At B&R, protecting your personal data is a top priority.This privacy notice explains how we process your personal data and what rights you have in relation to your personal data.
1.
B&R-TochtergesellschaftenIn accordance with applicable data protection laws, the person responsible for processing your personal data is the B&R subsidiary on whose premises you are located and which communicates with you.
In your case, B&R Industrial Automation GmbH, B&R Strasse 1, 5142 Eggelsberg, Austria or the respective company affiliated with B&R Industrial Automation GmbH will decide, as the "responsible party" within the meaning of the General Data Protection Regulation ("GDPR") and the Austrian Data Protection Act or other applicable national data protection laws at the headquarters of the respective subsidiary, for what and how your personal data will be used in accordance with this privacy notice (hereinafter also referred to as "B&R", "we" or "us").
2.
We collect and use the personal data that we receive from you within the scope of or in connection with your visit to our premises or an existing business relationship with you or your company (hereinafter: "you").We may also process personal data that we receive from you either as a result of your contact request, a specific precontractual inquiry or a registration for a specific event via our websites, by email or telephone or at a trade fair or product event.In addition, to the extent necessary for the purposes stated in this privacy notice, we process personal data that we can obtain from publicly available sources or that is lawfully transmitted by other third parties (e.g. a credit agency), such as commercial register data or creditworthiness data.
3.
We process your personal data primarily to carry out and fulfill our business and contractual relations with you and to ensure security in our offices and premises.In the context of this business relationship with you and your visit to our offices and premises, we must process your personal data, which we require in order to fulfill the associated contractual and legal obligations or which we are legally obliged to collect and process (e.g. health and safety laws, statutory insurance requirements).
- Visitor management, management of registration and visitor access, including related contact interactions and references in documents
- Health and safety management, including medical emergencies
- Recording by video surveillance system (CCTV) for the purpose of public and employee safety, building security and the prevention and detection of crime
- Access control systems with electronic entry and/or exit control for authorized persons in places with limited access and attendance list for emergencies
- Maintaining and protecting the security of products, facilities, services, systems, networks, computers and information, preventing and detecting security threats and fraud or other criminal or harmful activities
- Monitoring and auditing of compliance with ABB and B&R's corporate guidelines, contractual obligations and legal requirements
- Conducting audits, evaluations and regulatory checks to ensure compliance with regulatory obligations
- Management of IT resources, including infrastructure management such as data protection, support for data processing systems and service activities for application management, end user support, testing, maintenance, security (response to security incidents/violations, risks, vulnerabilities), master data and areas of activity including user account management, software license allocation, security and performance testing and business continuity.
We only collect the personal data from you that we require for the purposes described above.For statistical purposes, to improve our services and to test our IT systems, we use anonymous data as much as reasonably possible.This means that you can no longer be directly or indirectly identified as an individual using this data.
4.What happens if you do not provide us with the personal data we request or if you ask us to stop processing your data?
In the case of processing operations in connection with your visit to B&R (as described above), without certain personal data, B&R may not be able to adequately ensure your security and the security of other persons in our offices and premises, monitor the security of the premises and its facilities, or fulfill the related legal obligations or the purposes described above in general.Although we cannot oblige you to provide us with your personal data, please be aware that your refusal could have consequences that could negatively affect your visit to our offices and premises or our business relationship.You will not be permitted, for example, to enter certain or any B&R facility or location for security reasons, nor will we be able to take requested precontractual or contractual measures to conclude or fulfill a contract with you.
5.
- Insofar as we process your personal data on the basis of legal requirements or official measures, for example, with regard to health and safety laws, legal insurance requirements, cooperation obligations with authorities, legal retention periods or the disclosure of personal data within the scope of official or judicial measures for taking evidence, prosecuting or enforcing civil law claims, the legal basis for such data processing is Art. 6 (1) c) of the GDPR.
- In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Art. 6 (1) d) of the GDPR be the legal basis (e.g. notification of an accident on the premises of B&R).
- To conduct, manage, develop and promote our business activities in the broadest sense, including the management of visitors, facilities and sites, ensuring the protection and security of our premises, and the acquisition and sale of activities, businesses and companies
- Monitoring, checking and ensuring compliance with legal, regulatory, normative and ABB and B&R internal specifications and guidelines
- Establishment, exercise and defense of legal claims by and against B&R in connection with your visit and our business relationship
- Transfer of personal data within the B&R Group for internal administrative purposes, if required, for example, to provide centralized services
Likewise, it may be a legitimate interest on our part if photos are processed for purely internal purposes without corresponding publication (e.g. a group photo for participants in a training course) or are taken as part of a publicly advertised event and you are not the main focus of the photo, but are only to be seen together with other people.
We will process special categories of personal data only in accordance with applicable law and under the following conditions:
We will only process personal data relating to criminal offenses or criminal convictions based on (locally) applicable law.
6.
We will only share your personal data with other B&R companies or third parties if this is required for the purposes listed in the table below.
In addition, when processing your personal data for the aforementioned purposes, we may use external service providers as data processors (e.g. facility management or security companies).
In case of suspicion of criminal offenses, we may also pass on your personal data to law enforcement agencies.Otherwise, your personal data will only be transferred to third parties if there is a legal basis for this transfer.This can be the case especially if the police or other security authorities take action in the context of so-called emergency response and demand access to video surveillance data.
If we share your personal data with a B&R company or third party and it is transferred or becomes accessible outside of the European Union ("EU") and the European Economic Area ("EEA") or outside the country in which the B&R company controlling your information is located, we will protect your personal data with appropriate safeguards.We have taken additional measures to protect your personal data when it is transferred outside the EU, EEA or the country where the B&R company controlling your data is located.
List of the B&R subsidiaries. | The purposes stated in this privacy notice | |
B&R business partner | EU and non-EU | The purposes stated in this privacy notice |
IT services, administrative services for the reception and facility, security services or other service providers working for B&R | ||
For the evaluation of the companies or assets concerned or for the purposes specified in this privacy notice | ||
Recipients required according to applicable law or legal proceedings, such as law enforcement agencies or other authorities | Where required by applicable law, due to legitimate requests from public authorities or legal requirements |
7.
In principle, we process and store your personal data only as long as is necessary for the processing purposes stated in this privacy notice, until you withdraw your consent granted under Art. 6 (1) a) of the GDPR or until you object to the use of your personal data if a legitimate interest is the legal basis for processing (Art. 6 (1), f) of the GDPR).
In general, the personal data used for visitor management is stored for a period of 3 to 12 months and is only kept for a longer period if this is necessary due to local laws and official requirements or to defend legal claims.Some of B&R's buildings and locations use video surveillance systems (CCTV) to ensure security and operational procedures in our offices and premises and on our company grounds.Data from the video surveillance is always deleted after a maximum of 7 days.A longer storage period can be used for specific occasions, if facts justify the assumption that recordings from a limited period of time show actions that are prosecuted as criminal offenses or whose use is necessary for the assertion of civil law claims.
At the same time, applicable data protection laws require that we store and process your personal data in a form that identifies you for no longer than is necessary for the purpose for which the personal data was collected and that we carry out regular checks in this regard.