What sources and data do we use?
We process the data necessary in connection with the establishment, execution and/or termination of our business relationships. We generally collect this data from you directly, e.B g. in the context of an offer request or order, as well as by contacting you via our website, by e-mail, at trade fairs or similar events.
Sometimes we may first receive your data from someone else, e.g.B a colleague in your company who names you as the contact person. If this happens, we will let you know our source at the first communication.
Personal data we process include:
- Name, first name and gender (for the salutation)
- Company affiliation and company address
- usually two contact options in your company (e.B. phone number and e-mail address)
- records of transactions and the respective correspondence
What do we process your data for (purpose of processing) and on what legal basis?
We use the above data to prepare and fulfill business operations and to establish and maintain effective business communications. The legal basis for these processing operations is art. 6 sec. 1 lit. f GDPR if you, as our business partner, represent another organization. Our legitimate interest is to achieve the above purposes. If you as a person are directly our contractual partner, we process your data instead on the basis of Art. 6 sec. 1 lit b GDPR, which allows the processing of personal data for the performance of a contract or pre-contractual measures.
We may wish to collect further information from you at a later date or use it in any other way. Should this happen, we will ask for your consent in accordance with Art. 6 sec. 1 lit. a i.V.m Art. 7 GDPR and inform you accordingly. If you give us this consent, this can be revoked informally at any time. The legality of the use of your data up to the objection remains unaffected by the objection.
Should your data be necessary for legal proceedings, processing may be carried out in order to exercise our legitimate interests in accordance with Art. 6 sec. 1 lit. f GDPR. Our interest then is in asserting or defending claims, for example in the context of the obligation to provide evidence in a procedure.
Who gets my data?
In our company, only those persons who need it for the smooth execution of our business relationship have access to your data. There may also be several specialist departments in our company, depending on which services or products you receive from us. Furthermore, our IT department has access to your data for only technical processing.
Service providers used by us may also be recipients of data about you in the context of order processing in accordance with Art. 28 GDPR.
In the course of processing your orders, it is partly necessary that we transmit certain data to our respective suppliers or other business partners, who are based in Germany, the European foreign countries or.dem European Economic Area. This is e.B. your name, if necessary Your first name and organizational affiliation, as well as your contact details in your organization.
We may be required to disclose certain data to the appropriately authorised bodies within the scope of our legal obligations.
Is data transferred to a third country or to an international organisation?
Data transfers to agencies outside the European Economic Area (so-called third countries) usually do not take place. Nevertheless, data transfer in third countries may take place in individual cases, provided that:
- it is required by law to:
- you have given us your consent or
- this is legitimised by the legitimate interest in data protection law and does not prevent the higher interests worthy of protection of the data subject.
In addition, we do not transfer personal data to agencies in third countries or international organizations.
However, we use service providers for certain tasks, which usually also use service providers who may have their registered office, parent company or data centers in a third country. A transfer is permitted if the European Commission has decided that there is an adequate level of protection in a third country (Article 45 GDPR). If the Commission has not taken such a decision, we or our service providers may only transfer personal data to a third country if appropriate safeguards exist (e.B. standard data protection clauses adopted by the EU Commission or the supervisory authority in a particular procedure) and enforceable rights and effective remedies are available.
An example of this is our use of Microsoft Office 365 as an enterprise-wide communication system. Although Microsoft also operates servers within the EU, it cannot be ruled out that your data may be transferred to and processed in a third country (e.B. the UNITED States).
We have concluded a contract processing agreement with Microsoft under Article 28 GDPR with EU clauses in order to maintain an adequate level of data protection. If necessary, please contact us for further information under the contact details above.
We have concluded corresponding order processing contracts with our service providers and have also contractually agreed that there must always be guarantees on data protection with their contractual partners in compliance with the European data protection level.
How long will my data be stored?
We store your data throughout the entire continuous business contact between us and your organization, including in particular the existence of a contract or pre-contractual measures.
In addition, we store your data to the extent and to the extent that we are obliged to do so due to mandatory legal regulations, such as.B. commercial or tax retention periods. This applies to a period of 10 years. Insofar as we no longer need your data for the purposes described above, it will be stored separately during the respective statutory retention period and will not be processed for other purposes. After expiry of the statutory retention periods, all remaining data will be safely deleted or destroyed immediately.
Is there an obligation to provide data?
The provision of your personal data is not required by law or contract at first, nor are you obliged to provide such data.
However, if you yourself are in a direct business relationship with us, you must provide the personal data necessary for the establishment and execution of a business relationship and the fulfilment of the associated contractual obligations. Without this data, we will usually have to refuse to conclude the contract or execute the order, or we will no longer be able to carry out an existing contract and, if necessary, terminate it.
If this is a business relationship with a company you represent to us, you must provide us with the personal data necessary for the establishment and execution of a representation/authorisation and the fulfilment of the associated contractual obligations. Without this data, we usually have to reject you as a personentitled to represent/authorised persons, or we must revoke an existing right of representation/authorisation.
To what extent is there automated decision-making?
We do not use automatic decision-making in accordance with Article 22 GDPR to establish, execute and terminate the business relationship. Should we use these procedures in individual cases, we will inform you about this and your rights in this regard separately, if this is required by law.
Is profiling taking place?
We do not process your data with the aim of evaluating certain personal aspects automatically.