This Privacy Notice covers processing of Personal Data by any Eridia entity in all business areas and provides you with answers to the following questions, which may arise in connection with procession of Personal Data by Eridia during your business relationship with Eridia. In certain situations additional, separate Privacy Notices will be presented.
Who is processing my Personal Data?
What kind of Personal Data and for what purpose does Eridia process my Personal Data?
How and on what legal grounds is Eridia processing my Personal Data?
For how long will my Personal Data be stored?
Does Eridia share my Personal Data with third parties?
What are my rights as Data Subject with regard to my Personal Data?
Updates and Definitions
1) Who is processing my Personal Data?
If not indicated differently in a separate notice, contract document or other communication as the case might be with your contact from Eridia, the following entity is responsible for the processing of your Personal Data as Controller.
Eridia GmbH, Franz Haas Straße 1, 2100 Leobendorf, Austria
For questions please contact us under: firstname.lastname@example.org
In accordance with this Privacy Notice we may transfer your Personal Data to another Eridia entity or to third parties (this may also include local and external third parties) so that these recipients can process personal data for their own or the Controller’s purposes. These recipients act either as Processors or independent Controllers. This Privacy Notice states where such may be the case.
2) What kind of Personal Data and for what purpose does Eridia process my Personal Data?
Depending on the individual occasion, we process Personal Data for various purposes. Among other situations, we will process the hereinafter mentioned Personal Data for the described respective purpose:
If you contact us or when we contact you (in writing, electronically or by phone), we will process Personal Data such as name and contact data (postal address, e-mail or phone number) and the content and time of the relevant messages. We use this data for providing you the requested service, giving you information, process your request and to communicate with you. It is important to us, that you can contact us. We can also forward messages within the Group to the responsible entity or office.
II) Visiting Websites / Opening an Account / Using Apps / Subscribing to Newsletter
When you use our Online Services, we will process Personal Data such as IP-address, log data, information about the time our website was accessed and/or the app was installed and/or you have consented to the receipt of a newsletter, the duration of the visit, the pages accessed, device specific information, and all data that is provided to us through an online facility, such data may include an e-mail address, user name and credit card information. Additionally we may, depending on the offer, also process information of the use of your customer account, your location or your shopping behavior. In case of a newsletter we may additionally process Personal Data concerning the delivery of the newsletter, if and when you have opened and forwarded the newsletter as well as links you have clicked on.
We use these Personal Data for providing the Online Services, we further use it to improve our IT security. Based on the processed Personal Data we are able to put together the relevant offer or further offers to you or to the company you work for and to process your offer. This may include opening and maintaining a customer account in your name or informing you about changes and providing you further information through the electronic newsletter. We also process Personal Data in order to develop our Online Services on an ongoing basis. By using the Online Services we get to know you better and can provide you with personalized services. Finally, we process Personal Data in connection with Online Services in order to better understand the behaviour and interests of our customers. You are under no obligation to provide this Personal Data to us, but we may not be able to process a request or provide an online facility if you fail to provide such Personal Data.
We also use "cookies", which are small text files that are temporarily or permanently stored on your device when you visit our website. Cookies are often required for the functionality of the website. Others are used to personalize the offer. However, logs and cookies often do not contain personal data because we are often unable to assign this information to you. Finally, we may use functionalities from providers such as Facebook, which may result in the provider concerned processing data about you. Further details about the used cookies, our evaluation of your user behavior or further social plug-ins and how to prevent these processing steps can be found here.
III) Job Applications
When you are applying to us, we will process your Personal Data relating to your application (f. e. name, date of birth, curriculum vitae, qualifications, certificates; if necessary also Sensitive Personal Data) in order to assess whether you are qualified for the respective job position and to discuss possible employment with you. With your consent, we may also keep your application pending if we, or you, refrain from employment with a view to a possible later employment. It is voluntary to provide the respective Personal Data, but we cannot process an application without the necessary Personal Data.
IV) Compliance with Legal Requirements
In order to comply with legal requirements, we install preventive measures to ensure compliance or detect and clarify abuses (e.g. operation of a fraud reporting system, internal investigations or the disclosure of documents to an authority). We may also process Personal Data to comply with a legal requirement or government request.
V) Protection of Rights
We process Personal Data, e.g. name of the counterparty, in various constellations in order to protect our rights, e.g. to assert claims in and out of court and before local and foreign authorities or to defend ourselves against claims. Thereby authorities may require us to disclose documents containing Personal Data.
3) How and on what legal grounds is Eridia processing my Personal Data?
I) How Eridia processes Personal Data
i) Combination of Personal Data
We may also evaluate your Personal Data and combine it with other information, such as non-personal statistical information and other Personal Data that we have collected about you, in order to derive information about your preferences and affinities with certain products or services.
ii) Protection of Personal Data
Appropriate technical and organizational security measures are implemented in order to safeguard the security of your Personal Data and to protect it against unauthorised or unlawful processing, prevent the risk of loss, unintentional alteration, unintentional disclosure or unauthorised access. However, the electronic transfer of information in particular entails security risks that cannot be completely ruled out. If you transfer information electronically, you do so at your own risk.
iii) Profiling and Automated Individual Decision Making
Should we use your Personal Data for Automate Individual Decision Making, we will inform you accordingly in accordance with applicable legal obligations.
II) What are the legal grounds for processing Personal Data
We process your Personal Data based on the following legal grounds:
Necessity for the performance of contracts
Compliance with legal obligations
Consent (where processing is based on a specific request for consent)
Legitimate interests (including purchase and shipment of products and services; advertisement and marketing activities; customer support and communication; understanding customer behavior, activities, concerns and needs, market studies; improvement of and development of new products and services; protection of customers, suppliers, employees and other individuals as well of data, secrets and assets of or entrusted to Eridia, and the safety of systems and premises; maintenance and organization of business operations including IT systems; corporate governance and development; sale and acquisition of business units and other corporate transactions)
Compliance with legal and regulatory requirements and internal rules (f.e. prevention of fraud, wrongdoings and crimes and investigation in connection with improper conduct, handling of claims and actions against us, participate in legal proceedings, exercise and defend against legal actions)
4) For how long will my Personal Data be stored?
We retain your Personal Data no longer than it is necessary for the purposes for which the information is collected. We moreover retain Personal Data as long as we have a legitimate interest in the storage, for archiving purposes and for guaranteeing IT security or in the case of running statutes of limitations (often 10 years, in some cases 5 years or 1 year). We also retain your Personal Data as long as it is subject to a legal retention obligation (certain documents have a 10 year retention period; some even 25 years).
5) Does Eridia share my Personal Data with other recipients?
Our employees have on a need to know basis access to your Personal Data as far as it is necessary for the described purposes and the work of the employees concerned. They act in accordance with our instructions and are bound to confidentiality and secrecy when handling your Personal Data.
We may also transfer your personal data to other entities within the Group for the purpose of internal group administration and for the purposes described in this Privacy Notice. This means that your Personal Data can also be processed and combined with Personal Data originating from another Group entity for the respective purposes, to the extent permitted under applicable law.
We may also disclose your Personal Data to third party Processors. Processors are obliged to process the Personal Data exclusively on our behalf and according to our instructions.
Additionally we may disclose your Personal Data to other recipients if this is so required by law. We also reserve the right to share your Personal Data in accordance with a court order or to assert or defend legal claims or if we consider it necessary for other legal reasons.
The recipients of your Personal Data may be located worldwide including in countries outside of the EU, UK or the EEA. The countries concerned may not have laws that protect your Personal Data to the same extent as the laws in Switzerland, the EU, UK or the EEA do. If we disclose your Personal Data to recipient located in such a third country, we will take appropriate measures to ensure the protection of your Personal Data, for example by concluding a data transfer agreement, that includes contracts approved, issued or recognised by the European Commission and the Federal Data Protection and Information Commission to ensure the necessary data protection with the third country recipients.
Please contact us if you would like to obtain a copy of our data transfer contracts or if you wish to receive further information about how we protect your Personal Data when disclosing it to a third country
6) What are my rights as Data Subject with regard to my Personal Data?
It is important for us to point out, that you can at any time object to the processing of your Personal Data or freely withdraw your consent to the processing of your Personal Data. If you revoke your consent, effectively object to processing for a specific purpose, we no longer process your Personal Data for the corresponding purpose.
Additionally you may have the following rights, in accordance with applicable laws:
I) Right to Information
You have the right to be informed transparently, clearly and comprehensively about how we process your Personal Data and what rights you have in connection with the processing of your Personal Data. This Privacy Notice fulfils this obligation. If you would like further information, please contact us.
II) Right of Access
You have the right to request, at any time, access to your Personal Data stored and processed by us. This gives you the opportunity to check which Personal Data we process about you and to verify that it is used in accordance with the applicable data protection regulations. The right to information may be limited or excluded, in case no sufficient identification is given, it is necessary to protect the rights and freedoms of other Data Subjects, the right to access is used excessively, a comprehensive provision of information would generate disproportionate efforts.
III) Right to Rectification
You have the right to have incorrect or incomplete Personal Data corrected or completed and to be informed of such rectification.
IV) Right to Erasure
You have the right to request that your Personal Data is erased if the Personal Data no longer necessary for the purposes pursued, consent has effectively been withdrawn or there is an effective objection and if Personal Data is processed unlawfully.
The Right to Erasure might be excluded if the Personal Data is necessary for the exercise of freedom of expression and information, to perform a legal task or a task in the public interest or for the establishment, exercise or defense of legal claims.
V) Right to restrict Processing
Under certain circumstances, you have the right to request that the processing of your Personal Data be restricted (e.g. no further processing at all or removal of published Personal Data).
VI) Right to Data Portability
You have the right to receive the Personal Data concerning you, which you have provided to us, in a commonly used and machine-readable format, provided that processing is based on your consent or is necessary for the performance of the contract and the processing is carried out by automated means. Depending on the individual case, your Personal Data may be transferred to you or directly to another Controller.
VII) Right to lodge a Complaint
You have the right to lodge a complaint with a competent supervisory authority about the way we handle or process your Personal Data. Alternatively you may inform us under email@example.com
VIII) Right to withdraw Consent
If you have given your consent to the processing of your personal data for a specific purpose, you can at any time freely withdraw your consent. The withdrawal of your consent has no effect on the legitimacy of the processing of your data carried out before the withdrawal. If you revoke your consent, we may no longer process your personal data for the corresponding purposes.
IX) Right to Object
If we process your Personal Data due to our legitimate interests, you can at any time object to the processing. Your objection should indicate the reasons why we should not process your Personal Data. If your objection is justified, we will cease the processing of your Personal Data.
You may also object to the processing for direct marketing purposes.
7) Updates and Definitions
I) Updates to this Privacy Notice
We may update this Privacy Notice from time to time if we change our data processing activities. We expect most such changes to be minor, but there may be changes that are more significant.
Irrespective of the extent of any modification the most current Privacy Notice will always be posted on this page (www.eridiabio.com/privacy-policy), more significant changes will be communicated more prominently and if you are registered with us, we will actively inform you, if this is possible without disproportionate effort. In general, however, a data processing activity is subject to version of the Privacy Notice which is the latest version at the beginning of the relevant processing.
Automated Individual Decision Making: Decisions based solely on automated means and which result in negative legal effects or other similar negative effects of the Data Subject.
Controller: The responsible entity out of the Eridia, deciding whether a particular processing should take place, for what purpose and which principles are applicable.
Cookie: Small text files that are temporarily or permanently stored on your device when visiting our website in order to the functionality of the website or record the preferences of the users.
Data Subject: Any natural person, whose Personal Data might be processed.
EEA: The European Economic Area describes a region associated with the EU and includes Norway, Iceland and Liechtenstein.
GDPR: EU General Data Protection Regulation 2016/679.
Online Services: These services include your visit of our website, if you open an account with us or if you install, use an app provided by us or subscribe to an electronic newsletter.
Personal Data: Information by which a particular natural person can be identified or is identifiable.
Processing: Any operation or set of operation which is performed on Personal Data such as collecting, storing, restraining, organizing, administering, adapting, retrieving, consulting, using, applying, disclosing, combining, restricting, deleting, destructing or transferring.
Processor: A third party who performs certain business operations on our behalf, such as IT services, consulting services, haulage and logistic services, administration services.
Sensitive Personal Data: Personal Data that is seen by the legislator as particularly critical and therefore specially protected. This includes Personal Data revealing race or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetics biometric or health data, data on sex life, sexual orientation or criminal convictions and crimes.
Third Countries: Countries outside the European Union / EEA, where the data protection level is not considered appropriate by the EU Commission.
This Privacy Notice was issued on June 15th, 2022.