We take data protection very seriously. The General Data Protection Regulation (GDPR) became effective in all EU member countries on the 25th of May, 2018. With the following information, we would like to provide you with an overview of how we process your personal data. Although data protection is by no means new to us, there are nevertheless several new requirements which have prompted us to issue this statement.
Important: You don’t have to do anything. This information is intended to explain your data protection rights as a data subject. Nothing has changed with regard to existing contracts entered into with you. As has always been the case, we use your information for the following purposes only:
- To conclude and fulfil contracts with you as our customer, and to fulfil warranty requirements
- To conduct trade fair processing within the context of rendered services
- To establish and ensure communication with you
Data protection legislation obligates us to provide you with certain information concerning data protection.
Master data such as names and addresses, as well as contact data such as phone numbers and e-mail addresses, bank and bank account information …
a. Performance of contracts and taking the necessary steps prior to entering into a contract (article 6, section 1 b GDPR)
We need to obtain personal data from you in order to be able to prepare and perform contracts entered into with you (including the rendering of services, delivery and billing). This data includes, for example, your name and address, as well as data with regard to payment and invoices. We’re permitted to process this data in accordance with article 6, section 1 b GDPR.
b. Data processing based on legitimate interests (article 6, section 1 f GDPR)
The law expressly permits us to process additional data in the pursuit of legitimate interests. We do this for, amongst others, the following purposes:
- Implementation of measures for the improvement and development of services and products in order to be able to support you individually with custom-tailored offerings and products
- Execution of market research and opinion polling, or contracting with market research and opinion polling institutes for the execution of market research and opinion polling, targeted at gaining an overview of the transparency and quality of our products, services and communication, and at being able to align and organise these for the benefit of our customers
- Detection of risks associated with credit worthiness and possible payment default with the help of information bureaus (e.g. Schufa, Creditreform) for online contracts
- Enforcement of legal claims
- Defence in the case of legal disputes
- Investigation of criminal offenses
- Conducting address enquiries
- Use of your anonymised data for analysis purposes
c. Data processing as required for compliance with legal obligations (article 6, section 1 c GDPR) or in the public interest (article 6, section 1 e GDPR)
As a business enterprise, we’re subject to various legal and official requirements (e.g. tax law and the German commercial code), which necessitate the processing of your data in order to comply with the law.
Internally, i.e. within our own company, we forward information to those persons who require it in order to fulfil contractual and legal obligations. This also applies to service providers and agents whose services we make use of in order to be able to complete tasks properly. We only forward your data to third parties if we have unequivocal legal grounds to do so, if this is required by legal regulations, if you have consented to such forwarding or if we are otherwise authorised to do so.
The following receivers may receive data from us: freight forwarders, bill collection services, finance and tax authorities, police and investigation authorities (if legal grounds exist), official authorities (if transmission is legally stipulated), insurance companies, banks and credit institutes (payment processing), marketing partners, commercial agents, financial auditors, Internet service providers (e.g. Google) and Internet agencies, opinion polling institutes, printing service providers, information bureaus, attorneys, auditors.
Transmissions to which we are legally obligated take place in accordance with applicable legal requirements.
Transmission on the basis of article 6, section 1 f GDPR (legitimate interests of the controller) may only take place insofar as necessary for the pursuit of our legitimate interests or the legitimate interests of third parties in accordance with the GDPR.
Your data are initially processed as of the point in time of collection insofar as you or a third party has transmitted them to us. We delete your personal data when our contractual relationship with you has been ended, all reciprocal claims have been fulfilled and no other legal retention requirements or legal justification for further storage exist. Amongst other things, this involves retention requirements stipulated in the German commercial code (HGB) and the German fiscal code (AO). We delete your personal data no later than after legal retention requirements have elapsed, as a rule 10 years after the contractual relationship has been ended.
Insofar as you have issued consent to us for the processing of your data for certain purposes (e.g. for marketing purposes), such processing is deemed lawful. You can withdraw your consent at any time, effective as of the point in time of withdrawal.
No data is currently transmitted to non-member countries (countries who are not members of the European Union or the European Free Trade Association), except to trade fair participants located in non-member countries.
No profiling takes place.
You have the following rights with regard to your personal data in your relationship with ourselves:
- Right of access to your personal data stored by us (article 15 GDPR)
- Right to rectification if the stored data concerning yourself is in accurate, obsolete or otherwise incorrect (article 16 GDPR)
- Right to erasure if storage is impermissible, if the purpose of processing has already been fulfilled and storage is thus no longer necessary, or if you have withdrawn a previously issued consent for the processing of certain personal data (article 17 GDPR)
- Right to restriction of processing if any of the prerequisites specified in article 18, section 1, a through d GDPR are fulfilled (article 18 GDPR)
- Right to data portability of the personal data concerning yourself which you have provided (article 20 GDPR)
- Right to withdraw a previously issued consent, in which case withdrawal has no effect on the lawfulness of data processing conducted up to the point in time of withdrawal (article 7, section 3 GDPR)
- Right to lodge a complaint with a regulatory agency (article 77 GDPR)
Insofar as we have processed data in order to safeguard our legitimate interests, you have the right to object to this processing at any time for reasons which arise from your particular situation. This includes the right to object to processing for the purpose of advertising. Contact us directly to this end at the above listed address of the data processing controller.
We, as well as our data protection experts, are at your disposal in the event that you should have any questions regarding this statement or compliance with data protection.
P. E. Schall GmbH & Co. KG
D-72636 Frickenhausen, Germany