Dataprotection
Article 13 GDPR - Information about data processing
With the following information we would like to inform you about the processing of your personal data and give you an overview of your rights under the EU General Data Protection Regulation (GDPR). Please note that not all components of this letter apply to you, as the question which data is processed in detail and how it is used depends largely on the agreed services.
I. Who is responsible for the data processing and who ist the data protection officer?
Name and address of the data controlle
HEDRICH GmbH
Greifenthaler Strasse 28
D-35630 Ehringshausen-Katzenfurt
Greifenthaler Strasse 28
D-35630 Ehringshausen-Katzenfurt
You can also contact our data protection officer Justyna Rulewicz.
Agor AG
Hanauer Landstraße 151-153
60314 Frankfurt am Main
Hanauer Landstraße 151-153
60314 Frankfurt am Main
Tel.: +49 69 904 379 65
Fax: +49 69 904 379 74
E-Mail: jrulewicz@agor-ag.com
Website: www.agor-ag.com
Fax: +49 69 904 379 74
E-Mail: jrulewicz@agor-ag.com
Website: www.agor-ag.com
II. Which data do we use and collect and where do they come from?
In the context of the business relationship, we process the following personal data concerning you
- Your master data (such as first name, surname, gender, date of birth, nationality)
- Contact details (your address, e-mail address, telephone number)
- Information about your financial background (credit rating data, origin of assets…)
- ID Card Information
- Documentation information
In general, we receive the above-mentioned personal data directly from you as a customer within the scope of our business relationship. In addition, we process - to the extent necessary for the provision of our services - personal data which we obtain from publicly accessible sources (e.g. debtor directories, land registers, commercial and association registers, press, Internet) or which are legitimately transmitted to us by other companies of the group or by other third parties.
III. Why do we process your data (purpose of processing) and what is the legal basis we rely on?
We are processing personal data in accordance with the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).
1. Art. 6 Section 1 lit. b GDPR to fulfill a contract
The processing of your data takes place for implementation, management and managementour contracts with our suppliers/customers or for the implementation of pre-contractual measures, which take place on request.
2. Art. 6 Section 1 lit. a GDPR the consent of the data subject
If you have given us your consent to the processing of personal data for certain purposes (e.g. transfer of data within the Group, evaluation of payment transaction data for marketing purposes, photographs in connection with events, newsletter mailing), the legality of this processing is based on your consent. Your consent can be revoked at any time. This also applies to the revocation of declarations of consent given to us before the GDPR came into force, i.e. before 25 May 2018. We would like to point out that the revocation of a consent only has an effect in the future and does not affect the legality of the data processed until the revocation.
3. Art. 6 Section 1 lit. f GDPR legitimate interests of ourselves
If necessary, we also process your data in order to protect legitimate interests of ourselves (our company) or third parties (e.g. authorities). For example:
- Review and optimization/procedures for a needs of requirements analysis procedures for direct advertising
- data exchange with credit agencies (e.g. SCHUFA) to determine creditworthiness or default risks in the lending business,
- Advertising or market research unless you have objected to the use of your data,
- Assertion of legal claims and defense in legal disputes,
- Ensuring IT security and IT operations,
- Prevention and investigation of criminal offences,
- Video surveillance for the protection of the house right, for the collection of evidence in case of robberies and fraud,
- Measures for building and facility security,
- Measures to secure the householder's title.
4. Processing required to fulfill a legal obligation (Art. 6 Section 1 lit. c) and Processing for the performance of a task carried out in public interest.
In addition we are subject to various legal obligations, (e.g. Banking Act, Money Laundering Act, Tax Law).
IV. Data access
Within our company, only those persons and positions receive your personal data who are responsible to fulfill our contractual and legal obligations. Service providers and vicarious agents employed by us may also receive data for these purposes. These are in particular the following companies: IT services, logistics, printing services, telecommunications, debt collection, consulting, sales and marketing.
If it is necessary to pass on data to third parties outside our company, such transfer will only take place if this is required by law, if the customer has consented to it or if there is a legitimate interest.
Receivers of your personal data may be:
- Companies to which we transfer personal data in order to carry out the business relationship with you (depending on the contract, e.g. in the Group),
- other companies in the group used for risk management based on legal or authority obligations,
- Service providers that we use within the framework of data processing agreements.
Other data recipients may be those entities for which you have given us your consent to the transfer of data or for which you have released us from the confidentiality obligation in accordance with the consent or to which we are authorised to transfer personal data on the basis of a consideration of interests.
V. Data Transfer to a third countr
A data transfer to countries outside the European Union takes place as far as
- it is necessary to execute your orders,
- it is required by law (e.g. reporting duties under tax law) or
- you have given us your consent.
VI. Data storage
We will delete your personal data as soon as it is no longer required for the above-mentioned purposes, unless the processing is required for:
- Fulfilment of commercial and tax law storage obligations, which can e.g. result from: Commercial Code (HGB), Duty order (AO), Banking Act (KWG), and Money Laundering Act (GwG). The time limits for storage and documentation generally range from two to ten years.
- Preservation of evidence within the framework of the statutory statute of limitations. According to § 195 of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereas the regular limitation period is 3 years.
VII. What data protection rights do I have?
As a data subject you have
- the right to receive information according to Art. 15 GDPR,
- the right to rectification according to Art. 16 GDPR,
- the right for deletion according to Art. 17 GDPR,
- the right to restrict the processing according to Art. 18 GDPR,
- the right for objection according to Art. 21 GDPR
- as well as the right to data portability according to Art. 20 GDPR
The right to receive information and the right for deletion are subject to the restrictions set out in §§ 34 and 35 BDSG.
Furthermore, there is a right of appeal by the responsible data protection agency (Art. 77 GDPR in conjunction with § 19 BDSG).
Your consent can be revoked at any time. This also applies to the revocation of declarations of consent given to us before the GDPR came into force, i.e. before 25 May 2018. We would like to point out that the revocation of a consent only has an effect in the future and does not affect the legality of the data processed until the revocation.
VIII. Is there an obligation to provide data?
As part of our business relationship, you must provide the personal information necessary to establish, conduct and terminate a business relationship and to perform the contractual obligations associated therewith, or which we are required to collect by law. We would like to point out that we will generally not be able to conclude, execute and terminate a contract with you until we have this data.