Information data protection suppliers and customers
P-D Glasseiden GmbH Oschatz, Wellerswalder Weg 17, 04758 Oschatz, e-mail: firstname.lastname@example.org, attaches great importance to the protection ofyour personal data and the processing of such data.
Therefore, below we will explain the ways in which we process personal data we receive from you.
If after reading this document you have further questions, please contact our data protection officer. You will find our contact data at the end of this data privacy statement.
Personal data means any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to a name, an identification number to location data, an online identifier or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.
This includes, for example, information such as your name, your address, your telephone number, your language, your location, your e-mail address, your bank details or your birth date.
Processing of personal data
We process personal data with responsibility and at a high level of confidence. Accordingly, your personal data are processed with particular consideration of the provisions of all national (notably the German Federal Data Protection Act) and European data protection regulations (EU General Data Protection Regulation – hereinafter also referred to as ”GDPR“).
The notion processing of personal data as intended above means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction of personal data.
Purpose of processing personal data
Processing (e.g., collection, storage, transmission, use) of personal data is permitted when these processes are permitted by law or when you have consented to it.
We process personal data on the basis of the preconditions and requirements set out below by automatic processes exclusively on the basis of an appropriate legal consent and, where applicable – a voluntary declaration of consent by you.
If a lawful authorization exists, we process your data notably for the performance of the contract with you (Article 6 clause 1 first sentence 1 lit. b GDPR). The personal data collected by us at the time of concluding the contract are necessary for performing that contract. You are obliged by contract to provide the required data so that the contract can be performed. Failure to provide the data may entail that the performance of the contract is not possible.
The primary authorization for transmitting customer data within the P-D Group is Article 6 clause 1 first sentence 1 lit. f of the GDPR (“legitimate interest“, see further down: ”Recipient of the personal data“).
As regards compliance with legal obligations, reference is made to Article 6 clause 1 first sentence 1 lit. c of the GDPR.
Over and above the purposes named above, your personal data will be processed by us if you have given your consent according to Article 6 clause 1 first sentence lit. a of the GDPR in conjunction with Article 7 GDPR. If you do not give your consent or withdraw a consent already given, recourse to the statutory authorizations, notably in Article 6 clause 1 first sentence lit. b GDPR (”necessity for performance of the contract “), Article 6 clause 1 first sentence 1 lit. c GDPR (“compliance with legal obligations“) or Article 6 clause 1 first sentence 1 lit. f GDPR (“legitimate interest”) is not affected as far as the processing of personal data is concerned. You can give your consent by voluntary statement. A refusal to consent is without any disadvantage for you. You can inspect your consent at any time and withdraw it at any time by sending us an e-mail or a letter by post. Your withdrawal of a consent given has no effect on the lawfulness of processing prior to the time of withdrawal. You find our contact data above and also at the end of this data privacy statement.
Automated individual decision-making, including profiling according to Article 22 GDPR is not intended.
The extent of processing your personal data is limited by the appropriate purposes set out above.
We intend to process the personal data provided by you or collected by us for advertising if you are our customer. The legal basis for this is Article 6 clause 1 first sentence lit. f GDPR (“legitimate interest“). With reference to the Recitals of the GDPR, such a legitimate interest exists notably with regard to so called direct advertising (Recital 47 seventh sentence). Direct advertising is defined as the direct address of a requester by an offering party, we - in the case on hand – with for the purpose of promoting the paid sale of products or services.
There is no question that the requirements of Article 7 clause 3 of the German Unfair Competition Act (UWG) will be observed.
Depending on the type of customer relation maintained, advertising will be by post, electronic (by e-mail), by SMS/MMS or by telephone call.
The advertising activities cover all products and services from us. For the above advertising purposes your personal data will be transmitted to the P-D Group companies listed under „Recipients of personal data“ and processed by them for advertising purposes
You can object to the processing of your personal data for advertising purposes at any time. The required contact data are given above and at the end of this data privacy statement. In that case, your personal data will no longer be processed for advertising purposes and will be deleted from the appropriate mailing lists.
Duration of data processing
The longest duration for which personal data are processed depends on the purpose of processing. The term of storage is determined by the period of processing necessary to attain the respective purpose.
The statutory retention periods according to Article 257 German Commercial Code (HGB), Article 147 German Fiscal Code (AO) and Article 8 clause 4 German Money Laundering Act (GwG) are not affected (6 and 10 years, resp., under Article 257 HGB and Article 147 AO, 5 years under Article 8 clause 4 GwG).
Recipients of personal data
Personal data will be transmitted within the different technical departments and via the data transmission system within the P-D Group.
The primary authorization for the transmission of such data within the Group of companies is provided by Article 6 clause 1 first sentence 1 lit. f GDPR.
According to it, data processing is lawful when it is necessary for the purposes of our legitimate interests, except when such interests are overridden by the interests or fundamental rights of the data subject. This is the case, for example, when the data transmission is for internal administration purposes (such as central customer management or in the case of access to such data within the matrix structures of a group of companies).
For the above purposes, in particular, personal data collected by us will not only be processed by us but also be other companies of the P-D Group.
Further, personal data may be transmitted to external third parties in the process of complying with statutory or contractual obligations (notably accountants, law firms, banks, institutions checking creditworthiness, insurance companies, authorities, postal service providers, etc.).
Processors are bound by the requirements of Article 28 GDPR. Contract processors will process your data strictly in compliance with the statutory provisions and only within the constraints of the contract.
The same applies to us if we are the contract processor.
Place of data processing activities
All processes by which your personal data are processed are located either in Germany or in a member state of the European Union. As a matter of principle, we will not transmit your personal data to any state that is not a member of the European Union (so-called third countries) or other international organizations. If we should transmit personal data to service providers outside these countries in future, this will be done only provided the European Commission has certified that the country in question has established and maintains a suitable data protection level or other suitable data protection guarantees are in place (e.g., binding internal data privacy rules or an agreement on standard terms of contract of the European Commission).
Security / technical and organizational measures
We take all necessary technical and organizational steps with due consideration of the requirements in Articles 24, 25, and 32 GDPR to protect your personal data from loss, destruction, access, alteration or dissemination by unauthorized individuals and from abuse.
We comply with the legal requirements of pseudonymization and encryption of personal data, confidentiality, integrity, availability and the loadability of the systems and services in connection with processing, the availability of the personal data and the possibility to restore such data quickly after a physical or technical failure and the provision of processes for regular verification, evaluation and assessment of the efficiency of the technical and organizational steps to ensure the security of processing.
We also comply with the provisions of Article 25 GDPR with respect to the principles of data protection by design and privacy by default.
You can require free information about your personal data and – if the statutory preconditions exist - you are entitled to view, block or erase your data, limit their processing, to data transferability and to objection.
In addition, you can complain with the competent supervisory authority.
If you have questions about your personal data or your rights as above or if you want to make a suggestion, please contact us or our external Data Protection Officer for the P-D Group of companies according to Article 37 clause 2 GDPR:
Dr. Thomas Kehr
Dornbach GmbH Rechtsanwaltsgesellschaft
56070 Koblenz, Germany
Tel. No.: +49 261 9431222
Date: September 2018