How we handle your data and the rights you have Information according to Articles 13, 14 and 21 of the General Data Protection Regulation – GDPR
(as of December 2019 V1.0)
We hereby inform you about the processing of your personal data by us and the claims and rights you are entitled to according to the privacy law regulations.
Which individual data is processed and how it is used largely depends on the services which you request or which have been agreed with you.
Who is responsible for data processing and whom can I contact?
The responsible body is:
Schäfer Pumpen & Hydraulik GmbH
Henrichs-Allee 8
45527 Hattingen
Germany
Phone: +49 (0) 2324/ 43974-0
Fax: +49 (0) 2324/ 43974-45
E-mail: datenschutz@schaefer-ph.com
You can reach our Data Protection Officer at:
EHS-Datentechnik
Data Protection Officer
Uhlendahlweg 24
45279 Essen
Germany
E-mail: datenschutz@schaefer-ph.com
What are the sources and data we use?
We process personal data which we receive from you within the scope of our business relationship. Moreover and to the extent necessary for the provision of our services, we process personal data which we have received from other companies or other third parties in a permissible way (e.g. for the execution of orders, for the performance of contracts or on the basis of a consent given by you). Moreover, we also process personal data that we have obtained from publicly accessible sources in a permissible way and which we are allowed to process. Relevant personal data is personal data (name, address and other contact data, date and place of birth and nationality, banking details), identification data. In addition, they may also include order data, data from the fulfilment of our contractual obligations, product data, marketing and sales data, documentation data, data on the use by you of the telemedia we offer (e.g. time of calling up our websites, apps or newsletters, our pages clicked on or entries) as well as other data comparable with the above categories.
What do we process your data for (purpose of processing) and on what legal basis?
We process personal data in compliance with the provisions of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
For fulfilling contractual duties (Art. 6 (1) lit. b of the GDPR)
The processing of personal data (Art. 4 No. 2 of the GDPR) is carried out for the purpose of providing and arranging business, in particular for the execution of our contracts or pre-contractual measures with you and the execution of your orders as well as all training measures required for operation and administration or for the provision of IT services and deliveries. The purposes of data processing primarily depend on the specific order.
Within the framework of balancing of interests (Art. 6 (1) lit. f of the GDPR)
To the extent necessary, we process your data beyond the actual performance of the contract to protect the legitimate interests of us or third parties. Examples:
- Review and optimisation of methods for needs analysis and direct customer approach;
- Advertising or market and opinion research to the extent you have not objected to the use of your data;
- Assertion of legal claims and defence in legal disputes;
- Ensuring IT security and IT operation of Schäfer Pumpen & Hydraulik GmbH;
- Prevention and investigation of criminal offences;
- Measures for building and plant security (e.g. access controls);
- Measures to secure the householder’s rights;
- Measures for business management and further development of services and products.
On the basis of your consent (Art. 6 (I) lit. a of the GDPR)
If you have provided us with a consent to process personal data for certain purposes, lawfulness of such processing is based on your consent. A consent given may be revoked at any time. Please note that such revocation takes effect only for the future. Any processing prior to the revocation is not affected.
Who receives my data?
Within the Schäfer Pumpen & Hydraulik GmbH, those bodies receive your data which need it to fulfil our contractual and statutory obligations. Also processors used by us (Art. 28 of the GDPR) may receive data for these purposes. They are companies in the categories of IT services, logistics, printing services, telecommunications, debt collection, advisory and consulting as well as sales and marketing. With regard to the transfer of data to recipients outside Schäfer Pumpen & Hydraulik GmbH, it should, first of all, be noted that by naming the data protection officer, we are obliged by law to maintain secrecy on all facts and assessments which we gain knowledge of in the course of our activities. We may pass on information about you only if this is required by statutory provisions, you have consented or we are authorised to provide information.
How long is my data stored?
To the extent necessary, we process and store your personal data for the duration of our business relationship, which also includes, for instance, the preparation and implementation of a contract. It should be noted here that our business relationship may also include continuing obligations intended to last for years and usually with an indefinite duration. Moreover, we are subjected to various retention and documentation obligations, including those arising from the German Commercial Code (HGB) and the German Fiscal Code (AO). The retention and documentation periods indicated there are two to ten years. Finally, the storage period is also governed by the statutory limitation periods, which, for instance, are usually 3 years according to Sections 195 et seq. of the German Civil Code (BGB), but may also be up to thirty years in certain cases.
Is data transmitted to a third country or to an international organisation?
Data is only transmitted to third countries (states outside the European Economic Area – EEA) if such transmission is necessary for the execution of your orders, is required by law or you have given us your consent.
What privacy rights do I have?
Each data subject has the right to access according to Art. 15 of the GDPR, the right to rectification according to Art. 16 of the GDPR, the right to erasure according to Art. 17 of the GDPR, the right to restriction of processing according to Art. 18 of the GDPR and the right to data portability according to Art. 20 of the GDPR. Regarding the right to access and the right to erasure, the restrictions of Sections 34 and 35 of the German Federal Data Protection Act (BDSG) apply. Moreover, there is a right to lodge a complaint with a data protection supervisory authority (Art. 77 of the GDPR in conjunction with Section 19 of the German Federal Data Protection Act (BDSG)).
Am I obliged to provide data?
Within the framework of our business relationship, you are required to provide only that personal data which is necessary for the constitution, performance and termination of a contract or for pre-contractual measures or to the extent we are legally obliged to collect it. Without this data we usually have to refuse the conclusion of the contract or the execution of the order or are no longer be able to execute an existing contract and may have to terminate it.
To what extent does individual automated decision-making exist?
Basically, we do not make use of automated decision-making according to Art. 22 of the GDPR.
To what extent is my data used for profiling (scoring)?
We do not process your data by automated means for profiling.
Information about your right to object according to Art. 21 of the General Data Protection Regulation (GDPR)
1.1 Right to object in individual cases
You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you carried out according to Article 6 (1) lit. f of the GDPR (data processing based on a balancing of interests); this also applies to profiling based on this provision within the meaning of Article 4 No. (4) of the GDPR, which we use for credit assessment or marketing purposes. If you object, we discontinue processing of your personal data, unless we are able to prove compelling, legitimate reasons for processing overriding any interest, right and freedom of yours, or processing serves to assert, exercise or defend legal claims.
1.2 Right to object to the processing of data for direct marketing purposes
In individual cases, we process your personal data in order to conduct direct marketing. You have the right to object to the processing of personal data concerning you for such marketing purposes at any time; this also applies to profiling to the extent it is connected with such direct marketing. If you object to the processing for the purposes of direct marketing, we will no longer process your personal data for such purposes.
The objection can be made in an informal manner and, if possible, should be addressed to:
Schäfer Pumpen & Hydraulik GmbH
Henrichs-Allee 8
45527 Hattingen
Germany
Phone: +49 (0) 2324/ 43974-0
Fax: +49 (0) 2324/ 43974-45
E-mail: datenschutz@schaefer-ph.com