Privacy notice on personal data processing for business partners pursuant to Art. 13 of the GDPR
The following section contains information on the processing of your personal data and your rights according to the general data protection regulation (GDPR). Which data are processed in detail and how they are used depends to a large extent on the services requested or agreed upon in each case.
1. Who is responsible
Am Weichselgarten 7
Tel: +49 (0)9131 / 691 385
Fax: +49 (0)9131 / 691 386
2. Data protection officer
MKM Datenschutz GmbH
Äußere Sulzbacher Straße 118
Tel.: + 49 (0)911 / 990 860-0
3. Purpose of processing and legal basis
We process your data in accordance with the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) for the following purposes:
In the event that you have given us your consent, we will use your data for the purposes stated in the declaration of consent (Art. 6 (1) (a) GDPR).
We use your data to the extent necessary for execution of contracts and pre-contractual measures to provide our services and sale of products (Art. 6 (1) (b) GDPR).
For the fulfilment of legal obligations under the law of the European Union or the law of a Member State (Art. 6 (1) (c) GDPR).
We also use your data to the extent necessary if we or a third party have a justified interest in the processing (Art. 6 (1) (f) GDPR).
We pursue the following purposes and interests:
- Customer service within the scope of contract processing
- Quality controls for product assurance and process improvement
- Controlling processes through statistical evaluations for cost control and process optimization
- Enforcement of legal claims and defense in legal disputes
- Guarantee of IT security
- Protection and investigation of criminal offences such as fraud and money laundering prevention
- Archiving of data
- Advertising for our products and services by mail, telephone and email within the scope of direct marketing campaigns
If we process your data on the basis of a legitimate interest, you have the right to object to the processing of your data for personal reasons. If we use your data for direct marketing, you have a general right of objection.
4. Categories of recipients
Within our company, those departments receive your data that need it to fulfil our contractual and legal obligations. Also processors used by us (Art. 28 GDPR) may receive data for these purposes. Other forwarding to third parties will only take place if this is necessary for the execution of the contract, if there is a justified interest or a legal or official obligation or if you have given your consent.
The following categories of recipients may receive your data:
- IT service provider for maintenance work, website, archiving, e-mail dispatch
- Authorities within the scope of their responsibilities and courts of law
- Chartered accountants, legal advisors, credit institutions, tax advisors
- Marketing agencies and market research institutes
- Logistics service providers and data destruction companies
- Group companies for the central administration of processes
- Event management service providers and printers
- Credit bureaus and debt collection agencies
5. Will my data be transferred to third countries outside the European Union?
A data transfer to third countries (countries outside the European Economic Area - EEA) does not occur.
If there are appropriate or suitable guarantees for the transfer, you can obtain a copy of them by contacting our data protection officer.
6. Storage Period
If necessary, we process and store your personal data for the duration of our business relationship, which includes, for example, the initiation and execution of a contract. It should be noted that our business relationship is a continuing obligation which is designed for years.
In addition, we are subject to various legal storage and documentation obligations (e.g. from the German Commercial Code (HGB), the German Tax Code (AO), the German Banking Act (KWG) and the Money Laundering Act (GwG)). The periods for storage or documentation are usually up to ten years. In addition, we may have a legitimate interest in storage, such as the limitation periods under the German Civil Code (BGB), which can be up to thirty years.
If your data is no longer required for the purposes mentioned or if its storage is inadmissible for other legal reasons, we will delete it.
If we have processed data on the basis of your consent, we will delete this data after revoking your consent and insofar as no other storage obligations exist.
7. Is there an obligation to provide personal data?
In order to maintain a business relationship with us, only the data necessary for its implementation or to the collection of which we are legally obliged are required. As a rule, it is not possible for us to process a contract without this data.
8. Does profiling or automated decision making take place?
We partly process your data automatically with the aim of evaluating certain personal aspects (profiling) in order to optimise and personalise our marketing measures. Our offers are thus optimally adapted to your needs.
9. Your rights
You are entitled to the following rights under Chapter 3 of the DSGVO:
Right to access - You have the right to obtain information about the data stored about you.
Retification - You have the right to request the correction of inaccurate and incomplete data concerning you.
Erasure - You have the right to demand the deletion of the data stored about you if the legal requirements are met.
Restriction of processing - You have the right to demand the restriction of future data processing under the legal conditions.
Data portability - You have the right to receive data that we have received from you in a common format or to forward it to third parties.
Objection - You have the right to object to any processing based on a legitimate interest for personal reasons. In the case of direct advertising, you have an unlimited right of objection.
Revocation - If you have given us your consent, you can revoke it at any time with effect for the future.
Complaint - You have the right to submit a complaint to a data protection supervisory authority.