Privacy notice pursuant to GDPR
Below we provide you, as a (potential) customer or his employees or as the person who has given us a corresponding consent, an overview of the processing of your personal data by us and your rights based on the EU general data protection regulations (GDPR) and the federal data protection act (BDSG).
Please also pass this notice to current and future authorised representatives and colleagues who are in contact with us.
1. Who is responsible for data processing and whom can I contact?
The responsible body is:
Ewige Weide 15
Phone: + 49 102 2310
Fax: + 49 4102 231 130
You can reach our company data protection officer under:
Ewige Weide 15
Telephone 04102 231 218
Email address: firstname.lastname@example.org
2. What sources and data do we use?
We only process personal data which we receive from you as a customer (interested party). We further process data which we have legitimately collected from sources open to the public (e.g. trade register, media, internet).
Relevant personal data may be:
Name, address and other contact data, such as telephone, email address, date/place of birth, gender, nationality, legitimation data, tax numbers
3. For what purpose do we process your data (purpose of processing) and on which legal basis?
(a) If you are a customer of ours and have sent us a related enquiry, we process your personal data to execute the respective contracts with you or the pre-contractual activities carried out upon your enquiry (article 6 paragraph 1 letter b GDPR) and/or to meet our statutory obligations in connection with these contracts or this initiation of a contractual relationship (article 6 paragraph 1 letter c GDPR).
(b) If you have given your consent for us to process your personal data, we process your personal data for the purposes for which you have given this consent.
4. Who receives your data?
Within our company those departments/employees have access to your data who need them for the purposes mentioned in clause 3 letter a or for a purpose specified in your consent, if applicable. Service providers commissioned by us (contract data processing companies) may also receive data for the respective purpose if both they and us as the responsible party comply with the data protection regulations. Your data are generally not forwarded to other recipients outside the company unless you have given your written consent or we are obliged to do so on the basis of statutory provisions.
5. Are data transmitted to a third country or an international organisation?
Data transmission to entities in countries outside the EU only takes place in exceptional cases and only inasmuch as this is necessary to execute the contract. Service providers in third countries are obliged to comply with data protection.
6. How long are your data stored?
We process and store your personal data as long as this is necessary to fulfil a permissible purpose. They will then be deleted unless statutory requirements compel us to retain your data for a longer period. An example are commercial and trade law retention periods which regularly prescribe the retention of vouchers and documentation from two to ten years.
7. What data protection rights do you have?
Every affected person has the right to
information as to which data have been stored
correction of incomplete/incorrect data
deletion of data
limitation of the processing of data
The scope of the information and deletion right are subject to the limitations of sections 34 and 35 GDPR. Furthermore you have the right to complain to a data protection supervisory authority (article 77 GDPR)
You can revoke your consent to the processing of personal data by us at any time. The revocation does not affect the legality of the processing which took place on the basis of your consent up to the revocation.
8. 8. Do you have an obligation to provide data?
You are only obliged to provide personal data inasmuch as there is a contractual relationship between us and we are legally obliged to collect the respective data (e.g. tax numbers). In individual cases you might also be obliged to provide personal data on the basis of an existing contractual relationship.