries outside of the European Union “EU” (in which appli­cable laws do not offer the same level of protection as the laws of the respective data subject’s home country), personal data will only be trans­ferred if the European Commission decides that the third country has an adequate level of protection (Art. 45 (3) GDPR), if appro­priate safeguards have been agreed with the recipient (Art. 46 GDPR), if binding corporate rules are imple­mented (Art. 47 GDPR) or if there is a derogation for specific situa­tions in accordance with Art. 49 GDPR.

Further infor­mation and (where appli­cable) a copy of the imple­mented measures can be obtained from the contact person listed under point 7.

Rights of the Data Subject

According to the GDPR, data subjects have the following rights (with the exception of those listed in the respective regula­tions): right to infor­mation (Art. 15 GDPR), right to recti­fi­cation (Art. 16 GDPR), right to erasure (Art. 17 GDPR), right to restriction of processing (Art. 18 GDPR), right to data porta­bility (Art. 20 GDPR), right to object to the processing of personal data (Art. 21 GDPR), and right to lodge a complaint with a super­visory authority (Art. 77 GDPR).

If the processing of personal data is based on consent from the data subject, such consent can be withdrawn at any time without the need to give a reason. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Retention Period

We only store personal data as long as it is necessary to fulfill the purposes for which they were collected. Personal data will therefore be erased if the retention of the personal data is no longer necessary to fulfill the purposes for which they were collected, and if no statutory retention obliga­tions or the estab­lishment, exercise or defense of legal claims excludes the erasure of personal data.

In this context, the statutory retention obligation of 7 years in accordance with § 132 para. 1 of the Federal Fiscal Code (BAO) and § 212 of the Austrian Corporate Code (UGB), as well as the absolute period of limitation of a maximum 40 years (§§ 1478 and 1485 para. 1 of the Austrian Civil Code (ABGB)) for the assertion of claims for damages have to be observed by ILF.

Contact

If you have any questions or concerns regarding the processing of personal data or the assertion of the listed rights, please contact us using the following details:

ILF Consulting Engineers Austria GmbH
Feldkreuz­straße 3
A‑6063 Rum bei Innsbruck / Austria
Company Register Number: FN 106300z
Tel. +43/512/2412–0
E‑Mail: privacy.aut@ilf.com

Automated Decision Making

As a respon­sible company we refrain from automated decision making or profiling.

Hello UptimeRobot