epi is strongly committed to protecting your privacy and the personal data you provide when acting as business partners, suppliers or other contact persons (hereafter business partners) and has put in place data protection rules with the aim of ensuring best practice when handling business partners personal data. This privacy statement is specifically about epi relations with business partners. It tells you what information we collect about you through it, the purpose for which we collect that data and how we do so.
Why does epi collect certain personal data?
epi collects and processes personal data only to the extent necessary for the agreed or requested services.
What information does epi collect about you?
The types of personal data processed about our business partners include in particular master data (first name, last name, function, the identity of the company) and contact data (business address, telephone numbers, fax number and e-mail address, etc.).
In addition, we process the agreements made within the framework of the contractual relationship (communication history, contractual agreements, prices, negotiated services, order history and related offers and orders).
The personal data of you or your employees is generally collected directly from you personally in the course of contacting you or during the ongoing business relationship or is provided by your employer (who maintains a business relationship with epi) in the course of the business relationship for its implementation.
Data relating to the history of the business relationship (communication, contract details, contact persons, etc.) is generated as part of the joint business relationship and is stored internally.
What does epi use this information for and on which legal basis?
Your personal data will be processed in accordance with the relevant data protection regulations.
- Fulfilment of contractual obligations
We process your personal data for the performance of our contracts with you, in particular in the context of our order processing and service utilisation. Furthermore, your personal data is processed for the performance of measures and activities in the context of pre-contractual relationships.
- Fulfilment of legal obligations
We process your personal data if this is necessary for the fulfilment of legal obligations (e.g. commercial, tax laws).
Furthermore, we process your data, if necessary, for the fulfilment of control and reporting obligations under tax law as well as the archiving of data for the purposes of data protection and data security as well as audits by tax and other authorities. In addition, the disclosure of personal data may be necessary in the context of official/court measures for the purpose of collecting evidence, criminal prosecution or the enforcement of civil law claims.
- Legitimate interest of us or third parties
We may also use your personal data on the basis of a balance of interests to protect the legitimate interest of us or third parties. This is done for the following purposes for example:
- for the further development of services and products as well as existing systems and processes.
- for the assertion of legal claims and defence in legal disputes which are not directly attributable to the contractual relationship.
- for internal and external investigations and/or security checks.
With whom does epi share this information and why?
As a matter of principle we do not transfer your data to third parties. We will only pass on your data to third parties if the data is intended to be passed on, if you have expressly consented to the transfer in advance or if we are obliged or entitled to do so by law.
The personal data is disclosed, on a need-to-know basis, to the following recipients:
- Processors used by us, service providers for supporting activities and other data controllers, in particular in the areas of IT services, logistics, courier services, printing services, external data centres, support/maintenance of IT applications, archiving, document processing, accounting and controlling, data destruction, purchasing/procurement, customer management, letter shops, marketing, telephony, website management, tax consultancy, auditing services, credit institutions.
- Public bodies and institutions in the event of a legal or official obligation, according to which we are obliged to provide information, report or pass on data or the passing on of data is in the public interest
- bodies and institutions on the basis of our legitimate interest or the legitimate interest of the third party (e.g. to authorities, credit agencies, debt collection agencies, lawyers, courts, experts, companies belonging to the group and committees and supervisory bodies)
- other bodies for which you have given us your consent to the transfer of data.
Data may be transferred to bodies in countries outside the European Union (EU) or the European Economic Area (EEA), so-called third countries, if it is necessary for the execution of an order/contract from or with you, if it is required by law (e.g. tax reporting obligations), if it is in the legitimate interest of us or a third party or if you have given us your consent. In addition, data processing may also take place within epi in third countries if the processing person is not based in the EU/EEA.
In this context, the processing of your data in a third country may also be carried out in connection with the involvement of service providers as part of commissioned processing. If there is no EU Commission decision on an adequate level of data protection for the country in question, we ensure that your rights and freedoms are adequately protected and guaranteed in accordance with EU data protection requirements by means of appropriate contracts. We will provide you with detailed information on request.
How long does epi store the personal data?
Personal data shall be stored for the purposes of administration of members’ data. We process and store your data only as long as it is necessary for the purposes for which it was collected. In the case of legal storage obligations, deletion will only be considered after the expiry of the respective storage obligation.
Your rights as the data subject and our contact details
As epi commits to ensure the highest level of data protection the members have following rights:
Right of access: members have the right to request confirmation as to whether or not their personal data is being processed, and, where that is the case, to request access to the personal data and information such as the purposes of the processing or the categories of personal data concerned.
Right to rectification: members have the right to request the correction of inaccurate personal data and where necessary, the completion of incomplete personal data.
Right to restriction of processing: members have the right to request epi to restrict the processing of their personal data under certain circumstances e.g. if you have submitted your objection to processing, for the duration of any verification.
Right to erasure: Members have the right to request erasure of personal data without undue delay under certain circumstances, e.g. if their personal data is no longer necessary for the purposes for which it was collected or if their personal data has been unlawfully processed.
Right to object: If data are collected on the basis of data processing for the purposes of legitimate interests, you have the right to object to the processing at any time for reasons that arise from your particular situation.
epi, Bayerstrasse 83, 80335 Munich, Germany,
is responsible for data collection and processing.
You can assert your data protection rights here: Petra Zimmermann, epi Secretariat,
Bayerstrasse 83, 80335 Munich, Germany, Phone: +49 89 242052-0, Fax: +49 89 242052-220, E-Mail: email@example.com.
Our data protection officer will be pleased to answer any queries and address any concerns you may have on all matters relating to data protection: datenschutz süd GmbH, E-Mail: firstname.lastname@example.org, Phone: +49 931 30 49 76 0.