Reporting obligations according to Art. 13 GDPR
Information requirements according to Art. 13 GDPR
The protection of your personal data is of particular concern to us. We therefore process your personal data (in short “data”) exclusively on the basis of the statutory provisions. With this data protection declaration, we want to inform you comprehensively about the processing of your data in our company and the data protection claims and rights to which you are entitled in accordance with Art. 13 of the European Data Protection Regulation (EU GDPR).
1 Who is responsible for data processing and whom can you contact?
An den Gärten 8 – 10
The company data protection officer is
Project 29 GmbH & Co. KG
2 What data is processed and from which sources does this data originate?
We process the data that we have received from you in the course of initiating or processing a contract, on the basis of consent or in the course of your application to us or in the course of your employment with us.
Personal data includes:
Your master/contact data, for customers this includes e.g., first and last name, address, contact data (e-mail address, telephone number, fax), bank data.
For applicants and employees, this includes e.g., first and last name, address, contact data (e-mail address, telephone number, fax), date of birth, data from curriculum vitae and references, bank data, religious affiliation.
In the case of business partners, this includes, for example, the name of their legal representative, company, commercial register number, VAT number, company number, address, contact person contact data (e-mail address, telephone number, fax), bank data.
In addition, we also process the following other personal data:
- Information on the type and content of contract data, order data, turnover and receipt data, customer and supplier history and consultation documents,
- advertising and sales data,
- information from your electronic dealings with us (e.g., IP address, log-in data),
- other data that we have received from you in the course of our business relationship (e.g., in customer meetings),
- data that we generate ourselves from master / contact data and other data, e.g., by means of customer demand and customer potential analyses,
- the documentation of your declaration of consent for the receipt of e.g., newsletters.
3 For what purposes and on what legal basis is the data processed?
We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act 2018, as amended:
For the fulfilment of (pre-)contractual obligations (Art 6 (1) lit. b GDPR):
Your data is processed for the purpose of processing contracts online or in one of our branches, for the purpose of processing contracts for your employees in our company. The data is processed in particular when initiating business and executing contracts with you.
For the fulfilment of legal obligations (Art 6 para. 1 lit. c GDPR):
Processing of your data is necessary for the purpose of fulfilling various legal obligations, e.g., from the German Commercial Code or the German Fiscal Code.
For the protection of legitimate interests (Art 6 para. 1 lit. f GDPR):
Based on a balancing of interests, data processing may be carried out beyond the actual fulfilment of the contract in order to safeguard the legitimate interests of us or third parties. Data processing for the protection of legitimate interests occurs, for example, in the following cases:
- Advertising or marketing (see No. 4),
- Measures for business management and further development of services and products;
- maintaining a group-wide customer database to improve customer service
- in the context of legal prosecution.
Within the scope of your consent (Art 6 para. 1 lit. a GDPR):
If you have given us consent to process your data, e.g., to send you our newsletter.
4 Processing of personal data for advertising purposes
You can object to the use of your personal data for advertising purposes at any time, either in whole or for individual measures, without incurring any costs other than the transmission costs according to the basic rates.
We are entitled, under the legal conditions of § 7 para. 3 UWG (German Unfair Competition Act), to use the e-mail address you provided when concluding the contract for direct advertising for our own similar goods or services. You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter.
If you do not wish to receive such recommendations from us by e-mail, you can object to the use of your address for this purpose at any time without incurring any costs other than the transmission costs according to the basic rates. A message in text form is sufficient for this purpose. Of course, an unsubscribe link is always included in every e-mail.
5 Who receives my data?
If we use a service provider in the sense of commissioned processing, we still remain responsible for the protection of your data. All commissioned processors are contractually obliged to treat your data confidentially and to process it only in the context of providing the service. The processors we commission receive your data insofar as they require the data to fulfil their respective service. These are, for example, IT service providers that we require for the operation and security of our IT system as well as advertising and address publishers for our own advertising campaigns.
Your data is processed in our customer database. The customer database supports the enhancement of the data quality of the existing customer data (duplicate cleaning, moved/deceased indicators, address correction), and enables the enrichment with data from public sources.
In the event of a legal obligation and in the context of legal prosecution, authorities and courts as well as external auditors may be recipients of your data.
In addition, insurance companies, banks, credit agencies and service providers may be recipients of your data for the purpose of initiating and fulfilling contracts.
6 How long will my data be stored?
We process your data until the end of the business relationship or until the expiry of the applicable statutory retention periods (such as from the German Commercial Code, the Fiscal Code, or the Working Hours Act); furthermore, until the end of any legal disputes in which the data is required as evidence.
7 Will personal data be transferred to a third country?
In principle, we do not transfer any data to a third country. A transfer will only take place in individual cases on the basis of an adequacy decision of the European Commission, standard contractual clauses, appropriate guarantees or your express consent.
8 What data protection rights do I have?
You have a right to information, correction, deletion or restriction of the processing of your stored data at any time, a right to object to the processing as well as a right to data portability and to lodge a complaint in accordance with the requirements of data protection law.
Right of access by the data subject:
You can request information from us as to whether and to what extent we process your data.
Right to rectification:
If we process your data that is incomplete or incorrect, you can request that we correct or complete it at any time.
Right to erasure:
You may request that we erase your data if we are processing it unlawfully or if the processing disproportionately interferes with your legitimate interests in protection. Please note that there may be reasons that prevent immediate deletion, e.g., in the case of legally regulated retention obligations.
Irrespective of the exercise of your right to deletion, we will delete your data immediately and completely, insofar as there is no legal or statutory obligation to retain data in this respect.
Right to restriction of processing:
You may request us to restrict the processing of your data if
- you dispute the accuracy of the data, for a period of time that allows us to verify the accuracy of the data.
- the processing of the data is unlawful, but you refuse erasure and instead request restriction of the use of the data,
- we no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or
- you have objected to the processing of the data.
Right to data portability:
You may request that we provide you with the data you have provided to us in a structured, commonly used and machine-readable format and that you may transfer this data to another controller without hindrance from us, provided that
- we process this data on the basis of a revocable consent given by you or for the performance of a contract between us, and
- this processing is carried out with the aid of automated procedures.
If technically feasible, you may request us to transfer your data directly to another controller.
Right to object:
If we process your data for legitimate interest, you can object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the assertion, exercise or defence of legal claims. You may object to the processing of your data for the purpose of direct marketing at any time without giving reasons.
Right of complaint:
If you are of the opinion that we violate German or European data protection law when processing your data, please contact us so that we can clarify any questions. Of course, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision.
If you wish to assert any of the aforementioned rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.
9. Am I obliged to provide data?
The processing of your data is necessary for the conclusion or fulfilment of the contract you have entered into with us. If you do not provide us with this data, we will usually have to refuse to conclude the contract or will no longer be able to perform an existing contract and consequently have to terminate it. However, you are not obliged to give your consent to data processing with regard to data that is not relevant for the fulfilment of the contract or that is not required by law.