Nidec Graessner – Data Privacy Policy
Privacy policy
Content
1. Preface and selected terminology
2. Responsible Party and Data Protection Officer
4. Legal bases for the processing of personal data
5. Your rights under the basic data protection regulation
9. Contact Form, E-Mail, Phone and Fax
12. Information for job applicants
13. Online-based Audio and Video Conferences
14. Supplementary information for business partners
1. Preface and selected terminology
On the one hand, this privacy policy informs visitors and users of our website about the data processing operations that take place online and involve the processing of personal data. On the other hand, you will receive information about our processing operations that do not primarily take place online.
- GDPR is an abbreviation for the European General Data Protection Regulation.
- BDSG is the abbreviation for the Federal Data Protection Act in its current version.
- Personal data are all individual details that allow conclusions to be drawn about a natural person (for definition see Art. 4 para. 1 GDPR). This includes, for example, names, e-mail addresses, telephone numbers, but also data such as IP addresses or customer numbers.
- The processing of personal data includes all operations, for example the collection, storage, transmission, archiving or deletion of personal data (definition Art. 4 para. 2 GDPR).
- The data subject within the meaning of data protection law is any natural person from whom personal data is processed.
- Further definitions of terms can be taken from the General Data Protection Regulation, these can be found authoritatively in Art. 4 of the GDPR (Definitions).
2. Responsible Party and Data Protection Officer
Responsible Party for data processing
Nidec Graessner GmbH & Co KG
Cake fields 11
72135 Dettenhausen
Phone: +49 7157 123 0
Data protection officer required by law
DPO External Data Protection Officer Stuttgart
Fabian Henkel
E-mail:
Web: https://www.externer-datenschutzbeauftragter-stuttgart.de
3. A brief overview
The following contents provide you with a brief overview of the processing of personal data; more detailed information can be found in the respective passages presented in detail.
Security
All data transmission processes are encrypted. For example, when you send us a message via form or place an order. However, as a precaution, we would like to point out that one hundred percent security in electronic data processing is not possible and that there is always a residual risk.
Data that you transmit to us
On this site, we process on the one hand the data that you enter yourself, for example in a form. The purpose of the processing in this case results from the type of form and on the other hand from this privacy policy. Also, if you send us a message by e-mail, for example, or otherwise contact us, we process your data according to the purpose of the contact.
Automatic server log files
On the other hand, our server automatically records all accesses and thus also IP addresses (log files), this serves the defense against attacks, the analysis of access figures and the smooth operation.
Cookies use
Cookies help us to provide various services, for more information please see this privacy policy and https://www.graessner.de/de/kontakt/cookie-information.html.
Newsletter / Direct marketing
Direct marketing to existing customers in the legitimate interest
We reserve the right to send e-mail newsletters to our customers on the basis of §7 para. 3 UWG (Germany) in conjunction with Art. 6 para. 1 lit. f GDPR. We also reserve the right to send postal advertising to existing customers in our legitimate interest. You can, of course, object to receiving direct marketing information from us at any time.
Other data recipients
Use of data processors
In accordance with the requirements of Art. 28 GDPR, we use data processors, for example in the area of IT services, web hosting, e-mail hosting or printing services. These process personal data for us in accordance with instructions.
Use of non-specialist services
If it is necessary (for example, to execute a contract), we pass on your data, for example, to banks, other payment service providers, shipping service providers, our tax advisor or lawyer.
Legal obligations
In addition, in certain cases we are obliged to make a report to the competent authorities on the basis of the Money Laundering Act. In addition, we are subject to other legal obligations, such as commercial laws or tax law, in this context we must disclose certain data to tax authorities, for example.
Clarification of criminal acts
If it should be necessary for the clarification of a criminal act, we pass on data to the law enforcement authorities.
General information on deletion periods for personal data
We process the data as long as this is necessary for the respective purpose. As far as necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and execution of a contract; in addition, we are obliged to comply with statutory retention obligations. If the data processing is based on your consent, we will delete your data after your revocation.
Transfer of personal data to a third country
If possible, we try to have all service providers and services provided by providers within the European Union. A transfer to a third country is possible if you have given us your consent and/or we have concluded a contract for commissioned processing pursuant to Art. 28 GDPR, taking into account appropriate guarantees. In individual cases, we may use plugins or tools that are hosted in third countries, but we use them on the basis of our legitimate interests. In these cases, we will point out the circumstance where appropriate.
Obligation to provide personal data
The provision of personal data is regularly required for the initiation, conclusion, processing and reversal of a contract. In the event that you do not provide the required personal data, it will not be possible for us to conclude and fulfill a contract with you.
4. Legal bases for the processing of personal data
The legal bases for the processing of personal data are exceptional circumstances that permit the processing of personal data. The main legal bases are illustrated in particular in Art. 6 GDPR. The legal bases according to which we process personal data are described in the individual processing operations in this privacy policy.
Consent given (Art. 6 para. 1 lit. a GDPR)
Consent is one of these legal bases and requires that the consenting person gives it in an informed manner and on a voluntary basis. Consent based on Art. 6 para. 1 lit a GDPR can be revoked at any time without giving reasons.
Contract-related data processing (Art. 6 para. 1 lit. b GDPR)
The processing of personal data for the initiation or execution of contracts is also a legal basis and is defined in Art. 6 para. 1 lit. b GDPR.
Legal obligation (Art. 6 para. 1 lit. c GDPR)
The exceptional case of data processing due to a legal obligation is found in Art. 6 para. 1 lit. c GDPR, for example, we are obliged to comply with certain retention periods under commercial law and tax law.
Legitimate interests (Art. 6 para. 1 lit. f GDPR)
The processing of personal data on the basis of a balance of interests pursuant to Art. 6 para. 1 lit. f GDPR allows the processing after careful consideration of financial or legal interests against the interests of the data subject that are worthy of protection.
5. Your rights under the basic data protection regulation
Every natural person is entitled to certain rights, these are defined in particular in Articles 15 to 21 and 77 of the GDPR. In principle, you have the following rights, which you can claim against us.
Right to revoke consent given (cf. Art. 7 GDPR).
You can revoke your consent at any time without giving reasons with effect for the future.
Right to information (cf. Art. 15 GDPR)
You have the right to request information about the data processed about you and the purposes of the processing at any time.
Right to rectification (cf. Art. 16 GDPR).
Insofar as you discover that we are processing incorrect or incomplete data about you, you have the right to rectification.
Right to erasure (cf. Art. 17 GDPR)
You have the right to request the erasure of your personal data that we process about you at any time.
Right to restriction of processing / blocking (cf. Art. 18 GDPR)
You have the right to request the restriction of the processing of your personal data. To do so, you can contact us at any time at the address given in the imprint. The right to restriction of processing exists in the following cases:
- If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the review, you have the right to request the restriction of the processing of your personal data.
- If the processing of your personal data happened / happens unlawfully, you may request the restriction of the data processing instead of the deletion.
- If we no longer need your personal data, but you need it to exercise, defend or enforce legal claims, you have the right to request restriction of the processing of your personal data instead of deletion.
- If you have lodged an objection pursuant to Art. 21 (1) GDPR, a balancing of your and our interests must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.
- If you have restricted the processing of your personal data, this data may - apart from being stored - only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.
Right to data portability (cf. Art. 20 GDPR)
You have the right to have us transfer your data to another company in a machine-readable format, insofar as this is possible with reasonable effort.
Right to object to certain processing operations and direct marketing (cf. Art. 21 GDPR).
Art. 21(1) - You may exercise your right to object at any time, this is particularly relevant if the processing is based on Art. 6(1)(e) or (f) GDPR. This also includes processing for profiling purposes. If we can demonstrate compelling reasons for the processing that outweigh your interests or the processing serves the enforcement of legal claims, their exercise or defense, we may reject your objection in individual cases.
Art. 21(2) - You may also object at any time to processing for direct marketing purposes, this also includes profiling related to direct marketing. We will follow up your objection at any time and no longer process your data for these purposes.
Right to lodge a complaint with a supervisory authority (cf. Art. 77 DGVO).
You have the right to complain about the processing of your personal data to the supervisory authority for data protection at any time.
6. External hosting
This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster's servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact data, names, website accesses and other data generated via a website.
The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR). Our hoster will only process your data to the extent necessary to fulfill its service obligations and follow our instructions regarding this data.
We have contracted the following hoster:
Host Europe GmbH, Welserstrasse 14, 51149 Cologne, Germany
Conclusion of a contract on order processingTo ensure
data protection-compliant processing, we have concluded a contract on order processing with our hoster.
7. Server log files
Our web server automatically logs all accesses and thus also IP addresses of visitors. This serves the defense against attacks, the analysis of access figures and the smooth operation. We have a legitimate interest in this (Art. 6 lit. f GDPR).
The server log usually records not only the IP address but also other metadata about the session, this data can be found below.
- Date and time of retrieval
- Information about the browser type and version used Browser
- Information about the operating system used
- Device (Client)
- Refferer URL (via which page you landed with us)
- Visited hyperlinks
We process this data only for the purposes mentioned above. We delete server log files after six months at the latest.
8. Use of cookies
Our website uses cookies for the provision of services and to ensure full functionality. Cookies and similar technologies are very small text documents or pieces of code that often contain a unique identification code. When you visit a website or use a mobile application, a computer asks your computer or mobile device for permission to store this file on your computer or mobile device and access information. Information collected through cookies and similar technologies may include the date and time of your visit and how you use a particular website or mobile application.
Cookies ensure that you remain logged in during your visit to our online store, that all items in your shopping cart remain saved, that you can shop safely and that the website continues to function smoothly. The cookies also ensure that we can see how our website is used and how we can improve it. In addition, depending on your preferences, our own cookies may be used to present you with targeted advertising that matches your personal interests.
Cookies are stored on your terminal device and transmitted from it to our site. As a user, you have full control over the use of cookies. You can define whether and which cookies you generally allow in your browser settings. We recommend that you set your browser so that you are informed when a website wants to set cookies on you. This gives you control over which cookies you want to allow. However, to the extent that you do not allow cookies, the functionality of websites may be limited.
Cookies are basically divided into non-persistent and persistent cookies. A further distinction is made between first party cookies (which come directly from our web server) and third party cookies (which are set by third-party providers).
Cookie types by runtime
Session cookies: Session cookies are deleted at the latest when you leave our website and close your browser.
Persistent cookies: These cookies remain stored even after you leave our website and close your browser of the browser. Persistent cookies can have different durations, from one day to several years. These cookies can perform various functions, for example, your login information may be stored so that you are automatically logged in when you return to our website. Other persistent cookies are used for analysis, tracking and marketing purposes.
Cookie types by origin
We use both first-party cookies and third-party cookies. First-party cookies are cookies that come directly from us. Third-party cookies are cookies that are placed via a third-party provider. We use various third-party cookies for analytics, tracking and marketing purposes.
Cookie types by function
Necessary cookies
These cookies are necessary for the website to function properly. Some of the following actions can be performed with these cookies. - Save items in a shopping cart for online purchases - Save your cookie settings for this website - Save language settings - Log in to our portal. We need to verify that you are logged in.
Performance cookies
These cookies are used to collect statistical information about the use of our website, also called analytics cookies. We use this data to improve performance and optimize the website.
Functional cookies
These cookies enable more functionality for our website visitors. These cookies can be set by our external service providers or our own website.
Advertising / Tracking Cookies
These cookies are set by external advertising partners and are used for profiling and data tracking across multiple websites. If you accept these cookies, we can display our ads on other websites based on your user profile and preferences. These cookies also store data about how many visitors have seen or clicked on our ads in order to optimize advertising campaigns.
Details about cookies used
Details about our cookies used can be found here:
https://www.graessner.de/en/contact-english/cookie-information.html
Legal basis and instructions for setting your preferences
We use technically necessary cookies in the interest of a functional and stable website (Art. 6 para. 1 lit. f GDPR), we use other cookies only with your consent (Art. 6 para. 1lit. a GDPR). You can make your preferences regarding the selection of non-essential cookies at the beginning of your visit, furthermore you have the possibility to adjust your preferences at any time.
The individual legal bases for the use of various tools that use cookies can be found in the respective passages in our privacy policy.
You can adjust your preferences at any time by accessing the cookie setting again. To do this, you will find an icon at the bottom right of the screen, click on it.
9. Contact Form, E-Mail, Phone and Fax
Message via contact form
You have the possibility to send us messages via contact form. We process the data that you have entered in the data entry mask. Mandatory fields are marked and must be filled in.
The purpose of data processing is to process your request and, if necessary, to contact you afterwards. The legal basis for processing the data entered in the contact form is always based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent at any time without giving reasons for doing so in the future. In addition, we process your data for the initiation or execution of purchase contracts, insofar as you ask us, for example, product-related questions (Art. 6 para. 1 lit. b GDPR).
We store the transmitted data until you revoke your consent, in which case we delete your data insofar as no legitimate interests speak against deletion. As a legitimate interest, we can refer to compliance with statutory retention periods. The legal retention periods generally result from §257 HGB (German Commercial Code) with a retention period of 6 years for commercial letters, beginning with the following year after the time of the communication. For this period, we restrict the processing of your data after revocation of your consent and process it exclusively for the purpose of compliance with retention periods. Insofar as you do not revoke your consent, we restrict the processing of your data after the purpose has been achieved and retain it until the expiry of the aforementioned retention periods.
Communication by e-mail
Insofar as you write us an email, we process your data according to the content and purpose of the message. As a rule, processing is carried out on the basis of pre-contractual measures or in the context of the implementation of a contractual relationship on the basis of Art. 6 para. 1 lit. b GDPR and Art. 6 para. 1 lit. f. GDPR. It is a legitimate interest to process your request quickly and efficiently.
Insofar as it is a product- or service-related message, we generally process your data on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR.
Please note that we archive all incoming e-mails in accordance with the principles of proper accounting (GoBD for short) for a period of 10 years, starting with the first day of the following year in which the message was received. Thus, insofar as you request us to delete the data, we will henceforth restrict your data for processing and store it only for the purpose of complying with retention periods in our legitimate interest.
Communication by phone or fax
Even if you contact us by phone or fax, we process your data either for the initiation and execution of contractual relationships (if the content is product- or service-related) and/or in our legitimate interest, analogous to contacting you by e-mail.
We do not record the content of conversations, but may make notes for processing your request. These are stored until the purpose of the data processing has been achieved and we no longer have any legitimate interests in the processing. If necessary, contents of the conversation are stored anonymously for statistical purposes. Of course, you can request deletion at any time.
10. Direct marketing
Direct marketing to existing customers in a legitimate interest
We reserve the right to use the data collected on the occasion of a purchase contract or service contract, if necessary, for direct advertising by e-mail or postal mail in accordance with Section 7 (3) UWG, if the customer does not object or has not objected to this use.
The direct advertising exclusively comprises offers for similar products or services as the products or services already purchased by the user from us. We have a legitimate, economic interest (Art. 6 para. 1 lit. f GDPR) in informing our customers about new products and improving our services.
We use your data for up to three years after the last legal transaction for direct marketing purposes in the legitimate interest.
Of course, you can object to receiving direct advertising by e-mail at any time. Address your objection to the above-mentioned responsible party.
We use the following service provider for the dispatch of newsletters:
TraceParts GmbH
Fuggerstrasse 9 A
92224 Amberg
Germany
Data Processing Agreement
We have concluded an order processing agreement with TraceParts GmbH. The processing of personal data is based on our instructions.
12. Online analysis
Google Analytics
This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyze the behavior of website visitors. In doing so, the website operator receives various usage data, such as page views, dwell time, operating systems used and the origin of the user. This data is assigned to the respective end device of the user. An assignment to a device ID does not take place.
Furthermore, Google Analytics allows us to record your mouse and scroll movements and clicks, among other things. Furthermore, Google Analytics uses various modeling approaches to supplement the collected data sets and uses machine learning technologies in data analysis.
Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.
The use of this analysis tool is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
Data Processing Agreement
We have concluded an order processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Analysis by wiredminds LeadLab
Our website uses the pixel-counting technology of wiredminds GmbH (www.wiredminds.de) for the purpose of optimizing the online offer and analyzing visitor behavior. The provider is wiredminds GmbH, Lindenspürstraße 32, 70176 Stuttgart, Germany.
In the process, data may be collected, processed and stored, from which usage profiles are created under a pseudonym. Where possible and reasonable, these usage profiles are completely anonymized. Cookies can be used for this purpose. Cookies are small text files that are stored in the visitor's Internet browser and are used to recognize the Internet browser. The data collected, which may also include personal data, is transmitted to wiredminds or collected directly by wiredminds. wiredminds may use information left behind by visits to the websites to create anonymized usage profiles. The data obtained in this way will not be used to personally identify the visitor to this website without the separately granted consent of the person concerned, and it will not be merged with personal data about the bearer of the pseudonym. Insofar as IP addresses are collected, they are immediately anonymized by deleting the last number block.
Cookies can be used for this purpose. Cookies are small text files that are stored in the visitor's Internet browser and serve to recognize the Internet browser.
The data collected, which may also include personal data, is transmitted to wiredminds or collected directly by wiredminds. wiredminds may use information left behind by visits to the websites to create anonymized usage profiles. The data obtained in this way will not be used to personally identify the visitor to this website without the separately granted consent of the person concerned, and it will not be merged with personal data about the bearer of the pseudonym. Insofar as IP addresses are collected, they are immediately anonymized by deleting the last number block.
Please read the information on data protection at wiredminds at https://www.wiredminds.de/datenschutzhinweis/.
Exclusion from tracking by wiredmindsIf you
do not want
any analysis by wiredminds, you can exclude yourself from tracking here:
OPT OUT Exclude from tracking
Legal basis Tracking by wiredmindsThe
storage of wiredminds cookies is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its web offering and its advertising.
Data Processing Agreement
We have concluded an order processing contract with wiredminds and fully implement the strict requirements of the German data protection authorities when using wiredminds LeadLab.
12. Information for job applicants
Privacy notice for applicants
We offer website visitors the opportunity to submit job applications to us (e.g., via e-mail, via postal services on by submitting the online job application form). Below, we will brief you on the scope, purpose and use of the personal data collected from you in conjunction with the application process. We assure you that the collection, processing, and use of your data will occur in compliance with the applicable data privacy rights and all other statutory provisions and that your data will always be treated as strictly confidential.
Scope and purpose of the collection of data
If you submit a job application to us, we will process any affiliated personal data (e.g., contact and communications data, application documents, notes taken during job interviews, etc.), if they are required to make a decision concerning the establishment or an employment relationship. The legal grounds for the are mentioned in § 26 BDSG according to German Law (Negotiation of an Employment Relationship), Art. 6 para. 1 lit. b GDPR (General Contract Negotiations) and – provided you have given us your consent – Art. 6 para. 1 lit. a GDPR. You may revoke any consent given at any time. Within our company, your personal data will only be shared with individuals who are involved in the processing of your job application.
If your job application should result in your recruitment, the data you have submitted will be archived on the grounds of § 26 BDSG and Art. 6 para. 1 lit. b GDPR for the purpose of implementing the employment relationship in our data processing system.
Data Archiving Period
If we are unable to make you a job offer or you reject a job offer or withdraw your application, we reserve the right to retain the data you have submitted on the basis of our legitimate interests Art. 6 para. 1 l lit. f GDPR for up to 6 months from the end of the application procedure (rejection or withdrawal of the application). Afterwards the data will be deleted, and the physical application documents will be destroyed. The storage serves in particular as evidence in the event of a legal dispute. If it is evident that the data will be required after the expiry of the 6-month period (e.g., due to an impending or pending legal dispute), deletion will only take place when the purpose for further storage no longer applies.
Longer storage may also take place if you have given your agreement (Article 6 para. 1 lit. a GDPR) or if statutory data retention requirements preclude the deletion.
13. Online-based Audio and Video Conferences (Conference tools)
Data processing in Online Meetings
We use online conference tools, among other things, for communication with our customers. The tools we use are listed in detail below. If you communicate with us by video or audio conference using the Internet, your personal data will be collected and processed by the provider of the respective conference tool and by us. The conferencing tools collect all information that you provide/access to use the tools (email address and/or your phone number). Furthermore, the conference tools process the duration of the conference, start and end (time) of participation in the conference, number of participants and other “context information” related to the communication process (metadata).
Furthermore, the provider of the tool processes all the technical data required for the processing of the online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker and the type of connection.
Should content be exchanged, uploaded, or otherwise made available within the tool, it is also stored on the servers of the tool provider. Such content includes, but is not limited to, cloud recordings, chat/ instant messages, voicemail uploaded photos and videos, files, whiteboards, and other information shared while using the service.
Please note that we do not have complete influence on the data processing procedures of the tools used. Our possibilities are largely determined by the corporate policy of the respective provider. Further information on data processing by the conference tools can be found in the data protection declarations of the tools used, and which we have listed below this text.
Purpose and legal bases
The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers Art. 6 para. 1 lit. b GDPR. Furthermore, the use of the tools serves to generally simplify and accelerate communication with us or our company (legitimate interest in the meaning of Art. 6 para. 1 lit. f GDPR. Insofar as consent has been requested, the tools in question will be used on the basis of this consent; the consent may be revoked at any time with effect from that date.
Duration of storage
Data collected directly by us via the video and conference tools will be deleted from our systems immediately after you request us to delete it, revoke your consent to storage, or the reason for storing the data no longer applies. Stored cookies remain on your end device until you delete them. Mandatory legal retention periods remain unaffected.
We have no influence on the duration of storage of your data that is stored by the operators of the conference tools for their own purposes. For details, please directly contact the operators of the conference tools.
Conference tools used
We employ the following conference tools:
Microsoft Teams
We use Microsoft Teams. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. For details on data processing, please refer to the Microsoft Teams privacy policy: https://privacy.microsoft.com/en-us/privacystatement.
Data Processing Agreement
We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.
14. Supplementary information for business partners
Responsible Party for data processing
Nidec Graessner GmbH & Co KG
Cake fields 11
72135 Dettenhausen
Phone: +49 7157 123 0
Data Protection Officer required by law
DPO External Data Protection Officer Stuttgart
Fabian Henkel
E-mail:
Web: https://www.externer-datenschutzbeauftragter-stuttgart.de
Data categories and purposes of processing
We process personal data of our service providers and partners that we receive directly in the course of our business relationship. If we have received data from you, we generally process it only for the purposes for which we received or collected it.
As a rule, we process the following categories of data from you:
- Name, first name
- Address and / or company address
- Telecommunications data
- Email address
- Company
- professional function and/or position
- If applicable, bank details / credit card number / other payment details
- Data on the history of the business relationship, if applicable
In the course of the business initiation phase and during the business relationship, in particular through personal, telephone or written contacts, initiated by you or by one of our employees, further personal data is generated, e.g. information on contact channel, date, occasion and result; (electronic) copies of correspondence and information on participation in direct marketing measures.
On the other hand, we process personal data that we have permissibly obtained from publicly accessible sources (e.g. commercial and association registers, press, media, Internet) and are allowed to process.
Data processing for other purposes can only be considered if the legal requirements pursuant to Art. 6 para. 4 of the GDPR are met. We will, of course, comply with any information obligations pursuant to Art. 13 para. 3 GDPR and Art. 14 para. 4 GDPR in this case.
Legal bases according to which we process your data
Based on your consent (Art. 6 para. 1 lit. a GDPR)
We process personal data for one or more specific purposes if you have given us consent to do so. If personal data is processed on the basis of your consent, you have the right to revoke your consent at any time with effect for the future.
Data processing for the performance of contracts (Art. 6 para. 1 lit. b GDPR)
We process personal data for the performance of contracts. The performance of contracts includes, for example, the conclusion, execution and reversal of a contract. In addition, we process personal data that is required for the performance of pre-contractual measures, such as the initiation of a contract, and which is carried out at your request.
Data processing due to a legal obligation (Art. 6 para. 1 lit. c GDPR).
Like any company, we have to comply with retention obligations and other documentation requirements, this may include documents containing personal information. To the extent that we process data for these purposes, the processing is based on a legal obligation.
Data processing on the basis of a balance of interests (Art. 6 para. 1 lit. f GDPR)
If we process data on the basis of a balance of interests, you as the data subject have the right to object to the processing of personal data, taking into account the requirements of Art. 21 GDPR. As far as the specific purpose allows, we process your data pseudonymized or anonymized.
Other recipients of your data
Disclosure to data processors within the scope of Art. 28 GDPR
Data processors used by us (Art. 28 GDPR), in particular in the area of IT services and, for example, printing services, who process your data for us in accordance with instructions. If we commission service providers to fulfill our tasks, we always observe the provisions of data protection law; in particular, data is only passed on after conclusion of contracts for order processing.
For the execution of a contractual relationship
If it is necessary for the execution of the contract with you, we pass on your data, for example, to banks or shipping service providers.
Disclosure due to a legal obligation
If there is a legal or official obligation, we will disclose your data to public bodies or institutions (authorities, for example in the context of a criminal prosecution).
Other bodies, insofar as you have given us your consent.
If you have given us explicit consent, we will also pass on your data to other bodies. However, this is done within the limits of your verifiable consent.
General information on deletion periods for personal data
Principle of purpose limitation and compliance with statutory retention periods
We process the data as long as this is necessary for the respective purpose. To the extent necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and execution of a contract.
In addition, like any company, we are obligated to comply with the statutory retention periods, for example the periods under commercial and tax law. Insofar as statutory retention obligations exist, the relevant personal data is stored for the duration of the retention obligation. The storage period is also based on the statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code (BGB), are generally three years, but in certain cases can be up to thirty years. After the retention period has expired, a check is made to determine whether there is a further need for processing. If there is no longer a need, the data is deleted.
Concrete example
If you provide us with your contact details, for example by e-mail, telephone, or by handing over your business card, we store this data on the basis of Art. 6 para. 1 lit. b GDPR on the basis of pre-contractual measures and in the legitimate interest (Art. 6 para. 1 lit. f GDPR) of smooth and targeted communication. Insofar as no legal transaction is concluded, we will delete your data if you request us to do so or if there is no further contact within a period of three years. If you enter into a legal transaction with us (Art. 6 para. 1 lit b GDPR), we store your data for ten years until the expiry of the requirements under commercial and tax law. After this period, we will check whether we can delete the data and, if necessary, we will lead it to deletion.
E-mails and business letters
We archive all our e-mail traffic for ten years. If you write us an e-mail, your data and the entire e-mail content are stored accordingly for 10 years. Most e-mails count as business letters; in addition, e-mails may contain information relevant to tax law. In our opinion, the effort to check every single e-mail in this respect is not in proportion to the benefit and the interests of the sender worthy of protection. However, you can of course request deletion at any time and we will carry out a case-by-case check and inform you of the result. This may lead to deletion or restriction of processing, depending on the content of the correspondence.
Revocation of your consent
If we process your data on the basis of your consent (Art. 6 para. 1 lit. a GDPR), we will delete it after your revocation. Unless there are legitimate interests against a complete deletion. For example, we generally retain declarations of consent for up to three years after receipt of your revocation in the legitimate interest (Art. 6 par. 1 lit. f GDPR). We retain consent exclusively under restriction of processing in order to be able to defend ourselves in the event of a dispute.
Legal or contractual obligation to provide personal data
The provision of personal data is regularly required for the initiation, conclusion, execution and reversal of a contract. In the event that you do not provide the required personal data, we are not able to conclude and fulfill a contract with you.
Transfer to a third country
As a matter of principle, your personal data will be processed by us in data centers in the Federal Republic of Germany or the European Union. A transfer to a third country is only possible if you have given us your consent or we have concluded a contract for commissioned processing in accordance with Art. 28 GDPR, taking into account appropriate safeguards or other suitable guarantees.
