Privacy Statement

We take the protection of your personal data very seriously. In this Privacy Statement we, EOS GmbH Electro Optical Systems (“We” or “EOS”) will inform you about how we process and use your personal data and on the specific rights you have in connection with your personal data. One of the main purposes of this Privacy Statement is to fulfil transparency obligations under Regulation (EU) 2016/679 (General Data Protection Regulation, “GDPR”).

Many of our customers are organisations and companies (so-called legal entities). If you contact us as an employee of an organization or a company, we will store and process the categories of data described herein below generally in relation to this organization or company, but may link it to the information that you are employed by such organization or company and are our contact person.

Please note that special privacy terms apply to our “MyEOS” portal for customers and business partners. You can find our privacy statement for that portal here.

 

Important Contact Information

Our contact details are as follows:

EOS GmbH Electro Optical Systems

Robert-Stirling-Ring 1, 82152 Krailling

Tel. +49 89 893 36-0

Fax +49 89 893 36-285

E-Mail: info@eos.info         

Website: www.eos.info

 

You can contact our data protection officer at any time with any questions about data protection. Our data protection officer’s name and contact details are as follows:

 

Sabina Hrnjica-Ceman

EOS GmbH Electro Optical Systems

Robert-Stirling-Ring 1, 82152 Krailling

E-Mail: datenschutz@eos.info

 

The data protection supervisory authority responsible for us is:

Bavarian State Office for Data Protection Supervision (Bayerisches Landesamt für Datenschutzaufsicht)

Street Address

Promenade 27 (Schloss)

91522 Ansbach

Deutschland    

Postal Address

Postfach 606

91511 Ansbach

Deutschland

Contact Details

Telephone: +49 (0) 981 53 1300

Telefax: +49 (0) 981 53 98 1300

E-Mail: poststelle@lda.bayern.de

If you wish to file a complaint, you can also use the complaint form available at https://www.lda.bayern.de/de/beschwerde.html.

 

How are My Data Processed and Used when I visit the Website?

When you visit our website, our web server will temporarily record the domain name or IP address of the requesting computer, the access date, the file request of the client (file name and URL), the HTTP response code and the website from which you are visiting us, the number of bytes transferred during the connection and, if applicable, other technical information that we use and statistically evaluate for the technical implementation of the website’s use (delivery of the content, guaranteeing the website’s functionality and security, protection against cyberattacks and other abuses).

It is necessary to store and process the information referred to above for the duration of your session in order to deliver our website content to your computer. We also store some of this information in the log files of our servers. We will not combine this information with your IP address or other personal data relating to you.

This processing will take place for the fulfilment of the existing contract of use with you (legal basis for processing: Art. 6 no. 1 lit. b) of the GDPR), as far as it serves the purpose of the technical implementation of the website’s use and to otherwise protect our legitimate interest in making our website as user-friendly, safe and attractive as possible (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR).

Log files are deleted after 30 days. After expiry of those periods information will be deleted or made anonymous.

We use cookies to process some of the data mentioned above. With your consent we may also use additional cookies and analytics. You can find more information on cookies and analytics and on your rights and options in this respect in our Cookie-Manager and in our Cookie Policy.

 

How are My Data Processed and Used when I request information or shop in the Webshop?

When you place an order in our webshop it is necessary to process certain information for the conclusion and performance of the contract. Information which is required for this purpose will be specially marked. All other information you may provide will be provided on a voluntary basis.

Our webshop contains a contact form which you can use to submit communications to us. When submitting information through the contact form, you are required to enter an e-mail address which we will use for responding to your request. The contact form enables you to submit additional information on a voluntary basis.

We will store and process the above information on the one hand to perform the respective contractual relationship with respect to the information, product and/or service we deliver to you (legal basis for processing: Art. 6 no. 1 lit. b) of the GDPR), and, on the other hand, to protect our legitimate interest in improving our deliveries and services according to your individual requirements and thus promoting the sale of our products and services, and possibly offering you additional products or services in accordance with your interests, documenting contractual agreements and correspondence for establishing, exercising or defending related legal claims, and, where relevant, fulfilling our product monitoring obligation with respect to our products and services (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR) as well as fulfilling statutory documentation and document retention obligations (legal basis for processing: Art. 6 no. 1 lit. c) of the GDPR).

For all customers or potential customers who order through our webshop, or contact us, or subscribe to our newsletter, we will set up a customer account in our Customer Database, and all information will then be stored in, or linked to, this customer account.

 

How are My Data Processed and Used when I Participate in Trainings?

When you participate in a training, we will collect and process the contact details of all participants. If the training encompasses a test or examination (e.g. for the purposes of certification), we will also store and process your submissions and results. If trainings are conducted by third party service providers, they will also have access to this information.

We will store and process the above information to perform the respective contractual relationship with respect to the training (legal basis for processing: Art. 6 no. 1 lit. b) of the GDPR).

Unless one of the longer retention periods specified further below applies, your information will be retained for six months after the training. For certifications with an expiry date, the fact that you have participated and the result (passed/not passed) will be stored for the life of the certificate and three months thereafter. Where the training is booked by a corporation or organization, the fact that you have participated and the result (passed/not passed) may be (a) reported to the corporation or organization, and/or (b) recorded in the customer account of the corporation or organization in our Customer Database. If you have personally booked the training, we will set up a customer account in our Customer Database, and the fact that you have participated and the result (passed/not passed)will then be stored in, or linked to, this customer account.

Some trainings are conducted online through our training portal EOS Campus Online You can find detailed information on how we process and use personal data in EOS Campus Online in the EOS Campus Online Privacy Policy.

 

How are My Data Processed and Used in Connection with Social Media Icons?

Our website contains icons with the logos of certain social media platforms. The icons are linked to a URL of the social media platform. When you click in the icon, the respective function of the social media platform is activated (like, share, connect etc.). Until then no data is transmitted to the social media platform. When you click on the icon, you will leave our website. Our website currently contains icons of the following social media platforms:

  • When you click on the icon Linkedin you will be re-directed to the services of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Pl, Grand Canal Dock, Dublin 2, Ireland. You can find information on which data the service provider collects and how they are used in the privacy statement of the service provider: www.linkedin.com/legal/privacy-policy.
  • When you click on the icon Xing you will be re-directed to the services of XING SE, Dammtorstraße 30, 20354 Hamburg, Germany. You can find information on which data the service provider collects and how they are used in the privacy statement of the service provider: https://privacy.xing.com/de/datenschutzerklaerung.
  • When you click on the icon Twitter you will be re-directed to the services of Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. You can find information on which data the service provider collects and how they are used in the privacy statement of the service provider: http://twitter.com/privacy.
  • When you click on the icon Facebook you will be re-directed to the services of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. You can find information on which data the service provider collects and how they are used in the privacy statement of the service provider: www.facebook.com/help.
  • When you click on the icon YouTube you will be re-directed to the services of YouTube, LLC, Cherry Ave., United States, a company of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. You can find information on which data the service provider collects and how they are used in the privacy statement of the service provider: https://www.google.de/intl/de/policies/privacy/.
  • When you click on the icon of Instagram you will be re-directed to the provider of Instagram, Facebook Ireland Ltd. 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. You can find information on which data the service provider collects and how they are used in the privacy statement of the service provider: https://help.instagram.com/519522125107875?helpref=page_content.

 

How are My Data Processed and Used When I Subscribe to Newsletters?

If you register via our website or by other means to receive electronic newsletters, we will store and process your registration data (the registration form will show you which registration data we collect and store and whether entries are mandatory or voluntary) for an unlimited period of time until you unsubscribe or we cancel the newsletter dispatch in order to fulfil the existing contract with you for the receipt of the newsletter (legal basis for processing: Art. 6 no. 1 lit. b) of the GDPR). The IP address assigned to you by the internet service provider (ISP), and the date and time of registration will also be stored when you register. The purpose of this is to protect our legitimate interest in preventing and, if necessary, prosecuting misuse of our services (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR). In addition, we will store and process your consent to receive the newsletter for the retention period specified below. This serves to protect our legitimate interest in being able to prove in the event of a dispute that you wished to receive the newsletter (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR).

After termination of your registration for the receipt of newsletters, we will retain the registration data, the IP address, date and time of registration and your consent for up to six months. This serves to protect our legitimate interest in being able to restore this data in the event of unintentional deletion; or in establishing, exercising or defending legal claims in connection with the registration for, and consent to, receipt of newsletters (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR).

The registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration you will receive an e-mail asking you to confirm your registration. This confirmation is necessary to prevent unauthorized use of your e-mail address by another person.

For all customers or potential customers who order through our webshop, or contact us, or subscribe to our newsletter, we will set up a customer account in our Customer Database, and all information will then be stored in, or linked to, this customer account.

 

How are My Data Processed and Used When I Contact the Customer Hotline?

When you call our hotline, our representative will record your name, the date and time of your call and the content of your request in a call log.

We will store and process the above information on the one hand to perform the contractual relationship with you with respect to the information, product and/or service we deliver to you (legal basis for processing: Art. 6 no. 1 lit. b) of the GDPR), and on the other hand, to protect our legitimate interest in improving our deliveries and services to meet your individual requirements and thus promoting the sale of our products and services, possibly offering you additional products or services in line with your interests, documenting the content of your request for the establishment, exercise or defence of legal claims and, where relevant, fulfilling our product monitoring obligations with respect to our products and services (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR).

Unless one of the longer retention periods specified further below applies, call logs will be retained for six months after the call.

We record individual calls to ensure service quality. We will obtain your consent for this in advance. We will use these records on the one hand on the basis of your consent, and, on the other hand, to protect our legitimate interest in improving our services (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR). The records will be evaluated within one month after the call by managers or trainers, and discussed with the hotline employee in order to continuously improve their customer friendliness and performance. The recordings will be deleted at the end of this period.

For all customers or potential customers who order through our webshop, or contact us, or subscribe to our newsletter, we will set up a customer account in our Customer Database, and the call log will then be stored in, or linked to, this customer account.

 

Which Data with respect to Customers or Prospective Customers are Stored in the Customer Data Base?

When you express interest in any information, product or service or if a customer relationship exists or is established with you, we will set up a customer account in our Customer Database. The customer account contains your master data (name, address, account etc.). All correspondence and documents (correspondence, orders, contracts, complaints, etc.) within the scope of the customer relationship will then be stored in, or linked to, this customer account.

We will store and process the above information on the one hand to perform the respective contractual relationship with respect to the information, product and/or service we deliver to you (legal basis for processing: Art. 6 no. 1 lit. b) of the GDPR), and, on the other hand, to protect our legitimate interest in improving our deliveries and services according to your individual requirements and thus promoting the sale of our products and services, and possibly offering you additional products or services in accordance with your interests, documenting contractual agreements and correspondence for establishing, exercising or defending related legal claims, and, where relevant, fulfilling our product monitoring obligation with respect to our products and services (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR) as well as fulfilling statutory documentation and document retention obligations (legal basis for processing: Art. 6 no. 1 lit. c) of the GDPR).

When establishing the customer relationship, or at any time during the customer relationship, we may process customer data in the context of “know your customer”, anti-corruption, anti-money laundering, anti-terror and export control or similar screenings or audits in order to perform our compliance obligations and give effect to our compliance policies. The legal basis for such audits and screenings is the fulfilment of a legal obligation, where they are legally required (legal basis for processing: Art. 6 no. 1 lit. c) of the GDPR), and otherwise our legitimate interest in avoiding business relationships which we consider to violate our ethical standards (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR). 

If you express interest in a product or service but no customer relationship is established, your data will be deleted 2 years after the last correspondence with you.

 

Who May Receive My Data?

We exchange personal data with other companies within the EOS Group.

Newsletters will be sent to the e-mail address you have provided. If your e-mail provider is located in an unsafe third country, the transfer will nonetheless be made to fulfill the contract with you and in accordance with your instructions.

Where we store and process data for the consummation of contracts, we may pass these data on to agents and contractors we employ for such consummation (e.g. to carriers for transportation purposes). Where we re-sell third party products we may pass on your contact details and information on the product purchased to the manufacturer or supplier for the purposes of product registration, for accounting purposes and/or with respect to manufacturer product maintenance or support.

Our website may contain references to third parties’ offers in the form of links, advertising banners or the like. If you follow these links (usually by clicking on the link or advertising banner), you will be directed to third-party offers. We would like to point out that providers of such offers may be in an unsafe third country and that clicking on such links may therefore lead to a transfer of information to such a country, that we are not the controller with respect to such third party offers and have not agreed any guarantees with the controllers’ of such third party offers regarding data protection and that only the data protection policies of the third party as the controller will apply to these offers. Although we do not pass on any personal data to such providers or their service providers ourselves, they can draw conclusions from the fact that you come from our website when you click on an advertisement.

We will transfer your personal data to competent law enforcement, regulatory or other authorities, institutions or bodies if we are legally obligated to do so (legal basis for processing: Art. 6 no. 1 lit. c) of the GDPR) or if we have a legitimate interest in averting coercive measures of such authorities, institutions or bodies within the scope of their legal authority (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR). Such legally required or necessary transmissions are not the subject of this Privacy Statement.

 

How Does EOS Share Data with the EOS Group?

Personal data controlled by one company within our group of undertakings (herein also referred to as “EOS Affiliate” and “EOS Group”) may be disclosed to other EOS Affiliates where such data is uploaded to a joint database.

Joint databases are centrally hosted by one EOS Affiliate for access by all EOS Affiliates for the purposes identified below. However, access to data in joint databases is always restricted by multiple levels of access rights granted on a need-to-know basis ensuring that the EOS Affiliates, and within each EOS Affiliate the respective employees, access only the data they require for their business functions.

The databases constituting our Customer Database (ERP database and CRM database) are set up as joint databases. The databases are located in Krailling, Germany and operated by EOS GmbH Electro Optical Systems. Other EOS Affiliates may access data in the databases in order to offer products, services or information to existing or prospective customers which may be relevant to such customers.

Personal data controlled by one EOS Affiliate may in addition also be disclosed to other EOS Affiliates where one EOS Affiliate provides intragroup services to the other EOS Affiliate. Currently EOS GmbH Electro Optical Systems, Krailling, Germany provides central IT services to all other EOS Affiliates and in the context of such services may have access to all data stored on the respective EOS Affiliate’s systems. EOS GmbH Electro Optical Systems, Krailling, Germany, has, however, undertaken to access such data as a processor and only for the purposes and subject to the instructions of the respective EOS Affiliate.

We share data in the contexts specified hereinabove in order to protect our legitimate interests in coordinating sales processes and business and IT administrative processes on the level of the group of companies and planning and providing our deliveries and services as close to our customers as possible (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR).

The disclosures set forth above may be made EOS Affiliates within and outside of the European Economic Area. In order to provide for a uniform level of data protection throughout our group of companies and also to provide sufficient guarantees in this case, all EOS Affiliates have agreed on the application of uniform data protection provisions for all data transfers within our group of companies which, with respect to data exports outside of the European Economic Area, incorporate the standard data protection clauses adopted by the Commission for this purpose.

 

For How Long are My Data Stored?

We have enacted a data retention and deletion policy in order to ensure that personal data are only stored for as long as necessary for their purpose.

Our data retention and deletion policy takes account of the principle that personal data should be retained for limited periods even after the original purpose has become obsolete, in order to preserve our legitimate interest in preventing unintentional deletions, in enabling the establishment, exercise or defence of legal claims and in rendering the administration of retention and deletion periods practicable (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR). We assume that your interests do not conflict with this, because these additional retention periods are appropriate with respect to the interests to be protected.

Unless detailed information on deletion periods has already been provided above, the following general deletion periods will apply in accordance with our data retention and deletion policy. Where data fall under several different deletion periods, the longest will always apply:

  • We will retain customer data for the duration of the customer relationship. After the end of the customer relationship such data will continue to be retained for as long as these data are necessary for the maintenance of the customer account and for the administration of documents or data relating to the customer which fall into any of the categories identified hereinbelow. Otherwise customer data will be deleted after expiry of one year.
  • We will retain contract data until expiry of the statute of limitation for potential claims and will then delete or anonymize them after an additional cooling-off period of several months.
  • For compliance with the statutory retention period for commercial letters and tax documents we will retain correspondence for seven years and invoices and other booking documentation for 11 years.
  • We will retain contract-related data and documents for 11 years after the end of the contractual relationship in view of the statutory limitation period for claims and statutory document retention obligations for booking receipts.
  • We will retain all product safety documents and product data including information on safety-relevant incidents and accidents or customer complaints to comply with our statutory product monitoring obligation and to assert, exercise or defend legal claims within the statutory limitation periods for 31 years after the end of product sales.

If the term "deletion" is mentioned in this Privacy Statement, we reserve the right to anonymise the relevant data record, such that it can no longer be assigned to you, instead of complete deletion

Anonymised data may be processed and used by us and our processors for an unlimited period. The processing and use of anonymised data is not subject to the GDPR and is not the subject of this Privacy Statement.

 

 

 

What Options and Rights do I have with respect to My Data?

Under the conditions stipulated in Art. 15 of the GDPR you have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and certain information on their processing. Please note that this right is subject to certain statutory limitations (in particular under § 34 of the German Data Protection Act).

Under the conditions stipulated in Art. 16 of the GDPR you have the right to obtain from us the rectification of inaccurate personal data, and the completion of incomplete personal data.

Under the conditions stipulated in Art. 17 of the GDPR you have the right to obtain from us the erasure of certain of your personal data, such as data which are no longer necessary for legitimate purposes (such as the establishment, exercise or defence of legal claims).

Under the conditions stipulated in Art. 18 of the GDPR you have the right to obtain from us the restriction of processing of certain of your personal data, such as data which you claim not be accurate.

Under the conditions stipulated in Art. 20 of the GDPR you have the right to receive, or request us to transfer to a third party, in a machine-readable format, personal data relating to you which are processed by automated means solely on the basis of your consent or for the performance of a contract with you or in order to take steps at your request prior to entering into a contract.

Under the conditions stipulated in Art. 21 of the GDPR you have the right to object, on grounds relating to your particular situation, to certain processing operations of your personal data. We may in such case not follow your objection if there are compelling legitimate grounds for the processing which override your interests or if processing is necessary for the establishment, exercise or defence of legal claims.

You can object to the further processing of your personal data for direct marketing purposes at any time, and we will consequently refrain from processing them for this purpose. This also applies to profiling insofar as it is associated with such direct marketing.

We will not make any decisions without your consent which produce legal effects concerning you or similarly significantly affect you and that are based exclusively on automated processing (including profiling).

To the extent that we indicate in this Privacy Statement that guarantees have been agreed to provide an adequate level of protection, you may request copies of the relevant documents from our Data Protection Officer.

You have the right to lodge a complaint with a supervisory authority. This may include, among others, the supervisory authority responsible for your place of residence or the supervisory authority generally responsible for us. You can find information on this supervisory authority under „Important Contact Information“.

If you consent to processing, this is voluntary, unless we inform you otherwise in advance, and the refusal of consent will not be sanctioned. You can withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Processing on a legal basis other than your consent will also be unaffected by such withdrawal. However, you may also exercise the above statutory rights in this respect (e.g. the right of objection pursuant to Sections 12.6 et seq.). In particular, you may withdraw any consent to the use of your e-mail address or telephone number for direct marketing at any time and may object to any further use of your e-mail address or telephone number for this purpose at any time, free of charge (other than communication costs payable to your provider).

You can contact us in any form to exercise your rights, in particular to withdraw any consent you may have given, and especially our data protection officer also. You may be required to identify yourself to us as a data subject to exercise your rights.

You can find all necessary information under „Important Contact Information“.

 

How Are Changes to this Privacy Statement Communicated?

We may change our processes and this Privacy Statement in future. In the event of a change, we will publish an updated Privacy Statement here or publicize the change in another manner.