INFORMATION REQUIREMENTS PURSUANT TO ARTICLE 13 GDPR
The protection of your personal data is of particular concern to us. That is why we process your personal data ("data" for short) exclusively on the basis of the statutory provisions. With this data protection declaration, we want to provide you with comprehensive information regarding the processing of your data in our company and the data protection claims and rights to which you are entitled within the meaning of Article 13 of the European General Data Protection Regulation (EU GDPR).
1. Who is the data controller responsible for data processing and whom can you contact?
The data controller responsible for the processing is
Hauck GmbH & Co. KG
Frohnlacher Str. 8
The company's data protection officer is
Projekt 29 GmbH & Co. KG
2. Which data is processed and from which sources does this data originate?
We process the data collected in the phases leading up to concluding a contract or its subsequent fulfilment, on the basis of your consent, as part of a job application you submit to us, or because you work for us.
Such personal data includes:
Your master/contact data, for customers this includes, e.g., identification data (first name and surname), communication/address data (address, contact data, email address, telephone number, fax), bank data.
For applicants and employees, this includes, for example, identification data (first name and surname), communication/address data (address, contact details, email address, telephone number, fax), date of birth, data from CVs and references, bank details, religious affiliation.
For business partners, this includes, for example, the name of your legal representative, company, commercial register number, VAT ID number, company number, address, contact details (email address, telephone number, fax), bank details.
In addition, we also process the following other personal data:
- Information on the type and content of contract data, order data, sales and receipt data, customer and supplier history, and consulting records
- Advertising and sales data
- Information from your electronic interaction with us (e.g., IP address, login data)
- Other data that we have received from you as part of our business relationship (for example, during customer meetings)
- Data that we generate ourselves from master/contact data and other data, such as customer needs and analyses of business potential
- Documentation of your consent to receive communication from us, such as newsletters
3. For what purposes and on what legal basis is the data processed?
We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the 2018 Federal Data Protection Act (BDSG), each as amended:
• to fulfil (pre)contractual obligations (Art. 6 (1) (b) GDPR):
The processing of your data to establish and process a contractual relationship with us can take place online or in one of our branches; if it is for an employment contract with us, then it is processed in our company offices. The data is processed in particular when we initiate business with you and during the subsequent contractual relationship.
• for the fulfilment of legal obligations (Art. 6 (1) (c) GDPR):
Processing of your data is necessary in order to fulfil various legal obligations, for example those arising from the Commercial Code (HGB) or the Tax Code (AO).
• to protect legitimate interests (Art. 6 (1) (f) GDPR):
We also process your data beyond the actual fulfilment of the contract in order to protect our legitimate interests or those of third parties. Such data processing takes place for the following purposes:
- Advertising, product evaluation or marketing (see no. 4)
- Measures to manage the business and further development of services and products
- Maintaining a group-wide customer database to improve customer service
- In the context of legal proceedings
• within the scope of your consent (Art. 6 (1) (a) GDPR):
If you have given us your consent to process your data, for example to send you our newsletter.
4. Processing of personal data for advertising purposes
You can object to the use of your personal data for advertising purposes at any time, either as a whole or for individual measures, without incurring any costs other than the cost to transmit your objection.
Pursuant to Section 7 (3) of the Law Prohibiting Unfair Competition (UWG), we are entitled to use the email address you provided when signing the contract to advertise our own similar goods or services. You will receive these product recommendations regardless of whether you have subscribed to a newsletter.
If you do not wish to receive such recommendations by email from us, you may object to the use of your address for this purpose at any time without incurring any costs other than the cost to transmit your objection. A typed notification is sufficient. Of course, every email always includes an unsubscribe link.
5. Who receives my data?
If we use a service provider for order processing, we are still responsible for protecting your data. All of our processors are contractually obliged to treat your data confidentially and to process it only as part of the services for which they have been hired. The processors we hire will receive your data if they need the data to provide their services. These might include such service providers we require to operate and secure our IT system as well as advertising and address publishers for our own advertising campaigns. Your data will be processed in our customer database. The customer database supports enhancing the quality of existing customer data (cleaning up duplicates, removing bad addresses/deceased contacts, correcting addresses) and allows data to be supplemented with that from public sources.
This data will be made available to the Group companies if necessary for the performance of the contract. Customer data is stored separately for each company, with our parent company acting as a service provider to the individual companies involved.
In the event of a legal obligation or in the context of legal action, we may have to provide your data to government authorities, the courts, and/or external auditors.
In addition, insurance companies, banks, credit bureaus, and service providers may be recipients of your information for the purpose of contract initiation and fulfilment.
6. How long will my data be stored for?
We process your data until the end of the business relationship or until the expiry of the applicable statutory retention periods (e.g., as laid down in the German Commercial Code (HGB), the German Fiscal Code (AO), the Care Home Act (HeimG) or the Working Hours Act (AfbZG); in addition, until the end of any legal disputes in which the data is required as evidence.
7. Will data be transferred to a third country?
Generally, we do not transmit any data to a third country. Such transmission will take place only on a case-by-case basis and only if the recipient has been declared to have adequate protections in place by the European Commission or the data can be otherwise protected through the use of standard contractual clauses or appropriate guarantees or we otherwise have your express consent.
8. What data protection rights do I have?
You have the right to access information about how we process the data we have on file about you and to have it corrected, erased, or its use restricted; you also have a right to object to said processing and a right to data portability, and a right to lodge a complaint in accordance with the requirements of data protection law.
The right of access to information:
You may request confirmation from us as to whether and to what extent we are processing your data.
Right to rectification:
If we process your personal data that is incomplete or inaccurate, you may request that we correct or complete it at any time.
Right to erasure:
You may ask us to erase your personal data if we are processing it unlawfully or if the processing interferes disproportionately with your legitimate protection interests. Please note that there may be reasons that prevent immediate erasure, e.g., in the case of legally regulated retention obligations. Irrespective of your right to such erasure, we will immediately and completely erase your data, unless there is a contractual or legal duty requiring its further retention.
Right to restriction of processing:
You may request that we restrict the processing of your data if:
- you contest the accuracy of the data for a period of time that allows us to verify the accuracy of the data;
- the processing of the data is unlawful, but you decline to have it erased and instead request a restriction on the use of the data;
- we no longer need the data for the intended purpose, but you still need the data to assert or defend legal claims; or
- you have lodged an objection to the processing of the data.
Right to data portability:
You have the right to receive from us the personal data you provided to us in a structured, current, and machine-readable format, and you have the right to be able to transmit this data to another data controller without our interference, provided that
- we are processing this data on the basis of consent that you have given to us, which can be revoked, or to fulfil an existing contractual relationship between us; and
- this processing is carried out with the aid of automated procedures.
If technically feasible, you may demand that we transfer your data directly to another data controller.
Right to object:
In the event that we are processing your data to safeguard legitimate interests, you can object to such processing at any time; this would also apply to any profiling based on these provisions. We will then no longer process your data, unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is intended to assert, exercise or defend legal claims. You have the right to object to the processing of your personal data for direct marketing purposes without stating a reason.
Right to lodge a complaint:
If you believe that we are in breach of German or European data protection legislation when processing your data, please contact us to clarify any questions. Of course, you also have the right to contact the supervisory authority responsible for you, i.e., the relevant State Office for Data Protection Supervision. If you want to assert one of the previously mentioned rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.
9. Am I obliged to provide data?
The processing of your data is required to enter into or fulfil any contracts with us. If you do not provide us with this data, we will generally have to refuse to enter into or fulfil any existing contracts and would consequently be forced to terminate the same. However, you are not obliged to give your consent to the processing of data that is not relevant or legally required for the fulfilment of the contract.