We appreciate your interest in our company, our products and our services. We want you to feel comfortable in your interaction with us and our employees regarding the protection of your personal data. We take the protection of your personal data very seriously. Compliance with German and European data protection regulations is a matter of course for us. As a result, the protection of your personal data has top priority for us. With the following information, we would like to inform you about how we handle your personal data in detail:

 

1. Name and contact details of the controller

Responsible for the processing of your personal data in the context of the present contact is 

2. Contact details of the data protection officer

The designated data protection officer is   

3. Processing of your personal data

a. Your personal data processed by us

In the context of the existing customer relationship as well as the contract initiation, we process the following personal data about you:

• Address
• Bank details
• Customer number
• Last name
• First name
• Your e-mail address,
• Your mobile phone number
• Your landline number
• Your fax number

b. Purposes of the data processing

In the context of the existing customer relationship as well as the contract initiation, your personal data will be processed for the following purposes:

• To process your inquiry as an interested party. For this purpose, we use your contact information to respond to your inquiry.
• To prepare and carry out pre-contractual measures - this includes, for example, the preparation and sending of an individual offer or individual agreement and transmission of contractual conditions with the aim of concluding a contract.
• To add your contact information to our customer database.
• To check your credit rating.
• To fulfil our contractual obligations arising from the [purchase agreement] with you. For this purpose, we share your personal data with shipping companies, among others, to ensure a smooth delivery of the goods.
• To inform you about our products and services in the best possible way. This also includes the sending of (direct) advertising by e-mail or by post.
• In order to ensure smooth billing for the services provided. For this purpose, your personal data will be processed in order to issue invoices. In addition, we forward your personal data to our external service provider Shopify in order to store and process your data.
• To comply with our legal obligations. This includes, for example, the transmission of your personal data to the tax office.
• In order to provide you, our customer, with the best possible service. This includes in particular the communication with you by e-mail, mobile phone, landline number or by fax.
• For the purpose of sending newsletters, insofar as you have registered for our newsletter
• To fulfil post-contractual measures.
• For the assertion, exercise or defense of legal claims.

c. Legal basis of the data processing

Legal basis for the processing of data in the context of [purposes of b.] will be processed on the basis of Art. 6 (a) – (f) GDPR.

 

Processing of your personal data based on consent

Insofar as we obtain your consent for the processing of your personal data, the processing of your personal data is based on Art. 6 (1) (a) GDPR in conjunction with Art. 5, 7 GDPR.

Processing for the purpose of executing the contract with you

Insofar as we process your personal data for the purpose of fulfilling a contract, Art. 6 (1) (b) GDPR serves as our legal basis. This also applies to processing operations that are necessary for the implementation of pre- and post-contractual measures.

Processing for compliance with a legal obligation

Insofar as the processing of your personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as the legal basis for us. Our legal obligation to process data results [e.g. from tax law and/or commercial law] retention obligations.

Processing on the basis of legitimate interest

The legal basis for direct marketing purposes may be Art. 6 (1) (f) GDPR if we have legitimate interests, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail. The legitimate interests pursued by us in this regard - in addition to the purposes listed under Art. 6 (1) (b) - include:

• To be able to inform you sufficiently about our products, offers and services by means of direct marketing;
• In communication with you, in particular to be able to answer your requests by e-mail, telephone and/or fax;
• In order to be able to conduct due diligence with our potential business partner

The legal basis for processing activities in connection with the assertion, exercise or defense of legal claims is also our legitimate interest pursuant to Art. 6 (1) (f ) GDPR.

d. Source from which your personal data originates

Your personal data that we process:

• Name
• First name
• E-mail address
• Credit score
• Profitability score

and not collected directly from you, come from the following sources:

• Credit Rating Company
• Credit bureau
• Internet / public sources

 

4. Recipients or categories of recipients of the personal data

While processing your personal data, we may disclose the personal data concerning you to the following recipients. We only transfer your personal data to external recipients if you have consented or if this is permitted by law. External recipients of your personal data are in particular:

• external employees / freelancers
• Processor
• Potential business partners in the context of a (future) due diligence review
• Third Authorities e.g. tax offices, courts, trade supervisory office
• Settlement partner
• Collection agency
• Credit institutions
• Logistics company
• Parcel service provider
• Mail
• (external) quality control bodies
• Tax consultant
• Affiliated companies

In addition, your personal data may be transferred to the following service providers located in a country outside the EU/EEA:

• LinkedIn Corporation, Twitter, Inc., Rocket Science Group, Google LLC, Freshwork Inc.,

In the case of processors and service providers outside the EU/EEA, your aforementioned personal data will only be processed to the extent that this is the subject of our standard data protection clauses pursuant to Art. 46(2)(c) GDPR with these recipients.

5. Transfer of personal data to a third country

In principle, the personal data collected and generated during the provision of relevant products and services is stored on our servers in the European Union. Since the providers of our software solutions, among others, offer their products and/or services on a global basis based on available resources and servers, your personal data may be transferred to or accessed from other jurisdictions outside the European Union and the European Economic Area. In particular, personal data will be transferred to the third country USA within the meaning of Article 15 (2) GDPR. In order to ensure the continuation of the necessary level of protection in the event of data transfer to a third country, contractual measures are agreed for this purpose. The software provider has its registered office in the United States of America, which has not been recognized as providing an adequate level of data protection. In order to ensure appropriate guarantees for the protection of the transfer and processing of personal data outside the EU, the transfer of data to and processing of data by our service providers is carried out on the basis of appropriate guarantees pursuant to Art. 46 et seq. GDPR, in particular by concluding so-called standard data protection clauses pursuant to Art. 46 (2) (c) GDPR.

6. Duration of the storage of personal data

We do not store your personal data for longer than is necessary for the purpose for which it was collected. This means that data in our systems is destroyed or deleted as soon as it is no longer needed. Reasonable measures are taken by us to ensure that your personal data is only processed under the following conditions:

a. For the duration that the data is used to provide you with a service
b. As required by applicable law, contract or in view of our legal obligations
c. Only for as long as necessary for the purpose for which the data was collected, or longer if required by contract, applicable law, using appropriate safeguards.

A requirement may exist if the data is still needed to fulfil contractual services, to check and grant or ward off warranty and, if applicable, guarantee claims. If the data is no longer required for the fulfilment of contractual or legal obligations, it is regularly deleted, unless its - temporary - retention is still necessary, in particular for the fulfilment of legal retention periods of up to ten years (including from the German Commercial Code, the German Fiscal Code and the German Money Laundering Act). In the case of statutory retention obligations, deletion is only considered after the expiry of the respective retention obligation.

7. Data subject rights

Under the General Data Protection Regulation, you have the following rights:

• If your personal data is processed, you have the right to obtain information from the controller about the data stored about you (Art. 15 GDPR).
• If incorrect personal data is processed, you have a right to rectification (Art. 16 GDPR).
• If the legal requirements are met, you may request the deletion or restriction of processing (Art. 17 and 18 GDPR).
• If you have consented to the data processing or if a contract for data processing exists and the data processing is carried out with the help of automated procedures, you may have a right to data portability (Art. 20 GDPR).
• If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to processing of the personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. (Art. 21 GDPR)
• Furthermore, there is a right of appeal to a supervisory authority (Art. 77 GDPR). The supervisory authority responsible for us is the Berlin Commissioner for Data Protection and Freedom of Information. You can reach this under:

Berlin Commissioner for Data Protection and
Freedom of Information
Friedrichstr. 219, 10969 Berlin
Visitor entrance: Puttkamer Str. 16-18 (5th floor)

Phone: 030 13889-0
Fax: 030 215-5050
E-mail: mailbox@datenschutz-berlin.de
Web: www.datenschutz-berlin.de

If the legal requirements are met, you may object at any time on grounds relating to your particular situation to the processing of personal data relating to you which is carried out on the basis of Art. 6 (e) or (f) GDPR (Art. 21 GDPR).

8. Right of withdrawal for consent

If you have consented to processing by the controller by making a corresponding declaration, you can revoke your consent at any time for the future. The legality of the data processing carried out on the basis of the consent until the revocation is not affected by this.

9. Obligation to provide the data

For a (planned) conclusion as well as the execution of the contract with you, you must provide those personal data which are necessary for the establishment and execution of the contractual relationship and the fulfilment of the associated contractual obligations or which we are legally obliged to collect (see in particular the standards listed under "3. c." listed standards). This obligation also arises from the law, e.g., § 14 German Value Added Tax Act. Without this data, we will generally not be able to conclude and execute the contract with you.

This privacy information was created with the support of DataGuard.