Data protection information
for customers and interested parties
according to Art. 13, 14 and 21 of the General
Data Protection Regulation, GDPR
Data protection is important to us. Here, we provide information on how we process your data and what rights you have.
1. Who is responsible for data processing and who can you contact?
2. Contact details for our data protection officer
Tel.: +49 781 9193366-0
3. Processing purposes and legal basis
Your personal data will be processed in accordance with the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other relevant data protection rules. The processing and use of individual pieces of data depends on the service agreed or requested.
3.1 Consent (Art. 6 (1) lit a. GDPR)
If you have given us consent to process personal data, the relevant consent is the legal basis for the processing mentioned in the consent process. You can revoke your consent at any time with effect for the future.
3.2 Fulfilment of contractual obligations (Art. 6 (1) lit b. GDPR)
We process your personal data in order to implement our contracts and agreements with you. Furthermore, your personal data will be processed in order to implement measures and take actions as part of pre-contractual relationships.
3.3 Fulfilment of legal obligations (Art. 6 (1) lit c. GDPR)
Where necessary, we process your personal data in order to fulfil our legal obligations (e.g. to comply with trade and tax laws). Furthermore, where necessary, we process your data to fulfil financial controlling and reporting obligations and in order to archive data for the purposes of data protection, data security and for auditing by tax and other authorities. In addition, we may be required to disclose personal data in the case of administrative/court proceedings for the purpose of gathering evidence, prosecuting crimes or enforcing civil claims.
3.4 Our legitimate interest or the legitimate interest of third parties (Art. 6 (1) lit f. GDPR)
Provided we balance the parties' interests, we may also use your personal data to protect our legitimate interest or that of a third party. This is the case for the following purposes:
- to examine and optimise procedures for needs analysis and direct customer approach
- for advertising or market research, if you have not objected to this use of your data
- for the limited storage of your data, if deletion is not possible or would impose disproportionately high costs due to peculiarity of the storage method
- to further develop services, products and existing systems and processes.
- for statistical evaluations or for market analyses.
- for internal and external investigations and/or safety reviews
- for certification of private-law or official matters.
4. Categories of personal data that we process
The following data will be processed:
- Personal data (name, date of birth, occupation/industry and similar data)
- Contact details (address, email address, telephone number and similar data)
- Customer history
We also process personal data from public sources (e.g. the Internet, media, press)
5. Who receives your data?
We pass on your personal data within our company to those departments which require this data to fulfil their contractual and legal obligations or to implement our legitimate interest.
In addition, the following offices may receive your data:
- our nominated processor (Art. 28 GDPR); service providers in supporting roles and further controllers as defined by the GDPR, in particular in the fields of IT services, logistics, courier services, printing services, external data centres, IT-application support/maintenance, archiving, document processing, accounting and financial control, data destruction, purchasing/procurement, customer administration, letter shops, marketing, telephone services, website management, tax advice, auditing services, financial institutions
- public bodies and institutions in the event of a legal or official obligation, according to which we are obliged to provide information, report or pass on data
- other offices for which you have given us your consent to transfer your data
6. Transfer of your data to a third country or to an international organisation
Data processing takes place outside the EU and the EEA.
7. For how long do we store your data?
Where necessary, we process your personal data for the duration of our business relationship. This also includes the initiation and execution of a contract.
In addition, we are subject to various storage and documentation obligations, including those arising from the German Commercial Code (HGB) and the German Fiscal Code (AO). The periods for storage and documentation specified in these laws are up to ten years beyond the end of the business relationship or the pre-contractual legal relationship.
Finally, the duration for which we store data is also determined according to limitation periods such as the ones defined in sections 195 et seq. of the German Civil Code (BGB), which is generally three years but may be up to 30 years in specific cases.
8. To what extent does automated decision making apply to individual cases?
In accordance with Article 22 of the GDPR, we do not use purely automated decision-making procedures. Should we use these procedures in individual cases, we will inform you of this separately if we are required to by law.
9. Your rights to data protection
In accordance with Art. 15 of the GDPR, you have the right to be informed; in accordance with Art. 16 of the GDPR, you have the right to rectification; in accordance with Art. 17 of the GDPR, you have the right to erasure; according to Art. 18 of the GDPR, you have the right to restrict processing; according to Art. 20 of the GDPR, you have the right to data portability. In addition, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). In accordance with Article 21 of the GDPR, you have the right to object to our processing personal data. However, this right to object only applies in certain specific circumstances regarding your individual situation, whereby the rights of our company may conflict with your right of objection. If you wish to exercise any of these rights, please contact our Data Protection Officer (firstname.lastname@example.org)
10. Scope of your obligations to provide us with your data
You only need to provide the data which is necessary for the establishment and execution of a business relationship or for a pre-contractual relationship with us or which we are legally obliged to collect. Without this information, we will usually not be able to conclude or execute the contract. This may also refer to data required later within the framework of the business relationship. If we request further data from you, you will be informed separately that providing this data is voluntary.
11. Information about your right to object, Art. 21 of the GDPR
At any time, you have the right to object to our processing your data on the basis of Art. 6 (1) lit f. of the GDPR (data processing having balanced interests) or Art. 6 (1) lit e. of the GDPR (data processing in the public interest) if there are reasons for this arising from your individual situation. This also applies to profiling based on this provision, as referred to in Art. 4 (4) of the GDPR.
If you object, we will cease processing your personal data except if we can demonstrate compelling and legitimate reasons to process that data. These reasons must override your interests, rights and freedoms or the processing must be for the purposes of establishing, exercising or defending legal claims. We may also process your personal data for the purpose of direct marketing. If you do not wish to receive marketing, you have the right to object at any time. We will consider this objection to apply to the future.
We will no longer process your data for purposes of direct marketing if you object to the processing for these purposes. Your objection may be sent, in no particular form, to the address listed under point 1.
12. Your right to complain to the competent supervisory authority
They have the right to appeal to the data protection supervisory authority (Art. 77 GDPR).
The supervisory authority overseeing us is:
State Commissioner for Data Protection and Freedom of Information, Baden-Württemberg
Königstrasse 10 a