With this Data Privacy Statement, we, EDAG Engineering Group AG (hereinafter referred to as EDAG, we, or us), explain how we collect and otherwise process personal data when you purchase our products or services, when we enter into or conduct a business relationship with you or your employer as business partners, or when you have any other dealings with us.
As it is possible that additional data privacy statements (in particular for website visitors and applicants using the online recruiting portal) or other legal documents, such as our general terms and conditions, might also apply, this statement might not in all cases give a definitive description of our data processing.
Personal data refers to any information that relates to an identified or identifiable person. Processing includes any handling of personal data, regardless of the means and processes used, including the retention, disclosure, retrieval, collection, deletion, storage, modification, destruction, and use of personal data.
If you provide us with personal data of other persons (e.g. employees or family members), we assume that you have ensured these persons are aware of this data privacy statement, that their personal data is correct, and that you are authorized to communicate their data to us.
We are generally subject to Swiss data protection legislation. This data privacy statement is designed primarily to comply with the Swiss Data Protection Act (DSG). Whether the EU General Data Protection Regulation (GDPR) or other data protection laws apply depends on the specific circumstances of each case.
EDAG Engineering Group AG is responsible for the data processing outlined here unless otherwise stated in a specific case.
For data protection inquiries, you can contact us at:
EDAG Engineering Group AG
Schlossgasse 2
9320 Arbon
Switzerland
As a general rule, we process the personal data we receive from our customers and other business partners during the course of our business relationship with them and other involved parties.
We might also obtain certain data from publicly accessible sources (e.g., debt collection or commercial registers, press, Internet) or receive such data from our business partners, authorities, and other third parties (e.g., credit agencies).
We process data you directly provide us in connection with using our products and services or during our business relationship (e.g., personal data, contact data, and contract data).
We also process data you provide during job applications (refer to our separate data privacy statement):
https://www.edag.com/en/legal/data-privacy
Additionally, we may receive data from third parties, which can include:
- Information about your professional functions and activities (e.g., for business transactions with your employer)
- Information from correspondence and meetings with third parties
- Public register data or credit reports (e.g., if doing business with you personally)
- Information obtained in connection with legal or official proceedings
- Information provided by individuals in your environment (e.g., employers, consultants, legal representatives) to help us enter into or perform contracts with or involving you (e.g., references, delivery addresses, powers, compliance data)
- Information from media and the Internet (e.g., related to applications, marketing, etc.), including your addresses and other data for marketing purposes
We process personal data primarily for concluding and handling contracts with customers and business partners. This includes contracts such as rental agreements or purchasing products and services from suppliers and subcontractors (under GDPR, this relates to Art. 6 para. 1 point b).
If you work for a customer or business partner, your personal data might also be affected (GDPR Art. 6 para. 1 point f). Our legitimate interest in such cases is to efficiently manage the business relationship.
We also process certain data to comply with legal obligations domestically and abroad (GDPR Art. 6 para. 1 point c).
In addition, where permitted and appropriate, we process personal data for purposes such as:
- Offering and improving our services, websites, and other platforms
- Communication with third parties (e.g., job applications, media, public authorities)
- Testing and optimizing procedures for customer needs analysis
- Marketing and advertising (unless you object)
- Market and opinion research
- Enforcing legal claims and defending in disputes
- Preventing and investigating crimes
- Ensuring operational security, including IT and building security
- Company transactions (e.g., purchase and sale of business units)
If we process your personal data based on consent (e.g., newsletters), you can withdraw this consent anytime, but it won’t affect previous data processing.
We may disclose your data to third parties where permitted and appropriate. Such disclosures may occur because recipients process data for us (order processors) or because they wish to use the data for their purposes.
Recipients may include:
- Service providers (e.g., trustees, banks, insurance companies, legal advisors, IT providers)
- Dealers, suppliers, subcontractors
- Customers
- Domestic and foreign authorities, official offices, courts
- Media
- The public, including website and social media visitors
- Competitors, industry organizations
- Buyers or potential buyers in company transactions
- Other EDAG Group companies
Data recipients may be located in Switzerland, the EEA, or other countries, including the USA (e.g., Microsoft, Google).
If recipients are located in countries without adequate legal data protection, we require them to contractually ensure compliance with data protection requirements, using European Commission standard contractual clauses, unless another legal safeguard is in place.
We process and store your personal data for as long as necessary to fulfill contractual and legal obligations or the purposes for which the data is processed. This can extend beyond the business relationship (e.g., for legal retention and documentation obligations or evidence purposes). Once the data is no longer required, it is generally deleted or anonymized.
We take appropriate technical and organizational measures to protect your personal data from unauthorized access and misuse. This includes IT and network security, encryption, access control, and monitoring.
Despite these precautions, the use of the Internet is always associated with certain risks and security gaps, so absolute data security cannot be guaranteed.
Without certain personal data, we generally cannot enter into and conduct contractual relationships with you or your employer, nor fulfill our legal obligations.
For example, the website cannot be used without certain data (such as IP address) being disclosed.
In certain cases, we process your personal data in an automated way to evaluate certain personal aspects (profiling). We use profiling to provide you with targeted product information and improve our services. However, we do not make fully automated decisions as defined in Art. 22 of the GDPR.
Under applicable data protection law (e.g., GDPR), you have the right to:
- Access, correct, or delete your data
- Restrict or object to our data processing (especially for direct marketing)
- Request the release of certain data for transfer to another party
You can enforce these rights with us or file complaints with the relevant data protection authority.
If exercising these rights conflicts with contractual agreements, it may result in contract termination or additional costs. We will inform you beforehand in such cases.
This data privacy statement may be updated without notice. The latest version published on our website is the valid version. If the data privacy statement is part of an agreement, we will notify you of changes via email or other means.
