Data Privacy Statement
With this Data Privacy Statement, we, EDAG Engineering Group AG (hereinafter referred to as EDAG, we or us), will explain how we collect and otherwise process personal data when you purchase our products or services, when we enter into or conduct a business relationship with you or your employer as business partners, or when you have any other dealings with us.
As it is possible that additional data privacy statements (in particular for website visitors and applicants using the online recruiting portal) or other legal documents, for instance our general terms and conditions of business, might also apply, this statement might not in all cases give a definitive description of our data processing.
Personal data is any information that relates to an identified or identifiable person. Processing includes any handling of personal data, regardless of the means and processes used, in particular the retention, disclosure, retrieval, collection, deletion, storage, modification, destruction and use of personal data.
If you provide us with personal data of other persons (e.g. data of employees or family members), we assume that you have ensured that these persons are aware of this data privacy statement, that this personal data is correct and that you will only communicate their personal data to us if you have permission to do so.
We are generally subject to Swiss data protection legislation. For this reason, this data privacy statement is first and foremost designed to comply with the Swiss Data Protection Act (DSG). Whether, however, the EU General Data Protection Regulation (GDPR) or other data protection laws would be applicable depends on the specific circumstances of a particular case.
EDAG Engineering Group AG, is responsible for the data processing outlined here, unless otherwise stated in a given case.
If you have any questions regarding data protection, kindly send them to us at the following contact address:
EDAG Engineering Group AG
As a general rule, we process the personal data we receive from our customers and other business partners in the course of our business relationship with them and other persons involved.
We might also obtain certain data from publicly accessible sources (e.g. debt collection or commercial registers, the press, Internet) or receive such data from our business partners, from authorities and other third parties (for instance credit agencies).
We process data that you directly transmit to us in connection with any use you make of our products and services and in connection with our business relationship (e.g. personal data and contact data), or that result from the use of our product and services or in connection with the handling of our business relationship (e.g. contract data). We also process data with which you provide us in connection with a job application (in this case, please see our separate data privacy statement): https://www.edag.com/en/legal/data-privacy.
In addition to this data, the categories of personal data relating to you which we might possibly receive from third parties include, in particular
When we process personal data, this relates in particular to the conclusion and handling of contracts with our customers and business partners. In particular, this involves data processing within the context of rental contracts with our customers and the purchase of products and services from our suppliers and subcontractors (insofar as the GDPR is applicable, this concerns Art. 6 para. 1 point b of the GDPR).
It is also possible that your personal data might affected if you are working for one of our customers or business partners (insofar as the GDPR is applicable, this concerns Art. 6 para. 1 point f of the GDPR). In these cases, our legitimate interest is in handling the business relationship as well and efficiently as possible. We are also required to process certain data in order to meet our legal obligations both at home and abroad (insofar as the GDPR is applicable, this concerns Art. 6 para 1 point c of the GDPR).
In addition, where this is permitted and seems to us to be appropriate, we also process personal data for the following purposes in which we (and in certain cases also third parties) have a legitimate interest corresponding to the purpose (insofar as the GDPR is applicable, this concerns Art. 6 para. 1 point f of the GDPR):
Insofar as you have given us your consent to the processing of your personal data for one or more specific purposes (for example, when you register to receive newsletters or carry out a background check), we process your personal data within the scope of and on the basis of this consent, insofar as we have no other legal basis and require one (insofar as the GDPR is applicable, this concerns Art. 6 para. 1 point a of the GDPR). Consent which has been given may be withdrawn at any time, though this shall not affect data processing that has already been carried out.
In this context, please see our separate data privacy statement for visitors to our website and job applicants: https://www.edag.com/en/legal/data-privacy
Within the course of our business activities and for the purposes given in section 5, we may also disclose your data to third parties, where this is permitted and seems to us to be appropriate. Such disclosure is effected either because these recipients process the data for us (i.e. order processors) or because they want to use it for their own purposes. The following categories of recipients in particular are involved here:
As a general rule, these recipients are located in Switzerland and the European Economic Area (EEA), but may also be located anywhere in the world. In particular, you must expect your data to be transferred to all countries in which the EDAG Group is represented by group companies, branches or other offices (https://www.edag.com/en/edag-group/the-company-edag/locations), as well as to other countries in Europe and the USA where the service providers we use are located (e.g. Microsoft, Google).
If a recipient is located in a country without adequate legal data protection, we contractually oblige the recipient to comply with the applicable data protection requirements (for this purpose, we use the revised standard contractual clauses of the European Commission, which can be accessed here: https://eurlex.europa.eu/eli/dec_impl/2021/914/oj?), insofar as the recipient is not already subject to a legally recognized set of rules to ensure data protection and we cannot rely on an exemption clause. An exception may apply particularly in the case of legal proceedings abroad, but also in cases of overriding public interests or if the processing of a contract calls for such disclosure, if you have given your consent or if you have made the data in question generally accessible, and you have not objected to its being processed.
We will process and store your personal data for as long as is necessary for us to fulfill either our contractual and legal obligations or the purposes for which the data is being processed (e.g. as long as there is an interest in our newsletters and you do not unsubscribe from them). We will, for example, process your personal data for the duration of the entire business relationship (from the initiation and fulfillment of a contract through to its termination) and beyond in accordance with the legal retention and documentation obligations. It is possible that personal data will be retained for the period during which claims can be asserted against our company, or if we are otherwise legally obliged to do so, or legitimate business interests require us to do so (e.g. for evidence and documentation purposes). As soon as your personal data is no longer required for the above-mentioned purposes, it will, as a general rule and wherever possible, be deleted or anonymized.
We take appropriate technical and organizational measures to protect your personal data. This applies in particular to protecting it from unauthorized access and misuse, and includes such measures as issuing instructions, training, IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, pseudonymization, monitoring.
Despite the fact that we take these security precautions, the processing of personal data – especially when using the Internet – is always associated with certain risks and security gaps, which means that there can be no absolute guarantee of data security.
As a rule, we are unable to enter into and conduct a contractual relationship with you, or the entity or person you represent, and to fulfill our contractual and sometimes legal obligations without certain personal data. For this reason, we need you to provide us with certain personal data which is necessary to establish and conduct our contractual relationship and to meet the contractual obligations this entails. Also, the website cannot be used if certain information required to safeguard data traffic (the IP address, for instance) is not disclosed.
In certain cases, processing of your personal data is partially automated; we do this with the aim of evaluating certain personal aspects (this is known as profiling). We use profiling to provide you with specific information about products and/or services and to optimize the advice we offer. To this end, we use evaluation tools which enable us to ensure that communication and advertising - including market and opinion research - meet requirements.
We do not, however, make any use of fully automated decision-making processes (as set out in Art. 22 of the GDPR).
Within the scope of the data protection legislation applicable to you and to the extent provided for therein (in the case of the GDPR, for example), you have the right to information, rectification, deletion, the right to restrict data processing and the right to object to our processing your data, in particular for the purpose of direct marketing, profiling for direct advertising and other legitimate interests in the processing, and to the release of certain personal data for transfer to another party.
Please note, however, that we reserve the right to assert the restrictions prescribed by law if, for example we are obliged to retain or process certain data, have an overriding interest in it (as long as we can prove this) or require it to exercise claims.
We will inform you in advance of any costs you will incur. We have already informed you of the possibility of revoking your consent in section 5. Please note that exercising these rights could conflict with contractual agreements, and that this can have consequences such as the early termination of the contract or additional costs. Should this be the case, we will inform you in advance if contractual arrangements have not been made.
If you wish to exercise such rights, we must be able to identify you accordingly, by means of a copy of your identity card, for example, unless your identity can be clearly verified by other means.
To enforce your rights, you can contact us at the address given in section 1.
In addition to being able to exercise these rights directly with us, every data subject is entitled to enforce claims in court, or to file a complaint with the competent data protection authority. In Switzerland, the competent data protection authority is the Federal Data Protection and Information Commissioner (abbreviated to EDÖB): http://www.edoeb.admin.ch.
This data privacy statement can be revised and amended at any time without advance notice. The most recent version published on our website is the valid version. If the data privacy statement is part of an agreement with you, we will notify you of any changes by email or other appropriate means, in particular publication on our website, in the event of an update.
Status: September 2023