Privacy Policy of EOS GmbH Electro Optical Systems

When you visit our website, our web server will temporarily record the domain name or IP address of the requesting computer, the access date, the file request of the client (file name and URL), the HTTP response code and the website from which you are visiting us, the number of bytes transferred during the connection and, if applicable, other technical information that we use and statistically evaluate for the technical implementation of the website’s use (delivery of the content, guaranteeing the website’s functionality and security, protection against cyberattacks and other abuses).

It is necessary to store and process the information referred to above for the duration of your session in order to deliver our website content to your computer. We also store some of this information in the log files of our servers. We will not combine this information with your IP address or other personal data relating to you.
This processing will take place for the fulfilment of the existing contract of use with you (legal basis for processing: Art. 6 no. 1 lit. b) of the GDPR), as far as it serves the purpose of the technical implementation of the website’s use and to otherwise protect our legitimate interest in making our website as user-friendly, safe and attractive as possible (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR).

Log files are deleted after 30 days. After expiry of those periods information will be deleted or made anonymous.

We use cookies to process some of the data mentioned above. With your consent we may also use additional cookies and Marketing & Analytics. You can find more information on cookies and Marketing & Analytics and on your rights and options in this respect in our Cookie-Manager.

When you place an order in our webshop it is necessary to process certain information for the conclusion and performance of the contract. Information which is required for this purpose will be specially marked. All other information you may provide will be provided on a voluntary basis.

Our webshop contains a contact form which you can use to submit communications to us. When submitting information through the contact form, you are required to enter an e-mail address which we will use for responding to your request. The contact form enables you to submit additional information on a voluntary basis.

We will store and process the above information on the one hand to perform the respective contractual relationship with respect to the information, product and/or service we deliver to you (legal basis for processing: Art. 6 no. 1 lit. b) of the GDPR), and, on the other hand, to protect our legitimate interest in improving our deliveries and services according to your individual requirements and thus promoting the sale of our products and services, and possibly offering you additional products or services in accordance with your interests, documenting contractual agreements and correspondence for establishing, exercising or defending related legal claims, and, where relevant, fulfilling our product monitoring obligation with respect to our products and services (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR) as well as fulfilling statutory documentation and document retention obligations (legal basis for processing: Art. 6 no. 1 lit. c) of the GDPR).

For all customers or potential customers who order through our webshop, or contact us, or subscribe to our newsletter, we will set up a customer account in our Customer Database, and all information will then be stored in, or linked to, this customer account.

When you participate in a training, we will collect and process the contact details of all participants. If the training encompasses a test or examination (e.g. for the purposes of certification), we will also store and process your submissions and results. If trainings are conducted by third party service providers, they will also have access to this information.

We will store and process the above information to perform the respective contractual relationship with respect to the training (legal basis for processing: Art. 6 no. 1 lit. b) of the GDPR).

Unless one of the longer retention periods specified further below applies, your information will be retained for six months after the training. For certifications with an expiry date, the fact that you have participated and the result (passed/not passed) will be stored for the life of the certificate and three months thereafter. Where the training is booked by a corporation or organization, the fact that you have participated and the result (passed/not passed) may be (a) reported to the corporation or organization, and/or (b) recorded in the customer account of the corporation or organization in our Customer Database. If you have personally booked the training, we will set up a customer account in our Customer Database, and the fact that you have participated and the result (passed/not passed)will then be stored in, or linked to, this customer account.

Some trainings are conducted online through our training portal EOS Training Center - „EOTC“. You can find detailed information on how we process and use personal data in EOTC in the EOTC Privacy Statement.

If you register via our website or by other means to receive electronic newsletters, we will store and process your registration data (the registration form will show you which registration data we collect and store and whether entries are mandatory or voluntary) for an unlimited period of time until you unsubscribe or we cancel the newsletter dispatch in order to fulfil the existing contract with you for the receipt of the newsletter (legal basis for processing: Art. 6 no. 1 lit. b) of the GDPR). The IP address assigned to you by the internet service provider (ISP), and the date and time of registration will also be stored when you register. The purpose of this is to protect our legitimate interest in preventing and, if necessary, prosecuting misuse of our services (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR). In addition, we will store and process your consent to receive the newsletter for the retention period specified below. This serves to protect our legitimate interest in being able to prove in the event of a dispute that you wished to receive the newsletter (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR).

After termination of your registration for the receipt of newsletters, we will retain the registration data, the IP address, date and time of registration and your consent for up to six months. This serves to protect our legitimate interest in being able to restore this data in the event of unintentional deletion; or in establishing, exercising or defending legal claims in connection with the registration for, and consent to, receipt of newsletters (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR).

The registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration you will receive an e-mail asking you to confirm your registration. This confirmation is necessary to prevent unauthorized use of your e-mail address by another person.
For all customers or potential customers who order through our webshop, or contact us, or subscribe to our newsletter, we will set up a customer account in our Customer Database, and all information will then be stored in, or linked to, this customer account.

The surveys and questionnaires ("surveys") carried out by us are evaluated anonymously. Personal data is only processed insofar as this is necessary for the provision and technical execution of the survey (e.g. processing the IP address to display the survey in the user's browser or to enable a resumption of the survey with the aid of a temporary cookie (session cookie)) or participants have consented.
If we ask the participants for their consent to the processing of their data, this is the legal basis for the processing, otherwise the processing of the participants' data is based on our legitimate interests in conducting an objective survey (legal basis for processing: Consent (Art. 6 (1) (a) GDPR), Legitimate Interests (Art. 6 (1) (f) GDPR)).

Processed data types
Contact data (e.g. e-mail, telephone numbers), Content data (e.g. text input, photographs, videos), Usage data (e.g. websites visited, interest in content, access times), Meta/communication data (e.g. device information, IP addresses).

Data subjects
Communication partner (Recipients of e-mails, letters, etc.), Users (e.g. website visitors, users of online services).

Purposes of Processing
Contact requests and communication, Direct marketing  (e.g. by e-mail or postal), Feedback (e.g. collecting feedback via online form).

Services and service providers being used
Qualtrics: Qualtrics Survey Services; Service provider: Qualtrics LLC, Address: 2250 N. University Pkwy, 48-C, Provo, Utah 84604, USA; Qualtrics Website; Qualtrics Privacy Policy.

When you call our hotline, our representative will record your name, the date and time of your call and the content of your request in a call log.

We will store and process the above information on the one hand to perform the contractual relationship with you with respect to the information, product and/or service we deliver to you (legal basis for processing: Art. 6 no. 1 lit. b) of the GDPR), and on the other hand, to protect our legitimate interest in improving our deliveries and services to meet your individual requirements and thus promoting the sale of our products and services, possibly offering you additional products or services in line with your interests, documenting the content of your request for the establishment, exercise or defence of legal claims and, where relevant, fulfilling our product monitoring obligations with respect to our products and services (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR).

Unless one of the longer retention periods specified further below applies, call logs will be retained for six months after the call.

We record individual calls to ensure service quality. We will obtain your consent for this in advance. We will use these records on the one hand on the basis of your consent, and, on the other hand, to protect our legitimate interest in improving our services (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR). The records will be evaluated within one month after the call by managers or trainers, and discussed with the hotline employee in order to continuously improve their customer friendliness and performance. The recordings will be deleted at the end of this period.

For all customers or potential customers who order through our webshop, or contact us, or subscribe to our newsletter, we will set up a customer account in our Customer Database, and the call log will then be stored in, or linked to, this customer account.

We also actively use our presences on business-oriented platforms such as LinkedIn as well as associated tools such as the LinkedIn Sales Navigator to approach, communicate or initiate business contacts, etc. with you.

For this purpose, we process the data provided to us by the respective platform. This may include, in particular, your name, your employer, your position with your employer, and other contacts on the respective platform. Depending on the type of contact with you, we may process further data, such as the specific business relationships or the content of the communication with you. In addition, it is possible that in this case we transfer your data to our CRM system and merge or link it with data already held by you there.

We currently use the following providers or tools:

LinkedIn
LinkedIn Sales Navigator
We process your personal data to address, communicate or initiate business contacts with you (including via our CRM) on the basis of the following legal grounds:
your consent pursuant to Art. 6 (1) lit. a GDPR, which you gave to the provider when registering for the respective social media platform, provided it concerns your platform user data (name, employer, position);
for the performance of a contract or for the execution of pre-contractual measures pursuant to Art. 6 (1) lit. b GDPR, provided that we already have a business relationship with you or carry out pre-contractual measures via the platform based on your request (e.g. further contact or communication);
for the protection of our legitimate interests pursuant to Art. 6 (1) lit. f GDPR; our legitimate interest is the appropriate approach, communication or initiation of business contacts with you for the establishment, implementation, maintenance or termination of a business relationship with you.
For more information on data processing in our CRM system, see "Customer management system".

When you express interest in any information, product or service or if a customer relationship exists or is established with you, we will set up a customer account in our Customer Database. The customer account contains your master data (name, address, account etc.). All correspondence and documents (correspondence, orders, contracts, complaints, etc.) within the scope of the customer relationship will then be stored in, or linked to, this customer account.

We will store and process the above information on the one hand to perform the respective contractual relationship with respect to the information, product and/or service we deliver to you (legal basis for processing: Art. 6 no. 1 lit. b) of the GDPR), and, on the other hand, to protect our legitimate interest in improving our deliveries and services according to your individual requirements and thus promoting the sale of our products and services, and possibly offering you additional products or services in accordance with your interests, documenting contractual agreements and correspondence for establishing, exercising or defending related legal claims, and, where relevant, fulfilling our product monitoring obligation with respect to our products and services (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR) as well as fulfilling statutory documentation and document retention obligations (legal basis for processing: Art. 6 no. 1 lit. c) of the GDPR).

When establishing the customer relationship, or at any time during the customer relationship, we may process customer data in the context of “know your customer”, anti-corruption, anti-money laundering, anti-terror and export control or similar screenings or audits in order to perform our compliance obligations and give effect to our compliance policies. The legal basis for such audits and screenings is the fulfilment of a legal obligation, where they are legally required (legal basis for processing: Art. 6 no. 1 lit. c) of the GDPR), and otherwise our legitimate interest in avoiding business relationships which we consider to violate our ethical standards (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR). 

If you express interest in a product or service but no customer relationship is established, your data will be deleted 2 years after the last correspondence with you.

When you visit our facility, we ask you to register either in advance or on-site. Typically your name and company and the date and time of visit will be recorded and you may be asked to sign a confidentiality undertaking.  

We will store and process the above information to protect our legitimate interest in preventing abusive behaviour during visits and in establishing, exercising or defending possible legal claims (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR). Unless one of the longer retention periods set forth below applies, the information will be retained for one year after the visit. If you are a customer, they may be stored in your customer account. 

Sensitive areas of our facilities may be subject to closed circuit TV (CCTV) surveillance. CCTV cameras will be placed visibly and clearly marked. CCTV Cameras may be linked to live monitors without further recording but may also involve recording of videos. Recordings may be reviewed by security staff either on a random sample basis or where there is an indication of unauthorized access or abusive behaviour. After 72 hours recordings will be deleted unless required for investigation of a specific incident. We will store and process information collected through CCTV surveillance to protect our legitimate interest in preventing unauthorized access and abusive behaviour during visits and in establishing, exercising or defending possible legal claims (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR). Information collected through CCTV surveillance will not be used for any other purpose.

EOS is a globally active company. The data exchange includes EOS Group companies located in the European Economic Area but also in insecure third countries. In order to ensure uniform data protection throughout the Group and an adequate level of data protection, all EOS Group companies are party to agreements on intra-group data transfers, which incorporate the standard data protection clauses, including appropriate technical and organizational measures, issued by the EU Commission for this purpose with regard to data transfers to an insecure third country. (EU Commission information page: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).

The data exchange serves to protect our legitimate interest in centrally coordinating sales, business and administrative activities, corporate planning and also IT administration, and in managing our deliveries and services and their range as closely as possible to our customers (legal basis: Art. 6 Art. 1 lit. f) GDPR).

Insofar as we store and process data for the purpose of processing contractual relationships, we may pass this on to vicarious agents within the scope of contract processing (e.g. forwarding agents). Insofar as we resell third-party products, we may pass on your contact data and information on the product to the manufacturer or supplier, for example as part of a product registration, for invoicing purposes or with regard to maintenance or support services provided by the manufacturer.

If your data is transferred to service providers in countries outside the EU, we will include appropriate safeguards to ensure adequate data protection, such as the standard data protection clauses including appropriate technical and organizational measures issued by the EU Commission for this purpose. (Information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).

If you would like to register for one of the events we run, you can do so via an online form. Depending on the event, different data is requested and forwarded to our partners and sponsors (e.g., to create participant lists or name badges and to enable the transmission of documents).

The data processing that takes place in the context of the event is permissible to enable your participation and to protect legitimate interests (Art. 6 para. 1 b), f) GDPR). Our partners and sponsors need the data of the participants for the handling of the event. The information marked with an asterisk is required for the implementation of our events and entitles you to their access. Further information is voluntary.

We store the data on your participation at least for the duration of the applicable statutory retention obligations. As a rule, this is 10 years.

To manage participant data, we use the application Salesforce (offered by Salesforce, Inc., Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA).

When using this cloud solution, it cannot be ruled out that personal data may be processed in third countries outside the EU and the EEA. In order to ensure an adequate level of data protection, we have agreed with the provider on the standard data protection clauses approved by the EU Commission. Salesforce, Inc. also applies so-called corporate binding rules in order to adequately design the processing of data in third countries.

We will transmit your personal data to competent law enforcement, regulatory or other authorities, institutions or bodies if we are legally obliged to do so (legal basis: Art. 6 Art. 1 lit. c) GDPR) or we have a legitimate interest in averting coercive measures by such authorities, institutions or bodies within the scope of their legal competences through the transmission (legal basis: Art. 6 Art. 1 lit. f) GDPR). Such legally required or necessary transfers are not the subject of this privacy policy.

Under the conditions of Art. 15 GDPR, you have the right to request confirmation from us as to whether personal data relating to you is being processed, a copy of this data and comprehensive information about this data. Please note that your right to information may be restricted by law under certain circumstances (in particular pursuant to Section 34 BDSG).

Under the conditions of Art. 16 GDPR, you have the right to request us to correct inaccurate and complete incomplete personal data about you.

You have the right to request deletion of your data under the conditions of Art. 17 GDPR, for example, if its storage is no longer necessary for the fulfillment of legitimate purposes (such as the assertion, exercise or defense of legal claims).

You have the right under the conditions of Art. 18 GDPR to request the restriction of the processing of personal data relating to you, for example, if you dispute its accuracy.

Under the conditions of Art. 20 GDPR, you have the right to request that we provide you, or a third party designated by you, with the personal data you have provided to us in a machine-readable format if automated processing of personal data is carried out solely on the basis of your consent or for the performance of a contract with you or for the implementation of pre-contractual measures.

Under the conditions of Art. 21 GDPR, you have the right to object to certain processing of data relating to you on grounds relating to your particular situation. Whether we comply with this depends on whether there are compelling legitimate grounds for the processing that override your interests or the processing serves the assertion, exercise or defense of legal claims.
In addition, you have the right to object to data processing for direct marketing purposes. This also applies to profiling, insofar as it is related to direct advertising.

We will not, without your consent, make any decision which produces legal effects concerning you or similarly significantly affects you and which is based solely on automated processing (including profiling).

You may contact us in any form to exercise your rights, in particular to revoke consent, including in particular the data protection officer. To exercise your rights, it may be necessary for you to identify yourself to us as the data subject.

All necessary information can be found under "Who is the data controller and how can you contact us? ".