Data protection policy for customers, suppliers and partners
1. Who is responsible for data processing and who is my point of contact?
Mainzer Str. 99
Tel.: +49 2628 / 61-0
Should you have any questions relating to data protection, please contact: email@example.com To serve as data protection officer, we have commissioned: Mr. Michael Grein (ext. DPO) Verimax GmbH, Warndtstrasse 115, 66127 Saarbrücken, Germany dsb-schottel(at)verimax.de
2. Which sources and data do we use?
We process personal data (Art. 4(2) GDPR) that we receive from you in connection with the initiation or conclusion of a contract (e.g. purchase contract, financing contract, etc.). Beyond this, we process – insofar as this is required for the specific contractual relationship – personal data which we collect from other parties on a legal basis or for our own legitimate interests (e.g. case-by-case credit rating inquiry). Relevant personal data are primarily your master data (first name, last name, address and contact data).
3. Why do we process your data (purpose of processing) and on what legal basis?
We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the German Data Protection Act (BDSG).
3.1 For the fulfilment of contractual obligations (Art. 6(1)(b) GDPR)
The processing of personal data is carried out for the purposes of initiating, concluding and handling contracts as well as meeting the associated secondary obligations.
3.2 Based on your consent (Art. 6(1)(a) GDPR)
Insofar as you have granted us consent to process personal data for specific purposes, the lawfulness of this processing is based on your consent. Any consent granted can be withdrawn at any time. This also applies to the withdrawal of declarations of consent granted to us before the GDPR came into force, in other words before 25 May 2018. Please note that the withdrawal of consent has effect for the future only. Any processing which has taken place prior to the withdrawal of consent remains unaffected.
3.3 Based on legal requirements (Art. 6(1)(c) GDPR in conjunction with section 24 of the German Data Protection Act (BDSG))
As a commercial enterprise, we are also subject to various legal obligations, in other words statutory requirements. In this context, processing is conducted, in particular, – to comply with legal regulations (e.g. tax-related issues, etc.) and – to fulfil legal disclosure obligations.
4. Who receives my data?
Within the company, your data are disclosed to those offices (e.g. relevant departments) that need them for the fulfilment of our contractual and legal obligations. In some instances, we also engage various service providers in order to fulfil our contractual and legal obligations. You can request a list of the processors we use as well as other service providers with whom we have more than a temporary business relationship from firstname.lastname@example.org. Furthermore, we may transmit your personal data to further recipients outside the company insofar as this is required for the fulfilment of contractual and legal obligations. For example, this can be:
– financial institutions,
– tax authorities, courts,
– freight carriers, suppliers, etc.
5. How long will my data be stored?
Insofar as required for the purposes mentioned above (no. 3), we process and store your personal data for the duration of the initiation and handling of the contract. Furthermore, we are subject to various obligations to retain data and to furnish evidence which are derived, inter alia, from the German Commercial Code (HGB) and the German Tax Code (AO). These stipulate storage periods of up to ten years. The duration of storage is ultimately also determined by the statutory periods of limitation, which, for example, according to sections 195 et seq. of the German Civil Code (BGB) are usually 3 years, but can also last up to thirty years in certain cases.
6. Are data transmitted to a third country or to an international organization?
Data are not transmitted to third countries (states outside the European Economic Area (EEA)).
7. Which data protection rights do I have?
Every data subject has the right to access according to Art. 15 GDPR, the right to rectification according to Art. 16 GDPR, the right to erasure according to Art. 17 GDPR, the right to restriction of processing according to Art. 18 GDPR, the right to data portability as defined in Art. 20 GDPR as well as a right to object pursuant to Art. 21 EU GDPR. The rights to access and erasure are subject to the restrictions according to sections 34 and 35 of the German Data Protection Act (BDSG). Furthermore, there is a right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR in conjunction with section 19 of the German Data Protection Act (BDSG)). For example: Datenschutz und Informationsfreiheit Rheinland-Pfalz (Data Protection and Freedom and Information, Rhineland-Palatinate)Hintere Bleiche 34, 55116 Mainz, Germany
8. Do I have an obligation to provide data?
Within our business relationship, you have to provide only those personal data that are required for establishing, conducting and ending the business relationship and for fulfilling the associated contractual obligations, and those data which we are legally obligated to collect. Without these data, we are generally not in a position to implement the relevant contract with you.