Status: April 2021
With the following data protection information, we inform you about the type and scope of the processing of your personal data, purposes and legal bases, disclosure to third parties and deletion periods, as well as your rights as a data subject under the GDPR (General Data Protection Regulation) and the Federal Data Protection Act (BDSG).
1. who is responsible for data processing and whom can I contact?
a) The responsible party within the meaning of Art. 4 No. 7 GDPR:
E. Wehrle GmbH
78120 Furtwangen, Germany
Phone: +49 7723 940-0
Fax: +49 7723 940-178
hereinafter referred to as “we” or “us”.
b) Data protection officer
You can contact our data protection officer by e-mail: email@example.com or by post at the aforementioned address with the addition “Attn. data protection officer”.
2. what categories of data do we process and what are the sources of the personal data?
a) The categories of personal data processed include:
- Master data (title, first and last name, company, address, function, department)
- Contact information (phone number, mobile phone number, fax number and email address);
- data necessary for processing an inquiry, if necessary also creditworthiness data
- CRM data, especially customer history, customer statistics,
- Advertising and sales data and other data from similar categories,
- Support Requests,
- Other information that is required to process our contractual relationship or a project with our customers or sales partners (such as payment data, order data, etc.);
b) We process personal data that we have obtained from business relationships (such as with customers or suppliers) or inquiries. As a rule, we receive this data directly from the contractual partner or an inquiring person. However, personal data may also originate from public sources (e.g. commercial register), provided that the processing of such data is permitted. Data may also have been legitimately transmitted to us by other companies as well as affiliated companies. Depending on the individual case, we also store our own information on this data (e.g. as part of an ongoing business relationship).
3. For what purposes and on what legal basis do we process personal data?
We process personal data in accordance with the provisions of the GDPR and national data protection legislation:
a) In the context of the performance of a contract or for the execution of pre-contractual measures (Art. 6 para. 1 lit. b) GDPR)
We process personal data primarily for the fulfillment of contractual obligations and the provision of related services or in the context of a corresponding contract initiation (e.g. contract negotiations, preparation of offers). The specific purposes here depend on the respective service or product to which the business relationship or contract initiation relates, in particular in connection with orders from customers and orders placed with suppliers, service partners. Furthermore, we process your data in processing the services provided, in particular invoicing, accounts receivable management, dunning and collection.
The data processing serves in particular the following purposes:
- Communicate with our contacts about products, services, promotions and activities
- Support, in particular responding to inquiries from our contacts, prospects, customers or sales partners;
- To plan, execute and manage the business relationship between us and our customers, distributors or our contacts, e.g. to process the order, for accounting purposes; to execute and process deliveries.
b) For the protection of legitimate interests (Article 6 (1) (f) GDPR)
To the extent necessary, we process your data beyond the actual performance of the contract to protect legitimate interests of us or third parties, namely:
- Direct marketing to existing customers, unless you have objected to the use of your data
- Settling legal disputes, enforcing existing contracts, and asserting, exercising, and defending legal claims.
- Maintaining and protecting the security of our systems and the Company’s IT operations.
- Measures for building and facility security (e.g. access control or video surveillance)
- Exchange of control and planning data with associated E. Wehrle companies
- Credit check
c) Due to legal obligations (Art. 6 para. 1 lit c) GDPR)
The purposes of the processing include, among other things, the fulfillment of tax and social law control and reporting obligations. This also includes legal reporting obligations for the provision of services and the posting according to A1 procedures, see also item 5. Likewise, the processing of personal data insofar as this is necessary for the implementation of technical and organizational measures according to Art. 32 GDPR.
d) Based on your consent (Article 6 para. 1 lit. a) GDPR)
Insofar as you have given us consent in individual cases to process personal data for specific purposes (e.g. film and photo recordings, newsletter subscription), the lawfulness of this processing is based on your consent. You can revoke your consent at any time with effect for the future.
4. who gets my data?
Within E. Wehrle, access to your personal data is granted to those persons who need it to fulfill our contractual and legal obligations or to protect
We may disclose personal data to courts, regulatory authorities or law firms to the extent legally permissible and necessary to comply with applicable law or to assert, exercise or defend legal claims.
Furthermore, service providers and vicarious agents employed by us may receive data for these purposes. We may only disclose information about you if required by law, if you have consented, if we are legally authorized to provide information or to disclose information and/or if processors commissioned by us equally guarantee compliance with confidentiality and the requirements of the General Data Protection Regulation and the Federal Data Protection Act.
Under these conditions, the following recipients may receive data in the process
- Affiliated E. Wehrle companies,
– insofar as they act as order processors for us,
– in the context of data transmission and the exchange of electronic messages and the use of O365 collaboration services as well as management and planning data (financial and controlling data) between the affiliated companies, insofar as this is necessary to protect our legitimate interests
- Processors, especially cloud services
- IT service provider within the scope of (remote) maintenance of IT systems
- Subcontractors for order fulfillment, especially transport and logistics
- Customers within the framework of business correspondence and order documentation
- Credit assessment service provider
- Public bodies for the fulfillment of statutory notification obligations e.g. tax authorities, competent bodies in A1 proceedings
- Data deletion service provider
- Lawyers, tax consultants and auditors
- Collection service provider
- Banks, payment card processors (credit cards) and payment service providers
- Telephone service provider
5. will your data be transferred to a third country?
A transfer of data to countries outside the EU or the EEA (so-called third countries) takes place only if this is necessary for the execution of your orders (e.g. material procurement, manufacturing, delivery, logistics) or is required by law (e.g. tax reporting obligations), you have given us consent or in the context of an order processing. In case of transfer of personal data to third countries, we ensure an adequate level of data protection in compliance with the principles according to Art. 44 et seq. GDPR. This means that processing is carried out, for example, on the basis of special guarantees, such as the officially recognized determination of a level of data protection corresponding to the EU (e.g. for Switzerland) or compliance with recognized special contractual obligations (so-called “EU standard contractual clauses”).
When providing services and posting employees (A1 procedure), it may be that we transmit personal data about our customers and/or clients or the place of work to the competent authorities in accordance with the statutory reporting requirements.
6. how long will my data be stored?
We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations. We delete your personal data as soon as it is no longer required for the abovementioned purposes. In this context, personal data may be retained for the period during which claims can be asserted against our companies (statutory limitation periods of three or up to thirty years). In addition, we store your personal data to the extent that we are required to do so by law. Corresponding obligations to provide proof and to retain data result from commercial, tax and social security regulations. Furthermore, we store businessrelevant documents and e-mails for the purpose of legally secure archiving for tax purposes and documentation for the defense against unjustified claims and enforcement of claims. The storage period for tax and commercial law purposes is 6 or 10 years at the end of a fiscal year in accordance with § 147 AO (German Tax code), § 257 HGB (German Commercial Code).
7. obligation to provide data
We process your personal data insofar as it is necessary for the fulfillment of our contractual and legal obligations and for the protection of our legitimate interests or you have given us your consent. In the context of the performance or initiation of a contract, you must provide those personal data that are necessary for the performance of the contract or the performance of precontractual measures and the associated obligations. Furthermore, you must provide those personal data that we are legally obligated to collect. Without providing this data, we will not be able to conclude or fulfill a contract with you. In cases of data collection based on consent, the provision of data by you is voluntary and not mandatory.
8. to what extent is there automated decision making (including profiling)?
For the establishment and implementation of the business relationship, we generally do not use fully automated decision findings pursuant to Article 22 GDPR. Profiling does not take place.
9. what data protection rights do i have?
You are entitled to the following rights against us as the data controller. If you wish to assert your rights or would like more detailed information, please contact us or our data protection officer:
a) Rights according to Art. 15 ff. GDPR
The data subject has the right to obtain confirmation from the controller as to whether personal data concerning him or her are being processed. If this is the case, he or she has a right to information about this personal data and to the information listed in detail in Article 15 of the GDPR. Under certain legal conditions, you have the right to rectification under Article 16 GDPR, the right to restriction of processing under Article 18 GDPR and the right to erasure (“right to be forgotten”) under Article 17 GDPR. In addition, you have the right to receive the data you have provided in a structured, common and machinereadable format (right to data porta-bility) pursuant to Article 20 GDPR, provided that the processing is carried out with the help of automated procedures and is based on consent pursuant to Article 6 para 1 lit. a) or Article 9 para 2) lit. a) or on a contract pursuant to Article 6 para 1 lit. b) GDPR. With regard to the right to information and the right to deletion, the restrictions pursuant to Sections 34 and 35 BDSG apply.
b) Withdrawal of consent
If the processing is based on consent, e.g. for film and photo recordings, you can withdraw your consent to the processing of personal data at any time (Art. 7 (3) GDPR). The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent before its withdrawal. Prior to giving consent, the data subject shall be informed thereof.
c) Right to lodge a complaint
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with us or with a data protection supervisory authority (Article 77 GDPR in conjunction with Section 19 BDSG). In Baden-Württemberg, the responsible supervisory authority is: Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg, P.O. Box 10 29 32, 70025 Stuttgart, Germany Tel.: 0711/615541-0, FAX: 0711/615541-15, firstname.lastname@example.org
d) Right of objection according to Article 21 GDPR
In addition to the aforementioned rights, you have the right to object as follows:
Right to object on a case-by-case basis
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6 para 1 lit. f)GDPR (data processing on the basis of legitimate interests); this also applies to a profiling based on this provision within the meaning of Article 4 No. 4 GDPR, where applicable. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
Right to object to processing of data for advertising purposes
In individual cases, we process your personal data for the purpose of direct advertising. You have the right to object at any time to the processing of per-sonal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is related to such direct advertising. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes. The objection can be made informally to the office indicated under point 1.