Privacy policy – Reis Robotics

The secure handling of personal data is very important to Reis Robotics GmbH & Co KG (hereinafter: we, us). Together with our data protection officer, we therefore ensure compliance with data protection regulations, in particular the applicable EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and the German Act on Data Protection for Digital Services (TDDDG). The aim of the following declaration on the protection of personal data is to inform you about the purposes for which and the legal basis on which we, as the controller within the meaning of Art. 4 No. 7 GDPR, process your personal data in the context of a business relationship with you or your company. In addition, we also inform you about your rights in relation to the data processed by us and how you can assert them.

Our systems are protected by technical and organisational measures against access, modification or dissemination of your data by unauthorised persons, as well as against loss and destruction.

1        Definitions

The data protection declaration of the provider is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.

We use the following terms, among others, in this privacy policy:

1.1      Personal data

Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

1.2      Data subject

Data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.

1.3      Processing

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

1.4      Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of restricting its future processing.

1.5      Profiling

Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

1.6      Pseudonymisation

Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

1.7      Controller for the processing

Controller for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

1.8      Processor

Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

1.9      Receiver

Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular enquiry in accordance with Union or Member State law shall not be regarded as recipients.

1.10   Third party

Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

1.11   Consent

Consent is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2        Name and address of the controller

The controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:

Reis Robotics GmbH & Co KG

Walter-Reis-Straße 1

63785 Obernburg, Germany

Phone: +49 6022 503-0

Email: info@reisrobotics.com

3        Data Protection Officer

We have appointed an external data protection officer:

Carsten Jockel
Senpro IT GmbH
An der Kirche 2, 35463 Fernwald, Germany
M +49 171 3602441
T + 6404-6580351

If you have any questions about data protection, you can either contact the data protection officer directly or the person responsible.

4        Collection of general data and information

Our website collects a range of general data and information each time the website is accessed. This general data and information is stored in the server log files. The following data may be recorded:

  • Browser types and versions used,
  • the operating system used by the accessing system
  • the website from which the visitor arrives at our website,
  • Date and time of access,
  • the sub-websites that are visited,
  • the IP address of the visitor
  • the visitor’s provider,
  • other information used for security purposes in the event of attacks.

The information is required by us in order to correctly deliver the content of our website, to ensure the functionality of our website and to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.

This information collected in our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR is therefore analysed by the provider both statistically and with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data processed by us. The data of the server log files are stored separately from all personal data provided by a data subject.

5        Contact via the website

You have the option of contacting us via our contact form on our website. You can provide personal data for this purpose.

  • Name*
  • E-mail address*
  • Company/employer*
  • Telephone number
  • Department
  • Message content*

Data marked with * is mandatory. We need the e-mail address and name to contact you. Your company serves as an advance confirmation that you are a business customer and enables us to better assess your needs in advance.

Of course, you are also free to use pseudonyms when entering your data.

The legal basis for the processing is Art. 6 para. 1 lit. b GDPR, as it concerns measures to initiate a customer relationship. The data is only used in the context of the customer relationship and is not passed on to third parties.

6        Data protection for applications and in the application process

We collect and process the personal data of applicants for the purpose of handling the application process. Processing may also be carried out electronically. This is particularly the case if an applicant sends the relevant application documents electronically, for example by email, to the controller.

We may collect the following personal data as part of the application process:

  • Title
  • First name
  • Surname
  • Mobile number
  • Landline number
  • E-mail address
  • CV (curriculum vitae)
  • Application photo
  • Cover letter

The CV, applicant photo and cover letter contain further personal data, depending on the specific case. Which data we process in individual cases also depends on the information you provide in your application.

If you are interested in an advert or job posting from us on (external) job exchanges or social networks, the operator of the (external) website may also collect personal data from you. We have no influence on this processing; if you have any questions, please consult the data protection provisions of the respective provider.

If we conclude an employment contract with you, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If we do not conclude an employment contract with the applicant, the application documents will be automatically deleted six months after notification of the rejection decision, provided that deletion does not conflict with any other legitimate interests of the controller. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).

7        Data processing as part of the operation of our whistleblowing system

If you decide to submit a report via our whistleblowing system, you can do so. The tool is called FaceUp and is hosted by the provider FaceUp Technology s.r.o. (Údolní 33, 602 00 Brno-střed, Czech Republic).

The purpose of the whistleblower system is to be able to confidentially report information on legal violations within and in connection with our company. We process personal data as part of our legitimate interest in detection and prevention. The associated legal basis is Art. 6 para. 1 lit. f GDPR. In special cases, processing also serves to prevent criminal offences and legal violations in the employment relationship in accordance with Section 26 (1) BDSG.

The provision of your identification data is voluntary; you can also provide your data anonymously at any time.

We may collect the following data via the whistleblower system:

  • Your name, if you provide it,
  • Your contact details, if you provide them to us,
  • that you have submitted a report via our system,
  • whether you are employed by Reis Robotics,
  • the content of the message.

The report is transmitted in encrypted form and access is restricted to a narrow circle of employees. The facts of the case are checked in our company and the data is treated confidentially. Confidentiality cannot be guaranteed only if the reporting party knowingly provides false information in order to discredit a person.

In certain cases, there may be an obligation under data protection law to inform the accused person about the report. This is only done if the person concerned cannot interfere with the investigation. The identity of the person making the report is not disclosed in this case either and it is ensured that no conclusions can be drawn.

For the sake of completeness, it should be mentioned that it is of course also possible to submit a report by e-mail, letter, telephone call or in person. However, we believe that the system we provide is the quickest and most secure way. This ensures that an unauthorised person does not gain access to the report.

8        Routine erasure and blocking of personal data

The controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject to.

If the storage purpose no longer applies or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data will be routinely blocked or erased in accordance with the statutory provisions.

9        Rights of the data subject

You have the following rights:

  • Right to information: You can request information from us as to whether and which of your personal data we process (Art. 15 GDPR).
  • Right to rectification: If data that we process from you is incorrect, you can inform us of this and have the right to have this data corrected (Art. 16 GDPR).
  • Right to erasure / right to be forgotten: If personal data is no longer necessary for our processing purposes or the legal basis no longer applies due to another circumstance, you have the right to have your personal data erased (Art. 17 GDPR).
  • Right to restriction of processing: Under certain conditions, you can request that we restrict the processing of your data (Art. 18 GDPR).
  • Right to portability: You can request a copy of your data from us in a commonly used, machine-readable format or that we provide the data directly to a provider of your choice (Art. 20 GDPR).
  • Right to object: You can object to the processing if it is based on our legitimate interests (Art. 21 GDPR)
  • Automated decisions: You have the right not to be subject exclusively to an automated decision (Art. 22 GDPR).

Finally, you can lodge a complaint with the competent data protection authority via us. The body responsible for us is

Bavarian Data Protection Authority (Bayerisches Landesamt für Datenschutzaufsicht)

Home address: Promenade 18, 91522 Ansbach, Deutschland

P.O.Box:           Postfach 1349, 91504 Ansbach, Deutschland

Contact:

Telephon: +49 (0) 981 180093-0

Telefax: +49 (0) 981 180093-800

E-Mail: poststelle@lda.bayern.de  (Es werden ausschließlich PDF-Dateien per Mail angenommen)

10     Cookies

The provider’s Internet pages use cookies. Cookies are text files that are placed and stored on a computer system via an Internet browser.

Numerous websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier for the cookie. It consists of a character string that allows websites and servers to be assigned to the specific internet browser in which the cookie was stored. This enables the websites and servers visited to distinguish the individual browser of the data subject from other Internet browsers that contain other cookies. A specific internet browser can be recognized and identified via the unique cookie ID.

Certain cookies are absolutely necessary for the correct display of our website. This processing is based on § 25 para. 2 TDDDG in conjunction with Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the display and presentation of the website and ensuring the security of our website and its visitors.

Other cookies are not necessary, but allow the provider to provide users of this website with more user-friendly services that would not be possible without cookies. The legal basis for these cookies is § 25 para. 1 TDDDG in conjunction with Art. 6 para. 1 lit. a GDPR.

The latter cookies can be used to optimise the information and offers on our website for the benefit of the user. As already mentioned, cookies enable us to recognise the users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, the user of a website that uses cookies does not have to re-enter their access data each time they visit the website because this is taken over by the website and the cookie stored on the user’s computer system. Another example is the cookie of a shopping basket in an online shop. The online shop remembers the items that a customer has placed in the virtual shopping basket via a cookie.

You can give or withdraw your consent to the use of non-essential cookies at any time via our cookie banner. In the cookie banner, the cookies are sorted according to their purpose; you can consent to the purposes individually or subsequently withdraw your consent.

When you visit our website for the first time, you will see our cookie banner. Otherwise, you can access the cookie banner at any time via the lock in the bottom right-hand corner of the website.

11     Services and applications

11.1   Iubenda

We use the Iubenda service on our website. Iubenda enables us to fulfil various legal requirements, such as the display of a cookie banner or the correct and data protection-compliant embedding of services and applications.

If, for example, you make a selection in the cookie banner used, Iubenda remembers your details under an ID assigned to you. On your next visit, the settings are then automatically applied again.

The legal basis for the use of Iubenda and the underlying data processing is Art. 6 para. 1 lit. c GDPR, which is a legal requirement, e.g. the obligation to obtain consent for the use of non-essential cookies (§ 25 TDDDG in conjunction with Art. 6 para. 1 lit. a, 7 GDPR).

11.2   Matomo

We use the open source service Matomo on our website to analyse and evaluate statistical user behaviour on our website. Cookies can be set for this purpose. The information obtained about website use is summarised in pseudonymous user profiles. We use the data to analyse the use of the website. The data collected is not passed on to third parties.

The IP addresses are anonymised (IP masking) so that it is not possible to assign them to individual users. The data is processed on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR. By operating the application, we want to analyse user behaviour on our website and improve our website for the benefit of our visitors.

The following data is regularly collected by Matomo:

  • IP address (pseudonymised or anonymised)
  • User ID (optional)
  • Date and time of the enquiry
  • Visited website
  • Page URL
  • Referrer URL (previously visited website)
  • Screen resolution
  • Time of the user’s local time zone
  • Downloaded contents of the website
  • Clicked links on the website
  • Time required to provide the Internet pages
  • Country, region, city, approximate position of the user
  • Browser language
  • User agent
  • Browser, operating system, end device
  • First visit to the site
  • Previous visit to the website
  • Number of visits by the user

11.3   Hotjar

We use Hotjar to better understand the needs of our users and to optimise this service and their experience. Hotjar is a technology service that helps us better understand user behaviour (e.g. how much time they spend on which pages, which links they choose, what users like and dislike, etc.), allowing us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on the behaviour of our users and their devices. This includes a device’s IP address (processed during your session and stored in a pseudonymised form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information in a pseudonymised user profile on our behalf. Hotjar is contractually obliged not to sell any of the data collected on our behalf.

The processing of data used by Hotjar takes place if you have given your consent. The legal basis for this is Art. 6 para. 1 lit. a GDPR.

12     Social Media

12.1   YouTube

YouTube is an Internet video portal that allows video publishers to post video clips free of charge and offers other users the opportunity to view, rate and comment on them free of charge. YouTube allows the publication of all types of videos, so that not only complete films and television programmes, but also music videos, trailers and amateur videos prepared by users can be accessed via the Internet portal.

We use a YouTube channel owned by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Information on what data is processed by Google and for what purposes it is used can be found in Google’s privacy policy.

We have no influence on the type and scope of the data processed by Google, the type of processing and utilisation or the forwarding of this data to third parties. We also have no effective control options in this respect. By using Google, your personal data will be collected, transferred, stored, disclosed and used by Google and, regardless of your place of residence, transferred to the United States, Ireland and any other country in which Google does business, and stored and used there. It is transferred to companies affiliated with Google and to other trustworthy companies or persons who process it on behalf of Google.

Google processes your voluntarily entered data such as name and user name, e-mail address and telephone number. Google also processes the content that you create, upload or receive from others when using the services. This includes, for example, photos and videos that you save and comments that you write on YouTube videos. On the other hand, Google also analyses the content you share to determine which topics you are interested in, stores and processes confidential messages that you send directly to other users and can determine your location using GPS data, information on wireless networks or your IP address in order to send you advertising or other content. Google may use analysis tools such as Google Analytics for evaluation purposes. We have no influence on the use of such tools by Google and have not been informed of such potential use. If tools of this kind are used by Google for our YouTube channel, we have neither commissioned this nor supported it in any other way.

The data obtained during the analysis is also not made available to us. Furthermore, we have no way of preventing or switching off the use of such tools on our YouTube channel. Finally, Google also receives information when you view content, for example, even if you have not created an account. This so-called “log data” may include the IP address, browser type, operating system, information about the previously accessed website and the pages you accessed, your location, your mobile phone provider, the device you are using (including device ID and application ID), the search terms you used and cookie information. You have the option of restricting the processing of your data in the general settings of your Google account. In addition to these tools, Google also offers specific data protection settings for YouTube. You can find out more about this in the guide to data protection in Google products from Google.

Further information on these points can be found in Google’s privacy policy under the term ” Privacy settings ” and in the Google Privacy Help.

We use our YouTube channel to communicate with our customers, interested parties and YouTube users and to provide information about us and our products. In this context, we may receive further information, e.g. due to user comments, private messages or because you follow us or share our content. The processing takes place exclusively for the purpose of communication and interaction with you.

In addition, we have integrated YouTube videos from our YouTube channel directly into our website in order to increase the user-friendliness of our website and thus improve the user experience. Although we have activated YouTube’s extended data protection settings in this context, it cannot be ruled out that your personal data may be affected by processing, e.g. the setting of cookies.

As already described, we do not track your behaviour when you use YouTube. However, the data you enter on YouTube, in particular your user name and the content published under your account, will be processed by us to the extent that we may respond to your publications under “Discussions”. The data you freely publish and disseminate on YouTube will thus be included by us in our offer and made accessible to our followers.

The processing of users’ personal data is based on our legitimate interests in an optimised company and product presentation (Art. 6 para. 1 lit. f GDPR) and when answering product application questions based on a (pre-)contractual relationship pursuant to Art. 6 para. 1 lit. b GDPR.

Our legitimate interest is in particular our business interest in sharing information with our users and being able to communicate with them, as well as for customer loyalty.

The transfer of your personal data to the USA takes place in accordance with the GDPR. As a data importer, Google has submitted to the standard contractual clauses and we have taken additional measures to fulfil the data protection requirements. You can find more information about Google’s compliance with data protection regulations here: https://cloud.google.com/security/compliance?hl=en. In addition, the transfer is justified by the EU-US Data Privacy Framework.

12.2   LinkedIn

We use a page on the platform of the provider LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

We have concluded an agreement on joint responsibility under data protection law (Page Controller Addendum) with LinkedIn Ireland Unlimited Company. With this agreement, LinkedIn Ireland Unlimited Company recognises the joint responsibility with regard to the processing processes described and assumes essential data protection obligations to inform data subjects, to ensure data security or to report data protection violations.

When you visit our website, LinkedIn, as the controller, collects personal data from users, for example through the use of cookies. LinkedIn may also collect such data from visitors to this site who are not logged in or registered with LinkedIn. Information about data collection and further processing by LinkedIn can be found in LinkedIn’s privacy policy.

We cannot track which user data LinkedIn collects. We also do not have full access to the data collected or your profile data. We can only see the public information on your profile. You decide what information this is in your LinkedIn settings.

If our website offers a chat function, we use your data when you use the chat function to answer your enquiry.

We operate this LinkedIn page in order to present ourselves to LinkedIn users and other interested persons who visit this LinkedIn page, to present information regarding recruitment and career opportunities with us and to communicate with users.

We also use the service and customer care information collected via LinkedIn to contact you in order to provide you with the information and offers you require.

We process anonymous statistics provided by LinkedIn on the use and utilisation of the page. The following information is provided:

  • Followers: Number of people who follow us – including growth and development over a defined time frame.
  • Reach: Number of people who see a specific post. Number of interactions with a post. This can be used, for example, to determine which content is better received by the community than others.
  • Ad performance: How many people were reached with a post or paid advert and interacted with it?

We use these statistics, from which we cannot draw any conclusions about individual users, to constantly improve our online offering on LinkedIn and to better respond to the interests of our community. We cannot link the statistical data with the profile data of our followers. You can use your LinkedIn settings to decide how targeted advertising is displayed to you.

We receive personal data via LinkedIn if you actively communicate this to us via a personal message on LinkedIn. We use your data (e.g. first name, surname, company and position) to respond to your request. Your data will be stored for this purpose.

The processing of users’ personal data is based on our legitimate interests in an optimised company presentation and contacting potential applicants (Art. 6 para. 1 lit. f GDPR).

12.3   XING

We use a XING page of the professional network “XING” of XING AG (Gänsemarkt 43, 20354, Hamburg, Germany). The purpose of our corporate presence is to inform users about our services, provide information and offer users the opportunity to communicate. The company website is also used for job applications, information/PR and active sourcing.

With this privacy policy, we would like to inform you about how we process your personal data via our XING social media profile https://www.xing.com/pages/reisrobotics and who has access to the data you have stored. As the operator of this social media profile, we are the (joint) controller within the meaning of data protection law. This means that we are also responsible for ensuring that your data is processed lawfully via this profile and that you can also exercise your rights regarding your data against us (see Art. 26 GDPR). Data about you may be collected through cookies via this social media profile, regardless of whether you have an account with XING or not.

Further options are offered by the XING settings or the form for the right to object. The processing of information by means of the cookies used by XING can also be prevented by not allowing cookies from third-party providers or those from XING in your own browser settings. Further details on the use of cookies by XING can be found in the data policy (https://privacy.xing.com/en/privacy-policy).

In addition, cookies are regularly stored on the user’s device when visiting a XING page, including this profile. The information stored in the cookies is received, recorded and processed by XING, in particular when the user visits the XING services, services provided by other members of the group of companies and services provided by other companies that use the XING services. In addition, other entities such as XING partners or even third parties may use cookies on the XING services to provide services to companies advertising on XING. Of course, you are not obliged to consent to the use of cookies. However, if you do not consent to the transmission of your data, this may mean that we will not be able to offer you our social media profile, or only to a limited extent.

We base the processing of your personal data on a legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR. We only store your data for as long as it is required to fulfil the purposes for which it was collected and no statutory retention periods prevent its erasure. You can object to the processing of your personal data that we collect as part of your use of our company website at any time and assert your rights as a data subject as set out in this privacy policy. To do so, please send us an informal email to the email address stated in this privacy policy.

Further information on the use of cookies by XING can be found in Xing’s privacy policy: https://privacy.xing.com/en/privacy-policy.

It cannot be ruled out that user data may be processed on systems outside the European Union. XING has subjected itself to the standard contractual clauses and has thus undertaken to comply with the data protection standards of the EU.

Business partner information – Reis Robotics

Dear Lady,

Dear Sir,

Dear business partner,

Due to the legal provisions of the General Data Protection Regulation (GDPR), we are obliged to provide you with comprehensive information (Art. 13 GDPR) about the processing of your personal data, which we are very happy to do. Data protection and the handling of your personal data are very important to us, so we always ensure that your personal data is processed properly. If you have any questions about the processing of your data, both we and our data protection officer are available to answer them. Furthermore, the data protection officer is not subject to any instructions, is independent in his position and is legally obliged to maintain secrecy and confidentiality (Art. 38 GDPR, § 38 BDSG), so that you can contact him in confidence. We hereby inform you of the following with regard to the processing of your personal data:

1        Name of the person responsible

Responsible for the processing of personal data is the:

Reis Robotics GmbH & Co KG

2        Managing Director, Head of Data Processing

The managing director of the responsible party is:

Michael Wombacher

3        Address of the person responsible

Reis Robotics GmbH & Co KG

Walter-Reis-Straße 1

63785 Obernburg, Germany

Phone: +49 6022 503-0

Email: info@reisrobotics.com

4        Contact of the data protection officer

Carsten Jockel
Senpro IT GmbH
An der Kirche 2, 35463 Fernwald, Deutschland
M +49 171 3602441
T + 6404-6580351

5        Purpose of data processing

We, Reis Robotics, develop and integrate automation systems and complete solutions for efficient and sustainable production. As an independent robotics automation company, we now integrate robots from all major OEMs into our automation solutions. In conjunction with our many years of experience in a wide range of process technologies such as arc welding, laser welding and laser cutting, casting, deburring, handling, coating, assembly and many more, we also offer the necessary services to solve complex automation tasks in these application areas.

Your personal data is processed in particular for the purpose of establishing, implementing, expanding, analysing, evaluating and improving our products and services and for terminating a contractual relationship (consulting, planning, purchasing, supply and service relationship) with you as a business partner, including the possible collection of outstanding claims.

Specifically, we process your data for the following (additional) purposes, among others:

  • Contract fulfilment and processing of orders and answering enquiries;
  • Verification of the master data entered;
  • Centralisation of data storage and maintenance;
  • Analysis and optimisation of business processes;
  • Determination, administration and evaluation of all transactions;
  • Termination of the business relationship;
  • Prosecution, exercise, defence or defence against legal claims and demands;
  • Fulfilment and documentation of legal (legal, contractual, tax and statutory) obligations;
  • Sales, marketing and advertising purposes in the case of consent or legitimate interest, lack of objection or irrelevant objection;
  • Safety and function test in the event of legitimate interest, lack of objection or irrelevant objection;
  • Further processing for different purposes with tested purpose compatibility.

6        Data categories

In this context, we process the following personal data or categories of data from you in particular:

  • Company
  • Surname + first name of the contact person
  • Date of birth of the contact person
  • Address data of the company, sole trader or private customer
  • Contract data (name, address, customer number, invoice number)
  • Receivables data
  • Bank details
  • Other payment data
  • Statistics on the delivery of goods
  • Sales figures
  • Content data of the existing business relationship, such as business letters, e-mails and notes on verbal or telephone correspondence

7        Legal basis for the processing

The legal basis for the processing of your personal data is as follows:

  • Contract pursuant to Art. 6 para. 1 lit. b GDPR (e.g. purchase, delivery and service contracts)
  • Consent pursuant to Art. 6 para. 1 lit a, 7 GDPR (e.g. newsletter, transmission to branches in third countries; transmission to parties involved)
  • Fulfilment of a legal obligation and in individual cases pursuant to Art. 6 para. 1 lit c GDPR (e.g. reports to the tax office; responses to legal and data protection enquiries)
  • Balancing of interests pursuant to Art. 6 para. 1 lit. f GDPR (e.g. advertising information to existing business partners, exercising domiciliary rights; assertion of legal claims and defence in legal disputes; receivables management; ensuring IT security and IT operations of the controller; prevention and investigation of criminal offences; video surveillance serves to collect evidence in the event of criminal offences. It therefore serves to protect customers and employees and to exercise domiciliary rights; measures for building and system security (e.g. access controls).

 

8        Recipients or categories of recipients

To fulfil our contractual and legal obligations, your data will be forwarded to the following recipients or categories of recipients:

  • Clerk and dispatcher of the respective department / function
  • Banking institutions
  • Insurance company
  • External service providers
  • IT service provider
  • Hosting service provider
  • Marketing service provider
  • E-procurement service provider
  • Debt collection service provider
  • Logistics company
  • Document destruction
  • Data Protection Officer
  • Controlling/Auditing
  • Auditing companies
  • Tax office

9        Transfers to a third country

In certain situations, it may be necessary to transfer personal data to a third country. Countries that are considered third countries within the meaning of the GDPR do not have an adequate level of data protection.

In cases where we have to regularly transfer personal data, we justify this with measures from Art. 45 et seq. GDPR. In addition, we always conclude standard contractual clauses. If a corresponding justification is not possible, we obtain your consent for individual transfers in accordance with Art. 49 GDPR.

10     Duration of storage, deletion of personal data

In order to fulfil our contractual and legal obligations, we store the data for the following periods, unless there is a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR that would justify longer storage:

  • Where necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation and fulfilment of a contract.
  • In addition, we are subject to various retention and documentation obligations arising from the German Commercial Code (HGB), the German Fiscal Code (AO), the German Banking Act (KWG) and the German Money Laundering Act (GwG), among others. The retention and documentation periods specified there are two to ten years.
  • Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to Sections 195 et seq. of the German Civil Code (BGB), can generally be three (3) years and, in certain cases, up to thirty (30) years.

In detail:

  • Business correspondence: 6 years, § 147 I No. 4,5 in conjunction with III AO; § 257 I No. 1, 4 in conjunction with § 238 I HGB
  • Contracts: 6 years, § 147 I No. 4,5 in conjunction with III AO; § 257 I No. 1, 4 in conjunction with § 238 I HGB
  • Invoices and receipts for invoices: 10 years, § 147 I No. 4,5 in conjunction with III AO; § 257 I No. 1, 4 in conjunction with § 238 I HGB
  • Judgements, decisions and titles: 30 years

11     Existence of a right to information, correction, etc.

You have the following rights against us with regard to your personal data:

  • Right to information
  • Right to rectification or erasure
  • Right to restriction of processing
  • Right to data portability
  • Right to complain to a data protection supervisory authority about the processing of your personal data by us if you do not agree with the handling of your data and
  • Right of revocation: You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal;
  • Right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on lit. e or f of Article 6 para. 1 GDPR, including profiling based on those provisions.
    • The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
    • If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
    • If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. If you address your objection to the above-mentioned contact options, you will not incur any transmission costs other than those according to the basic rates.
    • Notwithstanding Directive 2002/58/EC, you have the option of exercising your right to object in connection with the use of information society services by means of automated procedures using technical specifications.

Status: July 2024