Art. 13 GDPR
Collection and Processing of Personal Data
We are aware of the importance of the personal data you entrust to us. We consider it one of our most important tasks to ensure the confidentiality of your data.
In accordance with the General Data Protection Regulation (GDPR), we wish to fulfil our information obligations when collecting personal data and to inform you transparently about the nature, scope and purpose of the processing of the personal data we collect, and to inform you about the rights to which you are entitled.
Contact Details of the Controller
The controller within the meaning of the General Data Protection Regulation is:
Name:
Tel.:
E-Mail:
We have appointed a Data Protection Officer.
Manuel Langeheinecke
digitalNORD GmbH, Zeppelinring 35A, 24146 Kiel, Schleswig-Holstein
You can reach him at dsb@dnord.de or with the note "Data Protection Officer" at the above company address.
What sources are used to collect personal data?
We process personal data that we receive directly from our customers in the context of our business relationship. We also process personal data received from other companies, e.g. for the execution of orders, the fulfilment of contracts, or on the basis of consent given by you.
We also process personal data that we have lawfully obtained and are permitted to process from publicly available sources (e.g. commercial and association registers, press, media, internet).
Personal data relevant to us may include:
Customer Contact Information
In the course of the business initiation phase and during the business relationship, in particular through personal, telephone or written contacts initiated by you or by one of our employees, further personal data is generated, e.g. information about the contact channel, date, reason and outcome; (electronic) copies of correspondence and information about participation in direct marketing measures.
Credit Assessment
Business credit documents: income/surplus statements, balance sheets, business management analyses, type and duration of self-employment.
For what purposes are your data processed and on what legal basis?
We process the aforementioned personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG):
Art. 6(1)(a) GDPR
Where we process personal data on the basis of consent from the data subject, Art. 6(1)(a) of the GDPR serves as the legal basis.
Art. 6(1)(b) GDPR
Where the processing of personal data is necessary for the performance of a contract to which the data subject is a party, Art. 6(1)(b) of the GDPR serves as the legal basis. This also covers processing operations necessary for pre-contractual measures.
Art. 6(1)(c) GDPR
Where processing is necessary for compliance with a legal obligation to which our company is subject, Art. 6(1)(c) of the GDPR serves as the legal basis.
Art. 6(1)(f) GDPR
Where processing is necessary to protect a legitimate interest of our company or a third party, and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6(1)(f) of the GDPR serves as the legal basis. The legitimate interest of our company is the conduct of our business operations.
Transfer of Data to Third Parties
Within our company, only those persons and departments receive your personal data who need it to fulfil our contractual and legal obligations.
We transfer data to third parties where necessary to fulfil a contractual obligation.
No transfer to third parties beyond the purposes mentioned in section 3 takes place.
Furthermore, we transfer data to third parties where there is a legal obligation to do so. This is the case when government bodies (e.g. authorities and agencies) request information in writing, a court order exists, or a legal basis permits the transfer.
If we provide advance performance, e.g. in the case of purchase on account, we reserve the right to obtain identity and credit information from specialised service companies (credit agencies) to protect our legitimate interests.
Transfer of Data to Third Countries
No transfer of personal data to so-called third countries outside the EU/EEA area takes place.
Data Retention Periods / Deletion Deadlines
We process and store your personal data for as long as it is necessary for the fulfilment of our contractual obligations and for all other purposes mentioned in section 3, or as required by the statutory retention periods.
Where the data is no longer required for the fulfilment of contractual or legal obligations, it is regularly blocked or deleted in accordance with legal regulations.
Data Subject Rights
If you have questions about your personal data, you may contact us in writing at any time.
You have the following rights under the GDPR:
Right of Access (Art. 15 GDPR)
You have the right at any time to obtain information about the categories and details of your personal data processed by us, for what purpose, for how long and according to what criteria this data is stored, and whether automated decision-making including profiling is applied in this context. You also have the right to know which recipients or categories of recipients your data has been or will be disclosed to, particularly recipients in third countries or international organisations. In this case, you also have the right to be informed of the appropriate safeguards in connection with the transfer of your personal data. In addition to the right to lodge a complaint with the supervisory authority and the right to information about the source of your data, you have the right to erasure, rectification, and the right to restriction of or objection to the processing of your personal data. In all of the above cases, you have the right to request a free copy of your personal data being processed by us. For all further copies or requests that go beyond the statutory right to information, we are entitled to charge a reasonable administrative fee.
Right to Rectification (Art. 16 GDPR)
You have the right to demand the immediate correction of incorrect personal data concerning you and, taking into account the purposes of the processing, to demand the completion of incomplete personal data by means of a supplementary declaration. If you wish to exercise the right to rectification, you may contact our Data Protection Officer or the controller at any time.
Right to Erasure (Art. 17 GDPR)
You have the right to demand the immediate erasure of your data (also known as the right to be forgotten), in particular where the storage of the data is no longer necessary, you withdraw your consent to data processing, your data was processed or collected unlawfully, and a legal obligation to delete exists under EU or national law. The right to be forgotten does not apply, however, if an overriding right to freedom of expression or information exists, storage is necessary for compliance with a legal obligation (e.g. retention obligations), archiving purposes preclude erasure, or storage is necessary for the establishment, exercise or defence of legal claims.
Right to Restriction (Art. 18 GDPR)
You have the right to request restriction of the processing of your data by the controller where the accuracy of the data is contested by you, the processing is unlawful, you object to the erasure of your personal data and request restriction of its use instead, the processing purpose no longer applies, or you have objected to processing pursuant to Article 21(1) pending the verification of whether legitimate grounds on our part override yours.
Right to Data Portability (Art. 20 GDPR)
You have the right to receive your personal data, which you have provided to our company in a commonly used format, in order to be able to transfer your personal data to another controller without hindrance, provided that your consent exists and the processing is carried out by automated means.
Right to Object (Art. 21 GDPR)
You have the right, except where legitimate grounds exist, to object at any time to the processing of your personal data. Legitimate grounds for data processing exist, for example, where the interests, rights and freedoms of the data subject override those of the controller, or the processing is necessary for the establishment, exercise or defence of legal claims. You may also at any time exercise a separate, explicit right to object to the processing of your personal data for direct marketing purposes.
Right to Lodge a Complaint (Art. 77 GDPR in conjunction with § 19 BDSG)
You have the right to lodge a complaint with a supervisory authority if you consider that the processing of your personal data infringes applicable data protection law.
Competent supervisory authority:
Independent State Centre for Data Protection (ULD)
Marit Hansen – State Commissioner for Data Protection Schleswig-Holstein
Holstenstraße 98 – 24103 Kiel
Right to Withdraw Consent (Art. 7(3) GDPR)
Any consent given to the processing of your personal data may be withdrawn at any time and without giving reasons. This also applies to the withdrawal of declarations of consent given to us prior to the entry into force of the EU General Data Protection Regulation.
Statutory or Contractual Requirements for the Provision of Personal Data
We hereby point out that the provision of personal data is required by law in certain cases (e.g. tax regulations) or may arise from contractual obligations (e.g. details of the contractual partner). For example, it may be necessary for the conclusion of a contract that the data subject provides their personal data so that their request (e.g. an order) can be processed by us. An obligation to provide personal data arises above all when concluding contracts. If no personal data is provided in such a case, the contract with the data subject cannot be concluded. Before providing personal data, the data subject may contact our Data Protection Officer or the controller. The Data Protection Officer or the controller will then inform the data subject whether the provision of the required personal data is required by law or by contract or is necessary for the conclusion of the contract, and what the consequences of not providing the requested data would be.
Existence of Automated Decision-Making (including Profiling)
As a responsible company, we refrain from automated decision-making or profiling in our business relationships.
