Privacy Statement of EOS GmbH
 Electro Optical Systems

We take the protection of your personal data very seriously. In this Privacy Statement we, EOS GmbH Electro Optical Systems (“We” or “EOS”) will inform you about how we process and use your personal data and on the specific rights you have in connection with your personal data. One of the main purposes of this Privacy Statement is to fulfil transparency obligations under Regulation (EU) 2016/679 (General Data Protection Regulation, “GDPR”).

Many of our customers are organisations and companies (so-called legal entities). If you contact us as an employee of an organization or a company, we will store and process the categories of data described hereinbelow generally in relation to this organization or company, but may link it to the information that you are employed by such organization or company and are our contact person.

Users from the US, Canada or Mexico please click here for the privacy policy valid for your country: English | Español
The cookiebot declaration language is concerning to your personal browser settings.

Important Contact Information

 

Contact Details

Our contact details are as follows:

EOS GmbH Electro Optical Systems
Robert-Stirling-Ring 1, 82152 Krailling
Tel. +49 89 893 36-0
Fax +49 89 893 36-285
E-Mail: info@eos.info         
Website: www.eos.info

Data Protection Officer

You can contact our data protection officer at any time with any questions about data protection. Our data protection officer’s name and contact details are as follows:

Sabina Hrnjica-Ceman
EOS GmbH Electro Optical Systems
Robert-Stirling-Ring 1, 82152 Krailling
E-Mail: datenschutz@eos.info

Data Protection Supervisory

The data protection supervisory authority responsible for us is:

Bavarian State Office for Data Protection Supervision
(Bayerisches Landesamt für Datenschutzaufsicht)

Address
Promenade 27 (Schloss)
91522 Ansbach
Deutschland    

Postal address
Postfach 606
91511 Ansbach
Deutschland

Erreichbarkeit
Telefon: +49 (0) 981 53 1300
Telefax: +49 (0) 981 53 98 1300
E-Mail: poststelle@lda.bayern.de

If you wish to file a complaint, you can also use the compliant form as available at the website of Bavarian State Office for Data Protection Supervision.

How are My Data Processed and Used when I visit the Website?

When you visit our website, our web server will temporarily record the domain name or IP address of the requesting computer, the access date, the file request of the client (file name and URL), the HTTP response code and the website from which you are visiting us, the number of bytes transferred during the connection and, if applicable, other technical information that we use and statistically evaluate for the technical implementation of the website’s use (delivery of the content, guaranteeing the website’s functionality and security, protection against cyberattacks and other abuses).

It is necessary to store and process the information referred to above for the duration of your session in order to deliver our website content to your computer. We also store some of this information in the log files of our servers. We will not combine this information with your IP address or other personal data relating to you.
This processing will take place for the fulfilment of the existing contract of use with you (legal basis for processing: Art. 6 no. 1 lit. b) of the GDPR), as far as it serves the purpose of the technical implementation of the website’s use and to otherwise protect our legitimate interest in making our website as user-friendly, safe and attractive as possible (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR).

Log files are deleted after 30 days. After expiry of those periods information will be deleted or made anonymous.

We use cookies to process some of the data mentioned above. With your consent we may also use additional cookies and Marketing & Analytics. You can find more information on cookies and Marketing & Analytics and on your rights and options in this respect in our Cookie-Manager.

What Are Cookies and How Do We Use Them?

Cookies are files that are stored on your computer's hard drive and are accessed by our server when you visit our website. We use cookies to personalize content, to offer social media functions and to analyze use of our website. Some cookies are necessary for the functioning of our website. These necessary cookies are always active and cannot be deactivated. For all other cookies we require your consent.

On What Legal Basis Do We Use Cookies and Marketing & Analytics?

We use technically necessary cookies for the fulfilment of the existing contract of use with you (legal basis for processing: Art. 6 no. 1 lit. b) of the GDPR) because they serve the purpose of the technical implementation of the website’s use.
We use other cookies and Marketing & Analytics – with your consent - to adapt our website’s offerings according to your interests in order to make our website as user-friendly, safe and attractive as possible and to promote the sale of our products and services. This use will take place only with your prior consent (legal basis for processing: Art. 6 no. 1 lit. a) of the GDPR).

You can revoke or manage your consent to the use of cookies and Marketing & Analytics on our website at any time by using our Cookie-Manager.

How Do We Obtain Your Consent to Use Cookies and Marketing & Analytics?

We use a cookie management solution in which users' consent to the use of cookies, or the procedures and providers mentioned in the cookie management solution, can be obtained, managed and revoked by the users. The declaration of consent is stored so that it does not have to be retrieved again and the consent can be proven in accordance with the legal obligation. Storage can take place server-sided and/or in a cookie (so-called opt-out cookie or with the aid of comparable technologies) in order to be able to assign the consent to a user or and/or his/her device. Subject to individual details of the providers of cookie management services, the following information applies: The duration of the storage of the consent can be up to two years. In this case, a pseudonymous user identifier is formed and stored with the date/time of consent, information on the scope of the consent (e.g. which categories of cookies and/or service providers) as well as the browser, system and used end device.

Processed Data Types

Usage data (e.g. websites visited, interest in content, access times), Meta/communication data (e.g. device information, IP addresses).

Data Subjects

Users (e.g. website visitors, users of online services).

Legal Basis

Consent (Article 6 (1) (a) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).

Services and Service Providers being used:

Cookiebot: Cookie-Consent Manager; Service provider: Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark; Cookiebot Website; Cookiebot privacy policy; Stored data (on the server of the service provider): The IP number of the user in anonymous form (the last three digits are set to 0), date and time of the consent, user agent of the user's browser, the URL from which the consent was sent, An anonymous, random and encrypted key value; the consent status of the user.

What does Marketing & Analytics mean and How do We Use It?

Analytics (Web Analysis, Monitoring and Optimization)

Web analysis is used to evaluate the visitor traffic on our website and may include the behaviour, interests or demographic information of users, such as age or gender, as pseudonymous values. With the help of web analysis we can e.g. recognize, at which time our online services or their functions or contents are most frequently used or requested for repeatedly, as well as which areas require optimization.

In addition to web analysis, we can also use test procedures, e.g. to test and optimize different versions of our online services or their components.

For these purposes, so-called user profiles can be created and stored in a file (so-called "cookie") or similar procedures in which the relevant user information for the aforementioned analyses is stored. This information may include, for example, content viewed, web pages visited and elements and technical data used there, such as the browser used, computer system used and information on times of use. If users have consented to the collection of their location data, these may also be processed, depending on the provider.

The IP addresses of the users are also stored. However, we use any existing IP masking procedure (i.e. pseudonymisation by shortening the IP address) to protect the user. In general, within the framework of web analysis, A/B testing and optimisation, no user data (such as e-mail addresses or names) is stored, but pseudonyms. This means that we, as well as the providers of the software used, do not know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective processes.

Information on legal basis: If we ask the users for their consent to the use of third party providers, the legal basis of the processing is consent. Furthermore, the processing can be a component of our (pre)contractual services, provided that the use of the third party was agreed within this context. Otherwise, user data will be processed on the basis of our legitimate interests (i.e. interest in efficient, economic and recipient friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

Processed Data Types

Usage data (e.g. websites visited, interest in content, access times), Meta/communication data (e.g. device information, IP addresses).

Data Subjects

Users (e.g. website visitors, users of online services).

Purposes of Processing

Web Analytics (e.g. access statistics, recognition of returning visitors), Profiles with user-related information (Creating user profiles), bot detection.

Security Measures

IP Masking (Pseudonymization of the IP address).

Legal Basis

Consent (Article 6 (1) (a) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).

Services and Service Providers being used

Google ReCaptcha: Our website uses the "ReCaptcha" service to detect bots, e.g. when entering data in online forms. Users' behavior (e.g. mouse movements or queries) is evaluated to distinguish humans from bots. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Google ReCaptcha website; Google privacy policy.

Onlinemarketing

We process personal data for the purposes of online marketing, which may include in particular the marketing of advertising space or the display of advertising and other content (collectively referred to as "Content") based on the potential interests of users and the measurement of their effectiveness. 

For these purposes, so-called user profiles are created and stored in a file (so-called "cookie") or similar procedure in which the relevant user information for the display of the aforementioned content is stored. This information may include, for example, content viewed, websites visited, online networks used, communication partners and technical information such as the browser used, computer system used and information on usage times. If users have consented to the collection of their sideline data, these can also be processed.

The IP addresses of the users are also stored. However, we use provided IP masking procedures (i.e. pseudonymisation by shortening the IP address) to ensure the protection of the user's by using a pseudonym. In general, within the framework of the online marketing process, no clear user data (such as e-mail addresses or names) is secured, but pseudonyms. This means that we, as well as the providers of online marketing procedures, do not know the actual identity of the users, but only the information stored in their profiles.

The information in the profiles is usually stored in the cookies or similar memorizing procedures. These cookies can later, generally also on other websites that use the same online marketing technology, be read and analyzed for purposes of content display, as well as supplemented with other data and stored on the server of the online marketing technology provider.

Exceptionally, clear data can be assigned to the profiles. This is the case, for example, if the users are members of a social network whose online marketing technology we use and the network links the profiles of the users in the aforementioned data. Please note that users may enter into additional agreements with the social network providers or other service providers, e.g. by consenting as part of a registration process.

As a matter of principle, we only gain access to summarised information about the performance of our advertisements. However, within the framework of so-called conversion measurement, we can check which of our online marketing processes have led to a so-called conversion, i.e. to the conclusion of a contract with us. The conversion measurement is used alone for the performance analysis of our marketing activities.

Unless otherwise stated, we kindly ask you to consider that cookies used will be stored for a period of two years.

Opt-Out

We refer to the privacy policies of the respective service providers and the possibilities for objection (so-called "opt-out"). If no explicit opt-out option has been specified, it is possible to deactivate cookies in the settings of your browser. However, this may restrict the functions of our online offer. We therefore recommend the following additional opt-out options, which are offered collectively for each area: a) Europe b) Canada c) USA d) Cross-regional.

Processed Data Types

Usage data (e.g. websites visited, interest in content, access times), Meta/communication data (e.g. device information, IP addresses), Event Data (Facebook) ("Event Data" is data that can be transmitted from us to Facebook, e.g. via Facebook pixels (via apps or other means) and relates to persons or their actions; the data includes, for example, information about visits to websites, interactions with content, functions, installations of apps, purchases of products, etc.; Event data is processed for the purpose of creating target groups for content and advertising information (Custom Audiences); Event Data does not include the actual content (such as written comments), login information, and Contact Information (such as names, email addresses, and phone numbers). Event Data is deleted by Facebook after a maximum of two years, the Custom Audiences created from them with the deletion of our Facebook account).

Data Subjects

Users (e.g. website visitors, users of online services).

Purposes of Processing

Marketing, Profiles with user-related information (Creating user profiles), Remarketing, Conversion tracking (Measurement of the effectiveness of marketing activities), Affiliate Tracking, Custom Audiences (Selection of relevant target groups for marketing purposes or other output of content).

Security Measures

IP Masking (Pseudonymization of the IP address).

Legal Basis

Consent (Article 6 (1) (a) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).

Services and Service Providers being used:

Google Analytics: Online marketing and web analytics; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, Mutterunternehmen: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Google Analytics website; Google privacy policy; Opt-Out; Settings for the Display of Advertisements

Facebook-Pixel and Custom Audiences
Service provider: https://www.facebook.com, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland, Mutterunternehmen: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Facebook Website; Facebook Privacy Policy; Opt-Out.

With the help of the Facebook pixel  (or equivalent functions, to transfer Event-Data or Contact Information via interfaces or other software in apps), Facebook is on the one hand able to determine the visitors of our online services as a target group for the presentation of ads (so-called "Facebook ads"). Accordingly, we use Facebook pixels to display Facebook ads placed by us only to Facebook users and within the services of partners cooperating with Facebook (so-called "audience network") who have shown an interest in our online services or who have certain characteristics (e.g. interests in certain topics or products that are determined on the basis of the websites visited) that we transmit to Facebook (so-called "custom audiences"). With the help of Facebook pixels, we also want to ensure that our Facebook ads correspond to the potential interest of users and do not appear annoying. The Facebook pixel also enables us to track the effectiveness of Facebook ads for statistical and market research purposes by showing whether users were referred to our website after clicking on a Facebook ad (known as "conversion tracking").

We are jointly responsible (so-called "joint-controllership") with Facebook Ireland Ltd. for the collection or transmission (but not the further processing) of "event data" that Facebook collects or receives as part of a transmission for the following purposes using the Facebook pixel and comparable functions (e.g. APIs) that are implemented in our online services: a) displaying content advertising information that matches users' presumed interests; b) delivering commercial and transactional messages (e.g. b) delivering commercial and transactional messages (e.g., addressing users via Facebook Messenger); c) improving ad delivery and personalizing features and content (e.g., improving recognition of which content or advertising information is believed to be of interest to users). We have entered into a special agreement with Facebook ("Controller Addendum"), which specifically addresses the Security Measures that Facebook must take and in which Facebook has agreed to comply with the rights of data subjects (i.e., users can, for example, submit information access or deletion requests directly to Facebook). Note: If Facebook provides us with measurements, analyses and reports (which are aggregated, i.e. do not contain information on individual users and are anonymous to us), then this processing is not carried out within the scope of joint responsibility, but on the basis of a DPA ("Data Processing Terms"), the "Data Security Conditions" and, with regard to processing in the USA, on the basis of Standard Contractual Clauses ("Facebook EU Data Transfer Addendum"). The rights of users (in particular to access to information, erasure, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook.

LinkedIn
Insights Tag / Conversion tracking; Service provider: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA; Linkedin Website; Linkedin Privacy Policy; Cookie-Policy; Opt-Out.

What Are Your Other Options with respect to Cookies?

You can prevent or restrict the storage of cookies on your hard disk by setting your browser not to accept cookies or to request your permission before setting cookies. Once cookies have been set, you can delete them at any time. Please refer to your browser's operating instructions to find out how this works. If you do not accept cookies, this can lead to restrictions in the use of our website.

You can revoke or manage your consent to the use of cookies and Marketing & Analytics on our website at any time by using our Cookie-Manager. 

How are My Data Processed and Used when I request information or shop in the Webshop?

When you place an order in our webshop it is necessary to process certain information for the conclusion and performance of the contract. Information which is required for this purpose will be specially marked. All other information you may provide will be provided on a voluntary basis.

Our webshop contains a contact form which you can use to submit communications to us. When submitting information through the contact form, you are required to enter an e-mail address which we will use for responding to your request. The contact form enables you to submit additional information on a voluntary basis.

We will store and process the above information on the one hand to perform the respective contractual relationship with respect to the information, product and/or service we deliver to you (legal basis for processing: Art. 6 no. 1 lit. b) of the GDPR), and, on the other hand, to protect our legitimate interest in improving our deliveries and services according to your individual requirements and thus promoting the sale of our products and services, and possibly offering you additional products or services in accordance with your interests, documenting contractual agreements and correspondence for establishing, exercising or defending related legal claims, and, where relevant, fulfilling our product monitoring obligation with respect to our products and services (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR) as well as fulfilling statutory documentation and document retention obligations (legal basis for processing: Art. 6 no. 1 lit. c) of the GDPR).

For all customers or potential customers who order through our webshop, or contact us, or subscribe to our newsletter, we will set up a customer account in our Customer Database, and all information will then be stored in, or linked to, this customer account.

How are My Data Processed and Used when I Participate in Trainings?

When you participate in a training, we will collect and process the contact details of all participants. If the training encompasses a test or examination (e.g. for the purposes of certification), we will also store and process your submissions and results. If trainings are conducted by third party service providers, they will also have access to this information.

We will store and process the above information to perform the respective contractual relationship with respect to the training (legal basis for processing: Art. 6 no. 1 lit. b) of the GDPR).

Unless one of the longer retention periods specified further below applies, your information will be retained for six months after the training. For certifications with an expiry date, the fact that you have participated and the result (passed/not passed) will be stored for the life of the certificate and three months thereafter. Where the training is booked by a corporation or organization, the fact that you have participated and the result (passed/not passed) may be (a) reported to the corporation or organization, and/or (b) recorded in the customer account of the corporation or organization in our Customer Database. If you have personally booked the training, we will set up a customer account in our Customer Database, and the fact that you have participated and the result (passed/not passed)will then be stored in, or linked to, this customer account.

Some trainings are conducted online through our training portal EOS Training Center - „EOTC“. You can find detailed information on how we process and use personal data in EOTC in the EOTC Privacy Statement.

How are My Data Processed and Used in Connection with Social Media Icons?

Our website contains icons with the logos of certain social media platforms. The icons are linked to a URL of the social media platform. When you click in the icon, the respective function of the social media platform is activated (like, share, connect etc.). Until then no data is transmitted to the social media platform. When you click on the icon, you will leave our website. Our website currently contains icons of the following social media platforms:

• When you click on the icon Linkedin you will be re-directed to the services of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Pl, Grand Canal Dock, Dublin 2, Ireland. You can find information on which data the service provider collects and how they are used in the Privacy Statement of Linkedin
• When you click on the icon Xing you will be re-directed to the services of XING SE, Dammtorstraße 30, 20354 Hamburg, Germany. You can find information on which data the service provider collects and how they are used in the Privacy Statement of Xing.
• When you click on the icon Twitter you will be re-directed to the services of Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. You can find information on which data the service provider collects and how they are used in the Privacy Statement of Twitter.
• When you click on the icon Facebook you will be re-directed to the services of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. You can find information on which data the service provider collects and how they are used in the Privacy Statement of Facebook.
• When you click on the icon YouTube you will be re-directed to the services of YouTube, LLC, Cherry Ave., United States, a company of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. You can find information on which data the service provider collects and how they are used in the Privacy Statement of Google.
• When you click on the icon of Instagram you will be re-directed to the provider of Instagram, Facebook Ireland Ltd. 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. You can find information on which data the service provider collects and how they are used in the Privacy Statement of Instagram.

How are My Data Processed and Used When I Subscribe to Newsletters?

If you register via our website or by other means to receive electronic newsletters, we will store and process your registration data (the registration form will show you which registration data we collect and store and whether entries are mandatory or voluntary) for an unlimited period of time until you unsubscribe or we cancel the newsletter dispatch in order to fulfil the existing contract with you for the receipt of the newsletter (legal basis for processing: Art. 6 no. 1 lit. b) of the GDPR). The IP address assigned to you by the internet service provider (ISP), and the date and time of registration will also be stored when you register. The purpose of this is to protect our legitimate interest in preventing and, if necessary, prosecuting misuse of our services (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR). In addition, we will store and process your consent to receive the newsletter for the retention period specified below. This serves to protect our legitimate interest in being able to prove in the event of a dispute that you wished to receive the newsletter (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR).

After termination of your registration for the receipt of newsletters, we will retain the registration data, the IP address, date and time of registration and your consent for up to six months. This serves to protect our legitimate interest in being able to restore this data in the event of unintentional deletion; or in establishing, exercising or defending legal claims in connection with the registration for, and consent to, receipt of newsletters (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR).

The registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration you will receive an e-mail asking you to confirm your registration. This confirmation is necessary to prevent unauthorized use of your e-mail address by another person.
For all customers or potential customers who order through our webshop, or contact us, or subscribe to our newsletter, we will set up a customer account in our Customer Database, and all information will then be stored in, or linked to, this customer account.

How are My Data Processed and Used When I Participate in Surveys or Questionnaires?

The surveys and questionnaires ("surveys") carried out by us are evaluated anonymously. Personal data is only processed insofar as this is necessary for the provision and technical execution of the survey (e.g. processing the IP address to display the survey in the user's browser or to enable a resumption of the survey with the aid of a temporary cookie (session cookie)) or participants have consented.

Information on legal basis

If we ask the participants for their consent to the processing of their data, this is the legal basis for the processing, otherwise the processing of the participants' data is based on our legitimate interests in conducting an objective survey.

Processed data types

Contact data (e.g. e-mail, telephone numbers), Content data (e.g. text input, photographs, videos), Usage data (e.g. websites visited, interest in content, access times), Meta/communication data (e.g. device information, IP addresses).

Data subjects

Communication partner (Recipients of e-mails, letters, etc.), Users (e.g. website visitors, users of online services).

Purposes of Processing

Contact requests and communication, Direct marketing  (e.g. by e-mail or postal), Feedback (e.g. collecting feedback via online form).

Legal Basis

Consent (Article 6 (1) (a) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).

Services and service providers being used

Qualtrics: Qualtrics Survey Services; Service provider: Qualtrics LLC, Address: 2250 N. University Pkwy, 48-C, Provo, Utah 84604, USA; Qualtrics Website; Qualtrics Privacy Policy: .

How are My Data Processed and Used When I Contact the Customer Hotline?

When you call our hotline, our representative will record your name, the date and time of your call and the content of your request in a call log.

We will store and process the above information on the one hand to perform the contractual relationship with you with respect to the information, product and/or service we deliver to you (legal basis for processing: Art. 6 no. 1 lit. b) of the GDPR), and on the other hand, to protect our legitimate interest in improving our deliveries and services to meet your individual requirements and thus promoting the sale of our products and services, possibly offering you additional products or services in line with your interests, documenting the content of your request for the establishment, exercise or defence of legal claims and, where relevant, fulfilling our product monitoring obligations with respect to our products and services (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR).

Unless one of the longer retention periods specified further below applies, call logs will be retained for six months after the call.

We record individual calls to ensure service quality. We will obtain your consent for this in advance. We will use these records on the one hand on the basis of your consent, and, on the other hand, to protect our legitimate interest in improving our services (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR). The records will be evaluated within one month after the call by managers or trainers, and discussed with the hotline employee in order to continuously improve their customer friendliness and performance. The recordings will be deleted at the end of this period.

For all customers or potential customers who order through our webshop, or contact us, or subscribe to our newsletter, we will set up a customer account in our Customer Database, and the call log will then be stored in, or linked to, this customer account.

Which Data with respect to Customers or Prospective Customers are Stored in the Customer Data Base?

When you express interest in any information, product or service or if a customer relationship exists or is established with you, we will set up a customer account in our Customer Database. The customer account contains your master data (name, address, account etc.). All correspondence and documents (correspondence, orders, contracts, complaints, etc.) within the scope of the customer relationship will then be stored in, or linked to, this customer account.

We will store and process the above information on the one hand to perform the respective contractual relationship with respect to the information, product and/or service we deliver to you (legal basis for processing: Art. 6 no. 1 lit. b) of the GDPR), and, on the other hand, to protect our legitimate interest in improving our deliveries and services according to your individual requirements and thus promoting the sale of our products and services, and possibly offering you additional products or services in accordance with your interests, documenting contractual agreements and correspondence for establishing, exercising or defending related legal claims, and, where relevant, fulfilling our product monitoring obligation with respect to our products and services (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR) as well as fulfilling statutory documentation and document retention obligations (legal basis for processing: Art. 6 no. 1 lit. c) of the GDPR).

When establishing the customer relationship, or at any time during the customer relationship, we may process customer data in the context of “know your customer”, anti-corruption, anti-money laundering, anti-terror and export control or similar screenings or audits in order to perform our compliance obligations and give effect to our compliance policies. The legal basis for such audits and screenings is the fulfilment of a legal obligation, where they are legally required (legal basis for processing: Art. 6 no. 1 lit. c) of the GDPR), and otherwise our legitimate interest in avoiding business relationships which we consider to violate our ethical standards (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR). 

If you express interest in a product or service but no customer relationship is established, your data will be deleted 2 years after the last correspondence with you.

Which Data do We Process When You Visit Our Facilities?

When you visit our facility, we ask you to register either in advance or on-site. Typically your name and company and the date and time of visit will be recorded and you may be asked to sign a confidentiality undertaking.  

We will store and process the above information to protect our legitimate interest in preventing abusive behaviour during visits and in establishing, exercising or defending possible legal claims (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR). Unless one of the longer retention periods set forth below applies, the information will be retained for one year after the visit. If you are a customer, they may be stored in your customer account. 

Sensitive areas of our facilities may be subject to closed circuit TV (CCTV) surveillance. CCTV cameras will be placed visibly and clearly marked. CCTV Cameras may be linked to live monitors without further recording but may also involve recording of videos. Recordings may be reviewed by security staff either on a random sample basis or where there is an indication of unauthorized access or abusive behaviour. After 72 hours recordings will be deleted unless required for investigation of a specific incident. We will store and process information collected through CCTV surveillance to protect our legitimate interest in preventing unauthorized access and abusive behaviour during visits and in establishing, exercising or defending possible legal claims (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR). Information collected through CCTV surveillance will not be used for any other purpose. 

Which Data do We Process When You Apply for a Position?

If you send us your application documents via the general contact form or by e-mail, you should be aware that such transmission is not effectively protected against unauthorised access. We will therefore never ask you to send us your application documents exclusively in this way. We recommend that you submit your application documents only by post or via the secure connection we have provided for this purpose. 

If you register with us as an applicant and send us application documents in printed or electronic form, we will store and process your contact data, your application documents (in printed or electronic form) and all documents and records concerning you which are created in the course of the application process (all these data and documents will be collectively referred to subsequently as "applicant data") for the duration of the application procedure, and for the purpose of performing the application procedure (legal basis for processing: Art. 6 no. 1 lit. b) of the GDPR). 

We do not normally require special categories of personal data for the application process. We kindly ask you not to include such data in your application documents. Where such data are relevant in exceptional circumstances, we will process them together with other applicant data. This may include information on job restrictions based on pregnancy or health issues or information on disabilities in view of our special legal obligations vis-á-vis the disabled. In these cases we process your data for carrying out obligations and exercising specific rights in the field of employment and social security and social protection law (legal basis for processing: Art. 9(2)(b) of the GDPR in conjunction with Section 26 of the German FDPA) and/or for the assessment of your working capacity (legal basis for processing: Art. 9(2)(h) of the GDPR in conjunction with Section 22(1)(b) of the German FDPA). 

We may also process applicant data in the context of anti-corruption, anti-money laundering, anti-terror and export control or similar screenings or audits in order to perform our compliance obligations and give effect to our compliance policies. The legal basis for such audits and screenings is the fulfilment of a legal obligation, where they are legally required (legal basis for processing: Art. 6 no. 1 lit. c) of the GDPR), and otherwise our legitimate interest in avoiding business relationships which we consider to violate our ethical standards (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR). 

Where during the application process you provide information or documents which are not strictly necessary for the application process, we process such information or documents within the scope of your consent (legal basis for processing: Art. 6 no. 1 lit. a) of the GDPR). 
If the advertised position is with another entity in our group of undertakings or otherwise is group-related, e.g. if the position reports to an employee of another entity within the group of undertakings (so-called matrix structure), we may also make the applicant data accessible to those employees of other companies in the group of undertakings who participate in the recruitment process. This serves the purposes specified above and also to protect our legitimate interest in an exchange of information within the group of undertakings as required for the execution of the application procedure (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR).

EOS Talent Pool
Even if your particular profile does not fit a position we are looking to fill, we value your talent and interest in our business. We have therefore created a “talent pool” in which we continue to store application data of applicants whose application was not successful after the conclusion of the application process. When we seek to fill vacant positions in future, we access and use the application data stored in the talent pool in order to determine whether a past applicant’s profile would fit the position, and, if so, contact the applicant to inquire whether it would be interested in applying for the position. 

Applicant data in the talent pool is accessible to all companies in our group of undertakings in order to identify applicants which may fit for a position they are seeking to fill. Such companies may be located in an unsafe third country. 

Applicant data is entered into the talent pool only with your prior consent (legal basis for processing: Art. 6 no. 1 lit. a) of the GDPR).

We delete applicant data in the talent pool after expiry of 24 months from the last communication with the applicant. 

Retention Periods and Deletion
If the application is successful, the applicant data will continue to be stored and used as part of your personnel file in order to perform the employment contract (legal basis for processing: Art. 6 no. 1 lit. b) of the GDPR). If the application process is not successful, we will return printed application documents to you and will retain copies of them and all other applicant data for another three months after completion of the application process and will then delete or anonymise them. The storage of these data and documents serves to protect our legitimate interest in establishing, exercising or defending legal claims in connection with the application procedure, particularly if we need them as evidence in our defence against the assertion of discrimination in the selection process (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR). 

Who May Receive My Data?

We exchange personal data with other companies within the EOS Group.

Newsletters will be sent to the e-mail address you have provided. If your e-mail provider is located in an unsafe third country, the transfer will nonetheless be made to fulfill the contract with you and in accordance with your instructions.

Where we store and process data for the consummation of contracts, we may pass these data on to agents and contractors we employ for such consummation (e.g. to carriers for transportation purposes). Where we re-sell third party products we may pass on your contact details and information on the product purchased to the manufacturer or supplier for the purposes of product registration, for accounting purposes and/or with respect to manufacturer product maintenance or support.

We may make use of the services of third party service providers for the operation or support of our website, servers, databases or other IT systems or we may use systems operated by third parties (Cloud services) to host our data. Such service providers may have access to your data. We undertake to have in place data processing agreements with such service providers to ensure that personal data is processed only on our behalf and in accordance with our instructions. 

We may use third party tools to conduct conference calls, online meetings, video conferences and/or Webinars ("Online Conference(s)").
Various types of data are processed when conducting Online Conferences. Depending on the functions you use and the information you provide, these data categories may include the following: name, credentials and contact information, meeting metadata (topic, description (optional), participant IP addresses, device/hardware information), technical information such as connection data, text, audio, and video data.
We process this data to conduct the Online Meetings. This processing will take place, if the Online Meeting is related to an existing contractual relationship, for the consummation of such contract (legal basis for processing: Art. 6 no. 1 lit. b) of the GDPR), and otherwise to protect our legitimate interest in communicating with you in an efficient and convenient manner (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR). Recordings of Online Conferences may only be made and processed with the consent of all participants.
Data collected in connection with the participation in Online Meetings are generally not passed on to third parties, unless they are designated to be passed on. However, the provider will necessarily have access to the above-mentioned data. We undertake to have in place data processing agreements with such providers to ensure that personal data is processed only on our behalf and in accordance with our instructions.

Our website may contain references to third parties’ offers in the form of links, advertising banners or the like. If you follow these links (usually by clicking on the link or advertising banner), you will be directed to third-party offers. We would like to point out that providers of such offers may be in an unsafe third country and that clicking on such links may therefore lead to a transfer of information to such a country, that we are not the controller with respect to such third party offers and have not agreed any guarantees with the controllers’ of such third party offers regarding data protection and that only the data protection policies of the third party as the controller will apply to these offers. Although we do not pass on any personal data to such providers or their service providers ourselves, they can draw conclusions from the fact that you come from our website when you click on an advertisement.

We will transfer your personal data to competent law enforcement, regulatory or other authorities, institutions or bodies if we are legally obligated to do so (legal basis for processing: Art. 6 no. 1 lit. c) of the GDPR) or if we have a legitimate interest in averting coercive measures of such authorities, institutions or bodies within the scope of their legal authority (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR). Such legally required or necessary transmissions are not the subject of this Privacy Statement.

What Happens When Your Data is Exported to a Third Country?

Countries outside the European Economic Area may not offer the same level of data protection. Such countries for which the EU Commission has not expressly found that they offer an adequate level of data protection are also referred to as “unsafe third countries” in this Privacy Statement. When we transfer your personal data to a service provider in an unsafe third country we will provide for sufficient guarantees of adequate protection such as is provided by the standard protection clauses published by the EU Commission for this purpose (information page of the EU Commission).

How Does EOS Share Data with the EOS Group?

Personal data controlled by one company within our group of undertakings (herein also referred to as “EOS Affiliate” and “EOS Group”) may be disclosed to other EOS Affiliates where such data is uploaded to a joint database.

Joint databases are centrally hosted by one EOS Affiliate for access by all EOS Affiliates for the purposes identified below. However, access to data in joint databases is always restricted by multiple levels of access rights granted on a need-to-know basis ensuring that the EOS Affiliates, and within each EOS Affiliate the respective employees, access only the data they require for their business functions.

The databases constituting our Customer Database (ERP database and CRM database) are set up as joint databases. The databases are controlled by EOS GmbH Electro Optical Systems. Other EOS Affiliates may access data in the databases in order to offer products, services or information to existing or prospective customers which may be relevant to such customers.

Personal data controlled by one EOS Affiliate may in addition also be disclosed to other EOS Affiliates where one EOS Affiliate provides intragroup services to the other EOS Affiliate. Currently EOS GmbH Electro Optical Systems, Krailling, Germany provides central IT services to all other EOS Affiliates and in the context of such services may have access to all data stored on the respective EOS Affiliate’s systems. EOS GmbH Electro Optical Systems, Krailling, Germany, has, however, undertaken to access such data as a processor and only for the purposes and subject to the instructions of the respective EOS Affiliate.

We share data in the contexts specified hereinabove in order to protect our legitimate interests in coordinating sales processes and business and IT administrative processes on the level of the group of companies and planning and providing our deliveries and services as close to our customers as possible (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR).

The disclosures set forth above may be made EOS Affiliates within and outside of the European Economic Area. In order to provide for a uniform level of data protection throughout our group of companies and also to provide sufficient guarantees in this case, all EOS Affiliates have agreed on the application of uniform data protection provisions for all data transfers within our group of companies which, with respect to data exports outside of the European Economic Area, incorporate the standard data protection clauses adopted by the EU Commission for this purpose.

For How Long are My Data Stored?

We have enacted a data retention and deletion policy in order to ensure that personal data are only stored for as long as necessary for their purpose.

Our data retention and deletion policy takes account of the principle that personal data should be retained for limited periods even after the original purpose has become obsolete, in order to preserve our legitimate interest in preventing unintentional deletions, in enabling the establishment, exercise or defence of legal claims and in rendering the administration of retention and deletion periods practicable (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR). We assume that your interests do not conflict with this, because these additional retention periods are appropriate with respect to the interests to be protected.

Unless detailed information on deletion periods has already been provided above, the following general deletion periods will apply in accordance with our data retention and deletion policy. Where data fall under several different deletion periods, the longest will always apply:

• We will retain customer data for the duration of the customer relationship. After the end of the customer relationship such data will continue to be retained for as long as these data are necessary for the maintenance of the customer account and for the administration of documents or data relating to the customer which fall into any of the categories identified hereinbelow. Otherwise customer data will be deleted after expiry of one year.
• We will retain contract data until expiry of the statute of limitation for potential claims and will then delete or anonymize them after an additional cooling-off period of several months.
• For compliance with the statutory retention period for commercial letters and tax documents we will retain correspondence for seven years and invoices and other booking documentation for 11 years.
• We will retain contract-related data and documents for 11 years after the end of the contractual relationship in view of the statutory limitation period for claims and statutory document retention obligations for booking receipts.
• We will retain all product safety documents and product data including information on safety-relevant incidents and accidents or customer complaints to comply with our statutory product monitoring obligation and to assert, exercise or defend legal claims within the statutory limitation periods for 31 years after the end of product sales.

If the term "deletion" is mentioned in this Privacy Statement, we reserve the right to anonymise the relevant data record, such that it can no longer be assigned to you, instead of complete deletion.

Anonymised data may be processed and used by us and our processors for an unlimited period. The processing and use of anonymised data is not subject to the GDPR and is not the subject of this Privacy Statement.

What Options and Rights do I have with respect to My Data?

• Under the conditions stipulated in Art. 15 of the GDPR you have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and certain information on their processing. Please note that this right is subject to certain statutory limitations (in particular under § 34 of the German Data Protection Act).
• Under the conditions stipulated in Art. 16 of the GDPR you have the right to obtain from us the rectification of inaccurate personal data, and the completion of incomplete personal data.
• Under the conditions stipulated in Art. 17 of the GDPR you have the right to obtain from us the erasure of certain of your personal data, such as data which are no longer necessary for legitimate purposes (such as the establishment, exercise or defence of legal claims).
• Under the conditions stipulated in Art. 18 of the GDPR you have the right to obtain from us the restriction of processing of certain of your personal data, such as data which you claim not be accurate.
• Under the conditions stipulated in Art. 20 of the GDPR you have the right to receive, or request us to transfer to a third party, in a machine-readable format, personal data relating to you which are processed by automated means solely on the basis of your consent or for the performance of a contract with you or in order to take steps at your request prior to entering into a contract.
• Under the conditions stipulated in Art. 21 of the GDPR you have the right to object, on grounds relating to your particular situation, to certain processing operations of your personal data. We may in such case not follow your objection if there are compelling legitimate grounds for the processing which override your interests or if processing is necessary for the establishment, exercise or defence of legal claims.
• You can object to the further processing of your personal data for direct marketing purposes at any time, and we will consequently refrain from processing them for this purpose. This also applies to profiling insofar as it is associated with such direct marketing.

We will not make any decisions without your consent which produce legal effects concerning you or similarly significantly affect you and that are based exclusively on automated processing (including profiling).

To the extent that we indicate in this Privacy Statement that guarantees have been agreed to provide an adequate level of protection, you may request copies of the relevant documents from our Data Protection Officer.

You have the right to lodge a complaint with a supervisory authority. This may include, among others, the supervisory authority responsible for your place of residence or the supervisory authority generally responsible for us. You can find information on this supervisory authority under „Important Contact Information“.

If you consent to processing, this is voluntary, unless we inform you otherwise in advance, and the refusal of consent will not be sanctioned. You can withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Processing on a legal basis other than your consent will also be unaffected by such withdrawal. However, you may also exercise the above statutory rights in this respect (e.g. the right of objection pursuant to Sections 12.6 et seq.). In particular, you may withdraw any consent to the use of your e-mail address or telephone number for direct marketing at any time and may object to any further use of your e-mail address or telephone number for this purpose at any time, free of charge (other than communication costs payable to your provider).

You can contact us in any form to exercise your rights, in particular to withdraw any consent you may have given, and especially our data protection officer also. You may be required to identify yourself to us as a data subject to exercise your rights.

You can find all necessary information under „Important Contact Information“.

How Are Changes to this Privacy Statement Communicated?

We may change our processes and this Privacy Statement in future. In the event of a change, we will publish an updated Privacy Statement here or publicize the change in another manner.
 

EOS GmbH Electro Optical Systems 

Rev. Feb. 2021