1. Processing purposes and legal basis
Your personal data will be processed in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (FDPA) and other relevant data protection regulations. The processing and use of the individual data depends on the agreed or requested service. In our contract documents, forms, consent forms and the other information provided to you (for example, on the Website or in the Terms and Conditions), you can find further details and additions to the processing purposes.
1.1 Consent (Sec. 6 (1) (a) GDPR)
If you have given us consent to the processing of personal data, the respective consent is the legal basis for the processing mentioned therein. You can revoke your consent at any time with effect for the future.
1.2 Fulfilment of contractual obligations (Sec. 6 (1) (b) GDPR)
We process your personal data to implement the contracts we have concluded with you. We also process your personal data in order to undertake measures and perform activities in the context of pre-contractual relationships.
1.3 Fulfilment of legal obligations (Sec. 6 (1) (c) GDPR)
We process your personal information when necessary to fulfill legal obligations (such as commercial, tax laws).
Identity and age checks, prevention of fraud and money laundering, the prevention, combating and clarification of terrorist financing and offending criminal offenses, comparison with European and international anti-terrorist lists, the fulfillment of tax control and reporting obligations as well as the archiving of data for data protection and data security purposes and the Examination by tax and other authorities can become necessary. In addition, the disclosure of personal data in the context of administrative / judicial action may be required for purposes of gathering evidence, prosecuting or enforcing civil claims.
1.4 Our legitimate interest / legitimate interest of third parties (Sec. 6 (1) (f) GDPR)
We may also use your personal information on the basis of a balance of interests to protect our legitimate interest or that of third parties. This takes place for the following purposes:
- For the limited storage of your data, if its deletion is not or only possible with disproportionate effort owing to the special nature of its storage
- For the development of services and products as well as existing systems and processes
- For enriching our data by using or researching publicly available data
- For statistical analyses or for marketing analyses
- For benchmarking
- For asserting legal claims and defending legal disputes that are not directly attributable to the contractual relationship
- For obtaining information and exchanging information with credit reference agencies, if this extends beyond our economic risk
2. Categories if personal data we process
We process the following data:
- personal data (name, occupation/branch and comparable data)
- contact details (address, mail address, telephone number and comparable data)
- Payment / Cover confirmation for bank and credit cards
- Information about your financial situation (credit data including scoring, for instance data for assessing the economic risk) ATTENTION: this is not about company credit ratings
- customer history
We also process personal data from public sources (e.g. the Internet, media, press, trade and association registers, resident registers, debt directories, land registers.
If required for rendering of our service, we process personal data that we legitmately receive from third parties (e.g. address publishers, credit reference agencies).
3. Who receives your data?
Within our company, we disclose your personal information to those departments that need this information to fulfil their contractual and legal obligations or to realise our legitimate interests.
In addition, the following organisations may receive your data:
- Data processing companies we employ (Sec. 28 GDPR), service providers that support our activities and other data controllers within the meaning of the GDPR, especially in the following areas: IT services, external data centres, it support/maintenance, archiving, document processing, call centre services, data destruction, purchasing/procurement, risk controlling, billing, telephony, website management, auditing services, credit institutions, printers or data disposal businesses)
- Public bodies and institutions, in the event of a legal or regulatory obligation, according to which we are obliged to provide information and notify or disclose data, or the transfer of data is in the public interest
- Bodies and institutions based on our legitimate interest or the legitimate interest of the third party (e.g. to public authorities, credit reference agencies, debt collection companies, lawyers, courts, appraisers, affiliated companies and committees and supervisory bodies)
- Other bodies for which you have given us your consent to transfer data
4. Transfer of your data to a third country or international organisations
Data processing does not take place outside the EU or EEA (this is usually the case).
A transfer of data to offices in countries outside the European Union (EU) or the European Economic Area EEA, so-called third countries), takes place when it is necessary for the execution of an order / contract by or with you, it is required by law (eg tax reporting obligations), it is in the legitimate interest of us or a third party or you have given us consent.
The processing of your data in a third country can also take place in connection with the involvement of service providers in order processing. Insofar as the EU country does not have an EU Commission’s decision on an adequate level of data protection, according to the EU data protection regulations we ensure through corresponding contracts that its rights and freedoms are adequately protected and guaranteed. Corresponding detailed information is available on request.
5. How long do we save your data?
If necessary, we process your personal data for the duration of our business relationship, including the initiation and execution of a contract.
In addition, we are subject to various storage and documentation requirements, e.g. from the Commercial Code (CC) and the Tax Code (TC). The deadlines for storage and documentation are specified to up to ten years beyond the end of the business relationship or the pre-contractual legal relationship.
Ultimately, the retention period is also judged according to the statutory limitation periods, which according to §§ 195 seq. of the German Civil Code (Bürgerliches Gesetzbuch, BGB) can generally be three years, in some cases up to thirty years.
6. To what extent is there automated decision-making in individual cases (including profiling)?
We do not use purely automated decision-making procedures under Article 22 GDPR. If we use these procedures in individual cases, we will inform you about this separately, if this is required by law. If profiling is used this must be described here.
7. Your data privacy rights
You have the right to information according to Sec. 15 GDPR, the right to cancellation according to Sec. 16 GDPR, the right to restriction of processing according to Sec. 18 GDPR and the right of data transferability according to Sec. 20 GDPR. In addition, there is a right of appeal to a data protection supervisory authority (Sec. 77 GDPR). Basically, according to section 21 GDPR the right to object to the processing of personal data by us. This right of objection, however, only applies in the case of very special circumstances of your personal situation, whereby rights of our house may conflict with your right of objection. If you wish to claim any of these rights, please contact our Privacy Officer (privacy@braincourt.com).
8. Scope of your obligations to provide us with your information
All you need to do is to provide the information necessary to enter into a business relationship or enter into a pre-contractual relationship with us, or that we are required to collect by law. Without this data, we will generally not be able to conclude or execute the contract. This may also apply to data required later in the business relationship. If we also request data from you, you will be made aware of the voluntary nature of the information separately.
9. Information about your right to object pursuant to Sec. 21 GDPR
You have the right to object to your personal data being processed at any time that takes place on the basis of Sec. 6 (1) (f) GDPR (data processing based on a balance of interests) or Sec 6. (1) (e) GDPR (data processing in the public interest) if reasons exist for this that arise from your particular situation. This also applies to profiling based on this provision in the meaning of Sec. 4 (4) GDPR.
If you object, we will no longer process your personal data unless we can establish compelling legitimate grounds for its processing that outweigh your interests, rights and freedoms, or its processing for purposes of asserting, exercising or defending legal claims.
You can send your objection informally to the address detailed in Sec. 1.
10. Your right to appeal to the competent supervisory authority
You have a right of appeal to the data protection supervisory authority (Sec. 77 GDPR). The supervisory authority responsible for us is:
For Braincourt GmbH
The State Commissioner for Data Protection and Freedom of Information
Königstrasse 10
70173 Stuttgart
For Braincourt Austria GmbH
Österreichische Datenschutzbehörde
Barichgasse 40-42
1030 Wien