Data Protection Information Sheet for Customers (pursuant to Art. 13 GDPR)

Dear Business Partners,

Your data has always been in safe hands with us. Due to the EU-wide General Data Protection Regulation, it is necessary to establish a formal framework for this.
This information, in accordance with Articles 13 and 14 of the GDPR, is an essential element of this framework. It allows you to gain a comprehensive understanding of the most important as-pects of data processing within the context of our business relationship.

Legal Basis for Processing

The basis on which we process your personal data depends on the nature of our business relationship:

  • You contact us or request information (e.g., via email/phone/contact form), or we are in contact with you prior to entering into a contract (Art. 6(1)(b) GDPR).
  • If we send you a newsletter or similar electronic information, this is done based on your consent (Art. 6(1)(a) GDPR).
  • We fulfill services contractually agreed upon with your company (Art. 6(1)(b) GDPR).
  • We provide services in the lead-up to potential contracts (Art. 6(1)(b) GDPR).

As part of our business activities, we also process your data

  • to comply with legal obligations (Art. 6(1)(c) GDPR)
    - e.g., financial law and taxation
  • in the legitimate interests of our company (Art. 6(1)(f) GDPR) 
    - Maintenance of business relationships
    - Providing information about news relevant to our collaboration
    - Organization of events
    - Credit checks by credit bureaus
    - Commercial register inquiries
    - Internal management/improvement of our services (e.g., through analyses)
    - Use of supporting IT and AI systems to increase efficiency and improve our services
    - Traceability and documentation of business processes
    - Archiving/documentation for traceability as well as for the assertion, exercise, or defense of legal claims
  • For the performance of a contract (Art. 6(1)(b) GDPR)
    - Sending security alerts 
    - Documentation and traceability
    - Executing orders for customers

Use of AI-supported systems to support internal work processes

To increase efficiency and improve our internal workflows, we use AI-supported systems in selec-ted cases, particularly to assist with text and documentation creation, analysis, research, and the structuring and preparation of information.
Depending on the specific use case, this may also involve the processing of personal data, in par-ticular master and contact data, communication content, and other information required for the respective processing within the scope of the business relationship.

These systems are used exclusively for support purposes. Decisions affecting you are not made exclusively by automated means, but are always reviewed and approved by responsible employees (“human in the loop”).

To the extent that AI-supported systems are used in connection with contract initiation, contract performance, or the organization of our business relationship, the processing is based on Art. 6(1)(b) GDPR. In all other cases, it is based on our legitimate interest pursuant to Article 6(1)(f) of the GDPR in efficient internal work processes, consistent documentation, and the ongoing im-provement of our services.
A list of the AI-supported systems we currently use can be found here.

Collection of personal data from other sources (Art. 14 GDPR)

We collect personal data from external sources in the following cases:

  • from publicly accessible registers and sources (e.g., commercial register, company websites)
  • from credit bureaus as part of credit checks (ACREDIA Versicherung AG, Creditreform Wirtschaftsauskunftei Kubicki KG, KSV1870 Holding AG)
  • from sales partners, distributors, and manufacturers, provided that operational support by us appears appropriate

In doing so, we process - depending on the specific occasion and purpose - the following categories of personal data in particular:

  • Master and contact data (e.g., name, company, professional contact information)
  • Functional and role data (e.g., area of responsibility, position within the company)
  • Register data
  • Creditworthiness data
  • Other data necessary for the initiation, execution, and documentation of the business relationship

It is expressly stated that no decisions based solely on automated processing are made during credit checks. This means that a human always has the final say.

Use of Data Processors and Transfers to Third Countries 

As part of our processes, we outsource some of our activities to carefully selected external part-ners. Consequently, these partners are considered data processors or data recipients under the General Data Protection Regulation.
A list of our data processors pursuant to Article 28 of the GDPR can be found here.

The manufacturers of the products you have purchased may, in the course of order fulfillment, become sub-processors within the meaning of Article 28(4) of the GDPR. As such, they will have access to your personal data to the extent necessary to fulfill the order. A list of the relevant manufacturers and distributors can be found here

Depending on the specific IT services used (e.g., cloud and communication services, security/monitoring, ticketing/support) and the respective manufacturers/sub-processors, this may result in the transfer of your personal data to third countries (in particular to the U.S.). In such cases, we ensure that any transfer is made only on the basis of appropriate safeguards in ac-cordance with Article 46 of the GDPR (e.g., EU Standard Contractual Clauses) and - where necessary - additional protective measures. You may request information regarding the applicable safeguards from our data protection contact point.


Recipients of Personal Data

Depending on the type of services, we work with various distributors. As part of this collaboration, the distributors require data from our customers that is considered personal data under the GDPR, such as company name, contact person, and email addresses. Accordingly, these partners are data recipients pursuant to Article 4(9) of the GDPR.


Provision and Retention Period of Personal Data

A prerequisite for our collaboration is the provision of your data to the minimum extent required (contact details). If you do not agree to this, we inform you in accordance with GDPR Article 13(2)(e) that the consequence would be that we would be unable to maintain or enter into a business relationship with your company. 

We store your data only to the extent and for as long as required by the purpose for which we collected it. In this context, we note that, for tax law reasons, we generally retain contracts and other documents arising from our contractual relationship for a period of seven years (Section 132 of the Federal Tax Code). In individual cases, such as pending administrative proceedings, this retention period may exceed seven years.


Automated Decision-Making and Profiling

Automated decision-making, including profiling within the meaning of Article 22 of the GDPR, do-es not generally take place within the scope of our business relationship. To the extent that AI-supported systems are used, this is done exclusively in a supporting capacity and under human control.


Your Rights

You have the right at any time

  • to request information about which of your data we process (see Article 15 of the GDPR for details)
  • to have your data corrected or deleted (see Article 16 of the GDPR for details)
  • to restrict the processing of your data (see Article 18 of the GDPR for details)
  • to object to the processing of your data (see Article 21 of the GDPR for details)
  • to data portability (see Article 20 of the GDPR for details).

If processing is based on your consent (Article 6(1)(a) of the GDPR), you may withdraw this consent at any time with future effect. The lawfulness of the processing carried out on the basis of your consent until its withdrawal remains unaffected.

You also have the right to object to data processing for direct marketing purposes at any time. To do so, simply send a brief message to newsletter@bacher.eu or click the unsubscribe button in the next email.


Right to File a Complaint and Contact Information for Data Protection Concerns

If you believe that our handling of your data violates data protection law or that your data protec-tion rights have been infringed in any other way, we would appreciate it if you would contact us directly (Data Protection Coordinator). Of course, you have the right to contact the supervisory authority at any time. In Austria, this is the Data Protection Authority.

We hope this information has clarified how and for what purposes we process your data. If you still have questions regarding the processing of your data, please feel free to contact our Data Protection Coordinator.

Your contact for data protection inquiries
We have not appointed a Data Protection Officer. Our Data Protection Coordinator serves as the point of contact for data protection inquiries:
Mag. (FH) Elisabeth Müller
Phone: +431 60126 386
datenschutz@bacher.eu

Bacher Systems EDV GmbH
Wienerbergstraße 11/B9
1100 Vienna
Phone: +43 1 60 126-0
Email: info@bacher.eu
Commercial Register Number: FN 54202i
Commercial Register Court: Vienna Commercial Court
Authority pursuant to the ECG: District Office of the 10th District
VAT ID No.: ATU15176501
Member of the Austrian Chambers of Commerce:
Trade in computers and office systems, management consulting, and information technology

We respect your privacy.

This website uses a number of marketing and analytics cookies to enhance your experience on our site. For more information, please see our Privacy Policy. We only activate these cookies if you click the relevant buttons. If you do not wish this to happen, please select ‘Only necessary Cookies’. To find out more, please read our Privacy Policy.