Our handling of your data and your rights
Our handling of your data and your rights
Information on the collection of personal data according to Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR)
1. Who is responsible for the data protection, and whom can I contact?
We are the responsible controller:
- Steinbeis Papier GmbH, Stadtstraße 20, 25348 Glückstadt, Germany
- T: +49 4124 911
Our data protection officer:
- Mr Jörg Hagen, address as above
- Jhcon Datenschutzberatung, Königstraße 50a, 30175 Hanover, Germany
2. What sources and data do we use?
a) We process your personal data which we collect for the handling of our business relationships with the company you represent. The following data is generally processed:
- Surname, first name and contact details of the contact person
- Surname, first name and contact details of interested persons
- Planning data
- IT user data, in the case of the use of electronic media
- Private information such as date of birth if voluntarily provided
b) Insofar as you are a natural person as a customer or business partner, the following data is collected for the purpose of the business relationship and to perform the pre-contractual and contractual measures provided by you, in addition to the above-mentioned data:
- Contact data
- Planning data
- Bank account details
- Not necessarily required information such as date of birth if voluntarily provided
c) If you visit us in person, we process the personal data you provide us within the scope of your visit:
- Surname, first name
- Arrival and departure times
- Footage from the use of video surveillance cameras
3. For what purpose do we process your data, and on what legal basis is this performed?
Regarding 2. a):
To initiate or process contracts with our customers or business partners, we process your personal data as a contact person in the legitimate interest of the controller. In this case, we continually consider your personal rights. This is why only the name and the business contact data are normally used for the documentation of the business relationship and the personal contact. The legal basis for this is Article 6, Paragraph 1, f) of the GDPR.
If private data is processed, this is solely based on your consent according to Article 6, Paragraph 1, a) of the GDPR.
Regarding 2. b):
Your personal data is processed which are necessary to perform a contract or pre-contractual measures with you. The legal basis for this is Article 6, Paragraph 1, b) of the GDPR.
If information is processed which is not required, this is solely based on your consent according to Article 6, Paragraph 1, a) of the GDPR.
Regarding 2. a and b):
If you are a person interested in information and products, we process your personal data either within the scope of consent (Article 6, Paragraph 1, a) of the GDPR, e.g. marketing measures) or in the legitimate interest of the controller under consideration of your personal rights (Article 6, Paragraph 1, f) of the GDPR). At the same time, special requirements of the fair trade law are taken into account.
Regarding 2. c):
We process your personal data as a visitor as proof of which persons have entered the secured company area, on the basis of Article 32 of the GDPR.
To make our production processes demonstrably safe, to prevent property damage and theft and to allow these to be documented in the event of damage, we operate a labelled video surveillance system. This data collection is based on Article 6, Paragraph 1, f) of the GDPR.
4. Who receives your data?
We do not share your data with unauthorized third parties. However, as part of contract processing, data are shared with natural persons,
- finance companies (payment transactions) and
- external processors as per Article 28 of the GDPR,
to the necessary extent.
5. Are your data transferred to a third country or international organisations?
The transfer of your data to a third country or international organisations is not planned.
6. How long do we store your data?
The personal data provided by you will be stored for the intended purposes listed under Clause 3 for as long as is needed for their fulfilment. The storage of your personal data is normally based on the regulations of the German Civil Code (BGB), the German Commercial Code (HGB) and the German Text Code (AO). These data will therefore be deleted after the legal retention periods expire. Insofar as data are not affected by these, they will be deleted when their intended purpose ceases to exist.
Video surveillance data are deleted after seven days.
7. What other data protection rights do you have?
- Right of access by the data subject to their stored personal data (Article 15 of the GDPR)
- Right to rectification if the data contains an error, is outdated or not correct in any other way (Article 16 of the GDPR)
- Right to erasure (right to be forgotten) if the storage is unlawful, the purpose of the processing has terminated and the storage is no longer required, or you have withdrawn your consent to process certain personal data (Article 17 of the GDPR)
- Right to restriction of processing if one of the circumstances listed under Article 18, Paragraph 1, a) to b) of the GDPR is provided
- Right to portability of the personal data made available and pertaining to you (Article 20 of the GDPR)
- The right to withdraw your consent at any time, whereby the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal (Article 7, Paragraph 3 of the GDPR)
The right to lodge a complaint with the competent data protection supervisory authority exists at all times. To do so, please contact the data protection officer for the Federal State of Schleswig-Holstein, Holstenstraße 98, 24103 Kiel
8. What rights of objection do you have?
- If you have consented to the processing of your data (Article 6, Paragraph 1, a) or Article 9, Paragraph 2, a) of the GDPR), you have the right to withdraw this consent at any time.
- Other consent to processing which is based on a legitimate interest in the meaning of Article 6, Paragraph 1, f) of the GDPR can be withdrawn, stating the reasons for your withdrawal, according to Article 21 of the GDPR at any time for reasons arising out of a special situation for you. If you provide legitimate grounds for objection, your personal data will basically no longer be processed for the respective purposes and deleted, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
- If you object, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
For such issues, please contact Steinbeis Papier GmbH at the address provided above.
9. Is the provision of personal data legally or contractually required or mandatory?
If you as a customer or business partner are a natural person, your data is absolutely necessary for the scope of processing the contract and for the proper handling of business relationships with contact persons of customers and business partners. Without your data, the legal transaction (contractual obligation), the business relationship, cannot be properly processed, which could lead to a cancellation of the contract or non-performance of payment.
As of November 2020