GDPR Disclaimer

Information according to Article 13 / 14 EU GDPR for Partners, Visitors and Interested Persons

For communicating, providing information and possibly goods or services to you or your company, personal data is needed, e.g. name, contact data or the function of a data subject.

Provision of personal data takes place by you submitting data via this contact form.

This is done in compliance with both legal requirements and the personal rights of the persons concerned. Data subjects have the right to request access to their personal data, to demand the erasure or the rectification of their data as well as a restriction of the data processing. As a result, services based on this data can no longer be used. You as data subject can send questions and complaints at any time to operations@epirusconsultancy.com – or – if available – to the data protection authority of your country.

1. Data Scope

The following data categories may be collected and processed:

• Identification data, e.g. name
• Addresses and contact data, e.g. postal addresses, e-mail addresses, phone numbers, organizational data such as company/organization, department, function
• Authorizations and their use, e.g. IP addresses

2. Purpose

In general, personal information of individuals may be used according to Art. 6 para. 1 General Data Protection Regulation (GDPR) or similar legal rules especially for entering into and performance of contracts for:

• Operational purposes
• Identification and authorization
• Communication, e.g. for clarifying questions, exchanging information or appointments
• Documenting activities, e.g. meetings, events and agreements
• Complaint management

Additionally, in the case of requested services, visits or a closer relationship (neighborhood, media representatives), personal information of individuals may be used for:

• Providing information and requested services, e.g. newsletter
• Monitoring and safety checks

Related to business partners, e.g. suppliers, customers, service providers, it may be used in addition for:

• Settlement of transactions, e.g. payment, invoicing and contract management
• Logistics, e.g. transportation
• Authorization and identity management for electronic services, including technical support and troubleshooting
• Administrative communication, e.g. sales promotion or product development

A given consent to the use of personal data can be revoked at any time.

3. Processing Principles

Reasonable technical and organizational measures for data security are implemented through internal regulations and - if the data is processed by an external service provider - by means of appropriate contractual agreements, for example through the use of the EU standard contract clauses for data processing outside the European Union. These may be obtained from us in case of a legitimate interest.

Please keep your data up to date, e.g. by providing relevant changes or, if possible, by changing the information yourself or by informing your contact in our organization in due time.

Questions about your data, their correction or deletion and about information requests can be clarified with the contact provided in No. 1 above. Further, you have in some regions of the world (e.g. the European Union) the right to complain to a competent data protection authority (Art. 77 GDPR).

4. Data Transfer / Disclosure

In compliance with legal requirements and existing internal regulations, the data required for the respective purpose can be passed to other internal and external bodies in the following cases:

Operational Purposes

• to other companies of our group;
• to our service providers

Reporting and information obligations

• to authorities and other governmental bodies

Clarification of claims and accusations

• to lawyers, courts and other governmental/statutory bodies

5. Data Storage

Personal data will only be kept for as long as necessary to meet the respective purpose and to fulfill regulatory requirements, as a rule for the duration of the respective contractual relationship, including a possible statutory retention period.

For business partners, the deletion usually takes place 10 years after the last contact, for other persons, e.g. visitors, 5 years after the last contact or on request.

Data deletion is carried out within the framework of the deletion routines implemented by the process managers.

6. Monitoring and Investigation

For the protection of our IT systems and our intellectual property against different threats – e.g. malicious software, hacker attacks, spam, espionage and theft – different methods are used, in which, for example, data exchanged is examined for viruses and connection data is analyzed for abnormalities. For suspicious cases relevant documents and connection data can be analyzed.

In order to comply with existing export- and payment restrictions – e.g. companies and persons are listed in different government lists – business partner data may be checked against these lists.

In addition, in the case of suspicions, which have for example been reported via the compliance hotline, in the case of official investigations and defense against claims, an investigation and, where appropriate, provisioning of data and documents relating to the respective case and the persons concerned may be necessary.

In all cases internal regulations, legal requirements and the personal rights of the data subjects are respected.