Principles of Dataof our Customers/Suppliers/Vendors and interested parties

We are pleased that you want to read up on data processing. We regularly process personal data of contacts and employees of customers electronically in order to work with them. We are pleased to provide you with our information on data protection below in fulfilment of our duty to provide information in accordance with Art. 12 and 13 of the General Data Protection Regulation (GDPR):

WHO IS RESPONSIBLE FOR DATA PROCESSING?

The party responsible (controller) as defined in data protection law is as follows:

Schirm GmbH
Geschwister-Scholl-Straße 127
39218 Schönebeck
F: +49-3928-456-300
E: schirm@schirm.com

Further information on our company, details of authorised representatives and other contact options can be found in the imprint on our website.

WHICH OF YOUR DATA DO WE PROCESS? AND FOR WHAT PURPOSES?

If we have received data from you, we will basically only process them for the purposes for which we have received or collected them. Your data may also be collected from publicly accessible sources.

These purposes are generally as follow:

  • Communication for the fulfilment of orders or contracts
  • Communication on project enquiries and enquiries about our company and portfolio
  • Dispatch of information on new or additional services and new production capacities
  • Information on administrative issues such as changes to your contact persons, closing times, etc.
  • Invitations to trade fairs, corporate events, etc.
  • Dispatch of goods
  • Reference for new customers
  • Invoicing and debiting
  • Safeguarding of warranty claims

These data are usually as follows:

  • Your master data (e.g. surname, forename, title, form of address, company, position)
  • Contact data (e.g. email address, telephone number, mobile number, address)
  • Data on transactions (e.g. IBAN, BIC, creditworthiness)

and other personal data which you send us. Please note that we cannot name all potential data. However, we only collect data which you send to us or which are publicly accessible.

Data processing for other purposes can only be considered if the relevant legal requirements pursuant to Art. 6 (4) GDPR have been met. In this case, we will of course comply with any information obligations pursuant to Art. 13 (3) GDPR and Art. 14 (4) GDPR.

WHAT IS THE LEGAL BASIS FOR THIS?

The legal basis for the processing of personal data is Art. 6 GDPR in principle, unless there are specific legal provisions. The following main possibilities can be considered here in particular:

  • Consent (Art. 6 (1) a) GDPR)
  • Data processing for the performance of contracts (Art. 6 (1) b) GDPR)
  • Data processing on the basis of a balancing of interests (Art. 6 (1) f) GDPR)
  • Data processing in fulfilment of a legal obligation (Art. 6 (1) c) GDPR)

If personal data are processed on the basis of your consent, you have the right to revoke this consent at any time with future effect.

We justify our legitimate interests in accordance with Recital 47 of the GDPR, having a legitimate interest in informing our customers about our goods and services through communication channels. As the data subject, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR.

HOW LONG ARE THE DATA STORED?

We process the data as long as is necessary for the respective purpose.

Where statutory obligations to keep records apply (e.g. under commercial law or tax law), the relevant personal data will be stored for the mandatory length of time. After the retention period has expired, a review is conducted to check whether any further processing is necessary. If there is no further requirement in this respect, the data are erased.

We basically carry out checks on data towards the end of any given calendar year to verify whether there is any need for further processing. Due to the quantity of data, this check is narrowed down to specific types of data or purposes of processing.

You may, of course, request information at any time (see below) as to which of your personal data we have stored on our systems and you may request that the data be erased or that processing be restricted where they are no longer required.

WHICH RECIPIENTS WILL THE DATA BE PASSED ON TO?

Your personal data will only be passed on to third parties if this is necessary for the execution of the contract with you, if this is permissible in the context of overriding interests as defined in Art. 6 (1) f) GDPR, if we are legally obliged to pass them on, or if you have provided your consent to this course of action.

Categories of such recipients can be, for example, transport and logistics service providers.

Data may be passed on to tax consultants, credit institutions and other tax authorities within the framework of tax and commercial law requirements.

In our case, third parties are not service providers or affiliated companies that have to comply with our data protection requirements. To this end, we have concluded contract processing agreements and thus guarantee that you can also exercise your rights vis-à-vis them.

WHERE ARE THE DATA PROCESSED?

We process your personal data currently solely in data processing centres in the European Union, and therefore the General Data Protection Regulation applies to the processing at all times.

Any future relocation to a third country will only take place if the special requirements of Art. 44 et seq. of the Data Protection Ordinance are met. DS-GVO are fulfilled and the data protection rights will therefore continue to be safeguarded.

YOUR RIGHTS AS THE “DATA SUBJECT”

You have the right access information about the data which we process relating to you as a person.

Should we receive requests for information which are not submitted in writing, we need you to understand that we may then ask for proof that you are the person you claim to be.

You also have a right to rectification or erasure or restriction of processing where a legal entitlement applies in any such respect.

You also have a right to object to the processing within the scope of the statutory provisions. The same applies to the right to data portability.

It is important to note that you have a right to object, under Art. 21 (1) and (2) GDPR, to the processing of your data in connection with direct marketing if this is carried out on the basis of overriding interests.

OUR DATA PROTECTION OFFICER

We have appointed a data protection officer in our company. The relevant contact details are as follows:
FKC CONSULT GmbH
Eschenburgstr. 5
23568 Lübeck
E-Mail: datenschutz@schirm.com  

RIGHT OF APPEAL

You have the right to complain to a data protection supervisory authority about our processing of personal data.