This privacy notice for suppliers ("Privacy notice") applies to the B&R Group, i.e. B&R Industrial Automation GmbH and any company in which B&R Industrial Automation GmbH directly or indirectly holds a majority interest or owns or controls the majority of voting rights. The B&R company that you are in communication with or to which you deliver goods or provide services (hereinafter referred to as "B&R") is responsible for processing your personal data and controls its use in accordance with this privacy notice.
At B&R, protecting your personal data is a top priority.This privacy notice explains how we process your personal data and what rights you have in relation to your personal data.
1.
B&R-TochtergesellschaftenIn accordance with applicable data protection laws, the B&R subsidiary that is in communication with you or to which you deliver goods or for which you provide services is responsible for processing your personal data.
In your case, B&R Industrial Automation GmbH, B&R Strasse 1, 5142 Eggelsberg, Austria or the respective company affiliated with B&R Industrial Automation will decide, as the "data controller" within the meaning of the General Data Protection Regulation ("GDPR") and the Austrian Data Protection Act or other applicable national data protection laws at the headquarters of the respective subsidiary, for what and how your personal data will be used in accordance with this privacy notice (hereinafter also referred to as "B&R", "we" or "us").
2.
We may also process personal data that we receive from you either as a result of your contact request, a specific precontractual inquiry or a registration for a specific event via our websites, by email or telephone or at a trade fair or product event.In addition, to the extent required for the purposes stated in this privacy notice, we process personal data that we can obtain from publicly available sources or that is lawfully transmitted by other third parties (e.g. a credit agency), such as commercial register data or creditworthiness data.
3.
We process your personal data primarily for the purpose of carrying out and fulfilling our business and contractual relationships with you.Within the framework of this business and contractual relationship between you and us, you must provide the personal data necessary for the initiation, execution or termination of contracts with our suppliers and for the fulfillment of the associated contractual obligations or that we are legally obliged to collect and process (e.g. tax laws).
- Supplier and service provider management throughout the supply chain, including contact interaction, bid processing, contracting, order processing, processing and execution of procurement transactions, administration and management of suppliers, vendors, contractors, consultants and other commercial professionals
- Settlement of liabilities, management of supplier invoices and payments, purchase of direct and indirect services
- Reporting and analysis, including market information and the development and improvement of services or products by evaluating and analyzing this information.
- Process quality management
- References to documents such as quotes, orders, invoices and reports
- Contract life cycle management
- Collection and insolvency proceedings
- Supplier training
- Financial and joint accounting services that include records of reporting, purchase and payment of services
- Monitoring and auditing compliance with company guidelines, contractual obligations and legal requirements of B&R (including conflict commodities)
- Governance, risk and compliance, including obligations relating to due diligence and anti-money laundering ("AML"), customs duties and compliance with international trade regulations and review of sanctions lists, security, including prevention, detection of crime and fraud
- Maintaining and protecting the security of products, facilities, services, systems, networks, computers and information, preventing and detecting security threats, fraud or other criminal or harmful activities
- Managing IT resources, including infrastructure management such as data protection, data systems support and application management service activities, end user support, testing, maintenance, security (response to security incidents, risks, vulnerabilities, data breaches), user account management, software licensing, security and performance testing and business continuity
We only collect the personal data from you that we require for the purposes described above.For statistical purposes, to improve our services and to test our IT systems, we use anonymous data as much as reasonably possible.This means that you can no longer be directly or indirectly identified as an individual using this data.
4.What happens if you do not provide us with the personal data we request or if you ask us to stop processing your data?
In the case of processing operations in direct relationship to agreements with our suppliers (as described above), B&R is not in a position to adequately establish, maintain or terminate a business relationship with you or your company and generally to fulfill the purposes described above without certain personal data.Although we cannot oblige you to provide us with your personal data, please bear in mind that your refusal could have consequences that may result in a negative impact on the business relationship.We would not be able to take requested precontractual or contractual measures to conclude or fulfill a contract with you, for example, or establish and continue the business relationship you have requested.
5.
- Implementation, management, development and promotion of our business in the broadest sense, including the supply of products and services, fulfillment of agreements and management of orders with suppliers, processing and execution of purchases, process quality management and improvement of products or services, analytics and market intelligence, reduction of default risks in our procurement processes and reorganization, acquisition and sale of activities, divisions and companies
- Monitoring, checking and ensuring compliance with legal, regulatory, normative and ABB and B&R internal specifications and guidelines
- Establishment, exercise and defense of legal claims by and against B&R in connection with the performance of supply contracts with us
- Transfer of personal data within the B&R Group for internal administrative purposes, if required, for example, to provide centralized services
6.
We will only share your personal data with other B&R companies or third parties if this is required for the purposes listed in the table below.
If we share your personal data with a B&R company or third party and it is transferred or becomes accessible outside the European Union ("EU") and the European Economic Area ("EEA") or outside the country in which the B&R company controlling your information is located, we will protect your personal data with appropriate safeguards.We have taken additional measures to protect your personal data when it is transferred outside the EU, EEA or the country where the B&R company controlling your data is located.
The purposes stated in this privacy notice | ||
B&R partner companies, distribution partners and dealers | The purposes stated in this privacy notice | |
Service providers such as IT services, independent dealers, payment processors, rating and evaluation services, commercial and consulting services including accountants, auditors, lawyers, insurers, bankers, recruiters, travel agencies and other consultants or service providers working on behalf of B&R | The purposes stated in this privacy notice | |
Insolvency administrator or creditor | Default and insolvency management | |
For the evaluation of the companies or assets concerned or for the purposes specified in this privacy notice | ||
Recipients required according to applicable law or legal proceedings, such as law enforcement agencies or other authorities | Where required by applicable law, legitimate requests from public authorities or under applicable legal requirements |
7.
In general, personal data is stored for the duration of the contractual relationship and for a minimum period (usually between 5 and 10 years after the end of the contractual relationship) or for a longer period if this is required by local laws and official requirements.
At the same time, applicable data protection laws require that we store and process your personal data in a form that identifies you for no longer than is necessary for the purpose for which the personal data was collected and that we carry out regular checks in this regard.