Por favor elija país e idioma:

B&R Industrial Automation GmbH

B&R Strasse 1

5142 Eggelsberg

Austria

Telephone: +43 7748 6586-0

Fax: +43 7748 6586-26

office@br-automation.com

The place of jurisdiction, in accordance with article 17 of the European Convention on Courts of Jurisdiction and Enforcement, is A-4910

Ried im Innkreis, Austria, commercial register court: Ried im Innkreis, Austria

Commercial register number: FN 111651 v.

The place of fulfillment in accordance with article 5 of the European Convention on Courts of Jurisdiction and Enforcement is A-5142 Eggelsberg, Austria

Austrian DVR no.: 0721301

VATIN: ATU62367156

Legal information

Director authorized to represent the company: Clemens Sager

Director responsible for the contents of publications according to the Telemedia Act: Clemens Sager

Technical information

Party responsible for technical aspects: Expert Communication Systems GmbH

Technical support: it.support@br-automation.com

General conditions of use of this website

1. Copyright information

All the information on this website is provided as it is written without any claims that it is correct, complete or up-to-date.

Unless otherwise explicitly stated in this publication, in connection with any particular section, file or document, anyone is entitled to view, copy, print and distribute this document, subject to the following conditions:

This document is only permitted to be used for non-commercial information purposes. Any copy of this document or any part of it must contain this copyright statement and the copyright symbol of the operator. This document, any copy of this document or part of it is not permitted to be altered without the written consent of the operator. The operator reserves the right to revoke this authorization at any time, and any use of this document must be discontinued immediately as soon as a written notice to this effect is published by the operator.

2. Contractual guarantees and waivers

The website of B&R Industrial Automation GmbH is available to you free of charge, unless agreed otherwise. The operator cannot give any guarantee for the correctness of the information on this website, the availability of the services offered on this website, any loss of data stored on the website of B&R Industrial Automation GmbH or the usability of the information on this website for any particular purpose.

The operator will also not be liable for any consequential damages which may result from the use of the products offered on this website.

If this exclusion of liability is not legally valid, the operator shall only be liable for gross negligence and intent. Product names and company names are trademarks of their respective owners and are only used on this website for information purposes.

This website may contain technical or other inaccuracies or typing errors/misprints. From time to time, changes or additions may be made to the information on this website; these changes are included in new versions of the publication. The operator may at any time make improvements and/or changes to the products described on this website.

3. Expression of opinions in comments and in the online forum

Due to the constantly changing content of comments and the online forum, the operator is not able to view all the contributions, to review their contents or to exercise direct active control over them. No responsibility can therefore be accepted for the content, correctness and form of the contributions posted on this website.

  • 3a. Special conditions for registered users
  • By registering with "B&R Industrial Automation GmbH", the users - hereinafter referred to as the "members" - are declaring to the operator that they agree with the following conditions of use:
  • Members who participate in the online discussion forums and post comments undertake:
  • To abstain from using any insults, illegal content, pornographic material and abusive language in their comments.
  • To accept sole responsibility for the content posted by them, not to infringe the rights of third parties (in particular, trademarks, copyrights and personality rights), and to completely exempt the operator of "B&R Industrial Automation GmbH" from any third-party claims which may result from their contributions.
  • Not to put advertisements of any kind in the online forums or comments, or to use the forums and comments for any kind of commercial purposes. In particular, this applies to the publication of "0900" premium-rate telephone numbers for any purpose.
  • The members have no entitlement to the publication of comments or forum posts submitted. The operator of "B&R Industrial Automation GmbH" reserves the right to edit or delete comments and forum contributions at their own discretion. In the event of violations of the obligations listed above in 1), 2) and 3), the operator also reserves the right to temporarily block or permanently cancel membership.

4. Submitting contributions and articles

If members of this website submit their own contributions to the editors of "B&R Industrial Automation GmbH", the following conditions will apply:

The precondition for posting contributions on this website is that the members concerned have entered their full and correct first names and surnames in their "B&R Industrial Automation GmbH" user profiles, either before or after submitting their articles. The contribution submitted will be published under the names entered there if it is published.

The members must make the following declarations for all the contributions submitted by them in the future to "B&R Industrial Automation GmbH":

  • The members declare that the contributions they submit are free of third-party rights, in particular copyrights, trademarks or personality rights. This applies to all contributions and images submitted.
  • The members grant the operators of "B&R Industrial Automation GmbH" an unrestricted right to the use of the contributions submitted. This includes publication on the Internet on "B&R Industrial Automation GmbH" as well as on other Internet servers, in newsletters, print media and other publications.
  • Submitted contributions will be deleted or anonymized at the request of the member sent by email to the address of the webmaster. This deletion or anonymization will take place within 7 days after it is requested. The operator will only be liable for consequential damages suffered by the member as a result of the delayed deletion of a submitted contribution insofar as this deletion was not due to non-compliance by the member with their obligations (listed above in 1), 2) and 3)) and was furthermore due to gross negligence or intent by the operator of "B&R Industrial Automation GmbH". In this context, we expressly remind you that "B&R Industrial Automation GmbH" is regularly indexed by search engines, and that we have no influence on whether, where and how long any contributions published by us may be stored and remain accessible in databases of search engines and web catalogs, even after these posts have been deleted from "B&R Industrial Automation GmbH".
  • The members have no entitlement to the storage, publication or archiving of the contributions they have submitted. The operator reserves the right not to publish submitted contributions on their website, without having to give any reasons for this, to edit them before publication, or to delete them after publication, at its own discretion.
  • The publication of contributions submitted shall not be grounds for any claims for payment (fees, royalties, reimbursement of expenses or similar) by the members against "B&R Industrial Automation GmbH". The submission of contributions to this website is entirely voluntary (unpaid).

5. Data protection declaration (Privacy Policy)

If users of our website make use of the opportunity to enter personal or commercial data on this website, this information is given on an expressly voluntarily basis by the users. Our services may also be used without having to give such data or using anonymized data or a pseudonym, insofar as this is technically possible and reasonable. For additional important information on data protection, see our Data Protection Declaration (Privacy Policy).

6. Registration and password

The users of this website are obligated to treat the username/password combination confidentially and not to pass this on to third parties. If a misuse of the access data is suspected, the operator must be informed.

7. Notes on the Teleservices Act [Teledienstgesetz]

The respective provider of the third-party website is responsible for third-party websites linked to on this website. The operator is not responsible for the contents of such third party websites. In addition, the websites of third parties may contain links to our website without our knowledge. The operator does not accept any responsibility for presentations, contents or any connection to this website on the websites of third parties. The operator is only responsible for the contents on third-party websites if they have positive knowledge of them (and also of their illegal or criminal content) and it is technically possible and reasonable to prevent the use of this content. According to the Teleservices Act, however, the operator is not obliged to constantly check the contents of third parties' websites.

Legal validity

These General Conditions of Use of this website apply to the company B&R Industrial Automation GmbH.

If any sections or the wording of individual conditions in this text are not, no longer or not fully compliant with current legislation, the contents and the legal validity of the other parts of this document shall remain unaffected by this.

Code of Conduct

B&R Industrial Automation GmbH operates an interactive online service that is accessible as a social network on the Internet. All the registered users on the website of B&R Industrial Automation GmbH together form a single social network (hereinafter referred to as the Network). Each user can decide whether and to what extent he or she will grant other users access to his or her profile.

The behavior of all the users of the Network, the content in profiles and groups, pictures and links, as well as the use of the data accessible via the network, are all regulated by the following binding rules:

  • Respectful and polite forms of expression are one of the basic principles of our Network. It is therefore not permitted to portray other people negatively, or bully or ridicule other people.
  • Of course, any publications that violate the applicable legislation are not permissible in any way.
  • There must be no repeated sending of messages if the recipient has stated that this is not wanted.
  • No chain letters, pyramid schemes, competitions, lotteries, betting games or similar are permitted to be circulated or organized.
  • Information given in profiles and groups must be accurate and truthful. Content in profiles and groups as well as pictures and links are only permitted to be published for private purposes. Data published by other users via the Network is not permitted to be reused in any way.
  • The users are responsible in every respect for every type of publication they post online (data, information, pictures and the like), as well as for the consequences of their postings.
  • If a profile image is uploaded onto the profile page, the user must be recognizable in it.
  • The user is only permitted to publish content that is either common knowledge, or for which they also own the rights. For publications related to third parties, the consent of the third party is required.
  • No commercial advertising or political campaigning by users is permitted to be published.
  • Racist, violent, politically extremist, sexist, discriminatory or other types of offensive publications are not permitted, nor are those which insult, slander, threaten or verbally abuse other people, ethnic groups or religious communities.
  • Nude photographs, pornography and images of physical or sexual violence are not permitted. It is also prohibited to post on our website recordings of victims of acts of violence, victims of war or victims of natural catastrophes, illegal symbols of banned organizations, propaganda which glorifies violence, or images of acts of war.
  • Messages must be treated as confidential by the recipient. They are only permitted to be made available to third parties with the explicit consent of the sender.
  • Data is not permitted to be read, stored, processed, altered, forwarded, used commercially or otherwise misused, either manually or in an automated process, for the purpose of data acquisition, without consent.
  • No profiles or Internet pages are permitted to be set up in the network for the purpose of reading, storing, processing, altering or forwarding information or otherwise misusing it.
  • No viruses, links, programs or other processes that violate the general commercial conditions for the use of the network are permitted to be used or disseminated.
  • The disclosure or exchange of passwords, codes and serial numbers of any kind is not permitted on the platform.
  • No technical attacks are permitted to be carried out to change, misuse, delete or otherwise damage all or part of the data of individual users. Technical attacks of any kind on the B&R Industrial Automation GmbH platform or the database of the Network are also prohibited.
  • In addition to the Code of Conduct, the General Commercial Conditions for the use of the Network must be complied with.

Punishment of violations:

  • A violation of the General Commercial Conditions or the Code of Conduct will result in a warning being given to the user, a temporary or a permanent blocking of his or her profile or the deletion of his or her profile.
  • Profiles which do not reflect a user's true identity will be deleted without warning as soon as the first such violation is discovered.
  • The operators of the B&R Industrial Automation GmbH Network reserve the right to delete a profile or a group in the event of a serious violation immediately and without giving a prior warning.
  • If the profile of a founder of a group is deleted, the B&R Industrial Automation GmbH team will appoint one of the group moderators as the new group founder. If there is no moderator in the group, the person who has been a member of this group for the longest time will be appointed as the founder.

Data protection declaration

At B&R, protecting your personal data is a top priority. The privacy notices below describe the following:

  • How and why B&R processes personal data
  • Which personal data B&R collects
  • How long this data is stored
  • With whom this data is shared
  • What rights the data subject has under the General Data Protection Regulation (2016/679), Articles 13 and 14 and under local data protection rules.

This privacy notice for employees ("Privacy notice") applies to all companies in the B&R Group (business units in which B&R Industrial Automation GmbH directly or indirectly holds a majority interest or controls the majority of voting rights). B&R Industrial Automation GmbH is in turn part of the ABB Group (a 100% subsidiary of ABB Asea Brown Boveri Ltd.). The B&R company that employs you is responsible for processing personal data and monitors data processing in accordance with this privacy notice. Furthermore, other B&R subsidiaries can receive and process your data, i.e. this privacy notice also applies accordingly to these B&R companies (a corresponding list can be found on the B&R website.

At B&R, compliance with your data protection rights has the highest priority. This privacy notice explains why and how we collect and process your personal data and what your rights are with regard to this data.

In your case, B&R Industrial Automation GmbH, B&R Strasse 1, 5142 Eggelsberg, Austria or the company affiliated with B&R Industrial Automation GmbH with whom you have an employment contract (hereinafter referred to as "employment relationship") will decide, as the "responsible party" within the meaning of the General Data Protection Regulation ("GDPR") and the Austrian Data Protection Act or other applicable national data protection laws at the headquarters of the respective subsidiary, for what and how your personal data will be used in accordance with this privacy notice (hereinafter also referred to as "B&R", "we" or "us").

We collect and use personal data that we receive from you in connection with your employment at B&R. In addition, we process personal data that we can obtain from publicly accessible sources or that is lawfully transmitted by other third parties (trade and association registers, press, etc.), insofar as this is necessary for the purposes stated in this privacy notice. We process the following categories of your personal data to the extent required for the purposes of processing in accordance with this privacy notice:

  • Personal details and identification information, such as your name, home and business address, home and business telephone number, personal and company email address or other contact information, as well as date and place of birth
  • Personal data relating to family and social circumstances, e.g. gender, age, marital status (including names and contact details of relatives)
  • Job-related personal data, such as employee number, signature, employment status, social security and tax number, insurance number, place of residence, nationality, photograph, emergency contacts, passport details, work and residence permit, immigration status and visa data
  • Qualifications, e.g. qualifications and certifications, including current and past employment, education, training and education courses, resume, files and documents pertaining to education and work experience, contact details of references, results of aptitude tests and interviews and feedback
  • Job information and work data, such as position, title, employment contract, personal ID for payroll, supervisor, salary level, current and past performance, employment status, leave of absence information, working time information, training materials, performance and development goals In some cases, we also store the results of aptitude tests, safety reports and accidents and professional feedback.
  • Remuneration, allowances, benefits and cost information, such as income data, payroll data, retirement savings account and contributions, non-cash benefits and benefits in kind, bonuses, remuneration, stock options, dependents, heirs or beneficiaries for health care services, bank statements, expense reports and receipts, bank details, credit card data, telephone charges and insurance data.
  • Electronic identification data and information (where employees have access to or are affected by systems or applications), e.g. access logs, IT and Internet usage, device identifiers (mobile device ID, PC ID, etc.), registration and login data, IP addresses, tracking and analysis data, records (e.g. mailboxes/call records), postings on corporate platforms (e.g. Yammer), password recovery information, data from IT security tools
  • Financial data and other details, such as account information, credit checks, payment details and transactions, investigation data and past disciplinary actions
  • Other personal data if such data is entered into our systems and programs by you or others (such as, among others, your colleagues). This includes business documents containing personal information (e.g. inquiries, questions, complaints, orders and related files, emails, reports, contracts, presentations, protocols, work results), photos, images and/or videos. If your personal data in the categories listed below is used at all, it will be collected and processed exclusively in accordance with the laws applicable in your country of residence.
  • Special categories of personal data, e.g. membership of religious communities (if required, e.g. for tax purposes); health and medical data, including disability status, special working conditions (e.g. use of a stand-up desk) and medical equipment needed at the place of work, work-related illnesses and injuries, data for assistance in travel emergencies (blood group, medical records, allergies); ethnicity (e.g. if required for diversity purposes); in some cases trade union membership, political opinion and sexual orientation (e.g. when such information is required investigating discrimination cases)
  • Data regarding criminal convictions and offenses, e.g. information regarding previous convictions and lists of sanctions, insofar as such information is required for due diligence, in particular a review of criminal history (Know your customer - "KYC") and under money laundering laws (Anti-money laundering - "AML").

If you wish to obtain information about a specific data processing activity, please send a request to www.abb.com/privacy.

We process your personal data primarily for the purpose of carrying out and fulfilling our employment relationship with you. Within the framework of the employment relationship between you and us, you must provide personal data that is necessary for the initiation, execution or termination of the employment relationship and for the fulfillment of the associated contractual obligations or that we are legally obliged to collect.

Without processing certain personal data, B&R will generally not be able to enter into, maintain or terminate an employment relationship with you or to take contractual or legal action at your request. If you do not provide certain personal data, B&R may not be able to process your personal data at your request in connection with your employment, or you may not be able to exercise your employee or social security rights. If you are requested to provide us with personal data about yourself, we will indicate which personal data is required, which personal data can be provided voluntarily and on what legal basis it will be processed.

In particular, we process the personal data listed above for the following purposes:

  • Personnel management, including organization and personnel administration, work time management, improvement and maintenance of effective personnel administration, internal personnel analysis, reporting and planning
  • Personnel transfer management of various subsidiaries and succession planning
  • Payroll, compensation and performance management, including the provision of social services and the maintenance of salary, compensation, allowances, benefits, insurances, pensions and appraisals
  • Talent management and acquisition, including recruitment, assessment of suitability and work ability, background checks and verification of qualifications, procurement and provision of references
  • Management of development and further education measures including certifications, employee training and conducting surveys and studies on employee satisfaction
  • Work procedures and processes related to starting and ending a work relationship, including internal transfers or terminations
  • Sick leave or other leave of absence and holiday administration
  • Internal health and safety programs, including occupational health and safety and accident records or reports and process quality management
  • Travel and expense management and organization of business trips, including monitoring travelers for assistance in case of safety or medical emergencies; provision of training in travel safety, health and security and, on a voluntary basis, assistance with security support in the case of an emergency
  • Fulfilling obligations and exercising specific rights in the field of labor and social security law or, for example, a collective agreement
  • Internal and external communication of the B&R organization and representation of B&R, including entries in the commercial register and assignment of powers of attorney
  • Organization of B&R events and their documentation, including management and organization of internal, non-advertising campaigns, events and meetings
  • Managing B&R assets, including images and videos that represent employees and other people and can be downloaded via B&R's intranet, B&R's website, etc.
  • Financial and joint settlement services that provide record to report, order to cash and purchase-to-pay services
  • Reorganization, purchase or sale of activities, business units and companies.
  • Annual reports, statistics and analyses
  • Monitoring and verifying compliance with ABB and B&R corporate guidelines, contractual obligations and legal requirements through employee activities in the workplace, including disciplinary measures
  • Conducting audits, reviews and regulatory checks to fulfill obligations to regulatory authorities
  • Control, risk and compliance, including compliance with laws, rules of law enforcement agencies, courts and regulatory authorities (such as the process of verifying customer identities ("KYC"), measures to prevent money laundering ("AML"), compliance with customs and international trade regulations, rules for conflicts of interest and security obligations) and the prevention, detection, investigation and resolution of crime and fraud or other prohibited activities, or to protect, establish, exercise or defend legal rights and claims
  • To manage customer relationships, execute customer orders and provide customer service, processing and to evaluate and respond to inquiries and requests
  • To manage suppliers, contractors, consultants and other professional experts, including interaction with contacts, processing and fulfilling purchases and invoices and contract lifecycle management
  • Use of work services and products and for references to documents such as drawings, orders, purchase orders, invoices, reports
  • Access control systems with electronic entry and/or exit control for authorized persons in restricted areas and local attendance list for emergencies
  • Intrusion detection systems including third-party monitoring of coercion, property, internal security, supporting surveillance monitors for site monitoring/automated systems
  • Maintaining and protecting the security of products, facilities, services, systems, networks, computers and information, preventing and detecting security threats, fraud or other criminal or harmful activities and ensuring business continuity
  • Management of IT resources, including infrastructure management, such as data protection, data systems support and application management service activities, end user support, testing, maintenance, security (response to security incidents, risks, vulnerabilities, data breaches), master data and areas of activity including user account management, software licensing, security and performance testing and business continuity

We only collect the personal data required for the above purposes. Some of your collected personal data concerns your relatives and emergency contacts. In these cases, we ask that you inform them of this privacy notice.

We may also collect your personal data anonymously so that you cannot be identified directly or indirectly by this data, and subsequently use this data for further processing purposes, including statistical purposes, improving our services and reviewing our IT systems.

If you work at the location of a third party (e.g. the property or facility of a B&R customer), it is possible that this third party, as the data controller, may collect and process your data for their own purposes. In such cases, you will receive or be able to request a separate privacy notice from that external data controller.

We process your personal data for the purposes described above (in Question 3) in accordance with the provisions of the GDPR and the Austrian Data Protection Act, especially in accordance with the following applicable legal bases:

  • We primarily process your personal data for the purpose of establishing, implementing or terminating the employment relationship with you as well as for the enforcement of rights and the fulfillment of obligations arising from your employment contract with us on the legal basis of Art. 6 (1) b) of the GDPR.
  • If we process your personal data (including special categories of personal data) in order to exercise rights or fulfill legal obligations arising from employment, social security and social protection law, the legal basis for this data processing is Art. 6 (1) c) and Art. 9 (2) b), f) and h) of the GDPR.
  • If we process your personal data (including special categories of personal data) for the purposes of health care, occupational medicine or the assessment of your ability to work, and if this processing is carried out by health care professionals or other persons subject to professional secrecy, the legal basis is Art. 9 (2) h) of the GDPR.
  • In cases in which we process your personal data on the basis of other legal provisions and obligations, for example, with regard to allowances and tax, reporting or notification obligations, cooperation obligations with authorities or legal retention periods in order to fulfill our other contractual and legal obligations as an employer and company, the legal basis for this processing is Art. 6 (1) c) of the GDPR.
  • Where required, we process your personal data within the scope of our employment relationship with you in order to safeguard our legitimate interests or those of third parties. This is done in the context of balancing interests in accordance with Art. 6 (1) f) of the GDPR, according to which processing is permissible if it is necessary to safeguard legitimate interests and if the interests or basic rights and freedoms of the data subject, which require the protection of personal data, do not prevail. Such legitimate interests may include the following processing purposes:
    • Monitoring (e.g. by IT systems), checking and ensuring compliance with legal and regulatory standards and ABB's and B&R's internal specifications and guidelines
    • Prevention of fraud and criminal activity, including verification of such activity, misuse of B&R's assets, products and services and where strictly necessary and appropriate to ensure network and data security
    • Establishment, exercise and defense of legal claims by and against B&R in connection with your work tasks and obligations at B&R
    • Transfer of personal data within the B&R Group for internal administrative purposes, wherever necessary, for example, to provide decentralized services

To obtain a copy of our assessment of our legitimate interest in processing your personal data, including documented balancing of interests, please send a request to www.abb.com/privacy.

In exceptional cases and insofar as we process your personal data (including special categories of personal data) for purposes that are not covered by the aforementioned legal bases, we will ask you, in accordance with Art. 6 (1) a) and Art. 9 (2) a) of the GDPR, for your consent as the legal basis for processing your personal data, for example when using photographs or video recordings that explicitly affect you. Your consent is always given on a voluntary basis so that you are not obliged to provide this data and need not fear any disadvantages if you refuse to give your consent. You can also withdraw your consent at any time per Art. 7 (3) of the GDPR without providing reasons with future effect. If we ask for your consent to the purpose-related use of your personal data, we will inform you of your right to object and about the possibility to exercise your right to object.

We will only process personal data relating to criminal convictions or offenses in accordance with (locally) applicable law.

As part of a global corporation, we have business relationships with companies in the B&R and ABB Group and external service providers, both within and outside the European Economic Area (EEA), which we may also use to process your personal data. We will generally only share your personal data with other B&R companies or third parties if this is necessary for the purposes listed in the table below.

In this regard, your personal data may also be made available to companies of the B&R Group in countries within and outside of the EEA for the aforementioned processing purposes. In addition, when processing your personal data for the aforementioned purposes, we may use external service providers as data processors (e.g. computer centers, software companies and marketing automation providers). They are generally used with binding instructions within the framework of an existing contractual relationship and receive your personal data only to the extent and for the period of time required to provide the service.

If we share your personal data with a B&R company or third party and it is transferred or becomes accessible outside of the European Union ("EU") and the European Economic Area ("EEA") or outside the country of the employer's location, we will protect your personal data with appropriate safeguards. Examples of such safeguards include a determination of suitability by the European Commission or Standard Contractual Clauses. We have taken additional measures to protect your personal data during transfers from within the EU, EEA or outside the country of the employer's location. If you would like an overview of the safeguards applied, please send a request to www.abb.com/privacy.

Recipient category

Recipient location

Purpose

Companies and subsidiaries affiliated with B&R

List of B&R subsidiaries (see the B&R website)

The purposes stated under Question 3, including human resources management, talent management and the organization of internal training and events

B&R customers, wholesalers, representatives and other business partners

EU/EEA and non-EU/EEA (global)

The purposes stated under Question 3, including project assignments, conducting audits, reviews and regulatory checks, customer relationship management and travel expense reporting

Service provider

EU/EEA and non-EU/EEA (global)

IT services, HR and training, payroll accounting, payment processors, professional and consulting services including accountants, auditors, lawyers, insurers, banks, recruiters, travel agencies and other consultants hired by B&R

Retirement funds, workers' and industry organizations and associations

EU/EEA and non-EU/EEA (global)

The purposes stated under Question 3

Potential or actual buyers of B&R business units or assets

EU/EEA and non-EU/EEA (global)

For the evaluation of the companies or assets concerned, or for the purposes stated under Question 3

Recipients required according to applicable law or in the context of legal proceedings, such as prosecutors and authorities

EU/EEA and non-EU/EEA (global)

Where required by applicable law, legitimate requests from public authorities or according to applicable legal requirements

If you would like an overview of the safeguards applied to protect your personal data, please send a request to www.abb.com/privacy.

We generally process and store your personal data only as long as is necessary for the processing purposes stated in this notice, until you withdraw your consent granted under Art. 6 (1) a) of the GDPR or until you object to the use of your personal data if a legitimate interest is the legal basis for processing (Art. 6 (1) f) of the GDPR).

However, legal provisions require B&R to store certain personal data for minimum retention periods. This concerns, for example, employment contracts, information about remuneration and reimbursement of costs, for which minimum retention periods apply on the basis of company and tax law regulations.

At the same time, the applicable data protection laws require that we store and process your personal data in a form that identifies you for no longer than is necessary for the purpose for which the personal data was collected and that we carry out regular checks in this regard. Through settings in IT systems and guidelines, we ensure that your personal data is deleted as soon as it is no longer needed.

The retention periods for the information we store can be found under Corporate regulations or in your local company policy. After an applicable retention period has expired, we will ensure that your personal data is deleted or made anonymous, unless there are special circumstances that oblige us to retain this personal data, e.g. legal or regulatory requirements or legal disputes related to your employment.

For further information about the retention periods applicable to your personal data, please send a request to www.abb.com/privacy.

At B&R, data security for company data, personal data and digital assets of the company has the highest priority. B&R views data security as a shared responsibility. B&R takes the necessary precautions for data protection and expects the same from all employees. Here, you can read more about our data security measures and your obligations: End user security policy.

Monitoring company systems

Use of the company systems by employees, including telephone (cellular and landline) and computer systems (including email and Internet access) is only permitted for business purposes at B&R. Private use is therefore only permitted until withdrawn to the extent that the business obligations are not neglected. Information regarding personal use of the company systems is collected, monitored and used for business purposes and to maintain IT security measures, provided that this is required to ensure the security of B&R systems and compliance with the B&R security policy under applicable law. It is therefore possible that your access data can be viewed by B&R when you log in to B&R's IT and communication systems using passwords and user accounts for services.

Monitoring shall only be carried out if and to the extent permitted or required by applicable law and justified by business purposes. The minimum storage periods according to Question 6 also apply to the resulting log files. This is necessary to detect cases of attempted data misuse and other security incidents and to allow subsequent investigations and subsequent action.

To the extent permitted by applicable law and internal guidelines, disciplinary action will follow where appropriate. This may require such personal data to be passed on to the police or other law enforcement agencies. Information is only evaluated and transferred to the relevant authorities if this is in accordance with applicable law.

Video surveillance

As explained in this privacy notice, some B&R buildings and locations use CCTV video surveillance systems to monitor the interior and exterior of the respective company location for security and operational purposes. As a general rule, we do not keep the film material for longer than 7 days, unless this is necessary, e.g. due to a security incident. Further details are regulated by works agreements that are concluded for the respective locations.

If you have questions about data protection, complaints about how we are handling your personal data or wish to exercise the rights of data subjects listed below, you can contact us at www.abb.com/privacy. Under certain circumstances, we may have to restrict these rights of data subjects in order to safeguard the public interest (e.g. the prevention or detection of criminal offenses) or our business interests (e.g. maintaining legal privilege). Should you not be satisfied with our response or believe we are processing your personal data unlawfully, you may also contact the Data Protection Authority in your country of residence or work or in which you believe the data breach may have taken place in accordance with your right to lodge a complaint per Art. 77 of the GDPR. In addition to your right to lodge a complaint, you also have the following rights:

  • Right to information: In accordance with Art. 15 of the GDPR, you have the right to receive information from us regarding your personal data that we process at any time upon request (in text form). This right is limited by the exceptions of Art. 4 (6) of the Austrian Data Protection Act, according to which the right of information is not applicable in particular if the provision of this information would endanger a business or trade secret of the data controller or of a third party.
  • Right to rectification: In accordance with Art. 16 of the GDPR, you have the right to request that we rectify your personal data without delay if it is incorrect. This right is subject to the restrictions set out in Art. 4 (2) of the Austrian Data Protection Act, according to which, in the event that the correction of personal data processed with the aid of automation cannot be carried out immediately because it is only possible at certain times for economic or technical reasons, the processing of the personal data in question must be restricted with the effect of Art. 18 (2) of the GDPR until this point in time.
  • Right to erasure: You have the right to request us to delete your personal data under the conditions set out in Art. 17 of the GDPR. These conditions are particularly met if a) the respective processing purpose has been achieved or otherwise ceases to apply, b) we have processed your data unlawfully, c) you have withdrawn your consent without the data processing being able to be continued on another legal basis, d) you successfully object to the data processing or e) in cases where there is an obligation to delete the data on the basis of EU law or the law of an EU member state to which we are subject. This right is subject to the restrictions set out in Art. 4 (2) of the Austrian Data Protection Act, according to which, in the event that the deletion of personal data processed with the aid of automation cannot be carried out immediately because it is only possible at certain times for economic or technical reasons, the processing of the personal data in question must be restricted with the effect of Art. 18 (2) of the GDPR until this point in time.
  • Right to restrict processing: In accordance with Art. 18 of the GDPR, you can request that we only process your personal data to a limited extent. This right exists in particular under the conditions that a) the accuracy of the personal data is disputed, b) you request limited processing instead of deletion under the conditions of a justified request for deletion, c) the data is no longer necessary for the purposes we pursue, but you need the data to assert, exercise or defend legal claims, or d) the success of an objection is still disputed.
  • Right to data portability: In accordance with Art. 20 of the GDPR, you have the right to receive your personal data that you provided us in a structured, common, machine-readable format, as well as the right to have us transfer this data to another data controller.
  • Right to object: In accordance with Art. 21 of the GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data, either in the public interest or to safeguard our legitimate interests. Thereafter, we will stop processing your personal data unless we can prove compelling reasons for processing your personal data that are worthy of protection, which outweigh your interests, rights and freedoms or unless such processing serves to assert, exercise or defend legal claims. If you object to the processing of your personal data for marketing purposes, we will stop processing your data in any case.

Last updated: November 5, 2020

This privacy notice for contractors ("Privacy notice") applies to the B&R Group, i.e. B&R Industrial Automation GmbH and any company in which B&R Industrial Automation GmbH, directly or indirectly, holds a majority interest or owns or controls the majority of voting rights. B&R Industrial Automation GmbH is in turn part of the ABB Group (a 100% subsidiary of ABB Asea Brown Boveri Ltd.). The B&R company with which you, your employer or the company through which you are assigned to B&R have a contractual relationship (hereinafter referred to as "B&R") is responsible for processing your personal data and controls its use in accordance with this privacy notice.

At B&R, protecting your personal data is a top priority. This privacy notice explains how we process your personal data and what rights you have in relation to your personal data.

B&R Industrial Automation GmbH and all B&R subsidiaries are responsible for processing your personal data. In accordance with applicable data protection laws, the B&R subsidiary with which you, your employer or the company through which you are assigned to B&R have a contractual relationship is responsible for processing your personal data. Furthermore, other B&R subsidiaries may receive and process your data, either as the data controller or the data processor. Accordingly, this privacy notice applies equally to them.

In your case, B&R Industrial Automation GmbH, B&R Strasse 1, 5142 Eggelsberg, Austria or the respective company affiliated with B&R Industrial Automation GmbH will decide, as the "data controller" within the meaning of the General Data Protection Regulation ("GDPR") and the Austrian Data Protection Act or other applicable national data protection laws at the headquarters of the respective subsidiary, for what and how your personal data will be used in accordance with this privacy notice (hereinafter also referred to as "B&R", "we" or "us").

We collect and use personal data that we receive from you within the scope of or in connection with service and construction agreements or a contractual relationship with you, your employer or the company through which you are assigned to B&R (hereinafter: "you"). We may also process personal data that we receive from you either as a result of your contact request, a specific precontractual inquiry or a registration for a specific event via our websites, by email or telephone or at a trade fair or product event. In addition, to the extent required for the purposes stated in this privacy notice, we process personal data that we can obtain from publicly available sources or that is lawfully transmitted by other third parties (e.g. a credit agency), such as commercial register data or creditworthiness data.

We process the following categories of your personal data to the extent required for the purposes of processing in accordance with this privacy notice:

  • Identification data and business contact information that you provide us with, such as first name, last name, profession / position / title, employer, address of employer, nationality, tax number, information about work permit / visa, business email address, business address, telephone, cell phone and fax numbers, private telephone number, gender, date of birth.
  • Additional information that you provide us with in order to fulfill your work order, such as data in connection with fulfilling your work order, our contractual obligations and precontractual measures, including correspondence data, offers, cost estimates, resume, information about background checks, conditions, qualifications / certificates, contract and order data, invoices, payments, business partner history, records of inquiries / questions / complaints / orders, working time records, records of training courses and further education, license plate, insurance data.
  • Expense-related information, such as bank statements, payment details, transactions, expense reports and receipts, account information, credit card information.
  • Electronic identification data and information collected by communications systems, IT applications and web browsers (provided that the contractor has access to or is affected by such systems or applications and in accordance with applicable laws), such as use of information technology (system access, IT and Internet use), device identification (mobile device ID, PC ID), registration and login information, IP address, login data and log files, analytics ID, digital alias / signature, time and URL, search queries, website registration records and cookie data, sound recordings (e.g. voice messages / phone calls).
  • Other personal data that may be entered by you or others in our systems, programs and applications. This also includes business documents containing personal information (e.g. inquiries, questions, complaints, orders and related files, emails, reports, contracts, presentations, minutes, work results), photos, images and/or videos. To a certain extent, this information may also include your interests in B&R products, marketing preferences and registration information provided at training sessions, events or trade fairs, etc.

The types of personal data listed below will be collected and processed, if at all, only in accordance with local laws applicable in your country of residence, to the extent that they are relevant depending on your work order.

  • Special categories of personal data, such as work-related health data or data needed for emergency assistance (blood group, medical findings, allergies).

We process your personal data primarily for the purpose of carrying out and fulfilling our business and contractual relationships with you. Within the framework of this business and contractual relationship between you and us, you must provide personal data that is required for the initiation, execution or termination of contracts with our contractors and for the fulfillment of the associated contractual obligations or which we are legally obliged to collect and process (e.g. tax laws).

In particular, we process the personal data listed above for the following purposes:

  • Personnel planning and management if relevant to your contract on the provision of tasks and/or services, the work order and services you provide directly to B&R within the scope of the contract / work order / service description, including organization and personnel administration, work time management, improvement and maintenance of effective personnel administration, internal personnel analysis, reporting and planning
  • Contractor, supplier and service provider management throughout provision, logistics and the supply chain, including contact interaction, bid processing, contracting, order processing, processing and execution of procurement transactions, administration and management of suppliers, vendors, contractors, consultants and other commercial professionals as well as contract lifecycle management
  • Training of contractors
  • Internal occupational safety programs
  • Financial and joint accounting services that include records of reporting, purchase and payment of services
  • Use of work services and products and for references to documents such as drawings, orders, purchase orders, invoices, reports
  • Reorganization, purchase or sale of activities, business units and companies
  • Monitoring and auditing compliance with company guidelines, contractual obligations and legal requirements of ABB and B&R
  • Conducting audits, reviews and regulatory checks to fulfill obligations to regulatory authorities
  • Maintaining and protecting the security of products, facilities, services, systems, networks, computers and information, preventing and detecting security threats, fraud or other criminal or harmful activities and ensuring business continuity
  • Managing IT resources, including infrastructure management, such as data protection, data systems support and application management service activities, end user support, testing, maintenance, security (response to security incidents, risks, vulnerabilities, data breaches), master data and areas of activity including user account management, software licensing, security and performance testing and business continuity

We only collect the personal data from you that we require for the purposes described above. For statistical purposes, to improve our services and to test our IT systems, we use anonymous data as much as reasonably possible. This means that you can no longer be directly or indirectly identified as an individual using this data.

If you work at the location of a third party (e.g. the property or facility of a B&R customer), it is possible that this third party, as the data controller, may collect and process your data for their own purposes. In such cases, you will receive or be able to request a separate privacy notice from that external data controller.

In the case of processing operations in direct relationship to your work order (as described above), B&R is not in a position to adequately establish, maintain or terminate a business relationship with you, your employer or the company through which you are assigned to B&R and to fulfill the purposes described above without certain personal data. Although we cannot oblige you to provide us with your personal data, please bear in mind that your refusal could have consequences that may result in a negative impact on the work order. We would not be able to take the requested precontractual or contractual measures to conclude or fulfill a contract with you or establish and continue the business relationship you have requested.

We process your personal data for the purposes described above (in Question 3) in accordance with the provisions of the GDPR and the Austrian Data Protection Act, especially in accordance with the following applicable legal bases:

  • Insofar as we process your personal data for the fulfillment of contractual obligations arising from contracts concluded with you or your company or within the framework of precontractual measures, the legal basis for such data processing is Art. 6 (1) b) of the GDPR.
  • Insofar as we process your personal data on the basis of legal requirements or official measures, for example, with regard to tax or notification obligations, cooperation obligations with authorities, legal retention periods or the disclosure of personal data within the scope of official or judicial measures for taking evidence, prosecuting or enforcing civil law claims, the legal basis for such data processing is Art. 6 (1) c) of the GDPR.

Where required, we process your personal data within the scope of concrete supply contracts and/or an existing business relationship with you or your company to safeguard our legitimate interests or that of third parties. This is done in the context of balancing interests in accordance with Art. 6 (1) f) of the GDPR, according to which processing is permissible if it is necessary to safeguard legitimate interests and if the interests or basic rights and freedoms of the data subject, which require the protection of personal data, do not prevail. Such legitimate interests may include the following processing purposes:

  • Implementation, management, development and promotion of our business in the broadest sense, including the supply of products and services, fulfillment of agreements and management of orders with suppliers, processing and execution of purchases, process quality management and improvement of products or services, analytics and market intelligence, reduction of default risks in our procurement processes and reorganization, acquisition and sale of activities, divisions and companies
  • Monitoring, checking and ensuring compliance with legal, regulatory, normative and ABB and B&R internal specifications and guidelines
  • Prevention of fraud and criminal activity, including verification of such activity, misuse of B&R's assets, products and services and where strictly necessary and appropriate to ensure network and data security
  • Establishment, exercise and defense of legal claims by and against B&R in connection with the performance of supply contracts with us
  • Transfer of personal data within the B&R Group for internal administrative purposes, if required, for example, to provide centralized services

To obtain a copy of our assessment of our legitimate interest in processing your personal data, including documented balancing of interests, please send a request to www.abb.com/privacy.

In exceptional cases and insofar as we process your personal data (including special categories of personal data) for purposes that are not covered by the aforementioned legal bases (e.g. photos, marketing material and events), we require your consent according to Art. 6 (1) a) of the GDPR as the legal basis for such data processing. In accordance with Art. 7 (3) of the GDPR, you can withdraw this consent at any time with future effect. If we send you marketing information via email, e.g. a newsletter, we may require further consent under applicable law in accordance with Art. 107 (2) of the Austrian Telecommunications Act.

We will process special categories of personal data only in accordance with applicable law and under the following conditions:

  • You have explicitly given us your consent to process this personal data in accordance with Art. 9 (2) a) of the GDPR.
  • Processing such personal data is required for establishing, exercising and defending legal claims in accordance with Art. 9 (2) f) of the GDPR.
  • Processing this personal data is necessary to comply with our obligations under applicable employment, social security and social protection law as well as preventive medicine, medical diagnostics or health or social services (e.g. minimum wage laws, employer's liability insurance, etc.) in accordance with Art. 9 (2) b) & h) of the GDPR.

We will only process personal data relating to criminal convictions or offenses in accordance with (locally) applicable law.

As part of a global corporation, we have business relationships with companies in the B&R and ABB Group and external service providers, both within and outside the European Economic Area (EEA), which we may also use to process your personal data. We will only share your personal data with other B&R companies or third parties if this is required for the purposes listed in the table below.

In this regard, your personal data may also be made available to companies of the B&R Group in countries within and outside of the EEA for the aforementioned processing purposes. In addition, when processing your personal data for the aforementioned purposes, we may use external service providers as data processors (e.g. computer centers, software companies and marketing automation providers). They are generally used with binding instructions within the framework of an existing contractual relationship and receive your personal data only to the extent and for the period of time required to provide the service.

If we share your personal data with a B&R company or third party and it is transferred or becomes accessible outside of the European Union ("EU") and the European Economic Area ("EEA") or outside the country in which the B&R company controlling your information is located, we will protect your personal data with appropriate safeguards. Examples of such safeguards include a determination of suitability by the European Commission or Standard Contractual Clauses. We have taken additional measures to protect your personal data when it is transferred outside the EU, EEA or the country where the B&R company controlling your data is located. If you would like an overview of the safeguards applied, please send a request to www.abb.com/privacy.

Recipient category

Recipient location

Purpose

Companies and subsidiaries affiliated with B&R

See list of B&R subsidiaries

The purposes described in this privacy notice by your B&R manager / supervisor, by B&R Human Resources, B&R Finances, B&R IT Support, ABB Global Business Services Centers (GBSs) supporting Human Resources / Finances / Global Sourcing, as well as the B&R procurement departments dealing with contractors

B&R business partners (e.g. temporary employment agencies and recruiters / your employer or the company through which you were assigned to B&R), distributors and dealers

EU/EEA and non-EU/EEA (global)

The purposes stated in this privacy notice

Service providers, such as IT services including IT Support, consulting and outsourcing services, independent dealers, payment processors, rating and evaluation services, commercial and consulting services including accountants, auditors, lawyers, insurers, bankers, recruiters, travel agencies and other consultants or service providers working on behalf of B&R

EU/EEA and non-EU/EEA (global)

The purposes stated in this privacy notice

Potential or actual buyers of B&R business units or assets

EU/EEA and non-EU/EEA (global)

For the evaluation of the companies or assets concerned or for the purposes specified in this privacy notice

Recipients required according to applicable law or legal proceedings, such as law enforcement agencies or other authorities

EU/EEA and non-EU/EEA (global)

Where required by applicable law, legitimate requests from public authorities or under applicable legal requirements

If you would like an overview of the safeguards applied to protect your personal data, please send a request to www.abb.com/privacy.

We generally process and store your personal data only as long as is necessary for the processing purposes stated in this notice, until you withdraw your consent granted under Art. 6 (1) a) of the GDPR or until you object to the use of your personal data if a legitimate interest is the legal basis for processing (Art. 6 (1) f) of the GDPR).

However, legal provisions require B&R to store certain personal data for minimum retention periods. In general, personal data is stored for the duration of the contractual relationship and for a minimum period (usually between 5 and 10 years after the end of the contractual relationship) or for a longer period if this is required by local laws and official requirements.

At the same time, applicable data protection laws require that we store and process your personal data in a form that identifies you for no longer than is necessary for the purpose for which the personal data was collected and that we carry out regular checks in this regard. Through settings in IT systems and guidelines, we ensure that your personal data is deleted as soon as it is no longer needed.

At B&R, data security for company data, personal data and digital assets of the company has the highest priority. B&R views data security as a shared responsibility. B&R takes the necessary precautions for data protection and expects the same from all employees.

Monitoring company systems 

For business reasons and to maintain IT security measures, information about the use of B&R systems, including telephone (mobile and landline) and computer systems (including email and Internet access) and the private use of these systems is collected and monitored and used, provided that this is required to ensure the security of B&R systems and compliance with the B&R security policy under applicable law. It is therefore possible that your access data can be viewed by B&R when you log in to B&R's IT and communication systems using passwords and user accounts for services.

Monitoring shall only be carried out if and to the extent permitted or required by applicable law and justified by business purposes. The minimum retention periods according to Question 7 also apply to the resulting log files. This is necessary to detect cases of attempted data misuse and other security incidents and to allow subsequent investigations and subsequent action.

If necessary, the relevant information and personal data will be handed over to the police or law enforcement agencies. Investigations are only carried out and information is only passed on to the relevant authorities in accordance with applicable law.

If you have questions about data protection, complaints about how we are handling your personal data or wish to exercise the rights of data subjects listed below, you can contact us at www.abb.com/privacy. Under certain circumstances, we may have to restrict these rights of data subjects in order to safeguard the public interest (e.g. the prevention or detection of criminal offenses) or our business interests (e.g. maintaining legal privilege). Should you not be satisfied with our response or believe we are processing your personal data unlawfully, you may also contact the Data Protection Authority in your country of residence or work or in which you believe the data breach may have taken place in accordance with your right to lodge a complaint per Art. 77 of the GDPR. In addition to your right to lodge a complaint, you also have the following rights:

  • Right to information: In accordance with Art. 15 of the GDPR, you have the right to receive information from us regarding your personal data that we process at any time upon request (in text form). This right is limited by the exceptions of Art. 4 (6) of the Austrian Data Protection Act, according to which the right of information is not applicable in particular if the provision of this information would endanger a business or trade secret of the data controller or of a third party.
  • Right to rectification: In accordance with Art. 16 of the GDPR, you have the right to request that we rectify your personal data without delay if it is incorrect. This right is subject to the restrictions set out in Art. 4 (2) of the Austrian Data Protection Act, according to which, in the event that the correction of personal data processed with the aid of automation cannot be carried out immediately because it is only possible at certain times for economic or technical reasons, the processing of the personal data in question must be restricted with the effect of Art. 18 (2) of the GDPR until this point in time.
  • Right to erasure: You have the right to request us to delete your personal data under the conditions set out in Art. 17 of the GDPR. These conditions are particularly met if a) the respective processing purpose has been achieved or otherwise ceases to apply, b) we have processed your data unlawfully, c) you have withdrawn your consent without the data processing being able to be continued on another legal basis, d) you successfully object to the data processing or e) in cases where there is an obligation to delete the data on the basis of EU law or the law of an EU member state to which we are subject. This right is subject to the restrictions set out in Art. 4 (2) of the Austrian Data Protection Act, according to which, in the event that the deletion of personal data processed with the aid of automation cannot be carried out immediately because it is only possible at certain times for economic or technical reasons, the processing of the personal data in question must be restricted with the effect of Art. 18 (2) of the GDPR until this point in time.
  • Right to restrict processing: In accordance with Art. 18 of the GDPR, you can request that we only process your personal data to a limited extent. This right exists in particular under the conditions that a) the accuracy of the personal data is disputed, b) you request limited processing instead of deletion under the conditions of a justified request for deletion, c) the data is no longer necessary for the purposes we pursue, but you need the data to assert, exercise or defend legal claims, or d) the success of an objection is still disputed.
  • Right to data portability: In accordance with Art. 20 of the GDPR, you have the right to receive your personal data that you provided us in a structured, common, machine-readable format, as well as the right to have us transfer this data to another data controller.
  • Right to object: In accordance with Art. 21 of the GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data, either in the public interest or to safeguard our legitimate interests. Thereafter, we will stop processing your personal data unless we can prove compelling reasons for processing your personal data that are worthy of protection, which outweigh your interests, rights and freedoms or unless such processing serves to assert, exercise or defend legal claims. If you object to the processing of your personal data for marketing purposes, we will stop processing your data in any case.

Last updated: November 5, 2020

This privacy notice for suppliers ("Privacy notice") applies to the B&R Group, i.e. B&R Industrial Automation GmbH and any company in which B&R Industrial Automation GmbH directly or indirectly holds a majority interest or owns or controls the majority of voting rights. B&R Industrial Automation GmbH is in turn part of the ABB Group (a 100% subsidiary of ABB Asea Brown Boveri Ltd.). The B&R company that you are in communication with or to which you deliver goods or provide services (hereinafter referred to as "B&R") is responsible for processing your personal data and controls its use in accordance with this privacy notice.

At B&R, protecting your personal data is a top priority. This privacy notice explains how we process your personal data and what rights you have in relation to your personal data.

B&R Industrial Automation GmbH and all B&R subsidiaries are responsible for your personal data. In accordance with applicable data protection laws, the B&R subsidiary that is in communication with you or to which you deliver goods or for which you provide services is responsible for processing your personal data. Furthermore, other B&R subsidiaries may receive and process your data, either as the data controller or the data processor. Accordingly, this privacy notice applies equally to them.

In your case, B&R Industrial Automation GmbH, B&R Strasse 1, 5142 Eggelsberg, Austria or the respective company affiliated with B&R Industrial Automation will decide, as the "data controller" within the meaning of the General Data Protection Regulation ("GDPR") and the Austrian Data Protection Act or other applicable national data protection laws at the headquarters of the respective subsidiary, for what and how your personal data will be used in accordance with this privacy notice (hereinafter also referred to as "B&R", "we" or "us").

We collect and use the personal data that we receive from you within the scope of or in connection with the agreements with our suppliers or an existing business relationship with you or your company (hereinafter: "you"). We may also process personal data that we receive from you either as a result of your contact request, a specific precontractual inquiry or a registration for a specific event via our websites, by email or telephone or at a trade fair or product event. In addition, to the extent required for the purposes stated in this privacy notice, we process personal data that we can obtain from publicly available sources or that is lawfully transmitted by other third parties (e.g. a credit agency), such as commercial register data or creditworthiness data.

We process the following categories of your personal data to the extent required for the purposes of processing in accordance with this privacy notice:

  • Identification data and business contact information that you provide us with, such as first name, last name, profession / position / title, nationality, business email address, business address, telephone, cell phone and fax numbers, private telephone number, gender, date of birth
  • Additional information that you provide us with in the course of our business relationship, such as data that correlates with fulfilling our contractual obligations and precontractual measures, including correspondence data, offers, quotes, resume, conditions, contract and order data, invoices, payments, business partner history, records of inquiries / questions / complaints / orders To a certain extent, this information may also include your interests in B&R products, marketing preferences and registration information provided at training sessions, events or trade fairs, etc.
  • Electronic identification data and information collected from communications systems, IT applications and web browsers (provided that the supplier has access to or is affected by such systems or applications and in accordance with applicable laws), such as use of information technology (system access, IT and Internet use), device identification (mobile device ID, PC ID), registration and login information, IP address, access data and log files, analysis ID, time and URL, search queries, website registration records and cookie data, sound recordings (e.g. voice message / phone call recordings, Skype recordings) The types of personal data listed below will be collected and processed, if at all, only in accordance with the local laws applicable in your country of residence, to the extent that they are relevant depending on the agreements with our suppliers.
  • Data regarding criminal convictions and offenses, e.g. information regarding previous convictions and lists of sanctions, insofar as such information is required for due diligence, in particular a review of criminal history (Know your customer - "KYC") and under money laundering laws (Anti-money laundering - "AML").

If you wish to obtain information about a specific data processing activity, please send a request to www.abb.com/privacy.

We process your personal data primarily for the purpose of carrying out and fulfilling our business and contractual relationships with you. Within the framework of this business and contractual relationship between you and us, you must provide the personal data necessary for the initiation, execution or termination of contracts with our suppliers and for the fulfillment of the associated contractual obligations or that we are legally obliged to collect and process (e.g. tax laws).

In particular, we process the personal data listed above for the following purposes:

  • Supplier and service provider management throughout the supply chain, including contact interaction, bid processing, contracting, order processing, processing and execution of procurement transactions, administration and management of suppliers, vendors, contractors, consultants and other commercial professionals
  • Settlement of liabilities, management of supplier invoices and payments, purchase of direct and indirect services
  • Reporting and analysis, including market information and the development and improvement of services or products by evaluating and analyzing this information.
  • Process quality management
  • References to documents such as quotes, orders, invoices and reports
  • Contract life cycle management
  • Collection and insolvency proceedings
  • Supplier training
  • Financial and joint accounting services that include records of reporting, purchase and payment of services
  • Reorganization, purchase or sale of activities, business units and companies.
  • Monitoring and auditing compliance with company guidelines, contractual obligations and legal requirements of B&R (including conflict commodities)
  • Conducting audits, reviews and regulatory checks to fulfill obligations to regulatory authorities
  • Governance, risk and compliance, including obligations relating to due diligence and anti-money laundering ("AML"), customs duties and compliance with international trade regulations and review of sanctions lists, security, including prevention, detection of crime and fraud
  • Maintaining and protecting the security of products, facilities, services, systems, networks, computers and information, preventing and detecting security threats, fraud or other criminal or harmful activities
  • Managing IT resources, including infrastructure management such as data protection, data systems support and application management service activities, end user support, testing, maintenance, security (response to security incidents, risks, vulnerabilities, data breaches), user account management, software licensing, security and performance testing and business continuity

We only collect the personal data from you that we require for the purposes described above. For statistical purposes, to improve our services and to test our IT systems, we use anonymous data as much as reasonably possible. This means that you can no longer be directly or indirectly identified as an individual using this data.

In the case of processing operations in direct relationship to agreements with our suppliers (as described above), B&R is not in a position to adequately establish, maintain or terminate a business relationship with you or your company and generally to fulfill the purposes described above without certain personal data. Although we cannot oblige you to provide us with your personal data, please bear in mind that your refusal could have consequences that may result in a negative impact on the business relationship. We would not be able to take requested precontractual or contractual measures to conclude or fulfill a contract with you, for example, or establish and continue the business relationship you have requested.

We process your personal data for the purposes described above (in Question 3) in accordance with the provisions of the GDPR and the Austrian Data Protection Act, especially in accordance with the following applicable legal bases:

  • Insofar as we process your personal data for the fulfillment of contractual obligations arising from contracts concluded with you or your company or within the framework of precontractual measures, the legal basis for such data processing is Art. 6 (1) b) of the GDPR.
  • Insofar as we process your personal data on the basis of legal requirements or official measures, for example, with regard to tax or reporting obligations, cooperation obligations with authorities, legal retention periods or the disclosure of personal data within the scope of official or judicial measures for taking evidence, prosecuting or enforcing civil law claims, the legal basis for such data processing is Art. 6 (1) c) of the GDPR.
  • Where required, we process your personal data within the scope of concrete supply contracts and/or an existing business relationship with you or your company to safeguard legitimate interests (ours and those of third parties). This is done in the context of balancing interests in accordance with Art. 6 (1) f) of the GDPR, according to which processing is permissible if it is necessary to safeguard legitimate interests and if the interests or basic rights and freedoms of the data subject, which require the protection of personal data, do not prevail. Such legitimate interests may include the following processing purposes:
    • Implementation, management, development and promotion of our business in the broadest sense, including the supply of products and services, fulfillment of agreements and management of orders with suppliers, processing and execution of purchases, process quality management and improvement of products or services, analytics and market intelligence, reduction of default risks in our procurement processes and reorganization, acquisition and sale of activities, divisions and companies
    • Monitoring, checking and ensuring compliance with legal, regulatory, normative and ABB and B&R internal specifications and guidelines
    • Prevention of fraud and criminal activity, including verification of such activity, misuse of B&R's assets, products and services and where strictly necessary and appropriate to ensure network and data security
    • Establishment, exercise and defense of legal claims by and against B&R in connection with the performance of supply contracts with us
    • Transfer of personal data within the B&R Group for internal administrative purposes, if required, for example, to provide centralized services

To obtain a copy of our assessment of our legitimate interest in processing your personal data, including documented balancing of interests, please send a request to www.abb.com/privacy.

In exceptional cases and insofar as we process your personal data (including special categories of personal data) for purposes that are not covered by the aforementioned legal bases (e.g. photos, marketing material and events), we require your consent according to Art. 6 (1) a) of the GDPR as the legal basis for such data processing. In accordance with Art. 7 (3) of the GDPR, you can withdraw this consent at any time with future effect. If we send you marketing information via email, e.g. a newsletter, we may require further consent under the applicable law in accordance with Art. 107 (2) of the Austrian Telecommunications Act.

We will only process personal data relating to criminal convictions or offenses in accordance with (locally) applicable law.

As part of a global corporation, we have business relationships with companies in the B&R Group and external service providers, both within and outside the European Economic Area (EEA), which we may also use to process your personal data. We will only share your personal data with other B&R companies or third parties if this is required for the purposes listed in the table below.

In this regard, your personal data may also be made available to companies of the B&R Group in countries within and outside of the EEA for the aforementioned processing purposes. In addition, when processing your personal data for the aforementioned purposes, we may use external service providers as data processors (e.g. computer centers, software companies and marketing automation providers). They are generally used with binding instructions within the framework of an existing contractual relationship and receive your personal data only to the extent and for the period of time required to provide the service.

If we share your personal data with a B&R company or third party and it is transferred or becomes accessible outside the European Union ("EU") and the European Economic Area ("EEA") or outside the country in which the B&R company controlling your information is located, we will protect your personal data with appropriate safeguards. Examples of such safeguards include a determination of suitability by the European Commission or Standard Contractual Clauses. We have taken additional measures to protect your personal data when it is transferred outside the EU, EEA or the country where the B&R company controlling your data is located. If you would like an overview of the safeguards applied, please send a request to www.abb.com/privacy.

Recipient category

Recipient location

Purpose

Companies and subsidiaries affiliated with B&R

See the list of B&R subsidiaries.

The purposes stated in this privacy notice

B&R partner companies, distribution partners and dealers

EU/EEA and non-EU/EEA (global)

The purposes stated in this privacy notice

Service providers such as IT services, independent dealers, payment processors, rating and evaluation services, commercial and consulting services including accountants, auditors, lawyers, insurers, bankers, recruiters, travel agencies and other consultants or service providers working on behalf of B&R

EU/EEA and non-EU/EEA (global)

The purposes stated in this privacy notice

Insolvency administrator or creditor

EU/EEA and non-EU/EEA (global)

Default and insolvency management

Potential or actual buyers of B&R business units or assets

EU/EEA and non-EU/EEA (global)

For the evaluation of the companies or assets concerned or for the purposes specified in this privacy notice

Recipients required according to applicable law or legal proceedings, such as law enforcement agencies or other authorities

EU/EEA and non-EU/EEA (global)

Where required by applicable law, legitimate requests from public authorities or under applicable legal requirements

If you would like an overview of the safeguards applied to protect your personal data, please send a request to www.abb.com/privacy.

We generally process and store your personal data only as long as is necessary for the processing purposes stated in this notice, until you withdraw your consent granted under Art. 6 (1) a) of the GDPR or until you object to the use of your personal data if a legitimate interest is the legal basis for processing (Art. 6 (1) f) of the GDPR).

However, legal provisions require B&R to store certain personal data for minimum retention periods. In general, personal data is stored for the duration of the contractual relationship and for a minimum period (usually between 5 and 10 years after the end of the contractual relationship) or for a longer period if this is required by local laws and official requirements.

At the same time, applicable data protection laws require that we store and process your personal data in a form that identifies you for no longer than is necessary for the purpose for which the personal data was collected and that we carry out regular checks in this regard. Through settings in IT systems and guidelines, we ensure that your personal data is deleted as soon as it is no longer needed.

If you have questions about data protection, complaints about how we are handling your personal data or wish to exercise the rights of data subjects listed below, you can contact us at www.abb.com/privacy. Under certain circumstances, we may have to restrict these rights of data subjects in order to safeguard the public interest (e.g. the prevention or detection of criminal offenses) or our business interests (e.g. maintaining legal privilege). Should you not be satisfied with our response or believe we are processing your personal data unlawfully, you may also contact the Data Protection Authority in your country of residence or work or in which you believe the data breach may have taken place in accordance with your right to lodge a complaint per Art. 77 of the GDPR. In addition to your right to lodge a complaint, you also have the following rights:

  • Right to information: In accordance with Art. 15 of the GDPR, you have the right to receive information from us regarding your personal data that we process at any time upon request (in text form). This right is limited by the exceptions of Art. 4 (6) of the Austrian Data Protection Act, according to which the right of information is not applicable in particular if the provision of this information would endanger a business or trade secret of the data controller or of a third party.
  • Right to rectification: In accordance with Art. 16 of the GDPR, you have the right to request that we rectify your personal data without delay if it is incorrect. These conditions are particularly met if a) the respective processing purpose has been achieved or otherwise ceases to apply, b) we have processed your data unlawfully, c) you have withdrawn your consent without the data processing being able to be continued on another legal basis, d) you successfully object to the data processing or e) in cases where there is an obligation to delete the data on the basis of EU law or the law of an EU member state to which we are subject. This right is subject to the restrictions set out in Art. 4 (2) of the Austrian Data Protection Act, according to which, in the event that the deletion of personal data processed with the aid of automation cannot be carried out immediately because it is only possible at certain times for economic or technical reasons, the processing of the personal data in question must be restricted with the effect of Art. 18 (2) of the GDPR until this point in time.
  • Right to restrict processing: In accordance with Art. 18 of the GDPR, you can request that we only process your personal data to a limited extent. This right exists in particular under the conditions that a) the accuracy of the personal data is disputed, b) you request limited processing instead of deletion under the conditions of a justified request for deletion, c) the data is no longer necessary for the purposes we pursue, but you need the data to assert, exercise or defend legal claims, or d) the success of an objection is still disputed.
  • Right to data portability: In accordance with Art. 20 of the GDPR, you have the right to receive your personal data that you provided us in a structured, common, machine-readable format, as well as the right to have us transfer this data to another data controller.
  • Right to object: In accordance with Art. 21 of the GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data, either in the public interest or to safeguard our legitimate interests. Thereafter, we will stop processing your personal data unless we can prove compelling reasons for processing your personal data that are worthy of protection, which outweigh your interests, rights and freedoms or unless such processing serves to assert, exercise or defend legal claims. If you object to the processing of your personal data for marketing purposes, we will stop processing your data in any case.

Last updated: November 5, 2020

At B&R, compliance with your data protection rights has the highest priority. This privacy notice explains why and how we collect and process your personal data and what your rights are with regard to this data.

This privacy notice applies exclusively to potential customers, including leads, prospects and customers in sales processes or contractual negotiations (all together referred to as "Customers"). All information contained in this privacy notice is therefore limited to processing that results from the business relationship between B&R and customers. We may, however, also process your personal data in other ways, for example when you visit one of our websites or when you receive our newsletter (with your consent). These processing operations are based on separate privacy notices. An overview of all privacy notices is available here.

B&R Industrial Automation GmbH and B&R subsidiaries are responsible for your personal data. B&R Industrial Automation GmbH is in turn part of the ABB Group (a 100% subsidiary of ABB Asea Brown Boveri Ltd.). In accordance with applicable data protection laws, the B&R subsidiary that provides services or is in contact with you is the data controller. Each of these companies is considered an independent data controller of your personal data, and this notice applies to all of them (for a list of these companies, see the B&R website).

Responsible B&R subsidiaries located outside the European Union (EU) have appointed a representative for EU data protection issues. For more information about the EU representative, please send a request to www.abb.com/privacy.

In your case, B&R Industrial Automation GmbH, B&R Strasse 1, 5142 Eggelsberg, Austria or the respective company affiliated with ABB AG will decide, as the "responsible party" within the meaning of the General Data Protection Regulation ("GDPR") and the Austrian Data Protection Act or other applicable national data protection laws at the headquarters of the respective subsidiary, for what and how your personal data will be used in accordance with this privacy notice (hereinafter also referred to as "we", or "us").

We have received your personal data because you contacted us in connection with a concrete precontractual inquiry via our websites, by email or telephone (hereinafter also referred to as "contact request") or with regard to an already existing contractual relationship with you or your company, in particular in connection with an existing framework supply agreement.

We process and store the following personal data:

  • Business contact information that you provide us with: Name, title, job title, email address, business address, telephone number, mobile phone number, etc.
  • Additional information that you provide us with as part of our business relationship, e.g. interest in B&R products, contract or order data, invoices, payments, business partner history, etc.
  • Information that your browser provides when you visit a B&R website: IP address, source of your website visit, time spent on the website or a specific page, links clicked on, comments enabled, browser type, date and time of visit, etc.
  • Data that originates from publicly accessible sources or is lawfully transmitted by other third parties if this data is required for us to fulfill our obligations: Commercial register data, association register data, creditworthiness data, etc.

We process your personal data primarily to establish the business relationship with you or your company that you have requested and to process and execute services requested in connection with this business relationship.

We use your personal data in particular for the following purposes:

  • Processing and fulfilling orders and keeping you informed about the status of your or your company's order
  • Providing and managing our products and services
  • Providing customer support and evaluating and responding to inquiries

Your personal data also helps us to understand your interest in our products and to expand our business relationship with you. In addition, your personal data will be stored in our company-wide database for the processing purposes mentioned here.

We do not perform automated decision-making including profiling based on your personal data.

We use your personal data for marketing purposes, in particular for the following:

  • Conducting customer satisfaction surveys
  • Performing data analyses (e.g. market research, trend analyses, financial analyses and customer segmentation)
  • Providing marketing communication (e.g. notifications, advertising material, newsletters, etc.)
  • Conducting other marketing and sales activities (including generating leads, following up on marketing prospects, conducting market research, determining and monitoring the effectiveness of our advertising and marketing campaigns and managing our brand)

In order to provide you with customized marketing communication and advertising, we use automated methods to create a profile based on the data received as described in this notice. You have the right to object to the generation of a profile by sending a request to the person in charge at www.abb.com/privacy.

Apart from that, we may process your personal data for the fulfillment of contracts with you or your company or for the implementation of precontractual measures upon request. Within the framework of this business relationship between you or your company and us, you must provide the personal data that is required for the initiation, execution or termination of the business relationship and fulfillment of the associated contractual obligations or that we are legally obliged to collect and process (e.g. tax laws). Without this data, we will not be able to establish, maintain or terminate a business relationship with you or to take any contractual or precontractual measures upon your request.

We will only collect personal data from you that is required for these processing purposes. We may also make your personal data anonymous so that you cannot be identified by that data and then use that data for further processing purposes, including improving our services and reviewing our IT systems.

We process personal data in accordance with the provisions of the GDPR and the Austrian Data Protection Act, in particular on the following legal bases:

Insofar as we process your personal data for the fulfillment of contractual obligations arising from contracts concluded with you or within the framework of precontractual measures, the legal basis for such data processing is Art. 6 (1) b) of the GDPR.

Insofar as we process your personal data on the basis of legal requirements or official measures, for example on the basis of our obligations to comply with fiscal control and reporting obligations or legal retention periods, the legal basis for such data processing is Art. 6 (1) c) of the GDPR.

Where required, we process your personal data if you explicitly contact us and/or within the scope of an existing business relationship with you or your company to safeguard our legitimate interests and that of third parties. This is done in the context of balancing interests in accordance with Art. 6 (1) f) of the GDPR, according to which processing is permissible if it is necessary to safeguard legitimate interests and if the interests or basic rights and freedoms of the data subject, which require the protection of personal data, do not prevail.

The use of your personal data for the purpose of processing your contact request before or during the fulfillment of the contract as well as the provision of information requested by you is an acknowledged legitimate interest according to Art. 6 (1) f) of the GDPR. Personal data will be processed by us based on your contact request, the provision of information you request and your business relationship with us (e.g. as a sole trader or in your role or function within the company). This establishes a direct and significant relationship between you and us, which entitles us to process your personal data. We will make sure that you or your company only receive information, invitations and offers that are relevant or of interest to you. Our legitimate interest is based on your interest in our products and on our business relationship with you, which we would like to establish. In addition, it is our legitimate interest to add your personal data to our company-wide database if you have voluntarily provided your personal data for this purpose when contacting us, e.g. if you entered the data, or if we have a contractual or business relationship with you.

If and insofar as we process your personal data in exceptional cases without a specific request from you or an existing business relationship with you for the purpose of direct marketing on the basis of your consent as the legal basis for such data processing, see Art. 6 (1) a) of the GDPR. In accordance with Art. 7 (3) of the GDPR, you can of course withdraw your consent at any time with future effect.

If we send you marketing information via email, we may also require your consent in accordance with Art. 107 (2) of the German Telecommunications Act.

As part of a global corporation, we have business relationships with companies in the B&R Group and external service providers, both within and outside the European Economic Area (EEA), which we may also use to process your personal data.

In this regard, your personal data may also be made available to companies of the B&R Group in countries within and outside of the EEA for the aforementioned processing purposes. In addition, when processing your personal data for the aforementioned purposes, we may use external service providers as data processors (e.g. computer centers, software companies). They are generally used with binding instructions within the framework of an existing contractual relationship and receive your personal data only to the extent and for the period of time required to provide the service.

We are committed to a high level of data protection within our company in order to ensure that your personal data is protected in accordance with the GDPR (as described below).

Recipient name or – for non-EU countries – recipient category

Recipient location

Purpose

Safeguards to protect your personal data

Companies and subsidiaries affiliated with B&R

See the list of B&R subsidiaries.

The purposes described in the privacy notice

EU standard contractual clauses

B&R business partner

EU and non-EU

The purposes described in the privacy notice

EU Standard Contractual Clauses

Service provider

EU and non-EU

For the assessment of the respective company or assets or for the purposes specified in this privacy notice

EU Standard Contractual Clauses and commercial contracts that ensure that your data is only used to assess the company or assets of B&R or for the purposes described herein

Potential or actual buyers of B&R companies or systems

EU and non-EU

For the assessment of the respective company or assets or for the purposes specified in this privacy notice

EU Standard Contractual Clauses and commercial contracts that ensure that your data is only used to assess the company or assets of B&R or for the purposes described herein

Recipients required according to applicable law or legal proceedings, such as law enforcement agencies or other authorities

EU and non-EU

If required by applicable law or a legitimate request from governmental authorities or a valid legal requirement

Where possible, we will ensure that your data is adequately protected when it is transferred outside the EU under these circumstances

You can obtain a copy of the safeguards we use to protect your personal data by sending a request to www.abb.com/privacy.

We process and store your personal data for as long as this is required for the processing purposes mentioned above, or if a legitimate interest is the legal basis for processing (Art. 6 (1) f) of the GDPR), or until you object to the use of your personal data (Art. 6 (1) a) of the GDPR, Art. 107 (2) of the Austrian Telecommunications Act). If we have obtained your consent (Art. 6 (1) a) of the GDPR) for processing your personal data, we will store the data until you have withdrawn your consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Your personal data will be regularly deleted, unless further processing is necessary to comply with company and/or tax law retention obligations or to preserve evidence in connection with statute of limitation. If this is the case, we will retain the personal data concerned until the end of the respective legal period.

If you have questions about data protection, complaints about how we are handling your personal data or wish to exercise the rights of data subjects listed below, you can contact us at www.abb.com/privacy. Under certain circumstances, we may have to restrict these rights of data subjects in order to safeguard the public interest (e.g. the prevention or detection of criminal offenses) or our business interests (e.g. maintaining legal privilege). Should you not be satisfied with our response or believe we are processing your personal data unlawfully, you may also contact the Data Protection Authority in your country of residence or work or in which you believe the data breach may have taken place in accordance with your right to lodge a complaint per Art. 77 of the GDPR. In addition to your right to lodge a complaint, you also have the following rights:

  • Right to information: In accordance with Art. 15 of the GDPR, you have the right to receive information from us regarding your personal data that we process at any time upon request (in text form). This right is limited by the exceptions of Art. 4 (6) of the Austrian Data Protection Act, according to which the right of information is not applicable in particular if the provision of this information would endanger a business or trade secret of the data controller or of a third party.
  • Right to rectification: In accordance with Art. 16 of the GDPR, you have the right to request that we rectify your personal data without delay if it is incorrect. This right is subject to the restrictions set out in Art. 4 (2) of the Austrian Data Protection Act, according to which, in the event that the correction of personal data processed with the aid of automation cannot be carried out immediately because it is only possible at certain times for economic or technical reasons, the processing of the personal data in question must be restricted with the effect of Art. 18 (2) of the GDPR until this point in time.
  • Right to erasure: You have the right to request us to delete your personal data under the conditions set out in Art. 17 of the GDPR. These conditions are particularly met if a) the respective processing purpose has been achieved or otherwise ceases to apply, b) we have processed your data unlawfully, c) you have withdrawn your consent without the data processing being able to be continued on another legal basis, d) you successfully object to the data processing or e) in cases where there is an obligation to delete the data on the basis of EU law or the law of an EU member state to which we are subject. This right is subject to the restrictions set out in Art. 4 (2) of the Austrian Data Protection Act, according to which, in the event that the deletion of personal data processed with the aid of automation cannot be carried out immediately because it is only possible at certain times for economic or technical reasons, the processing of the personal data in question must be restricted with the effect of Art. 18 (2) of the GDPR until this point in time.
  • Right to restrict processing: In accordance with Art. 18 of the GDPR, you can request that we only process your personal data to a limited extent. This right exists in particular under the conditions that a) the accuracy of the personal data is disputed, b) you request limited processing instead of deletion under the conditions of a justified request for deletion, c) the data is no longer necessary for the purposes we pursue, but you need the data to assert, exercise or defend legal claims, or d) the success of an objection is still disputed.
  • Right to data portability: In accordance with Art. 20 of the GDPR, you have the right to receive your personal data that you provided us in a structured, common, machine-readable format, as well as the right to have us transfer this data to another data controller.
  • Right to object: In accordance with Art. 21 of the GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data, either in the public interest or to safeguard our legitimate interests. Thereafter, we will stop processing your personal data unless we can prove compelling reasons for processing your personal data that are worthy of protection, which outweigh your interests, rights and freedoms or unless such processing serves to assert, exercise or defend legal claims. If you object to the processing of your personal data for marketing purposes, we will stop processing your data in any case.

Last updated: November 5, 2020

This privacy notice for visitors ("Privacy notice") applies to the B&R Group, i.e. B&R Industrial Automation GmbH, Austria and any company in which B&R Industrial Automation GmbH directly or indirectly holds a majority interest or owns or controls the majority of voting rights. B&R Industrial Automation GmbH is in turn part of the ABB Group (a 100% subsidiary of ABB Asea Brown Boveri Ltd.). The B&R company whose business premises you enter during your visit, or on which you are staying as a result of an invitation from B&R (event, contract negotiations, etc.) or for the purpose of providing a contractually agreed service (hereinafter referred to as "B&R"), is responsible for processing your personal data and controls its use in accordance with this privacy notice.

At B&R, protecting your personal data is a top priority. This privacy notice explains how we process your personal data and what rights you have in relation to your personal data.

B&R Industrial Automation GmbH and all B&R subsidiaries are responsible for your personal data. In accordance with applicable data protection laws, the person responsible for processing your personal data is the B&R subsidiary on whose premises you are located and which communicates with you. Furthermore, other B&R subsidiaries may receive and process your data, either as the data controller or the data processor. Accordingly, this privacy notice applies equally to them.

In your case, B&R Industrial Automation GmbH, B&R Strasse 1, 5142 Eggelsberg, Austria or the respective company affiliated with B&R Industrial Automation GmbH will decide, as the "responsible party" within the meaning of the General Data Protection Regulation ("GDPR") and the Austrian Data Protection Act or other applicable national data protection laws at the headquarters of the respective subsidiary, for what and how your personal data will be used in accordance with this privacy notice (hereinafter also referred to as "B&R", "we" or "us").

We collect and use the personal data that we receive from you within the scope of or in connection with your visit to our premises or an existing business relationship with you or your company (hereinafter: "you"). We may also process personal data that we receive from you either as a result of your contact request, a specific precontractual inquiry or a registration for a specific event via our websites, by email or telephone or at a trade fair or product event. In addition, to the extent necessary for the purposes stated in this privacy notice, we process personal data that we can obtain from publicly available sources or that is lawfully transmitted by other third parties (e.g. a credit agency), such as commercial register data or creditworthiness data.

We process the following categories of your personal data to the extent required for the purposes of processing in accordance with this privacy notice:

  • Identifying information and business contact details that you provide us with, such as first name, last name, profession / position / title, business email address, postal address, telephone, cell phone and fax numbers, gender, date of birth, vehicle registration number and number of a valid identification document
  • Additional information that you provide us with during or in connection with your visit, such as registration details for facilities and sites, visits to an employee, purpose of the visit, records of your visit or data relating to the fulfillment of our contractual obligations and precontractual measures To a certain extent, this information may also include your interests in B&R products, marketing preferences and registration information provided at training sessions, events or trade fairs, etc.
  • Image and video recordings on which you are depicted ("recordings") and which are produced by our video surveillance systems (CCTV) or by photographers or B&R employees working on our behalf at events organized by B&R
  • Electronic identification data and information collected from communications systems, IT applications and web browsers (provided that the supplier has access to or is affected by such systems or applications and in accordance with applicable laws), such as use of information technology (system access, IT and Internet use), device identification (mobile device ID, PC ID), registration and login information, IP address, access data and log files, analysis ID, time and URL, search queries, website registration records and cookie data, sound recordings (e.g. voice message / phone call recordings, Skype recordings)

If you wish to obtain information about a specific data processing activity, this can be requested from www.abb.com/privacy.

We process your personal data primarily to carry out and fulfill our business and contractual relations with you and to ensure security in our offices and premises. In the context of this business relationship with you and your visit to our offices and premises, we must process your personal data, which we require in order to fulfill the associated contractual and legal obligations or which we are legally obliged to collect and process (e.g. health and safety laws, statutory insurance requirements).

In particular, we process the personal data listed above for the following purposes:

  • Visitor management, management of registration and visitor access, including related contact interactions and references in documents
  • Health and safety management, including medical emergencies
  • Recording by video surveillance system (CCTV) for the purpose of public and employee safety, building security and the prevention and detection of crime
  • Access control systems with electronic entry and/or exit control for authorized persons in places with limited access and attendance list for emergencies
  • Maintaining and protecting the security of products, facilities, services, systems, networks, computers and information, preventing and detecting security threats and fraud or other criminal or harmful activities
  • Monitoring and auditing of compliance with ABB and B&R's corporate guidelines, contractual obligations and legal requirements
  • Conducting audits, evaluations and regulatory checks to ensure compliance with regulatory obligations
  • Management of IT resources, including infrastructure management such as data protection, support for data processing systems and service activities for application management, end user support, testing, maintenance, security (response to security incidents/violations, risks, vulnerabilities), master data and areas of activity including user account management, software license allocation, security and performance testing and business continuity.

We only collect the personal data from you that we require for the purposes described above. For statistical purposes, to improve our services and to test our IT systems, we use anonymous data as much as reasonably possible. This means that you can no longer be directly or indirectly identified as an individual using this data.

In the case of processing operations in connection with your visit to B&R (as described above), without certain personal data, B&R may not be able to adequately ensure your security and the security of other persons in our offices and premises, monitor the security of the premises and its facilities, or fulfill the related legal obligations or the purposes described above in general. Although we cannot oblige you to provide us with your personal data, please be aware that your refusal could have consequences that could negatively affect your visit to our offices and premises or our business relationship. You will not be permitted, for example, to enter certain or any B&R facility or location for security reasons, nor will we be able to take requested precontractual or contractual measures to conclude or fulfill a contract with you.

We process your personal data for the purposes described above (in Question 3) in accordance with the provisions of the GDPR and the Austrian Data Protection Act, especially in accordance with the following applicable legal bases:

  • Insofar as we process your personal data for the fulfillment of contractual obligations arising from contracts concluded with you or your company or within the framework of precontractual measures, the legal basis for such data processing is Art. 6 (1) b) of the GDPR.
  • Insofar as we process your personal data on the basis of legal requirements or official measures, for example, with regard to health and safety laws, legal insurance requirements, cooperation obligations with authorities, legal retention periods or the disclosure of personal data within the scope of official or judicial measures for taking evidence, prosecuting or enforcing civil law claims, the legal basis for such data processing is Art. 6 (1) c) of the GDPR.
  • Where required, we process your personal data within the scope of your specific visit to our offices and premises, or your stay on our premises, as well as the existing business relationship with you or your company, in order to safeguard legitimate interests (ours and that of third parties). This is done in the context of balancing interests in accordance with Art. 6 (1) f) of the GDPR, according to which processing is permissible if it is necessary to safeguard legitimate interests and if the interests or basic rights and freedoms of the data subject, which require the protection of personal data, do not prevail. Such legitimate interests may include the following processing purposes:
    • To conduct, manage, develop and promote our business activities in the broadest sense, including the management of visitors, facilities and sites, ensuring the protection and security of our premises, and the acquisition and sale of activities, businesses and companies
    • Monitoring, checking and ensuring compliance with legal, regulatory, normative and ABB and B&R internal specifications and guidelines
    • Prevention of fraud and criminal activity, including verification of such activity, misuse of B&R's assets, products and services and where strictly necessary and appropriate to ensure network and data security
    • Establishment, exercise and defense of legal claims by and against B&R in connection with your visit and our business relationship
    • Transfer of personal data within the B&R Group for internal administrative purposes, if required, for example, to provide centralized services
  • To obtain a copy of our assessment of our legitimate interest in processing your personal data, including documented balancing of interests, please send a request to www.abb.com/privacy.
  • In exceptional cases and insofar as we process your personal data (including special categories of personal data) for purposes that are not covered by the aforementioned legal bases (e.g. direct marketing), we require your consent under Art. 6 (1) a) of the GDPR as the legal basis for such data processing. In accordance with Art. 7 (3) of the GDPR, you can withdraw this consent at any time with future effect. If we send you marketing information via email, e.g. a newsletter, we may require further consent under applicable law in accordance with Art. 107 (2) of the Austrian Telecommunications Act.

The following applies to the use of images, i.e. photos or video recordings in which you are depicted: If and to the extent that we process such recordings for internal and external business purposes of public relations and internal communication, e.g. at events organized by B&R, we require your consent pursuant to Art. 6 (1) a) of the GDPR as the legal basis for such data processing, which you can withdraw at any time with effect for the future in accordance with Art. 7 (3) of the GDPR. If and insofar as we use such recordings for the implementation of necessary security measures, in particular via video surveillance systems (CCTV) or the creation of visitor identification cards that serve to identify you and ensure your safety on B&R premises, we will also process these recordings to safeguard legitimate interests of ourselves or third parties as part of balancing interests in accordance with Art. 6 (1) f) of the GDPR. Likewise, it may be a legitimate interest on our part if photos are processed for purely internal purposes without corresponding publication (e.g. a group photo for participants in a training course) or are taken as part of a publicly advertised event and you are not the main focus of the photo, but are only to be seen together with other people.

We will only process personal data relating to criminal offenses or criminal convictions based on (locally) applicable law.

As part of a global corporation, we have business relationships with companies in the B&R Group and external service providers, both within and outside the European Economic Area (EEA), which we may also use to process your personal data. We will only share your personal data with other B&R companies or third parties if this is required for the purposes listed in the table below.

In this regard, your personal data may also be made available to companies of the B&R Group in countries within and outside of the EEA for the aforementioned processing purposes. In addition, when processing your personal data for the aforementioned purposes, we may use external service providers as data processors (e.g. facility management or security companies). They are generally used with binding instructions within the framework of an existing contractual relationship and receive your personal data only to the extent and for the period of time required to provide the service.

In case of suspicion of criminal offenses, we may also pass on your personal data to law enforcement agencies. Otherwise, your personal data will only be transferred to third parties if there is a legal basis for this transfer. This can be the case especially if the police or other security authorities take action in the context of so-called emergency response and demand access to video surveillance data.

If we share your personal data with a B&R company or third party and it is transferred or becomes accessible outside of the European Union ("EU") and the European Economic Area ("EEA") or outside the country in which the B&R company controlling your information is located, we will protect your personal data with appropriate safeguards. Examples of such safeguards include a determination of suitability by the European Commission or Standard Contractual Clauses. We have taken additional measures to protect your personal data when it is transferred outside the EU, EEA or the country where the B&R company controlling your data is located. If you would like an overview of the safeguards applied, please send a request to www.abb.com/privacy.

Recipient category

Recipient location

Purpose

Companies and subsidiaries affiliated with B&R

List of the B&R subsidiaries.

The purposes stated in this privacy notice

B&R business partner

EU and non-EU

The purposes stated in this privacy notice

Service provider

EU/EEA and non-EU/EEA (global)

IT services, administrative services for the reception and facility, security services or other service providers working for B&R

Potential or actual buyers of B&R business units or assets

EU/EEA and non-EU/EEA (global)

For the evaluation of the companies or assets concerned or for the purposes specified in this privacy notice

Recipients required according to applicable law or legal proceedings, such as law enforcement agencies or other authorities

EU/EEA and non-EU/EEA (global)

Where required by applicable law, due to legitimate requests from public authorities or legal requirements

In principle, we process and store your personal data only as long as is necessary for the processing purposes stated in this privacy notice, until you withdraw your consent granted under Art. 6 (1) a) of the GDPR or until you object to the use of your personal data if a legitimate interest is the legal basis for processing (Art. 6 (1), f) of the GDPR).

However, legal provisions require B&R to store certain personal data for minimum retention periods. In general, the personal data used for visitor management is stored for a period of 3 to 12 months and is only kept for a longer period if this is necessary due to local laws and official requirements or to defend legal claims. Some of B&R's buildings and locations use video surveillance systems (CCTV) to ensure security and operational procedures in our offices and premises and on our company grounds. Data from the video surveillance is always deleted after a maximum of 7 days. A longer storage period can be used for specific occasions, if facts justify the assumption that recordings from a limited period of time show actions that are prosecuted as criminal offenses or whose use is necessary for the assertion of civil law claims.

At the same time, applicable data protection laws require that we store and process your personal data in a form that identifies you for no longer than is necessary for the purpose for which the personal data was collected and that we carry out regular checks in this regard. Through settings in IT systems and guidelines, we ensure that your personal data is deleted as soon as it is no longer needed.

If you have questions about data protection, complaints about how we are handling your personal data or wish to exercise the rights of data subjects listed below, you can contact us at www.abb.com/privacy. Under certain circumstances, we may have to restrict these rights of data subjects in order to safeguard the public interest (e.g. the prevention or detection of criminal offenses) or our business interests (e.g. maintaining legal privilege). Should you not be satisfied with our response or believe we are processing your personal data unlawfully, you may also contact the Data Protection Authority in your country of residence or work or in which you believe the data breach may have taken place in accordance with your right to lodge a complaint per Art. 77 of the GDPR. In addition to your right to lodge a complaint, you also have the following rights:

  • Right to information: In accordance with Art. 15 of the GDPR, you have the right to receive information from us regarding your personal data that we process at any time upon request (in text form). This right is limited by the exceptions of Art. 4 (6) of the Austrian Data Protection Act, according to which the right of information is not applicable in particular if the provision of this information would endanger a business or trade secret of the data controller or of a third party.
  • Right to rectification: In accordance with Art. 16 of the GDPR, you have the right to request that we rectify your personal data without delay if it is incorrect. This right is subject to the restrictions set out in Art. 4 (2) of the Austrian Data Protection Act, according to which, in the event that the correction of personal data processed with the aid of automation cannot be carried out immediately because it is only possible at certain times for economic or technical reasons, the processing of the personal data in question must be restricted with the effect of Art. 18 (2) of the GDPR until this point in time.
  • Right to erasure: You have the right to request us to delete your personal data under the conditions set out in Art. 17 of the GDPR. These conditions are particularly met if a) the respective processing purpose has been achieved or otherwise ceases to apply, b) we have processed your data unlawfully, c) you have withdrawn your consent without the data processing being able to be continued on another legal basis, d) you successfully object to the data processing or e) in cases where there is an obligation to delete the data on the basis of EU law or the law of an EU member state to which we are subject. This right is subject to the restrictions set out in Art. 4 (2) of the Austrian Data Protection Act, according to which, in the event that the deletion of personal data processed with the aid of automation cannot be carried out immediately because it is only possible at certain times for economic or technical reasons, the processing of the personal data in question must be restricted with the effect of Art. 18 (2) of the GDPR until this point in time.
  • Right to restrict processing: In accordance with Art. 18 of the GDPR, you can request that we only process your personal data to a limited extent. This right exists in particular under the conditions that a) the accuracy of the personal data is disputed, b) you request limited processing instead of deletion under the conditions of a justified request for deletion, c) the data is no longer necessary for the purposes we pursue, but you need the data to assert, exercise or defend legal claims, or d) the success of an objection is still disputed.
  • Right to data portability: In accordance with Art. 20 of the GDPR, you have the right to receive your personal data that you provided us in a structured, common, machine-readable format, as well as the right to have us transfer this data to another data controller.
  • Right to object: In accordance with Art. 21 of the GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data, either in the public interest or to safeguard our legitimate interests. Thereafter, we will stop processing your personal data unless we can prove compelling reasons for processing your personal data that are worthy of protection, which outweigh your interests, rights and freedoms or unless such processing serves to assert, exercise or defend legal claims. If you object to the processing of your personal data for marketing purposes, we will stop processing your data in any case.

Last updated: November 5, 2020

The company that you intend to visit is responsible for processing your personal data. For additional information, please see the short version of the notice you received together with the questionnaire.

We collect the following personal data:

  • Data related to your current health status, e.g. possible COVID-19 symptoms such as fever, cough, shortness of breath or other breathing difficulties
  • Travel information including recently visited destinations listed with a risk level of 5 or 6 (for the list, see the Federal Ministry Republic of Austria - European and International Affairs website (https://www.bmeia.gv.at/reise-aufenthalt/reisewarnungen)
  • Information regarding whether any of your close contacts have experienced the symptoms listed above in the past14 days or were diagnosed with COVID-19.

We use your personal data as listed above for the following purposes:

  • To maintain the health and safety of our employees and other staff as well as to prevent the spread of the COVID-19 virus as much as possible. We require the information described above to assess the potential risk of COVID-19.

This information is required for us to asses the health risk to our employees. If you refuse, B&R will not able to fulfill the legal obligation applicable to the employer (to maintain the health and safety of our employees). If you do not fill in the form, we will not be able to let you enter a B&R office.

To process your personal data for the purposes described above Question 3, we rely on one of the following legal basis:

  • We process your sensitive personal data because it is our legal obligation to maintain the health and safety of our employees.
  • We may also process your data in the interest of public health, e.g. as protection against serious cross-border threats to health.

We also process your other personal data:

  • To fulfill our legal obligations in the field of labor law
  • On the basis of our legitimate interest

We only share your personal information with other companies from the B&R and ABB Group or third parties if this is necessary for the purposes described in this notice. If we share your personal data with third parties outside of the EU, we will do so using the appropriate safeguards.

Recipient name or – for non-EU countries – recipient category

Recipient location

Purpose

Safeguards in place to protect your personal data

B&R affiliates and subsidiaries

List of B&R subsidiaries

The purposes described in the privacy notice

EU standard contractual clauses

Recipients as required by applicable law or legal procedures (authorities or other bodies specified in a specific legal act, or other local health authorities)

EU and non-EU (within the country of the data controller)

Where required by applicable law or by a lawful request from governmental authorities or a valid legal requirement to conduct a governmental review

If your data is exported from the EU due to these circumstances (this should only happen in exceptional cases), we will ensure adequate protection of your data wherever possible.

Service providers such as administrative services, including reception

EU and non-EU (within the country of the data controller)

The purposes described in the privacy notice

If your data is exported from the EU due to these circumstances (this should only happen in exceptional cases), we will ensure adequate protection of your data wherever possible.

If you wish to receive a copy of our privacy policy, please send a request to www.abb.com/privacy.

Your questionnaire will be destroyed immediately (at the latest, by the end of the day of your visit) if you were asked not to enter our facilities. If you are an external visitor and have answered "no" to all the questions, we will keep your form for 30 days to prove that all persons entering an office have been carefully screened.

If you have questions about data protection, complaints about how we handle your personal data or if you wish to exercise the rights of data subjects listed below, feel free to contact us (www.abb.com/privacy). Under certain circumstances, we may have to restrict these rights of data subjects in order to protect the public interest (e.g. the prevention or detection of criminal offenses) or our business interests (e.g. maintaining legal privilege). Should you not be satisfied with our response or believe we are processing your personal data unlawfully, you may also contact the Data Protection Authority in your country of residence or work or in which you believe the data breach may have taken place in accordance with your right to lodge a complaint per Art. 77 of the GDPR. In addition to your right to lodge a complaint, you also have the following rights:

  • Right to information: In accordance with Art. 15 of the GDPR, you have the right to receive information from us regarding your personal data that we process at any time upon request (in text form). This right is limited by the exceptions of Art 4, Para. 6 of the Austrian Data Protection Act, according to which the right of information is not applicable in particular if the provision of this information would endanger a business or trade secret of the responsible party or of a third party.
  • Right to rectification: In accordance with Art. 16 of the DSGVO, you have the right to request that we rectify your personal data without delay if it is incorrect. This right is subject to the restrictions set out in Art. 4, Para. 2 of the Austrian Data Protection Act, according to which, in the event that the correction of personal data processed with the aid of automation cannot be carried out immediately because it is only possible at certain times for economic or technical reasons, the processing of the personal data in question must be restricted with the effect of Art. 18, Para. 2 of the GDPR until this point in time.
  • Right to erasure: You have the right to request us to delete your personal data under the conditions set out in Art. 17 of the GDPR. These conditions are particularly met if a) the respective processing purpose has been achieved or otherwise ceases to apply, b) we have processed your data unlawfully, c) you have revoked your consent without the data processing being able to be continued on another legal basis, d) you successfully object to the data processing or e) in cases where there is an obligation to delete the data on the basis of EU law or the law of an EU member state to which we are subject. This right is subject to the restrictions set out in Art. 4, Para. 2 of the Austrian Data Protection Act, according to which, in the event that the deletion of personal data processed with the aid of automation cannot be carried out immediately because it is only possible at certain times for economic or technical reasons, the processing of the personal data in question must be restricted with the effect of Art. 18, Para. 2 of the GDPR until this point in time.
  • Right to restrict processing: In accordance with Art. 18 of the GDPR, you can request that we only process your personal data to a limited extent. This right exists in particular under the conditions that a) the accuracy of the personal data is disputed, b) you request limited processing instead of deletion under the conditions of a justified request for deletion, c) the data is no longer necessary for the purposes we pursue, but you need the data to assert, exercise or defend legal claims, or d) the success of an objection is still disputed.
  • Right to data portability: In accordance with Art. 20 of the GDPR, you have the right to receive your personal data that you provided us in a structured, common, machine-readable format, as well as the right to have us transfer this data to another responsible party.
  • Right to object: In accordance with Art. 21 of the GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data, either in the public interest or to safeguard our legitimate interests. Thereafter, we will stop processing your personal data unless we can prove compelling reasons for processing your personal data that are worthy of protection, which outweigh your interests, rights and freedoms, or unless such processing serves to assert, exercise or defend legal claims. If you object to the processing of your personal data for marketing purposes, we will stop processing your data in any case.

Last updated: Saturday, November 27, 2020

This privacy notice for applicants ("Privacy notice") applies to the B&R Group, i.e. B&R Industrial Automation GmbH and any company in which B&R Industrial Automation GmbH, directly or indirectly, holds a majority interest or owns or controls the majority of voting rights. B&R Industrial Automation GmbH is in turn part of the ABB Group (a 100% subsidiary of ABB Asea Brown Boveri Ltd.). The B&R company offering the job for which you are applying (hereinafter referred to as "B&R") is responsible for processing your personal data and monitors data processing in accordance with this privacy notice.

At B&R, compliance with your data protection rights has the highest priority. This privacy notice explains why and how we collect and process your personal data and what your rights are with regard to this data.

B&R Industrial Automation GmbH and all B&R subsidiaries are responsible for processing your personal data. In accordance with applicable data protection laws, the B&R subsidiary offering the job for which you are applying is responsible for processing your personal data (hereinafter referred to as "application"). Furthermore, other B&R subsidiaries may receive and process your data, either as the data controller or the data processor. Accordingly, this privacy notice applies equally to them.

In your case, B&R Industrial Automation GmbH, B&R Strasse 1, 5142 Eggelsberg, Austria or the respective company affiliated with B&R according to section 15 ff. of the Stock Corporation Act with which you are in an employment relationship will decide, as the "data controller" within the meaning of the General Data Protection Regulation ("GDPR") and the Austrian Data Protection Act or other applicable national data protection laws at the headquarters of the respective subsidiary, for what and how your personal data will be used in accordance with this privacy notice (hereinafter also referred to as "B&R", "we" or "us").

We collect and use personal data within the scope of or in connection with your application to B&R. In addition, we process personal data that we can obtain from publicly available sources, such as career portals, job-related social networks and career fairs or that is lawfully transmitted by other third parties, such as recruitment agencies, through which you applied for a job at B&R to the extent required for the purposes stated in this privacy notice. We process the following categories of your personal data to the extent required for the purposes of processing in accordance with this privacy notice:

  • Personal details and identification data, e.g. name, gender, age, nationality, date and country of birth, marital status, private and business address, private and business telephone number, private and business email address or other contact details that you wish to provide in connection with your application.
  • Personal details about skills and experience, such as qualifications and certificates, including current and past employment, education and training, CV, documents and records of education and work results, (in some cases) contact details of references, results from aptitude tests, interviews and feedback and any other personal data you provide in connection with your application.
  • Depending on the position, we carry out internal or external assessments in which we collect additional data, such as assessment performance data, assessment scores as well as recordings and notes from telephone or video interviews.
  • Job-related personal data of successful applicants, which are only required for concluding the employment contract and the recruitment process, such as photographs, signature, passport information, residence, nationality, work and residence permit, immigration status and visa data, employee number, employment status, applicable personal identification numbers (tax, national insurance, other insurances, driving license, etc.), insurance details, bank account details, data of relatives (name of spouse/partner, children, etc.), emergency contacts, training documents, clothing and shoe size, if required.
  • Other personal data (which may include special categories of personal data), especially if such personal data is entered into our application systems by you or others. This includes personal data (e.g. inquiries, questions, complaints, emails, contracts, presentations, work products), photos, images and/or videos.

Any of your personal data that falls into the categories listed below is collected and processed exclusively during the recruitment process and in accordance with applicable national laws. We process such personal data only if required by local law or if it is required to ensure the legal requirements for equal opportunities and equal treatment of all candidates and employees. This means that such personal data will not be processed if processing is prohibited by applicable national law.

Special categories of personal data, for example:

  • Membership in religious communities (if required for tax purposes, for example)
  • Health and medical data including disability status, special working conditions (e.g. use of a standing desk), medical equipment needed at the workplace, work-related illnesses and injuries, data needed for assistance in travel emergencies (blood group, medical records, allergies)
  • Racial or ethnic origin (e.g. when required for diversity purposes)
  • Union membership (in some cases)
  • If we conduct a background check on you as part of the recruitment process, we will only process this data in accordance with applicable law. Data on criminal convictions and offenses, such as information about previous convictions and sanction lists, are only processed to the extent that is required for a criminal background check according to money laundering laws or other legal obligations.

If you wish to obtain information about a specific data processing activity, this can be requested from www.abb.com/privacy.

We process your personal data primarily for our recruitment processes in connection with the job for which you are applying now and for which you might apply in the future. As part of the recruitment process, we need to process your personal data in order to decide whether you are the right candidate for the position, to possibly enter an employment relationship with you, to meet contractual and legal obligations in connection with recruitment or to fulfill our legal obligation to collect and process your personal data (mainly on the basis of employment law).

Without processing certain personal data, B&R will not be able to process your application, establish and maintain an employment relationship with you or take contractual or legal actions at your request. When it comes to processing your personal data in connection with your application, B&R will not be able to process your application upon your request without certain personal data and you will not be able to exercise your associated rights if you do not provide the data requested. Your application may also be rejected if the personal data you provided during the recruitment process is incomplete and/or incorrect.

In particular, we process the personal data listed above for the following purposes:

  • Talent management and acquisition, including recruitment, assessment of suitability and work ability, background checks and verification of qualifications, procurement and provision of references
  • Work procedures and processes related to starting and ending a work relationship, including internal transfers or terminations
  • Fulfillment of obligations and exercise of specific rights in the field of employment and social security law or a collective agreement
  • Internal health and safety programs, including occupational health and safety and accident records or reports and process quality management
  • Personnel management, including organization and personnel administration, work time management, improvement and maintenance of effective personnel administration, internal personnel analysis, reporting and planning
  • Management of IT resources, including infrastructure management, such as data protection, data systems support and application management service activities, end user support, testing, maintenance, security (response to security incidents, risks, vulnerabilities, data breaches), master data and areas of activity including user account management, software licensing, security and performance testing and business continuity

In addition, we process personal data when an employment contract is concluded or in case of claims resulting from the recruitment process:

  • Payroll, compensation and performance management, including the provision of social services and the maintenance of salary, compensation, allowances, benefits, insurances, pensions and appraisals
  • Management of development and further education measures including certifications, employee training and conducting surveys and studies on employee satisfaction
  • Sick leave or other leave of absence and holiday administration
  • Travel and expense management and organization of business trips, including monitoring of travelers for assistance in case of safety or medical emergencies, provision of training courses related to travel safety, health and safety and, on a voluntary basis, assistance with security support in emergencies
  • Internal and external communication of the B&R organization and representation of B&R, including entries in the commercial register and assignment of powers of attorney
  • Managing B&R assets, including images and videos that represent employees and other people and can be downloaded via B&R's intranet, B&R's website, etc.
  • Reorganization, purchase or sale of activities, business units and companies.
  • Annual reports, statistics and analyses
  • Monitoring and verifying compliance with ABB and B&R corporate guidelines, contractual obligations and legal requirements through employee activities in the workplace, including disciplinary measures
  • Management, risk and compliance, including compliance with laws, rules of law enforcement agencies, courts and regulatory authorities (e.g. the process of verifying customer identities ("KYC"), measures to prevent money laundering ("AML"), compliance with customs duties and international trade rules, rules for conflicts of interest and security obligations) as well as prevention and detection
  • Investigation and prevention of crimes and fraud or other prohibited actions, or for the protection, establishment, exercise or defense of legal rights and claims
  • Video surveillance or CCTV for the purposes of public and personal security, building security and crime prevention and detection
  • Access control systems with electronic entry and/or exit control for authorized persons in restricted areas and local attendance list for emergencies
  • Intrusion detection systems including third-party monitoring of coercion, property, internal security, supporting surveillance monitors for site monitoring/automated systems

We only collect the personal data required for the above purposes. The use of your personal data that you provide in connection with your application is limited to the extent necessary to process your application and will only be disclosed to employees and third parties directly involved in the recruitment process for the respective position. Whenever you are asked to provide your personal data, we will indicate which personal data is mandatory or voluntary for the application and on what legal basis it will be processed.

For certain assessments or decision-making processes, we may use automated methods to create a profile of you based on your personal data that we have received as described in this privacy notice. In this case, we will inform you about the processing procedure of your personal data and inform you about the logic involved and the possible consequences of such automated decision-making and processing procedures. In general, the logic for automated decision-making is based on the minimum requirements of the job description and the conformity of your suitability, qualification and experience with these requirements. A possible consequence of this automated decision-making process is that your application may be rejected if your profile does not meet these requirements. If we use automated methods, you can claim your right to intervention by a person from B&R to present your own point of view and the right to challenge the decision by sending a request to www.abb.com/privacy. You also have the right to object to the generation of profiles by submitting an appropriate objection to www.abb.com/privacy or withdrawing any consent you may have given to such processing.

We may also collect your personal data anonymously so that you cannot be identified directly or indirectly by this data, and subsequently use this data for further processing purposes, including statistical purposes, improving our services and reviewing our IT systems.

We process your personal data for the purposes described above (in Question 3) in accordance with the provisions of the GDPR and the Austrian Data Protection Act, especially in accordance with the following applicable legal bases:

  • We process your personal data primarily for the purpose of establishing, maintaining or terminating an employment relationship with you as well as enforcing rights and fulfilling obligations arising from your employment contract on the legal basis of Art. 6 (1) b) of the GDPR.
  • If we process your personal data (including special categories of personal data) for the purpose of exercising rights or fulfilling legal obligations under employment, social security and social protection law, the legal basis for this data processing is Art. 6 (1) c) and 9 (2) b), f) and h) of the GDPR.
  • If we process your personal data (including special categories of personal data) for the purpose of health care, occupational medicine or the assessment of your work ability and if your data is processed by health care professionals or other persons subject to professional secrecy, the legal basis is Art. 9 (2) h) of the GDPR.
  • In cases where we process your personal data on the basis of other legal provisions and obligations, for example, with regard to allowances and tax, reporting or notification obligations, cooperation obligations with authorities or legal retention periods to fulfill other contractual and legal obligations as an employer and company, the legal basis for this processing is Art. 6 (1) c) of the GDPR.
  • Where required, we process your personal data within the scope of our employment relationship with you in order to safeguard our legitimate interests or those of third parties. This is done in the context of balancing interests in accordance with Art. 6 (1) f) of the GDPR, according to which processing is permissible if it is necessary to safeguard legitimate interests and if the interests or basic rights and freedoms of the data subject, which require the protection of personal data, do not prevail. Such legitimate interests may include the following processing purposes:
    • Monitoring (e.g. by IT systems), checking and ensuring compliance with legal and regulatory standards and ABB's and B&R's internal specifications and guidelines
    • Prevention of fraud and criminal activity, including verification of such activity, misuse of B&R's assets, products and services and where strictly necessary and appropriate to ensure network and data security
    • Establishment, exercise and defense of legal claims by and against B&R in connection with your work tasks and obligations at B&R
    • Transfer of personal data within the B&R Group for internal administrative purposes, wherever necessary, for example, to provide decentralized services

To obtain a copy of our assessment of our legitimate interest in processing your personal data, including documented balancing of interests, please send a request to www.abb.com/privacy.

In exceptional cases and insofar as we process your personal data (including special categories of personal data) for purposes that are not covered by the aforementioned legal bases, we require your consent in accordance with Art. 6 (1) a) and 9 (2) a) of the GDPR as the legal basis for processing your personal data, for example if we want to store and process your personal data for other or future jobs and applications, surveys in connection with the application process or job newsletters on future jobs. If we send you this information via email, we may require further consent under applicable law in accordance with Art. 107 (2) of the Austrian Telecommunication Act. Your consent is always given on a voluntary basis, i.e. you are not obliged to provide your personal data and need not fear any disadvantages if you refuse to give your consent. You can also withdraw your consent at any time with future effect in accordance with Art. 7 (3) of the GDPR without giving reasons. If we ask for your consent to the purpose-related use of your personal data, we will inform you of your right to object and about the possibility to exercise your right to object.

We will only process personal data related to criminal convictions or offenses in accordance with (national) applicable law.

We will only share your personal data with employees and third parties directly involved in the recruitment process, in particular in the country in which you have applied for the job or in countries directly involved in the respective recruitment process. As part of a global corporation, we have business relationships with companies in the B&R Group and external service providers, both within and outside the European Economic Area (EEA), which we may also use to process your personal data. We will generally only share your personal data with other B&R companies or third parties if this is necessary for the purposes listed in the table below.

In this regard, your personal data may also be made available to companies of the B&R Group in countries within and outside of the EEA for the aforementioned processing purposes. In addition, when processing your personal data for the aforementioned purposes, we may use external service providers as data processors (e.g. computer centers, software companies and marketing automation providers). They are generally used with binding instructions within the framework of an existing contractual relationship and receive your personal data only to the extent and for the period of time required to provide the service.

If we share your personal data with a B&R company or third party and it is transferred or becomes accessible outside the European Union ("EU") and the European Economic Area ("EEA") or outside the country of your employer, we will protect your personal data with appropriate safeguards. Examples of such safeguards include decisions on adequacy of protection by the European Commission or Standard Contractual Clauses. We have taken additional measures to protect your personal data when it is transferred outside the EU, EEA or country of the employer. If you would like an overview of the safeguards applied, please send a request to www.abb.com/privacy.

Recipient name / recipient category

Recipient location

Purpose

Safeguard in place to protect your personal data

B&R Industrial Automation GmbH

Austria, Eggelsberg

Storing personal data on our servers.

Decision on adequacy by the EU Commission for Switzerland

Other B&R companies

Within and outside the EU / EEA

Sharing your application with other B&R companies that are directly involved in the recruitment process for the respective position also for future application procedures, provided you have given your consent. If an employment contract is concluded, we will share your data with B&R companies responsible for setting up the required accounts in our information systems and for maintaining servers and systems for storing and sharing personal data of employees.

Direct application of the GDPR if the respective B&R company is located within the EU/EEA; otherwise, decision on adequacy (if applicable).

Outside the EU/EEA or decision on adequacy temporarily via Standard Contractual Clauses between B&R companies; otherwise, via company-wide guidelines (Binding Corporate Rules) as soon as they come into effect.

Third-party recipients (including B&R business partners and joint ventures with third parties, software providers, law firms and government agencies)

Within and outside the EU / EEA

Sharing your application with third party recipients directly involved in the recruitment process for the respective position in order to issue work permits, visas and other legally required documents.

Direct application of the GDPR if the recipient is located within the EU/EEA; otherwise, decision on adequacy (if available), Standard Contractual Clauses or equivalent mechanisms for the transfer of personal data outside the EU/EEA (e.g. privacy shield).

Potential or current buyers of B&R companies or B&R assets

Within and outside the EU / EEA

To evaluate the respective B&R company or B&R assets

Direct application of the GDPR if the recipient is located within the EU/EEA; otherwise, decision on adequacy (if available), Standard Contractual Clauses or equivalent mechanisms for the transfer of personal data outside the EU/EEA (e.g. privacy shield).

We generally process and store your personal data only as long as is necessary for the processing purposes stated in this notice, until you withdraw your consent granted under Art. 6 (1) a) of the GDPR or until you object to the use of your personal data if a legitimate interest is the legal basis for processing (Art. 6 (1) f) of the GDPR).

However, legal provisions require B&R to store certain personal data for minimum retention periods. This concerns, for example, employment contracts, information about remuneration and reimbursement of costs, for which minimum retention periods apply on the basis of company and tax law regulations. In addition, national anti-discrimination laws such as the Austrian Federal Equal Treatment Act, which gives you specific rights in connection with the recruitment process, require that we store your personal data for the period during which you can make claims on the basis of anti-discrimination laws.

At the same time, the applicable data protection laws require that we store and process your personal data in a form that identifies you for no longer than is necessary for the purpose for which the personal data was collected and that we carry out regular checks in this regard.

Although there may be limited exceptions due to national legal provisions (e.g. tax or commercial law), your personal data will generally be processed for the following retention periods:

  • If your application has been rejected, the recruitment process ends with the rejection notification and your personal data will be stored and processed for another 6 months, for example in Austria, unless you have given us your consent to consider you for future jobs and to store and process your personal data for these purposes.
  • If your application has been successful, the recruitment process ends with the conclusion of your employment contract and we will continue to process your personal data for the duration of this contract and/or the retention periods specified in the privacy notice applicable to you and your employment contract.
  • If you have given us your consent to consider you for further job offers and to store and process your personal data for these purposes, we will store and process your personal data for a maximum retention period of 24 months.

After the applicable retention period has expired, we will delete your personal data or make it anonymous, unless there are special circumstances that require us to retain your personal data, such as legal or regulatory requirements or legal disputes in connection with your employment. Through settings in IT systems and guidelines, we ensure that your personal data is deleted as soon as it is no longer needed.

For further information about the retention periods applicable to your personal data, please send a request to www.abb.com/privacy.

If you have questions about data protection, complaints about how we are handling your personal data or wish to exercise the rights of data subjects listed below, you can contact us at www.abb.com/privacy. Under certain circumstances, we may have to restrict these rights of data subjects in order to safeguard the public interest (e.g. the prevention or detection of criminal offenses) or our business interests (e.g. maintaining legal privilege). Should you not be satisfied with our response or believe we are processing your personal data unlawfully, you may also contact the Data Protection Authority in your country of residence or work or in which you believe the data breach may have taken place in accordance with your right to lodge a complaint per Art. 77 of the GDPR. In addition to your right to lodge a complaint, you also have the following rights:

  • Right to information: In accordance with Art. 15 of the GDPR, you have the right to receive information from us regarding your personal data that we process at any time upon request (in text form). This right is limited by the exceptions of Art. 4 (6) of the Austrian Data Protection Act, according to which the right of information is not applicable in particular if the provision of this information would endanger a business or trade secret of the data controller or of a third party.
  • Right to rectification: In accordance with Art. 16 of the GDPR, you have the right to request that we rectify your personal data without delay if it is incorrect. This right is subject to the restrictions set out in Art. 4 (2) of the Austrian Data Protection Act, according to which, in the event that the correction of personal data processed with the aid of automation cannot be carried out immediately because it is only possible at certain times for economic or technical reasons, the processing of the personal data in question must be restricted with the effect of Art. 18 (2) of the GDPR until this point in time.
  • Right to erasure: You have the right to request us to delete your personal data under the conditions set out in Art. 17 of the GDPR. These conditions are particularly met if a) the respective processing purpose has been achieved or otherwise ceases to apply, b) we have processed your data unlawfully, c) you have withdrawn your consent without the data processing being able to be continued on another legal basis, d) you successfully object to the data processing or e) in cases where there is an obligation to delete the data on the basis of EU law or the law of an EU member state to which we are subject. This right is subject to the restrictions set out in Art. 4 (2) of the Austrian Data Protection Act, according to which, in the event that the deletion of personal data processed with the aid of automation cannot be carried out immediately because it is only possible at certain times for economic or technical reasons, the processing of the personal data in question must be restricted with the effect of Art. 18 (2) of the GDPR until this point in time.
  • Right to restrict processing: In accordance with Art. 18 of the GDPR, you can request that we only process your personal data to a limited extent. This right exists in particular under the conditions that a) the accuracy of the personal data is disputed, b) you request limited processing instead of deletion under the conditions of a justified request for deletion, c) the data is no longer necessary for the purposes we pursue, but you need the data to assert, exercise or defend legal claims, or d) the success of an objection is still disputed.
  • Right to data portability: In accordance with Art. 20 of the GDPR, you have the right to receive your personal data that you provided us in a structured, common, machine-readable format, as well as the right to have us transfer this data to another data controller.
  • Right to object: In accordance with Art. 21 of the GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data, either in the public interest or to safeguard our legitimate interests. Thereafter, we will stop processing your personal data unless we can prove compelling reasons for processing your personal data that are worthy of protection, which outweigh your interests, rights and freedoms or unless such processing serves to assert, exercise or defend legal claims. If you object to the processing of your personal data for marketing purposes, we will stop processing your data in any case.

Last updated: November 5, 2020

Right to cancel a purchase order

As a customer (a physical person who enters into a legal transaction for a purpose which is not part of their usual commercial or independent professional activity), you can cancel your contractual declaration in writing (e.g. letter, fax or email) within 14 days, without having to give any reasons for this, or by returning the goods to us. This period begins on the day on which you received the written cancellation instructions, but not before you have received the goods sent to you or to the recipient you specified for delivery (for repeated deliveries of similar goods, not before you have received the first partial delivery), and also not before the vendor has fulfilled its obligations to provide information in accordance with § 312c paragraph 2 of the German Civil Code (BGB) together with § 1 paragraphs 1, 2 and 4 of the Regulations on Obligations to Provide Information Based on the German Civil Code (BGB-InfoV) as well as its obligations based on § 312e paragraph 1 sentence 1 of the German Civil Code together with § 3 of the Regulations on Obligations to Provide Information Based on the German Civil Code.

Sending the cancellation or goods before this 14-day deadline expires is sufficient to ensure that the cancellation period is complied with. The cancellation must be sent to our postal address.

Consequences of a cancellation

In the event of a valid cancellation, the services and payments received by both parties must be returned. There is no obligation to pay compensation for the use of the goods or the value of the use. If you cannot return all or some of the goods to the vendor, or can only return them in a deteriorated condition, you must pay compensation to the vendor for their loss in value, if applicable. This does not apply to the return of goods if their deterioration was exclusively due to the way they were examined or tested - as might happen when goods are returned to a shop, for example. In addition, you are not obliged to pay compensation to the vendor for the loss in value of goods if their deterioration was caused through proper intended use if you did not use the goods as your own property and you did not do anything to cause their loss in value. Goods that can be sent as a parcel are returned at the vendor's own risk. You have to pay the costs of returning the goods to the vendor if the goods delivered to you were the goods you ordered, and if the price of the goods to be returned does not exceed €40, or if the price of the goods returned is higher but at the time of the cancellation you had not yet paid for them or made a contractually agreed part payment. Otherwise, you will not have to pay the costs of returning the goods to the vendor. Goods that cannot be sent in a parcel will be collected from you. Obligations to reimburse payments must be fulfilled within 30 days. This period starts for you on the day you send your declaration of cancellation or when you send the goods, and for the vendor this period begins when the cancellation or the returned goods are received.

Exclusion from the right of cancellation

Customers do not have a right to cancel a purchase order in cases where, for example, customized contracts for the supply of goods were agreed, or which were clearly tailor-made to suit individual requirements, or which are not suitable for returning to the vendor due to their condition, or which can be quickly spoiled or for which would exceed the expiry date, or for the delivery of audio or video recordings or software if the data carriers delivered have been unsealed by the customer, as well as for the delivery of newspapers and magazines, unless the customer has given a contractual declaration by telephone.

When services are provided, your right to cancellation will expire prematurely if the contract has been completely fulfilled by both parties at your explicit request before you have exercised your right to cancellation. This may mean that you must still fulfill your contractual payment obligations for the period up to the cancellation.

End of the cancellation instructions

Disclaimer

The author of the contents of this website accepts no liability for the accuracy, completeness or quality of the information provided or for it being up-to-date. Liability claims against the author, which are based on claims for material or intangible damages caused by the use or non-use of the information provided or by the use of incorrect or incomplete information, are all excluded unless the intentional or grossly negligent fault of the author can be proven.

All the offers on this website are non-binding. The author explicitly reserves the right to change, expand or delete parts of these web pages or the entire website without prior notice, or to temporarily or permanently discontinue its publication on the Internet.

Where there are direct or indirect references to external websites ("hyperlinks"), which are outside the area of responsibility of the author, a liability obligation would only enter into force in cases where the author is aware of their contents and it is technically possible and reasonable for the author to prevent its use in the case of illegal content.

The author hereby explicitly declares that at the time of creating these links, no illegal content was found on the web pages to be linked to this website. The author has no influence on the current and future design, content or origin of the web pages linked to this website. The author therefore explicitly dissociates himself from all the contents of all the linked pages which have been changed after the time when these links were created. This statement applies to all the links and references created on our own website, as well as to the entries made by other people in the guest books, discussion forums, lists of links and mailing lists set up by the author, and in any other forms of databases to which external writing access is possible. Liability for any illegal, incorrect or incomplete contents on other websites, and in particular for damages resulting from the use or non-use of such information, is the responsibility of the author of the websites to which reference was made, and is not the responsibility of the author of this website who merely makes references to those other websites via links.

The author of this website has endeavored not to infringe the copyrights of the images, graphics, sound recordings, video sequences and texts used, and to use their own images, graphics, sound recordings, video sequences and texts, or to use graphics, sound recordings, video sequences and texts which are not protected by copyrights.

All the brand names and trademarks mentioned on this website and which may be protected by third parties are subject without restrictions to the requirements of the relevant trademark law and the rights of ownership of the respective registered owners. The mere naming of brand names and trademarks does not imply that they are not protected by the rights of third parties.

The copyright for all the published material created by the author of this website are held entirely by the author of this website. Any reproduction or use of such graphics, sound recordings, video sequences and texts in other online or printed publications is not permitted without the explicit consent of the author.

If the users of our website are able to enter personal or commercial data on this website (email addresses, names, addresses), these users are explicitly advised that they are giving this data voluntarily. All our services offered on our website may also be used and paid for without having to give such data or by giving anonymized data or a pseudonym, insofar as this is technically possible and reasonable. The use by third parties of contact data such as postal addresses, telephone and fax numbers and email addresses, or similar information published on this website, for the transmission of information not explicitly required is not permitted. We explicitly reserve the right to take legal action against the senders of so-called spam mail in the event of violations of this prohibition.

For additional information on data protection, see our Data protection declaration (privacy policy).

This exclusion of liability is to be considered as part of our website in which this page is referred to. If any sections or the wording of individual conditions in this text are not, no longer or not fully compliant with current legislation, the contents and the legal validity of the other parts of this document shall remain unaffected by this.

Por favor elija país e idioma:

B&R Logo

Please choose country

B&R Logo