The protection of your personal data is very important to us. We process your personal data (“data” for short) exclusively on the basis of the legal requirements. The aim of this data privacy statement is to inform you about how your data is processed in our company and to provide you with comprehensive information about your data protection rights in terms of Art 13 of the European General Data Protection Regulation (GDPR).
1. Who is responsible for the data processing and whom can you contact?
2. What data is processed and what are the sources of this data?
We process the data that we have received from you during the preparation or execution of a contract, on the basis of consents or within the framework of your application to us or your employment with us, as well as data that we receive through your use of our online services or that accrues for technical reasons.
The personal data includes:
- For customers: your master/contact data, e.g. forename and surname, address, contact details (e-mail address, telephone number, fax), bank details.
- For business partners: your master/contact data, e.g. the name of your legal representative, company name, commercial register number, VAT ID No., company number, address, contact details of contact person (e-mail address, telephone number, fax), bank details.
- For applicants and employees: e.g. forename and surname, address, contact details (e-mail address, telephone number, fax), date of birth, data from the CV and employer references, bank details, religious affiliation.
- For users of our online services: IP address, date and duration of the visit; the web page that is accessed on our website; the website from which one of our web pages is accessed (referrer); if a contact form is used - forename and surname, address, contact details (e-mail address, telephone number fax).
We shall also process the following personal data:
- Information about the nature and content of contract data, order data, sales and receipt data, customer and supplier history and consultation documents
- Advertising and sales data
- Information from your communications with us (e.g. IP address, log-in data)
- Other data which we have received from you during our business relationship (e.g. in customer meetings)
- Data that we generate ourselves from master/contact data and other data, e.g. by means of customer requirements and customer potential analyses
- Photos of events and operative activities
Automatically saved data
The provider of the web pages collects information and automatically saves it in so-called server log files, which your browser transmits to us automatically. The information saved in these server log files includes:
- The date and time of the request
- The name of the requested file
- The page from which the file was requested
- The access status (file transferred, file not transferred, etc.)
- The web browser and operating system used
- The complete IP address of the requesting computer
- The data volume transferred
This data is not merged with other data sources. The processing takes place in accordance with Art. 6 (1) f GDPR, on the basis of our legitimate interest in the improvement of the stability and functionality of our website.
For reasons of technical security, especially to defend against attempts to hack into our web server, this data is stored by us for a short time. It is not possible for us to identify individual people on the basis of this data. After no more than seven days, the data is anonymised by shortening the IP address at a domain level so that it is no longer possible to establish a connection to an individual user. In an anonymised form, the data is also processed for statistical purposes; it is not compared with other data sets or passed on to third parties, even in part. The number of page views is only presented as part of our server statistics which we publish every two years in our activity report.
3. For which purposes and on what legal basis is the data processed?
We process your data in accordance with the provisions of the valid version of the General Data Protection Regulation (GDPR) and of the German Federal Data Protection Act of 2018:
For the fulfilment of (pre-)contractual obligations (Art. 6 (1) b GDPR):
Your data is processed online or in one of our branches for the execution of a contract, or in our company for the execution of your employment contract. The data is processed, in particular, during the preparation of the contract and during the implementation of the contracts with you.
For the fulfilment of legal obligations (Art. 6 (1) c GDPR):
The processing of your data is necessary for the fulfilment of various legal obligations, e.g. arising from the German Commercial Code or the German Fiscal Code.
For the protection of legitimate interests (Art. 6 (1) f GDPR):
Due to a balancing of interests, data processing for the protection of our own legitimate interests and those of third parties can take place beyond the actual performance of the contract. Data processing for the protection of legitimate interests takes place in the following cases, for example:
- advertising or marketing (see No. 4),
- measures for business management and the further development of services and products;
- management of a group-wide customer database to improve customer service
- within the framework of a prosecution.
Within the framework of your consent (Art. 6 (1) a GDPR):
If you have granted us consent to process your data, e.g. to send our newsletter or to use photos for publication.
4. Processing of personal data for advertising purposes
You can object to your personal data being used for advertising purposes at any time in the form of an overall objection or an objection to individual measures, without incurring any costs other than the transmission costs at the basic rates.
Under the legal conditions of Section 7 (3) German Act Against Unfair Competition, we are entitled to use the e-mail address that you provided when concluding the contract for the direct advertising of similar goods and services. You will receive these product recommendations from us irrespective of whether you have subscribed to a newsletter.
If you do not want to receive such recommendations from us by e-mail, you can object to the use of your e-mail address for this purpose at any time, without incurring any costs other than the transmission costs at the basic rates. A communication in text form is sufficient for this. An “unsubscribe” link is, of course, always included in every e-mail.
5. Who receives my data?
If we use a service provider for data processing, we remain responsible for the protection of your data. All the data processors are contractually obliged to treat your data as confidential and to process it only within the framework of the provision of services. The data processors commissioned by us receive your data if they require the data for the fulfilment of their respective service. These are e.g. IT service providers which we need for the operation and security of our IT system.
Your data is processed in our customer database. The customer database supports the increase in the data quality of the available customer data (duplicate cleansing, moved/deceased indicator, address correction) and allows it to be enriched by data from public sources.
This data will be made available to the group companies if necessary for the execution of the contract. The customer data is stored separately and with relation to the company, whereby our parent company acts as a service provider for the individual participating companies.
If a statutory obligation exists and within the framework of a legal prosecution, authorities, courts and external auditors may be the recipients of your data.
In addition, insurance companies, banks, credit agencies and service providers may be recipients of your data for the purpose of the preparation and performance of the contract.
6. For how long will my data be stored?
We will process your data until the end of the business relationship or until the expiry of the applicable statutory storage periods (e.g. from the German Commercial Code, the German Fiscal Code or the German Working Hours Act); or beyond these periods until the end of any legal disputes for which the data is needed as evidence. In all other cases, your personal data will be deleted immediately after the end of its purpose.
7. Will personal data be transmitted to a third country?
No data will be transmitted to a third country. In the individual case, a transmission shall only take place on the basis of an adequacy decision of the European Commission, standard contractual clauses, suitable guarantees or your express consent.
8. What data protection rights do I have?
At any time, you have a right of access and a right to rectification, to erasure or to restriction of the processing regarding your saved data, as well as a right to object to the processing, a right to data portability and a right to lodge a complaint, in accordance with the conditions of data protection law.
Right of access (Art. 15 GDPR):
You may demand information from us concerning whether and to what extent we are processing your data.
Right to rectification (Art. 16 GDPR):
If we are processing your data that is incomplete or incorrect, you may demand at any time that we rectify or complete it.
Right to erasure (Art. 17 GDPR):
You may demand that we delete your data if we are processing it unlawfully or if the processing interferes disproportionately with your legitimate protection interests. Please note that there may be reasons opposing an immediate erasure, e.g. in the event of statutory storage obligations.
Independently of you exercising your right to erasure, we will delete your data immediately and in full if there is no contractual or statutory storage obligation that contradicts this.
Right to restriction of processing (Art. 18 GDPR):
You may demand from us a restriction of the processing of your data if
- you are disputing the accuracy of the data, for a period which allows us to verify the accuracy of the data;
- the processing of the data is unlawful and you refuse a deletion, instead demanding a restriction of the use of the data;
- we no longer require the data for the intended purpose, but you still require this data for the assertion or defence of legal claims, or
- you have objected to the processing of the data.
Right to data portability (Art. 20 GDPR):
You may demand that we make your data, which you provided to us, available to you in a structured, commonly used and machine-readable format and that you can transmit this data to another controller without hindrance from us, provided that
- we process this data on the basis of revocable consent granted by you or for the performance of a contract between us, and
- this processing is carried out by automated means.
Where technically feasible, you may demand that your data be transmitted directly from us to another controller.
Right to object (Art. 21 GDPR):
If we are processing your data on the basis of a legitimate interest, you may object to this processing at any time; this would also apply to profiling based on these provisions. In this case, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing is for the establishment, exercise or defence of legal claims. You can object to the processing of your data for direct marketing at any time without providing reasons.
Right to lodge a complaint (Art. 77 GDPR):
If you believe that we are infringing German or European data protection law in the processing of your data, please get in touch with us to resolve matters. You also, of course, have the right to contact the competent supervisory authority, the relevant state office for data protection supervision.
If you want to assert one of the aforementioned rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.
9. Am I obliged to provide data?
It is necessary to process your data for the conclusion or for the performance of the contract that you have entered into with us. If you do not provide us with this data, we will generally have to refuse to conclude the contract or will be unable to continue to implement an existing contract and will consequently have to terminate it. You are, however, not obliged to grant your consent to the processing of data that is not relevant or not required by law for the performance of the contract.
Only the IP address is stored here – no other personal information. This information that is stored in the cookies allows us to automatically recognise you on your next visit to our website, which makes it easier for you to use our website.
Use of Google Analytics with anonymisation function
On our website, we use Google Analytics, a web analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to as “Google”. Google Analytics uses so-called “cookies”, text files which are stored on your computer and enable your use of the website to be analysed.
The information generated by these cookies, for example the time, place and frequency of your visits to the website, including your IP address, is transferred to a Google server in the USA, where it is stored.
On our website, we use Google Analytics with the code "ga('set', 'anonymizeIp', true);". In this case, your IP-address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and anonymised there.
Google will use this information, in order to analyse your use of our website, to compile reports on the website activities for us and to provide other services associated with the website use and internet use. Google will also transfer this information to third parties where applicable if this is required by law or if third parties are processing this data on behalf of Google.
Google states that it will not, under any circumstances, merge your IP address with other Google data. You can prevent the installation of cookies by making a corresponding setting in your browser software; however, we would like to point out that in this case you may not be able to make full use of all the functions of our website.
If it is not possible for you to use the aforementioned opt-out add-on, you can use the check box below to determine whether data is transmitted to Google Analytics (the check box sets or removes an opt-out cookie):
Use of YouTube in the advanced data protection mode
We have taken technical and administrative security precautions to protect your personal data against loss, destruction, manipulation and unauthorised access. All our employees and the service providers who work for us are committed to the valid data protection laws.
Whenever we collect and process personal data, this is encrypted before it is transmitted. This means that your data cannot be misused by third parties. Our security precautions are subject to a continuous improvement process and our data privacy statements are constantly being revised. Please ensure that you have the latest version.
12. Changes to this data privacy statement
We reserve the right to change our data privacy statements if this should be necessary due to new technologies. Please ensure that you have the latest version. If fundamental changes are made to this data privacy statement, we shall announce this on our website.