Information on Data Protection for Business Partners
Below, we will inform you about our processing of your personal data and the rights you are due from the General Data Protection Regulation (GDPR).
Controller for Data Collection
The controller within the meaning of the General Data Protection Regulation is extrutec GmbH, Feldstraße 25, D-78345 Moos , represented by Uwe Günter, Phone.: +49 (0) 7732/939-1390, Email: info@extrutec-gmbh.de.
Contact Details of the Data Protection Officer
Our data protection officer can be reached the above address of the controller or by emailing data.protection@extrutec-gmbh.de.
Information on Processing Activities
We collect and process your personal data only within the scope of statutory permissions or based on your explicit consent and under observation of the provisions of the European General Data Protection Regulation (GDPR), the Federal Data Protection Act (Bundesdatenschutzgesetz; BDSG), and any other essential laws on processing of personal data and data protection.
Data Processing of Business Partners
Categories of Data Subjects:
Suppliers, service providers, business partners, potential business partners, and contacts at business partners
Categories of Data: Master data (e.g. name, first name, employer), contact details (e.g. operational email, operational phone numbers), address details (e.g. street, town, country), professional function, legitimation and authentication data, order data, documentation and support data, product and/or service data, control data (e.g. tax ID, VAT ID), creditworthiness data (e.g. tax ID, VAT ID), creditworthiness data, advertising and sales data
Purpose of Processing:
The purpose of processing activities is mainly targeted at the specific product or the specific service, and may also comprise the connected consulting, support, and documentation. We process your personal data in this context for the purpose of initiating, accepting, and processing a contract and order, in the interest of comprehensive partner or supplier support, for communication by email, phone, and mail with you or external recipients, and for personal communication within the framework of establishing and executing the business relationship, management of contracts, processing of complaints, compliance with statutory provisions, and to warrant IT safety and IT operation of our company, for measures to maintain our house rights (e.g. for access control), and for building and plant safety. Processing activities for any other purpose shall only take place if they are necessary to defend against dangers to state or public security or for prosecution of criminal offences, or if they are necessary for assertion, exercise, or defence against claims under civil law, and if your interests in the exclusion of processing are not overriding.
Legal Basis:
Point (b) of the first sentence of Art. 6(1) GDPR for processing of personal data for compliance with a contract with you or for execution of pre-contractual measures taken upon your request. Point (a) of the first sentence of Art. 6(1) GDPR as far as you have consented to processing of your data towards us. Point (f) of the first sentence of Art. 6(1) GDPR for maintenance of our legitimate interests and point (c) of the first sentence of Art. 6(1) GDPR in cases where processing is required for compliance with a legal obligation.
Legitimate Interest:
We process personal data in our legitimate interest to initiate, execute, or develop our business relationship with our business partners, and to maintain personal contact with the contacts in this context. Your data will be processed as far as this is required to ensure IT safety and IT operation of our company, to prevent and investigate criminal offences, for measures to maintain our house rights (e.g. for access control) and for building and plant security. Further legitimate interests include planning and organisation of our business processes, our internet and information safety, business partner management, central data administration, fraud prevention, and enforcement of laws. Processing for sending out customised advertisements and our product offerings shall take place in our legitimate interest in drawing the attention of specific market segments to our products and services in a targeted manner within the scope of our sales promotion. As far as required, we will process your personal data within the scope of consultation of and data exchange with credit agencies (e.g. SCHUFA) in order to determine the creditworthiness or default risks and to assert legal claims and defend in legal disputes.
Categories of Recipients:
Within our company, only those offices that require your data in order to enable us to meet our contractual or statutory obligations or who are allowed to process them based on our legitimate interests will be receive access to them.
We may forward your personal data to third parties (e.g. to banks or payment service providers for payment processing, postal services for deliveries of letters and goods, tax advisors for meeting reporting obligations under tax law, telecommunication providers, or public offices and institutions, such as financial authorities), provided that you have previously consented to transmission or that we are legally or contractually obligated to do so.
We may also pass on your data to service providers and vicarious agents (e.g. IT service providers, among other things for remote maintenance and support, hosting providers, data centres, etc.) who support us in contract processing and meeting statutory obligations.
Data Sources:
We process personal data that we have received from our business partners within the context of our business relationship or directly from contacts at our business partners. As far as rendering of our contractual or statutory obligations requires this, we will also process personal data that we have permissibly received from other companies or from state offices or that we have permissibly acquired from publicly accessible sources (e.g. commercial register, land registers, press, media, internet) and are allowed to process.
Transfer to Third Parties:
Transfer of your data to countries outside of the EU or EEA shall only take place as far as this is required to meet the contractual relationship with you (e.g. delivery of goods), this is required by law (e.g. reporting obligations under tax law), you have consented to it, or within the framework of data processing based on a contract. Transfer shall only be admissible in such cases if the European Commission has determined an adequate level of the protection of personal data for the third country in question, or if adequate safeguards are provided and the data subject has enforceable rights and effective legal remedy at their disposal.
Provision Obligations:
We generally only collect the details that are legally or contractually required or necessary for entering into a contract, prior to a contract for its preparation, or for its subsequent execution. Without these data, we will regularly be unable to enter into or comply with a contract with you, to establish or maintain a business relationship with you or, e.g., to process any queries or contact with you.
As far as not required by law or contract, or required for entering into a contract, you are not obligated to provide us with personal data. There will be no negative consequences if voluntary data are not provided. However, not providing them may make, e.g., communication with you more difficult or cause delays.
Duration of Storage:
The data will be deleted without undue delay after the end of the business relationship or after compliance with the pre-contractual measures, after loss of the legitimate interest, or after leaving the company, as far as there are no legal obligations opposing erasure. In such cases, your personal data will be deleted after loss of the legal obligation and after the expiration of any claim periods resulting from this.
Your Rights as Data Subject
You have the right towards us under Art. 15(1) GDPR to be informed about the personal data stored concerning your person, to rectification of incorrect data in accordance with Art. 16 GDPR, or to erasure if one of the reasons named in Art. 17 GDPR is present, e.g. if the data are no longer needed for the pursued purposes. You also have the right to restriction of processing if one of the conditions named in Art. 18 GDPR applies and the right to data portability in the cases of Art. 20 GDPR. You also have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you, based on Art. 22 GDPR.
If you believe that processing of the personal data concerning you violates any provisions under data protection law, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. The right to lodge a complaint may specifically be asserted before a supervisory authority of the member state of your residence or the location of the alleged violation. The supervisory authority competent for the seller in Baden Württemberg is the state officer for data protection and freedom of information in Stuttgart.
Notice on Right of Revocation after Giving Consent
If data are collected based on point (e) of Art. 6(1) GDPR (data processing for meeting authority tasks or protection of public interest) or point (f) of Art. 6(1) GDPR (data collection to maintain legitimate interests), you have the right to object to processing at any time due to reasons resulting from your particular situation. In that case, we shall no longer process the data except if there are verifiable compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.