Privacy Policy of EOS GmbH Electro Optical Systems

EOS GmbH Electro Optical Systems, Robert-Stirling-Ring 1, 82152 Krailling, Munich is the provider of the website Additive Manufacturing solutions & industrial 3D printer by EOS and the responsible party for data processing in connection with the use of the website.

You can contact our data protection officer Sabina Hrnjica-Ceman, Robert-Stirling-Ring 1, 82152 Krailling, Munich, Germany, at dpo@eos.info at any time with regard to all questions concerning data protection. 

You will find our contact details below:

EOS GmbH Electro Optical Systems
Robert-Stirling-Ring 1, 82152 Krailling
Phone +49 89 893 36-0
Fax +49 89 893 36-285
E-mail: info@eos.info 
Website: www.eos.info

Visit Our Website

When you visit our website, our web server will temporarily record the domain name or IP address of the requesting computer, the access date, the file request of the client (file name and URL), the HTTP response code and the website from which you are visiting us, the number of bytes transferred during the connection and, if applicable, other technical information that we use and statistically evaluate for the technical implementation of the website’s use (delivery of the content, guaranteeing the website’s functionality and security, protection against cyberattacks and other abuses).

It is necessary to store and process the information referred to above for the duration of your session in order to deliver our website content to your computer. We also store some of this information in the log files of our servers. We will not combine this information with your IP address or other personal data relating to you.
This processing will take place for the fulfilment of the existing contract of use with you (legal basis for processing: Art. 6 no. 1 lit. b) of the GDPR), as far as it serves the purpose of the technical implementation of the website’s use and to otherwise protect our legitimate interest in making our website as user-friendly, safe and attractive as possible (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR).

Log files are deleted after 30 days. After expiry of those periods information will be deleted or made anonymous.

We use cookies to process some of the data mentioned above. With your consent we may also use additional cookies and Marketing & Analytics. You can find more information on cookies and Marketing & Analytics and on your rights and options in this respect in our Cookie-Manager.

Inquiries or Orders Via Our Webshop

When you place an order in our webshop it is necessary to process certain information for the conclusion and performance of the contract. Information which is required for this purpose will be specially marked. All other information you may provide will be provided on a voluntary basis.

Our webshop contains a contact form which you can use to submit communications to us. When submitting information through the contact form, you are required to enter an e-mail address which we will use for responding to your request. The contact form enables you to submit additional information on a voluntary basis.

We will store and process the above information on the one hand to perform the respective contractual relationship with respect to the information, product and/or service we deliver to you (legal basis for processing: Art. 6 no. 1 lit. b) of the GDPR), and, on the other hand, to protect our legitimate interest in improving our deliveries and services according to your individual requirements and thus promoting the sale of our products and services, and possibly offering you additional products or services in accordance with your interests, documenting contractual agreements and correspondence for establishing, exercising or defending related legal claims, and, where relevant, fulfilling our product monitoring obligation with respect to our products and services (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR) as well as fulfilling statutory documentation and document retention obligations (legal basis for processing: Art. 6 no. 1 lit. c) of the GDPR).

For all customers or potential customers who order through our webshop, or contact us, or subscribe to our newsletter, we will set up a customer account in our Customer Database, and all information will then be stored in, or linked to, this customer account.

Participation in Trainings

When you participate in a training, we will collect and process the contact details of all participants. If the training encompasses a test or examination (e.g. for the purposes of certification), we will also store and process your submissions and results. If trainings are conducted by third party service providers, they will also have access to this information.

We will store and process the above information to perform the respective contractual relationship with respect to the training (legal basis for processing: Art. 6 no. 1 lit. b) of the GDPR).

Unless one of the longer retention periods specified further below applies, your information will be retained for six months after the training. For certifications with an expiry date, the fact that you have participated and the result (passed/not passed) will be stored for the life of the certificate and three months thereafter. Where the training is booked by a corporation or organization, the fact that you have participated and the result (passed/not passed) may be (a) reported to the corporation or organization, and/or (b) recorded in the customer account of the corporation or organization in our Customer Database. If you have personally booked the training, we will set up a customer account in our Customer Database, and the fact that you have participated and the result (passed/not passed)will then be stored in, or linked to, this customer account.

Some trainings are conducted online through our training portal EOS Training Center - „EOTC“. You can find detailed information on how we process and use personal data in EOTC in the EOTC Privacy Statement.

Dispatch Newsletter

If you register via our website or by other means to receive electronic newsletters, we will store and process your registration data (the registration form will show you which registration data we collect and store and whether entries are mandatory or voluntary) for an unlimited period of time until you unsubscribe or we cancel the newsletter dispatch in order to fulfil the existing contract with you for the receipt of the newsletter (legal basis for processing: Art. 6 no. 1 lit. b) of the GDPR). The IP address assigned to you by the internet service provider (ISP), and the date and time of registration will also be stored when you register. The purpose of this is to protect our legitimate interest in preventing and, if necessary, prosecuting misuse of our services (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR). In addition, we will store and process your consent to receive the newsletter for the retention period specified below. This serves to protect our legitimate interest in being able to prove in the event of a dispute that you wished to receive the newsletter (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR).

After termination of your registration for the receipt of newsletters, we will retain the registration data, the IP address, date and time of registration and your consent for up to six months. This serves to protect our legitimate interest in being able to restore this data in the event of unintentional deletion; or in establishing, exercising or defending legal claims in connection with the registration for, and consent to, receipt of newsletters (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR).

The registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration you will receive an e-mail asking you to confirm your registration. This confirmation is necessary to prevent unauthorized use of your e-mail address by another person.
For all customers or potential customers who order through our webshop, or contact us, or subscribe to our newsletter, we will set up a customer account in our Customer Database, and all information will then be stored in, or linked to, this customer account.

Participation in Surveys and Interviews

The surveys and questionnaires ("surveys") carried out by us are evaluated anonymously. Personal data is only processed insofar as this is necessary for the provision and technical execution of the survey (e.g. processing the IP address to display the survey in the user's browser or to enable a resumption of the survey with the aid of a temporary cookie (session cookie)) or participants have consented.
If we ask the participants for their consent to the processing of their data, this is the legal basis for the processing, otherwise the processing of the participants' data is based on our legitimate interests in conducting an objective survey (legal basis for processing: Consent (Art. 6 (1) (a) GDPR), Legitimate Interests (Art. 6 (1) (f) GDPR)).

Processed data types
Contact data (e.g. e-mail, telephone numbers), Content data (e.g. text input, photographs, videos), Usage data (e.g. websites visited, interest in content, access times), Meta/communication data (e.g. device information, IP addresses).

Data subjects
Communication partner (Recipients of e-mails, letters, etc.), Users (e.g. website visitors, users of online services).

Purposes of Processing
Contact requests and communication, Direct marketing  (e.g. by e-mail or postal), Feedback (e.g. collecting feedback via online form).

Services and service providers being used
Qualtrics: Qualtrics Survey Services; Service provider: Qualtrics LLC, Address: 2250 N. University Pkwy, 48-C, Provo, Utah 84604, USA; Qualtrics Website; Qualtrics Privacy Policy.

Contact Customer Hotline

When you call our hotline, our representative will record your name, the date and time of your call and the content of your request in a call log.

We will store and process the above information on the one hand to perform the contractual relationship with you with respect to the information, product and/or service we deliver to you (legal basis for processing: Art. 6 no. 1 lit. b) of the GDPR), and on the other hand, to protect our legitimate interest in improving our deliveries and services to meet your individual requirements and thus promoting the sale of our products and services, possibly offering you additional products or services in line with your interests, documenting the content of your request for the establishment, exercise or defence of legal claims and, where relevant, fulfilling our product monitoring obligations with respect to our products and services (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR).

Unless one of the longer retention periods specified further below applies, call logs will be retained for six months after the call.

We record individual calls to ensure service quality. We will obtain your consent for this in advance. We will use these records on the one hand on the basis of your consent, and, on the other hand, to protect our legitimate interest in improving our services (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR). The records will be evaluated within one month after the call by managers or trainers, and discussed with the hotline employee in order to continuously improve their customer friendliness and performance. The recordings will be deleted at the end of this period.

For all customers or potential customers who order through our webshop, or contact us, or subscribe to our newsletter, we will set up a customer account in our Customer Database, and the call log will then be stored in, or linked to, this customer account.

Active Use of Social Media

We also actively use our presences on business-oriented platforms such as LinkedIn as well as associated tools such as the LinkedIn Sales Navigator to approach, communicate or initiate business contacts, etc. with you.

For this purpose, we process the data provided to us by the respective platform. This may include, in particular, your name, your employer, your position with your employer, and other contacts on the respective platform. Depending on the type of contact with you, we may process further data, such as the specific business relationships or the content of the communication with you. In addition, it is possible that in this case we transfer your data to our CRM system and merge or link it with data already held by you there.

We currently use the following providers or tools:

LinkedIn
LinkedIn Sales Navigator
We process your personal data to address, communicate or initiate business contacts with you (including via our CRM) on the basis of the following legal grounds:
your consent pursuant to Art. 6 (1) lit. a GDPR, which you gave to the provider when registering for the respective social media platform, provided it concerns your platform user data (name, employer, position);
for the performance of a contract or for the execution of pre-contractual measures pursuant to Art. 6 (1) lit. b GDPR, provided that we already have a business relationship with you or carry out pre-contractual measures via the platform based on your request (e.g. further contact or communication);
for the protection of our legitimate interests pursuant to Art. 6 (1) lit. f GDPR; our legitimate interest is the appropriate approach, communication or initiation of business contacts with you for the establishment, implementation, maintenance or termination of a business relationship with you.
For more information on data processing in our CRM system, see "Customer management system".

Customer management system

When you express interest in any information, product or service or if a customer relationship exists or is established with you, we will set up a customer account in our Customer Database. The customer account contains your master data (name, address, account etc.). All correspondence and documents (correspondence, orders, contracts, complaints, etc.) within the scope of the customer relationship will then be stored in, or linked to, this customer account.

We will store and process the above information on the one hand to perform the respective contractual relationship with respect to the information, product and/or service we deliver to you (legal basis for processing: Art. 6 no. 1 lit. b) of the GDPR), and, on the other hand, to protect our legitimate interest in improving our deliveries and services according to your individual requirements and thus promoting the sale of our products and services, and possibly offering you additional products or services in accordance with your interests, documenting contractual agreements and correspondence for establishing, exercising or defending related legal claims, and, where relevant, fulfilling our product monitoring obligation with respect to our products and services (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR) as well as fulfilling statutory documentation and document retention obligations (legal basis for processing: Art. 6 no. 1 lit. c) of the GDPR).

When establishing the customer relationship, or at any time during the customer relationship, we may process customer data in the context of “know your customer”, anti-corruption, anti-money laundering, anti-terror and export control or similar screenings or audits in order to perform our compliance obligations and give effect to our compliance policies. The legal basis for such audits and screenings is the fulfilment of a legal obligation, where they are legally required (legal basis for processing: Art. 6 no. 1 lit. c) of the GDPR), and otherwise our legitimate interest in avoiding business relationships which we consider to violate our ethical standards (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR). 

If you express interest in a product or service but no customer relationship is established, your data will be deleted 2 years after the last correspondence with you.

Visit EOS facilities

When you visit our facility, we ask you to register either in advance or on-site. Typically your name and company and the date and time of visit will be recorded and you may be asked to sign a confidentiality undertaking.  

We will store and process the above information to protect our legitimate interest in preventing abusive behaviour during visits and in establishing, exercising or defending possible legal claims (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR). Unless one of the longer retention periods set forth below applies, the information will be retained for one year after the visit. If you are a customer, they may be stored in your customer account. 

Sensitive areas of our facilities may be subject to closed circuit TV (CCTV) surveillance. CCTV cameras will be placed visibly and clearly marked. CCTV Cameras may be linked to live monitors without further recording but may also involve recording of videos. Recordings may be reviewed by security staff either on a random sample basis or where there is an indication of unauthorized access or abusive behaviour. After 72 hours recordings will be deleted unless required for investigation of a specific incident. We will store and process information collected through CCTV surveillance to protect our legitimate interest in preventing unauthorized access and abusive behaviour during visits and in establishing, exercising or defending possible legal claims (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR). Information collected through CCTV surveillance will not be used for any other purpose.

Exchange within the EOS Group

EOS is a globally active company. The data exchange includes EOS Group companies located in the European Economic Area but also in insecure third countries. In order to ensure uniform data protection throughout the Group and an adequate level of data protection, all EOS Group companies are party to agreements on intra-group data transfers, which incorporate the standard data protection clauses, including appropriate technical and organizational measures, issued by the EU Commission for this purpose with regard to data transfers to an insecure third country. (EU Commission information page: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).

The data exchange serves to protect our legitimate interest in centrally coordinating sales, business and administrative activities, corporate planning and also IT administration, and in managing our deliveries and services and their range as closely as possible to our customers (legal basis: Art. 6 Art. 1 lit. f) GDPR).

Exchange with service providers and partners

Insofar as we store and process data for the purpose of processing contractual relationships, we may pass this on to vicarious agents within the scope of contract processing (e.g. forwarding agents). Insofar as we resell third-party products, we may pass on your contact data and information on the product to the manufacturer or supplier, for example as part of a product registration, for invoicing purposes or with regard to maintenance or support services provided by the manufacturer.

If your data is transferred to service providers in countries outside the EU, we will include appropriate safeguards to ensure adequate data protection, such as the standard data protection clauses including appropriate technical and organizational measures issued by the EU Commission for this purpose. (Information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).

Compliance with legal requirements

We will transmit your personal data to competent law enforcement, regulatory or other authorities, institutions or bodies if we are legally obliged to do so (legal basis: Art. 6 Art. 1 lit. c) GDPR) or we have a legitimate interest in averting coercive measures by such authorities, institutions or bodies within the scope of their legal competences through the transmission (legal basis: Art. 6 Art. 1 lit. f) GDPR). Such legally required or necessary transfers are not the subject of this privacy policy.

We have enacted a data retention and deletion policy in order to ensure that personal data are only stored for as long as necessary for their purpose.
Our data retention and deletion policy takes account of the principle that personal data should be retained for limited periods even after the original purpose has become obsolete, in order to preserve our legitimate interest in preventing unintentional deletions, in enabling the establishment, exercise or defence of legal claims and in rendering the administration of retention and deletion periods practicable (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR). We assume that your interests do not conflict with this, because these additional retention periods are appropriate with respect to the interests to be protected.
Unless detailed information on deletion periods has already been provided above, the following general deletion periods will apply in accordance with our data retention and deletion policy. Where data fall under several different deletion periods, the longest will always apply:

• We will retain customer data for the duration of the customer relationship. After the end of the customer relationship such data will continue to be retained for as long as these data are necessary for the maintenance of the customer account and for the administration of documents or data relating to the customer which fall into any of the categories identified hereinbelow. Otherwise customer data will be deleted after expiry of one year.
• We will retain contract data until expiry of the statute of limitation for potential claims and will then delete or anonymize them after an additional cooling-off period of several months.
• For compliance with the statutory retention period for commercial letters and tax documents we will retain correspondence for seven years and invoices and other booking documentation for 11 years.
• We will retain contract-related data and documents for 11 years after the end of the contractual relationship in view of the statutory limitation period for claims and statutory document retention obligations for booking receipts.
• We will retain all product safety documents and product data including information on safety-relevant incidents and accidents or customer complaints to comply with our statutory product monitoring obligation and to assert, exercise or defend legal claims within the statutory limitation periods for 31 years after the end of product sales.

If the term "deletion" is mentioned in this Privacy Statement, we reserve the right to anonymise the relevant data record, such that it can no longer be assigned to you, instead of complete deletion.
Anonymised data may be processed and used by us and our processors for an unlimited period. The processing and use of anonymised data is not subject to the GDPR and is not the subject of this Privacy Statement.
 

Right to information
Under the conditions of Art. 15 GDPR, you have the right to request confirmation from us as to whether personal data relating to you is being processed, a copy of this data and comprehensive information about this data. Please note that your right to information may be restricted by law under certain circumstances (in particular pursuant to Section 34 BDSG).

Right to rectification
Under the conditions of Art. 16 GDPR, you have the right to request us to correct inaccurate and complete incomplete personal data about you.

Right to deletion
You have the right to request deletion of your data under the conditions of Art. 17 GDPR, for example, if its storage is no longer necessary for the fulfillment of legitimate purposes (such as the assertion, exercise or defense of legal claims).

Right to restriction of processing
You have the right under the conditions of Art. 18 GDPR to request the restriction of the processing of personal data relating to you, for example, if you dispute its accuracy.

Right to data portability
Under the conditions of Art. 20 GDPR, you have the right to request that we provide you, or a third party designated by you, with the personal data you have provided to us in a machine-readable format if automated processing of personal data is carried out solely on the basis of your consent or for the performance of a contract with you or for the implementation of pre-contractual measures.

Right to object
Under the conditions of Art. 21 GDPR, you have the right to object to certain processing of data relating to you on grounds relating to your particular situation. Whether we comply with this depends on whether there are compelling legitimate grounds for the processing that override your interests or the processing serves the assertion, exercise or defense of legal claims.
In addition, you have the right to object to data processing for direct marketing purposes. This also applies to profiling, insofar as it is related to direct advertising.

Right of revocation
We will not, without your consent, make any decision which produces legal effects concerning you or similarly significantly affects you and which is based solely on automated processing (including profiling).

You may contact us in any form to exercise your rights, in particular to revoke consent, including in particular the data protection officer. To exercise your rights, it may be necessary for you to identify yourself to us as the data subject.

All necessary information can be found under "Who is the data controller and how can you contact us? ".

You have the right to complain to a supervisory authority. This can be, among others, the supervisory authority responsible for your place of residence or the supervisory authority generally responsible for us. The supervisory authority generally responsible for us the Bavarian State Office for Data Protection Supervision. 

If you wish to file a complaint, you may also use the complaint form provided at https://www.lda.bayern.de/de/beschwerde.html.
 

We may modify our processes and this Statement in the future. We will post updated versions of this statement here or notify you by other appropriate means.