Collection of personal data from the data subject - Fulfilment of the information obligations pursuant to Art. 13 EU-GDPR for business partners
- Person responsible for data processing, according to Art. 13 para. 1 lit. a EU- GDPR
Company name according to §17 para. 1 HGB incl. contact details of the responsible
Rohstoffhandel Bernhard Westarp GmbH & Co. KG
- Purposes and legal bases of data processing, in accordance with Art. 13 (1) lit. c EU- GDPR
We process your personal data in accordance with the regulations of the EU Data Protection Basic Regulation (EU- GDPR) and the Federal Data Protection Act (BDSG) in its currently valid version.
Personal data is processed for the purpose of fulfilling existing contracts with you or for the implementation of pre-contractual measures. The data collected or to be collected by us includes in particular the customer master data with the contact data (address, telephone number, e-mail address etc.) of the relevant contact persons as well as the contact history, offers, orders, invoices, project data and other legal obligations of the person responsible. The conclusion or execution of a contractual relationship between you and us is not possible without the processing of personal data.
The data processing serves primarily to fulfil the mutual performance obligations resulting from the contract concluded or to be concluded with you. In addition, it can also serve to carry out pre-contractual measures.
In addition, we also use the data collected from you for statistical purposes and to optimise our internal processes in sales and logistics. We also use the data to examine the entire customer relationship in order to gain insights for future business decisions. The
legal basis for this processing of personal data for contractual and pre-contractual purposes is Art. 6 para. 1 lit. b EU- GDPR. We do not regularly collect special categories of personal data from our business partners.
Furthermore, we also process personal data to fulfil certain legal obligations in accordance with Art. 6 Para. 1 lit. c EU- GDPR. Corresponding obligations may result in particular from the provisions of the German Commercial Code, tax legislation and other relevant legal requirements.
We also process your data in order to protect the legitimate interests of ourselves or third parties (Art. 6 para. 1 lit. f EU- GDPR). This may in particular be necessary
• for the purposes of the company's own IT, in particular also for ensuring efficient IT operations and the necessary IT security,
• for the regular maintenance and updating of the address data of our business partners,
• for the optimisation of processes,
• for sales management and sales controlling,
• for asserting legal claims and defending in legal disputes,
• for measures for building and plant security (e.g. access controls) and for safeguarding building rights,
• for measures for business management and further development,
• for the prevention and clarification of criminal offences.
Should we wish to process your personal data for other purposes that are not covered by at least one of the above-mentioned permissions, we will inform you of this in advance and, in the event that no other permission is relevant, we will obtain your permission for this data processing and inform you accordingly.
The processing of your personal data for the purpose of sending and managing newsletters will only take place on the basis of a separate consent which we would obtain from you in advance.
3.Categories of recipients of personal data (data transmission) pursuant to Art. 13 (1) (e) EU- GDPR
The personal data collected from you in the course of the business relations existing with our company and processed in any other way will be made available to the following categories and individual positions of recipients:
a) Specialized departments within our company perform certain data processing tasks for the entire company. This applies in particular to the central administration of address data, telephone service for business partners and customers, contract and service processing, collection and disbursement, joint mail processing and other means of communication. The processing of personal data can be carried out centrally or decentrally in our corporate structure in individual cases.
b) External service providers whose services we use to fulfil our contractual and legal obligations. These include IT service providers, legal and management consultants or auditors.
c) Other recipients of your personal data may be public authorities in the context of fulfilling statutory notification obligations (supervisory authorities, if applicable criminal prosecution authorities, financial authorities, other administrative authorities, bailiffs, courts, etc.). Finally, the personal data may also be made available to tax consultants, auditors, lawyers and possibly other third parties (in particular creditors) for the purpose of settling claims.
d) Third country incl. adequacy finding pursuant to Art. 13 (1) (f) EU- GDPR
In the context of international business relations, data may also be transferred to a third country.
e) Storage period pursuant to Art. 13 (2) lit. a) EU- GDPR
We delete your personal data as soon as they are no longer required for the above-mentioned purposes. In particular, data may be stored for the entire period during which third parties can assert claims against our company (statutory limitation period of three to thirty years). We also store your personal data to the extent that we are legally obliged to do so. Corresponding proof and storage obligations may arise in individual cases from the German Commercial Code, the German Fiscal Code, the Money Laundering Act and other relevant special regulations.
f) Rights of data subjects according to Art. 13 (2) lit. b) EU- GDPR
You can exercise your rights at any time by using the contact details above. If personal data is processed by you, you are a data subject ("data subject") in the sense of the EU- GDPR and you are entitled to the following rights against the person responsible:
The data subject shall have the right to obtain confirmation from the controller as to whether personal data relating to him/her are being processed; if this is the case, he/she shall have the right to obtain information on such personal data and the information specified in Art. 15 EU- GDPR.
The data subject has the right to request the controller to rectify without delay any inaccurate personal data concerning him/her and, where appropriate, to complete incomplete personal data (Art. 16 EU- GDPR).
The data subject has the right to obtain from the controller the immediate deletion of personal data relating to him/her, if one of the reasons listed in Article 17 of the EU-DSA is applicable, e.g. if the data are no longer needed for the purposes pursued (right of deletion).
The data subject shall have the right to obtain from the controller the restriction of the processing if one of the conditions laid down in Article 18 of the EU CDIR is met, e.g. if the data subject has lodged an objection to the processing, for the duration of the examination by the controller.
The data subject shall have the right to object at any time, on the grounds relating to his particular situation, to the processing of personal data concerning him. The controller will then no longer process the personal data unless he can demonstrate compelling reasons for processing which are justified on grounds of protection that outweigh the interests, rights and freedoms of the data subject, or if the processing is for the purpose of asserting, exercising or defending legal claims (Art. 21 EU- GDPR).
Finally, the data subject also has the right to data transferability (Art. 20 EU GDPR). According to this, the data subject has the right to obtain the personal data concerning him/her that he/she has provided to a controller in a structured, common and machine-readable format and the right to transfer these data to another controller without hindrance by the controller to whom the personal data have been provided, provided that a) the processing is based on a consent pursuant to Art. 6 para. 1 lit. a EU-GDPR or Art. 9 para. 2 lit. a EU- GDPR or on a contract pursuant to Art. 6 para. 1 lit. b EU- GDPR and b) the processing is carried out by means of automated procedures.
g) Rights of data subjects according to Art. 13 (2) lit. c) EU-DSGVO
Insofar as you have given us your consent under data protection law to process personal data for specific purposes (here e.g. processing of personal images), the legality of this processing is based on your (voluntary) consent (Art. 6 para. 1 lit. a EU- GDPR in conjunction with § 26 para. 2 BDSG 2018).
A given consent can be revoked at any time. This also applies to the revocation of declarations of consent issued to us prior to the applicability of the EU DSGVO, i.e. before 25 May 2018.
Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected. The lawfulness of the processing of personal data in the past is not affected by the later revocation.
h) Provision of personal data pursuant to Art. 13 (2) (e) EU-DSGVO
Within the scope of our business relationship, you only need to provide us with personal data that is necessary for the execution of the contract or that we are legally obliged to collect. This is the information listed under point 3 of this data protection notice. Without this data we will generally not be able to execute the respective contractual relationship. You are not obliged to provide any further data..
i) Right of appeal to a supervisory authority pursuant to Art. 13 Para. (2) lit. d) GDPR
Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data relating to him or her is contrary to the DPA (Article 77 EU DPA). The data subject may invoke this right before a supervisory authority in the Member State in which he or she is resident, at his or her place of work or at the place where the alleged infringement occurred. A complaint can also be made to the above-mentioned data protection officer.
We reserve the right to change this data protection declaration in compliance with the data protection regulations.