Notification obligations acc. to Art.13 DS-GVO
Protecting your personal information is a key concern for us. We therefore only process your personal data (hereinafter 'data') in accordance with the statutory regulations. This data protection declaration explains how our company processes your data, and also informs you in depth about your data protection rights and entitlements within the meaning of Art. 13 of the European General Data Protection Regulation (EU DS-GVO).
1. Who is responsible for data processing and who can you contact?
2. What data is processed and from what sources does this data come?
We process data we receive from you when initiating or processing business relationships, data for which we have consents, data provided in job applications or data provided by our employees.
Personal data includes:
Your general/contact data, this includes the following for customers e.g. first name and surname, address, contact data (e-mail address, telephone number, fax), bank data.
In the case of applicants and employees, this includes, e.g. your first name and surname, address, contact data (e-mail address, telephone number, fax), date of birth, data from the CV and references, bank data, religious affiliation, pictures.
In the case of business partners this also includes, e.g. the designation of their legal representatives, company, trade register number, VAT ID No., company number, address, data of contact partners (e-mail address, telephone number, fax), bank data.
For visitors to our company, this includes a name and signature.
For journalists, this includes first name and surname, e-mail address, fax number.
For competition participants, this includes first and surname, e-mail address.
We also process the following personal data:
- Information about the type and content of contract data, order data, sales and document data, customer and supplier histories, and support documents
- Advertising and sales data
- Information collected from your electronic correspondence with us (e.g. IP-address, log-in data)
- Other data that we have received from you as part of our business relationship (e.g. in customer talks)
- Data that we have generated from master / contract data and other data, e.g. customer requirement analyses and customer potential analyses,
- Documentation of your declaration of consent to receive e.g. newsletters.
- Photos taken during events.
3. For what purposes and on what legal basis is the data processed?
We process your data in compliance with the provisions of the General Data Protection Regulation (DS-GVO) and the German Data Protection Act 2018 in the respective valid versions:
- To fulfil (pre-)contractual duties (Art 6 Par. 1 sec.b DS-GVO):
Your data is processed to conclude the contract online or in one of our branch offices, to process your contract of employment in our company. In particular, the data is processed to initiate the business relationship with you and to conclude contracts.
- To fulfil legal obligations (Art 6 Par. 1 sec.c DS-GVO):
You data is processed to meet various statutory obligations, e.g. in the German Commercial Code or the Tax Code.
- To safeguard legitimate interests (Art 6 Par. 1 sec.f DS-GVO):
Based on a balance of interests, data processing may not only serve actual fulfillment of the contract, but also to safeguard our own legitimate interests or those of third parties. For instance, data processing to safeguard legitimate interests applies in the following cases:
- Advertising or marketing (see no. 4)
- Measures for managing business and developing services and products
- Maintenance of a group-wide customer database to improve the customer service
- Within the legal framework
- Sending information and press releases not related to sales promotions.
- Within the scope of your consent (Art 6 Par. 1sec.a DSGVO):
If you have given us your consent to process your data, e.g. to send you our newsletter, publication of photos, competitions, etc.
4. Processing personal data for advertising purposes
You can revoke your consent to the use of your personal data for advertising purposes or other individual measures at any time without incurring any costs other than transfer costs that are based on the basic tariffs.
According to the statutory requirements of § 7 Par.3 German Unfair Competition Act (UWG), we are entitled to use the e-mail address that you provided when you concluded the contract for direct advertising of our own similar goods or services. You will receive these product recommendations from us regardless of whether or not you have subscribed to the newsletter.
If you do not want to receive these kinds of recommendations by e-mail from us, you can revoke your consent to the use of your address for this purpose at any time without incurring any costs other than transfer costs that are based on the basic tariffs. A simple written text is sufficient. Of course, every e-mail contains an unsubscribe link.
5. Who receives my data?
Even if we use a service provider to process orders, we remain responsible for protecting your data. All order processing organizations have a contractual duty to handle your data confidentially and only use this data to provide the service. The order processing organizations we contract receive your data, if they need this data to provide their respective service. For instance, these are IT service providers that we require to operate and secure our IT systems, and advertising and directory publishers for our own advertising campaigns.
Your data is processed in our customer database. The customer database helps to raise the data quality of the existing customer data (elimination of duplicates, moved/deceased tags, address corrections), and allows the import of data from public sources.
This data is provided for other companies in the group if required to process contracts. Customer data is saved separately for specific companies, our parent company acts as a service provider for individual participating companies.
If there are any statutory obligations and within the scope of statutory provisions, public authorities and courts as well as external auditors may also be recipients of your data.
In addition, insurance companies, banks, credit agencies and service providers may also be recipients of your data to conclude and fulfil contracts.
6. How long is my data stored?
We process your data until the business relationship is terminated or until the expiry of the statutory archiving periods (for instance, from the Commercial Code, the Tax Code, or Working Hours Act); also, until the end of any legal disputes in which the data is required as evidence.
7. Is my personal data transferred to a third country?
We never transfer any personal data to a third country. Data will only be transferred in individual cases based on adequacy decisions by the European Commission, standard contract clauses, suitable guarantees or your express consent.
8. What data protections rights do I have?
You have the right of access, rectification, deletion or blocking of your saved data at any time; you have the right to object to the processing of your data and the right to lodge a complaint in accordance with the requirements of the data protection laws.
Right to access:
You can request information about whether and to what extent we process your data.
Right to rectification:
If we process your data that is incomplete or incorrect, you can demand rectification or completion of this data by us at any time.
Right to deletion:
You can demand that we delete your data, if we process this unlawfully or if processing your data encroaches unreasonably on your justified legitimate interests. Please bear in mind that there may be reasons that prevent immediate deletion, e.g. in case of statutory archiving stipulations. Regardless of whether or not you exercise your right to deletion, we will immediately delete your data in full, if there are no business-related or legal archiving duties.
Right to block processing:
You can demand that we block the processing of your data, if
- you dispute the accuracy of the data, for a period that allows us to check the accuracy of the data
- processing of your personal data is unlawful but you reject deletion and demand that data processing is blocked instead
- we no longer need the data for the intended purpose, but you need it to establish, exercise or defend legal claims, or
- you have lodged an objection to the processing of the data.
Right to data portability:
You can demand that we give you the data you provided in a structured, standard and machine-readable format, and that we transfer this data to another responsible entity unimpeded, if
- we process this data based on a revocable consent or to fulfill a contract between us, and
- the data is processed by automated means.
If technically feasible, you can demand that we transfer the data directly to another responsible entity.
Right to object:
If we process your data for our legitimate interests, you can object to the processing of this data at any time; this would also apply to any scoring based on these provisions. We will then no longer process the data unless it is possible to demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or if the data is processed for the purpose of enforcing, pursuing or defending legal claims. You can revoke your consent for the use of your information for direct advertising at any time.
Right to lodge a complaint:
If you believe that we are in breach of German or European data protection laws when processing your data, we would ask that you contact us so we can clarify any questions. Of course, you also have the right to contact your responsible supervisory board, the respective State Office for Data Protection Supervision.
If you want to exercise one of the above rights, please contact our data protection officer. In case of any doubt, we can also request additional information to confirm your identity.
9. Do I have to provide my data?
We need to process your data to complete or fulfil the contract you have concluded with us. If you do not provide us with this data, we will usually refuse to conclude the contract or we will no longer be able to continue with an existing contract and ultimately be forced to terminate it. However, you are not obliged to issue a consent to process data that is not relevant or required by law to fulfil the contract.