GDPR Compliance: Mandatory Information for Clients and Employees
Mandatory information according to Art. 13 und 14 General Data Protection Regulation (“GDPR”) for clients
1. Process-specific information
Name and contact details of the controller (first joint controller) |
Cardno TEC GmbH (Cardno TEC), Frankfurter Strasse 92, 65760 Eschborn, Germany, phone: +49 (0)6196 773 0754; email: GDPR@cardno-gs.com |
Contact details of the data protection officer (first joint controller) |
A data protection officer is not required by law. |
Purposes of the processing and legal basis |
- Pursuing the controller’s business purposes such as the sale of his products and services (Art. 6 para 1 lit. b) GDPR; Art. 6 para. 1 lit. f) GDPR, the legitimate interest is to be able to fulfill his contractual obligations) - Outsourcing IT services and other services to other group companies or service providers (Art. 6 para 1 lit f) GDPR, the legitimate interest is to implement cost- and resource-efficient business processes) - Compliance with statutory obligations such as tax and documentation (Art. 6 para 1 lit c) GDPR) |
Categories of personal data processed |
- Contract relevant data (surname, name, contact information of the company's authorized contracts representative) |
Categories of personal data not collected from the data subject and sources |
- Other Cardno group companies |
Recipients or categories of recipients of personal data |
|
Transfers to a third country, including measures to ensure an adequate level of data protection at the recipient (including the possibility of information) |
We transfer some of the above-mentioned personal data to the US. We provide the adequate level of data protection for your personal data by: EU Standard Contractual Clauses (SCC) or certificates under the EU-US Privacy Shield Agreement. At any time you may obtain a copy of the contracts concerning you by contacting the controller. |
Joint Control with Cardno GS Inc. |
When using or delivering administrative, operational, strategic, management, business development, finance and accounting, contract management, legal support, HR, IT, low margin, ad hoc and Project related Services Cardno TEC may process the clients personal data jointly with Cardno GS Inc., 2496 Old Ivy Road, Suite 300 Charlottesville, VA 22903, USA, phone +1-434-295-4446. In these cases Cardno TEC and Cardno GS jointly determine the purposes and means of the processing. Therefore, Cardno TEC and Cardno GS are joint controllers and have concluded an agreement pursuant to Art. 26 GDPR. The relevant provisions of this agreement with regard to the data subject are:
|
Period for which the personal data is stored |
Please see the retention period table |
2. The necessity of data collection
You are not required by operation of law or contract to provide to us your personal data, however, your personal data is necessary to enter into and administer the contractual relationship with you and in order to meet statutory as well as group-internal obligations. Without the provision of your personal data, we are not able to enter into the contract with you.
3. Consent
If you have provided your consent for the processing of your personal data, the following applies:
You have the right to entirely or partially withdraw your consent to process your personal data at any time. The withdrawal of your consent shall not affect the lawfulness of processing based on your consent before its withdrawal.
4. Right of objection, Art. 21 GDPR
You have the right to object, on grounds relating to your particular situation, at any time, when the processing is based on Art. 6 para. 1 lit. f) GDPR. We will then no longer process your personal data unless we can provide compelling reasons which outweigh your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.
5. Right to lodge a complaint with a supervisory authority, Art. 77 GDPR
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the EU- or EEA-Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating you infringes the GDPR.
Of course, you can also contact us first.
6. Your further rights
You also have the following rights and claims against the controller:
- The right of access (Art. 15 GDPR)
- The right to rectification (Art. 16 GDPR)
- The right to erasure (Art. 17 GDPR)
- The right to restriction of processing (Art. 18 GDPR)
- The right to data portability (Art. 20 GDPR)