Data protection
Data protection Declaration Powerlines Group GmbH
I. The responsible body and data controller of your personal data under the General Data Protection Regulations (GDPR) and other data protection laws is:
Powerlines Group GmbH
Johann-Galler-Straße 39
A-2120 Wolkersdorf im Weinviertel
II. Contact for data protection queries: For queries, suggestions or complaints as to the processing of your data contact our data protection coordinator at:
Letters: Data protection coordinator
Powerlines Group GmbH
Johann-Galler-Straße 39
A-2120 Wolkersdorf im Weinviertel
Email: dataprotection(at)powerlines-group.com
III. Responsible supervisory authority for data protection matters (you can contact your local supervisory authority with any complaints):
Austria
Letters: Österreichische Datenschutzbehörde
Barichgasse 40-42
1030 Wien
Email: dsb(at)dsb.gv.at
Germany
Letters: Bayrisches Landesamt für Datenschutzaufsicht
Promenade 27 (Schloss) 8
D-91522 Ansbach
UK
Letters: Information Commissioner’s Office
Wycliffe House
Waters Lane
Wilmslow
Cheshire
SK9 5AF
Website: https://ico.org.uk/global/contact-us/
Telephone: 0303 123 1113
Sweden
Letters: Datainspektionen
Box 8114
SE-104 20 Stockholm
Data Protection Principles
For the Powerlines Group GmbH ("Powerlines") trust is a vital cornerstone in every business relationship, which is why we attach great importance to the secure and sensitive management of your data. This data protection declaration is intended to give you an insight into which personal data is used, for what purpose and what options are available to you as the data subject for getting the best possible overview of what happens to your data and what rights you have in this regard. Powerlines operates a consistent and continuous data protection management system in order to systematically plan, organise, manage and monitor legal and operational data protection requirements. Our goal is to ensure the rights and freedoms of those concerned, and recognise business-related risks arising from data protection and to be able to manage these accordingly.
This means for you, as the data subject:
- You are made aware of what personal data we hold about you and the purposes we use it for.
- Where you have given your consent for the processing of your personal data, you are able to withdraw your consent to such processing at any time.
- We respect your rights under the data protection laws, such as the right to be informed about the lawful basis we rely on for processing your personal data.
- Our information processing security measures comply with the latest standards and with statutory requirements.
- Our employees are obliged to maintain confidentiality and receive regular training on data handling best practices.
- Compliance with data protection provisions is monitored by the data protection coordinator who can be contacted directly by email should you have any questions.
We have endeavoured to be as transparent as possible. Regardless of whether you have been a customer for many years or are a prospective new customer, we invite you to read this declaration carefully and familiarise yourself with our practices.
If you have any questions, you can contact us at any time – our contact details are set out at the beginning of this declaration.
What type or categories of personal data we process
Personal data is all that information that relates to an identified or identifiable natural person.
We only store and process personal data as far as is necessary for building and developing new business across our entire service range. This includes planning and project development, delivery and assembly, quality control, acceptance, and maintenance in our rail, energy, and product business divisions.
We also process data that we have rightfully obtained from credit reference agencies and from publicly accessible sources (e.g. company registers or the land registry).
We process the personal data you provide to us in various ways, such as through your use of our website or in the course of an enquiry you have with us. The following personal data is processed by us:
- Forename, surname, address (address, postcode, town)
- Contact details (email address, telephone number)
- Any further information you provide to us such as the content of an enquiry (via a free text field or over the phone)
Personal data relating to customer base/supplier base: We record very little data on suppliers and customers. We merely need to ensure a trouble-free business relationship.
- Customer / supplier contacts (forename, surname)
- Contact details (address, email address, telephone number)
- Bank details
Personal data relating to applicants/bidders: there is a separate data protection declaration for these.
We guarantee that we will only use any personal data we collect for the purpose for which it was originally collected. It is especially important to us to ensure there is no lack of clarity around collection of personal data and that you know from the start how, why and by whom the data has been collected.
How we use personal data our purpose for processing it, and our legal basis for the processing of your personal data
We process your personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and local data protection laws. As a rule, we seek to present the collection and processing of your data as transparently as possible. Therefore, we will only process your personal data where we have a legal basis to do so under Article 6 of the GDPR.
We process personal data for various reasons including to fulfil our contract with you and to comply with statutory regulations applicable to us. Sometimes we will rely on your consent to process personal data and on other occasions we will process your personal data to help us perform our legitimate business interests.
We have set out our purposes for processing personal data in the table below alongside the legal basis we are relying on to process that personal data for the purpose:
For purposes related to the provision of the products and services that we offer to you: | |
| We use your personal data in this way either because we have a contract with you (for example, where we have a contract to provide those goods and services to you) or because it is in our legitimate interests to do so (for example, it is in our interests to ensure our customers are happy and solve any customer issues) but we will always ensure that your rights are protected. |
For advertising and marketing purposes, including to measure how effective our marketing is: | |
| We do this because it is in our legitimate interests to send marketing to our existing customers for goods and services, they may be interested but we will always ensure that your rights are protected and you can opt-out at any time. In some instances, we will rely on your consent to send you marketing materials such as when you sign up to receive our newsletter emails even if you are not a current customer, you can withdraw this consent at any time. |
For administrative and internal business purposes: | |
| It is in our legitimate interests as a business to use your personal data in this way. For example, we have a clear interest in ensuring that our products and services are high quality and efficient. We will make credit checks when it is in our legitimate interests and appropriate to do so in order to manage our financial risk. We will always ensure that your rights are protected. |
For security and legal and compliance purposes: | |
| In some cases, we will need to use your personal information to fulfil a legal obligation (for example, if we receive a legitimate request from law enforcement agencies), and in other cases (such as the detection of fraud or ensuring the security of the site) we will rely on our legitimate interests as a business to use your personal information in this way. Furthermore, we must fulfil legal obligations in accordance with Art. 6 para. 1 lit. c GDPR, such as legally prescribed storage and documentation obligations. We will always ensure that your rights are protected. |
We will only use your personal data for the purpose it was collected for. Should this purpose expire, we will either securely delete the personal data or we will consider whether there is an alternative purpose and corresponding lawful basis to continue to process and store the personal data.
Existence of automated decision-making
We do not currently undertake any automatic decision-making or profiling.
Disclosure of Data and Transmission
We will only share personal data with third parties if we have a lawful basis for doing so, for example where there is a statutory requirement, it is necessary in order to perform our contract with you or if you have given prior consent.
Within the Powerlines group of companies
We are part of a group of companies that share various operations and business processes. We may share your personal data with any member of our group for example; in order to fulfil our contractual obligations to you, or because it is in our legitimate interests to do so. The processing of personal data generally takes place in data centres within the European Economic Area (EEA).
With third party processors
We use third party processors (particularly IT service providers) to help us with specific functions, and we may disclose your personal data to them if they need it to perform their respective services. All processors are contractually obliged to handle your data confidentially and only process it as part of the agreed service provision.
In relation to statutory functions
We may share your personal data where there is a statutory obligation to do so, for example with authorities, regulators, or even to the Courts in connection with legal proceedings.
In particular, personal data collected through our video surveillance may be transmitted (in individual cases and only where it is strictly necessary and proportionate to do so) to competent authorities (for evidence protection in civil or criminal proceedings), security agencies (for security purposes), insurers (only for processing insurance claims), lawyers and those in other posts for the purpose of law enforcement.
Data Retention Period
We store your data for different lengths of time depending on the existence of a legitimate purpose for processing. As a rule, we process your information for the duration of the entire business relationship (from the initiation, processing to the termination of a contract, as well as until the termination of any interest in information on your part). In addition, we store your data in compliance with and within the scope of the statutory retention and documentation obligations, the applicable guarantee, warranty and limitation periods and, in the event of legal disputes in which the data is required as evidence, until their conclusion.
Where we are relying on your consent to process your personal data your personal data will be deleted if withdraw your consent to the data being processed for that particular purpose.
Data Access and Data Security
Those within our company involved with implementation and process have access to your data depending on operational and organisational needs.
Data protection and data security are important to us. We have implemented technical and organisational measures to secure our data processing. These measures protect against unauthorised or unlawful processing, accidental loss, accidental destruction or accidental damage. This particularly concerns protection of your personal data. Examples of the measures we have in place to protect your personal data includes:
- any data in the contact form on our website is sent to us in an encrypted format;
- we protect against unlawful access to personal data by applying a role authorisation concept, a data security concept and physical protective measures; and
- we have information security guidelines in place within the company.
All technical and organisational security measures are continuously reviewed in line with technological development. External and internal IT security is checked at regular intervals by an external IT security company. Our central IT service provider operates an ISO/IEC 27001 certified ISMS.
Your Rights as the Data Subject
As a data subject, you have a number of rights which we have set out below. To exercise your rights and if you have any queries, contact our data protection coordinator:
Letter:
Data protection coordinator
Powerlines Group GmbH
Johann-Galler-Straße 39
A-2120 Wolkersdorf im Weinviertel
Email: dataprotection(at)powerlines-group.com
Where appropriate it may be necessary for you to prove your identity to us in a suitable form before we are able to comply with your request, we do this to remove the possibility of unauthorised third parties
being given your personal data and/or to prevent unauthorised changes and/or deletions being made.
On receipt of a request from you exercising your rights, we shall respond without undue delay, but no later than one month from your concern reaching us. Our response will give an initial view or deal with your concern or state whether and if so, why the period for giving our views has been extended by up to two months.
Right to Information
You have the right to information about how on your personal data is processed by us.
Right to Rectification
If the personal data we hold about you is inaccurate, please inform us of this so that we can rectify and/or complete it immediately.
The Right to Restrict Processing
You can restrict the processing of your data at our company in certain circumstances if:
- you are disputing the accuracy of your personal data and Powerlines is checking your data for accuracy
- your data is processed unlawfully, but you decline to have it deleted and instead seek to restrict its use
- we no longer need your data for its original purpose, but you need it for the assertion, exercise or defence of legal claims
- you use your right of objection, although it is not yet established that our legitimate interests do not outweigh your rights as a data subject.
The Right to Deletion of your Data
Should you no longer wish us to process your data, please contact us using the details set out above. We will delete your data if we are required and permitted to do so under applicable laws and will inform you when this has been completed. Should compelling reasons, in particular legal reasons, prevent us deleting it, you will be informed by us to that effect without undue delay.
Right to Data Portability
In certain circumstances you have the right to receive your personal data in a structured, current and machine-readable format. This refers to the data with which you have provided us and that we process with your consent or to fulfil a contract. You can also ask us to transmit this personal data direct to another data controller.
Right to Object
You have the right to object to certain processing of your personal data. This also applies if we use your personal data for any profiling activities.
In such a case, we will no longer process your personal data unless we are able to establish compelling legitimate reasons for such processing that outweigh your concerns or processing is directed at the assertion, exercise or defence of legal claims.
Where direct marketing is concerned, you have the right to object to processing for the purposes of such marketing at any time. This also applies for profiling, if it is associated with direct marketing.
Right of Appeal
If it is your view that we are in breach of local or European data protection law in processing your data, we would ask you to contact us so that we can resolve any questions. You have the right to appeal to the Austrian data protection authorities or to your local competent authorities for example, you can contact the UK regulator for data protection (the Information Commissioner's Office) via their website: https://ico.org.uk/concerns/ or by calling 0303 123 1113.
How to Make a Request
Whatever right you wish to assert, in each case you can send your request to us in one of three ways:
- by letter, personally signed please, and with a copy of your ID to
Data protection coordinator
Powerlines Group GmbH
Johann-Galler-Straße 39
A-2120 Wolkersdorf im Weinviertel
- personally, at Powerlines UK head office during office hours or
- by email, only with a qualified electronic signature, to dataprotection@powerlines-group.com
Please make your concern as specific as possible so that we can deal with it quickly and efficiently.
Use of Powerlines Website
The Powerlines website records a range of data and information about visitors to the website. This general data and information is stored in the server’s logfiles. The following can be recorded: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system gets to our system (so-called referrer), (4) the sub-websites heading for our website via an accessing system, (5) the date and time of access to the website, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system and (8) other similar data and information designed to avert risks in the event of access to our information technology systems. We rely on our legitimate interests to process this data in order to manage and improve our website and ensure we are supporting our customers and prospective customers in the most helpful way.
In using this general data and information we draw no conclusions about the data subject. This information is needed rather in order to (1) correctly deliver the content of our website, (2) optimise the content of our website and the advertising for it, (3) guarantee the long-term functionality of our information technology systems and of our website’s technology and (4) provide law enforcement authorities with the information necessary for prosecution in the event of a cyber-attack. This anonymously collected data and information is therefore statistical and is assessed with a view to increasing data protection and data security in our company. The anonymous data in the server logfiles is stored separately from all personal data provided by a data subject. We assure you that the data is not used to personally identify the visitor to this website. Furthermore, the server log entries are automatically deleted after 14 days.
When you visit our website, we process your personal data for two reasons:
- to safeguard our legitimate interests (Art. 6 para. 1 lit. f GDPR), namely to ensure the operation, security and optimisation of our website, or
- to process your enquiries that you send to us via the contact form on our website or by email (Art. 6 (1) (a) GDPR)
By submitting the enquiry to us, you consent to us processing your personal data for these purposes.
No cookies are used to recognise and store temporary data of the website visitor. No advertising cookies are used.
Presence in social networks (social media)
Powerlines maintains online presences within social networks. The user data processed there is used to communicate with users or to provide information about Powerlines and our services.
We want to make it clear that user data may be processed outside the European Union. For a detailed description of the respective forms of processing and the possibilities of objection (opt-out), please refer to the privacy policy of the respective networks.
Services used and service providers:
LinkedIn: Social network
Service provider: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland;
Legal basis: We process your data in accordance with our legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Our website is www.linkedin.com
Our privacy policy is www.linkedin.com/legal/privacy-policy
Our data processing agreement is legal.linkedin.com/dpa
Option to object (opt-out): www.linkedin.com/psettings/guest-controls/retargeting-opt-out
Updating Regulations
Please note that we may need to update and amend this document from time to time. For example, to reflect amendments to the UK's Data Protection Act or the EU General Data Protection Regulation. Any changes to this declaration will be posted on this website.