I. The responsible body and data controller of your personal data under the General Data Protection Regulations (GDPR) and other data protection laws is:
Letters: Bayrisches Landesamt für Datenschutzaufsicht
Letters: Information Commissioner’s Office
This means for you, as the data subject:
· Where you have given your consent for the processing of your personal data, you are able to withdraw your consent to such processing at any time.
· We respect your rights under the data protection laws, such as the right to be informed about the lawful basis we rely on for processing your personal data.
· Our information processing security measures comply with the latest standards and with statutory requirements.
· Our employees are obliged to maintain confidentiality and receive regular training on data handling best practices.
· Compliance with data protection provisions is monitored by the data protection coordinator who can be contacted directly by email should you have any questions.
If you have any questions, you can contact us at any time – our contact details are set out at the beginning of this declaration.
What type or categories of personal data we process
Personal data is all that information that relates to an identified or identifiable natural person.
We store and process personal data only as far as is directly necessary for building and developing new business across our entire service range – from planning and project development through to delivery and assembly, and quality control, acceptance
and maintenance - in our rail, energy and product business divisions.
We also process data that we have rightfully obtained from credit reference agencies and from publicly accessible sources (e.g. company registers or the land registry).
We process the personal data which you provide to us in various ways such as through your use of our website or in the course of an enquiry you have with us.
The following personal data is processed by us:
Personal data relating to prospective customers:
· Contact details (email address, telephone number)
· Any further information you provide to us such as the content of an enquiry (via a free text field or over the phone)
· Contact details (address, email address, telephone number)
· Bank details
We guarantee that we will only use any personal data we collect for the purpose for which it was originally collected. It is especially important to us to ensure there is no lack of clarity around collection of personal data and that you know from the start how, why and by whom the data has been collected.
How we use personal data our purpose for processing it, and our legal basis for the processing of your personal data
We process your personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and local data protection laws. As a rule, we seek to present the collection and processing of your data as transparently as possible. Therefore, we will only process your personal data where we have a legal basis to do so under Article 6 of the GDPR.
We process personal data for various reasons including to fulfil our contract with you and to comply with statutory regulations applicable to us. Sometimes we will rely on your consent to process personal data and on other occasions we will process your personal data to help us perform our legitimate business interests.
We have set out our purposes for processing personal data in the table below alongside the legal basis we are relying on to process that personal data for the purpose:
|For purposes related to the provision of the products and services that we offer to you:|
· to fulfil our contract with you and fulfil your orders and implement pre-contractual measures;
· managing enquiries and complaints or otherwise communicating with our customers;
· processing and responding to queries made through the contact form on our company homepage.
|We use your personal data in this way either because we have a contract with you (for example, where we have a contract to provide those goods and services to you) or because it is in our legitimate interests to do so (for example, it is in our interests to ensure our customers are happy and solve any customer issues) but we will always ensure that your rights are protected.|
|For advertising and marketing purposes, including to measure how effective our marketing is:|
· in a business to business context only, we will undertake direct marketing to build new customer relations or approach prospective customers;
· to send our newsletters to existing and potential customers;
|We do this because it is in our legitimate interests to send marketing to our existing customers for goods and services, they may be interested but we will always ensure that your rights are protected and you can opt-out at any time.
In some instances, we will rely on your consent to send you marketing materials such as when you sign up to receive our newsletter emails even if you are not a current customer, you can withdraw this consent at any time.
|For administrative and internal business purposes:|
· transferring data across our corporate group to ensure we are offering an efficient service to our customers;
· the development, deployment and protection of new IT solutions;
· for other internal business purposes, such as analysing and managing our businesses, audits, developing new products or services, enhancing our site, and improving our services and products;
· to improve the user-friendliness of your service facilities such as the Powerlines web presence;
|It is in our legitimate interests as a business to use your personal data in this way. For example, we have a clear interest in ensuring that our products and services are high quality and efficient. We will always ensure that your rights are protected.|
|For security and legal and compliance purposes:|
· as part of our efforts to keep our site safe and secure;
· to detect or prevent fraud or other illegal activity;
· as we believe to be necessary or appropriate in each case in order to comply with laws or legal process (including laws or legal process in other countries);
· to protect our rights or property (or the rights or property of others) and to enforce our rights and pursue available remedies; and
· we use video surveillance on our premises to protection of employees, the security of Powerlines property and the prevention, containment and solving of criminal conduct.
|We will make credit checks when it is in our legitimate interests and appropriate to do so in order to manage our financial risk.
In some cases, we will need to use your personal information to fulfil a legal obligation (for example, if we receive a legitimate request from law enforcement agencies), and in other cases (such as the detection of fraud or ensuring the security of the site) we will rely on our legitimate interests as a business to use your personal information in this way. We will always ensure that your rights are protected.
We will only use your personal data for the purpose it was collected for. Should this purpose expire we will either securely delete the personal data or we will consider whether there is an alternative purpose and corresponding lawful basis to continue to process and store the personal data.
Existence of automated decision-making
We do not currently undertake any automatic decision-making or profiling.
Disclosure of Data and Transmission
We will only share personal data with third parties if we have a lawful basis for doing so, for example where there is a statutory requirement, it is necessary in order to perform our contract with you or if you have given prior consent.
Within the Powerlines group of companies
We are part of a group of companies that share various operations and business processes. We may share your personal data with any member of our group for example; in order to fulfil our contractual obligations to you, or because it is in our legitimate interests to do so.
With third party processors
We use third party processors (particularly IT service providers) to help us with specific functions, and we may disclose your personal data to them if they need it to perform their respective services. All processors are contractually obliged to handle your data confidentially and only process it as part of the agreed service provision.
In relation to statutory functions
We may share your personal data where there is a statutory obligation to do so, for example with authorities, regulators, or even to the Courts in connection with legal proceedings.
In particular, personal data collected through our video surveillance may be transmitted (in individual cases and only where it is strictly necessary and proportionate to do so) to competent authorities (for evidence protection in civil or criminal proceedings), security agencies (for security purposes), insurers (only for processing insurance claims), lawyers and those in other posts for the purpose of law enforcement.
Data processed outside of the EEA
No data is processed outside the EEA.
Data Retention Period
We process your personal data, where necessary, for the period of the entire business relationship (from the initiation and processing of a contract to its termination) and furthermore pursuant to the respective statutory retention and documentation obligations where applicable.
In addition, we retain some personal data for longer than our business relationship with you where it is in our legitimate interests to do so. For example, we will hold personal data for periods in line with statutory limitation periods, which may for example in certain cases be up to 6 years in accordance with the Limitation Act 1980.
Where we are relying on your consent to process your personal data your personal data will be deleted if withdraw your consent to the data being processed for that particular purpose.
Data Access and Data Security
Those within our company involved with implementation and process have access to your data depending on operational and organisational needs.
Data protection and data security are important to us. We have implemented technical and organisational measures to secure our data processing. These measures protect against unauthorised or unlawful processing, accidental loss, accidental destruction or accidental damage. This particularly concerns protection of your personal data. Examples of the measures we have in place to protect your personal data includes:
· we protect against unlawful access to personal data by applying a role authorisation concept, a data security concept and physical protective measures; and
· we have information security guidelines in place within the company.
Your Rights as the Data Subject
As a data subject, you have a number of rights which we have set out below. To exercise your rights and if you have any queries, contact our data protection coordinator:
Where appropriate it may be necessary for you to prove your identity to us in a suitable form before we are able to comply with your request, we do this to remove the possibility of unauthorised third parties
being given your personal data and/or to prevent unauthorised changes and/or deletions being made.
On receipt of a request from you exercising your rights, we shall respond without undue delay, but no later than one month from your concern reaching us. Our response will give an initial view or deal with your concern or state whether and if so, why the period for giving our views has been extended by up to two months.
Right to Information
You have the right to information about how on your personal data is processed by us.
Right to Rectification
If the personal data we hold about you is inaccurate, please inform us of this so that we can rectify and/or complete it immediately.
The Right to Restrict Processing
You can restrict the processing of your data at our company in certain circumstances if:
· your data is processed unlawfully, but you decline to have it deleted and instead seek to restrict its use
· we no longer need your data for its original purpose, but you need it for the assertion, exercise or defence of legal claims
· you use your right of objection, although it is not yet established that our legitimate interests do not outweigh your rights as a data subject.
Right to Data Portability
In certain circumstances you have the right to receive your personal data in a structured, current and machine-readable format. This refers to the data with which you have provided us and that we process with your consent or to fulfil a contract. You can also ask us to transmit this personal data direct to another data controller.
Right to Object
You have the right to object to certain processing of your personal data. This also applies if we use your personal data for any profiling activities.
In such a case, we will no longer process your personal data unless we are able to establish compelling legitimate reasons for such processing that outweigh your concerns or processing is directed at the assertion, exercise or defence of legal claims.
Where direct marketing is concerned, you have the right to object to processing for the purposes of such marketing at any time. This also applies for profiling, if it is associated with direct marketing.
Right of Appeal
If it is your view that we are in breach of local or European data protection law in processing your data, we would ask you to contact us so that we can resolve any questions. You have the right to appeal to the Austrian data protection authorities or to your local competent authorities for example, you can contact the UK regulator for data protection (the Information Commissioner's Office) via their website: https://ico.org.uk/concerns/ or by calling 0303 123 1113.
How to Make a Request
Whatever right you wish to assert, in each case you can send your request to us in one of three ways:
by letter, personally signed please, and with a copy of your ID to
personally, at Powerlines UK head office during office hours or
by email, only with a qualified electronic signature, to
Use of Powerlines Website
The Powerlines website records a range of data and information about visitors to the website. This general data and information is stored in the server’s logfiles. The following can be recorded: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system gets to our system (so-called referrer), (4) the sub-websites heading for our website via an accessing system, (5) the date and time of access to the website, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system and (8) other similar data and information designed to avert risks in the event of access to our information technology systems. We rely on our legitimate interests to process this data in order to manage and improve our website and ensure we are supporting our customers and prospective customers in the most helpful way.
In using this general data and information we draw no conclusions about the data subject. This information is needed rather in order to (1) correctly deliver the content of our website, (2) optimise the content of our website and the advertising for it, (3) guarantee the long-term functionality of our information technology systems and of our website’s technology and (4) provide law enforcement authorities with the information necessary for prosecution in the event of a cyber-attack. This anonymously collected data and information is therefore statistical and is assessed with a view to increasing data protection and data security in our company. The anonymous data in the server logfiles is stored separately from all personal data provided by a data subject.
A cookie is a data file that – provided your browser settings allow – is stored by us on your computer if you visit our website or perform certain actions. The cookie contains information that we have sent to your computer. It stores certain settings and data for interaction with our system via your browser.
We use so-called session cookies, which are stored during your visit to our website. They are deleted when you end your browser session. We also use permanent cookies, which remain on your computer once a browser session has ended. Permanent cookies contain an identification number by which we can identify your computer. With this we can improve our services if you visit our websites repeatedly. We cannot assign personal data to this identification number.
But please note that certain cookies are necessary to ensure the basic functions of the website. Some pages of our websites may not function properly if you do not accept cookies. Below you will also learn how to prevent certain cookies being set.
With regard to our cookies it is up to you when you want to delete them. In any case they are stored in your browser until you decide to delete them. As a user, you also have full control over the use of the cookies. However, we should like to advise you at this point that if you deactivate cookies it may not be possible to use all functions of our website.
Please note that we may need to update and amend this document from time to time. For example, to reflect amendments to the UK's Data Protection Act or the EU General Data Protection Regulation. Any changes to this declaration will be posted on this website.