Information For SPIRIG Business Partners in Europe On the Processing of Their Personal Data

Dipl. Ing. Ernest Spirig company (“SPIRIG” or the “Company”) are committed to protecting the privacy of their Business Partners when processing personal data.

From May 2018, the EU General Data Protection Regulation (“GDPR”) will set the new legal standards for data protection within the European Union.

“Business Partners” shall mean any individual with whom SPIRIG does business, including, without limitation, representatives and employees of customers, suppliers, service providers and competitors. The purpose of this letter is to inform prospective and current Business Partners in Europe about the processing of their personal data by SPIRIG. SPIRIG is obligated under the GDPR to provide this information.

We continue to process the same sets of personal data. You do not need to take action.

I. Responsibilities and contact information 
The controller of your personal data is: 
Dipl. Ing. Ernest Spirig, Hohlweg 1, 8640 Rapperswil, Switzerland

II. How we use your personal data
We process personal data insofar necessary to safeguard the legitimate interests of SPIRIG (Art. 6 para. 1 lit. f GDPR), for example, 
- to enter into or perform a contract or other business relationship (including for processing of purchase orders, delivery or payments, or in case of complaints, repairs or cases of warranty), or in order to prepare and respond to a request for proposal, to establish terms and conditions of the contractual relationship and engage in product development activities, with our customers, suppliers, service providers and competitors, whose representative or employee you may be;  
- to transmit your personal data within the Company for internal administrative purposes (e.g. accounting); 
- to ensure IT security and IT operation; 
- to engage service providers, in particular internal and external IT service providers, who support our business operations; 
- for the performance of compliance investigations; 
- to ensure building and plant safety (including video surveillance insofar required for the protection of our premises). 

We further process personal data for the performance of contracts with individuals (natural persons) that we do business with, for example, to process a purchase order, delivery or payments, or in case of complaints, repairs or cases of warranty, or in order to prepare and respond to an individual’s request for proposal, to establish terms and conditions of the contractual relationship and engage in product development activities (Art. 6 para. 1 lit. b GDPR). 
Furthermore, SPIRIG is subject to various legal obligations (Art. 6 para. 1 lit. c GDPR) which may require the processing of your personal data. Such legal obligations may follow, for example, from taxation laws or foreign trade and sanctions laws. 

III. Recipients of your personal data 

Within the Company, only authorized SPIRIG personnel with relevant responsibilities will have access to your personal data.

We may engage third parties (these also include other SPIRIG entities) to provide particular services, such as IT services. We further engage among others legal advisors, management consultants and auditors. These third parties provide their services for us under our control and direction and may have access to your personal data to the extent required in order to render their services. 
In addition, we may, to the extent legally permissible, transfer your personal data to national and foreign public authorities (e.g., pension funds, tax authorities or public prosecutors) or courts to comply with legal obligations or in the company’s interest.

IV. Data transfers 

Countries located outside the EEA may not have data protection laws and regulations comparable to the ones applicable in your country. In case of such transfer of your personal data to other countries, we will adopt appropriate measures to ensure that your personal data will be adequately protected there. In particular, we have entered into the EU Standard Contractual Clauses with the said recipients of the data.

V. Your rights 
Subject to the legal preconditions, the applicability of which has to be reviewed in the in the individual case, you have the right to receive information about your personal data and to require rectification or erasure of your personal data or restriction of processing and to object to any of the data processing outlined under II. and to receive your personal data in a structured, commonly used and machine-readable format (data portability). 
You are also entitled to lodge a complaint with a supervisory authority. 

VI. Confidentiality and data storage 

Each of our employees as well as all staff members of third party service providers having access to and/or processing personal data are obligated to treat such data confidentially. ALL DATA WILL BE TREATED STRICTLY CONFIDENTIALLY AND STORED IN ACCORDANCE WITH APPLICABLE LEGAL REGULATIONS FOR A PERIOD LEGALLY SPECIFIED IN THE RELEVANT COUNTRY.

VII. Contact us

This is an information letter only and no action is required from your side. If you have any requests, questions, comments or suggestions about this information letter or our privacy practices, please contact spirig(at)