1 General
This privacy policy regulates and informs about the handling of personal data and data processing by:
The responsible person (in the context of the General Data Protection Regulation (GDPR) and other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature):
TachoControl DATA GmbH
Managing Director: Ralf Semmler
Kuhnbergstr. 31
73037 Göppingen
Telefon: 07161/98481280
Telefax: 07161/98481288
E-Mail: info@tachocontrol-data.de
The data protection officer of the responsible party can be contacted at the following address:
datenschutz@tachocontrol-data.de
We would like to inform you about the type, scope and purpose of the personal data we collect, use and process and also inform you about your rights.
The data protection guidelines apply to our online offers (e.g. websites, apps, social media) as well as to our other offline activities (e.g. service provision, communication, documentation).
The use of the website is possible without providing personal data. Personal data means any information relating to an identified or identifiable natural person.
Processing of personal data may become necessary, if special services of our company are requested via our website.
Processing means any operation performed upon personal data, whether or not by automated means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, query, use, erasure, destruction or any other form of provision of data.
If there is no legal basis for processing, we generally obtain the consent of the concerned person.
Consent is any voluntarily provided expression of will in the form of a statement or other unambiguous affirmative action indicating that consent has been given for processing personal data.
The processing of your personal data, for example the name, address, email address or telephone number, is always carried out in accordance with the General Data Protection Regulation and with the country-specific data protection regulations applicable to our company.
Being responsible for the processing, our company has implemented numerous technical and organisational measures to ensure the most complete protection possible of the personal data that is processed through this website. Nevertheless, absolute protection cannot be guaranteed due to security gaps.
For this reason, you are also free to submit personal data to us by alternative means, for example by telephone or in writing.
2 Cookies
We use cookies on our website. Cookies are text files which are stored on a computer system via an internet browser.
Many cookies contain a so-called cookie ID, i.e. a unique identifier of the cookie. It consists of a character string by which websites and servers can be assigned to the specific internet browser in which the cookie was stored. This enables the visited websites and servers to distinguish the individual browser of the person concerned from other internet browsers that contain other cookies. Thus, a specific internet browser can be recognised and identified via the cookie ID.
We use cookies to make it more convenient to use our website. The user of a website that uses cookies, does not have to enter access data each time the website is accessed, for example, because this is taken over by the website, and the cookie stored on the user’s computer system.
For this purpose, we use session cookies, which can be used to recognise that you have visited individual pages of our website. They are automatically deleted when you leave our website.
Moreover, we also use temporary cookies to optimise user friendliness; they are stored on your end device for a specific, defined period. If the page is visited again, it is automatically identified that you have already visited us and which settings and entries you have made, so that you do not have to perform them again.
The data processed by the cookies is required for the stated purpose of protecting our legitimate interests and those of third parties in accordance with § 6 para 1 sentence 1 lit. f) of the GDPR (DSGVO).
Most browsers accept cookies automatically. However, you can configure your browser to prevent any cookies being stored on your computer or to display a warning before a new cookie is created.
You can prevent our website from setting cookies at any time using a corresponding setting of the internet browser that is used and thus permanently objecting to setting cookies. Cookies that have already been set can be deleted at any time via an internet browser or other software programmes. This is possible in all popular internet browsers. If the concerned person completely deactivates the setting of cookies in the internet browser in use, it is possible that not all functions of our website can be fully used.
3 Collection of general and personal data
a) When visiting the website,
Our website collects general data and information each time you or an automated system access the website. This data is temporarily stored in a log file of the server.
The following information may be collected and stored until deleted automatically:
- browser types and versions used,
- the operating system used by the accessing system and the name of the access provider,
- the website from which an accessing system reaches this website (referrer- URL),
- the sub-websites, which are accessed via an accessing system on this website,
- the date and time the website was accessed,
- an internet protocol address (IP address) of the accessing computer,
- the internet service provider of the accessing system and
- other similar data and information used for security purposes in the event of attacks on our information technology systems.
This data and information is never used to draw conclusions about personal data or personal identifications. Rather, this information is required
- to ensure a smooth connection to the website and comfortable use of the website
- to optimise the content of this website as well as the advertising,
- evaluate system security and stability
- to provide law enforcement authorities with the information necessary for law enforcement in the event of a cyber attack
- achieve other administrative purposes.
The legal foundation for data processing is set out in § 6 para 1 sentence 1 lit. f) of the GDPR (DSGVO). Our legitimate interest can be inferred from the purposes of data collection as listed above. On no account will we use the data we collect to draw inferences about you personally.
The data and information collected anonymously are used statistically and with the aim of increasing data protection and data security in our company. This is to ensure an optimal level of protection for the personal data we process.
The anonymous data of the server log files is stored separately from all personal data provided by a concerned person.
b) for orders via the online shop on the website
If you wish to place orders in our online shop, we offer you the option to register as a customer in our shop for future orders. Registration offers the advantage that you can log in directly to our shop with your email address and password in the event of future orders without having to enter your contact details again.
In the process, your personal data is entered directly into our input screen and transmitted to us and stored.
When you register in the shop, we first collect the following data:
(1) First and last name, title
(2) Valid email address
(3) Postal address
(4) Telephone number
This data is collected exclusively for the following purposes:
(1) Identification as a customer
(2) Processing, fulfilment and settlement of the order
(3) Customer correspondence
(4) Invoicing
(5) Assertion of claims against customers
(6) Ensuring technical administration of the website
(7) Administration of customer data
As part of the ordering process, we obtain consent from you to process this data.
The data processing is carried out based on your order and/or registration and is necessary in accordance with § 6 para 1 sentence 1 lit. b) of the GDPR (DSGVO) for the above-mentioned purposes for the proper processing of your order and for the mutual fulfilment of obligations arising from the concluded purchase contract.
4 Registration on our website
You have the option of registering on our website by providing personal data.
The personal data that is transmitted to us in this process comes from the respective input screen used for the registration. The personal data entered is collected and stored exclusively for our internal use and for our own purposes. A transfer to one or more order processors, such as parcel service providers, may be arranged if the personal data is used exclusively for internal use attributable to us.
The IP address assigned by your internet service provider (ISP), the date and the time of registration are stored on registering on our website. Storing this data can prevent misuse of our services and, if necessary, the data can help solve crimes that have been committed. The storage of this data is therefore necessary for our protection. Generally, this data is not passed on to third parties unless there is a legal obligation to pass it on or passing on serves the purpose of criminal prosecution.
We use your registration to offer you content or services that can only be offered to registered users. You are free to change the personal data you provided during registration at any time or to have it completely deleted from our database.
Upon request, we will provide you information about your personal data we have stored, at any time. At your request, we will correct or delete your personal data if there are no legal obligations to retain such data. The officer responsible for the data processing or another employee shall be available as a contact person in this context.
5 Disclosure of personal data when ordering via the online shop
When ordering via the online shop, your personal data may be passed on by us to third parties. However, this is only done to the service partners involved in the processing of the contract, such as logistics companies commissioned with the delivery or financial institutions tasked with payment matters, and then only to the minimum extent necessary for their further processing.
Your personal data will not be transferred to third parties for purposes other than those mentioned above.
We also pass on your personal data to third parties only if
- you have given your express consent to this in accordance with § 6 para 1 sentence 1 lit. a) of the GDPR (DSGVO)
- transfer is necessary in accordance with § 6 para 1 sentence 1 lit f) of the GDPR (DSGVO) for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding, sensitive interest in the non-transfer of your data,
- a legal obligation exists for the disclosure in accordance with § 6 para 1 sentence 1 lit. c) of the GDPR (DSGVO),
- this is legally permissible and necessary for the processing of contractual relationships with you in accordance with § 6 para 1 sentence 1 lit. b) of the GDPR (DSGVO).
During the ordering process, we obtain consent from you to share your data with third parties.
6 Data protection regulations for PayPal as a payment method
We have integrated components of PayPal on this website. PayPal is an online payment service provider. Payments are processed via so-called PayPal accounts, which are virtual private or business accounts. PayPal also offers the option of processing virtual payments via credit cards if a user does not have a PayPal account. A PayPal account is managed via an email address, which is why there is no classic account number. PayPal makes it possible to initiate online payments to third parties or also to receive payments. PayPal also assumes trustee functions and offers buyer protection services.
The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.
If you select “PayPal” as a payment method during the ordering process in our online shop, your data will be automatically transmitted to PayPal. By selecting this payment method, you thus consent to the transmission of personal data required for payment processing.
The personal data transmitted to PayPal usually includes first name, last name, address, email address, IP address, telephone number, mobile phone number or other data necessary for payment processing. Personal data related to the respective order is also necessary for processing the purchase contract.
The purpose of transmitting the data is payment processing and fraud prevention.
We will transmit personal data to PayPal in particular if there is a legitimate interest for the transmission. The personal data exchanged between PayPal and us may be transmitted by PayPal to credit agencies for the purposes of identity and credit checks. PayPal may share personal data with affiliated companies and service providers or subcontractors to the extent necessary to fulfil its contractual obligations or to process the data on its behalf.
You have the option of revoking your consent to the handling of personal data at any time vis-à-vis PayPal. A revocation does not affect personal data that must be processed, used or transmitted for (contractual) payment processing.
PayPal’s applicable privacy policy can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
7 Privacy policy on Apple Pay as a payment method
If you choose the “Apple Pay” payment method of Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment processing will be carried out via the “Apple Pay” function of your end device running iOS, watchOS or macOS by charging a payment card deposited with “Apple Pay”. Apple Pay uses security features built into the hardware and software of your device to protect your transactions. In order to release a payment, you must enter a code previously defined by you and verify it using the “Face ID” or “Touch ID” function of your end device.
For the purpose of payment processing, the information you provide during the ordering process, together with information about your order, will be passed on to Apple in encrypted form. Apple then encrypts this data again with a developer-specific key before the data is transmitted to the payment service provider of the payment card stored in Apple Pay to carry out the payment. Encryption ensures that only the website through which the purchase was made can access the payment data. After the payment has been made, Apple sends your device account number and a transaction-specific dynamic security code to the source website to confirm the success of the payment.
Insofar as personal data is processed during the described transfers, the processing is carried out exclusively for the purpose of payment processing in accordance with § 6 para 1 lit. b) of the GDPR (DSGVO).
Apple retains anonymised transaction data, including the approximate amount of the purchase, the approximate date and time, and whether the transaction was completed successfully. Anonymisation completely excludes any reference to a person. Apple uses the anonymised data to improve Apple Pay and other Apple products and services.
When you use Apple Pay on the iPhone or Apple Watch to complete a purchase made through Safari on the Mac, the Mac and the authorisation device communicate over an encrypted channel on Apple’s servers. Apple does not process or store any of this information in a format that can identify you personally. You can disable the ability to use Apple Pay on your Mac in the settings of your iPhone. Go to “Wallet & Apple Pay”, and deactivate “Allow payments on Mac”.
Further information on data protection with Apple Pay can be found at the following link: https://support.apple.com/de-de/HT203027
8 Use of our contact form on the website
We offer you the option to contact us via a form provided on our website in case of questions of any kind. This enables quick electronic contact with our company as well as an immediate communication with us, and requires you to provide a valid email address. If contact is made with us via the contact form, the personal data transmitted is automatically stored.
Data processing for the purpose of contacting us takes place in accordance with § 6 para 1 sentence 1 lit. a) of the GDPR (DSGVO) and on the basis of the consent provided by you voluntarily.
The personal data transmitted to us voluntarily will be stored for the purpose of processing or contacting you. This personal data will not be passed on to third parties.
We will delete the personal data collected for use of the contact form as soon as we have completed the matter addressed in your enquiry.
9 Use of Google Maps
We use Google Maps operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. to display maps for the purpose of creating directions on our website.
By using Google Maps, information about your use of this website (including your IP address) may be transmitted to and stored by Google on servers in the United States.
The terms of use can be found on the provider’s pages.
You have the option of easily deactivating Google Maps, thereby preventing any data transfer to Google. To do this, deactivate JavaScript in your browser. However, we would like to point out that, in this case, you will not be able to use the map display.
10 Link to Facebook
You will find a button that links to our Facebook page on our website.
By clicking on this button you will be redirected to our Facebook page. Facebook is a social network, i.e. an online community that makes it possible for internet users to communicate with each other virtually or to exchange opinions and experiences. Facebook allows users of the social network to create private profiles, upload photos and network via friend requests, among other things.
The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If you live outside the US or Canada, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland is responsible for the processing of personal data.
When you access our website, Facebook cannot yet access your personal data. When you are on our Facebook page, the corresponding data protection regulations of Facebook apply with regard to the collection and protection of your personal data.
You can obtain information about how Facebook collects, processes and uses personal data via the data policy published by Facebook, which you can access at https://de-de.facebook.com/about/privacy/. It also describes the setting options Facebook offers to protect your privacy.
11 Link to YouTube
You will find a button that links to YouTube on our website .
When you click on this button, you will be redirected to YouTube where you can watch a video about our company.
YouTube does not store any information about you when you just access and visit our website. Only when you click on the button will you be redirected to YouTube, which means that your IP address will be transmitted to YouTube.
We have no knowledge of and no influence on the possible collection and use of your data by YouTube.
For more information, please see YouTube’s privacy policy at www.google.de/intl/de/policies/privacy/.
With regard to the general handling of cookies and their deactivation, we also refer to our general statement in this data protection declaration.
12 Integration of third-party services and content
Our website may include content, services and utilities of other providers. These are, for example, maps, videos, graphics and images from other websites. It is absolutely necessary to transmit the IP address to access and display this data in your browser, The providers can therefore note your IP address.
Although we endeavour to only use third-party providers that only need the IP address to be able to deliver contents, we have no influence on whether the IP address may possibly be stored. In this case, this process serves statistical purposes, among other things.
If we have positive knowledge that the IP address is stored, we will of course inform you of this.
13 Use of Google Web Fonts
For the uniform display of fonts, we use web fonts provided by Google on our website. When you open a page on our website, your browser loads the required web fonts to your browser cache in order to display texts and fonts correctly. If your browser does not support web fonts, a standard font is used by your computer.
You can find more information about Google Web Fonts at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://www.google.com/policies/privacy/
14 SSL encryption
We use SSL encryption to ensure the best possible protection of your transmitted data. You can recognise encrypted connections by the prefix “https://” in the page link in the address line of your browser. Unencrypted pages have the prefix “http://”.
Any data that you transmit to this website, for example when making enquiries or logging in, cannot be read by third parties thanks to SSL encryption.
15 Routine deletion and blocking of personal data
We process and store collected personal data only for the period of time necessary to achieve the purpose of the storage or if this has been stipulated by the European regulator or other legislator in laws or regulations to which we are subject.
If the purpose of the storage no longer applies or a storage period prescribed by the European regulator or other competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
16 Rights of concerned persons
Due to the fact that personal data may be collected when using our website, you as the person affected by the processing of personal data have the following rights:
a) Right to confirmation
As a person affected by the processing of personal data, you have the right granted by the European regulator to request confirmation from us as to whether the personal data in question is being processed. If you wish to exercise this right of confirmation, you can contact our data protection officer or a member of staff responsible for data processing at any time.
b) Right to information in accordance with § 15 of the GDPR (DSGVO)
As a person affected by the processing of personal data, you have the right granted by the European regulator to request information from us about your personal data that is stored or processed and to receive a copy of this information at any time and free of charge. In particular, you can request information about:
- the purposes of the processing
- the category of personal data
- the recipients or categories of recipients to whom your personal data have been or will be disclosed, including in particular recipients in third countries or international organisations
- the planned storage period or, if this is not possible, the criteria for determining this period
- the existence of a right to rectify or delete your personal data or to restrict processing or to object to such processing
- the existence of the right to lodge a complaint with a supervisory authority
- the origin of your data or, if the personal data is not collected from you: all available information about the origin of the data
- the existence of automated decision-making, including profiling, in accordance with § 22 paras 1and 4 of the GDPR (DSGVO) and – at least in these cases – meaningful information about its details
Where your personal data has been transferred to a third country or international organisation, you have the right to be informed of the appropriate safeguards in relation to the transfer.
If you wish to exercise this right to information, you can contact a data protection officer or an employee responsible for data processing at any time.
c) Right to rectification of personal data in accordance with § 16 of the GDPR (DSGVO)
As a person affected by the processing of personal data, you have the right granted by the European regulator to demand the immediate rectification of inaccurate personal data concerning you. You also have the right to request the completion of incomplete personal data, taking into account the purposes of the processing.
If you wish to exercise this right of rectification, you can contact our data protection officer or an employee responsible for data processing at any time.
d) Right to deletion of personal data in accordance with § 17 of the GDPR (DSGVO)
As a person affected by the processing of personal data, you have the right granted by the European regulator to demand that your personal data be deleted without delay, insofar as the processing is not necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims, if one of the following grounds applies:
- the personal data was collected or otherwise processed for purposes for which it is no longer necessary
- the concerned person revokes the consent on which the processing was based in accordance with § 6 para 1 lit. a) or § 9 para 2 lit a) of the GDPR (DSGVO) and there is no other legal basis for the processing.
- the concerned person objects to the processing in accordance with § 21 para 1 of the GDPR (DSGVO) and there are no overriding legitimate grounds for the processing, or the person concerned objects to the processing in accordance with § 21 para 2 of the GDPR (DSGVO).
- the personal data has been processed unlawfully.
- Your personal data must be deleted for compliance with a legal obligation in accordance with EU law or the law of a Member State to which we are subject
- Your personal data has been collected in relation to the services offered by the information society referred to in § 8 para 1 of the GDPR (DSGVO).
If one of the above reasons applies and you wish to delete personal data stored by us, you can contact our data protection officer or an employee responsible for data processing at any time. The latter will then immediately take care of the deletion.
If the personal data has been made public by us and we as the responsible party are obliged to delete the personal data in accordance with § 17 para 1 of the GDPR (DSGVO), we shall take reasonable measures, including making use of technical means and insofar as technically feasible, to inform other responsible parties which process the published personal data about this and to obtain deletion of the personal data, insofar as the processing is not necessary. The employee responsible for the processing of personal data or our data protection officer will take the necessary steps in individual cases.
e) Right to restrict the processing of personal data in accordance with § 18 of the GDPR (DSGVO)
As a person affected by the processing of personal data, you have the right granted by the European regulator to demand that we restrict processing if one of the following conditions is met:
- the accuracy of the personal data is contested by you for a period of time that enables us to verify the accuracy of the personal data.
- the processing is unlawful, but you object to the deletion of the personal data, request instead that the use of the personal data be restricted and we no longer need your data
- we no longer need the personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims.
- You have objected to the processing in accordance with § 21 para 1 of the GDPR (DSGVO) and it has not yet been established that there are legitimate grounds on our part which outweigh your grounds
If one of the above conditions is met and you wish to request the restriction of personal data stored by us, you may at any time contact a member of staff responsible for processing or our data protection officer, who will then arrange for the restriction of processing.
f) Right to data portability
As a person affected by the processing of personal data, you have the right granted by the European regulator to receive the personal data concerning you, which you have provided to us, in a structured, established and machine-readable format. You also have the right to transmit this data to another responsible party, provided that the processing is based on consent in accordance with § 6 para 1 lit. a) of the GDPR (DSGVO) or § 9 para 2 lit a) of the GDPR (DSGVO) or on a contract in accordance with § 6 para 1 lit. b) of the GDPR (DSGVO) and the processing is carried out with the aid of automated procedures, unless the processing is necessary for the performance of a task carried out in public interest or to exercise official authority vested in us.
In addition, when exercising your right to data portability in accordance with § 20 para 1 of the GDPR (DSGVO) , you have the right to request that your personal data be transferred directly from us to another responsible party if the technical conditions for this are met and if this does not adversely affect the rights and freedoms of other persons.
To assert the right to data portability, you can contact a member of staff responsible for processing the data at any time.
g) Right of objection in accordance with § 21 of the GDPR (DSGVO)
As a person affected by the processing of personal data, you have the right granted by the European regulator to object at any time to the processing of personal data concerning you, provided that the processing of your personal data is based on legitimate interests in accordance with § 6 para 1 lit. e) and f) of the GDPR (DSGVO).
The right to object requires that there are reasons arising from your particular situation or that the objection is directed against direct marketing.
In the event of an objection, your personal data will no longer be processed unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms. The same applies if the processing serves the assertion, exercise or defence of legal claims.
If we process personal data for the purpose of direct marketing, you have the right to object at any time to the processing of personal data for the purpose of such marketing without the existence or indication of a specific situation. This also applies to any profiling insofar as it is connected with such direct marketing.
If you object to the processing for direct marketing purposes, we will no longer process the personal data for these purposes.
You also have the right to object to the processing of your personal data carried out by us for scientific or historical research purposes or for statistical purposes in accordance with § 89 para 1 of the GDPR (DSGVO) on grounds relating to your particular situation, unless such processing is necessary for the performance of a task carried out in public interest.
To exercise the right to object, you can contact a member of staff responsible for data processing or our data protection officer directly. It is also sufficient to send an objection by email to the email address given on our website.
You are also entitled to exercise your right to object by means of automated procedures using technical specifications in connection with the use of information society services, notwithstanding Directive 2002/58/EC.
h) Automated decisions in individual cases (including profiling)
As a concerned person with respect to the processing of personal data, you have the right granted by the European regulator to not be subject to a decision based solely on automated processing (including profiling) which produces legal effects concerning you or significantly affects you in a similar way, provided that the decision
- is not necessary to conclude or fulfil a contract between us and you, or
- is permitted by EU law or Member State law to which the responsible party is subject, and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or
- is based on your explicit consent.
If the decision is necessary for the contract concluded with us or for the fulfilment of the contract, or if it is made with your explicit consent, we will take appropriate measures to protect your rights and freedoms as well as your legitimate interests.
If you wish to assert your rights in relation to automated decisions, you can contact a member of staff responsible for data processing or our data protection officer at any time.
i) Right of revocation of consent in accordance with § 7 para 3 of the GDPR (DSGVO)
As a person affected by the processing of personal data, you have the right granted by the European regulator to revoke at any time a consent granted to us for the processing of personal data, with the consequence that we may no longer continue the data processing based on this consent for the future.
If you wish to exercise your right to withdraw consent, you may do so at any time by contacting a member of staff responsible for data processing or our data protection officer.
17 Legal basis of the processing
§ 6 I a) of the GDPR (DSGVO) serves as the legal basis for our company for those processing operations where we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the fulfilment of a contract with you (e.g. for the provision of services or delivery), the processing is based on § 6 I b) of the GDPR (DSGVO). The same applies to such processing operations that are necessary for pre-contractual measures, e.g. enquiries about services.
If we are subject to legal obligations that make the processing of personal data necessary, such as for the fulfilment of tax obligations, the processing is in accordance with § 6 I c) of the GDPR (DSGVO).
In exceptional cases, the processing of personal data may become necessary in order to protect the vital interests of the concerned person or of another natural person. This would be the case, for example, if you were to suffer injury on our premises and contact details or other vital information needed to be passed on to a doctor, hospital or other third party. In this case, the processing would be in accordance with § 6 I d) of the GDPR (DSGVO).
Finally, processing operations may also be in accordance with § 6 I f) of the GDPR (DSGVO) if they are not covered by any of the aforementioned legal bases, the processing is necessary to protect the legitimate interests of our company or a third party and our interests, your interests, fundamental rights and freedoms do not override these. We are permitted to carry out such processing operations mainly because they have been specifically mentioned by the European legislator. The latter took the view that a legitimate interest could be assumed, for example, if you are our contractual partner (recital 47, sentence 2 of the GDPR (DSGVO)).
Generally, your personal data will not be transferred to third parties.
Exceptions to this apply only if we are legally obliged to do so or if the transfer is necessary for the processing of contractual relationships with you in accordance with § 6 I 1 lit. b) of the GDPR (DSGVO) or if you have previously expressly consented to the transfer of your data. This includes, in particular, the disclosure to service providers commissioned by us (order processors) or other third parties whose activities are necessary for the execution of the contract (e.g. producers, shipping companies, subcontractors, suppliers or banks). The data that is disclosed may be used by the third parties exclusively for the stated purposes .
Processing of your personal data by commissioned service providers takes place within the framework of commissioned processing in accordance with § 28 of the GDPR (DSGVO). The aforementioned service providers only receive access to such personal information that is necessary for the performance of the respective activity, whereby we limit the scope of the transmitted data to the necessary minimum. These service providers are prohibited from disclosing your personal information or using it for any other purpose, in particular for their own promotional purposes.
Where external service providers come into contact with your personal data, we have taken legal, technical and organisational measures, and we conduct regular checks, to ensure that they also comply with the applicable data protection regulations. Your personal data will not be passed on commercially to other companies.
18 Legitimate interests in processing pursued by us or a third party
Where the processing of personal data is in accordance with § 6 I f) of the GDPR (DSGVO), our legitimate interest is to conduct our business for the benefit of the well-being of all our employees.
19 Storage period for personal data
The basis for the storage period of personal data is the respective statutory retention period. When this period expires, the corresponding data is routinely deleted, provided that it is no longer required for the fulfilment or initiation of the contract.
20 Legal or contractual requirements to provide the personal data; necessity for the conclusion of the contract; obligation of the concerned person to provide personal data; possible consequences of non-provision
We hereby inform you that the provision of personal data is partly provided for or required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner). For example, in order to conclude a contract, it may be necessary for you to provide us with personal data which we must then process. For example, you are obliged to provide us with personal data if you conclude a contract with our company, as otherwise a contract could not come into existence.
At your request, an employee responsible for data processing will inform you on a case-to-case basis whether the provision of personal data is required by law or contract or is necessary for the conclusion of a contract. You can also ask them whether there is an obligation to disclose your personal data and what the consequences would be if you did not provide it.