We herewith inform you how your data will be processed and which claims and rights you possess in accord-ance with the data protection rules.
1. Responsible according to the data protection law and contact data of the data protection officer
Responsible according to the data protection rules is:
Hecker Glastechnik GmbH & Co. KG
Schleefstr. 5
44287 Dortmund
Tel.+49 (0) 231 9455 0
Fax: +49 (0) 231 9455 119
E-Mail: eddfds33.rekceh@kinhcmk746etsalg
Please contact our data protection officer at the following contact data: :
AGAD Service GmbH
Waldring 43-47
44789 Bochum
Tel.+49 (0) 234 282 533 20
Fax: +49 (0) 234 282 533 10
E-Mail: datenschutz@agad.de
2. Purpose and base for processing your data
We process your personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act as well as other applicable data protection provisions.
3. Purposes of the fulfilment of a contract or contractual measures
The processing of personal data is done to perform the contracts we have signed with you and to execute your orders as well as to implement measures and actions within the scope of the contractual relations, for instance with interested parties. The processing especially serves to generate billings pursuant to the orders and con-tains all the therefore necessary services, measures and actions. This essentially includes the contractual related communication with you, the traceability of transactions, orders and other agreements and is also used for quality control related reasons by documentation, measures to control and optimize business operations as well as to fulfil the general obligation to exercise diligence, to monitor and control by affiliated companies (for example parent company), statistical evaluation for corporate management, cost recording and controlling, reporting, internal and external communication, emergency management, billing and fiscal evaluation of opera-tional performance, risk management, assertion of legal claims and for defense at legal disputes.
4. 4. Purpose within the scope of legitimate interest from our side or a third party
In addition to the actual fulfilment of the contract, respectively the preliminary contract we process your data to protect justifiable interests of third parties, if necessary. This will especially be done for the following purposes:
- To gather information as well as for data transfer with credit agencies, in case our economic risk is exceeded
- to check and optimize the method of demand analysis
- the evaluation of services and products as well as systems and processes
- the completion of our data, for example by using or the research in publicly accessible data
- statistical evaluation or market analysis of the benchmarking
- the raising of legal claims and as defense during legal disputes that cannot immediately be associated with the contractual relationship
- the restricted storage of data, if deleting them can only be done with a disproportionate amount of effort due to the way they are stored
- to prevent and solve crimes unless only to fulfil legal requirements
- the security of the premises and facilities (for example by access controls and video surveillance), insofar as they exceed the general duty of care
- internal and external investigations, safety checks;
- to ensure and exercise the householder’s rights by using appropriate measures as well as by video surveil-lance to protect our customers and employees as well as to secure evidence relating to offences and to prevent offences
5. purposes of fulfilling legal requirements or for public benefit
We are subject to a large number of legal requirements (for example commercial or tax laws), but also to supervisory or official requirements. The purpose of processing also includes an identity check, an age ver-ification, fraud and money laundering prevention, the prevention and exposure of terrorist funding and of-fences endangering the property. Furthermore, comparisons with international counterterrorism lists, the fulfilment of fiscal control and reporting obligations as well as the archiving of data for the purpose of da-ta protection and data safety and the control by tax authorities and other authorities are implied here as well. Moreover, the disclosure of personal data within the scope of official or juridical measures can be re-quired to collect evidence, for criminal prosecution or for the enforcement of the requirements of civil law.
6. The data categories we process, insofar as we have not directly received the data from you and their origin
Should it be necessary for the provision of our services, we process reliable personal data we have received from other enterprises or other third parties (for example credit agencies). In addition to that we also process data from publicly accessible sources (such as directories, commercial registers, registers of associations, civil registers, records of debitors, land registers, the press, the internet and other media) which is reliable and we have been given the right to process.
Relevant personal data can especially be:
- personal data such as name, date of birth, place of birth, nationality, marital status, profession/sector and comparable data
- contact data (address, e-mail address, telephone number and comparable data)
- address data (registration data and comparable data)
- payment confirmations/cover notes from credit institutions and credit cards
- information on the financial situation (creditworthiness data including scoring, so to speak data that allow to evaluate the financial risk)
- customer history
- data for the use of the telemedia we offer (for example when our website was visited, APPs or newsletters, pages from us you have been on respectively entries and comparable data)
- video data
7. Addressee or categories of addresses of your data
Internally only people and organizational units that need your data to fulfil our contractual and legal duties or within the scope of their processing and the execution of a legitimate interest will receive them. Your data will only be transferred to external bodies in the following cases:
- in connection with the contract processing
- to fulfil legal regulations, which undertake us to provide information, to make report or in case the transfer of your data is in public interest
- in so far as external service companies process data on our account as our processor or representative (for instance external business offices, support/maintenance of IT/EDP applications, archiving, document pro-cessing, Call-Center services, compliance services, controlling, data screening for anti-money laundering purposes, data validation respectively data validity check, data destruction, purchase/procurement, custom-er administration, lettershops, marketing, media technology, research, risk controlling, settlement, telepho-ny, website management, business service, credit institutes, printing houses or companies for data purging, courier services, logistics)
- on the basis of our legitimate interest or the legitimate interest of a third party within the scope of the pur-poses we have mentioned in 2.2 (for example to authorities, information offices, debit collection, lawyers, courts, expert witnesses, companies and boards belonging to the enterprise as well as supervisory authori-ties)
- in case you have given your approval for the transference to third parties.
We will not pass your data to a third party for any other reason. In so far as we instruct a service provider with data processing, your data are subject to the same safety standards as if we would process them. In all other cases the recipients of the data are only allowed to use your data for the purpose they have been transmitted.
8. Duration of the storage of your data
We process and store your data for the duration of our business relationship. This also includes the contract initiation (pre-contractual relationship) and the contract processing.
Moreover, we are subject to the various retention and documentation obligations, that inter alia result from the commercial and fiscal code. The period for the retention respectively documentation stated therein are up to ten years after the termination of the business relationship respectively the pre-contractual legal relationship. It is possible to individually agree on longer retention periods. Additionally, specific legal provisions might pos-sibly require longer retention periods, such as for example for the preservation of evidence within the scope of statutory limitation periods. According to §§ 195 ff of the Civil Code the regular limitation period is three years, but periods from up to 30 years can be applied.
Should the data not be needed anymore to fulfill contractual duties or rights, they will be deleted on a regular basis. The only exception is that their – limited – processing is necessary to fulfil the in paragraph 4 listed pur-poses resulting from a predominantly legitimate interest. Such a predominantly legitimate interest is for in-stance given if a deletion is only possibly with a disproportionate high effort due to the specific way of storage and a processing for other purposes is impossible because of appropriate technical and organizational measures.
9. Processing of your data in a third country or by an international organization
A data transmission in states outside of the European Union respectively the European Economic Area (so-called third countries) will take place in case this is necessary to perform your order/the contract we have signed with you, it has to be done because of legal previsions (for instance tax reporting requirements), it is within the legitimate interest of ours or a third party or you have given your approval. Your data might possibly be processed in a third country when service providers are involved in the order processing. In so far there should be no decision about an adequate data protection taken by the EU Commission for this country, we guarantee due to contracts in accordance with the EU protection standards that your rights and liberties will be adequately saved and guaranteed.
10. Your data protection rights
Your rights are as follows:
- you have the right to receive information on your data we have stored according to the rules of Article 15 of the GDPR (possibly with restrictions according to § 34 of the Federal Data Protection Act).
- We will correct your data according to Article 16 of the GDPR on your request should they be incorrect
- We will delete your data according to the principles of Article 17 of the GDPR on your request, provided that no other legal regulation (such as statutory storage obligations or restrictions according to § 35 of the Federal Data Act) prevent that.
- Considering the conditions of Article 18 of the GDPR you have the right to request the restriction of the processing of your data from us.
- You can object to the processing of your data according to Article 21 of the GDPR, because of which we will have to stop with the processing of your data. This right to object is only applicable if very special circum-stances of your personal situation exist, whereas our rights might be opposed to your right to objection.
- Furthermore, you have the right to receive your data subject to the condition of Article 20 of the GDPR in a structured, common and machine-readable form or to transfer them to a third party.
- Moreover, you have the right of approval to a supervisory authority (Art. 77 GDPR). Of course, you also have the right to contact our data protection officer.
Information on the right to object Article 21 GDPR
- The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to pro-cessing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions.
The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
- 2. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.