1. Who is responsible for the data processing and what is the contact information?
T +49 711 75 85 80 0
2. Contact information of the data privacy officer
3. Processing purposes and legal basis
Your personal data will be processed in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (FDPA) and other relevant data protection regulations. The processing and use of the individual data depends on the agreed or requested service. In our contract documents, forms, consent forms and the other information provided to you (for example, on the Website or in the Terms and Conditions), you can find further details and additions to the processing purposes.
3.1 Consent (Sec. 6 (1) (a) GDPR)
If you have given us consent to the processing of personal data, the respective consent is the legal basis for the processing mentioned therein. You can revoke your consent at any time with effect for the future.
3.2 Fulfillment of contractual obligations (Sec. 6 (1) (b) GDPR)
We process your personal data for the execution of our contracts with you, in particular in the context of our order processing and service utilization. Furthermore, your personal data will be processed to carry out activities and measures in the context of pre-contractual relationships.
3.3 Fulfillment of legal obligations (Sec. 6 (1) (c) GDPR)
We process your personal information when necessary to fulfill legal obligations (such as commercial, tax laws).
Furthermore, we process your data for, if necessary, identity and age checks, prevention of fraud and money laundering, the prevention, combating and clarification of terrorist financing and offending criminal offenses, comparisons with European and international anti-terrorist lists, the fulfillment of tax control and reporting obligations as well as the archiving of data for the purposes of data protection and data security as well as audits by tax and other authorities. In addition, the disclosure of personal data in the context of administrative / judicial action may be required for purposes of gathering evidence, prosecuting or enforcing civil claims.
3.4 Public interest (Sec. 6 (1) (e) GDPR)
If necessary, we process your personal information to safeguard a task that is in the public interest.
3.5 Justifiable interest of us or third parties (Sec. 6 (1) (f) GDPR)
We may also use your personal information on the basis of a balance of interests to protect the legitimate interest of us or third parties. This is done for the following purposes:
- for advertising or market research, if you have not objected to the use of your data
- for obtaining information and exchanging information with credit bureaus, if this goes beyond our economic risk
- for the limited storage of your data, if a deletion due to the special nature of the storage is not or only with disproportionate effort possible
- for comparison with European and international anti-terrorist lists, if this goes beyond the legal obligations
- for the further development of services and products as well as existing systems and processes
- for the disclosure of personal data as part of a due diligence, e.g. at company sales
- for the enrichment of our data by using or researching publicly available data
- for statistical evaluations or for market analyzes
- for benchmarking
- for the assertion of legal claims and defense in legal disputes, which are not directly attributable to the contractual relationship
- for the development of scoring systems or automated decision-making processes
- for internal and external investigations and or security checks
- for the eventual monitoring or recording of telephone calls for quality control and training purposes
- for certifications of private or official matters
- to ensure and exercise our domestic law through appropriate measures (such as video surveillance)
Furthermore we process personal information from public sources (such as the Internet, media, press, trade and club registries, registration records, debtor directories, land registers). If we are required to provide our service, we will process personal information that we have lawfully obtained from third parties (such as address book publishers, credit bureaus).
4. Categories of personal data we process
We process the following data:
- Personal data (name, occupation/branch and comparable data)
- Contact details (address, email address, telephone number and comparable data)
- Payment / coverage confirmation for bank and credit cards
- Information about your financial situation (creditworthiness data, i.e. data for assessing the economic risk)
- supplier history
- furthermore we process personal data from public sources (e.g. internet, media, press, trade and association register, registration register, debtor registers, land registers)
- If it is necessary for the provision of our service, we process personal data that we have lawfully received from third parties (e.g. address publishers, credit agencies)
5. Wo receives your data?
Within our company, we disclose your personal information to those departments that need this information to fulfil their contractual and legal obligations or to realise our legitimate interests.
In addition, the following organisations may receive your data:
- Data processing companies we employ (Sec. 28 GDPR), service providers that support our activities and other data controllers within the meaning of the GDPR, especially in the following areas: IT services, external data centres, IT support/maintenance, document processing, data destruction, purchasing/procurement, risk controlling, billing, telephony, auditing services, credit institutions, printers or data disposal businesses, courier services)
- Public bodies and institutions, in the event of a legal or regulatory obligation, according to which we are obliged to provide information and notify or disclose data, or the transfer of data is in the public interest
- Bodies and institutions based on our legitimate interest or the legitimate interest of the third party in the context of the purposes stated in Sec. 3.5 (e.g. to public authorities, credit reference agencies, debt collection companies, lawyers, courts, appraisers, group companies and committees and supervisory bodies)
- Other bodies for which you have given us your consent to transfer data
6. Transmission of your data to a third country or to an international organization
Data processing outside the EU or the EEA does not take place.
A data transfer to locations in countries outside the European Union (EU) or the European Economic Area EEA, so-called third countries) takes place if it should be necessary to carry out an order / contract from or with you, if it is required by law (e.g. tax reporting requirements), it is in the context of a legitimate interest of us or a third party or you have given us your consent.
The processing of your data in a third country can also take place in connection with the involvement of service providers in the context of order processing. Insofar as there is no decision by the EU Commission regarding an appropriate data protection level for the country in question, we guarantee according to the EU data protection regulations through appropriate contracts that their rights and freedoms are adequately protected and guaranteed. We will provide you with the corresponding detailed information on request.
7. How long do we store your data?
If necessary, we process your personal data for the duration of our business relationship, this also includes the initiation and execution of a contract.
In addition, we are subject to various storage and documentation obligations from the Commercial Code (CC) and the Tax Code (TC). The periods for storage and documentation specified there are up to ten years beyond the end of the business relationship or the pre-contractual legal relationship.
Ultimately, the storage period is also assessed according to the statutory limitation periods, which, for example according to §§ 195 seq. of the German Civil Code (CC), can generally be three years, but in certain cases up to thirty years.
8. To what extent is there automated decision-making in individual cases (including profiling)?
We do not use purely automated decision-making procedures in accordance with Sec. 22 GDPR. If we use these procedures in individual cases, we will inform you of this separately, provided that this is required by law.
If profiling is used, this must be described here.
9. Your data privacy rights
You have the right to information according to Sec. 15 GDPR, the right to cancellation according to Sec. 16 GDPR, the right to restriction of processing according to Sec. 18 GDPR and the right of data transferability according to Sec. 20 GDPR. In addition, there is a right of appeal to a data protection supervisory authority (Sec. 77 GDPR). Basically, according to section 21 GDPR the right to object to the processing of personal data by us. This right of objection, however, only applies in the case of very special circumstances of your personal situation, whereby rights of our house may conflict with your right of objection. If you wish to claim any of these rights, please contact our Privacy Officer (email@example.com).
10. Scope of your obligations to provide us with your data
You only need to provide the data that is necessary for the establishment and execution of a business relationship or for a pre-contractual relationship with us or which we are legally obliged to collect. Without this data, we will generally not be able to conclude or execute the contract. This can also refer to data later required in the course of the business relationship. If we also request data from you, you will be informed of the voluntary nature of the information.
11. Information about your right to object pursuant to Sec. 21 GDPR
You have the right to object to your personal data being processed at any time that takes place on the basis of Sec. 6 (1) (f) GDPR (data processing based on a balance of interests) or Sec 6. (1) (e) GDPR (data processing in the public interest) if reasons exist for this that arise from your particular situation. This also applies to profiling based on this provision in the meaning of Sec. 4 (4) GDPR.
If you object, we will no longer process your personal data unless we can establish compelling legitimate grounds for its processing that outweigh your interests, rights and freedoms, or its processing for purposes of asserting, exercising or defending legal claims.
You can send your objection informally to the address detailed in Sec. 1.
12. Your right to appeal to the competent supervisory authority
Ihnen steht ein Beschwerderecht bei der Datenschutzaufsichtsbehörde zu (Sec. 77 DSGVO). Die für uns zuständige Aufsichtsbehörde ist:
The State Commissioner for Data Protection and Freedom of Information
Königstrasse 10 a