Data protection information according to Art. 13 and 14 GDPR
With the following information, we would like to give you an overview of the personal data processed by us and inform you about your rights under the data protection laws.
1. Responsible entity for data processing and contact details of the data protection officer
DIEFFENBACHER GMBH Maschinen- und Anlagenbau
Heilbronner Strasse 20,
Telephone: +49 (0) 7262 / 65-0
Data protection officer:
Email to firstname.lastname@example.org
or at our postal address with the addition "the data protection officer".
2. From which sources does the personal data come?
We process personal data that we have obtained from business relationships (such as with customers or suppliers) or inquiries sent to our company. As a rule, we receive this data directly from the contracting party or a person sending an inquiry. However, personal data may also come from public sources (for example, a commercial register) if the processing of such data is permitted. Data may also have been transmitted to us by other companies. Depending on the individual case, we also store our own information about this data (for example, as part of an ongoing business relationship). Depending on the individual case, this may involve master data (e.g., name, address), contact data (e.g., telephone number, email address), contract and billing data for the fulfillment of our contractual obligations or necessary data for processing an inquiry and, if necessary, credit data, advertising and sales data and other data from comparable categories.
3. For what purposes and on what legal basis is the personal data processed?
We process personal data in compliance with data protection laws; in particular, the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).
a) In the context of the fulfillment of a contract or the implementation of pre-contractual measures (Art. 6(1)(1)(b) GDPR)
We process personal data primarily for the purpose of fulfilling contractual obligations and the provision of related services or in the context of a corresponding contract initiation (e.g., contract negotiations, offer preparation). The specific purposes are based on the respective service or product to which the business relationship or the initiation of the contract relates.
b) In the context of the fulfillment of a legal obligation (Art. 6(1)(1)(c) GDPR)
In many situations, we are required by law to collect certain personal data from you and to forward it or make it available to certain – usually public – entities. For example, we provide the tax authorities with the personal data necessary for tax calculation in accordance with the relevant statutory provisions.
c) In the context of the balancing of interests (Art. 6(1)(1)(f) GDPR)
In addition, we collect and process personal data for the purpose of exercising legitimate interests in the following situations:
- Processing general inquiries about our products and services
- Checking the creditworthiness via relevant credit agencies for the assessment of a default risk in the case of a business relationship
- Advertising or market research
- Video surveillance to safeguard the property rights on our company premises or in the company building
- Asserting legal claims and defense in legal disputes
- Ensuring IT operation and IT security
- Measures for building and plant security (e.g., access authorizations)
- Measures to improve our internal business processes and for product optimization
d) In the context of a consent (Art. 6(1) (1)(a) GDPR)
In some situations, the processing of your personal data is not mandatory and only permitted with your consent. In these cases, we draw your attention to this fact, in particular to the voluntary nature of the consent and its revocability at any time with effect for the future.
This is the case, for example,
- for some data processing via our website (see privacy notice on our website)
- in some advertising situations (existence of an advertising consent, if legally required)
4. Recipients of the personal data
In general, the company only grants access to your data by entities that need to work with your data ("need-to-know" principle), i.e., access to this data to fulfill a contractual or legal obligation. These may also be service providers and vicarious agents who act on behalf of the company and/or have been obligated to confidential processing of the data.
In certain situations, we will transmit your data to
- public authorities (e.g., tax authorities) when there is a legal obligation
- other companies in the context of the execution of the contractual relationship, in the context of a balance of interests or on the basis of your consent. In individual cases, depending on the business relationship or order, they can be, for example, companies involved in the provision of our services, logistics partners, marketing service providers, credit agencies, banks, tax consultants or lawyers.
5. Is data transmitted to a third country or to an international organization?
We transmit personal data to other entities in countries outside the European Union (third country), as far as it is necessary for the execution of the business relationship, it is prescribed by law or you have given us your consent to this. In certain situations, we use or reserve the right to use service providers who may either be based in a third country or who may in turn have service providers based in a third country. Data transmission to a third country is permissible under Art. 45 GDPR if the European Commission has determined that an adequate level of protection exists in a third country. In the absence of such a decision, data transmission to a third country is permitted if the responsible body has provided appropriate safeguards (e.g., so-called standard data protection clauses enacted by the European Commission) and enforceable rights and effective legal remedies are available to the data subject (Art. 46 GDPR).
We only work with entities in a third country that meet the listed criteria.
6. Storage duration of the data
We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations. If the storage of personal data to fulfill these obligations is no longer required, it will be deleted, unless there are statutory retention obligations, such as commercial and fiscal retention obligations as specified in the German fiscal code and German commercial code (6 or 10 years) and for the preservation of evidence in the context of the statute of limitations.
7. Rights of the person affected
You have the following rights towards us with regard to personal data concerning yourself:
- Right to information
- Right to correction or deletion
- Right to limitation of processing
- Right to object to processing
- Right to data transferability.
You also have the right to complain to a data protection supervisory authority about our processing of your personal data.
However, you also have the possibility to contact our company data protection officer (also confidentially). If you have given us your consent (Art. 6(1)(1)(a) GDPR), you can revoke it at any time with effect for the future. In so far as we base the processing of your personal data on the balancing of interests (Art. 6(1)(1)(f) GDPR), you may object to the processing. When exercising such objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either cease or amend data processing or indicate to you our compelling legitimate reasons, on the basis of which we will continue processing your data. You can object to the processing of your personal data for the purposes of advertising at any time.
8. Obligation to provide data
You must, in the course of the execution or initiation of a contract, provide the personal data necessary to fulfill the contract or to carry out any pre-contractual measures and the related duties. Furthermore, you must provide the personal data we are required to collect by law. Without providing this data, we will not be able to conclude or fulfill a contract with you. In cases where the data collection is based on consent, the provision of data by you is voluntary and not compulsory. However, if we do not receive your consent, we will not be able to provide the services based on data processing by consent. You can revoke your consent at any time, even after it has been granted, with effect for the future.
9. Does an automated decision-making or profiling take place?