1. WHAT IS THIS PRIVACY NOTICE ABOUT?

The General Dynamics European Land Systems, S.L.U, with its registered office in Madrid, Spain, and its affiliated entities (collectively “we”, “us”, “GDELS”) collects and processes personal data that not only concerns you but also other individuals (“third parties”). We use the word “data” here interchangeably with “personal data”.

“Personal data” means data relating to identified or identifiable individuals. “Processing” means any operation that is performed on personal data, such as collection, storage, use, alteration, disclosure and erasure.

In this Privacy Notice, we describe what we do with your data when you use https://www.gdels.com/, our other websites or apps (collectively “website”), obtain services or products from us, interact with us in relation to a contract (also in connection with a job application), communicate with us, are our shareholder/investor or otherwise deal with us. In addition, we may inform you about the processing of your data separately (e.g. in terms and conditions).

If you disclose data about other persons (e.g. family members, work colleagues) to us, we assume that you are authorized to do so and that the relevant data is accurate, which is assumed to be confirmed at the time of said data sharing. Please make sure that these individuals have been informed about this Privacy Notice.

This Privacy Notice is aligned with the Swiss Data Protection Act (“DPA”), the Ordinances associated and the EU General Data Protection Regulation (“GDPR”). However, the application of these laws depends on each individual case.

2. WHO IS THE CONTROLLER FOR PROCESSING YOUR DATA?

General Dynamics European Land Systems, S.L.U, with its registered office in Calle Vía de los Poblados, 3, P.E. Cristalia, Edificio 7/8, 28003, Madrid, Spain (“Principal Company”) is the controller for GDELS’ processing under this Privacy Notice, unless we inform you other-wise in an individual case. However, this Privacy Notice also applies to cases in which another entity of the Principal Company is the data controller (unless otherwise communicated). This is particularly the case where your data is processed by a group company in connection with its own legal obligations or contracts (e.g. in connection to a job application), you share data with such a group company or otherwise interact with a group company.

You may contact us for data protection concerns and to exercise your rights as follows:

General Dynamics European Land Systems, S.L.U
Calle Vía de los Poblados, 3, P.E.,
28033 Madrid
Spain
E-Mail: [email protected]

We have appointed the following additional positions for our group companies:

Data Protection Officer according to Articles 37 et seq. of the GDPR:

General Dynamics European Land Systems-Bridge Systems GmbH
Mr. Bernd Zimmer, Data Protection Officer
Barbarossastraße 30
67655 Kaiserslautern, Germany
E-mail: [email protected]
T: +49 221 56783 672

General Dynamics European Land Systems-FWW GmbH
Mr. Bernd Zimmer, Data Protection Officer
Kruseshofer Str. 22,24
17036 Neubrandenburg, Germany
E-mail: [email protected]
T: +49 221 56783 672

Data Protection Advisor in accordance with Article 10 of the DPA:

General Dynamics European Land Systems - Mowag GmbH
Ms. Isabelle Bartsch, Data Protection Advisor
Unterseestrasse 65
CH-8280 Kreuzlingen
E-mail: [email protected]
T: +4171 677 56 85

You can also contact these parties about privacy concerns.

3. WHAT DATA DO WE PROCESS?

• Master data: This is basic data (e.g. name, contact details), additional information about you (e.g. your role and function), as well as details of your relationship with us (customer, supplier, visitor, service recipient or employee of such, etc.), your bank details, your date of birth, photographs, copies of ID cards, customer history, powers of attorney, signature authorizations, and declarations of consent and information about third parties (e.g. contacts, representatives). This may also include health data (e.g. in connection to a job application).
• Contract data: This is data that is collected in connection with a contract concluded by us or in the context of the provision of our services, such as information about the type of contract, date of contract conclusion, contract duration, contractual services, data that was collected during the period leading up to the conclusion of the contract (even if a contract is ultimately not concluded, e.g., in connection with a job application we collect application documents such as letters of motivation, professional, training and further education certificates, job references, etc.), information required or used for processing (e.g. information regarding invoicing or customer service), information about reactions (e.g. complaints, feedback about satis-faction, etc.), financial data (e.g. information about solvency/creditworthiness, about reminders and debt collection).
• Communication data: When you are in contact with us or with third parties (e.g. via the contact form, by e-mail, telephone, letter or other means of communication) we collect the data exchanged between you and us (e.g. content of e-mails or letters), including your contact details and the metadata of the communication or, if necessary, the copy of an ID document. This includes audio and video recordings of calls.
• Technical data: When you use our digital offerings (e.g. website, apps, free Wi-Fi), we collect technical data, e.g., the IP address, information about the operating system of your device, the location and the access time. Technical data in itself does not permit us to draw conclusions about your identity. However, technical data might be linked with other categories of data and thus possibly with your person.
• Behavioral and preference data: This is data about your behavior and your preferences (e.g. your response to electronic communications, navigation on our web-site, interactions with our social media pages, etc.). We may also supplement this information with third-party information, including from public sources. We describe how tracking works on our website in Section 12.
• Other data: This may include the following data: data collected in connection with administrative or legal proceedings (e.g. actions, evidence, etc.), data collected on the basis of health protection (e.g. as part of protection concepts), photographs, videos or sound recordings that we produce or receive from third parties and in which you are recognizable (e.g. at events, through security cameras, etc.), access data or rights (e.g. visitor list, when you enter certain buildings or which access rights you have), participation in events or campaigns, when you use our infrastructure and systems as well as data in connection with your status as our shareholder or investor (e.g. information for various registers, the exercise of your rights and the holding of events such as general meetings).

4. WHAT IS THE SOURCE OF THE DATA?

• From you: Much of the data set out in Section 3 is provided to us by you (e.g. when you communicate with us, in relation to contracts and our services, when you use the website, when you apply for an open position, etc.). You are not obliged or required to disclose data to us except in certain cases (e.g. because of legal requirements, legally required identification or health protection concepts). If you wish to enter into contracts with us or use our services, you must also provide us with certain data, in particular master data, contract data and registration data, as part of your contract. When using our website, the processing of technical data cannot be avoided. If you wish to gain access to certain systems or buildings, you must also provide us with registration data.
• From third parties: As far as it is lawful we can also collect data from public sources (e.g. debt collection registers, land registry, commercial registers, the media or internet, including social media) or receive data from public authorities and from other third parties (e.g. credit agencies, address brokers, associations, contractual partners, internet analytics services, etc.). This includes the following categories of data: master data, contract data and other data according to Section 3, as well as data from correspondence and discussions with third parties. If you work for an em-ployer, client or someone else who has a business relationship or other dealings with us, they may also provide us with information about you.

5. FOR WHAT PURPOSES DO WE PROCESS YOUR DATA?

• Communication: In order to be able to communicate with you (e.g. to answer inquiries, in the context of consulting as well as the execution of a contract), we need to process data from you. If we need or want to establish your identity, we collect additional data (e.g. a copy of an ID document). For this purpose, we particularly use communication data and master data in connection with the services you use.
• Initiation, administration and execution of contracts: In connection with the conclusion or execution of contracts with our customers, suppliers, subcontractors, potential employees or other contractual partners (e.g. project partners), we process related personal data. For this purpose, we also process data for checking creditworthiness, for opening and managing the customer relationship, for consulting, for customer support and for providing and demanding contractual services (which also includes the involvement of third parties such as logistics companies, advertising service providers or credit reference agencies, which may then in turn provide us with data). This also includes the enforcement of legal claims arising from contracts (debt collection, legal proceedings, etc.), accounting, termination of contracts and public communication. For this purpose, we particularly use master data, contract data and communication data.
• Marketing purposes and relationship management: For marketing purposes and relationship management, we process data, for example, to send our customers, other contractual partners and other interested parties personalized advertising (e.g. in print, by e-mail, on other digital channels or by telephone) about products, services and other news from us and from third parties (e.g. from product partners), in connection with free services (e.g. invitations) or as part of individual marketing campaigns (e.g. events, competitions, etc.). You can refuse such contact at any time or refuse or revoke your consent to be contacted for advertising purposes by notifying us (Section 2). With your consent, we can target our online advertising on the internet more specifically to you (see Section 12). This also includes interaction with existing customers and their contacts, which can be personalized on the basis of behavioral and preference data. As part of relationship management, we may also operate a customer relationship management (CRM) system, in which we store the data of customers and other business partners. Finally, we also enable our contrac-tual partners to contact our customers and other contractual partners for advertising purposes (see Section 7). For marketing purposes and relationship management, we particularly process communication, registration, behavioral and preference data.
• Market research, improvement of our services and operations, and product development: In order to continuously improve our products and services (including our website) and to be able to quickly respond to changing needs, we analyze, for example, how you navigate through our website or which products are used by which groups of people and in what way, and how new products and services can be de-signed (for further details, see Section 12). This gives us an indication of the market acceptance of existing products and services and the market potential of new products and services. To this end, we particularly process master data, behavioral data and preference data, but also communication data and information from customer surveys, polls, studies and other information, e.g., from the media, social media, the internet and other public sources. As far as reasonably practicable, we use pseu-donymized or anonymized data for these purposes.
• Registration and security purposes as well as technical and physical access controls: We continuously check and improve the appropriate security of our IT and our other infrastructure (e.g. buildings). We therefore process data, for example, for monitoring, control, analyses and tests of our networks and IT infrastructures, for system and error checks, for documentation purposes and as part of security copies. Access controls include, on the one hand, controlling access to electronic systems (e.g. logging into user accounts) and, on the other hand, physical access control (e.g. building access). For security purposes (preventive and incident investigation) we also keep access logs or visitor lists and use surveillance systems (e.g. security cameras). We inform you of surveillance systems at the relevant locations by means of appropriate signs. For this purpose, we process registration data (including bio-metric data) and technical data in particular, but also other data mentioned in Section 3.
• Compliance with laws, directives and recommendations from authorities and internal regulations (“Compliance”): We may process personal data as part of our compliance with laws (e.g. anti-money laundering, tax law obligations or for the implementation of health and safety concepts). In addition, data processing may take place in the course of internal investigations as well as external investigations (e.g. by a law enforcement or supervisory authority or an appointed private body). For this purpose, we particularly process master data, contract data and communication data, but under certain circumstances also behavioral data, technical data and data from other data categories. The legal obligations may be Swiss law, but also foreign regulations to which we are subject, as well as self-regulations, industry standards, our own “corporate governance” and official instructions and requests.
• Risk management and corporate governance: We may process personal data as part of our risk management (e.g. to avoid becoming victims of crime and abuse) and corporate governance, including our business organization (e.g. resource planning) and corporate development (e.g. acquisition and sale of business units or companies). For this purpose, we particularly process master data, contract data, registration data and technical data, but also behavioral and communication data.
• Further purposes: These other purposes include, for example, training and educational purposes, administrative purposes (e.g. master data management or account-ing), safeguarding our rights, and evaluating and improving internal processes. We may record telephone or video conferences for training, evidence and quality assurance purposes. In such cases, we will notify you separately (e.g. by displaying a notice during the video conference in question), and you are free to tell us if you do not want to be recorded or to terminate the communication (if you simply do not want your image recorded, please turn off your camera). In general, such recordings may only be made and used in accordance with our internal guidelines. The protec-tion of other legitimate interests is also one of the other purposes, which cannot be named exhaustively. We also process data in connection with your position as our shareholder or investor (e.g. information for various registers, the exercise of your rights and the holding of events such as general meetings).

6. ON WHAT BASIS DO WE PROCESS YOUR DATA?

To the extent necessary and depending on the situation and processing purpose, we base the processing of your data on the following legal basis:

• Contract: Insofar as we process data for the conclusion and execution of contracts that we conclude or have concluded for you or with you or your employer, client or other persons for whom you work, this is also the legal basis on which we process your data.
• Legal obligations: We may further process your data based on applicable legal, regulatory and professional requirements with which we must comply.
• Legitimate interest: We may process your data based on our legitimate interest or a legitimate interest of a third party. This applies in particular in relation to the achievement of the purposes and objectives set out in Section 5 and for the implementation of related measures. Among other things, we have a legitimate (and overriding) interest in marketing our products and services and in gaining a better understanding of the markets relevant to us and our activities (in particular, in the efficient and secure handling of our processes and the further development of our activities), in the efficient and effective management of our company, and in safe-guarding the security of our systems and our interests vis-à-vis third parties.
• Consent: If we ask for your consent to process data from you, this is the legal basis on which we process your data. In doing so, we will inform you of the purpose of the processing. You may revoke your consent at any time by notifying us in writing (by mail or, unless otherwise specified or agreed, by e-mail), with effect for the future (see Section 2 regarding our contact details and Section 12 regarding revocation of your consent in the area of online tracking). Once we have received and pro-cessed your withdrawal, we will no longer process your data for the purposes to which you originally consented (unless further processing may be carried out on the basis of another legal basis).
• Other legal bases: In specific cases, we may also carry out data processing based on other legal bases. If this is the case, we will inform you in each individual case.

7. WITH WHOM DO WE SHARE YOUR DATA?

In relation to our contracts, the website, our services and products, our legal obligations or otherwise to protect our legitimate interests and the other purposes set out in Section 5, we may disclose your personal data to third parties, in particular to the following categories of recipients:

• Group companies: A list of our group companies can be found here: https://www.gdels.com/contact. The group companies may use your data for the same purposes as we do, as described in this Privacy Notice (see Section 5). We may also disclose your health data to our group companies (e.g. in connection to a job application). The recipients process the data under their own responsibility.
• Service providers: We work with service providers locally and abroad (third par-ties) who process data about you (i) on our behalf, (ii) under joint responsibility with us or (iii) data they have received from us under their own responsibility (e.g. IT providers, shipping companies, advertising service providers, cleaning companies, security companies, banks, insurance companies, debt collection companies, credit agencies, address checkers, consulting companies or lawyers). This may also include health data. For the service providers used for the website, see Section 12.
• Contractual partners, including customers: This initially refers to our customers and other contractual partners where the need to transfer your data arises from the contract (e.g. because you work for a contractual partner or it provides services to or for you). This may also include health data. Recipients further include contractual partners with whom we cooperate or who advertise on our behalf. The recipients process the data under their own responsibility.
• Authorities: We may disclose personal data to offices, courts and other authorities locally and abroad if we are legally obliged or entitled to do so, or if this appears necessary to protect our interests. This may also include health data (e.g. from a job application). The recipients process the data under their own responsibility.
• Other persons: This refers to other cases where the inclusion of third parties results from the purposes pursuant to Section 5. Other recipients are, for example, delivery addressees or third-party payees specified by you, third parties in the con-text of agency relationships (e.g. your lawyer or your bank), or persons involved in official or legal proceedings. In the course of business development, we may sell or acquire businesses, operations, assets or companies, or enter into partnerships, which may also result in the disclosure of information (including information about you, for example, as a customer or supplier or as their agent) to the persons in-volved in those transactions. In the course of communication with our competitors, industry organizations, associations and other bodies, data that may affect you can also be exchanged.

All these categories of recipient may in turn involve third parties, so that your data may also become accessible to them. We can restrict processing by certain third parties (e.g. IT providers), but not by other third parties (e.g. authorities, banks, etc.).

In exceptional cases, we also allow certain third parties to collect personal data from you on our website and at events organized by us (e.g. media photographers, providers of tools that we have embedded on our website, etc.). Insofar as we are not decisively involved in this data collection, these third parties are solely responsible for it. If you have any concerns or wish to assert your data protection rights, please contact these third parties directly. See Section 12 for the website.

8. IS YOUR PERSONAL DATA DISCLOSED ABROAD?

We mainly process and store personal data in Switzerland and the European Economic Area (EEA). However, we may occasionally disclose data to service providers and other recipients (see Section 8) that are located or process data outside of this area, generally in any country in the world.

If a recipient is located in a country without adequate statutory data protection, we require that the recipient undertakes to comply with Swiss and EEA data protection standards (for this purpose, we use the revised European Commission’s standard contractual clauses, which can be accessed here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?), unless the recipient is subject to a legally accepted set of rules to ensure data protection and unless we cannot rely on an exception. An exception may apply, for example, in the event of legal proceedings abroad, but also in cases of overriding public interest or if the performance of a contract requires disclosure, if you have consented or if the data has been made generally available by you and you have not objected to the processing.

9. HOW LONG DO WE PROCESS YOUR DATA?

We process your data for as long as our processing purposes, the legal retention periods and our legitimate interests in processing for documentation and evidence purposes require or storage is technically required (e.g. in the case of backups or document management systems). If there are no legal or contractual obligations to the contrary, we will delete or anonymize your data after the storage or processing period has expired as part of our normal processes.

If no legal retention requirements exist in individual cases, we generally process data for the duration of the business relationship or contract term and then, depending on the applicable legal basis, for a further five, ten or more years. This corresponds to the period during which we can assert legal claims against third parties or third parties can assert legal claims against us. Ongoing or anticipated legal proceedings may result in processing beyond this period. See Section 12.2 for more information on the storage period of cookies.

10. HOW DO WE PROTECT YOUR DATA?

We take appropriate security measures to protect the confidentiality, integrity and availability of your personal data, to protect it against unauthorized or unlawful processing and to protect it against the risk of loss, accidental loss or alteration, unauthorized disclosure or access. However, security risks cannot be completely eliminated in general – a certain residual risk is unavoidable.

11. WHAT ARE YOUR RIGHTS?

You have certain rights in connection with our data processing. In accordance with applicable law you may, in particular, request information about the processing of your personal data, have incorrect personal data corrected, request the deletion of personal data, object to data processing, request the release of certain personal data in a standard electronic format or its transfer to other data controllers, or revoke consent, insofar as our processing is based on your consent. In the case of automated individual decisions (Section 7.2), you have the right to express your point of view and to request that the decision be reviewed by a natural per-son.

If you wish to exercise any of the above rights against us, please contact us in writing, at our premises or, unless otherwise stated or agreed, by e-mail; you will find our contact details in Section 2. In order for us to rule out any misuse, we must identify you (e.g. by means of a copy of your ID card, if this is not possible by less extensive means).

If you do not agree with the way we handle your rights or with our data protection practices, please let us or our Data Protection Officers (Section 2) know. If you are located in the EEA, the United Kingdom or in Switzerland, you also have the right to lodge a complaint with the competent data protection supervisory authority in your country. You can find a list of authorities in the EEA here: https://edpb.europa.eu/about-edpb/board/members_en. You can reach the UK supervisory authority here: https://ico.org.uk/global/contact-us/. You can also contact the Federal Data Protection and Information Commissioner: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html.

12. DO WE USE ONLINE TRACKING, ONLINE ADVERTISING AND SIMILAR TECH-NIQUES, AND WHICH SERVICE PROVIDERS DO WE WORK WITH FOR OUR WEBSITE?

On our website we use technologies with which we, and third parties engaged by us, can recognize you during your use and, under certain circumstances, track you over several visits.

We use our own tools and sometimes third-party services, in particular to improve the functionality or content of our website (e.g. integration of videos or maps), to compile statistics.

12.1 What are cookies and similar techniques?

A cookie is a small text file with an identifier (a sequence of letters and numbers) that is transmitted between the server and your system. We may use cookies and log files on our website. This may allow us and third-party providers we may engage or cooperate with to recognize visitors to our website and track them. Cookies may enable recognition of a specific device or browser and do not necessarily contain information that personally identifies a user. However, personal data that we or third-party providers contracted by us may store from you may be linked to the information stored in and obtained from cookies and thus possibly to your person.

12.2 What types of cookies and similar technologies do we use, and which service providers do we work with for our website?

With regard to cookies, we currently only set a language cookie (as a necessary cookie), which is valid for the duration of a user's session on the website. Necessary cookies are es-sential for the use of the website and its functions. These cookies ensure the essential func-tionality of the website. Here, the language cookie contains information on the preferred language settings and is used to display the pages of the website in the preferred language of the user profile.

Furthermore, we analyze visitor flows on our website and generate a visitor ID using a hash-ing algorithm of a third-party provider ("Pirsch Analytics"; for more information see below) when a page view is received. The IP address, user agent, date and a salt serve as input values. The visitor's IP address is completely and irreversibly anonymized by the hash. The integration of the date and the use of a salt for each website ensures that website visitors cannot be recognized for more than 24 hours and cannot be tracked across multiple websites. A locally integrated database is used to perform a rough localization (country/city).

We currently use offers from the following service providers (to the extent that they use da-ta or cookies from you):

• Pirsch Analytics: Emvi Software GmbH (located in Germany) is the provider of the “Pirsch Analytics” service and acts as our processor. Information about data protection with Pirsch Analytics can be found here: https://pirsch.io/de/privacy.
• Vercel: Vercel Inc. (located in the United States) hosts our website and acts as our processor. Information about data protection with Vercel can be found here: https://vercel.com/legal/privacy-policy [vercel.com].
• Cloudflare: Cloudflare, Inc. (located in the United States) acts as processor and is the provider of the CAPTCHA tool "Turnstile" (https://www.cloudflare.com/de-de/application-services/products/turnstile/) that we use. CAPTCHA is a security mechanism used to prevent bots or other automated systems from misusing our website. It works by requiring a human to answer a simple test that is difficult for computers to solve. "Turnstile" is designed as a privacy-conscious alternative to tra-ditional CAPTCHA systems, aiming to protect websites from bots while minimizing user data collection. "Turnstile" avoids using cookies or persistent identifiers. It ana-lyzes browser attributes and behaviors to verify users, without tracking them across sites. To detect fraud without compromising privacy, "Turnstile" generates short-lived, non-unique identifiers that change frequently, preventing long-term tracking. "Turnstile" can validate devices using private access tokens, allowing verification without collecting or storing device data. Information about data protection with Cloudflare can be found here: https://www.cloudflare.com/privacypolicy/

12.3 How can I control the use of cookies and similar technologies?

Browsers can automatically accept or reject cookies, but allow you to change these settings. You can also disable or delete cookies that you have previously accepted. Note that all set-tings are lost if you delete all cookies, including the setting that you do not want to accept cookies, as this in turn requires that an opt-out cookie has been set. The settings must be made separately for each browser you use. You can find out how to manage cookies in your browser in the help menu of your browser.

If you choose to decline cookies and similar technologies, you can still use our website, but your access to some features and areas of our website may be limited.

13. CAN WE UPDATE THIS PRIVACY NOTICE?

This Privacy Notice is not part of a contract with you. We can change this Privacy Notice at any time. The version published on this website is the current version.

[Last updated: 05/08/2025]