Global Data Protection Notice for Customers and Business Partners

I. General Information

1. Information on Data Protection

The protection of your rights in the processing of personal data is an important concern for the companies of the Everllence Group. With the following information we would like to give you an overview of the processing of your personal data by us and your data protection rights.  

Which data is processed in detail and how it is used depends largely on your individual interests, the contractual services agreed upon and may vary from country to country. Therefore, not all parts of this information will apply to you. The country specific variations to this Notice are set out below. The country specific variations will be amended as the Everllence Group continues to implement new standards of data protection globally across the Group.

If you have any questions in relation to this notice or the country specific variations which may apply to you, please email data.protection@everllence.com.

 

2. Responsible for Data Processing and Contact

Everllence SE
represented by the Executive Board

Stadtbachstrasse 1
86153 Augsburg, Germany

Phone: +49 821 322-0

If another Everllence Group company alone or jointly with others decides on the purposes and means of processing personal data, this company shall (also) be responsible.

If you have any questions about this notice or about how to exercise your rights, you can contact our Data Protection Officer:

Data Protection Officer
Everllence SE
Group Data Protection

Stadtbachstrasse 1
86153 Augsburg, Germany

E-mail: dataprotection@everllence.com

II. Collection and Processing of Personal Data

1. Data Sources

We process personal data, which we receive from you as a customer or business partner or from your employer or client within the scope of our business relationship. In addition, we process - to the extent necessary for the provision of our services and permissible under the laws and regulations of the country where the responsible of the processing is located - personal data which we permissibly obtain from publicly accessible sources (e.g. commercial register, press, Internet) or which is transmitted to us by other companies of the Everllence Group or by other third parties (e.g. a credit reference agency).

Additionally we may also collect data from the following sources:

  • Active Directory Federation Services (ADFS); required for authentication of internal users
  • Microsoft Forefront Identity Manager (FIM); the interface to FIM is required to synchronize data from SEM with our internal user database and to enable single sign-on (i.e. automatic login in the Everllence network).
  • Sanction Lists

As a rule, your personal data will be collected directly from you within the framework of the existing or incipient contractual relationship.

 

2. Categories and Purposes of Personal Data Processing

We process personal data in accordance with the provisions of the European Data Protection Regulation (GDPR) and/ or the legal provisions of the country in which the office responsible for data processing is located. In the following we give you an overview of the purposes of our processing activities and the categories of personal data we process. Among others, the personal data highlighted in bold is treated as sensitive personal data under the Everllence Group companies. 

a. Offer preparation (e.g. product offers, service offers, financing offers or rental offers).

b. Order processing (e.g. completion of order forms, payment transactions, payment options, delivery and delivery conditions, , invoicing, bookkeeping and auditing, internal cost and performance accounting, controlling as well as the implementation of receivables management /collection of outstanding payment).

c. Delivery of the product (e.g. plant handover and commissioning).

d. Planning and execution of service orders (e.g. through online appointments).
Categories of personal data for purposes a. to d.: basic information (name, company name, company address, e-mail address, phone number, position); identification data (contact, contracting party and work organization data, pictures, signature);

e. Training of the product (invitation process and realization of the training, training purposes and learning management).

Categories of personal data for purposes e.: professional contact and (work) organizational data (last name, first name, gender, address, e-mail address, phone number, organization / company, role, individual group, cost center, responsibility, department / area, personnel number / participant ID; task description, functions, activity, entry date, professional career and qualifications); if applicable, passport data; test results (course status, completion status, success status, test in hard copy); if applicable, individual information (WeChat name, OpenID, phone number);

f. Supplier and customer relationship management

Categories of personal data for purposes f.: basic information (name, company name, company address, e-mail address, phone number, position); professional certificates; identification data (contact, contracting party and work organization data, pictures, signature); personal communication information (communications records and content, emails and other metadata);

g. Optimization of production processes and system quality by collection of system data (plausibility check and determination of key figures for consumption and wear reduction, collection of service and maintenance data as well as error codes for error diagnosis and error prevention, evaluation of engine data for compliance with warranty obligations, product liability, analysis of plant data for quality improvement of plant functions, product and service optimization),

Categories of personal data for purposes g.: basic information (name, company name, company address, e-mail address, phone number, position); data on the use of IT systems (IP addresses, log files, log data, access / account data for web services and apps); usage data with guarantee, warranty, product liability and data for safe plant operation as well as position data (if person-related);

h. Market analysis and identification of new customers (e.g. preparation of market analyses, trade fair presence, Internet presence, customer events, competitions and other promotional activities),

i. Reporting (e.g. for data quality, control and planning purposes)and planning of sales figures,

j. After Sales Marketing via email about similar products or services to the one you have enquired and that we think it may be interesting for you. (e.g. product and service training, provision of applications, EDP programs and apps). We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter. You can opt out of these communications at any time.

k. We may analyze your personal data to build a profile of your interests and preferences so that we can contact you with information relevant to you and also to improve our services and customer experience.  Profiling is based on the information you have provided to us, including information about our products and services that you have enquired about. You have the right to object to profiling.

l. Marketing communications (e.g. dispatch of magazines, newsletters, product brochures, provision of apps). You can withdraw you consent at anytime.

Categories of personal data for purposes h. to l.: basic information (name, company name, company address, e-mail address, phone number, position); personal communication information (communications records and content, emails and other metadata); personal web surfing record (click records and other operations stored in the logs).
m. ensuring compliance with legal or regulatory obligations (e.g. sanction lists, money laundering),

  • n. compliance with storage obligations, ensuring compliance requirements through audit actions (e.g. sanctions list audit, money laundering),
  • o. operation of an internal control system (ICS) and other monitoring systems to ensure the correctness of business processes.

Categories of personal data for purposes m. and o.: name, company name; legitimation and authentication data, where required by law or regulation (e.g. to combat money laundering, terrorist financing); sanction lists data.

3. Legal Basis for Personal Data Processing

Depending on the country where the processing takes place, the legal basis for the  above-mentioned processing activities may include may differ. The country specific variations can be found on the section below to this Notice. Under GDPR the following legal basis may include: 

a. Establishment and implementation of a contract 
b. Consent for one or more specific purposes 
c. Legal obligations
d. Legitimate Interests
e. Protection of vital interests of the data subject or other natural person 
f. Other circumstances as provided by the GDPR or administrative regulations

 

4. Obligation to Provide Personal Data

 You must provide the controller with the personal data required for the execution of the contractual relationship. Without this provision, Everllence shall not be able to fulfill its statutory obligations and enter into the contractual relationship.

 

5. Transfers to Other Parties

In certain cases, your personal data may also be transferred to other parties:

  • If the disclosure of your personal data is necessary for the execution or initiation of the contractual relationship, such as in the financing of the contractual object, in joint order processing with project-related partners (such as component manufacturers) or for training purposes.
  • We also transfers your personal data to service providers commissioned by us within the scope of order processing (e.g. organization of trade fair events, conducting customer satisfaction surveys, sending e-mail newsletters, hosting and operating CRM systems).
  • In some cases within the Everllence Primeserv Academy, the personal data of the participants such as test results are being provided to the client of the training.
  • Your master data and contact details are transferred in a central database (this database can also be accessed by  Volkswagen Group ) to ensure a uniform and up-to-date database and for credit checks.
  • We may also transfer your master and contact data as well as the offer and order data to the relevant PrimeServ service units for customer support purposes, such as the preparation of plant-specific service offers or regional on-site support, and to the corresponding companies of the Volkswagen Group for the preparation of financing offers.
  • When we are required to disclose your personal data to comply with national laws, e.g. transfer to tax authorities, courts, auditors.

 

6. Cross-Border Data Transfers

We may need to transfer your personal data to affiliated companies, service providers or other external recipients outside of the country of the responsible of the processing for the purposes mentioned above. We will comply with the relevant requirements and implement the appropriate mechanisms for cross-border data transfers where required by the laws and regulations of the respective country. 

Data protection agreements have been concluded with all data-receiving companies of the Everllence Group in order to ensure a high level of data protection.

 

7. Data Retention 

In principle, we delete your personal data as soon as it is no longer required for the above-mentioned purposes. Your personal data will be stored as long as we are legally obliged to do so, or as long as statutory limitation periods apply. In addition, storage shall take place if further legal or contractual storage obligations exist, e.g. in connection with product liability.

III. Your Rights

Depending on the country where the processing takes place, your rights over your personal data may differ.  The country specific variations can be found on the section below to this Notice. Under GDPR you have the following rights: 

  • the right to be informed about the personal data that relates to you
  • the right to access your personal data
  • the right to rectify your personal data
  • the right to erase your personal data provided that there are no statutory regulations to the contrary
  • the right to restrict or to object to the processing of your personal data.
  • the right to personal data portability. 
  • the right to withdraw your consent, when the processing of your personal data is based on your consent
  • the right to lodge a complaint with the competent data protection supervisory authority.

 

IV. Automated Decision Making

There is no automated decision-making.

 

V. Security and Confidentiality

Everllence protects your data with technical and organizational security measures to prevent accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security measures, such as data encryption, are regularly improved in line with technological developments. Furthermore, Everllence employees are obliged to maintain confidentiality with regard to the handling of personal data.

 

VI. Reservation and Updates


Everllence may adapt this data protection notice at any time while adhering to the provisions of the data protection legislation.

 

Last updated on September 2025