PRIVACY NOTICES PURSUANT TO THE EU GENERAL DATA PROTECTION REGULATION FOR BUSINESS PARTNERS AND THEIR CONTACTS
The information below is intended to give you an overview of how we process your personal data and your rights under the data protection law. Which data are specifically processed depends mainly on the type and scope of the existing business relationship.
Please relay this information to current and future persons authorized to represent your company and to contact persons in your company.
1. WHO IS RESONSIBLE FOR PROCESSING YOUR PERSONAL DATA AND WHO CAN YOU CONTACT?
PierraaGroup GmbH
Inselwall 11 | Löbbecke Villa
38114 Braunschweig, Germany
Phone: +49 531 88 63 13 00
External data protection officer:
BWS Consulting Group GmbH
Major-Hirst-Str. 11
38442 Wolfsburg, Germany
Mr. Noel Funke
datenschutz@pierraa-group.de
2. THE DATA WE USE AND HOW WE COLLECT IT
When we initiate or conduct business relationships, we process in particular data of the following categories of our business partners or their contact persons:
Data from interested parties
- Personal/contact data (e.g. first name, surname, company name, address, (mobile) telephone number, telefax, email)
- Communication data in connection with correspondence (emails, letters)
Data from customers
- Personal/contact data (e.g. first name, surname, company name, (mobile) telephone number, telefax, email)
- Contractual and billing data (e.g. bank details, goods/services ordered, date of invoice)
- Communication data in connection with correspondence (emails, letters)
Data from suppliers/service providers
- Personal/contact data (e.g. first name, surname, company name, (mobile) telephone number, telefax, email)
- Contractual and billing data (e.g. bank details, goods/services ordered, date of invoice)
- Communication data in connection with correspondence (emails, letters)
3. THE PURPOSES WE USE YOUR DATA FOR AND THE LEGAL BASIS
We realize complex, tailor-made communication and marketing concepts and offer technical services and consulting services in this context. For this purpose, we process data and, of course, observe the provisions of the EU Data Protection Basic Regulation (GDPR), the Federal Data Protection Act (BDSG) and all other relevant laws (e.g. German Commercial Code (HGB), Fiscal Code (AO) etc.).
a. For the performance of a contract or for pre-contractual measures (Art. 6 (1b)) GDPR)
Personal data are processed for the purpose of performing contracts with our customers, suppliers and service providers. This also includes the performance of pre-contractual measures upon request by the business partner.
b. In the context of the balancing of interests (Art. 6 (1 f)) GDPR)
If necessary, we process your data beyond the actual performance of the contract with a view to safeguarding the justifiable interests of ourselves or of third parties. Examples:
- For the reviewing and optimization of processes for analyzing requirements and for addressing the customer directly
- Assertion of legal claims and defense in litigation
- For ensuring IT security and IT operations
- For the prevention of crime
- For the protection of property, anti-theft system (video)
- For access control …
c. On the basis of your consent (Art. 6 (1 a)) GDPR)
If you have given us your consent to the processing of personal data for certain purposes, this processing complies with the requirement of lawfulness. Consent once granted can be revoked at any time with effect for the future. This also applies to the revocation of declarations of consent that we were granted before the GDPR took effect, i.e. before May 25, 2018. Please note that any revocation applies just to the future. Processing that took place before the revocation remains unaffected.
d. Based on statutory requirements (Art. 6 (1 c)) GDPR) or in the public interest (Art. 6 (1 e)) GDPR)
Moreover, we are subject to various legal obligations, i.e. statutory requirements, e.g. tax regulations.
4. WHO HAS ACCESS TO YOUR DATA – INTERNALLY AND EXTERNALLY
In the PierraaGroup, only those departments can access your personal data who need it in order to fulfil our contractual and legal obligations or our purpose (see above). To this end, also service providers or vicarious agents can receive your data that we have used.
Data is only relayed outside the company if this is required by statutory provisions or if you have given your consent. In turn, all recipients are themselves obligated to comply with data protection. Assuming these preconditions, recipients of personal data may be the following:
- Public bodies and institutions (e.g. tax authorities) on the grounds of a statutory or official obligation
- Processors to whom we relay personal data for the purpose of conducting the business relationship with you (e.g. support/maintenance of IT systems, data destruction, payments, bookkeeping)
- Units with regard to which you have given us your consent for data transfer
No data is transferred to recipients in countries outside the EU or the EEA (so-called non-Member States).
5. HOW LONG IS YOUR DATA STORED FOR?
We process and store your personal data only as long as it is required for the fulfillment of the purposes cited under Item 3. It should be noted here that many of our business relationships are long term.
If the data is no longer required for the performance of contractual or statutory obligations, it will regularly be erased unless this data is necessary for further temporary processing for the following purposes:
- Compliance with retention periods under commercial and fiscal law, e.g. German Commercial Code or Fiscal Code that define the periods of retention as two to ten years.
- Preservation of proof in the context of the statute of limitations (e.g. Sections 195 et seq. German Civil Code (BGB)).
6. WHAT ARE YOUR DATA PROTECTION RIGHTS?
All persons affected (data subjects) have the following rights:
Right to information(Article 15 GDPR): You have the right to receive free information about your personal data which we store with us.
Right of rectification(Article 16 GDPR): If your personal data is not up-to-date or incorrect, you can ask us for rectification.
Right to deletion(Article 17 GDPR): You can ask us to delete your personal data.
Right to limit processing(Article 18 GDPR): You can limit the processing of your personal data.
Right to object(Article 21 GDPR): You may revoke your consent or object to the processing of your personal data.
Right to data transferability(Article 20 GDPR): You may receive your personal data in a machine-readable format and / or transfer it to another responsible person.
Right of complaint to the responsible data protection supervisory authority(Article 77 GDPR in conjunction with s. 19 German Federal Data Protection Act (BDSG)): You can lodge a complaint against us with the responsible authority.
The restrictions according to ss. 34 and 35 German Federal Data Protection Act (BDSG) apply to the Right to information and the Right to deletion.
You can revoke any consent granted for the processing of personal data at any time. This also applies to the revocation of declarations of consent that we were granted before the GDPR took effect, i.e. before May 25, 2018. Please note that any revocation applies just to the future. Processing that took place before the revocation remains unaffected.
7. IS THERE ANY OBLIGATION FOR YOU TO PROVIDE DATA?
Within the scope of our business relationship, you must provide personal data required for the initiation and conducting of a business relationship and compliance with the associated contractual obligations, or data which we are required to collect under the law.
8. IS THERE AUTOMATIC DECISION-MAKING?
We do not make use of automatic decision-making or profiling.
9. YOUR RIGHT TO OBJECT PURSUANT TO ARTICLE 21 GDPR
1. Case-by-case right to object
You have the right to object at any time for reasons arising from your particular situation against the processing of your personal data that is carried out based on Art. 6 (1 e) GDPR (data processing in the public interest) and Art. 6 (1 f) GDPR (data processing on the basis of balancing of interests).
If you lodge an objection, we will no longer process your personal data unless we can provide proof of compelling legitimate grounds for processing that override your interests, rights and freedoms, or if the processing serves the purpose of the establishment, exercise or defense of legal claims.
2. Right to object against the processing of data for advertising purposes
In specific cases we process your personal data for the purpose of direct marketing. You have the right to object at any time against the processing of your personal data for the purpose of this kind of advertising. If you object to the processing for the purpose of direct advertising we will no longer process your personal data for these purposes. The objection that can be sent via email.
