privacy policy for business customers 

2. Sources and types of personal data

We primarily process personal data that the data subjects themselves provide to us in the context of contractual and business relationships or that we receive from the respective contractual and business partners (e.g. from your colleagues with whom we are already in contact), for example in the context of processing an enquiry or an order. In addition, we process personal data that we collect from publicly accessible sources (e.g. commercial register, press, Internet) or receive from third parties (e.g. credit agencies, business partners). We will refer separately to any collection of personal data from third party sources.

Relevant personal data are in particular personal details (such as surname, first name, address, bank details, invoice address, tax number/USt-Id.) and other contact details (such as telephone number, e-mail address). In addition, this may also include contract or order data (e.g. sales data, volumes, planned quantities), data from the fulfilment of our contractual obligations, information about your financial situation (e.g. creditworthiness data), personal data (e.g. business interests, profession, industry, position, duties and powers) and other data comparable to the categories mentioned.

The scope of the data processed about a person varies depending on the function in which the person appears to us, such as the position he or she holds with the respective business partner.

3. Processing purposes and legal Basis

We process personal data for the following purposes on the basis of the following legal grounds:

3.1 In individual cases, we process data because you have expressly consented to this (Art. 6 para. 1 lit. a DSGVO), for example in the receipt of advertising by electronic mail and/or telephone;

3.2 Data processing is carried out for the performance of contracts concluded with you or your employment company or for the performance of pre-contractual measures (Art. 6 para. 1 lit. b DSGVO); this includes in particular:

3.2.1.purchase and supply contracts (e.g. processing of purchase and sales enquiries, authentication of contractual partners, preparation and signing of contractual documents, execution of purchases and sales, invoicing and processing of purchase price payments;

3.2.2. service and work contracts as well as other contractual relationships (e.g. processing and review of corresponding offers and enquiries; authentication of contractual partners, preparation and signing of contractual documents, processing of payments; sending of information letters);

3.3 Further data processing is carried out on the basis of legal requirements (Art. 6 para. 1 lit. c DSGVO): for example, for the fulfilment of tax and other legal control and reporting obligations, as well as audits by tax or other authorities and for compliance with legal retention periods;

3.4 We also process your data to protect our legitimate interests (Art. 6(1)(f) DSGVO); namely for the following purposes:

3.4.1. optimal contact support/relationship, also regarding the employees of our business partners;

3.4.2. optimisation of our business processes, e.g. by maintaining a supplier or prospective customer database, also in the context of “customer relationship management”;

3.4.3.centralisation or outsourcing of corporate functions;

3.4.4. mitigating default risks in our business processes by consulting credit agencies (e.g. Creditreform, Bürgel) and determining score values (profiling), which help us to assess the probability of default on the basis of a credit rating.

3.4.5. assertion and defence of legal claims.

4. Recipients of personal data

Under certain circumstances (beyond the cases already mentioned above), your personal data will be passed on for the above-mentioned purposes; in detail:

4.1 If it is necessary for the clarification or prosecution of illegal or abusive incidents, personal data will be forwarded to our legal advisors, the law enforcement authorities and, if applicable, to injured third parties. However, this only happens if there are concrete indications of unlawful or abusive behaviour. A transfer may also take place if this serves to enforce contractual provisions between us and our contractual and business partners.

4.2 We are also legally obliged to provide information to certain public authorities upon request. These are primarily law enforcement agencies, authorities that prosecute administrative offences subject to fines and the tax authorities.

4.3 If it is necessary for the processing of your enquiry or the conclusion or implementation of a contractual or business relationship with you, as well as in the case of centralised or outsourced company functions, your data may be passed on to companies affiliated with us for the fulfilment of the above-mentioned purposes.

4.4 Occasionally, in order to fulfil the purposes described in this Privacy Policy or to provide our services, we may need to rely on contractually affiliated third party companies or other collaborative partners located outside the EU/EEA and external service providers, such as brokers, logistics companies, IT service providers, business advisors and financial institutions. In such cases, information is passed on to these companies or individuals in order to enable them to carry out further processing. Insofar as these are entities outside the EU or the EEA, we ensure an appropriate level of data protection, for example by concluding corresponding contracts with the data recipient.

4.5 As part of the further development of our business, the structure of our company may change by changing its legal form or by founding, buying or selling subsidiaries, parts of companies or components. In such transactions, customer information will be transferred along with the part of the business being transferred. Whenever personal data is transferred to third parties to the extent described above, we will ensure that this is done in accordance with this privacy policy and the relevant data protection laws.

5. Processing period

6. Data subject rights 

6.1 You have the right to obtain information about the personal data stored about you at any time. If the respective requirements are met, you also have the following rights:

6.1.1 Right to rectification: You have the right to have incorrect personal data relating to you corrected.

6.1.2 Right to erasure: You may also request the erasure of your personal data, for example if your data is no longer necessary for the purposes for which it was collected or otherwise processed.

6.1.3 Right to restriction of processing: You also have the right to request the restriction of processing of your personal data, in which case the data will be blocked from any processing. This right exists in particular if the accuracy of the personal data is disputed between you and us.

6.1.4 Right to data portability: If we process your personal data for the performance of a contract with you or on the basis of your consent, you also have the right to receive your personal data in a structured, common and machine-readable format, if and to the extent that you have provided us with the data.

6.1.5 Right to revoke consent: If you have given us consent to process your personal data, you have the right to revoke this consent.

 

6.2 In addition, you may object to data processing for reasons arising from your particular situation. However, this only applies in cases where we are processing data to fulfil a legitimate interest. If you can present such a reason and we cannot assert a compelling interest worthy of protection in the further processing, we will not further process this data for the respective purpose.

6.3 Should you wish to receive information about the data stored about you, assert your other rights or have questions about data protection with us, you can contact us using the above contact details.

6.4 You also have the right to lodge a complaint with a supervisory authority at any time, in particular with a supervisory authority in the member state of your place of residence, your place of work or the place of the alleged infringement, if you are of the opinion that the processing of personal data relating to you violates data protection provisions.

7. Status and amendment of this data protection declaration

The status of this data protection declaration is 30 September 2021.

The further development of our company may also have an impact on the handling of personal data. We therefore reserve the right to amend this data protection declaration in the future within the framework of the applicable data protection laws and, if necessary, to adapt it to changed data processing realities. We will notify you separately of any significant changes to the content.