DATA PROTECTION ADVISORIES

1. Data Controller - Name and Contact Data

We are the data controller responsible for the processing of your personal data:

ESG Elektroniksystem- und Logistik-GmbH
Frankfurter Ring 211
80807 Munich, Germany
P: +49 89 92161-0
F: +49 89 92161-2631
E-Mail: defenceandsecurity@esg.de

Represented by:
Christoph Otten, CEO, Dr. Mihaela Seidl and
Jörg Ohlsen, CEO

2. Data Protection Officer - Name and Contact Data

For any questions you may have respecting data protection you may also at any time contact our Data Protection Officer:

Dominique Philipp
ESG Elektroniksystem- und Logistik-GmbH
Ingolstädter Straße 45
80807 Munich, Germany

Tel: +49 89 92161-0
Fax: +49 89 92161-2631
E-Mail: datenschutz@esg.de

3. Data collection and processing
 

3.1 Data collection and processing in the pre-contractual area and at contract conclusion

a) Nature and scope of data collection and processing

We collect personal data in the pre-contractual area and at contract conclusion. This includes for example name data for the contact person, address and communication data, account data, business and contract data and billing and performance data.

b) Purpose and legal basis of data processing

We collect and process this data exclusively for the purposes of contract performance or fulfilling pre-contractual obligations. The legal basis for this is Art. 6 (1) b) GDPR. In addition, if you have granted consent, Art. 6 (1) a) GDPR is also applicable as legal basis.

c) Duration of data retention

Data are deleted when they are no longer required for the processing purpose. Statutory retention requirements may also apply, such as pursuant to Commercial Code (HGB) or Tax Code (AO). To the extent such retention obligations apply, we restrict or delete your data at the end of the applicable mandatory retention period.

3.2. Data processing of submitted business cards

a) Nature and scope of data collection and processing

Your business card contains personal data about you. We store the following data in our CRM system:

• Name data (form of address, title, first name, last name, name suffixes)
• Contact data (landline phone number, mobile number, e-mail address, fax number, street, house number, and as applicable supplemental address data, postcode, city, country)
   

b) Purpose and legal basis of data processing

We collect and process this data for the purpose of conducting business correspondence with you.
The legal basis for data collection and processing is Art. 6 (1) f) GDPR, as you and our company have a mutual interest in establishing contact and conducting communications.

c) Duration of data retention

Data are deleted as soon as they are no longer required for the their processing purpose, or if you declare objection per Art. 21 (1) 1 GDPR. You may file such objection with the data controller (item 1) or with the data protection officer (item 2).

4. Data transfer

We only transfer your personal data to third parties if:

• you have expressly consented to such in line with Art. 6 (1) a) GDPR.
• this is legal on the basis of Art. 6 (1) b) GDPR as required for performance of a contract with you or to conduct pre-contractual activities. For example: transfer to internal departments involved in execution of the respective business processes (Tax, Legal, Accounting, Bookkeeping and IT departments).
• there is a legal obligation to transfer the data pursuant to Art. 6 (1) c) GDPR. We are legally obliged to transfer data to governmental authorities (e.g. fiscal authorities, financial regulators, tax authorities and law enforcement authorities).
• disclosure is required pursuant to Article 6 (1) 1 f) GDPR in order to uphold legitimate company interests or to assert or defend against claims or exercise legal rights and there are no grounds to assume that you have a prevailing legitimate interest in non-disclosure of your data.
• we utilize an external service provider as processor within the meaning of Art. 28 GDPR to process data who has been bound to handle this data with due care.

We utilize such service providers in the following areas:

• IT
• Sales
• Marketing

When transferring data to external parties in third countries, i.e. outside the EU or EEA, we ensure that those parties handle your personal data with the same care as is required within the EU or EEA. We only transfer personal data into third countries for which the EU Commission has confirmed that an adequate level of protection exists there, or if we have ensured that your personal data is handled with due care under contractual agreements or by means of other suitable guarantees.

5. Security advisory

We implement all organizational measures suitable for ensuring the adequate protection of personal data within a sufficient scope.

6. Your rights

Your rights regarding your personal data are outlined in the following. For details please refer to Articles 7, 15-22 and 77 GDPR. You may contact the data controller (item 1) or the data protection officer (item 2) in this regard.

1) Data protection right to withdraw your consent per Art. 7 (3) 1 GDPR

You may withdraw consent to the processing of your personal data at any time with non-retrospective effect, i.e. the legality of processing up to the time of withdrawal is not affected.

2) Right to information per Art. 15 GDPR

You have the right to demand confirmation of whether or not we are processing personal data pertinent to you. If so, you have the right to be informed of this personal data and to receive other information, including the processing purposes, the data recipients, the planned duration of data storage and the criteria for determining such duration.

3) Right to rectification and completion per Art. 16 GDPR

You have the right to demand the prompt rectification of incorrect data on you. You have the right, under consideration of the processing purposes, to demand the completion of incomplete data on you.

4) Right to erasure ("right to be forgotten") per Art. 17 GDPR

You have a right to erasure of your data if its processing is not necessary. This would be the case for example if your data is no longer required for the original purpose, if you have withdrawn your data protection consent declaration or if the data have been processed in breach of law.

5) Right to restriction from processing per Art. 18 GDPR

You have the right to have your data restricted from processing, such as if you believe your personal data is incorrect.

6) Right to data portability per Art. 20 GDPR

You have the right to receive personal data concerning you in a structured, commonly used machine-readable format.

7) Right to object per Art. 21 GDPR

You have the right to object at any time to the processing of certain personal data concerning you on grounds relating to your particular situation.       
In respect of direct marketing, you as data subject have the right to object at any time to the processing of personal data concerning you for such marketing purposes, including profiling in connection with such direct marketing.

8) Automated individual decision-making, including profiling per Art. 22 GDPR

You have the right not to be subject to a decision based solely on automated processing, including profiling, but for the exception cases outlined in Art. 22 GDPR. We do not engage in automated decision-making, including profiling.

9) Lodging a complaint with a supervisory authority per Art. 77 GDPR

You can also lodge a complaint with a data protection supervisory authority at any time, for example, if you believe that data is being processed in non-conformity with data protection regulations. The supervisory authority for ESG Elektroniksystem- und Logistik-GmbH is:

Data Protection Authority for Bavaria
Postfach 606
91511 Ansbach
Germany

Phone: +49 (0) 981 53 1300
Fax: +49 (0) 981 53 98 1300
E-mail: poststelle@lda.bayern.de