DUTIES TO PROVIDE INFORMATION PURSUANT TO ART. 13 GDPR
The protection of your personal data is very important to us. For this reason, we process your personal data (hereinafter called “Data”) exclusively on the basis of the statutory provisions. This data protection declaration is designed to inform you comprehensively about the processing of your data in our company and your data protection entitlements and rights within the meaning of Art. 13 of the European General Data Protection Regulation (EU GDPR).
1. Who is responsible for the data processing and to whom can you turn?
The data controller is:
Robert Bosch Str.5
Tel.: 09662 70019-0
The company data protection officer is
Projekt 29 GmbH & Co. KG
2. What data is processed and from which sources does this data come?
We process the data which we have received from you within the context of contract initiation or processing, on the basis of consents or within the context of your application to us or within the context of your workforce.
The personal data includes:
Your master data/contact data, which in the case of customers includes e.g. first name and last name, address, contact details (e-mail address, telephone number, fax), bank data.
In the case of applicants and employee this includes e.g. first name and last name, address, contact data (e-mail address, telephone number, fax), date of birth, data from résumé and employment testimonials, bank data, religious denomination.
In the case of business partners this also includes e.g. the name of your statutory representative, company name, commercial register number, value added tax ID number, enterprise number, address, contact individual contact data (e-mail address, telephone number, fax), bank data.
In addition, we also process the following other personal data:
- information about the nature and content of contract data, order data, sales and records data, customer and supplier history as well a consultation documents,
- advertising and sales data,
- information from your electronic communications with us (e.g. IP address, login data),
- other data that we have received from you within the context of our business relationship (e.g. discussions with customers),
- data that we generate ourselves from master data/contact data, such as e.g. by means of customer requirements and customer potential analyses,
- the documentation of your declaration of consent concerning receipt of e.g. newsletters.
3. For what purposes and on which legal basis is the data processes?
We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the German Data Protection Act (“Bundesdatenschutzgesetz”) 2018 in the respective valid version:
- to fulfil legitimate interests (Art 6 Para. 1 lit. f GDPR):
On the basis of a weighing of interests, data processing may take place beyond the actual fulfilment of the contract in order to safeguard the legitimate interests of us or third parties. Data processing to safeguard legitimate interests takes place for example in the following cases:
- to fulfil legal obligations (Art 6 Para. 1 lit. c GDPR):
Processing of your data is necessary for the purpose of the fulfilment of various statutory obligations, e.g. arising out of the German Commercial Code or German Tax Code.
- to fulfil (pre-)contractual obligations (Art 6 Para. 1 lit. b GDPR):
The processing of your data takes place for the purpose of contract settlement online or in one of our branches, for contract settlement up of your workforce in our enterprise. The data is processed in particular in conjunction with the initiation of business and when fulfilling the legal agreements with you.
- advertising or marketing (see No. 4),
- measures to control the business and to further develop services and products;
- to maintain a Group-wide customer database and to improve the customer service
- within the context of legal proceedings.
- within the context of your consent (Art 6 Para. 1 Lit. a GDPR):
If you have consented the processing of your data, e.g. to send our newsletter.
4. Processing of personal data for advertising purposes
You may at any time object to the use of your personal data for advertising purposes in whole or for individual measures without incurring any costs other than the transmission costs according to the basic tariffs.
We are entitled under the legal requirements of § 7 Para. 3 of the German Unfair Competition Act (“UWG”) to use the e-mail address you provided when concluding the contract for direct advertising for our own similar goods or services. You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter or not.
If you do not wish to receive such recommendations from us by e-mail, you may object to the use of your address for this purpose at any time without incurring any costs other than the transmission costs according to the basic tariffs. A notification in text form is sufficient for us. Of course, every e-mail also always contains an unsubscribe link.
5. Who receives my data?
If we use a service provider within the meaning of contract processing, we remain nevertheless responsible for the protection of your data.
All contract processors are contractually obliged to treat your data confidentially and to process this only within the context of the rendering of the performance. The contract processors commissioned by us receive your data, insofar as these require the data to render their respective performance. These are e.g. IT service providers that we require to operate and secure our IT system as well as advertising and address publishers for in-house advertising campaigns.
Your data is processed in our customer database. The customer database helps improve the quality of existing customer data (duplication rectification, new address/deceased designations, address correction) and facilitates supplementation with data from public sources.
This data is made available to Group companies if necessary for the settlement of the contract. Customer data is stored separately for each company, with our parent company acting as a service provider for the individual companies involved.
If there is a legal obligation and within the context of legal proceedings, authorities and courts as well as external auditors may be recipients of your data.
In addition, insurance companies, banks, credit agencies and service providers may be recipients of your data for the purpose of initiating and fulfilling contracts.
6. How long will my personal data be saved?
We process your data until the termination of the business relationship or until the expiry of the applicable statutory retention periods (e.g. from the German Commercial Code, the Tax Code, the Home Act or the Working Hours Act); furthermore until the termination of any legal disputes in which the data is required as evidence.
7. Is personal data transferred to a third-party country?
In principle, we do not transfer any data to a third country.
A transfer will only take place on a case-by-case basis on the basis of an adequacy decision of the European Commission, standard contractual clauses, appropriate safeguards or your express consent.
8. What data protection rights do I have?
You have the right at any time to information, rectification, erasure or restriction of the processing of your stored data, a right to object to the processing as well as a right to data transfer and a right of complaint in accordance with the requirements of data protection law.
Right to information:
You may request information from us about whether and to what extent we process your data.
Right to rectification:
If we process your data that is incomplete or inaccurate, you may request that we rectify or complete this at any time.
Entitlement to erasure:
You may demand that we erase your data if we process it unlawfully or if the processing disproportionately undermines your legitimate interest in protection. Please note that there may be reasons that prevent immediate erasure, e.g. in the case of legally regulated storage obligations.
Irrespective of the exercise of your right to erasure, we will erase your data immediately and completely, insofar as there is no legal or statutory obligation to retain data in this respect.
Right to restrict processing:
You may demand that the processing of your data is restricted, if
- you dispute the accuracy of the data for a period of time that allows us to verify the accuracy of the data.
- the processing of the data is unlawful, but you reject the erasure thereof and instead demand a restriction on the use of the data,
- we no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or
- you have objected to the processing of the data.
Right to data portability:
You may request that we provide you with the information you have provided to us in a structured, user-friendly and machine-readable format and that you may provide that information to another data controller without our interference, provided that
- we process this data on the basis of an agreement issued and revocable by you or for the fulfilment of a contract between us, and
- this processing is performed with the help of automatic procedures.
If technically feasible, you may ask us to transfer your data directly to another data controller.
Right to object:
If we process your data for legitimate reasons, you may object to such processing at any time; this would also apply to profiling based on these provisions. We shall then no longer process the personal data relating to you, unless we are able to demonstrate mandatory reasons for the processing that are worthy of protection and outweigh your interests, rights and freedoms, or if processing serves to assert, exercise or defend against legal claims. You may object to the processing of your data for the purpose of direct marketing at any time without giving reasons.
Right to complain:
If you are of the opinion that we violate German or European data protection law when processing your data, we ask you to contact us in order to clarify any questions you may have. Of course, you also have the right to contact the supervisory authority responsible for you, the respective German state office for data protection supervision.
If you wish to assert any of the aforementioned rights against us, please contact our data protection officer. In case of doubt, we may demand additional information to confirm your identity.
9. Am I obliged to provide data?
The processing of your data is necessary to conclude or fulfil your contract with us. If you do not provide us with this data, we shall as a rule be obliged to refuse to enter into the contract or will no longer be able to perform an existing contract and will therefore have to terminate this. You are, however, not obliged to give your consent to data processing with regard to data that is not relevant for the fulfilment of the contract or that is not required by law.