Data protection notice

Information on data protection regarding our processing of customer and interested party data in accordance with Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR)

1. Description of the processing activity

Address data management 

2. Name and contact details of the controller

The controller for data collection is
Heidolph Instruments GmbH & Co. KG
Ludwigsplatz 8
93309 Kelheim
Tel: +49 9441 68383-0
Email: sales@heidolph.de 

3. Contact details of the data protection officer

Our data protection officer, Ms Nadine Heyn, can be reached at the above address at:
datenschutz@heidolph.de

4. Purposes and legal basis of processing

We process your personally identifiable data in accordance with the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other relevant data protection regulations.

4.1. Purposes of processing

The processing and use of your personally identifiable data serves the purpose of customer and supplier support, customer acquisition, processing of enquiries, customer surveys, the transfer of information in the form of an interest-based communication via e-mail, telephone, letter or fax, the procurement of materials, services, operating and working materials and the fulfilment of contracts.

4.2. Legal basis of the processing

The legal basis for the processing of your personally identifiable data is one of the following:

• Consent on your part (Art. 6 para. 1 lit. a GDPR) - you may object to this consent at any time with effect for the future
• Fulfilment of contractual obligations or implementation of pre-contractual measures (Art. 6 para. 1 lit. b GDPR)
• Compliance with legal obligations (e.g. commercial and tax laws)
• Legitimate interest on our part or on the part of third parties (Art. 6 para. 1 lit. f) for the following purposes:
  • for interest-based communication, if you have not objected to the use of your data
  • to obtain information and exchange data with credit agencies, if this exceeds our economic risk
  • for the limited storage of your data, if deletion is not possible or only possible with disproportionately high expenditure due to the special type of storage
  • for comparison with European and international anti-terrorist lists, if this goes beyond the legal obligations
  • for statistical evaluations or for market analyses
  • for benchmarking
  • for the assertion of legal claims and defence in legal disputes which are not directly attributable to the contractual relationship
  • for the possible listening in on of telephone conversations for quality control and training purposes

5. Categories of personally identifiable data processed by us

The following data are processed:

• Personally identifiable data (name, profession/industry and comparable data)
• Contact details (address, email address, telephone number and similar data)
• Confirmation of payment/cover for bank and credit cards
• Customer history
• Supplier history

6. Sources of the data

We process personally identifiable data which we receive from you or which you provide via our dealers within the scope of establishing contact or a contractual relationship or within the scope of pre-contractual measures.

Furthermore, we process personally identifiable data which we receive from third party. We only process this data if the data subject has consented to the transmission to third parties and processing by third parties.

7. Recipients or categories of recipients of the personally identifiable data

Within our company, we pass on your personally identifiable data to those areas that require these data to fulfil contractual and legal obligations or to implement our legitimate interests.
In addition, the following bodies may receive your data:

• companies affiliated with us, insofar as this is permissible within the framework of the purposes and legal basis set out in Section 4 of this Data Protection Notice
• contract processors used by us (Art. 28 GDPR) e.g. IT services, printing services, support/maintenance of IT applications, archiving, document processing, data screening for anti-money laundering purposes, data validation or plausibility checks, data destruction, lettershops,
• public bodies and institutions if there is a legal or official obligation according to which we are obliged to provide information, report or pass on data or if the passing on of data is in the public interest
• bodies and institutions on the basis of our legitimate interest or the legitimate interest of the third party (e.g. to authorities, credit agencies, debt collection agencies, lawyers, courts, experts, enterprises belonging to the company group and committees and supervisory bodies);
• other entities for which you have given us your consent to the transfer of data

8. Transfer of your data to a third country or international organisation

Your personally identifiable data are mainly processed within the EU/EEA. Only in exceptional cases where we have a legitimate interest (e.g. cost reduction, optimisation of service, etc.) and the recipient has guaranteed an adequate level of data protection, will data be transferred to a third country or international organisation.

9. Duration of storage of personally identifiable data

If necessary, we process your personally identifiable data for the duration of our business relationship; this also includes the initiation and execution of a contract.

In addition, we are subject to various storage and documentation obligations arising from the German Commercial Code (HGB) and the German Fiscal Code (AO), among others. The periods of retention or documentation specified there are up to ten years beyond the end of the business relationship or the pre-contractual legal relationship.

Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code (BGB), can generally be three years, but in certain cases up to thirty years.

10. Rights of the data subject

According to the General Data Protection Regulation, you are entitled to the following rights:

If your personally identifiable data are processed, you have the right to obtain information about the data stored about you (Art. 15 GDPR).

Should incorrect personally identifiable data be processed, you have the right to rectification (Art. 16 GDPR).

If the legal requirements are met, you can request the deletion or restriction of the processing and file an objection to the processing (Art. 17, 18 and 21 GDPR).

If you have consented to the processing of your data or if there is a contract for data processing and the data processing is carried out using automated procedures, you may have the right to data transferability (Art. 20 GDPR).

If you wish to exercise any of the above rights, please contact our data protection officer (datenschutz@heidolph.de).

You also have the right to lodge a complaint with the Bavarian State Commissioner for Data Protection.

11. Information about your right of objection pursuant to Art. 21 GDPR

You have the right to object at any time to the processing of your data, which is carried out on the basis of Art. 6 para. 1 a GDPR (consent) or Art. 6 para. 1 f GDPR (data processing for the purposes of the legitimate interests pursued by the controller). This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR.

If you object, we will no longer process your personally identifiable data, unless we can prove compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

We may also process your personally identifiable data for direct marketing purposes. If you do not wish to receive advertising, you have the right to object to this at any time. This also applies to profiling, insofar as it is associated with such direct marketing. We will bear this objection in mind for the future.

We will no longer process your data for the purposes of direct marketing if you object to processing for these purposes.

The objection can be made informally by sending an e-mail to datenschutz@heidolph.de or to the address listed under point 2.

12. Obligation to provide the data

You only need to provide the data that is necessary for the execution of a business relationship or for a pre-contractual relationship with us or that we are legally obliged to collect. This may also refer to data required later on within the scope of the business relationship. If we request additional data from you, you will be informed separately about the voluntary nature of the information.

13. Automated decision-making

As a matter of principle, we do not use fully automated decision-making in accordance with Art. 22 GDPR to justify, perform or implement the business relationship or for pre-contractual measures. Should we use these procedures in individual cases, we will inform you separately or obtain your consent, provided this is required by law.