Information on Data Protection for Customers and Suppliers
Dear Sir or Madam,
this information on data protection is to inform you about the present EU general data protection regulation (DGPR) valid from 25/05/2018 with regard to the processing of your personal data by us as well as your legal rights.
This information will be updated, if required and published at www.rstechnik.de.
1 Who is responsible for the processing and who can I contact?
The responsible contact in accordance with Article 4 of the DGPR is R+S Technik GmbH,
Frankenstraße 30, D 46395 Bocholt Phone: +49 2871 3106 – 0
E-mail: info@rstechnik.de
Contact data of the data protection officer:
R+S Technik GmbH c/o data protection officer
Frankenstraße 30, D 46395 Bocholt
E-mail: datenschutzbeauftragter@rstechnik.de
2 Which data do we process and use?
We process the data which we receive from you or third parties within the framework of the initiation or implementation of a joint business relation.Generally we receive the data directly from you, the enterprise in which you work or from an agency which has passed your inquiry on to us.
Within the framework of our business processes we process the following detailed data:
• Master data of your company such as name, address, contact data, bank details, VAT ID
• Personal data of the contact person our customers and suppliers such as name, address, contact data
• Data for contract protection such as bank guarantees, letters of credit, credit assessment, sanctioned party list screenings
• Contract data for the handling of our mutual business relation such as contracts, general correpondence, delivery and payment schedules, complaints, tax-, export- and customs declarations
• Advertising and sales data
• Access times and log data in our digital exchange portals
3 Purpose of the processing and legal bases
In the following paragraphs we inform you for which purpose and based on which legal basis we process your data
3.1 Subject to your consent (Art. 6 paragraph 1 lit. a DGPR)
If you have given us your consent to process your personal data, this consent is the legal basis for the respective data processing. This concerns in particular the consent to the promotional approach by e-mail or phone as well as the personalized access to our online and data exchange portals. Based on this consent we furthermore also pass your data on to our subsidiary companies and contract partners in so-called third countries.
You may revoke your consent at any time with effect for the future. The revocation only applies for future processings. If you have given us your consent before the DGPR regulation (25/05/2018) came into force, this consent continues to be valid as far as it is not withdrawn.
3.2 Fulfilment of a contract or precontractual measures (Art. 6 paragraph 1 lit. b DGPR)
We process your data for the initiation and handling of our mutual business and contractual relationships with you. This refers in particular to the purchase and/or sale of materials and service activities.
The type and scope of the data processing is dependent on the scope of the order, the scope of the project and on the location of the respective trading partner. In the context of the division of labour during the handling of inquiries, orders and measures for the financial order protection (letters of credit, guarantees, …) a transfer of your personal data to the connected enterprises and locations within the EU may take place, if need be (Art. 6, paragraph1 lit f).
3.3 Within in the framework of the balancing of interests (Art. 6 paragraph 1 lit. f DGPR)
In individual cases we process your data based on a balancing of interests for the safeguarding of our or third parties’ legitimate interests. As far as possible, the processing takes place in anonymized or pseudony- mized form. Our interest results from the below-mentioned purposes and serves for a fulfilment of tasks as efficiently as possible / use of the IT infrastructure, sales support and prevention of legal risks
• Exercise of legal claims and defence in the event of legal disputes
• Support of the connected enterprises for the customer service, sales and purchasing advertising, market- and public opinion research
• Prevention and investigation of criminal offenses
• Safeguarding of the IT security
• Optimization and rationalization of the IT systems
• Processing for internal administration purposes throughout the company group.
3.4 Within the framework of legal obligations we have (Art. 6 paragraph 1 lit. c DGPR)
We have various legal obligations such as, e.g., sanctioned party list screening, customs and tax reporting and retention obligations, examinations by tax and financial auditors as well as risk management for which we, dependent on the case, process your data and if required, transfer it to third parties.
4 To whom will your data be transferred?
Within the R+S Technil GmbH your data will, while maintaining the „need-to-know principle“ be transferred to the
function and specialist departments who will need this data for the fulfilment of their respective tasks. (e.g., purchasing, sales, project management, production, finances)
Furthermore a disclosure of your data only takes place as far as it is covered by a legal basis (see chapter 3), the following offices possibly receiving your data or getting an insight into them due to their activity:
• Order processors according to Art. 28 DGPR; in paricular in the field of IT services, logistics, sanctioned party list screening, file and data carrier destruction.
• Public authorities such as, e.g., Federal Office for Export Control, fiscal authority…, as far as a legal or an official obligation exists.
• Other offices such as, e.g., connected enterprises, credit agencies and service providers who support us in the processes of order initiation and/or handling, the processing of your data taking place on the basis of the legal bases mentioned in chapter 3.1. to 3.4.
5 How long are your data stored?
We process and store your personal data as long as it is required for the initiation and handling of orders and/or for the support in the after sales process.
Futhermore we have to observe various retention and documentation obligations according to HGB, AktG, AO, ProdHaftG as well as statutes of limitation according to BGB (German civil code) which obligate us to store the data between 2 and 10 years dependent on the case.
6 Data transfer to third countries or international organisations
We transfer your data to so-called third parties (countries outside the EEA and without appropriateness arrangement according to Art. 49 paragraph. 1 lit. (c) DGPR or to international organisations) only if this is required for the handling of your inquiries and orders or for the database maintenance of our customer base.
7 Obligation to provide information
Within the framework of our business relation you only need to place your personal data at our disposal which is required for the initiation, implementation and finishing of our business relation or for the collection and processing of which we are obligated due to laws and regulations. Without this data we will generally be forced to refuse the conclusion of a contract or the execution of orders.
8 Automated decision-making and profiling
We basically do not use any automated decision-making according to Art. 22 DGPR as decision basis for our business relations. If we should use such processes in future, we will inform you separately, provided that this is legally required.
We use and process your data in a semi-automated form, in the so-called “Profiling“. This process uses personal data for evaluating certain personal aspects which refer to a natural person.We use Profiling in the following cases:
• Due to legal requirements within the framework of the so-called sanctioned party list screening for fighting terrorism
• Furthermore we analyse your current and historical data by means of statistic processes.
We use the results in order to be able to support and advice you according to your needs.
9 Your data protection rights
According to the general data protection regulation and the Federal Data Protection Act you have, under certain conditions, comprehensive rights to:
• Information on your stored data (Art.15 DGPR and § 34 BDSG1).
• Correction of your data (Art.16 DGPR).
• Deletion of your data (Art.17 DGPR and § 34 BDSG1).
• Restriction of the processing (Art.18 DGPR)
• Data portability (Art.20 DGPR)
Apart from that you have, according to Art. 77 DGPR und § 19 BDSG1, a right of appeal to a data protection supervisory authority.
10 Which rights of objections do you have?
According to to Art. 21 GDPR you have extensive rights of objection against the processing of your data 10.1 Right of objection on a case-by-case basis
For reasons which result from a particular situation you are at any time entitled to enter an objection against the processing of personal data which concerns you and which is effected on the basis of Art. 6 paragraph.1 lit (e) or (f) DGPR. This applies also to a Profiling based on these provisions.
If you enter an objection, we will not process your data anymore, unless we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or unless the processing serves for the assertion, exercise and defence of legal claims
The objection can be entered each without observing any formal requirement.You will find the required contact data in chapter 1.
1 in the version effective from May, 2018
10.2 Right of objection against the processing of data for the purposes of direct advertising
We can process your data also for direct advertising within the limits of legal provisions. Your are entitled to enter an objection against the processing of data concerning you at any time. This applies also to a Profiling as far as it is connected with such direct advertising.
If you object to the processing for direct advertising, we will not process your data for these purposes any- more.
The objection can be entered each without observing any formal requirement.You will find the required contact data in chapter 1.
