At B&R, compliance with your data protection rights has the highest priority. This privacy notice explains why and how we collect and process your personal data and what your rights are with regard to this data.
This privacy notice applies exclusively to potential customers, including leads, prospects and customers in sales processes or contractual negotiations (all together referred to as "Customers"). All information contained in this privacy notice is therefore limited to processing that results from the business relationship between B&R and customers. We may, however, also process your personal data in other ways, for example when you visit one of our websites or when you receive our newsletter (with your consent). These processing operations are based on separate privacy notices. An overview of all privacy notices is available here.
1. Who is responsible for processing your personal data?
B&R Industrial Automation GmbH and B&R subsidiaries are responsible for your personal data. B&R Industrial Automation GmbH is in turn part of the ABB Group (a 100% subsidiary of ABB Asea Brown Boveri Ltd.). In accordance with applicable data protection laws, the B&R subsidiary that provides services or is in contact with you is the data controller. Each of these companies is considered an independent data controller of your personal data, and this notice applies to all of them (for a list of these companies, see the B&R website).
Responsible B&R subsidiaries located outside the European Union (EU) have appointed a representative for EU data protection issues. For more information about this EU representative, please send a request to www.abb.com/privacy.
In your case, B&R Industrial Automation GmbH, B&R Strasse 1, 5142 Eggelsberg, Austria or the respective company affiliated with B&R Industrial Automation will decide, as the "responsible party" within the meaning of the General Data Protection Regulation ("GDPR") and the Austrian Data Protection Act or other applicable national data protection laws at the headquarters of the respective subsidiary, for what and how your personal data will be used in accordance with this privacy notice (hereinafter also referred to as "we", or "us").
2. What kind of personal data do we collect and process?
We have received your personal data because you contacted us in connection with a concrete precontractual inquiry via our websites, by email or telephone (hereinafter also referred to as "contact request") or with regard to an already existing contractual relationship with you or your company, in particular in connection with an existing framework supply agreement.
We process and store the following personal data:
- Business contact information that you provide us with: Name, title, job title, email address, business address, telephone number, mobile phone number, etc.
- Additional information that you provide us with as part of our business relationship, e.g. interest in B&R products, contract or order data, invoices, payments, business partner history, etc.
- Information that your browser provides when you visit a B&R website: IP address, source of your website visit, time spent on the website or a specific page, links clicked on, comments enabled, browser type, date and time of visit, etc.
- Data that originates from publicly accessible sources or is lawfully transmitted by other third parties if this data is required for us to fulfill our obligations: Commercial register data, association register data, creditworthiness data, etc.
- Other personal data that may be entered by you or others in our systems, programs and applications. This also includes business documents containing personal information (e.g. inquiries, questions, complaints, orders and related files, emails, reports, contracts, presentations, minutes, work results), photos, images and/or videos. To a certain extent, this information may also include your interests in B&R products, marketing preferences and registration information provided at training sessions, events or trade fairs, etc.
3. Why do we use your personal data?
We process your personal data primarily to establish the business relationship with you or your company that you have requested and to process and execute services requested in connection with this business relationship.
We use your personal data in particular for the following purposes:
- Processing and fulfilling orders and keeping you informed about the status of your or your company's order
- Providing and managing our products and services
- Providing customer support and evaluating and responding to inquiries
- Monitoring and auditing compliance with company guidelines, contractual obligations and legal requirements of B&R (including conflict commodities).
- Conducting audits, reviews and regulatory checks to fulfill obligations to regulatory authorities.
Your personal data also helps us to understand your interest in our products and to expand our business relationship with you. In addition, your personal data will be stored in our company-wide database for the processing purposes mentioned here.
We do not perform automated decision-making including profiling based on your personal data.
We use your personal data for marketing purposes, in particular for the following:
- Conducting customer satisfaction surveys
- Performing data analyses (e.g. market research, trend analyses, financial analyses and customer segmentation)
- Providing marketing communication (e.g. notifications, advertising material, newsletters, etc.)
- Conducting other marketing and sales activities (including generating leads, following up on marketing prospects, conducting market research, determining and monitoring the effectiveness of our advertising and marketing campaigns and managing our brand)
In order to provide you with customized marketing communication and advertising, we use automated methods to create a profile based on the data received as described in this notice. You have the right to object to the generation of a profile by sending a request to the person in charge at www.abb.com/privacy.
Apart from that, we may process your personal data for the fulfillment of contracts with you or your company or for the implementation of precontractual measures upon request. Within the framework of this business relationship between you or your company and us, you must provide the personal data that is required for the initiation, execution or termination of the business relationship and fulfillment of the associated contractual obligations or that we are legally obliged to collect and process (e.g. tax laws). Without this data, we will not be able to establish, maintain or terminate a business relationship with you or to take any contractual or precontractual measures upon your request.
We will only collect personal data from you that is required for these processing purposes. We may also make your personal data anonymous so that you cannot be identified by that data and then use that data for further processing purposes, including improving our services and reviewing our IT systems.
4. On what legal basis do we process your personal data?
We process personal data in accordance with the provisions of the GDPR and the Austrian Data Protection Act, in particular on the following legal bases:
Insofar as we process your personal data for the fulfillment of contractual obligations arising from contracts concluded with you or within the framework of precontractual measures, the legal basis for such data processing is Art. 6 (1) b) of the GDPR.
Insofar as we process your personal data on the basis of legal requirements or official measures, for example on the basis of our obligations to comply with fiscal control and reporting obligations or legal retention periods, the legal basis for such data processing is Art. 6 (1) c) of the GDPR.
In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Art. 6 (1) d) of the GDPR be the legal basis (e.g. notification of an accident on the premises of B&R).
Where required, we process your personal data if you explicitly contact us and/or within the scope of an existing business relationship with you or your company to safeguard our legitimate interests and that of third parties. This is done in the context of balancing interests in accordance with Art. 6 (1) f) of the GDPR, according to which processing is permissible if it is necessary to safeguard legitimate interests and if the interests or basic rights and freedoms of the data subject, which require the protection of personal data, do not prevail.
The use of your personal data for the purpose of processing your contact request before or during the fulfillment of the contract as well as the provision of information requested by you is an acknowledged legitimate interest according to Art. 6 (1) f) of the GDPR. Personal data will be processed by us based on your contact request, the provision of information you request and your business relationship with us (e.g. as a sole trader or in your role or function within the company). This establishes a direct and significant relationship between you and us, which entitles us to process your personal data. We will make sure that you or your company only receive information, invitations and offers that are relevant or of interest to you. Our legitimate interest is based on your interest in our products and on our business relationship with you, which we would like to establish. In addition, it is our legitimate interest to add your personal data to our company-wide database if you have voluntarily provided your personal data for this purpose when contacting us, e.g. if you entered the data, or if we have a contractual or business relationship with you.
If and insofar as we process your personal data in exceptional cases without a specific request from you or an existing business relationship with you for the purpose of direct marketing on the basis of your consent as the legal basis for such data processing, see Art. 6 (1) a) of the GDPR. In accordance with Art. 7 (3) of the GDPR, you can of course withdraw your consent at any time with future effect.
If we send you marketing information via email, we may also require your consent in accordance with Art. 107 (2) of the German Telecommunications Act.
5. Who receives and processes your personal data (within and outside the EU and EEA)?
As part of a global corporation, we have business relationships with companies in the B&R Group and external service providers, both within and outside the European Economic Area (EEA), which we may also use to process your personal data.
In this regard, your personal data may also be made available to companies of the B&R Group in countries within and outside of the EEA for the aforementioned processing purposes. In addition, when processing your personal data for the aforementioned purposes, we may use external service providers as data processors (e.g. computer centers, software companies). They are generally used with binding instructions within the framework of an existing contractual relationship and receive your personal data only to the extent and for the period of time required to provide the service.
We are committed to a high level of data protection within our company in order to ensure that your personal data is protected in accordance with the GDPR (as described below).
Recipient name or – for non-EU countries – recipient category | Recipient location | Purpose | Safeguards to protect your personal data |
---|---|---|---|
Companies and subsidiaries affiliated with B&R | See the list of B&R subsidiaries. | The purposes described in the privacy notice | EU standard contractual clauses |
B&R business partner | EU and non-EU | The purposes described in the privacy notice | EU Standard Contractual Clauses |
Service provider | EU and non-EU | For the assessment of the respective company or assets or for the purposes specified in this privacy notice | EU Standard Contractual Clauses and commercial contracts that ensure that your data is only used to assess the company or assets of B&R or for the purposes described herein |
Potential or actual buyers of B&R companies or systems | EU and non-EU | For the assessment of the respective company or assets or for the purposes specified in this privacy notice | EU Standard Contractual Clauses and commercial contracts that ensure that your data is only used to assess the company or assets of B&R or for the purposes described herein |
Recipients required according to applicable law or legal proceedings, such as law enforcement agencies or other authorities | EU and non-EU | If required by applicable law or a legitimate request from governmental authorities or a valid legal requirement | Where possible, we will ensure that your data is adequately protected when it is transferred outside the EU under these circumstances |
You can obtain a copy of the safeguards we use to protect your personal data by sending a request to www.abb.com/privacy.
6. How long do we process and store your personal data?
We process and store your personal data for as long as this is required for the processing purposes mentioned above, or if a legitimate interest is the legal basis for processing (Art. 6 (1) f) of the GDPR), or until you object to the use of your personal data (Art. 6 (1) a) of the GDPR, Art. 107 (2) of the Austrian Telecommunications Act). If we have obtained your consent (Art. 6 (1) a) of the GDPR) for processing your personal data, we will store the data until you have withdrawn your consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Your personal data will be regularly deleted, unless further processing is necessary to comply with company and/or tax law retention obligations or to preserve evidence in connection with statute of limitation. If this is the case, we will retain the personal data concerned until the end of the respective legal period.
7. Which rights do you have with regard to your personal data?
If you have questions about data protection, complaints about how we are handling your personal data or wish to exercise the rights of data subjects listed below, you can contact us at www.abb.com/privacy. Under certain circumstances, we may have to restrict these rights of data subjects in order to safeguard the public interest (e.g. the prevention or detection of criminal offenses) or our business interests (e.g. maintaining legal privilege). Should you not be satisfied with our response or believe we are processing your personal data unlawfully, you may also contact the Data Protection Authority in your country of residence or work or in which you believe the data breach may have taken place in accordance with your right to lodge a complaint per Art. 77 of the GDPR. In addition to your right to lodge a complaint, you also have the following rights:
- Right to information: In accordance with Art. 15 of the GDPR, you have the right to receive information from us regarding your personal data that we process at any time upon request (in text form). This right is limited by the exceptions of Art. 4 (6) of the Austrian Data Protection Act, according to which the right of information is not applicable in particular if the provision of this information would endanger a business or trade secret of the data controller or of a third party.
- Right to rectification: In accordance with Art. 16 of the GDPR, you have the right to request that we rectify your personal data without delay if it is incorrect. This right is subject to the restrictions set out in Art. 4 (2) of the Austrian Data Protection Act, according to which, in the event that the correction of personal data processed with the aid of automation cannot be carried out immediately because it is only possible at certain times for economic or technical reasons, the processing of the personal data in question must be restricted with the effect of Art. 18 (2) of the GDPR until this point in time.
- Right to erasure: You have the right to request us to delete your personal data under the conditions set out in Art. 17 of the GDPR. These conditions are particularly met if a) the respective processing purpose has been achieved or otherwise ceases to apply, b) we have processed your data unlawfully, c) you have withdrawn your consent without the data processing being able to be continued on another legal basis, d) you successfully object to the data processing or e) in cases where there is an obligation to delete the data on the basis of EU law or the law of an EU member state to which we are subject. This right is subject to the restrictions set out in Art. 4 (2) of the Austrian Data Protection Act, according to which, in the event that the deletion of personal data processed with the aid of automation cannot be carried out immediately because it is only possible at certain times for economic or technical reasons, the processing of the personal data in question must be restricted with the effect of Art. 18 (2) of the GDPR until this point in time.
- Right to restrict processing: In accordance with Art. 18 of the GDPR, you can request that we only process your personal data to a limited extent. This right exists in particular under the conditions that a) the accuracy of the personal data is disputed, b) you request limited processing instead of deletion under the conditions of a justified request for deletion, c) the data is no longer necessary for the purposes we pursue, but you need the data to assert, exercise or defend legal claims, or d) the success of an objection is still disputed.
- Right to data portability: In accordance with Art. 20 of the GDPR, you have the right to receive your personal data that you provided us in a structured, common, machine-readable format, as well as the right to have us transfer this data to another data controller.
- Right to object: In accordance with Art. 21 of the GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data, either in the public interest or to safeguard our legitimate interests. Thereafter, we will stop processing your personal data unless we can prove compelling reasons for processing your personal data that are worthy of protection, which outweigh your interests, rights and freedoms or unless such processing serves to assert, exercise or defend legal claims. If you object to the processing of your personal data for marketing purposes, we will stop processing your data in any case.
8. Updates to this document
This Privacy Notice may be updated from time to time as a result of required developments. In case of such updates, we will undertake necessary actions to inform you about them depending on the importance of changes done. If and where required by applicable laws we will also ask for your consent to any material Privacy Notice changes describing our up-to-date practices. Please check the "date of publication" to see when this Privacy Notice was updated.
Date of publication: February 15, 2021