Information about the processing of personal data according to Art. 13, 14 and 21 of the General Data Protection Regulation (GDPR) for customers
We would like to inform you about the processing of your personal data by us and about your rights under data protection law.
1. Name and contact details of the data controller and the data protection officer
Telephone landline (general): +49 2251 650-0
The data protection officer can be reached as follows:
Digital Compliance Consulting GmbH
Phone (landline): +49 2421 5559333
Mail address: firstname.lastname@example.org
2. Source of the personal data
We process personal data that we receive from you in the cause of our business relationship.
In addition, we process - insofar as necessary for the (provision of the service/fulfillment of the contract) to you - personal data that we receive or have received from other companies (e.g. transport service providers, intermediary agencies/resellers) or from other third parties (e.g. credit agencies) in a permissible manner (e.g. for the execution of orders, for the fulfillment of contracts or on the basis of consent given by you).
We may process personal data that we have permissibly obtained from accessible sources (e.g. commercial and association registers, press, media).
3. Categories of personal data
We process the following categories of personal data:
>> Contact details (e.g. name, address, telephone number, fax number, e-mail address)
>> Customer management data (e.g. customer number)
>> Order data (e.g. order confirmation, delivery address, ...)
>> Payment data (e.g. bank details, tax ID no.)
>> Data from the fulfillment of our contractual obligation
>> Information on the advertising approach
>> Documentation data (e.g., data from consultation and service calls)
4. Purposes and legal bases for the processing of personal data
We process personal data on the basis of Art. 6 (1) 1 letter b GDPR. The processing serves the execution of our contracts or pre-contractual measures with you and the orders can be dealt with, as well as all activities necessary for the operation and administration of our company. Details on the purpose of the data processing can be found in the respective contract documents and our General Terms and Conditions.
Beyond the actual performance of the contract, we process personal data in accordance with Art. 6 (1) 1 letter f GDPR. This is permissible insofar as the processing is necessary to protect our legitimate interests or those of a third party, unless your interests or fundamental rights and freedoms require the protection of personal data.
Such a legitimate interest exists, for example, in the case of:
>> Implementation of payment processing via external service providers
>> Consultation of and data exchange with credit agencies to determine default risks in specific business transactions
>> Testing and optimizing procedures for needs analysis and direct customer approach
>> For advertising our own products and for market and opinion surveys
>> Assertion of legal claims and defense in legal disputes
>> Ensuring IT security and the IT operation of the company
Insofar as you have given us consent to process your personal data for certain purposes (e.g. customer communication, conducting customer surveys, remote maintenance), the lawfulness of this processing is given on the basis of your consent (Art. 6 (1) 1 letter a GDPR). Consent given can be revoked at any time. Please note that the revocation can only take effect for the future. Processing that took place before the revocation is not affected.
In addition, we process personal data in accordance with Art. 6 (1) letter c GDPR, insofar as this is necessary for the fulfillment of legal obligations to which we are subject as a company. The purposes of processing include, for example, commercial and tax retention obligations (e.g. under § 257 of the German Commercial Code (HGB) and Section 147 of the German Fiscal Code (AO)).
5. Recipients of the data or categories of recipients
Within our group of companies, access to your data is granted to those departments that need it to fulfill their contractual (and legal) obligations.
In addition, we may disclose your personal data to other recipients outside the company to the extent necessary to fulfill contractual and legal obligations. These may be, for example:
>> Lawyers to clarify claims or accusations
>> Tax consultant and financial auditor
6. Duration of storage and criteria for determining the storage period
As far as necessary, we process and store personal data for the duration of our business relationship. This also includes the initiation and processing of a contract, as well as warranty and guarantee claims.
In addition, we store personal data insofar as we are legally obligated to do so. Corresponding documentation and storage obligations result from the German Commercial Code (HGB) and the German Fiscal Code (AO). The periods specified there for storage or documentation are (6) years in accordance with commercial law requirements under § 257 HGB and up to (10) years due to tax requirements under § 147 AO.
7. Data subject rights and right of appeal
In accordance with Art. 15 GDPR, you have the right to receive information about the data stored about you. If incorrect personal data has been processed, you have the right to rectification in accordance with Art. 16 GDPR.
If the legal requirements are met, you may request erasure pursuant to Art. 17 GDPR or restriction of processing pursuant to Art. 18 GDPR.
According to Art. 20 GDPR, you can assert the right to data portability for data that is processed automatically on the basis of your consent or a contract.
In addition, you have the right to object to data processing pursuant to Art. 21 GDPR. In this case, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that is carried out on the basis of Art. 6 (1) 1 letter f GDPR (data processing on the basis of legitimate interests).
If you object, we will no longer process your personal data unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
These rights can be exercised informally directly to the person responsible and should preferably be addressed to:
If you believe that data processing violates data protection law, you have the right to complain to a data protection supervisory authority. You can reach the data protection supervisory authority responsible for us under the following contact details:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
(State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia)
PO Box 20 04 44
Tel.: +49 211 38424-0
Fax: +49 211 3824-10
8. Voluntariness or obligation to provide the data
For the conclusion of the contract it is necessary that you provide us with all information necessary for the execution of the contract. Without this information (which may also include personal data), we will usually have to refuse to conclude the contract or will no longer be able to perform an existing contract and may have to terminate it.
9. Indications on the existence of an automated decision including profiling
Neither automated decision-making nor profiling takes place.
10. Transfer of data to a third country
We disclose, among others, in the context of the following processing activities: Customer master data management, contact data management, customer communication, customer relationship management, customer retention management, customer training, inquiry, quotation and order management, picking, delivery management, complaint and grievance handling, team viewer, e-mail communication, personal data to other EU countries and the US, UK or other third countries (worldwide).
Within our group of companies, all companies involved in these processing activities have signed a framework agreement (Inter Company Contract). In addition to the regulations regarding mutual commissioned processing pursuant to Art. 28 GDPR and possible joint responsibilities pursuant to Art. 26 GDPR, the requirements for data transfer to third countries (EU standard contractual clause pursuant to Art. 44 et seq. GDPR) are also agreed.
If you would like more information about this, please contact the person responsible. If possible, your request should be addressed to:
V 1.0 / 2021 – 25th Jan. 2021: First release