dear business partners,
The protection of your personal data is important to us. This data protection notice informs you about the processing of personal data in the context of a business relationship with us and your rights in connection with this data processing. Please also make the data protection information available to your employees.
1. Responsible party:
Responsible for the processing of your personal data is:
Zum Hafenplatz 1
Phone: +49 (0)4502 / 7 800 600
2. Privacy Officer:
You can reach our data protection officer at the above postal address, with the addition of “To the data protection officer” or at the e-mail address: firstname.lastname@example.org
3. What data do we process?
We process personal data that you voluntarily provide to us in the course of our business relationship. This includes, but is not limited to, the following data or categories of data:
– Master data (e.g. title, surname, first name, e-mail address, position, company, telephone, fax number, address)
– Bank data (e.g. IBAN, BIC)
– Tax identification number
– Business transaction data
– Data generated in the course of access control (e.g. name, address, company, date of visit, contact person).
– Land register entries and guarantees, purchase prices for real estate, tax data
– User data (user ID, name, contact data, IP address), supplier data, customer data, in case of malfunction: application, malfunction, content of the request, status of the request, description of solution
– Vehicle data (e.g. chassis number, license plate number, KBA number, registration data, vehicle identification number and insurance policy number)
– Data of your employees, such as clothing sizes for work clothes and work shoes
– Data that accrue in the context of plant security (e.g. ID card data,…)
– Security clearance data (e.g. passport or ID data, dates of birth, residences for the last 5 years, children, marital status, parents’ personal details, curriculum vitae, details of social networks/ own websites/ financial situation).
– Communication Data: Contents of personal/telephone conversations or written/electronic correspondence and other data that arise in the course of communication with you.
– Declarations of intent
– Data protection law declarations (declaration of consent to the processing of personal data; declarations on the revocation of any consent you may have given; declarations on objection to the processing of personal data; declarations on the assertion of your rights to information, correction, deletion, restriction of processing, data portability, including the information you provide to us when asserting your rights.
We do not process personal data that we receive from third parties.
4. For what purpose do we process your data and on what legal basis?
a) Fulfillment of a contract and implementation of pre-contractual measures
We process personal data of the data subjects for the initiation, conclusion and execution of our contracts with our customers, for the execution of our customers’ orders, as well as for the implementation of measures and activities within the scope of pre-contractual relationships. This includes in particular – as far as necessary for the above mentioned purposes – the identification of our customers; correspondence with our customers; contract management; processing of inquiries and orders of our customers; shipment of goods; invoicing and payment management; preparation and execution of service calls; processing of possible product liability or other claims of our customers.
The legal basis of the data processing is Art. 6 para. 1 lit. b DSGVO in the case of data subjects who are our customers. In the case of data subjects who are contact persons of the customer, the legal basis of the data processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest here is to be able to communicate with our customers and fulfill our contracts.
b) Contract and contact management
For the purposes of efficient contract and contact management, we record and store contract and customer data in our CRM system and maintain a digital telephone directory in which we store the business telephone number of our customers or our customers’ contact persons.
The legal basis of the data processing is Art. 6 para. 1 lit. f GDPR. In this context, our legitimate interest is to be able to communicate more efficiently with our customers and to fulfill our contracts more efficiently.
We process personal data in the context of sales and marketing activities in order to promote the economic success of our company and customer loyalty. This mainly includes the following activities:
– Selection, organization and other processing of contact data for sending advertising and information material (e.g. customer magazine and similar materials),
– Selection, organization and other processing of contact data for sending invitations to trade fairs and events,
– Event management (organization and implementation) and travel organization (in this context, it may be necessary for us to request additional personal data from participants (e.g. date of birth, nationality, possibly private address, passport number, etc.) and process them for the purposes of travel organization),
– Selection and other processing of contact data to conduct customer satisfaction surveys.
The legal basis of the data processing is basically Art. 6 para. 1 lit. f GDPR. In doing so, our legitimate interest lies in acquiring new customers, marketing our products and promoting customer loyalty.
In certain cases, however, data processing is only permitted on the basis of the consent of the data subjects (e.g. sending e-mail newsletters to potential customers, conducting customer satisfaction surveys). In such cases, we obtain the explicit consent of the persons concerned. If the data subject has given us consent to process personal data for specific purposes, the processing is based on Art. 6 para. 1 lit. a GDPR. Data subjects have the right to revoke their consent at any time, also verbally, and without giving reasons. To exercise the right of withdrawal, data subjects may contact us or our data protection officer using the contact details provided at the beginning of this privacy notice. The revocation shall not affect the lawfulness of the processing carried out on the basis of the consent up to any revocation.
d) Assertion of legal claims and legal obligation
It may happen that the processing of personal data is necessary to protect our other legitimate interests or the other legitimate interests of a third party (e.g. to assert legal claims or defense in legal disputes, access control of the plant premises, exercise of domiciliary rights, security check). In such cases, we process the personal data of the data subjects on the basis of Art. 6 para. 1 lit. f GDPR.
If the processing of personal data is necessary for compliance with a legal obligation (e.g. accounting processes, consent, objection and data subject rights management, security review) to which we are subject, we process the personal data of the data subjects on the basis of Art. 6 para. 1 lit. c DSGVO.
5. Who gets the data (recipient)?
Your data will be passed on to the responsible employees within our company for the aforementioned purposes (Art. 6 para. 1 p. 1 lit. b DSGVO). Our employees are obligated to maintain confidentiality about personal data as part of their employment contract with us. Data processing takes into account the general standards for data security in accordance with the current state of the art. Data will only be passed on to third parties outside our company if this is necessary for contract processing or billing, if you have given your consent or if there is a legal basis or obligation to do so.
Insofar as we use the services of third parties (so-called processors) for the implementation and handling of processing operations, the provisions of the GDPR are complied with. Service providers who assist us in providing our services to you are:
– hosting provider,
– email service provider,
– IT service provider,
– software (SaaS) provider,
– accounting service provider and document destruction service provider,
– sales and marketing partner,
– Invoice Digitization.
We disclose personal data to the following third parties who process personal data under their own responsibility (so-called responsible parties, cf. Art. 4 No. 7 DSGVO) within the scope of legal permissibility and necessity:
– Tax consultant
– Postal and delivery services
– Exhibition organizer
– Insurance company
When we commissioned M365, we issued the instruction that the data processed is to be stored in the EU as a matter of principle. A transfer to third countries through the commissioning of processors and third parties, cannot be excluded when using M365. In such a case, we have taken appropriate safeguards to protect your data.
6. Data storage
We process your personal data only as long as it is necessary to fulfill the respective processing purpose.
In addition, we are subject to various storage and documentation obligations, which result, among other things, from the German Commercial Code (HGB) or the German Fiscal Code (AO). These can be up to ten full years.
Finally, the storage period is also assessed according to the statutory limitation periods, which can be up to thirty years, for example, according to Sections 195 et seq. of the German Civil Code (BGB), with the regular limitation period being three years.
7. Your rights
Every data subject has the right to information under Article 15 of the GDPR, the right to rectification under Article 16 of the GDPR, the right to erasure under Article 17 of the GDPR, the right to restriction of processing under Article 18 of the GDPR and the right to data portability under Article 20 of the GDPR. In order to exercise the aforementioned rights, you may contact the offices mentioned in section 1.
If you have given us consent for data processing, you can revoke this consent at any time without formality, in which case the processing carried out up to that point remains lawful. For this purpose, you can contact the office mentioned under point 1.
In accordance with Art. 21 DSGVO, you have the right to object to any processing based on the legal basis of Art. 6 para. 1 p. 1 lit. e or f DSGVO is based. If we process personal data about you for the purpose of direct marketing, you may object to such processing in accordance with Section 7 of the German Data Protection Act. Art. 21 par. 2 and para. 3 DSGVO file an objection.
In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 GDPR).