AVL DiTEST TRANSPARENCY NOTICE
(Articles 13, 14 GDPR)
Index
1. Area of application
2. Who is responsible for data processing and who can I contact?
3. What sources and data do we use?
4. What do we process your data for (purpose of processing) and on what legal basis?
5. Who receives my data?
6. Is data transferred to a third country or an international organisation?
7. Safety of processing
8. How long will my data be stored?
9. Do I have an obligation to provide you with personal data?
10. What data protection rights do I have?
11. Right to lodge a complaint with a supervisory authority
12. To what extent is there automated decision-making or profiling?
13. Changes to this transparency report
1. Area of application
1. With this transparency notice, we, AVL DiTEST GmbH (hereinafter jointly referred to as AVL DiTEST, we or us), describe how we collect and process personal data. In accordance with Articles 13 and 14 of the GDPR, companies must fulfil certain information requirements when collecting personal data (directly from the data subjects or from third parties). The transparency notification serves this purpose.
2. It is possible that other data protection declarations, special data protection notices, general terms and conditions or similar documents may apply to certain circumstances. This privacy policy applies to the online presence.
2. Who is responsible for data processing and who can I contact?
1. For the purposes of data protection regulations, the controller responsible for your data is
AVL DiTEST GmbH
Alte Poststraße 156
8020 Graz
Austria
E-mail: DiTEST-Privacy@avl.com
Attn: Data Protection Officer
2. You can also get in touch with your direct contact person if you have any data protection concerns.
3. What data do we collect and what sources do we use?
1. Business customers, suppliers and business partners:
We collect the following data from business customers:
• Company name or first and last name
• Tax number
• First name and surname of the contact person
• Professional position of the contact person
• Company address
• Company website
• Company e-mail address
• Company telephone number
• Contact details of the contact person as described above
• Order history
Data that does not concern the contact person is not personal data within the meaning of the GDPR.
2. On the website:
When you visit our website, we do not collect any personal data other than the IP address of the device from which you are accessing our website. We sometimes use various analysis tools to determine the traffic on the website or to simplify its use. However, it is not possible for us or third parties to draw any conclusions about you personally. Details are provided below:
Cookies and Google Analytics:
This website uses Google Analytics, a web analytics service provided by Google Inc ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of the website (including your IP address) will generally be transmitted to and stored by Google on servers in the United States.
However, due to the IP anonymisation used on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.
IP anonymisation is active on this website.
On behalf of the operator of this website, Google will use this information to analyse your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. Google will not associate your IP address with any other data held by Google.
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.
By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under this link. If you do not agree to the use of analysis tools, no cookies will be set by Google or other third parties.
3. Email traffic:
As part of our normal office activities, we also store any email correspondence with you. The storage takes place in the respective email programme and the emails are regularly archived or deleted unless necessary.
4. In the event that we have not collected your data ourselves or you have not provided it to us yourself, it will in any case come from a reliable source that we have verified as being authorised to collect and transmit the data (e.g. debt register, commercial and association register, press, Internet, event organisers, network partners, rating agencies, etc.).
5. If you provide us with personal data of other persons (such as work colleagues, network contacts, family members, etc.), please make sure that the respective persons are informed about this transparency declaration and only disclose their data to us if you are authorised to do so and the personal data is correct.
4. What do we process your data for (purpose of processing) and on what legal basis?
We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the local laws that apply to AVL DiTEST GmbH:
1. For the fulfilment of contractual obligations (Art. 6 para. 1 b GDPR)
First and foremost, personal data is processed in order to provide and receive services as part of the performance of our core business activities, i.e. to conclude a contract with our customers and suppliers or to carry out pre-contractual measures that arise as part of an enquiry. The purposes of data processing are primarily in line with the respective services provided or received. More detailed information on the purposes of data processing can be found in the relevant contractual documents and terms and conditions.
2. As part of the balancing of interests (Art. 6 para. 1 f GDPR)
Where necessary, we process personal data beyond the actual fulfilment of the contract to protect our legitimate interests or those of third parties. Examples
> Consultation of and data exchange with third parties (e.g. enforcement register to determine creditworthiness or default risks);
> Examination and optimisation of procedures for needs analysis for the purpose of direct customer contact and collection of personal data from publicly accessible sources for customer acquisition;
> Processing of your personal data in connection with your work as an employee of one of our customers, business partners or suppliers (as part of our global purchasing activities, when you contact our customer service (e.g. support ticket system, telephone enquiries));
> Marketing interaction, market and opinion research (e.g. making contact during events or at trade fairs, filling out questionnaires and other forms);
> Cooperation with business partners and suppliers as part of joint projects (organisational, process and project management);
> Assertion of legal claims and defence in legal disputes and official proceedings;
> Ensuring IT security and IT operations (incl. access rights management)
> Prevention and investigation of criminal offences;
> Video surveillance and other measures to protect the owner's right to keep intruders out of premises or collect evidence of security incidents;
> Measures for building and site security and to protect our employees and other persons and assets (including digital assets) that belong to us or are entrusted to us (e.g. access controls, visitor logs, network and mail scanners, telephone recordings);
> Measures for business management (e.g. customer and supplier relationships), business development and the (further) development of services and products;
> Acquisition and sale of business divisions, companies or parts of companies and other corporate transactions as well as the disclosure of personal data in this context.
3. Based on your consent (Art. 6 para. 1 a GDPR)
Where you have given us consent to process your personal data for specific purposes (e.g. analysing certain activities for marketing purposes, when registering to receive newsletters, when taking photos or videos at events, etc.), the processing is carried out and based within the scope of such consent, unless we have another legal basis where this is required. The consent given can be revoked at any time, but does not affect the lawfulness of the processing of data until revocation.
4. Due to legal requirements (Art. 6 para. 1 c GDPR) or in the public interest (Art. 6 para. 1 e GDPR)
As a globally active company in the field of development and production of diagnostic and measuring devices for different types of vehicles, we are subject to various legal obligations, i.e. statutory and official requirements or self-regulation in the industry. The purposes of processing may therefore include, for example, the assessment and fulfilment of control and reporting obligations under tax law as well as the measurement and management of various legal and regulatory risks within AVL DiTEST.
5. Due to a necessity for the protection of vital interests of the data subject or another natural person (Art. 6 para. 1 d GDPR)
In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our company were injured and their name, age, health insurance details or other vital information would have to be passed on to a doctor, hospital or other third party.
5. Who will receive my data?
As part of our business activities and in accordance with the data processing purposes mentioned above, we may transfer data to third parties, provided that such a transfer is permitted and we consider it appropriate for these third parties to process the data for us or, if applicable, for their own purposes. We have concluded a processing agreement with the processors. In particular, these are the following categories of recipients:
1. Affiliated companies of AVL DiTEST GmbH;
2. our service providers (within AVL DiTEST GmbH or externally, e.g. banks, insurance companies, consultants), including processors (e.g. IT providers, logistics service providers, telecommunications providers, marketing agencies);
3. Dealers, suppliers, subcontractors and other business partners;
4. customers (e.g. joint projects);
5. Domestic and foreign authorities or courts;
6. The public, including users of our websites, apps, applications and social media (e.g. images and videos with your consent);
7. Acquirers or parties interested in acquiring business units, companies or other parts of AVL DiTEST GmbH;
8. Other parties in potential or pending legal proceedings.
6. Is data transferred to a third country or an international organisation?
1. Some of these recipients may be located in the European Economic Area (EEA), but may also be located in any country in the world. In particular, you must assume that your data will be transferred to any country in which AVL DiTEST GmbH is represented by affiliated companies, branches or other subsidiaries, as well as to other countries in which our service providers are located. If we transfer data to a country without adequate legal data protection, we ensure an adequate level of protection required by law by using appropriate safeguards (in particular on the basis of the European Commission's Standard Contractual Clauses, which can be viewed here) or we rely on the legal exceptions such as consent, the fulfilment of contracts, the establishment, exercise or enforcement of legal claims, overriding public interests, published personal data or the need to protect the integrity of the data subjects.
7. Safety of processing
1. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we make reasonable efforts to protect personal data against accidental and unlawful destruction and loss. We strive to ensure that personal data is used properly and protected against unauthorised access, use or disclosure. We use a combination of process, technology and physical security controls to protect personal data from unauthorised access, use or disclosure.
2. In addition, access to personal data is limited to employees, contractors and agents who need this data to fulfil their assigned functions and to develop or improve our services.
8. How long will my data be stored?
1. We process and store your personal data for as long as is necessary for the fulfilment of our contractual and legal obligations. It should be noted that our business relationships are generally continuing obligations that are designed to last for years.
2. If the data are no longer required for the fulfilment of contractual or legal obligations, they will be deleted or anonymised as far as possible, unless their - temporary - further processing is necessary, e.g. for the following purposes:
> Fulfilment of retention obligations under commercial and tax law;
> Retention of data for the period during which claims can be asserted against our company;
> Legitimate business interests require further storage (e.g. for evidence and documentation purposes).
9. Do I have an obligation to provide you with personal data?
In certain business relationships, you may be obliged to provide us with personal data that is necessary for the conclusion and execution of a business relationship and for the fulfilment of our contractual obligations (however, there is usually no legal obligation to provide us with data). Without this information, we will generally not be able to enter into or fulfil a contract with you (or the company or person you represent).
10. What data protection rights do I have?
1. In accordance with and to the extent provided for by applicable law (as in the case where the GDPR is applicable), you have the right of access (Article 15 GDPR), the right to rectification (Article 16 GDPR), the right to erasure (Article 17 GDPR), the right to restriction of processing (Article 18 GDPR), the right to object (Article 21 GDPR) and, where applicable, the right to data portability (Article 20 GDPR). In addition, if applicable to you, you also have the right to lodge a complaint with a competent data protection authority (Article 77 GDPR).
2. For reasons relating to your particular situation, you have the right to object at any time to the processing of your personal data based on Article 6(1)(e) GDPR (data processing in the public interest) and Article 6(1)(f) GDPR (data processing in the context of the balancing of interests). If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legitimate interests. Please note that in such cases we may no longer be able to provide any services or maintain a business relationship with .
3. Please note that exercising these rights may conflict with your contractual obligations. This may lead to consequences such as premature cancellation of the contract or costs. If this is the case, we will inform you in advance, unless this has already been contractually agreed.
4. You can revoke your consent to the processing of personal data at any time. Please note that the revocation only applies to the future. Processing that was carried out before the revocation is not affected.
5. The exercise of these rights generally requires that you are able to prove your identity (e.g. by providing a copy of your identity documents if your identity is not otherwise recognisable or cannot be verified in any other way).
6. The objection or cancellation does not have to be made in a specific form and should ideally be addressed to the contact details given above.
11. Right to lodge a complaint with a supervisory authority
1. If you have identified violations of data protection regulations, we suggest that you first discuss these directly with us. Notwithstanding this, you have the right to lodge a complaint with a supervisory authority in the EU/EFTA Member State of your habitual residence, place of work or place of the alleged infringement if the Soe considers that the processing of personal data relating to you infringes the GDPR. The competent authority in Austria is
Austrian Data Protection Authority
Barichgasse 40-42, 1030 Vienna
E-mail: dsb@dsb.gv.at
12. To what extent is there automated decision-making or profiling?
1. We may process some of your personal data automatically in order to evaluate certain personal aspects (profiling, market and opinion research, etc.). In particular, profiling allows us to inform and advise you about products or services that may be relevant to you. For this purpose, we may use evaluation tools that allow us to communicate with you if necessary.
2. In principle, we do not use fully automated decision-making or profiling in accordance with Article 22 GDPR to establish and conduct business relationships. Should we use these procedures in individual cases, we will inform you of this separately.
13. Changes to this transparency notice
We may change this AVL DiTEST Transparency Notice at any time without prior notice. The version currently published on our website applies.
