Information on collection of personal data according to the GDPR
for business partners/suppliers
The EU General Data Protection Regulation requires us to provide you with comprehensive information for processing of your personal data. In compliance with this obligation, we inform you of the following:
1.1 Name and contact details of the controller
Tel.: +49 30 91542235
Fax: +49 30 64073783
1.2 Name and contact details of the representative in the EU according to sect. 27 GDPR
(only if the controller or processor is not resident in the Union)
1.3 Contact details of the data protection officer
ECOVIS Keller Rechtsanwälte PartG mbB
Rechtsanwalt Axel Keller / Senior Associate Karsten Neumann
Am Campus 1-11 - 18182 Rostock
Tel.: +49 381 12 88 49-0 - Fax: +49 381 12 88 49-69
E-Mail: firstname.lastname@example.org - Internet: www.ecovis.com/datenschutzberater
II. Processing scope
2.1 Categories of personal data concerned that are processed
In the scope of our business relationships and depending on the specific purpose for which we collect your data, we regularly process personal data also if you are a legal entity. This is the case, for example, if we collect data of persons from the management, personal contacts at your company such as sales employees, key account managers or other persons in departments of your company who are responsible for our business relationships.
In the scope of this, we collect the following data or data categories:
Function in the company
2.2 Source of personal data
We generally collect your data in direct contact with the data subject. However, it is also possible that you may submit data on persons who are responsible for us in your company to us.
2.3 Duration of storage of the data
The personal data collected by us will be stored according to the proviso of our erasure concept until the end of the statutory archiving obligation; they will then be erased, except of we are obligated to archive the data for a longer period according to section 6 para. 1 s. 1 lit. c GDPR due to archiving and documentation obligations under tax and commercial law (from the Commercial Code, Criminal Code or Tax Code) or if you have consented to storage beyond this according to sect. 6 para. 1 s. 1 lit. a GDPR.
Subject to such archiving obligations, data are deleted if the purpose for which they were collected has ended.
As far as legally permitted, data will also be stored if this is required to assert or defend any legal claims.
2.4 Purposes of processing
The purposes of processing of your data are
processing of a business relationship between us, including communication between us, in particular for processing of the payment transactions, accounting and performance of the contractual obligations between us.
2.5 Legal basis for processing
We only process your data if there is a legal basis for it. This is the case according to sect. 6 para. 1 GDPR when at least one of the following provisions is met.
processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract
processing is necessary for compliance with a legal obligation to which we are subject
processing is necessary to maintain our legitimate interests except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data.
2.6 Legitimate interests within the meaning of sect. 6 para. 1 lit. f GDPR
Our legitimate interests – or those of a third party – may be
the presence of a legal relationship between us;
the prevention of fraud;
measures to ensure and improve the safety of IT systems;
measures to protect our company from illegal actions and
internal administrative purposes, in particular exchange of data within our group of companies.
2.7 Legal or contractual obligation to provide the data
An obligation to provide data may result
from a contract you have concluded with us and the performance of which data collection serves in the cases of item 2.5 lit. b;
from the statutory provisions we are subject to or – in accordance with sect. 6 para. 2 and 3 GDPR – the law of the European Union or the law of the member states of the European Union in the cases of item 2.5 lit. c.;
from general support or contractual secondary obligations that are not specifically targeted at data collection, such as the provisions on failure to render assistance in § 323c Criminal Code, in the cases of items 2.5 lit. d. and e.
2.8 Requirement of the provision of data for conclusion of a contract
The data collected by us are usually mandatory for founding and processing of a business relationship, including meeting the obligations resulting from this.
2.9 Other obligation to provide the data
There usually is no other obligation to provide the data.
2.10 Possible consequences of not providing data
Not providing personal data of persons working for your company usually only causes makes communication between us considerably more difficult or impossible – e.g.in the area of communication by email.
2.11 Presence of automated decision-making (including profiling)
We do not use any automated supervision or evaluate systems.
III. Forwarding and other countries
3.1 Recipients or categories of recipients of the personal data
The data collected by us will be forwarded to other recipients and third parties as well under consideration of the statutory provisions. These specifically are:
Accounting / book-keeping
Purchase / procurement
External data processors (contract processors)
External data processors (contract processors)
External data processors may be from the areas of archive, maintenance and care for EDP systems or the company website or marketing. These usually are contract processors within the meaning of sect. 4 no. 10 GDPR, so that processing of the data through them does not constitute transmission within the meaning of sect. 4 no. 2 GDPR.
3.2 Intention of the controller to transmit personal data to a third country or an international organisation
Such transmission is not intended.
3.3 Presence or absence of a commission decision on appropriateness
3.4 Reference to suitable or appropriate safeguards
IV. Your rights
4.1 You as the data subject have various rights under the General Data Protection Regulation.
the right to be informed about the data concerning you that are stored by us (sect. 15 GDPR)
the right to rectification of incorrect data (sect. 16 GDPR)
the right to erasure of the data if there is no legal basis for continued storage (sect. 17 GDPR)
the right to restriction of processing of the data to specific purposes (sect. 18 GDPR)
the right to data portability (sect. 20 GDPR) and
the right to object to processing of your data (sect. 21 GDPR).
If processing of your data is based on consent (see item 2.5 lit. a), you have the right to withdraw your given consent at any time. The legality of the processing taking place based on given consent until the withdrawal is not affected by the withdrawal.
Separate information about the right to object under Article 21 GDPRAccording to Article 21 (1) of the GDPR, you have the right at any time, for reasons arising from your particular situation, to object to the processing of personal data re-lating to you pursuant to Article 6 (1) (f) of the GDPR (processing to safeguard the le-gitimate interests of the responsible entity or a third party).If you object, we will no longer process your personal data, unless we can demon-strate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of asserting, exercising or defence of legal claims.
If the processing is to operate direct mail, you have the right, under Article 21 (2) GDPR, to object at any time to the processing of personal data relating thereto for the purpose of such advertising; this also applies to the profiling, as far as it is associated with such direct mail.
In addition to this, you have the right to complain to a supervisory authority in accordance with sect. 77 GDPR if you believe that processing of the data concerning you violates provisions under data protection law. The supervisory authority relevant for us is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
+49 30 13889-406
4.2 Finally, you have the right to contact our data protection officer at any time. He is obligated to confidentiality regarding your query where processing of your data is concerned.
You can reach our data protection officer under the contact details named in item 1.3.