10. Transfer of personal data
For the purpose of processing your personal data, we grant access to your personal data to our employees, collaborators and appointees as well as certain service providers. We guarantee a similar level of protection by providing contractual obligations to these employees, staff and agents as well as service providers, which are similar to this Privacy Statement.
It is possible that one or more of the above-mentioned third parties are located outside the EEA. However, we strive as a matter of principle not to transfer your data to third countries or international organisations. If this should nevertheless happen for processing purposes and if, according to the European Commission, these countries do not guarantee an adequate level of protection of Personal Data, we will take appropriate protective measures.
Transfers of data outside the European Union are made on the basis of EU Standard Model Clauses on data protection where the country to which the data is transferred does not provide adequate protection within the meaning of the GDPR. No transfers to the United States of America are carried out on the basis of the EU-US or Swiss-US Privacy Shield/Safe Harbour.
We only transfer your personal data to other companies of the EOS Group or other third parties (recipients) if:
- you have given your explicit consent for one or more specific purposes pursuant to Art. 6(1) Paragraph 1(a) of the GDPR,
- disclosure is necessary for the assertion, exercise or defence of legal claims in accordance with Art. 6(1) para. 1(f) of the GDPR and there is no reason to assume that you have a primary, legitimate interest in the non-disclosure of your data,
- in case a legal obligation for disclosure exists according to Art. 6(1) Paragraph 1 (c) of the GDPR and
- it is permitted by law and necessary for the fulfilment of contractual obligations in accordance with Art. 6(1) Paragraph 1 (b) of the GDPR.
Your Personal Data are mainly processed internally. However, in order to execute our agreement (or measures preceding the conclusion of the agreement) or to fulfil certain legal obligations, they may sometimes need to be communicated to third parties.
Certain personal data collected by us will also be passed on to and possibly processed by third-party service providers, such as our IT supplier, external partner assisting us with the support and further development of our IT tools, hosting partner, accountant, auditor, as well as by government or auditing authorities. These and other public authorities are entitled to request data from us to which we are legally obliged to respond. In such cases, your data may be transmitted to these third parties but only for the purpose of the service in question and always under our company's control.
The employees, managers and/or representatives of the above-mentioned service providers or institutions and the specialised service providers appointed by them shall respect the confidential nature of your personal data and may use these data only for the purposes for which they were provided.
If necessary, your personal data may be passed on to other third parties. This may be the case, for example, if all or part of our business is reorganised, if our activities are transferred or if we are declared bankrupt. It is also possible that personal data may need to be transferred in response to a court order or to comply with a specific legal obligation. In this case, we will make reasonable efforts to inform you in advance of such communication to other third parties. However, you will acknowledge and understand that in certain circumstances, this may not be technically or commercially feasible, or that legal restrictions may apply.
Under no circumstances will we sell or make your personal data commercially available to direct marketing agencies or similar service providers, except with your prior consent.