Information about data protection made available to business partners
Information about data protection made available to business partners in accordance with Articles 13 and 14 of the EU General Data Protection Regulation
1. Who is the data controller and who can I contact?
The data controller is:
Tel.: +49 2261 5011-0
The contact details of the company's data protection officer are as follows:
Tel.: +49 2261 5011-0
2. What sources and data do we use?
As part of our business relations, we are likely to process the following personal data:
- Fundamental personal data, for instance name, role, business contact details (address(es), telephone and fax numbers, e-mail addresses) and other contact details.
- Other business-related information, for instance sector, previous business activities and the record of business transacted with us.
- Other personal information that has not been disclosed (e.g., birthday, pastimes).
- Information about the agreement such as customer number, bank details, Tax ID No./VAT no.
- Any photos submitted to us or taken during events at which you are a participant.
- Credit information.
- Data needed to process payment transactions.
- Any personal data that we may legitimately collect from publicly accessible sources (e.g., business register, creditworthiness information).
We generally collect the aforementioned data (with the exception of the final point) directly from you. We may receive further information from your employer, colleagues or third parties, or collect them from publicly accessible sources (e.g., your company's website and work-related social media accounts).
3. Why (purpose of processing) and on what legal basis do we process your data?
We process your personal data for the purposes of effectively managing and developing our business relationship, with a view to fulfilling our legal obligations and, as necessary, for our legitimate interests, unless they are overridden by your interests or rights and fundamental obligations.
Your data are processed on the particular legal basis of point (b) and (f) of Article 6(1) of GDPR, or your consent and, if applicable, Article 19 of LOPDGDD (Protection of Personal Data and Guarantee of Digital Rights Act).
4. Who receives my data?
The recipients to whom your data may be disclosed include, but are not limited to:
- Entities belonging to our group in order to enhance our business network.
- Entities from outside our group, to the extent that the disclosure is necessary to set in motion or process an order.
- Public bodies such as tax or social security authorities and other public or private bodies to which we are required to disclose your personal data in fulfilment of our legal obligations.
Your data are processed internally and exclusively by individuals who need to do so in the performance of their professional tasks.
5. Are data transferred to a third country or any international organisation?
Your data are not passed on to any third countries or international organizations.
6. How long will my data be stored for?
We will store and retain your personal data for the duration of our business relationship, and subsequently, to the extent that a longer retention period is necessary to fulfil legal retention obligations or to protect our legitimate interests. We may delete or block personal data in accordance with applicable data protection legislation during or after our business relationship.
7. What data protection rights do I have?
All data subjects have a right to access their personal data in accordance with Article 15 of GDPR and Article 13 of LOPDGDD; a right to rectification in accordance with Article 16 of GDPR and Article 14 of LOPDGDD; a right to erasure in accordance with Article 17 of GDPR and Article 15 of LOPDGDD; a right to restriction of processing in accordance with Article 18 of GDPR and Article 16 of LOPDGDD; a right to object in accordance with Article 21 of GDPR and Article 18 of LOPDGDD; and the right to data portability in accordance with Article 20 of GDPR and Article 17 of LOPDGDD. You also have the right to lodge a complaint with a data protection supervisory authority (Article 77 of GDPR, and Articles 63 et seq. of LOPDGDD).
The consent according to which the controller processes your personal data may be withdrawn at any time. This also applies to the withdrawal of any statements of consent issued prior to the entry into force of the EU General Data Protection Regulation, i.e., before 25 May 2018. Please note that as the withdrawal does not apply retroactively, the processing operations previously undertaken will not be affected. Also bear in mind that, even if you withdraw your consent, we may continue to process your personal data, either in full or in part, in fulfilment of a legal obligation.
8. Am I obliged to disclose data?
We require some of the aforementioned personal data in order to effectively manage our business relationship.
If you do not disclose the necessary personal data, we may not be able to fulfil our legal obligations and may be forced to reconsider the future of our business relationship.
9. To what extent are decisions automated (including profiling)?
We do not engage in any automated decision-making/profiling practices.
Information about your right to object in accordance with Article 21 of the General Data Protection Regulation (GDPR)
For reasons linked to your particular situation, you have the right to object to the processing of your personal data in the cases included in point (e) (processing in the public interest) and (f) (processing on the basis of a balance of interests) of Article 6(1) of GDPR; this also applies to profiling, within the meaning of point (4) of Article 4 of GDPR, for the aforementioned cases.
If you object, we will stop processing your personal data unless we demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
The objection may be submitted without having to complete a particular form.