Version: 1.0.0, Date: 27.05.2019
We take privacy very seriously and act according to the principles of data minimisation and data avoidance. We process your personal data exclusively on the basis of legal regulations, in particular the EU General Data Protection Regulation (GDPR). Below you will find information about how and why we process your data, who receives your data as well as information about your rights.
Using our websites
Contact or business relationship with us
If you get in touch with us, e.g. via email, mail or phone, personally or by using the contact forms on our websites, or if a business relationship exists between you and us, we process your personal data for the following purposes:
- Conducting our business operations, processing of your enquiries, other correspondence during the course of the business relationship, handling business transactions, measures to protect our interests, including legal measures (art. 6 (1) (b) and (f) GDPR)
- Order execution, performance of contracts concluded with you and taking steps prior to entering into a contract (art. 6 (1) (b) GDPR)
- Compliance with legal obligations (art. 6 (1) (c) GDPR)
In doing so, we only process the required minimum amount of personal data, usually the following data:
- Your name and where applicable your position in the company
- Your contact details, such as email address, phone number, postal address
- Your correspondence with us, such as letters, email messages or our notes on meetings and phone calls with you, as well as information provided by you in this context
Due to legal obligations and for reasons of preservation of evidence, we store this data for up to 30 years after termination of the business relationship.
Accountability, transfer and storage location of your data
Regarding the processing of your personal data, we are the controller within the meaning of the GDPR. Below you will find our contact details:
We transfer the personal data processed by us to third parties in the following cases:
- Within our internal business processes to processors commissioned by us, who may not use the data for their own puroposes, but solely for the provision of their services towards us. These are e.g. providers of cloud or email services. These processors also commit themselves to compliance with the provisions of the GDPR and ensure an adequate level of data security
- Solely for order execution, for performance of contracts concluded with you and for taking steps prior to entering into a contract to our partners, who are obliged to non-disclosure
- If we are required to do so by law to investigative or other authorities
We and processors commissioned by us usually store your data in EU countries or in countries, for which an adequacy decision of the European Commission exists and for which the respective processor possesses the required certifications (e.g. the EU-U.S. Privacy Shield). However, should a processor store data in a country without an adequacy decision, an adequate level of data security is ensured by the use of so-called standard data protection clauses or by similar guarantees, which we will gladly send upon request.
Regarding your personal data processed by us, you generally have the right of access, rectification, erasure and portability of your data as well as the right of restriction of or objection to the processing, where possible. You can send us enquiries in this regard via the contact information stated above (see Accountability, transfer and storage location of your data).
In addition, you have the right to lodge a complaint with the competent supervisory authority.