Data Privacy
We are pleased that you are visiting our website. The protection and security of your personal information when using our website is very important to us. We would therefore like to inform you at this point which of your personal data we collect when you visit our website and for what purposes it is used.
This data protection declaration applies to the Internet offering of GEFA Processtechnik GmbH, which can be accessed under the domain gefa.com and the various subdomains ("our website").
Who is responsible and how do I reach you?
Responsible
for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR)
GEFA Processtechnik GmbH
Germaniastraße 28
44379 Dortmund
+49231610090
Data protection officer
AGAD Service GmbH
Waldring 43-47
44789 Bochum
What is it about?
This privacy policy meets the legal requirements for transparency in the processing of personal data. This is any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, e-mail address, IP address or user behavior when visiting a website. Information for which we cannot (or can only with a disproportionate effort) establish a reference to your person, e.g. by anonymization, is not personal data. The processing of personal data (e.g. collection, retrieval, use, storage or transmission) always requires a legal basis and a defined purpose.
Stored personal data will be deleted as soon as the purpose of the processing has been achieved and there are no legitimate grounds for further storage of the data. We will inform you about the specific storage periods or criteria for storage in the individual processing operations. Irrespective of this, we store your personal in individual cases for the assertion, exercise or defense of legal claims and if there are statutory retention obligations.
Who gets my data?
We only disclose your personal data that we process on our website to third parties if this is necessary for the fulfillment of the purposes and is covered by the legal basis in the individual case (e.g. consent or safeguarding legitimate interests). In addition, we disclose personal data to third parties in individual cases if this serves the assertion, exercise or defense of legal claims. Possible recipients may then be, for example, law enforcement agencies, lawyers, auditors, courts, etc.
Insofar as we use service providers for the operation of our website who process personal data on our behalf within the scope of commissioned processing pursuant to Art. 28 DSGVO, they may be recipients of your personal data. For more information on the use of processors and web services, please refer to the overview of the individual processing operations.
Do you use cookies?
Cookies are small text files that are sent by us to the browser of your end device during your visit to our website and stored there. As an alternative to the use of cookies, information can also be stored in the local storage of your browser. Some functions of our website cannot be offered without the use of cookies or local storage (technically necessary cookies). Other cookies, on the other hand, enable us to perform various analyses, so that we are able, for example, to recognize the browser you are using when you visit our website again and to transmit various information to us (non-essential cookies). With the help of cookies, we can, among other things, make our website more user-friendly and effective for you, for example by tracking your use of our website and determining your preferred settings (e.g. country and language settings). If third parties process information via cookies, they collect the information directly from your browser. Cookies do not cause any damage to your end device. They cannot execute programs or contain viruses.
We provide information about the respective services for which we use cookies in the individual processing procedures. You can find detailed information about the cookies used in the cookie settings or in the Consent Manager of this website.
What rights do I have?
Under the conditions of the statutory provisions of the General Data Protection Regulation (GDPR), you have the following rights as a data subject:
- Information according to Art. 15 DSGVO about the data stored about you in the form of meaningful information about the details of the processing and a copy of your data;
- Correction according to Art. 16 DSGVO of incorrect or incomplete data stored by us;
- Deletion pursuant to Art. 17 DSGVO of the data stored by us, insofar as the processing is not necessary for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims;
- Restriction of processing pursuant to Art. 18 DSGVO, insofar as the accuracy of the data is disputed, the processing is unlawful, we no longer need the data and you object to their deletion because you need them for the assertion, exercise or defense of legal claims or you have objected to the processing pursuant to Art. 21 DSGVO.
- Data portability pursuant to Art. 20 DSGVO, insofar as you have provided us with personal data within the scope of consent pursuant to Art. 6 (1) a DSGVO or on the basis of a contract pursuant to Art. 6 (1) b DSGVO and these have been processed by us with the aid of automated processes. You will receive your data in a structured, common and machine-readable format or we will transfer the data directly to another responsible party, insofar as this is technically feasible.
- Objection according to Art. 21 DSGVO against the processing of your personal data, insofar as this is based on Art. 6 para. 1 lit. e, f DSGVO and there are reasons for this that arise from your particular situation or the objection is directed against direct advertising. The right to object does not exist if overriding compelling legitimate grounds for the processing are demonstrated or the processing is carried out for the assertion, exercise or defense of legal claims. Where the right to object does not exist for individual processing operations, this is indicated there.
- Revocation according to Art. 7 para. 3 DSGVO of your given consent with effect for the future.
- Complaint pursuant to Art. 77 DSGVO to a supervisory authority if you are of the opinion that the processing of your personal data violates the DSGVO. As a rule, you can contact the supervisory authority of your usual place of residence, your place of work or our company headquarters.
How is my data processed in detail?
In the following, we inform you about the individual processing operations, the scope and purpose of the data processing, the legal basis, the obligation to provide your data and the respective storage period. An automated decision in individual cases, including profiling, does not take place.
Provision of the website
Nature and scope of processing
When you call up and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called log file:
- IP address of the requesting computer
- Date and time of access
- Name and URL of the accessed file
- Website from which the access is made (referrer URL)
- Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider
[Our website is not hosted by ourselves, but by a service provider who processes the aforementioned data on our behalf in accordance with Art. 28 DSGVO].
Purpose and legal basis
The processing is carried out to protect our overriding legitimate interest to display our website and ensure security and stability on the basis of Art. 6 para. lit. f DSGVO. The collection of data and storage in log files is mandatory for the operation of the website. There is no right to object to the processing due to the exception under Art. 21 (1) DSGVO. Insofar as the further storage of log files is required by law, the processing is based on Art. 6 para. 1 lit. c DSGVO. There is no legal or contractual obligation to provide the data, however, calling up our website is technically not possible without providing the data.
Storage duration
The aforementioned data is stored for the duration of the website display [and for technical reasons beyond that for a maximum of [7 days]].
Contact form
Nature and scope of processing
On our website we offer you to contact us via a provided form. The information collected via mandatory fields is required to process the request. Furthermore, you can voluntarily provide additional information that is necessary from your point of view for processing the contact request.
When using the contact form, your personal data will not be passed on to third parties.
Purpose and legal basis
The processing of your data by using our contact form is carried out for the purpose of communication and processing of your request on the basis of your consent pursuant to Art. 6 para. 1 lit. a DSGVO. Insofar as your inquiry relates to an existing contractual relationship with us, the processing is carried out for the purpose of fulfilling the contract on the basis of Art. 6 (1) lit. b DSGVO. There is no legal or contractual obligation to provide your data, but the processing of your request is not possible without providing the information of the mandatory fields. If you do not wish to provide this data, please contact us by other means.
Storage period
If you use the contact form on the basis of your consent, we store the collected data of each request for a period of three years, starting with the completion of your request or until you revoke your consent.
[If you use the contact form in the context of a contractual relationship, we store the collected data of each request for a period of [three years] from the end of the contractual relationship].
Presence on social media platforms
We maintain so-called fan pages or accounts or channels on the networks mentioned below in order to provide you with information and offers also within social networks and to offer you further ways to contact us and to inform yourself about our offers. In the following, we inform you about which data we or the respective social network process from you in connection with the call and use of our fan pages/accounts.
Data we process from you
If you wish to contact us via Messenger or via Direct Message via the respective social network, we generally process your user name via which you contact us and, if applicable, store further data provided by you insofar as this is necessary for processing/answering your request.
The legal basis is Art. 6 para. 1 sentence 1 f) DSGVO (processing is necessary to protect the legitimate interests of the controller).
(Static) usage data that we receive from the social networks
We receive automated statistics regarding our accounts via Insights functionalities. The statistics include, among other things, the total number of page views, likes, information on page activities and post interactions, reach, video views, and information on the proportion of men/women among our fans/followers.
The statistics only contain aggregated data that cannot be related to individual persons. You are not identifiable to us through this.
What data the social networks process from you
In order to view the content of our fan pages or accounts, you do not have to be a member of the respective social network and, in this respect, no user account for the respective social network is required.
Please note, however, that the social networks also collect and store data from website visitors without a user account when the respective social network is called up (e.g. technical data in order to be able to display the website to you) and use cookies and similar technologies, over which we have no control. Details on this can be found in the privacy policy of the respective social network (see the corresponding links above)
Insofar as you wish to interact with the content on our fan pages/accounts, e.g. comment on, share or like our postings/contributions and/or contact us via messenger functions, prior registration with the respective social network and the provision of personal data is required.
We have no influence on the data processing by the social networks within the scope of their use by you. To our knowledge, your data is stored and processed in particular in connection with the provision of the services of the respective social network, as well as for the analysis of user behavior (using cookies, pixels/web beacons and similar technologies), on the basis of which advertising based on your interests is played both within and outside the respective social network. It cannot be ruled out that your data will be stored by the social networks outside the EU/EEA and passed on to third parties.
Information on, among other things, the exact scope and purposes of the processing of your personal data, the storage period/deletion as well as guidelines on the use of cookies and similar technologies in the context of registration and use of the social networks can be found in the privacy policy/cookie policy of the social networks. There you will also find information on your rights and objection options.
Instagram page
When you visit our Instagram page, Instagram (Meta) collects, among other things, your IP address and other information that is present in the form of cookies on your PC. This information is used to provide us, as the operator of the Instagram pages, with statistical information about the use of the Instagram page. Instagram provides more detailed information on this under the following link (Note: clicking on the following link will take you to the website of the social network Facebook, also part of the Meta Group. However, the information provided via the link applies equally to the social network Instagram): https://facebook.com/help/pages/insights.
By means of the transmitted statistical information, it is not possible for us to draw conclusions about individual users. We only use this information to respond to the interests of our users and to continuously improve our online presence and ensure its quality.
We collect your data via our fan page only to realize a possible provision for communication and interaction with us. This collection usually includes your name, message content, comment content, and the profile information you provide "publicly".
The processing of your personal data for our above-mentioned purposes is based on our legitimate business and communicative interest in offering an information and communication channel pursuant to Art. 6 (1) f) DSGVO. Should you as a user have given your consent to the data processing to the respective provider of the social network, the legal basis of the processing extends to Art. 6 para. 1 a), Art. 7 DSGVO.
Due to the fact that the actual data processing is carried out by the provider of the social network, our access to your data is limited. Only the provider of the social network is authorized to fully access your data. Due to this, only the provider can directly take and implement appropriate measures to fulfill your user rights (information request, deletion request, objection, etc.). The assertion of corresponding rights is therefore most effective directly against the respective provider.
We are jointly responsible with Instagram for the personal content of the fan page. Data subject rights can be asserted with Meta Platforms Ireland Ltd. as well as with us.
The primary responsibility for the processing of Insights data lies with Instagram under the GDPR and Instagram fulfills all obligations under the GDPR with respect to the processing of Insights data, Meta Platforms Ireland Ltd. provides the essence of the Page Insights Supplement to data subjects.
We do not make any decisions regarding the processing of Insights data and storage duration of cookies on user devices.
Further information can be found directly at Instagram (supplement agreement with Facebook): https://www.facebook.com/legal/terms/page_controller_addendum.
For more information on, among other things, the exact scope and purposes of the processing of your personal data, the storage period/deletion, as well as guidelines on the use of cookies and similar technologies in the context of registration and use, please refer to the privacy policy/cookie policy of Instagram (note: clicking on the following link will take you to the website of the social network Facebook):
https://help.instagram.com/519522125107875/?helpref=uf_share
In addition, this information can also be viewed in the help section of Instagram's website via the following link:
https://help.instagram.com/581066165581870
LinkedIn page
LinkedIn is a social network of LinkedIn Inc. based in Sunnyvale, California, USA, which enables the creation of private as well as professional profiles of natural persons and company profiles. Users can maintain their existing contacts and make new ones within the social network. Businesses and other organizations can create profiles that upload photos and other company information to present themselves as employers and hire employees. Other LinkedIn users have access to this information and can write their own articles and share this content with others. The network's focus is on professional exchanges on specialized topics with people who share the same professional interests.
When using or visiting the network, LinkedIn automatically collects data from users or visitors during the use or visit, such as username, job title and IP address. This is done with the help of various tracking technologies. LinkedIn provides benefits with information, offers and recommendations, among other things, based on the data collected in this way.
We collect your data via our company profile only to realize a possible provision for communication and interaction with us. This collection usually includes your name, message content, comment content, and the profile information you provide "publicly".
The processing of your personal data for our above-mentioned purposes is based on our legitimate business and communicative interest in offering an information and communication channel pursuant to Art. 6 para. 1 f DSGVO. Should you, as a user, have given your consent to the data processing vis-à-vis the respective provider of the social network, the legal basis of the processing extends to Art. 6 para. 1 a, Art. 7 DSGVO.
Due to the fact that the actual data processing is carried out by the provider of the social network, our access to your data is limited. Only the provider of the social network is authorized to fully access your data. Due to this, only the provider can directly take and implement appropriate measures to fulfill your user rights (information request, deletion request, objection, etc.). The assertion of corresponding rights is therefore most effective directly against the respective provider.
We are jointly responsible with LinkedIn for the personal content of our company profile. Data subject rights can be asserted with LinkedIn Inc. as well as with us.
We do not make any decisions regarding the data collected on LinkedIn's site using tracking technologies.
For more information on LinkedIn, please visit: https://about.linkedin.com.
For more information on LinkedIn's privacy policy, please visit: https://www.linkedin.com/legal/privacy-policy.
Further information on storage duration/deletion as well as guidelines on the use of cookies and similar technologies in the context of registration and use at LinkedIn can be found at: https://de.linkedin.com/legal/cookie-policy?trk=homepage-basic_footer-cookie-policy.
Cookiebot
Nature and scope of processing
We have integrated Cookiebot on our website. Cookiebot is a consent solution provided by Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark, to obtain and document consent to store cookies. Cookiebot uses cookies or other web technologies to recognize users and store consent given or revoked.
Purpose and legal basis
The use of the service is based on obtaining the legally required consent to use cookies according to Art. 6 para. 1 lit. c. DSGVO.
Storage period
The concrete storage period of the processed data cannot be influenced by us, but is determined by Cybot A/S. Further information can be found in the privacy policy for Cookiebot: https://www.cookiebot.com/de/privacy-policy/.
Cookiebot CDN
Nature and scope of processing
We use Cookiebot CDN to properly deliver the content of our website. Cookiebot CDN is a service provided by Cybot A/S, which acts as a content delivery network (CDN) on our website to ensure the functionality of other Cybot A/S services. For said services, you will find a separate section in this Privacy Policy. This section is only about the use of the CDN.
A CDN helps to provide content of our online offer, especially files such as graphics or scripts, faster with the help of regionally or internationally distributed servers. When you access this content, you connect to servers of Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark, where your IP address and possibly browser data such as your user agent are transmitted. This data is processed solely for the purposes stated above and to maintain the security and functionality of Cookiebot CDN.
Purpose and legal basis
The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in a secure and efficient provision as well as the optimization of our online offer according to Art. 6 para. 1 lit. f. DSGVO.
Storage period
The concrete storage period of the processed data cannot be influenced by us, but is determined by Cybot A/S. Further information can be found in the privacy policy for Cookiebot CDN: https://www.cookiebot.com/de/privacy-policy/.
Google Tag Manager
Nature and scope of processing
We use the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags via an interface and allows us to control the precise integration of services on our website.
This allows us to flexibly integrate additional services to evaluate user access to our website.
Purpose and legal basis
The use of Google Tag Manager is based on your consent pursuant to Art. 6 para. 1 lit. a. DSGVO and § 25 para. 1 TTDSG.
Storage period
The concrete storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Tag Manager: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/.
Leadinfo
Nature and scope of processing
We have integrated Leadinfo on our website. Leadinfo is a service provided by LeadInfo B.V., Crooswijksesingel 50, 3034 CJ Rotterdam, Netherlands, which identifies anonymous website visitors, provides full contact details and insights into visit history.
Leadinfo uses cookies and other browser technologies to analyze user behavior and recognize users.
Among other things, Leadinfo shows us which companies have visited our website, determines the history of your visit, including all pages you have visited and viewed, and the length of your stay on this website.
Leadinfo collects and processes data about companies such as company name, phone number, address, web address, industry, company profile, sales and key people on LinkedIn.
Purpose and legal basis
Leadinfo is used on the basis of your consent pursuant to Art. 6 para. 1 lit. a. DSGVO and § 25 para. 1 TTDSG.
Storage period
The concrete storage period of the processed data cannot be influenced by us, but is determined by LeadInfo B.V.. Further information can be found in the Leadinfo privacy policy: https://www.leadinfo.com/de/datenschutz/.
Leadinfo CDN
Nature and scope of processing
We use Leadinfo CDN to properly deliver the content of our website. Leadinfo CDN is a service of LeadInfo B.V., which acts as a content delivery network (CDN) on our website.
A CDN helps to provide content of our online offer, especially files such as graphics or scripts, faster with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to servers of LeadInfo B.V., Crooswijksesingel 50, 3034 CJ Rotterdam, Netherlands, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the purposes mentioned above and to maintain the security and functionality of Leadinfo CDN.
Purpose and legal basis
The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in a secure and efficient provision as well as the optimization of our online offer according to Art. 6 para. 1 lit. f. DSGVO.
Storage period
The concrete storage period of the processed data cannot be influenced by us, but is determined by LeadInfo B.V.. Further information can be found in the privacy policy for Leadinfo CDN: https://www.leadinfo.com/en/privacy/.
Matomo Cloud
Nature and scope of processing
We use the open source software tool Matomo (formerly PIWIK) on our website. The software sets a cookie in your browser (for cookies, see already above). If individual pages of our website are called up, the following data is stored:
- Two bytes of the IP address of the calling system of the user (anonymized IP address).
- The accessed web page
- The website from which the user accessed the accessed website (referrer)
- The subpages accessed from the accessed website
- The time spent on the website
- The frequency with which the web page is accessed
We use a version of the Software hosted by InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand. In doing so, the above data is processed by InnoCraft Ltd.
Purpose and legal basis
We process your data with the help of the analysis software Matomo for the purpose of evaluating the use of individual components and contents of our website on the basis of your consent pursuant to Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG. You give your consent by setting the use of cookies (cookie banner / Consent Manager), with which you can also declare your revocation at any time with effect for the future pursuant to Art. 7 para. 3 DSGVO. There is no legal or contractual obligation to provide your data. If you do not give us your consent, a visit to our website is possible without restriction, but not all functions may be fully available.
Storage period
The concrete storage period of the processed data cannot be influenced by us, but is determined by InnoCraft Ltd. Further information can be found in the privacy policy for Matomo Cloud: https://www.innocraft.com/privacy.
Kontakt / Live Chat per Smartsupp
Our website uses the chat plugin Smartsupp. The provider is Smartsupp.com, Milady Horakove 13, 602 00 Brno, Czech Republic. You can use Smartsupp to start direct communication with our staff. The Smartsupp plugin collects data (browser information, visited page content and conversation) with website visit, and when information is exchanged between the visitor and our employee. This data is usually not traceable to you as a natural person. "Session" cookies are used, which are deleted after visiting the website. The cookies do not contain any personal data. The data is usually transferred to servers in the EU in encrypted form.
The data processing is based on Art. 6 para. 1 lit. f DSGVO. It serves our legitimate interest in providing the fastest and most uncomplicated customer service possible and improving our online offerings. In addition, the use of the chat function is voluntary.
You can find more information about data protection at Smartsupp in their privacy policy at https://www.smartsupp.com/de/help/privacy/.
Data protection information for applicants
We are pleased that you are interested in us and are applying or have applied for a position in our company. We would like to provide you below with information on the processing of your personal data in connection with the application.
Who is responsible for data processing?
The responsible party in terms of data protection law is
GEFA Processtechnik GmbH
Germaniastrasse 28
44379 Dortmund
You will find further information about our company, details of the persons authorized to represent us and also further contact options in our imprint on our website: https://www.gefa.de/impressum
Which of your data do we process? And for what purposes?
We process the data you have sent us in connection with your application in order to assess your suitability for the position (or other open positions in our companies, if applicable) and to carry out the application process.
What is the legal basis for this?
The legal basis for the processing of your personal data in this application procedure is primarily Section 26 BDSG in the version applicable as of 25.05.2018. According to this, the processing of data required in connection with the decision on the establishment of an employment relationship is permissible.
Should the data be required for legal prosecution after the conclusion of the application process, if applicable, data processing may be carried out on the basis of the requirements of Art. 6 DSGVO, in particular to safeguard legitimate interests pursuant to Art. 6 (1) lit. f) DSGVO. Our interest then consists in the assertion or defense of claims.
How long is the data stored?
Data of applicants will be deleted after 6 months in case of rejection.
In the event that you have agreed to further storage of your personal data, we will transfer your data to our applicant pool. There, the data will be deleted after two years.
If you have been awarded a position during the application process, the data will be transferred from the applicant data system to our HR information system.
To which recipients is the data passed on?
We use a specialized software provider for the application process. This provider acts as a service provider for us and may also become aware of your personal data in connection with the maintenance and servicing of the systems. We have concluded a so-called order processing agreement with this provider, which ensures that the data processing is carried out in a permissible manner.
Your applicant data will be viewed by the HR department after receipt of your application. Suitable applications are then forwarded internally to the department managers for the respective open position. The further procedure is then coordinated. In principle, only those persons in the company have access to your data who require it for the proper conduct of our application process.
Where is the data processed?
The data is processed exclusively in data centers in the Federal Republic of Germany.
Privacy policy for new customers
Data protection information about our data processing in accordance with Article 13 and Article 21 of the General Data Protection Regulation (DS-GVO).
We take data protection seriously and hereby inform you how we process your data and which claims and rights you are entitled to according to the data protection regulations.
1. responsible party in the sense of data protection law and contact details of the data protection officer
The person responsible in the sense of data protection law is:
GEFA Processtechnik GmbH
Germaniastrasse 28
44379 Dortmund
Phone +49(0)231-6100 9-0
Fax +49(0)231-6100 9-80
You can reach our data protection officer at
AGAD Service GmbH
Waldring 43 - 47
44789 Bochum
Telephone: 0234 282 533-20
Fax: 0234 282 533-10
www.datenschutz.agad.de
2. purposes and legal basis on which we process your data.
We process personal data in accordance with the provisions of the General Data Protection Regulation (DSGVO), the Federal Data Protection Act (BDSG) and other applicable data protection regulations. Which data is processed in detail and how it is used depends on the respective agreed service.
2.1 Purposes for the fulfillment of a contract or pre-contractual measures (Art. 6 para. 1 b DSGVO).
Personal data is processed for the performance of our contracts with you and the execution of your orders, as well as for the performance of measures and activities in the context of pre-contractual relations. In particular, the processing thus serves the preparation of invoices in accordance with your orders and includes the services, measures and activities necessary for this.
2.2 Purposes in the context of a legitimate interest of us or third parties (Art. 6 para. 1 f DSGVO).
Beyond the actual performance of the contract or preliminary contract, we may process your data if it is necessary to protect legitimate interests of us or third parties, in particular for purposes:
- advertising or market and opinion research, insofar as you have not objected to the use of your data;
- obtaining information and exchanging data with credit agencies, insofar as this is covered by our legitimate interest
- the enrichment of our data, including through the use or research of publicly available data;
- the restricted storage of data if deletion is not possible or only possible with disproportionate effort due to the special type of storage
2.3 Purposes for the fulfillment of legal requirements (Art. 6 para. 1 c DSGVO) or in the public interest (Art. 6 para. 1 e DSGVO).
We are subject to a variety of legal requirements (e.g., commercial and tax laws), but also regulatory or other official requirements. The purposes of processing may include identity and age verification, fraud and money laundering prevention, the prevention, combating and investigation of terrorist financing and asset-threatening crimes, matching against European and international anti-terror lists, the fulfillment of control and reporting obligations under tax law, and the archiving of data for purposes of data protection and data security as well as auditing by tax and other authorities. In addition, the disclosure of personal data may become necessary in the context of official/court measures for the purposes of gathering evidence, criminal prosecution or enforcement of civil claims.
3. Categories of data processed by us, insofar as we do not receive data directly from you, and their origin.
To the extent necessary for the provision of our services, we process personal data permissibly received from other companies or other third parties (e.g. credit agencies). In addition, we process personal data that we have permissibly taken, received or acquired from publicly accessible sources (such as telephone directories, trade and association registers, etc.) and are permitted to process.
Recipients or categories of recipients of your data
Within our company, those internal departments or organizational units receive your data that require it to fulfill our contractual and legal obligations or in the context of processing and implementing our legitimate interests. Your data will only be passed on to external bodies if
- in connection with the execution of the contract;
- for purposes of compliance with legal requirements,
- on the basis of our legitimate interest or the legitimate interest of the third party for the purposes stated in section 2.2 (e.g. to authorities, credit agencies, debt collection, lawyers, courts, appraisers, affiliated companies and committees and supervisory bodies);
- if you have given us consent to transfer the data to third parties.
We will not pass on your data to third parties beyond this.
4. duration of the storage of your data
We process and store your data for the duration of our business relationship. This also includes the initiation of a contract (pre-contractual legal relationship) and the processing of a contract. In addition, we store data that must be tracked due to commercial and tax regulations for 10 years. Other data, for which no tax retention periods come into consideration, are kept until the expiry of the regular statute of limitations (§§195, 199 BGB), but under certain circumstances periods of up to 30 years may be applicable.
If the data are no longer required for the fulfillment of contractual or legal obligations and rights, they are regularly deleted, unless their - temporary - further processing is necessary for the fulfillment of the purposes listed in section 2.2 for an overriding legitimate interest.
5 Processing of your data in a third country or by an international organization.
Data transfer to entities in countries outside the European Union (EU) or the European Economic Area (EEA) (so-called third countries) takes place if it should be necessary for the execution of an order/contract from you, if it is required by law (e.g. reporting obligations under tax law), if it is within the scope of a legitimate interest of us or a third party or if you have given us your consent. In this context, the processing of your data in a third country may also take place in connection with the involvement of service providers as part of commissioned processing. If there is no EU Commission decision on an adequate level of data protection for the country in question, we will ensure that your rights and freedoms are adequately protected and guaranteed in accordance with EU data protection requirements by means of appropriate contracts.
6. credit agencies
Our company regularly checks the creditworthiness of our customers if there is a legitimate interest, e.g. if our company could be exposed to a financial default risk. For this purpose, we work together with Dun & Bradstreet Deutschland GmbH, from whom we receive the necessary data. For this purpose, we transmit your personal data from this contractual relationship and the information required to obtain the credit rating to Bisnode D&B Deutschland GmbH. The legal basis for the data transfer is Art. 6 I 1 f), Art. 6 I b) GDPR. You can view the information pursuant to Art. 14 of the GDPR on the data processing taking place at Dun & Bradstreet Deutschland GmbH at https://www.dnb.com/de-de/datenschutz.html.
More information
Your trust is important to us, therefore we would like to answer your questions regarding the processing of your personal data at any time. If you have any questions that are not answered by this data protection declaration or if you would like more detailed information on a particular point, please contact our data protection officer at any time at
Links to websites of other providers
Our websites may contain links to websites of other providers to which this data protection declaration does not apply. If the use of the websites of other providers involves the collection, processing or use of personal data, please refer to the data protection information of the respective providers.
Changes to the data protection and rights statement
We reserve the right to change this data protection declaration at any time in compliance with the applicable data protection regulations. The current status is May 2023.