As a data processing company for us (see "Who is responsible for data processing?") the protection of your personal data is very important. We treat your personal data confidentially and in accordance with the applicable local data protection regulations (e.g. European General Data Protection Regulation [GDPR], German Federal Data Protection Act [BDSG], Austrian Data Protection Act 2018 [DSG 2018] and so on).
The GDPR provides that persons who collect data must be informed about the relevant processing context in order to ensure fair and transparent processing.
With the following information, we will give you an overview of the processing of your personal data by us, inform you about your rights under data protection law and will be happy to tell you who you can contact if you have any questions. Which data is processed in detail and in what way is largely determined by the services requested or commissioned by you. Therefore, not all parts of this information will probably apply to you directly.
Who is responsible for data processing?
Within the meaning of the law, the company with which you enter into your contract or/or have made your other agreement. Which this is, please refer to your documents. The following information on the respective person responsible can be found:
What and on what legal basis do we process your data?
We process your personal data for the following purposes on the basis of the following legal bases.
For the fulfillment of contractual obligations
If you are already our customer or if you provide us with your personal data in the course of a business initiation ¬ (e.g. in case of your expressed interest in our services, e.g. at trade fairs), if necessary also want to update data, we process this personal data for the execution of the contractual relationship or for pre-contractual purposes at your instigation according to Art. 6 sec. 1 lit. b GDPR. This includes the use for the purpose of in-depth examination of whether an order can be accepted at all as well as for the purpose of fulfilling mutual open claims. The purposes of data processing are primarily based on your product interest and may also include needs analyses and general advice.
The specific services are to be found in the respective contract documents, terms and conditions and product information. In the case of existing contracts, we may collect additional personal data from you in individual cases. This may be the case, for example, if we advise you regarding a contract adjustment or a service extension, which may make sense to consider the entire customer relationship.
Compliance with legal requirements
We also process your personal data in order to fulfil numerous legal obligations, e.g. in connection with the conduct of the contract. This includes in particular commercial, commercial or tax retention periods, e.g. offers, contracts or invoices. This also includes reporting obligations or possible regulatory and sector-specific requirements. Industry-specific specifications may also have been imposed on us by you in the context of the business relationship. We process your personal data in the event of fulfilment of a legal obligation that we are subject to in accordance with Art. 6 sec. 1 lit. c GDPR. A legal obligation arises, for example, in particular from Paragraph 147 of the German Tax Code [AO].
We also process your data in order to protect legitimate interests of us or third parties (e.g. cooperation partners) to the extent permitted by law (Art. 6 sec. 1 lit. f GDPR), if no corresponding consent has been obtained and no legal basis for data processing is apparent and only if the conditions of Article 6 (1) lit. f GDPR are met. Not only are we happy to send you personal communications (e.g. invitations) to provide further information about us or our products and services, but also to invite you to customer surveys, for example, so that we can better understand your needs overall, strengthen the relationship with you and design our products and services according to your requirements. We compile customer or market-specific statistics in order to optimize our service portfolio for you and thus for business management. We also process your personal data in order to potentially assert our rights in the event of a dispute and to enforce our legal claims. Finally, we process your personal data, insofar as this is necessary for the prevention or prosecution of criminal offences, in order to ensure a friction-free IT operation, within the framework of measures of building security (e.g. access control) and to ensure the householder´s rights.
Insofar as you have given us consent to the processing of your data for specific purposes (e.g. receiving our newsletter), the legality under Newsletter Art. 6 sec. 1 lit. a GDPR. Consent can, of course, be revoked at any time with effect for the future. Please note that if processing has already been initiated, a revocation may only be realized with a time delay and that in individual cases, in particular in connection with information that can be accessed on the Internet, a further withdrawal can hardly be impossible to impossible.
What sources and data categories do we use?
In principle, we process personal data that we receive from you in the course of our business relationship. In addition, if necessary for the provision of our service, we process personal data that we have received legitimately (e.g. credit health requests in connection with the execution of orders) from companies of the Scheer Group or other third parties (e.g. credit reporting agencies). On the other hand, we may also process data that we have legitimately obtained and process from publicly available sources (e.g. commercial registers, press).
We may have collected information about the following categories of data:
- Personal master data (e.g. name, first name, address data)
- Contact details (e.g. telephone, e-mail, preferred language, time zone)
- Information about planned projects as well as your interest in products and services
- Information about your profession /company (e.g. industry, employment, employer, position, title, department, company address)
- Order characteristics (e.g. customer number)
- data from the fulfilment of our contractual obligations (e.g. turnover data in payment transactions),
- Data on legitimation and authentication
- Documentation data (e.g. logs)
- Data in the context of the visit to our website (see the privacy notice included on the respective page, e.g. https://www.scheer-group.com/en/privacy-notice/)
Obligation to provide the data
As part of our business relationship, you must provide the personal data necessary for the establishment and execution of our business relationship and the fulfilment of the contractual obligations thereto, or which we are legally obliged to collect. Without the processing of your related data, we will generally not be able to conclude or execute the contract with you or comply with your request.
Who gets access to your data?
Your personal data will only be made available within our group of companies to the bodies that need it for the fulfilment of the above-mentioned purposes (e.g. marketing, sales, projectstaff, accounting). In principle, your data will not be passed on outside our group of companies. However, other entities may be those to which we are legally obliged to surrender in any way (e.g. public authorities and institutions), to enforce open claims (e.g. lawyers) to which you have given us your consent (e.g. as a reference), or such service providers who necessarily assist us in the provision of services. This can be done, for example, there will be in the categories IT service, certification/auditing, logistics, printing service, archiving, disposal, telecommunications, consulting, debt collection or marketing, provided there is a data protection law. If processors are directly involved in the provision of part of the service subject matter, this shall be done taking into account the requirements of Article 28 GDPR. In no case will we sell your data. In principle, we do not transfer your data to third countries. Since our group of companies also includes companies in third countries or, in order to be competitive, support us service providers with their registered office, parent company or data centre in third countries on a case-by-case basis, it may be necessary for this to be passed on. In such cases, we shall ensure, within our means, that only access is provided to data that is necessary for the performance of the specific task and that appropriate security measures have also been taken (e.g. adequacy decision of the EU Commission, standard contractual clauses, other technical measures).
Within the framework of the respective regulations(in particular Articles 15 - 21 GDPR), you have a wide range of rights to the processing of your personal data: right of access, right to rectification, right to erasure, right to restriction of processing and the right to data portability. You also have the right to be subject to a non-exclusively automated individual decision. Finally, you have the right to complain to a competent data protection supervisory authority. The right of access and the cancellation are subject to legal restrictions. You also have the right to object to the processing of your personal data for direct marketing purposes. If we process your data for the protection of legitimate interests, you may object to this processing if there are reasons for your particular situation that speak against data processing. For more information on the right of objection, see below.
Is there an exclusive automated decision-making process?
Neither full automated decision-making (a decision based on purely automated processing) takes place in accordance with Article 22 GDPR, either in the event of a statement of reasons or for the conduct of the business relationship.
Is profiling taking place?
We process some of your data in a partially automated manner (e.g. click rate in the online area, credit rating, customer management, payment history) ) with the aim of getting to know and understand you and your needs better. This enables us to communicate and promote in a way that meets needs, including market and opinion research. There is no fully automated profiling.
Period of data storage
Unless you request deletion of the data, it will be stored by us as long as it is required for the purpose for which it was collected. In addition, the storage, in particular if a contractual relationship exists or existed, can be carried out for the fulfilment of commercial and tax retention obligations (e.g. 2 to 10 years) or for the preservation of evidence within the framework of statutory limitation regulations (e.g. up to 30 years).
Information on your right to object under Article 21 GDPR
Case-by-case right to object: You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you, which is carried out pursuant to Article 6 (1) lit. f of the GDPR (data processing based on a balance of interests), and this also applies to profiling based on that provision within the meaning of Article 4(4) GDPR, which we use for credit assessment or advertising purposes. If you object, we will no longer process your personal data unless we can prove compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. Right to object to the processing of data for direct marketing purposes: In individual cases, we process your personal data in order to conduct direct marketing. You have the right to object at any time individually to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling in so far as it is related to such direct marketing. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes. The objection can be made without form and should be addressed as far as possible to the person responsible above.
Data Protection Officer
You can reach our data protection officer or a contact person for data protection at: email@example.com as well as by mail via the address of the responsible person mentioned at the beginning.
As the recipient of this information, please inform other persons of your house who are affected by this information. The status of this information is 2022, September. We reserve the right to update this information if necessary.