Data Protection Statement
Data protection statement Powerlines Group GmbH
I. The Responsible entity within the meaning of the data protection regulation (DS‐GVO) and other data protection laws is:
Powerlines Group GmbH
A‐2120 Wolkersdorf im Weinviertel
II. Contact for enquiries relating to data protection
: For questions, suggestions or complaints relating to the processing of your data, please contact our data protection co-ordinator:
In writing: Data protection co-ordinator
Powerlines Group GmbH Johann‐Galler‐Straße 39
A‐2120 Wolkersdorf im Weinviertel
For data subjects in the UK
In writing: Data protection co-ordinator
SPL Powerlines UK
Unit 4 | Potteric Carr Industrial Estate | Potteric Carr Road
Doncaster | South Yorkshire | DN4 5NP | England
III. Competent regulatory authority for data protection agendas: Austria
In writing: Österreichische Datenschutzbehörde
In writing: Bayrisches Landesamt für Datenschutzaufsicht
Promenade 27 (Schloss)8
In writing: Information Commissioner’s Office
In writing: Datainspektionen
SE‐104 20 Stockholm
Data Protection Principles
For the Powerlines Group GmbH (hereinafter Powerlines) trust is a vital cornerstone in every business relationship, which is why we attach great importance to the secure and sensitive management of your data. This data protection declaration is intended to give you an insight into which personal data is used, for what purpose and what options are available to you as the data subject for getting the best possible overview of what happens to your data and what rights you have in this regard. Powerlines operates a consistent and continuous data protection management system in order to systematically plan, organise, manage and monitor legal and operational data protection requirements. The goal here is to ensure the rights and freedoms of those concerned and prompt recognition of business-related risks arising from data protection and to be able to manage them accordingly.
This means for you, as the data subject:
- You decide which personal data you transfer to us and for what purpose we may process or use it.
- You can of course withdraw your consent to the processing or use of your data at any time, with future effect.
- We respect your rights under the above data protection laws, such as the right to information on the data concerning you stored by us.
- Our information processing security measures of course comply with the latest standards and with statutory requirements.
- Our employees are obliged to maintain confidentiality.
- Compliance with data protection provisions is monitored by the data protection coordinator. You can also contact him direct by email with your questions.
In order to explain everything to you as transparently as possible, we have endeavoured to describe the facts to you as simply as possible. Regardless of whether you have been a customer for many years or have just joined us as a prospective new customer, we invite you to read this declaration carefully and familiarise yourself with our practices.
If you have any questions, we are of course at your disposal at any time and shall be glad if you contact us.
What type or categories of personal data we process
Personal data is all that information that enables a natural person to be identified or identifiable.
We store and process the available personal data known to us only as far as is directly necessary for building and developing new business across our entire service range – from planning and project development through delivery and assembly to quality control, acceptance and maintenance - in our rail, energy and product business divisions.
We also process data that we have rightfully obtained from debtor registers (Credit Protection Association of 1870, Creditreform, etc.) and from publicly accessible sources (e.g. company register, commercial register, register of associations, land registry or media).
We process the personal data with which you provide us as a user of our website, maybe in the course of an enquiry.
The following personal data amongst others is processed by us:
- Forename, surname, address (address, postcode, town)
- Contact details (email address, telephone number)
- Content of enquiry (free text field)
Customer base / supplier base: We do not record much data on suppliers and customers. We merely need to ensure a trouble-free business relationship.
- Customer / supplier contacts (forename, surname)
- Contact details (address, email address, telephone number)
- Bank details
Applicant/bidder details: there is a separate data protection declaration for these
Regardless of what personal data is concerned, we guarantee that we will only use it for the purpose for which it was originally collected. The transparency of this approach is especially important to us to ensure there is no lack of clarity around collection and that you know from the start how, why and by whom the data has been collected.
How we use the personal data
Data on the data subject is processed on the basis of contract fulfilment and in the exercise of the statutory regulations addressing those responsible (in particular laws concerning employees).
For example, here data is processed for the following purposes:
- Personal contact data for setting up, executing and managing contracts and business relationships
- Payroll accounting and general payments as part of various projects
- For financial and administrative accounting
- Data used as part of consultancy
- Personal data required for product purchase
- Personal data required as part of staff provision for cooperation of various kinds
- Any data required for handling internal processes (e.g. accounting, staff administration etc.)
- Staff data required in the course of sales and purchasing (e.g. contact details of customers and suppliers)
- Furthermore, the following are examples of the purposes for which data is processed to protect our legitimate interests:
- Direct marketing to strengthen already existing customer relations or to build new customer relations or in the course of approaching prospective customers
- Data transfer within the group
- Data processing and transfer as part of the deployment and protection of new IT solutions
Should the purpose of the original collection expire, we are only permitted to store your data further if we gain your consent or if other significant grounds exist for an exception to be made.
Existence of automated decision-making
As a responsible company we refrain from automatic decision making or profiling.
Legal basis for the collection and processing of your data
As a rule, we seek to present the collection and processing of your data as transparently as possible. We therefore adhere exactly to the specifications of the guidelines established in Art. 6ff of the GDPR and take them as a legal basis for the processing and collecting of your data. In the process, we naturally seek to organise everything in such a way that you are kept permanently in the picture as to what happens to your data. We process your personal data in accordance with the provisions of the European General Data Protection Regulations (GDPR) and local data protection laws.
Legal basis of data processing:
- Consent given pursuant to Art. 6 Clause 1a of the GDPR for the processing of your personal data for specific purposes (e.g. consent for the sending of newsletters).
- Personal data (Art. 4 No. 2 of the GDPR) is processed as far as necessary to carry out our contracts with you and fulfil your orders and implement pre-contractual measures in accordance with Art. 6 Clause 1 b of the GDPR.
- Statutory requirements pursuant to Art 6 Clause 1 c of the GDPR with which we have to comply, such as legally prescribed retention and doumentation obligations.
- Safeguarding legitimate interests pursuant to Art. 6 Clause 1 f of the GDPR. Where required, data processing for safeguarding legitimate interests may be carried out in the context of balancing interests for the benefit of Powerlines or third parties. Data is processed to safeguard legitimate interests in the following cases. Examples of these are
- Consulting and exchanging information with credit agencies (e.g. Austrian Credit Protection Association 1870, Creditreform etc.)
- Video surveillance to collect data evidence of offences – in particular for the protection of employees, the security of Powerlines property and the prevention, containment and solving of criminal conduct
- Measures for business management and the further development of products and services
- Data processing for the purposes of prosecution
- Asserting legal claims and defending legal disputes
- Safeguarding IT security and IT operation
- To further improve the user-friendliness of your service facilities such as the Powerlines web presence
Personal data is only passed or transmitted by us to third parties if there is a statutory requirement or it is necessary for the purpose of contract processing or if you as the user of our website and/or a prospective customer and/or a customer have given prior consent.
Stored personal data is deleted if you as the user of our website and/or a prospective customer and/or a customer withdraw your consent to the data being processed, if your data is no longer required to fulfil the purpose for which it is stored, or if storage of your data is or becomes inadmissible on other legal grounds. Data required for contract processing, accounting purposes or for safeguarding other legal obligations (documentation obligations) is not affected by a deletion request.
Disclosure of the Data and Transmission
Within Powerlines, data is held by those posts or employees who need it to comply with contractual, statutory and legitimate interests. Furthermore processors contracted to use your data (particularly IT service providers), keep the data if they need it to perform their respective services. All processors are contractually obliged to hande your data confidentially and only process it as part of the agreed service provision.
Where there is a statutory obligation, authorities and/or federal, national or Community agencies, social insurance agencies or even courts may receive your data.
Data from video surveillance can be transmitted in individual cases and where necessary to competent authorities or the Court (for evidence protection in criminal proceedings), security agencies (for security purposes), courts (to secure evidence in civil cases), employees, witnesses, victims (as part of the assertion of claim), insurers (only for processing insurance claims), lawyers and those in other posts for the purpose of law enforcement.
No data is processed outside the EEA.
Data Retention Period
We process your personal data, where necessary, for the period of the entire business relationship (from the initiation and processing of a contract to its termination) and furthermore pursuant to the respective statutory retention and documentation obligations arising amongst others from the Commercial Code (UGB) and the Federal Fiscal Code (BAO), for example for Austria. In addition, the statutory limitation periods, which may for example in certain cases be up to 30 years in accordance with the General Civil Code (ABGB) (the most relevant limitation period in practice amounts to 3 years), must be taken into account for the retention period.
Data Access and Data Security
Those within our company involved with implementation and process have access to your data depending on operational and organisational needs.
Data protection and data security are important to us. Query contact form data is sent to us encrypted. We have implemented technical and organisational measures to secure our data processing. This particularly concerns protection of your personal data. We protect this against unauthorised or unlawful processing, accidental loss, accidental destruction or accidental damage. Your data is for example protected against unlawful access by a role authorisation concept, a data security concept and physical protective measures. Information security guidelines are established within the company. Technical and organisational security measures are continuously reviewed in line with technological development. External and internal IT security is checked at regular intervals by an external IT security company. Our central IT service provider regularly supplies us with an ISAE 3402 audit report on its internal control system.
Your details including personal data from our contact form are sent to us via our own mail server, so we can process your queries, processed further and stored by us. This data is not collected or forwarded without your consent. Without this data we cannot process your query.
By using our contact form, you are confirming that either you are not a minor, i.e. in Austria you are 14 or over, or you have the consent of your legal representatives.
Data is processed on the basis of the statutory provisions of § 96 Clause 3 of the Telecommunications Act and Art 6 Clause 1 a (consent) of the GDPR.
Your rights as the Data Subject
To be able to ensure transparency you have the following rights which you can exercise as the data subject. Within the meaning of the GDPR, you are a data subject if personal data on you is processed. To exercise your rights and if you have any queries, contact our data protection coordinator:
To assert your rights and if you have any questions, please contact our data protection co-ordinator:
Data protection coordinator
Powerlines Group GmbH
A‐2120 Wolkersdorf im Weinviertel
Where appropriate it may be necessary for you to prove your identity to us in a suitable form, to exclude the possibility of unauthorised third parties being given information on your data and/or unauthorised changes and/or deletions being made.
In the event of the exercise of your rights, we must immediately, but no later than one month from your concern reaching us, give our view thereon or deal with your concern or state whether and why the period for giving our views has been extended by up to two months.
Right to Information
You have the right to information on your personal data processed by us.
Right to Rectification
Should your personal data processed by us not be correctly recorded, please inform us of this so that we can rectify and/or complete and/or curtail it immediately.
The Right to Restrict Processing
You can make use of your right to restrict the processing of your data at our company if:
- you are disputing the correctness of your personal data and Powerlines is checking your data for correctness
- your data is processed unlawfully, but you decline to have it deleted and instead seek to restrict its use
- we no longer need your data for its original purpose, but you need it for the assertion, exercise or defence of legal claims
- you use your right of objection, although it is not yet established that our legitimate interests do not outweigh your legitimate interests.
As soon as you have arranged for the restriction on processing, you will be informed by us immediately before this is cancelled. This may be the case for example if the data is processed for the assertion, exercise or defence of legal claims or to protect the rights of another natural person or on grounds of the public interest of the Union or a member state.
The Right to Deletion of your Data
Should you no longer wish us to process your data, we would ask you to inform us of this. We will of course delete your data immediately and inform you thereof. Should compelling reasons, in particular legal reasons, prevent us deleting it, you will be informed by us to that effect immediately.
Right to Data Portability
Your personal data belongs to you. You have the right therefore to receive the data in a structured, current and machine-readable format. This refers to the data with which you have provided us and that is automatically processed with your consent or to fulfil a contract. You can also ask us to transmit this personal data direct to another responsible body.
Right of Objection
You have the right at any time for reasons in accordance with Art. 6 Clause 1 e or f of the GDPR, to lodge an objection to the processing of your personal data. This also applies for profiling based on these provisions.
In such a case, your data is no longer processed by us unless we are able to establish compelling legitimate reasons for such processing that outweigh your concerns or processing is directed at the assertion, exercise or defence of legal claims.
Where direct advertising is concerned, you have the right to lodge an objection to processing for the purposes of such advertising at any time. This also applies for profiling, if it is associated with direct advertising.
Right of Appeal
If it is your view that we are in breach of local or European data protection law in processing your data, we would ask you to contact us so that we can resolve any questions. You obviously have the right also to appeal to the Austrian data protection authorities or to your local competent authorities.
How to Make a Request
Whatever right you wish to assert, in every case you can send your request to us in 3 ways:
- by letter, personally signed please, and with a copy of your ID to
Data protection coordinator
Powerlines Group GmbH
A‐2120 Wolkersdorf im Weinviertel
- personally at Powerlines head office during office hours or
How your Application is Processed
- Please make your concern as specific as possible – that way we can deal with it quickly. An appropriate enquiry form is available here.
Unfortunately, emails are not always reliable, which is why we send you information by post.
Use of Powerlines Website
Every time a data subject or automated system calls up a website, the Powerlines website records a range of general data and information. This general data and information is stored in the server’s logfiles. The following can be recorded: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system gets to our system (so-called referrer), (4) the sub-websites heading for our website via an accessing system, (5) the date and time of access to the website, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system and (8) other similar data and information designed to avert risks in the event of access to our information technology systems.
In using this general data and information we draw no conclusions about the data subject. This information is needed rather in order to (1) correctly deliver the content of our website, (2) optimise the content of our website and the advertising for it, (3) guarantee the long-term functionality of our information technology systems and of our website’s techology and (4) provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack. This anonymously collected data and information is therefore statistical for one thing and also assessed with a view to increasing data protection and data security in our company, ultimately to ensure an optimal level of protection for the personal data we process. The anonymous data in the server logfiles is stored separately from all personal data provided by a data subject.
A cookie is a data file that – provided your browser settings allow – is stored by us on your computer if you visit our website or perform certain actions. The cookie contains information that we have sent to your computer. It stores certain settings and data for interaction with our system via your browser.
We used so-called session cookies, which are stored during your visit to our website. They are deleted when you end your browser session. We also use permanent cookies, which also remain on your computer once a browser session has ended. Permanent cookies contain an identification number by which we can identify your computer. With this we can improve our services if you visit out websites repeatedly. We cannot assign personal data to this identification number.
But please note that certain cookies are necessary to ensure the basic functions of the website. Some pages of our websites may not function properly if you do not accept cookies. Below you will also learn how to prevent certain cookies being set.
With regard to our cookies it is up to you when you want to delete them. In any case they are stored in your browser until you decide to delete them. As a user, you also have full control over the use of the cookies. However, we should like to advise you at this point that if you deactivate cookies it may not be possible to use all functions of our website.
This website uses Google Analytics, a web analysis service from Google Inc. (“Google”). Google Analytics is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses so-called “Cookies” (text files stored on your computer enabling analysis of your website usage, see above). Information generated by the cookie (including your IP address) is transferred to a Google server in the USA and stored there.
Google will use this information to assess your website usage (e.g. search terms entered), compile reports on website activity for the website operator and provide other services associated with website and internet use. Google can transfer this information to third parties where appropriate if this is legally prescribed or if third parties process this data on behalf of Google. Google will never associate your IP address with other data from Google.
The life of the cookies set by Google Analytics is ca. 10 minutes to 2 years. You will find further details here on the cookies set (in English) https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
To protect your data, we have added the Code “anonymizeIp” to Google Analytics on this website. We thus guarantee anonymised recording of your IP address (so-called IP masking).
You can prevent the installation of cookies by setting your browser software accordingly. We would point out that deactivating cookies may restrict your website functionality.
On the basis of current circumstances, such as an amendment to the Data Protection Act or the EU General Data Protection Regulation, we will if necessary update this Data Protection Declaration. Powerlines reserves the right to alter these regulations at any time in accordance with business requirements.