Principles of data processing at EDL Anlagenbau Gesellschaft mbH

Information according to Art. 13, 14 and 21 of General Data Protection Regulation (GDPR)

You have reached this page via a link because you want to find out more about how we handle personal data. The following information shall give you an overview of the processing of your personal data and your rights resulting from this.

Who is responsible for the processing of your personal data?

The controller within the meaning of data protection laws is:

EDL Anlagenbau Gesellschaft mbH
Lindenthaler Hauptstraße 145
04158 Leipzig

What kind of personal data do we process?

We process the following personal data received from you:

  • company name including legal form and address
  • titles and names
  • phone numbers
  • fax numbers
  • email addresses
  • field of business activity and position resp.

For what purposes do we process your personal data (purpose of data processing) and what is the legal basis for this?

When we receive personal data from you, we will process them only for the purposes for which we received or collected it.

Data processing for any other purposes will be done only if the required legal prerequisites according to Art. 6 para. 4 GDPR are met. Information obligations resulting from this as per Art. 13 para. 3 GDPR and Art.14 para. 4 GDPR will strictly be observed by us.

We process personal data in accordance with the regulations of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (Bundesdatenschutzgesetz (BDSG)). In particular, the following possibilities may come into consideration:

  • based on your consent
  • to meet contractual obligations (Art. 6 para. 1 (b) GDPR)
  • due to legal obligations (Art. 6 para. 1 (c) GDPR)
  • in the context of balancing of interests (Art. 6 para. 1 (f) GDPR).

Who are the recipients of the data?

Within our company

  • employees for the purpose of contacting you and for contractual cooperation
    (incl. fulfilling pre-contractual measures)

In the context of data processing by processors

If need be, your data is handed over to service providers acting for us as processors, regarding e.g.:

  • support and maintenance of EDP or IT applications
  • accounting
  • data destruction.

All service providers are contractually bound and in particular are obliged to treat your data as confidential.

Other third parties

Data will be passed on to recipients outside of our company only if the applicable data protection regulations are observed. Recipients of personal data may be e.g.:

  • public bodies and institutions (e.g. financial or law enforcement authorities), if there is a legal or official obligation
  • credit and financial service providers (financial transactions)
  • tax advisors or auditors, income tax inspectors and field auditors (legal audit assignment).

How long do we store data?

We process and store your personal data as long as this is required to meet our contractual and legal obligations. If data is no longer required to fulfil contractual or legal obligations, it will be deleted at regular intervals. There are exceptions

  • insofar as legal obligations to preserve records have to be met, such as German Commercial Code (Handelsgesetzbuch (HGB)) and Fiscal Code (Abgabenordnung (AO)). The stipulated deadlines for storing and documenting resp. are usually six to ten years,
  • to keep means of evidence within the legal periods of limitation. As per Art. 195 et seqq. of German Civil Code (Bürgerliches Gesetzbuch (BGB)) the periods of limitation can be up to 30 years with a regular period of limitation of 3 years.

Where is the data processed?

Your data is processed within the European Union and countries within the European Economic Area (EEA). It is not transferred to a third country.

Is there an obligation to provide data?

Within the scope of the contractual relationship you have to provide those personal data required for establishing, implementing and terminating the contractual relationship and for fulfilling the associated contractual obligations or for collecting data as legally required from us. Without having this data we usually will not be in a position to conclude the contract with you or to execute it.

Our data protection officer

We have appointed a data protection officer at our company. You can contact him as follows:

Kevin Peter
Corinthstr. 19
04157 Leipzig
Phone: 0800 63003061 (free of charge)

What rights do you have as data subject?

You have the right of access (Art. 15 GDPR) to your personal data being processed by us.

In case of an information inquiry not submitted to us in writing, we kindly ask for your understanding that we require evidence showing that you are the person you impersonate to be.

Furthermore, you have the right to rectification (Art. 16 GDPR) or erasure (Art. 17 GDPR) or to restriction of processing (Art. 18 GDPR), as far as you are legally entitled to it.

Furthermore, you have the right to object (Art. 21 GDPR) to processing of personal data within the scope of legal obligations. The same shall apply to the right to data portability (Art. 20 GDPR).

As regards the right of access and the right to erasure, limitations acc. to Art. 34 and Art. 35 of the Federal Data Protection Act (Bundesdatenschutzgesetz (BDSG)) may possibly apply.

In addition to this, there is the right to lodge a complaint with a supervisory authority (Art. 77 GDPR in conjunction with Art. 19 of the Federal Data Protection Act (Bundesdatenschutzgesetz (BDSG)). The competent supervisory authority responsible for us is: Der Sächsische Datenschutzbeauftragte, Devrientstr. 5, 01067 Dresden, phone: 0351 493-5401, fax: 0351 493-5490, email:

Information on your right to object as per Art. 21 GDPR

Right to object on a case-by-case basis

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data, which is based on Art. 6 para. 1 (f) GDPR (data processing based on balancing of interests). This shall also apply to profiling based on this provision within the meaning of Art. 4 (4) GDPR.

If you lodge an objection, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.