PRIVACY POLICY INFORMATION OBLIGATIONS UNDER THE GENERAL DATA PROTECTION REGULATION (GDPR)


PREAMBLE 


The protection of your privacy and data is very important to us and is always considered in all business transactions.
In general, you can use our website without providing any personal data. However, different regulations may apply to individual services, which we will separately inform you about below.
 


GENERAL 


The purpose of processing your personal data (referred to as "data" hereinafter) is to provide information about our electrical products for energy distribution and measurement and to present and offer products and services related to this topic. In this privacy policy, we inform you about, among other things:
 • the name and contact details of the data controller 
• all purposes for which your data are processed 
• the legal bases on which the processing activities are based, including any legitimate interests we may have
• all recipients of your data
• any transfer of your data to a third country and the legal basis for this
• the storage period of your data or the criteria for determining the duration
• the categories of your data that are processed
• the origin of your data
• the rights of the data subjects 

 

Responsible for data protection is EPRO Gallspach GmbH, A-4731 Gallspach, Styriastraße 2, Tel: +43 (0) 7248 68462-0, Email: eprooffice@epro.at.
No data protection officer has been appointed as it is not legally required.

 

YOUR RIGHTS 


You have the following rights concerning your personal data:
• Right to information
• Right to rectification or erasure 
• Right to restriction of processing 
• Right to object to processing 
• Right to data portability 
• Right to withdraw your consent

 

You also have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data by us.
For this purpose, as well as for any further questions regarding personal data, you can contact us at any time.
 


Right to Information
You have the right to obtain from us, at any time and free of charge, information about the personal data concerning you that is stored and to receive a copy of this information, including:
• the purposes of the processing • the categories of personal data processed 
• the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations 
• if possible, the envisaged duration for which the personal data will be stored, or, if not possible, the criteria used to determine that duration 
• the existence of the right to request rectification or erasure of personal data concerning you or restriction of processing by us, or to object to such processing 
• the right to lodge a complaint with a supervisory authority 
• if the personal data is not collected from the data subject: all available information about the source of the data 
• the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
 

 

Furthermore, you have the right to obtain information as to whether personal data has been transferred to a third country or to an international organization. If this is the case, you also have the right to be informed about the appropriate safeguards relating to the transfer.
 

 

Right to Rectification
You have the right to request the immediate correction of inaccurate personal data concerning you.
Furthermore, you have the right, taking into account the purposes of the processing, to request the completion of incomplete personal data, including by means of a supplementary statement.

 

Right to Erasure
You have the right to request that your personal data be deleted by us without delay if one of the following reasons applies and the processing is not necessary:
• The personal data have been collected or otherwise processed for purposes for which they are no longer necessary.
• You withdraw your consent on which the processing pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR is based, and there is no other legal ground for the processing. 
• You object to the processing pursuant to Art. 21(1) GDPR, and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR.
• The personal data have been unlawfully processed. 
• The erasure of personal data is required to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject. 
• The personal data have been collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.
 

 

Right to be Forgotten
If personal data has been made public by us, and our company, as the controller according to Article 17(1) GDPR, is obligated to erase the personal data, we will, taking into account available technology and implementation costs, take reasonable measures, including technical measures, to inform other controllers processing the published personal data that you have requested the erasure of all links to this personal data or copies or replications of this personal data from those other controllers, unless the processing is necessary.
 

 

Right to Restriction of Processing

You have the right to request the restriction of processing from us if one of the following conditions applies:

• You contest the accuracy of the personal data, and this restriction shall remain in place for a period that enables us to verify the accuracy of the personal data.
• The processing is unlawful, and you oppose the erasure of the personal data and instead request the restriction of its use.
• We no longer need the personal data for the purposes of the processing, but you require them for the establishment, exercise, or defense of legal claims.
• You have objected to processing pursuant to Article 21(1) GDPR, pending the verification of whether our legitimate grounds override yours. 

 


Right to Data Portability

You have the right to receive your personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format.

You also have the right to transmit those data to another controller without hindrance from us, where the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Furthermore, in exercising your right to data portability, you have the right to have your personal data transmitted directly from us to another controller, where technically feasible, and as long as this does not adversely affect the rights and freedoms of others. 

 


Right to Object

You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data concerning you which is based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions.

We will no longer process the personal data in the event of objection, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

If we process personal data for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, we will no longer process your personal data for those purposes.

Additionally, you have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you by us for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) GDPR, unless the processing is necessary for the performance of a task carried out in the public interest.
 

 

Automated Decision-Making Including Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless the decision (1) is necessary for entering into or performance of a contract between you and us, (2) is authorized by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or (3) is based on your explicit consent. 

 

Right to Withdraw Consent to Data Processing

You have the right to withdraw your consent to the processing of personal data at any time. However, the legality of the processing carried out before the withdrawal shall not be affected by your withdrawal.

 


MINORS

 

Our website and services are not intended for use by minors, and we do not want to collect data from minors. If a parent or guardian of a minor believes that their child may have provided us with personal data, please contact us using the contact information provided below, and we will delete this personal data subject to applicable law and this policy.

 

DATA SECURITY

 

We employ adequate technical and organizational measures and security precautions (TOMs) to prevent unauthorized access, unlawful processing, and unauthorized or accidental loss of your data.

This includes, for example, encrypting your communication with us via this website based on the Secure Socket Layer (SSL) encryption protocol.

You can check the quality of our encryption here: www.ssllabs.com/ssltest

It is important to note that data transmission over the Internet may have security vulnerabilities, as complete protection against access by unauthorized third parties is not possible.

 

 

WEB HOST


The servers hosting this website are located in Germany and operated by Mittwald CM Service GmbH & Co KG, with whom a (sub)contracted data processing agreement has been concluded.

For further details, please refer to: www.mittwald.de/datenschutz.


.
  
SERVER LOG FILES


With each of your visits, our website automatically collects a series of general data and information.
This general data and information are stored in the log files of our server by Mittwald CM Service GmbH & Co KG in Germany.
The following may be recorded:
• The types and versions of browsers used 
• The operating system used by the accessing system 
• The website from which an accessing system reaches our website (so-called referrer) • The subpages accessed via an accessing system on our website 
• The date and time of access to the website 
• An internet protocol address (IP address) 
• The internet service provider of the accessing system 
• Other similar data and information that serve to avert threats in the event of attacks on our information technology systems.
We do not draw conclusions about you when using this general data and information.
This information is necessary to:
• Deliver the contents of our website correctly 
• Optimize the contents of our website as well as its advertisement 
• Ensure the permanent functionality of our information technology systems and the technology of our website 
• Provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.
 

 

These anonymously collected data and information are evaluated both statistically and with the aim of increasing data protection and data security in our company to ultimately ensure an optimal level of protection for you. We may process this data based on our legitimate interests pursuant to Article 6(1)(f) GDPR.
The logs are stored separately from all personal data provided by you and are deleted after a maximum of 90 days.


COOKIES

 

Information about the use of cookies and clarification regarding your corresponding choices and rights can be found in our cookie banner.


HOW DO WE COLLECT YOUR DATA?


At the current time, you can contact us via email, telephone, fax, post, and in person. Please note that unencrypted emails sent over the internet are not adequately protected against unauthorized access by third parties.


WHY DO WE PROCESS YOUR DATA? 


When you contact us, for example, simply to obtain information from us, we process your data for this purpose. When you contact us, for example, to conclude a contract, we process your data for this purpose.
For processing your order, including customer support If you provide your order data via email, contact us by telephone, fax, post, or in person, the data provided by you, including your personal data, within the framework of our business relationship with you, will be processed by us and the recipients listed below for the purpose of (pre-)contractual processing, to process and manage your order, and to provide customer support to you.
 

Marketing (General)
For business initiation and intensification of the business relationship with existing and potential customers.

 

WHY ARE WE ALLOWED TO PROCESS YOUR DATA? 


If you contact us, for example, simply to obtain information from us, we may process your data based on your consent pursuant to Article 6(1)(a) GDPR or Article 6(1)(f) GDPR. If you contact us, for example, to conclude a contract, we may process your data based on Article 6(1)(b) GDPR, and possibly also store it based on Article 6(1)(c) GDPR.


Order

The processing of your data, including the personal data provided by you, is carried out by us and the recipients listed below on the legal basis of Article 6(1)(b) GDPR, in order to identify you as a customer, to be able to adequately process the respective work or purchase contract, and for correspondence with you. The data processing is carried out at your request and is necessary for the appropriate processing of your order for the purposes mentioned.


Marketing (General)

The legal basis is our legitimate interest pursuant to Article 6(1)(f) GDPR. The legitimate interest is our interest in business initiation and intensification of the business relationship with existing and potential customers.
 


What data do we process?

In general, we expressly ask you not to disclose data that is likely to have little or no relevance to the intended purpose; this especially applies to special categories of personal ("sensitive") data. Providing information is entirely voluntary on your part.


Information Requests 

When you contact us simply to obtain information, we process the data provided by you.


General Orders

For the processing of contracts, we process the necessary mandatory information; additional information is voluntary.


Marketing (General)

Depending on what you have voluntarily provided to us, the data processed by us may include the following:
•    Your contact details (name, address, telephone number, email address, etc.)
•    Content of previous orders


TO WHOM WILL YOUR DATA BE DISCLOSED?

 

Your data may be disclosed in whole or in part, but only to the extent necessary, to the following controllers:
•    Banks (payment transactions - Austria)
•    Tax advisors (accounting - Austria)
•    Debt collection agencies (debt collection - Austria)
•    Legal representatives (legal enforcement - Austria)
•    Courts (legal enforcement - Austria)
•    Administrative authorities (Austria)


Furthermore, your data may be disclosed to the following recipients as (sub)processors; a (sub)processing agreement has been concluded with all of them, and appropriate technical and organizational measures (TOMs) have been verified:
•    Innpuls Werbeagentur GmbH (Marketing Agency, Austria)
•    Mittwald CM Service GmbH & Co KG (Web hosting, Webmail, Germany)


HOW LONG DO WE PROCESS YOUR DATA?

 

Your data will be stored in a form that allows your identification only for as long as necessary for the purpose for which they are processed.
Information Requests 
By providing us with your data via contact form or email, contacting us by phone, or in person, you expressly consent to the processing of your data, including the personal data provided by you, as well as any unsolicited and voluntarily provided special categories of personal data, for the duration of processing the respective information request by us and the recipients listed above.
If you contact us simply to obtain information, your data will therefore either be deleted immediately or deleted after an appropriate period corresponding to the content of the communication.
Upon revocation of your consent, we will delete (or have deleted) all of your data - including cumulative data - from all databases.


Order

Due to company and tax law requirements, we are obliged to store your address, payment, and order data for a period of 7 years. If you contact us to conclude a contract, the data will be deleted at the end of the 7th year after the last entry is booked (§ 132 BAO). In the event of a contract, all data from the contractual relationship will therefore be stored until the end of this period.
However, after 2 years, we restrict the processing, meaning your data will only be used to comply with legal obligations.
Legal or contractual retention obligations, such as towards customers for warranty or damages claims, or towards contractual partners, are another basis for continuing to store your data (Article 6(1)(c) GDPR; Article 17(3)(e) GDPR).
The data categories of name, address, purchased goods, and date of purchase are additionally stored until the expiration of product liability (10 years).


Marketing (General) 

Marketing data will be retained for up to 3 years after the last contact.


 
SOCIAL MEDIA PLUGINS


We only use links to Facebook, X, Xing, LinkedIn, and YouTube and do not use plugins or cookies in compliance with GDPR.
Here are the addresses of each page along with URLs to their privacy policies:

 

Facebook Page:


We use a Facebook page at www.facebook.com/epro.at

Additional terms supplementing this privacy policy can be found here:

https://www.facebook.com/policy.php

https://www.facebook.com/policies/cookies

ttps://www.facebook.com/business/news/updates-for-page-admins-in-the-eu-and-the-eea

https://www.facebook.com/legal/terms/page_controller_addendum#

 

X Profile:


We use an X profile at

twitter.com/EproGmbh

Additional terms supplementing this privacy policy can be found here:

privacy.twitter.com/de

https://gdpr.twitter.com/de.html

 

Xing Profile:


We use a Xing profile at

https://www.xing.com/companies/eprogallspachgmbh

dditional terms supplementing this privacy policy can be found here:

https://privacy.xing.com/de

https://privacy.xing.com/de/datenschutzerklaerung

 

LinkedIn Profile:


We use a LinkedIn profile at

https://www.linkedin.com/company/epro-gallspach-gmbh/

Additional terms supplementing this privacy policy can be found here:

https://www.linkedin.com/legal/privacy-policy?_l=de_DE


YouTube Channel:


We operate a YouTube channel at

https://www.youtube.com/channel/UCd8IQ6UYU6vb4-aQ7kwvzLw/

Additional terms supplementing this privacy policy can be found here:

https://policies.google.com/privacy?hl=de&gl=de