Information über die Verarbeitung Ihrer personenbezogenen Daten – Stand der Information: Dezember 2018 (TS/DSB)
Diligence and transparency form the basis for trustful cooperation with our customers and business partners. This is why we are informing you about the processing of your data and your rights pursuant to the General Data Protection Regulation. The personal data to be processed as well as the purpose depend on the respective contractual relationship.
Responsible entity pursuant to Art. 4(7) of the GDPR:
Haller Straße 4553
Tel.: 07951 3930
Fax: 07951 39350
Contact details of our data security engineer:
Firma Schmid Datenschutz
PERSÖNLICH: Herrn Torsten Schmid
Am Berghain 5
Tel.: 07176 44 999 60
Fax: 07176 44 999 59
Which of your personal data will be used?
Whenever you request a quote, would like us to make an offer or enter into a contract with us, we will process your personal data. We also process your personal data, inter alia, to fulfill legal obligations, to protect a legitimate interest or because you have consented to this. Depending on the purpose of data processing, those pertain to the following categories of personal data:
- Contact and address data
- Communication data (phone, mobile phone and fax numbers, email addresses, Skype IDs, etc.)
- Contract master data, particularly contract numbers, terms, periods of notice, contract type as well as tax-related data
- Advertising and sales data
- Documentation data (e.g. meeting minutes)
- Invoicing and turnover data
- Creditworthiness data
- Payment information and bank account details
- Information relating to customer accounts, particularly registration and login details
- Video or image recordings
- Log files
What are the sources of the data?
We process personal data we receive from our customers, service providers and suppliers. In addition, we might obtain personal data from sources such as:
- Certain documents, e.g. inquiries or orders
- General business communication
- Credit agencies
- Publicly accessible sources (e.g. business registers, media)
- Other companies we have established long-term business relationships with
- Telemedia we offer (e.g. when you accessed our web pages, which web pages you visited, etc.)
What are the purposes and the legal basis of data processing?
Wir verarbeiten We process your personal data in compliance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdaten- schutzgesetz; BDSG) as well as all other relevant laws.
Data processing following a declaration of consent (Art. 6 the GDPR):
Wenn Sie gegenüber uns die freiwillige Einwilligung in die Erhebung, Verarbeitung oder Übermittlung von bestimmten personenbezogenen Daten erklärt haben, dann bildet diese Einwilligung die Rechtsgrundlage für die Verarbeitung dieser Daten. In den folgenden Fällen verarbeiten wir Ihre personenbezogenen Daten auf Grundlage einer von Ihnen erteilten Einwilligung:
- Sending of email newsletters, customer magazines or any other type of advertising
- Market research (e.g. customer satisfaction surveys)
- Personal customer area within our online shop system
- Disclosure of your data to affiliated companies
- Collection and publication of images
Data processing to fulfill a contract (Art. 6 subsection 1 lit. b of the GDPR):
We will use your personal data to perform contracts. Within these contractual relationships, we will primarily use your data for the following activities:
Establishment of contact in the context of the contract, contract management, ongoing customer support, enforcement of warranty claims, receivables management, contract termination management.
For more detailed information on the purposes of data processing, please consult the respective contract documents, our purchasing terms or our terms and conditions.
Data processing to fulfill legal obligations (Art. 6 subsection 1 lit. c of the GDPR) or in the public interest (Art. 6 subsection 1 lit. e of the GDPR):
As a company, we are subject to various legal obligations. Fulfillment of said obligations may require processing of personal data, for instance for the following purposes:
- To fulfill monitoring and reporting obligations
- To prevent / counteract criminal offenses
- To fulfill tax obligations
Data processing for the purposes of a legitimate interest (Art. 6 subsection 1 lit. f of the GDPR)
In certain cases, we will process your data to protect a legitimate interest of our company or third parties:
- Direct advertising or market and opinion research if you have not objected to the use of your data
- To enforce legal claims and for defense during legal disputes
- Measures for business management and to improve services and products - Measures to ensure building and system safety
- Video surveillance in the context of the domiciliary right
- Ensuring IT safety and IT operation
Who do we disclose your data to?
Within HBC-radiomatic GmbH, your data are disclosed to the departments where they are needed to fulfill our contractual and legal obligations. We might also disclose data to processors we have commissioned (Art. 28 of the GDPR) for the mentioned purposes. Those companies operate in the following fields: credit services, IT services, logistics, printing services, telecommunications, debt collection, advising and consulting as well as sales and marketing.
Furthermore, we might be obliged to disclose your personal data to other recipients (public bodies) such as authorities in order to fulfill statutory reporting obligations (financial authorities, customs authorities, etc.).
Moreover, we might disclose your data to other parties if you have declared your consent regarding the respective disclosure. In addition, we might disclose your data to affiliated companies (cooperation partners), e.g. to implement pre-contractual measures.
In order to guarantee confidentiality when communicating via the internet, we use appropriate encryption methods such as SSL (Secure Socket Layer) encryption when transferring personal data, e.g. data from contact forms or online logins.
Will your data be transferred to countries outside the European Union (so-called third countries)?
Countries outside the European Union (as well as the European Economic Area ”EEA“) do not have the same data protection standards as countries within the European Union. For the purpose of processing your data, we might also hire service providers based in third countries outside the European Union. Currently, there is no EU Commission resolution on the general adequacy of data protection in third countries.
Thus, we have taken measures to make sure processing of your data in third countries is as secure as within the European Union. We enter into a contract provided by the EU Commission with our third-country service providers (standard data-protection clauses).
How long will your personal data be stored?
We will store your personal data as long as required to fulfill our legal and contractual obligations (for example, to fulfill retention obligations according to commercial and tax laws, e.g. to comply with retention periods mentioned in the German Commercial Code (Handelsgesetzbuch; HGB) or the Regulation of Taxation (Abgabenordnung; AO)). If storing of the data is no longer required to fulfill contractual or legal obligations, your data will be deleted unless they need to be processed further for the following purposes:
- Keeping of evidence according to the statutory limitation rules.
According to the limitation rules of the German Civil Code (Bürgerliches Gesetz- buch; BGB), such limitation periods can be as long as 30 years. However, the regular limitation period is three years.
If we process your data based on a declaration of consent, we will store your data until you revoke your consent unless we are obliged to continue storing them due to a legal or regulatory requirement. In this case, we will block your personal data immediately.
Which rights do you have in the context of data processing?
Each affected person has the right of access to information (according to Art. 15 of the GDPR), the right of correction (according to Art. 16 of the GDPR), the right of deletion (according to Art. 17 of the GDPR), the right of restriction of processing (according to Art.18 of the GDPR), the right of objection (according to Art. 21 of the GDPR) as well as the right of data portability (according to Art. 20 of the GDPR). However, the right of access to information and the right of deletion are restricted by §§ 34 and 35 of the BDSG.
Right of objection
You may object to the use of your data for advertising purposes at any time without incurring any costs other than the transmission costs at the basic rates.
Revocation of consent
You can revoke your consent to the processing of personal data at any time. Please note such revocation is only effective for the future.
Right of access to information
You can request information on the storing of your personal data. If you wish, we will let you know which types of data we have been storing, what the purpose of data processing is, who the data will be disclosed to, how long the data will be stored and which further rights you have with respect to said data.
Furthermore, you have the right of correction of wrong data or of deletion of your data. If there is no reason for us to store your data any longer, we will delete them; otherwise, we will restrict processing. You may also request that we make available either to you or a person or company of your choice all the personal data we have received from you in a structured, common and machine-readable format. Moreover, you have the right to complain to the responsible data protection authority (Art. 77 of the GDPR in conjunction with § 19 of the BDSG).
Exercising your rights
To exercise your rights, you have the option to either contact the responsible entity or the data security engineer via the contact details mentioned above.
Are you obliged to provide us with your personal data?
If you wish to enter into a business relationship with us, you will need to provide us with the personal data required for the performance of the contract or the data we are required to collect by law. If you do not provide us with said data, we will not be able to perform and execute the contract.
Automatic decision making or profiling
As a responsible company, we refrain from automatic decision making or profiling.
Which rights do you have if data are processed due to legitimate or public interest?
According to Art. 21(1) of the GDPR, you have the right to object to the processing of your personal data pursuant to Art. 6(1) (e) of the GDPR (data processing in the public interest) or pursuant to Art. 6(1) (f) of the GDPR (data processing to protect a legitimate interest) due to reasons resulting from your particular situation at any time. The same applies to profiling pursuant to the same regulation. If you object, we will no longer process your personal data unless we can prove there are compelling and legitimate reasons for data processing which outweigh your interests, rights and liberties or if data processing serves to assert, exercise or defend legal claims.
Im Falle Ihres Widerspruchs verarbeiten wir Ihre personenbezogenen Daten nicht mehr, es sei denn, wir können zwingende schutzwürdige Gründe für die Verarbeitung nachweisen, die Ihre Interessen, Rechte und Freiheiten überwiegen, oder die Verarbeitung dient der Geltendmachung, Ausübung oder Verteidigung von Rechts ansprüchen.
Which rights do you have if data are processed for the purpose of direct advertising?
If we process your personal data for the purpose of direct advertising, you have the right (according to Art. 21 subsection 2 of the GDPR) to object to the processing of your personal data for the purpose of such advertising at any time. The same applies to profiling in the context of such direct advertising.
If you object to data processing for the purpose of direct advertising, we will no longer process your personal data for this purpose.