The protection of your private rights and freedoms is important to us; we only use your data for the purposes intended. Since it is important to us that you know at all times to what extent we collect, use and, if necessary, transfer your data to third parties, we will inform you in detail below about the processing of your personal data collected by us or stored by us. When processing personal data, we strictly adhere to the provisions of the EU General Data Protection Regulation (GDPR) and, if applicable, other data protection-relevant provisions.
Name and address of the controller
EuroParcs Deutschland GmbH
Andries Bruil
Neuer Zollhof 3
40221 Düsseldorf
Germany
Phone: +49 (0) 221 828 28 400
E-mail: kundenservice@europarcsresorts.de
Name and address of the data protection officer
Jörg ter Beek
Cortina Consult GmbH
Hafenweg 24
48155 Münster
Data protection team for general data protection inquiries:
Team e-mail: dsb.europarcs@cortina-consult.de
Website: https://www.cortina-consult.com
If you have any questions regarding the processing of your personal data, if you wish to exercise your rights as a data subject (such as the right to information, correction, blocking or deletion of data) or if you wish to withdraw your consent, please contact our data protection officer directly.
General deadlines for data deletion
After the purpose of storage has ceased, the retention periods are generally at least six or ten years. As a rule, data is deleted immediately in accordance with our deletion concept, provided that this does not conflict with any retention obligation, necessity for contract fulfillment or a legitimate interest.
Data security information
We protect your personal data processed by us against loss, destruction, access, alteration or distribution by unauthorized persons by means of appropriate technical and organizational measures. However, despite regular checks, complete protection against all risks is not possible.
Rights of data subjects
The EU General Data Protection Regulation (GDPR) provides for extensive rights for data subjects in Chapter III, which we explain to you accordingly below with regard to the processing of your personal data:
- Right to information
This requirement concerns in particular information on the following details of data processing:
- Processing purposes
- Data categories
- Recipients or categories of recipients, if applicable
- If applicable, the planned storage duration or the criteria for determining this duration.
- Note on the respective right of correction, deletion, restriction or objection
- Existence of the right to complain to a supervisory authority
- If applicable, origin of the data (if not collected from you)
- If applicable, existence of automated decision-making including profiling, including meaningful information about the logic involved, the scope and the effects to be expected
- If applicable, (planned) transfer to a third country or international organization
- Right to rectification
We will correct any erroneous data immediately, provided that you inform us of the circumstance accordingly.
- Right to erasure (right to be forgotten)
Provided that the processing is no longer necessary and one of the following conditions is met:
- Discontinuation of the purpose of processing
- Withdrawal of their consent and absence of any other legal basis for processing
- Objection to processing without an important reason to the contrary
- Unlawful processing
- Required to fulfill a legal obligation
- Data collection was carried out in accordance with Art. 8 (1) GDPR
Within the scope of the deletion request, we will, if necessary, pass on your request to those third parties to whom a transfer of your data had previously taken place.
- Right to restriction of processing
Provided that one of the following conditions is met:
- You dispute the accuracy of your data (restriction can be made for the duration of the review on our side)
- In the event of unlawful processing and if the data is not to be deleted, restriction of processing shall take the place of deletion
- If the processing purposes cease to apply, at the same time you need your data for the assertion, exercise or defense of legal claims
- After you have lodged an objection pursuant to Art. 21 (1) GDPR and for the duration of the examination as to whether our legitimate reasons outweigh yours.
- Right to data portability
If it is technically possible and does not affect the rights and freedoms of other persons, we will - at your request - transfer your data to another recipient (responsible party).
- Right to object
If we collect or have collected and process personal data from you (on the basis of Art. 6 (1) e or f or Art. 9 (2) a GDPR), you have the right to object to the data processing (including profiling) at any time (with effect for the future). In exceptional cases, the objection may be ineffective, e.g. if we can demonstrate compelling interests worthy of protection for the processing that outweigh your interests or processing serves the assertion, exercise or defense of legal claims. If we process your personal data for the purpose of direct marketing, you have the right to object to such processing at any time. This also applies to profiling, insofar as it is related to such direct advertising. You also have the right to object to processing of your data concerning you which is carried out by us for scientific or historical research purposes or for statistical purposes pursuant to Article 89 (1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.
- Automated decisions in individual cases including profiling
If we collect or have collected and process personal data from you, you have the right not to be subject to any decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. Exceptions to this requirement apply if the decision is necessary for the conclusion or performance of a contract between you and us or you have expressly consented to the processing. In any case, we will take reasonable steps to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain the intervention of a person on our part, to express our own point of view and to contest the decision.
- Right to revoke consent under data protection law
You have the right to revoke consent to the processing of personal data at any time.
- Right to complain to a supervisory authority
A list of the supervisory authorities responsible in Germany can be found on the website of the Federal Commissioner for Data Protection or at the following link: https://www.bfdi.bund.de/EN/Service/Anschriften/Laender/Laender-node.html.
Legal basis of processing
We process personal data in accordance with the requirements of the GDPR, depending on the type and purpose of the processing as follows:
| Permitted use | Specification of the GDPR |
| Informed consent | Art. 6 para. 1 a |
| Performance of a contract | Art. 6 para. 1 b |
| Implementation of pre-contractual measures | Art. 6 para. 1 b |
| Fulfillment of legal obligations | Art. 6 para. 1 c |
| Protection of vital interests | Art. 6 para. 1 d |
| Safeguarding our legitimate interest | Art. 6 para. 1 f |
Our legitimate interest
Our legitimate interest, as defined in Article 6 (1) f GDPR, is based on the performance of our business activities in order to maintain our ability to operate and secure the employment of our employees.
Data security information
We protect your personal data processed by us against loss, destruction, access, alteration or distribution by unauthorized persons by means of appropriate technical and organizational measures. However, despite regular checks, complete protection against all risks is not possible.
General network protection
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Username, IP addresses, timestamps, email addresses | Protection measures against unauthorized access and attacks as well as protection against electronic bulk mail and unwanted data inflow and outflow (DLP). Firewall / Antivirus / Spam Filter / Endpoint Security |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | IT service provider (if required) |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | The data already exists and is required to ensure security. The data must be processed for authentication of authorized access to the network. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Backup
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| All company data (billing data, address data, bank account data/credit card data, credit rating data, date of birth, IT usage data/log data/log files, IP address, interests/preferences, contact data, CV, name/first name/address/title, social security data, contract and contract master data, payment data, time recording data, wage/salary data, correspondence, miscellaneous). | Data backup of company data to prevent data loss (encryption Trojans, etc.) Ensuring recovery of company processes in the event of system failures, system errors and emergencies |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | IT service provider (if required) |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | From the moment the purpose ceases to exist, backup data is deleted immediately. |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | The personal data has already been collected and is processed to ensure IT security processes. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
User management
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Surname, first name, e-mail address, telephone number, department affiliation if applicable | Management of user accounts and administrative groups to provide authentication and support for authorization concepts in various systems |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | IT service provider (if required) |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | The personal data has already been collected and is only managed to ensure IT security processes. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
CRM system (Customer Relationship Management)
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Personal master data, communication data, contract master data, customer history, other data if applicable. | Maintenance of customer data and customer relationships, qualification of customers |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b)Implementation of pre-contractual measures (Art. 6 para. 1 b) |
| Recipient (if applicable) | IT service provider (if required) |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the data in question, it may not be possible to fulfill the tasks or contracts; this data is also required to ensure security. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Data exchange portal
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Address data, bank data, contact data, payment data, wage and salary data, contract data, time recording data, correspondence, various | Use of online solutions for data storage and exchange with suppliers, customers and third parties |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | If necessary, there are external recipients depending on the occasion |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the relevant data, it may not be possible to fulfill the tasks or contracts, in particular across spatial distances. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Data carrier disposal
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| All company data (billing data, address data, bank account/credit card data, credit rating data, date of birth, IT usage data/log data/log files, IP address, interests/preferences, contact data, CV, name/first name/address/title, social security data, contract data, contract master data, payment data, time recording data). | Destruction of data carriers that are no longer required (e.g. after expiry of the retention period), on which or in which personal data are located (hard disks, SSD, CD/DVD, USB stick, ...). |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b)Implementation of pre-contractual measures (Art. 6 para. 1 b)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | Disposal service provider, if applicable |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | No |
| Consequences of non-compliance (in case of failure to provide the required data) | There is no obligation to provide personal data. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
DMS Document Management System
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Address data, bank data, contact data, payment data, wage and salary data, contract data, time recording data, correspondence, various | Operation of the DMS for revision-proof archiving of business documents |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of a contract (Art. 6 para. 1 b)Implementation of pre-contractual measures (Art. 6 para. 1 b)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | IT service provider (if required) |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | The personal data has already been collected and is processed to ensure IT security processes and legal requirements. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Print and copy jobs
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Name, first name, IP address, print template with the information to be reproduced. | Duplicate information |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b)Implementation of pre-contractual measures (Art. 6 para. 1 b)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | IT service provider (if required) |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | No |
| Consequences of non-compliance (in case of failure to provide the required data) | There is no obligation to provide personal data. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
E-mail archiving
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| All company data (billing data, address data, bank account data/credit card data, credit rating data, date of birth, IT usage data/log data/log files, IP address, interests/preferences, contact data, CV, name/first name/address/title, social security data, contract and contract master data, payment data, time recording data, wage/salary data, correspondence, miscellaneous). | Audit-proof archiving of business communication as well as accounting-relevant documents |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | IT service provider (if required) |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | From the time of data generation, the data is deleted after 7 years in accordance with § 257 HGB, § 41 EStG, § 147 AO. |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | The personal data has already been collected and is processed to ensure IT security processes and legal requirements. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Electronic processing by e-mail
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Only personal data is processed to ensure the corresponding processing operation, including contact data (name, e-mail address), possibly other (depending on the content of the communication), possibly other header data, "content data" (content of e-mails - "body"). | Safe execution of internal |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of a contract (Art. 6 para. 1 b)Implementation of pre-contractual measures (Art. 6 para. 1 b)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | Occasion-related and transparent transmission within the scope of e-mail communication (e.g., in compliance with BCC and CC regulations), including customers, interested parties, suppliers, authorities, contractual partners, other third parties |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country takes place. |
| If known: Duration of data storage | After the purpose of storage has ceased to apply: - Retention period for e-mails, insofar as they qualify as business letters: 6 years, after which the data is routinely deleted unless it is no longer required for the performance or termination of contracts - Deletion at shorter notice in special areas (e.g. applicant data: 6 months) |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the data in question, it may not be possible to fulfill the tasks or contracts; this data is also required to ensure security. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
ERP software
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Personal master data, communication data, customer history, contract billing data, payment data, planning and control data, and other data as required. | Secure and efficient operation of the enterprise resource planning system |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of a contract (Art. 6 para. 1 b)Implementation of pre-contractual measures (Art. 6 para. 1 b)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | IT service provider (if required), tax advisor if necessary, authorities |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the data in question, it may not be possible to fulfill the tasks or contracts; this data is also required to ensure security. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Groupware system
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Name, first name, address data, contact data, e-mail addresses, appointment data | Execution of internal and external correspondence including documentation, office communication, especially team / collaboration across spatial distances (e-mail, contacts, tasks, calendar) |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b)Implementation of pre-contractual measures (Art. 6 para. 1 b) |
| Recipient (if applicable) | Interested parties, suppliers, craftsmen, authorities, service providers, as well as their contact persons |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the relevant data, it may not be possible to fulfill the tasks or contracts, in particular across spatial distances. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Hosting
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| First name, last name, title, address, e-mail address, telephone number, contract data, contact history, IT usage data, traffic data, log data, telecommunications data | Secure online provisioning of IT systems |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of legal obligations (Art. 6 para. 1 c)Fulfillment of a contract (Art. 6 para. 1 b) |
| Recipient (if applicable) | If applicable, external service providers, if required for processing |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the data in question, it may not be possible to fulfill the tasks or contracts; this data is also required to ensure security. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Internet and telephone use
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Name, first name, extension, address data, contact data, e-mail addresses, appointment data, traffic data (as defined by §96 TKG), IP addresses, web addresses, website retrieval data | (Office) communication and task management for human resources, employee management, customer management, financial accounting, controlling, marketing, etc. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of a contract (Art. 6 para. 1 b) in combination with Section 26 para. 1 p. 1 BDSG for the purpose of implementing an employment relationship |
| Recipient (if applicable) | Applicants, customers, interested parties, suppliers, craftsmen, authorities, service providers, as well as their contacts |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the relevant data, the fulfillment of the tasks or contracts may not be possible. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Intranet usage
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Name, first name, company contact details, date of joining, department, photos, career, hobbies | Ensuring internal information exchange, motivating employees, informing employees. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of a contract (Art. 6 para. 1 b) in combination with Section 26 para. 1 p. 1 BDSG for the purpose of implementing an employment relationship |
| Recipient (if applicable) | IT service provider (if required) |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | Depending on the type of data, the provision / processing is necessary for the intended operational task fulfillment. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
IT support (remote)
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| planned no processing of pb data, but due to the service access to pb data cannot be excluded | Maintenance / servicing of software / data by IT service providers, software development |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | ext. Service provider |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the data in question, it may not be possible to fulfill the tasks or contracts (support and maintenance of the IT systems), especially across spatial distances. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Communication systems (such as telephone system)
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Extension, telephone number, surname, first name, telephone number of the communication partner, duration of the call, date, time, traffic data (as defined in § 96 TKG), contact data | Provision and performance of telecommunications services for own (internal) purposes (corporate communications internally and externally) Ensuring proper telecommunications operations within the company and for customers. Provision of log files, evaluations and statistics. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of a contract (Art. 6 para. 1 b)Implementation of pre-contractual measures (Art. 6 para. 1 b) in combination with § 26 para. 1 p. 1 BDSG for the implementation of an employment relationshipSafeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | Traffic data is not passed on as a matter of principle, but is only used on an ad hoc basis to eliminate faults or for billing checks. |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | Traffic data is stored for a maximum of 6 months. Aggregated data may be stored and used beyond this period, provided that it is ensured that no further personal reference can be derived from the data. |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the data required for communication, the implementation and management of telecommunications is not possible. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Internet usage control
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| User names, IP addresses, Internet URLs, e-mails, web pages, timestamps | Random monitoring of Internet use to check for compliance with the rules on private use. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | IT service provider (if required), authorities if necessary |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | The collection of data is done automatically according to the company\'s legal obligation to ensure and maintain the security of the company\'s data |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Microsoft 365 - Mobile Apps and Office for Web
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Name, e-mail address | Secure use of the applications and services provided by Microsoft in the MS 365 package |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of a contract (Art. 6 para. 1 b)Implementation of pre-contractual measures (Art. 6 para. 1 b)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | Microsoft Ireland Operations Limited |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the data in question, it may not be possible to fulfill the tasks or contracts; this data is also required to ensure security. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Microsoft 365 - Office applications as client applications, incl. Outlook and Exchange Online
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Name, e-mail address | Secure use of the applications and services provided by Microsoft in the MS 365 package |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of a contract (Art. 6 para. 1 b)Implementation of pre-contractual measures (Art. 6 para. 1 b)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | Microsoft Ireland Operations Limited |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the data in question, it may not be possible to fulfill the tasks or contracts; this data is also required to ensure security. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Microsoft 365 - Teams incl. Onedrive, Sharepoint
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Employee data, customer data, master data, external data if applicable | Secure use of the applications and services provided by Microsoft in the MS 365 package |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of a contract (Art. 6 para. 1 b)Implementation of pre-contractual measures (Art. 6 para. 1 b)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | Depending on the type of use |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the data in question, it may not be possible to fulfill the tasks or contracts; this data is also required to ensure security. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Mobile, cell phone, smartphone use
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Name, first name, address data, contact data, e-mail addresses, appointment data, traffic data (as defined by §96 TKG), IP addresses, web addresses, website retrieval data | Mobile communication and task management for human resources, employee management, customer management, financial accounting, controlling, marketing, etc. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of a contract (Art. 6 para. 1 b) in combination with Section 26 para. 1 p. 1 BDSG for the purpose of implementing an employment relationship |
| Recipient (if applicable) | Applicants, customers, interested parties, suppliers, craftsmen, authorities, service providers, as well as their contacts |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the relevant data, the fulfillment of the tasks or contracts may not be possible. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Emergency concept
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Name, first name, address data, contact data | Ensuring a functional corporate structure, providing a disaster recovery process. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | IT service provider (if required) |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | The personal data has already been collected and is processed to ensure IT security processes and legal requirements. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Online meetings
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| First name, last name, title, address, e-mail address, username | Secure use of a software for video and telephone conferencing for various corporate purposes. Primarily, the software is used for internal and external communication. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of a contract (Art. 6 para. 1 b)Implementation of pre-contractual measures (Art. 6 para. 1 b)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | If applicable, external service providers, if required for processing |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the data in question, it may not be possible to fulfill the tasks or contracts; this data is also required to ensure security. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Logging in IT systems
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| User names, IP addresses, e-mail addresses, Internet urls, e-mails, web pages | Ensuring legally required and technically necessary logging: guaranteeing the correct functioning of IT systems, error analysis, detection of resource bottlenecks, tracing of hacker attacks |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | IT service provider (if required), authorities if necessary |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | The collection of data is done automatically according to the company\'s legal obligation to ensure and maintain the security of the company\'s data |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Data centers
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| First name, last name, title, address, e-mail address, telephone number, contract data, position, contact history, IT usage data, traffic data, log data, telecommunications data | Ensuring proper operation of the data centers for data processing. Provision of log files, evaluations and statistics. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | IT service provider (if required) |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the data in question, it may not be possible to fulfill the tasks or contracts; this data is also required to ensure security. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Ticket system
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Details of the processor (surname, first name, contact details), details of the requester (surname, first name, address details, contact details), error description | Ensuring IT support in own company and for customer systems. Recording of malfunctions, errors and requests, systematic processing of error messages by users. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | IT service provider (if required) |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the data in question, it may not be possible to fulfill the tasks or contracts (internal and external support and maintenance), especially across spatial distances. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Dealing with passwords
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Name, first name, user name, password | Task management for office communication for human resources, employee management, customer management, financial accounting, controlling, marketing. Ensuring administrator access in case of emergency |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | IT service provider (if required) |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | The personal data has already been collected and is only managed to ensure IT security processes. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Company website
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Depending on the type of data processing, surname, first name, address, contact details, e-mail address, applications, contact requests, technical usage data (IP address, referrer, url of the page accessed, HTTP status, browser type and version, operating system used, computer name of the accessing computer, time of request ), if applicable. | Secure operation of the website, e.g. for purposes of external presentation Providing information about the company and the products/services offered. Contact possibility for customers, interested parties, applicants. Administration of logins |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of legal obligations (Art. 6 para. 1 c) by the hosting provider. |
| Recipient (if applicable) | Hosting service provider (EU), if applicable web agency |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | The data to ensure data security (duty of proof e.g. for hacker attacks: IP addresses) are automatically collected when visiting the website |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Video surveillance
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Optical video recordings of relevant outdoor areas, outdoor facilities: video recordings, live images, still images Administrative buildings: video recordings Sales rooms: monitor live images Date and time of recordings IMPORTANT: there is no sound recording! | Protection against unauthorized access to the company premises or the office building, recording of video material for the purpose of detecting and clarifying criminal offences Outdoor facilities: prevention of criminal offences and for collecting evidence in the event of vandalism, burglary or other criminal offences. Administration building: Exercise of domiciliary rights (access control only for authorized persons) Salesroom: Monitoring of public traffic in appropriate areas for the purpose of preventing and solving thefts. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | In the event of suspicion of a criminal offense, forwarding to law enforcement authorities; other forwarding to third parties only if there is a legal basis for the transfer of the data; involvement of the external data protection officer if necessary. |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | Video recordings are stored for a period of 72 hours and subsequently overwritten by new recordings; in individual exceptional cases, storage may be for a longer period to ensure the processing purpose (e.g. over a long holiday weekend). |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the described processing, the above purposes cannot be achieved in any economically meaningful way. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Whistleblowing
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| All categories of personal data may be affected by whistleblowing. | Reporting incidents related to ethical, moral or criminal violations. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | The processing is necessary for the fulfillment of a legal obligation pursuant to Art. 6 para. 1 lit. c DS-GVO (§§ 7691 Para. 293 (1) AktG). |
| Recipient (if applicable) | External lawyer or compliance officer |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | Provided that no infringement has been detected, the data shall be deleted after the audit has been completed. |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | Violation of law or contract |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | Whistleblower |
WLAN (guests)
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Surname, first name, company name of the visitor, Internet protocol data, login data, MAC addresses of the respective end device. | Provision of WLAN Internet access for guests Logging and control to protect against misuse and for evidence purposes. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | IT service provider (if required) |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | From the date of the end of the relationship, the data will be kept for three years in accordance with § 195 BGB. |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | The processing of the above data is necessary for the provision and maintenance of the guest WLAN. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Access control (authorization concept)
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| IT usage data/log data/log files, name/first name/address/title. | Access restrictions according to areas of responsibility, implementation of the authorization concept and ensuring the access authorizations of administrators and system users |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | IT service provider (if required) |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | From the time of the end of the relationship, the master data is kept for three years in accordance with § 195 BGB. From the time of data generation, the IT usage data/log data/log files are kept for 30 days. |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | To ensure only authorized access to company data in accordance with the need-to-know principle, the data subject must be provided with the authorizations required for the activities to be performed. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Access control foreign workers
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| First name, last name, company, department, date of birth (for unique identification), | Protection against unauthorized access to the company premises or the office building |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | IT service provider (if required) |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | From the date of the end of the relationship, the data will be kept for four years in accordance with § 195 BGB. |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | To ensure only authorized access to the company premises or office building, the person concerned must authenticate himself with his personal data. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Applicant Management
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Personal data (name, address, date of birth, telephone number, information on religious affiliation, information on marital status / information on children, curriculum vitae, education, qualifications, application data, if applicable, information on severe disability) | Handling and implementation of application procedures, processing of unsolicited applications, selection of potential employees to fill suitable positions. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Implementation of pre-contractual measures (Art. 6 para. 1 b) |
| Recipient (if applicable) | external service providers (recruitment tests) |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | From the time the purpose ceases to exist, the application documents are deleted after 6 months in accordance with § 15 para. 4 AGG, § 61b para. 1 ArbGG. |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | Non-compliance (i.e. failure to provide the required data) may result in the hiring not being able to take place. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Device Management
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Contact data, master data, EDP data | Manage mobile devices, such as cell phones or laptops |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | From the time of the end of the relationship, the personal master data will be deleted after 3 years according to § 195 BGB. |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | No |
| Consequences of non-compliance (in case of failure to provide the required data) | There is no obligation to provide personal data. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
E-Learning
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| First name, last name, email address, department, learning outcomes | Web-based learning ( IT environment, foreign languages, etc.) for employee education and training. Information transfer and training for external service providers |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | If applicable and if necessary, service providers involved in the processing |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | From the time of the end of the relationship, the personal master data will be deleted after 3 years according to § 195 BGB. |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | The personal data are necessarily processed for the implementation of the employment relationship. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
External Qualified Person
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Personal master data, communication data, feedback | Position of external "qualified persons" as a service |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | From the time of the end of the relationship, the personal master data will be deleted after 4 years in accordance with § 195 BGB. Communication data will be deleted immediately upon request and/or when the purpose ceases to exist. |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | The "QP" cannot be used. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Personnel questionnaire
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Surname, first name, address data, contact data, date of birth, religious affiliation (if tax-relevant), marital status, details of children, bank details, details of previous activities, details of education, social security details. | In the application process for easier comparison of the applicant\'s details, in the case of new hires for registering the employee with the authorities, insurance companies and social security institutions. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Implementation of pre-contractual measures (Art. 6 para. 1 b)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | Public authorities, insofar as there are legal transmission obligations (tax office), non-public authorities in principle only if there is a legal basis for this (health insurance and social security institutions). |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | From the time the relationship ends, the personal master data is deleted after 4 years in accordance with § 195 BGB. From the time of data generation, the working time data will be stored for 2 years in accordance with § 16 para. 2 ArbZG. If the working times are relevant for tax documents, the working time data will be deleted after 10 years according to § 257 HGB, § 147 AO. |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | The personal data have already been collected and are necessarily processed for the performance of the employment relationship. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Protective and work clothing
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Name, first name, clothing size, glove size, shoe size, body measurements | Ordering protective and work clothing for employees |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | External occupational health and safety, if applicable |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | From the time of the end of the relationship, the personal master data will be deleted after 3 years according to § 195 BGB. |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | The personal data are necessarily processed for the implementation of the employment relationship. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
(Online) Banking
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| First name, surname, bank data, payment data, contract data, address, date of birth, if applicable further | Management and administration of bank accounts, financial management |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | A violation (i.e. the failure to provide the required data) would possibly result in the non-fulfillment of contractual obligations (e.g. delivery of goods and provision of services). |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Billing direct debit
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Personal master data, communication data, contract master data, if applicable, customer history, contract and payment data, account data, if applicable, others | Billing by direct debit |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | Contractor\'s bank |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | From the time of data generation, the data is deleted after 10 years in accordance with §§ 257, 325, 238 HGB, § 147 AO. |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the data required for SEPA direct debit, direct debit collection is not possible. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Offer, order, invoice preparation
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Billing data, address data, bank details (if applicable), personal master data, contact data, contract data, time recording data (if applicable), customer history (if applicable), payment data, communication data, contract master data, other data (if applicable). | Preparation of offers, orders and invoices |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | Voucher recipient, Depending on the request, public authorities if applicable, tax advisor if applicable, insurer if applicable. |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | From the time of data generation, the data is deleted after 6 years in accordance with § 257 HGB, § 147 AO. |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | A violation (i.e. the failure to provide the required data) would possibly result in the non-fulfillment of contractual obligations (e.g. delivery of goods and provision of services). |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Credit insurance
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Customers, InteresPersonal master data, Company data, Communication data agents. | Protection against failure up to a certain limit, company data, communication data |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | Credit insurer |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | Non-compliance (i.e. failure to provide the required data) may result in the inability to use the selected payment method. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Invoicing, dunning
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| First name, last name, address, contact data Contract data, insurance data, date of birth, data on purchased goods/DL, bank details, VAT identification number, patient data, invoice data, sales including invoice numbers, purposes of use, etc., information on fixed assets | Preparation and dispatch of invoices, recording of open items and dunning (management and collection of outstanding receivables), recording and documentation of all financial transactions in the company (all sales as well as fixed assets), recording and payment of taxes and duties to the tax authorities and, if necessary, to other public authorities, control and processing of incoming/outgoing invoices, monitoring of payments, processing of account statements. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | To the extent required by law: tax authorities, tax advisors and auditors Otherwise, if there is a legal basis for the data transfer |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | From the time of data generation, the data is deleted after 10 years in accordance with § 257 HGB, § 147 AO. |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | There are legal obligations for the preparation of invoices and reminders. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Transfer business
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Address, first name, last name, order data | Delivery to wholesale |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b) |
| Recipient (if applicable) | Wholesale |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | From the time of data generation, the order data and contract master data are deleted after 6 years in accordance with § 257 HGB, § 147 AO. |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the data required for shipping, delivery of goods is not possible. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Business information, credit assessment, debt collection
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Personal master data, company data, communication data | Protection against customer insolvency, receipt of outstanding payments |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | Service providers (credit assessment, debt collection) |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | Communication data and company data will be deleted immediately upon request and/or when the purpose ceases to exist. |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | Obligation based on general terms and conditions (GTC). |
| If applicable, existence of an automated decision-making process | A purely automatic decision-making process takes place. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Record keeping
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Customer data, contact data, billing data, contract data, employee data, wage and salary data, other data if applicable. | Data protection-compliant retention of records (invoices, business transactions), to the extent and as required by law. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | No |
| Consequences of non-compliance (in case of failure to provide the required data) | There is no obligation to provide personal data. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
General management
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| First name, last name, title, address, e-mail address, telephone number, position, contact data, contact history, contract data | General administration (incl. processing incoming mail, etc.) |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the data required for management, it is not possible to carry out certain business processes. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Order management
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| First name, last name, title, address, date of birth, patient data, insurance data, data on purchased goods/DL, contract data, telephone number, customer number, e-mail address, | Creation, maintenance and management of orders |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the data required for management, it is not possible to carry out certain business processes. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Visitor management
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| First name, last name, company, contact person, country of origin, reason for visit, license plate number, photo | Access control to the company building/plant premises, overview of visitors and external service providers on the company premises, in the administration building to maintain house rights and ensure plant security |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | The data are necessarily processed to carry out visitor management. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Office Communication
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Only personal data is processed to ensure the corresponding processing operation. | Task management for office communication for e.g.: Human resources, employee management, customer management, financial accounting, controlling, marketing. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | Applicants, customers, interested parties, suppliers, craftsmen, authorities, service providers, as well as their contacts |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the data required for management, it is not possible to carry out certain business processes. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Incoming mail
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| First name, last name, address, depending on the content of the message: date of birth, title, customer number, insurance data, patient data, bank data, industry, position, communication data | Processing and forwarding of incoming mail |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | The data already exists and is necessarily processed for the subsequent processes. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
External speakers
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Depending on the content of the communication, person master data, communication data, planning and control data, if necessary further | Obtaining outside speakers to conduct training, seminars, and continuing education. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | Cooperation is not possible. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Paper and file destruction
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Customer data, contact data, billing data, contract data, employee data, wage and salary data, various | Destruction of data carriers and documents no longer required as part of paper and file disposal (e.g. after expiry of the retention period), on which or in which personal data are located during ongoing operations and after expiry of the retention period. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | external disposal service provider |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | The personal data have already been collected and are necessarily processed (destroyed) to fulfill legal obligations. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Parking space allocation
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Surname, first name, telephone number, vehicle registration number, times of use | Employee / visitor parking space management, safeguarding of house rights, detection of unauthorized parking |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the data required for administration, it is not possible to use an employee or visitor parking space on the company premises. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Mailroom
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| First name, last name, address, depending on the content of the message: date of birth, title, customer number, insurance data, patient data, bank data, industry, position, communication data | Processing incoming mail (opening, scanning, distribution) |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | The data already exists and is necessarily processed for the subsequent processes. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Key management
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Name, first name, address data, contact data, issue date, key ID | Access management to office and plant areas |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | The data are necessarily processed to carry out the key management. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Appointment management
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| First name, last name, address if applicable, e-mail address, telephone number, position, contact data, appointment data | Scheduling and management of appointments |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | If necessary, customers, suppliers / service providers or other third parties to coordinate appointments |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the data required for appointment management, the planning, management and coordination of appointments is not possible. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Contract management
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Name, first name, contact data, e-mail addresses, access data, contract terms, contract documents | Administration for contracts with customers, affiliated companies, employees, interns, suppliers, service providers (electronic and paper) |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | external legal advisors |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the data, it may not be possible to perform the agreed contractual service. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Address purchase
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Address data, contact data | Acquiring new customers through e-mail marketing |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)effectiveinformed consent (Art. 6 para. 1 a) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | Upon request and/or when the purpose ceases to exist, personal master data and communication data will be deleted immediately. |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | There is no obligation to provide personal data. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Order processing
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Name, first name, address data, communication data (e-mail, telephone), bank details, tax data (UST-ID) | Commercial and technical processing of orders |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | The data already exists and is necessarily processed for the subsequent processes. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Distribution
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| First name, last name, address, paragraphs, date of sale, order data | Distribution, order fulfillment |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | The data already exists and is necessarily processed for the subsequent processes. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
External sales support
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| First name, last name, title, address (business), e-mail address, telephone number, order data | Customer acquisition |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | No |
| Consequences of non-compliance (in case of failure to provide the required data) | There is no obligation to provide personal data. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Interest management
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Name, first name, address data, contact data, interest status | Creation, maintenance and updating, management of contacts Data is managed in the prospect / customer database |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | No |
| Consequences of non-compliance (in case of failure to provide the required data) | There is no obligation to provide personal data. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Contact management
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Personal master data / contact data (first name, last name, date of birth, address, Internet address, e-mail address, telephone number, fax number, position, interests / preferences) Industry, customer number, customer type, contact data, contact history, appointment data, contract data, customer history, payment / billing data, bank details, creditworthiness data, possibly other depending on the content of the communication. | Creation, maintenance and updating, administration of contacts (creditors, debtors, interested parties and their contact persons) and central administration of all addresses for the company and, if necessary, for provision to employees, ensuring order processing |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | No |
| Consequences of non-compliance (in case of failure to provide the required data) | There is no obligation to provide personal data. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Customer care and CRM
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Name, first name, address data, contact data (telephone, cell phone, fax, e-mail), appointments, product data, contact reports, sales figures, contact history | Support and care of existing customers, acquisition of new customers, execution of statistical evaluations for internal purposes, contact by telephone, letter, e-mail, personal visit for product presentation and service offer, measures for customer loyalty and customer advice |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | CRM customer data is deleted immediately at the time of the request, deleted after 3 years from the time of the end of the relationship in accordance with § 195 BGB (German Civil Code), deleted after 10 years from the time of the loss of purpose in accordance with. § 257 HGB, § 147 AO deleted. CRM data of interested parties will be deleted immediately at the time of the request / after the end of the purpose, |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | No |
| Consequences of non-compliance (in case of failure to provide the required data) | There is no obligation to provide personal data. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Order Report
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Personal master data, communication data, customer history, contract billing and payment data, planning and control data | Preparation of operational interim reports, orders, overview, planning |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | No |
| Consequences of non-compliance (in case of failure to provide the required data) | There is no obligation to provide personal data. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Ordering
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Name, first name, address data, contact data | Purchasing of goods for own purposes and for resale, ensuring availability of materials and resources by paper - e-mail - telephone - fax, identifying suitable suppliers, conducting price negotiations, handling returns and incorrect deliveries |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | A violation (i.e. the failure to provide the required data) would possibly result in the non-fulfillment of contractual obligations (e.g. receipt of goods or services). |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Supplier Management
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Surname, first name, address data, contact data, business activity data, ownership and history of the supplier company, management of the supplier companies, bank details, insurance data (public liability, assembly insurance, transport insurance). | Ensuring the processing of orders, ensuring the quality of the selected suppliers |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | In case of violation, the order processing and the quality of the suppliers cannot be ensured. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Acquisition
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| First name, last name, title, address (business), address (private), billing address, e-mail address, telephone number, customer number, customer type, contact data, contact history, appointment data, bank details, data on purchased goods or services, contract data, sales data, health insurance company records, patient data. | Acquiring new customers |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Informedeffective consent (Art. 6 para. 1 a)Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | No |
| Consequences of non-compliance (in case of failure to provide the required data) | There is no obligation to provide personal data. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Pictures and videos at events
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Images, videos, metadata | On- and offline marketing |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Informedeffective consent (Art. 6 para. 1 a)Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | Photographer, Printer, Social Media |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | No |
| Consequences of non-compliance (in case of failure to provide the required data) | There is no obligation to provide personal data. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Sweepstakes
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Master data | Implementation of raffles |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Informedeffective consent (Art. 6 para. 1 a)Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | No |
| Consequences of non-compliance (in case of failure to provide the required data) | There is no obligation to provide personal data. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Contact form
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Only personal data is processed to ensure the corresponding processing operation, including contact data (name, e-mail address), possibly other (depending on the content of the communication), possibly other header data, "content data" (content of e-mails - "body"). | Simplified contact with visitors to the website. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | Occasion-related |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | No |
| Consequences of non-compliance (in case of failure to provide the required data) | There is no obligation to provide personal data. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Customers - Photo and Film
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Photographs / film footage, personal master data if applicable, contact data if required | External presentation of the company, online / offline marketing |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Informedeffective consent (Art. 6 para. 1 a)Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | Photographer if necessary, marketing agency if necessary |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | No |
| Consequences of non-compliance (in case of failure to provide the required data) | There is no obligation to provide personal data. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Customer survey (anonymous)
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Only personal data is processed to ensure the appropriate processing operation, personal data is anonymized, if necessary, other header data, "content data" (content of surveys - "body"). | Measurement of customer satisfaction (responses anonymous, participation (whether) insight possible). |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Informedeffective consent (Art. 6 para. 1 a)Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | Survey service provider, if applicable |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | No |
| Consequences of non-compliance (in case of failure to provide the required data) | There is no obligation to provide personal data. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Marketing measures
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Depending on the type of processing, first name, last name, address, Internet address, e-mail address, telephone number, fax number, position, industry, customer number, type of customer, contact history, appointment data, data on interests, contract data, case data. | Marketing for goods / services / business, ordering and shipping marketing items. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | Advertising agencies, if applicable |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | No |
| Consequences of non-compliance (in case of failure to provide the required data) | There is no obligation to provide personal data. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Fair photos
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Photo / film shooting as portrait or group photo | Company presentation to the outside world, reference projects for communication with customers and suppliers |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Informedeffective consent (Art. 6 para. 1 a)Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | Photographers, customers, suppliers and third parties |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | No |
| Consequences of non-compliance (in case of failure to provide the required data) | There is no obligation to provide personal data. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Trade fair stand support
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Name, first name, address data, contact data, type of interest | Customer and prospective customer care at trade fairs, and acquisition of new customers at trade fair booths |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Implementation of pre-contractual measures (Art. 6 para. 1 b) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | No |
| Consequences of non-compliance (in case of failure to provide the required data) | There is no obligation to provide personal data. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Newsletter
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Name, first name, e-mail address, telephone number, date of birth, technical registration data (date, IP address), newsletter registration data, newsletter unsubscription data, purchase data (product categories). | Management, organization and dispatch of personalized newsletters, provision of information |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Informedeffective consent (Art. 6 para. 1 a)If applicable, within the scope of the exception pursuant to Section 7 (3) of the German Unfair Competition Act (UWG) |
| Recipient (if applicable) | Newsletter tool provider if applicable |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | No |
| Consequences of non-compliance (in case of failure to provide the required data) | There is no obligation to provide personal data. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Online marketing
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Depending on the type of processing / interaction, Pgfs. personal master data, contact data, photo / film recordings, other | External presentation of the company, online marketing, social media, website |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Informedeffective consent (Art. 6 para. 1 a)Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b) |
| Recipient (if applicable) | Photographer if necessary, marketing agency if necessary |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | No |
| Consequences of non-compliance (in case of failure to provide the required data) | There is no obligation to provide personal data. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Press
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Contact details (name, position, phone, email) | Public relations / corporate presentation |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | No |
| Consequences of non-compliance (in case of failure to provide the required data) | There is no obligation to provide personal data. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Print mailings
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Personal master data, contact data, supplier master data | Dispatch of print documents/infopost/invitations for events, presentation of the product and goods portfolio, customer and supplier contact management, information about new products and discount campaigns, promotional presentation of the company. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Informedeffective consent (Art. 6 para. 1 a)Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | Lettershop, post office, advertising agency, possibly other service providers |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | No |
| Consequences of non-compliance (in case of failure to provide the required data) | There is no obligation to provide personal data. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Social Media Marketing
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Depending on the type of processing, first name, last name, contact details, image material. | Management of social media accounts and social media marketing, external presentation of the company, presentation of reference projects, use of social media for external presentation and communication with customers and suppliers |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Informedeffective consent (Art. 6 para. 1 a)Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | If applicable, publication online |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | No |
| Consequences of non-compliance (in case of failure to provide the required data) | There is no obligation to provide personal data. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Events and functions
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Surname, first name, address data, telephone, e-mail, information on nutrition (choice of meals), bank details | Organization and implementation of events for customer retention, new customer acquisition and information |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Informedeffective consent (Art. 6 para. 1 a)Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | Lettershop (invitation and information dispatch) |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | No |
| Consequences of non-compliance (in case of failure to provide the required data) | There is no obligation to provide personal data. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Website evaluation
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| IP address, user names, click behavior, log data, website usage, IT usage | Optimization of the website and the content presented. Increase visibility and customer visits, minimize abandonment rates Analysis of visitor numbers, page views, etc. to optimize the web presence. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Informedeffective consent (Art. 6 para. 1 a)Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | Analysis service provider |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | No |
| Consequences of non-compliance (in case of failure to provide the required data) | There is no obligation to provide personal data. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Analysis and reporting
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Financial data, personnel data, production data | Reporting of company data to reveal hidden costs, market analysis, preparation of business reports |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | No |
| Consequences of non-compliance (in case of failure to provide the required data) | There is no obligation to provide personal data. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Attorney and court documents
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Depending on the individual case | Protection of legal interests of the company, for professional evaluation of contracts, documents, etc. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | Specialist lawyer, public prosecutor, jurisdiction, EU conciliation body |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | There is a legal obligation to provide the personal data. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Information procedure of the person concerned
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Name, first name, address data, contact data, data on the person of the person concerned, data on recipients | Administration to the information procedure of data subjects, by telephone, e-mail, letter post. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | ext. DPO |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | There is a legal obligation to provide the personal data. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Tenders
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Personal master data, communication data, contract master data, planning and control data, if applicable further, information on the company, on previous projects, on the qualification of the employees, on the fulfillment of legal obligations (e.g. compliance with the minimum wage), etc. | Submitting suitable offers to potential customers in public tender procedures. Successful participation in tenders and awarding of contracts. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | No |
| Consequences of non-compliance (in case of failure to provide the required data) | There is no obligation to provide personal data. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Controlling
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| First name, last name, address, e-mail address, telephone number, customer number, customer type, contact data, contract data, inventory data, usage data, sales data | Planning, management and control of all corporate divisions |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | If applicable, management consulting |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | No |
| Consequences of non-compliance (in case of failure to provide the required data) | There is no obligation to provide personal data. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Data to StB, WP, customs authorities
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Name, first name, address data, contact data, bank data, insurance number, date of birth, ID data | Data transfer regarding BWA, account assignment, tax data / tax closing / customs clearance, etc. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | Authorities, tax advisors, auditors, service providers and their contacts |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | There is a legal obligation to provide the personal data. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Data to management consultant
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Name, first name, address data, contact data, salary data, age, sales figures | To fulfill the contractually agreed consulting objective. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b) |
| Recipient (if applicable) | External management consultants |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the personal data in question, it is not possible to carry out this and any other business processes. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Project Management
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| First name, last name, address, e-mail address, telephone number, fax number, industry, position, appointment data, contract data, communication data, sales data | Leading, controlling, coordinating projects of all kinds, such as generating new business, planning complex IT systems or optimizing business processes, managing any projects in the company |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | Customers, interested parties, suppliers, craftsmen, authorities, service providers, as well as their contact persons |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | No |
| Consequences of non-compliance (in case of failure to provide the required data) | There is no obligation to provide personal data. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Complaint management
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Name, first name, address data, contact data | Handling of complaints, improvements in the company |
|
| Legal basis (according to Art. 6 / 9 GDPR) | |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the personal data in question, it is not possible to carry out this and any other business processes. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Audit, Compliance
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Depending on the case: first name, last name, e-mail address, telephone number, date of birth, marital status, position, contact data, contact history, appointment data, bank details, VAT registration number, contract data, inventory data, usage data, content data, communication data, social security data, working hours, wage/salary data, tax classes. | Verification of the legal conformity of business processes in the company |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | Auditor, if applicable |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the personal data in question, it is not possible to carry out this and any other business processes. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Technical equipment
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| First name, last name, date of birth, address, telephone number | Technical equipment to ensure the fulfillment of the tasks of the persons working for the company. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b) |
| Recipient (if applicable) | Service provider, if applicable |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the personal data in question, it is not possible to carry out this and any other business processes. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Warehouse management
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| First name, last name, telephone number if applicable, address | Warehouse management |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | Logistics software manufacturer, shipping service provider / freight forwarding company |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the personal data in question, it is not possible to carry out this and any other business processes. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Delivery and shipping
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Only personal data to ensure the corresponding processing operation is processed, personal master data (surname, first name, address data), communication data (e.g. telephone, e-mail), contract master data (contractual relationship, product or contractual interest). | Goods transport / delivery of sample requests Delivery processing (service providers and suppliers), product shipment to customers. Data transfer to shipping service providers (freight forwarding / KPE services (courier parcel express service)). |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | Logistics software manufacturer, shipping service provider / freight forwarding company |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | Obligation to provide the data due to the contractual relationship between the person responsible and the data subject. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Logistics
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Only personal data to ensure the corresponding processing operation is processed, personal master data / communication data (first name, last name, title, address, patient data, telephone number, contact data, customer number, date of birth), contract master data (contractual relationship, product or contractual interest). | Collection and dispatch of goods (see also delivery and dispatch) Picking of orders, delivery of orders Courier services (taking documents) |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | Logistics software manufacturer, shipping service provider / freight forwarding company |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the personal data in question, it is not possible to carry out this and any other business processes. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Customs clearance in own company
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Name, address data, contact data. | Compliance with customs regulations for customs clearance for the delivery and shipment of goods |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | Authorities, forwarder, service provider |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | There is a legal obligation to provide the personal data in order to comply with customs regulations. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
App development
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Contact data, project data, system data, storage location-related data from SAP, product data | Creation and further development of apps |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of a contract (Art. 6 para. 1 b)Safeguarding legitimate interests (Art. 6 para. 1 f), |
| Recipient (if applicable) | Service provider, if applicable |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | No |
| Consequences of non-compliance (in case of failure to provide the required data) | There is no obligation to provide personal data. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
CAD design
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Name, first name, address data, contact data, design data | Computer-aided creation of designs and modeling for customer projects |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b) |
| Recipient (if applicable) | CAD software service provider, if applicable |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | No |
| Consequences of non-compliance (in case of failure to provide the required data) | There is no obligation to provide personal data. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Planning and production control
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Name, first name, address data, contact data | Planning and control of production orders |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | No |
| Consequences of non-compliance (in case of failure to provide the required data) | There is no obligation to provide personal data. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Quality assurance
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Last name, first name, address data, contact data | Ensuring product quality |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | If necessary, external QM representative |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | No |
| Consequences of non-compliance (in case of failure to provide the required data) | There is no obligation to provide personal data. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Software development
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Contact data, project data, system data, storage location-related data from SAP, product data | Development and further development of various software |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of a contract (Art. 6 para. 1 b)Safeguarding legitimate interests (Art. 6 para. 1 f), |
| Recipient (if applicable) | Service provider, if applicable |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | No |
| Consequences of non-compliance (in case of failure to provide the required data) | There is no obligation to provide personal data. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Call processing
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Name, first name, user name, telecommunication data | Troubleshooting of customer systems, compilation of statistics for quality control purposes |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | No |
| Consequences of non-compliance (in case of failure to provide the required data) | There is no obligation to provide personal data. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Call center
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Name, first name, address data, contact data | Call center to take customer calls, for telephone sales, hotline to answer product questions. Accepting customer services, maintaining existing customers, acquiring new customers. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b) |
| Recipient (if applicable) | external call center service provider |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | No |
| Consequences of non-compliance (in case of failure to provide the required data) | There is no obligation to provide personal data. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Customer support
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| planned no processing of pb data, but due to the service access to pb data cannot be excluded | Support for customers via remote desktop software |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | No |
| Consequences of non-compliance (in case of failure to provide the required data) | There is no obligation to provide personal data. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Facility Management
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| First name, last name, email address, phone number, contact history, appointment data, contract data, photos | Care and maintenance of real estate and buildings used by the company. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b) |
| Recipient (if applicable) | Service providers who provide facility management services. Other third parties, if applicable. |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the data in question, it is not possible to carry out the aforementioned processes. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Elimination of defects
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Address data, contract data (maintenance contracts), contact data | Elimination of defects in real estate |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Informedeffective consent (Art. 6 para. 1 a)Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | Ext. service provider building insurance, if it is an insurance damage, owner of the object after consultation, especially in case of major damage. Minor repairs are usually arranged without consultation. |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | No |
| Consequences of non-compliance (in case of failure to provide the required data) | There is no obligation to provide personal data. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Rent certificate
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Address data, contract data, payment data (rent arrears) | Issuance of certificates required by tenants, e.g. to apply for benefits from public authorities |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Informedeffective consent (Art. 6 para. 1 a) |
| Recipient (if applicable) | Job center, social welfare office, child benefit office, housing promotion department at city/county administration |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | Without consent to disclosure, an issued certificate cannot be forwarded directly to the agency in question. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Object accounting
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Address data, contract data, payment data, bank details | Accounting and payment transactions for real estate |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of a contract (Art. 6 para. 1 b)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | The owner of the property receives information in the event of irregularities or major delays in payment, and once a year a statement of account, which he can use for his tax return. The house statement only contains totals, not exact, personal payment data. |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | In case of violation, detailed object accounting cannot be performed. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Object data maintenance
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Address data, bank details, contact data, contract data, payment data | General client management, performing contractual duties to manage properties on behalf of owners. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | In case of violation, the owner can not fulfill its contractual obligations. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |
Takeover WEG
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Address data, contact data, bank data | Conclusion of contract, order processing |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b) |
| Recipient (if applicable) | Existing tenants will be informed about the takeover of the WEG management, if necessary. |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | In case of violation, the contract cannot be concluded. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject himself, but may also come from third parties. |