Information Obligations Pursuant to Art. 13 GDPR (General Data Protection Regulation) (data collection directly from the data subject) and Art. 14 GDPR (data collection via third parties) in the Context of Communication with our Business Partners
1. Basic Details
§1 Name and contact details of the controller
For name and contact details of the responsible company, please refer to the signature page of the sender.
§2 Contact details of the company’s data protection officer (if present)
You can contact our Data Protection Officer by email to email@example.com
§3 Objectives and legal basis of the processing
We process your personal data in compliance with the EU GDPR (General Data Protection Regulations) and the provisions of the member states for data protection. The prime objective of data processing is establishing, executing and terminating the business relationship, communicating with you or your employer, and mandatory screening of the sanction lists. The preferred legal basis of this is Art. 6 para. 1b), Art. 6 para. 1 f) and/or Art. 6 para. 1 c) GDPR (statutory archiving obligations, e. g. tax laws, etc.). Our legitimate interest in this case is to be able to handle the business relationship with the contact persons, named to us.
Furthermore, we rely on this legal basis to protect our legitimate interests or those of third parties (e. g. authorities). This applies especially to the subgroup for the purposes of managing the subgroup and business, internal communication and other administrative purposes. This also includes data processing for statistical purposes. Our legitimate interest in this case is to implement synergy effects in the subgroup and in the individual companies.
§4 Categories of personal data being processed
We process the following categories of your personal data:
- Name and contact details
- Communication contents
- Personal data in offers and other official letters
- Sanction lists
§5 Recipients or categories of recipients of the personal data
Since your personal data is also partly processed by service providers, in particular, email service providers as well as providers for hosting and support, your data will be processed by them. The basis for this is an agreement on order processing.
In addition, we transmit personal data to other employees of our company, depending on the circumstances. These employees may be clerks from all divisions of the affiliated companies in our group of companies.
§6 Transfer of personal data to a third country
In addition, we transfer your personal data to affiliates in third countries consistently in compliance with the GDPR by entering into data protection agreements with such affiliates, including the EU standard contract clauses, where appropriate, or in the presence of the European Commission’s adequacy decision for the destination country. If a processor is located in a third country, the personal data will be transmitted always in compliance with the provisions of Art. 44 to 49 GDPR. A related additional clause will be included in the relevant agreement on order processing.
§7 Duration of storage of personal data
The personal data is deleted as soon as the legal basis for its processing ceases to exist. Nevertheless, there may also be further authorisations for storage at the same time, or if a legal basis ceases to exist, a new one may apply, such as the statutory retention requirements, which make longer storage necessary.
2. Other Mandatory Details
§1 Description of the processing activity
You will receive these data protection regulations when initiating a new transaction or executing an ongoing transaction, as part of which you have provided us with personal data in the form of business cards, offers and/or emails. These are required for executing the transaction or for communication.
§2 Source of the data
We collected your data as part of our communication (email, letter, telephone, business card).
§3 Rights of the data subject
Under the EU GDPR, you have the following rights:
If your personal data is processed, you have the right to obtain information about the data stored about you (Art. 15 GDPR). If incorrect personal data is processed, you are entitled to a correction (Art. 16 GDPR). If the legal prerequisites exist, you can request the deletion or limitation of the processing as well as object to the processing (Articles 17, 18 and 21 GDPR). If you request a limitation, it may not be possible to initiate or process the transaction (such as deleting parts of the contact information, thus preventing communication with you or preventing the formation of a contract).
If you have consented to data processing or there is a data processing contract, and the processing of data is done through automated procedures, you may be entitled to data transmission (Art. 20 GDPR).
If you exercise your rights mentioned above, Vibracoustic will check whether the legal requirements for this are met.
You have the right to revoke your data protection consent at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation. If we process your data on the basis of our predominant legitimate interest, you can object to the storage of your personal data at any time.
For the exercise of your rights as the data subject, a letter by mail to the below-mentioned address or an email to firstname.lastname@example.org is sufficient:
You also have the right to complain to any data protection supervisory authority.
The supervisory authority responsible for Vibracoustic AG is:
The Hessian Commissioner for Data Protection and Freedom of Information
Telephone: +49 611 1408 – 0
Telefax: +49 611 1408 – 611
Email to HDSB: https://datenschutz.hessen.de/über-uns/kontakt
§4 Right to withdraw consent
If you have consented to any other processing by Vibracoustic by means of a corresponding declaration, you can revoke your consent at any time for the future. This does not affect the legality of the data processing carried out on the basis of the consent until its withdrawal.