We feel committed to data protection and hereby give you information on how we process your data and what claims and rights you may assert according to data protection regulations.
1. Controller with respect to data processing and contact data in the meaning of the General Data Protection Regulation is:
Atlas Copco Energas GmbH
Schlehenweg 15
50999 Koeln
Telefon: +49 (0)2236 9650 0
E-Mail: datenschutz.energas@de.atlascopco.com
Contact data of our data protection officer:
Silvia C. Bauer
c/o Atlas Copco Energas GmbH
Schlehenweg 15
50999 Koeln
Telefon: +49 (0)221 9650 0
E-Mail: datenschutz@luther-lawfirm.com
2. Purposes and legal basis on which we process your data
Personal data are processed by us in compliance with the provisions set forth in the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) as well as other applicable data protection regulations. This activity comprises the following kinds of processing:
2.1 Purpose of fulfilling a contract or pre-contractual measures (Art. 6 (1) b GDPR)
If, in the framework of contract conclusion, you provide us with data and such data are necessary for contract conclusion and the sale etc. of our products or services, processing shall take place for establishing, implementing and, when appropriate, terminating our contracts with you and for carrying out your orders. In addition, we process data received by us due to a complaint or the like in order to check and handle the incident in question. But we also use the data of our customers for collecting our claims. Data (voluntary data are marked with „where appropriate“) include your contact data (such as name, title, address, phone number, e-mail address), information on the company (such as name, legal status, invoice address, bank), where appropriate your date of birth, information on the contract or order, order processing, payment, tax-related data or data concerning complaints or the like (such as, e.g., subject matter and content).
2.2 Purposes based on our a legitimate interest on our part or on the part of a third party (Art. 6 (1) f GDPR)
Apart from the actual fulfilment of the (preliminary) contract, we also process your data if this is necessary for protecting our legitimate interests or those of third parties, unless your interests or fundamental rights and freedoms are contrary to such processing. Legitimate interests may include, but are not limited to our economic interests, our legal interests, our interests in compliance and ensuring compliance or our interests in IT security. Legitimate interests exist, for instance, in the following cases:
- Disclosure of data to service providers who render services to you on behalf of Atlas Copco. Atlas Copco forwards your personal information only to those service providers who have contractually undertaken towards Atlas Copco to refrain from processing or disclosing such information for any other purposes than those necessary for rendering the services on our behalf or for complying with statutory obligations;
- Processing and disclosure in order to carry out investigations concerning presumed or actual illegal acts;
- Processing and disclosure within the framework of insurance cases or for investigating and settling damage events and minimising financial losses;
- Disclosure for supporting a sale or a transfer of a part of our company or of our entire company or our assets (also in case of insolvency).
- Obtaining information from credit agencies for assessing a person’s credit standing;
- Providing e-learning or other material, carrying out product training sessions or other measures for ensuring compliance and for giving information on our products;
- Quality control as well as check and optimisation of procedures for a requirement analysis and communication with you;
- Gestures of goodwill;
- Analysis of business indicators for carrying out internal sales analyses, calculation and analysis of cost structures or remunerations;
- Control and monitoring by affiliated companies (e.g. parent company) or the respective supervisory committees or monitoring bodies (e.g. audit) as well as risk management in the Group;
- Measures for controlling the business and developing services and products;
- Collection of claims by debt collection companies;
Fulfilling statutory obligations, including but not limited to complying with a lawful legal requirement
- by a prosecution authority or another governmental supervisory authority;
- Assertion of legal claims and defence by lawyers in case of legal disputes;
- Handling of insurance cases or investigation and settlement of damage events and minimisation of financial losses;
- Examination and investigation of presumed or actual illegal acts;
- Warranting EDP/IT security;
- Video monitoring for protecting domestic authority and for compiling evidence in case of punishable acts;
- Measures for building and security (e.g. access controls) and for protecting domestic authority;
- Traceability of orders, enquiries etc. and other agreements as well as for quality control and training purposes by recording phone calls;
- Disclosure for supporting a sale or a transfer of a part of our company or of our entire company or our assets (also in case of insolvency).
2.3 Use of data for advertising purposes such as newsletters, surveys etc. and your right to object (Art. 6 (1) f GDPR, Section 7 (3) of the German Unfair Competition Act (UWG))
Always provided that you have given us your consent thereto, we use your data for advertising purposes such as, for instance, the transmission of our newsletter, advertising-related surveys or invitations to events that might be interesting for you, or we use your data for marketing research purposes. In this context, we collect obligatory data such as, for instance, your e-mail address, but also data submitted by you on a voluntary basis. Such voluntary data are used by us in order to permanently improve our customer relationship and to develop it in a customer-friendly manner, to contact you in future as an individual, to analyse your preferences and to inform you about interesting products. In this context, you may unsubscribe from notices and information at any time by clicking the link provided for in the newsletters and effecting the cancellation or by contacting us under the aforementioned contact address.
We process your data for the dispatch of newsletters, surveys etc. and for contacting you as an individual on the following legal basis:
- If you have given us your consent, pursuant to Art. 6 (1) lit. a GDPR;
- If you have given us your e-mail address in connection with the purchase of goods or services or we send personalised advertising material to you, for protecting our legitimate interests according to Art. 6 (1) lit. f GDPR in conjunction with Section 7 (3) of the German Unfair Competition Act (UWG); our legitimate interest is based on our economic interests in carrying out advertising measures and target group-oriented advertising.
Use of data for e-mail advertising and your right to object
If we receive you e-mail address in connection with a contract conclusion and a provision of our products and always provided that you have not objected thereto, we reserve the right to send you regularly offers for similar products from our range by e-mail. You may at any time raise objections against such use of your e-mail address by contacting the contact address mentioned hereinafter or via a link provided for this purpose in the newsletter e-mail, without incurring any other costs than the transmission costs according to basic rates.
2.4 Purpose of complying with statutory requirements (Art. 6 (1) c GDPR)
Like everyone involved in economic processes, we are bound to comply with a multitude of legal obligations. Such obligations are primarily based on statutory requirements (including but not limited to commercial and tax laws), but also, where appropriate, regulatory or other administrative demands. Where appropriate, processing purposes include the verification of identity and age, the prevention of fraud and money laundering, the prevention, combating and investigation of terrorist financing and offences threatening financial assets, the compliance with tax law-related control and reporting duties as well as the filing of data for data protection and data security purposes as well as audits by revenue offices or other authorities. In addition, it may become necessary to disclose personal data within the framework of measures taken by public authorities/courts for taking evidence, pursuing offences or enforcing claims under civil law.
2.5 Purpose of credit rating and transfer of data to credit agencies
in order to verify your creditworthiness prior to contract conclusion, the data submitted by you (company, name, address, date of birth and, where appropriate, gender) in connection with the request for and the implementation and termination of the business relationship will also be used for making enquiries and obtaining credit rating information based on mathematical-statistical procedures from credit agencies; in this context, we may also provide a credit agency with data on a non-contractual or fraudulent behaviour, if any, during the contractual relationship. The exchange of data with a credit agency also serves to verify identity. By means of the concurrence rates transmitted by the credit agency, we are able to find out whether a person is actually stored in its database under the address submitted by the customer.
If we obtain information from a credit agency, this takes place on the legal basis provided for in Art. 6 (1) lit. b GDPR or, if we forward information on a non-contractual behaviour to the credit agency, on the legal basis provided for in Art. 6 (1) lit. f GDPR, always provided that this is necessary for protecting our legitimate interests or those of third parties and such interests are not overridden by your interests or your fundamental rights and freedoms requiring the protection of personal data.
The legitimate interest is that the credit agency informs third parties about negative payment expectations and, doing this, renders protection against own disadvantages.
3. Categories of data processed by us, if data are not obtained directly from you, and their origin
The personal data processed by us are primarily received from you within the framework of our business relationship.
To the extent that this is necessary for rendering our services within the framework of our business relationship or for the aforementioned purposes, we process personal data lawfully received by us from other companies or other third parties (e.g. credit agencies, address publishers), such as contact data, company figures or data concerning credit standing etc. In addition, we process personal data which have been lawfully obtained, received or acquired by us from publicly accessible sources (such as, for instance, phone directories, trade registers and association registers, registers of residents or debtors, land registers, press, internet and other media) and may be processed by us.
4. Recipients or categories of recipients of your data
First of all, the disclosure of your personal data is restricted to our employees.
A disclosure of your data towards third parties shall categorically take place only if this is permitted or prescribed by law or if you have consented thereto. Apart from that, we forward your data to the required extent to the service providers appointed by us in order to be able to render our services. Such disclosure is restricted to what is necessary in order to provide you with our services. To some extent, our service providers receive your data in their capacities as processors and will in this case be obliged to strictly adhere to our instructions. To some extent, the recipients will handle your data, as disclosed by us, on their own.
Please find hereinafter the categories of recipients of your data:
- Associated companies within our company group, to the extent that they work for us as processors and provide us with, e.g., IT services or to the extent that this is necessary for rendering our services;
- Payment service providers and banks in order to collect outstanding payments from accounts and to pay out amounts to be reimbursed;
- Call centres and complaints processors in order to receive and handle your enquiries and complaints;
- Agencies, printing houses and letter shops supporting us in our implementation of advertising measures, sweepstakes, promotions etc.;
- Providers of training sessions in order to provide corresponding e-learning programmes;
- IT service providers who, inter alia, store data, render support services for administering and maintaining systems as well as keepers and destroyers of archives;
- Logistic service providers in order to deliver goods etc.;
- Credit agencies when requesting information on credit standing;
- Collection agencies and legal consultants when asserting our claims;
- Public authorities and institutions to the extent that we are legally obliged in this respect.
Apart from that, we can also transfer your personal data within our internationally active company group, e.g. to our subsidiaries who need such data in order to fulfil our contractual and statutory obligations or on the basis of our legitimate interests. Possible purposes include economic, administrative or any other internal business purposes, always provided that our interests are not overridden by your interests or your fundamental rights or freedoms requiring the protection of personal data. Apart from what has been said above, your personal data will not be disclosed by us towards third parties.
5. Transfer to third countries
A transmission of data to countries outside the EU or the EEA (so-called third countries) will take place only insofar as it is necessary for handling our contractual relationships or prescribed by statutory provisions (e.g. tax law-related reporting duties) or if you have given us a consent thereto or the receiving party, in this context, acts in a capacity of a data processor. If we use the services of providers in third countries, such providers will, in addition to written instructions, be obliged to maintain the European data protection level by virtue of the standard contractual clauses adopted by the EU. Alternatively, we transfer data on the basis of the Binding Corporate Rules and to the extent that the transfer of data is based on the Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 pursuant to Directive 95/46/EU of the European Parliament and the Council on the adequacy of the protection provided by the EU-U.S. Privacy Shield. For further information, please contact our data protection officer. Apart from what has been said above, we will not transfer your personal data to countries outside the EU or the EEA or to international organisations.
6. Retention period applicable to your data
We process your data for the duration of our business relationship. This term also includes the period of the initiation of a contract (pre-contractual relationship) and of the performance of a contract concluded with you.
Furthermore, we are bound to comply with several retention and documentation duties, including but not limited to duties arising from the German Commercial Code (HGB) and the German Fiscal Code (AO). The retention and documentation terms provided for in such regulations amount to up to ten years after the end of the business relationship or, as the case may be, the pre-contractual legal relationship.
Apart from that, specific statutory provisions may require longer retention periods, as it is, for instance, the case with the preservation of evidence subject to statutory limitation periods. According to Sections 195 et seqq. of the German Civil Code (BGB), the regular limitation period amounts to three years, but limitation periods of up to 30 years may also become applicable. If the data are no longer required for fulfilling contractual or statutory duties and rights, they will as a rule be deleted, unless their further processing – for a limited period of time – is necessary on a case-by-case basis for fulfilling the purposes listed in clause 2. In such cases, we may store and, where appropriate, use your data also after a termination of our business relationship or our pre-contractual legal relationship for the term corresponding to the respective purposes.
7. Your data protection rights
Under certain conditions, you are entitled to assert your data protection rights towards us:
- Right of access: Pursuant to Art. 15 GDPR you are at any time entitled to obtain a confirmation from us as to whether we process data concerning your person; if so, you are - according to Art. 15 GDPR - furthermore entitled to obtain access to such personal data as well as certain other information (e.g. on purposes of processing, categories of the personal data concerned, categories of recipients, the origin of the data, their use for automated decision-making and, in case of a transfer to a third country, the appropriate safeguards) and a copy of your data.
- Right to rectification: You are entitled to request us according to Art. 16 GDPR to rectify the data stored about your person if they are inaccurate or faulty.
- Right to erasure: Subject to Art. 17 GDPR you are entitled to request us to erase your personal data without undue delay. Such right to erasure is inter · alia not applicable where the processing of the personal data is necessary for (i) the exercise of the right of freedom of expression and information, (ii) for compliance with a legal obligation applicable to us (e.g. statutory retention duties), or (iii) the assertion, exercise or defence of legal claims.
- Right to restriction of processing: Subject to Art. 18 GDPR, you are entitled to request us to restrict the processing of your personal data.
- Right to data portability: According to Art. 20 GDPR, you are entitled to request us to transfer your personal data, as provided by you, to you in a structured, commonly used and machine-readable form.
- Right to object: Subject to Art. 21 GDPR, you are entitled to object to a processing of your personal data so that we have to cease to process them. Such right to object exclusively exists within the limits provided for in Art. 21 GDPR. In addition, our interests may conflict with a cessation of processing so that we may continue to process your personal data despite of your objection.
- Right to revoke: You are entitled to withdraw your consent to a processing of your personal data at any time with effect for the future.
- Right to lodge a complaint with a supervisory authority: Subject to Art. 77 GDPR, you are entitled to lodge a complaint with a supervisory authority, particularly in the member state of your habitual residence, place of work or place of the alleged infringement if you believe that the processing of your personal data infringes the GDPR. The right to lodge a complaint exists irrespective of any other remedies available under administrative law or before a court.
- Nevertheless, we recommend you to always address your initial complaint to our data protection officer.
If possible, your requests to exercise your rights should be sent in writing to the address indicated above in clause 1 or directly to our data protection officer.
8. Scope of your duties to provide us with your data
You only have to submit those data which are necessary for commencing and implementing a business relationship or for maintaining a pre-contractual relationship with us or which must be collected by us by virtue of law. Without such data, we will, as a rule, not be capable to conclude or perform the contract. This may also refer to data becoming necessary within the framework of the business relationship at a later time. To the extent that we ask you to submit any data beyond this framework, we will separately inform you about the voluntary nature of such information.
9. Existence of an automated decision-making process in individual cases (including profiling)
Purely automated decision-making processes according to Art. 22 GDPR are not used by us. Due to statutory provisions, we are obliged to combat money laundering and fraud. In this context, data evaluations (inter alia for payment transactions) are carried out. At the same time, these measures serve to protect you.
To the extent that, on a case-by-case basis, we use any further procedures in future, you will receive separate information from us.