Our handling of your data and your rights – Information pursuant to Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR/DSGVO) –
Dear Customer,
Below we inform you about the processing of your personal data by us and the claims and rights to which you are entitled according to the data protection regulations.
Which data is processed in detail and how it is used depends largely on the requested or agreed services.
1. Who is responsible for data processing and whom can I contact?
The responsible body is:
Robbe & Berking Silbermanufaktur seit 1874 GmbH & Co. KG
Zur Bleiche 47
24941 Flensburg
Phone: +49 (0)461 90306-0
Fax: +49 (0)461 90306-87
E-mail address: info@robbeberking.de
You can reach the data protection officer at:
Phone: +49 (0)4841 8968-20
E-mail: info@datensicherheit-nord.de
2. What sources and data do we use?
We process personal data that we receive from you in the course of our business relationship. In addition, we process – insofar as necessary for the provision of our services – personal data that we have received from other companies (e.g. SCHUFA, Creditreform) or authorities in a permissible manner (e.g. for the execution of orders, for the fulfilment of contracts or on the basis of consent given by you). We also process personal data that we have permissibly obtained from publicly accessible sources (e.g. debtors' registers, land registers, commercial and association registers, press, media) and are allowed to process.
Relevant personal data are personal details (name, address and other contact details, date and place of birth and nationality) and identification data (e.g. ID card data). In addition, this may also include order data (e.g. payment order, purchase contract, service contract), data from the fulfilment of our contractual obligations (e.g. turnover data in goods transactions, credit line, product data, information about your financial situation (e.g. creditworthiness data, scoring/rating data, data from credit agencies), advertising and sales data (including advertising scores), documentation data (e.g. advice protocol), register data, data about your use of the telemedia we offer (e.g. time of calling up our websites,apps or newsletters, pages clicked on by us or entries) as well as other data comparable with the categories mentioned.
3. What do we process your data for (purpose of processing) and on what legal basis?
We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG):
3.1. For the fulfilment of contractual obligations (Article 6(1)(b) GDPR/DSGVO)
The processing of personal data (Article 4(2) GDPR/DSGVO) is carried out for the provision and mediation of services or goods transactions, printing orders, lettering, trade fair equipment and, in particular, for the performance of our contracts with you and the execution of your orders, as well as all activities necessary with the operation and administration of our company.
The purposes of the data processing primarily depend on the specific contract/product and may include, among other things, needs analyses, advice, contract administration and support as well as the commissioning of third parties to fulfil the contract or based on your request. Further details on the purpose of data processing can be found in the respective contract documents and terms and conditions.
3.2. Within the framework of the balancing of interests (Article 6(1)(f) GDPR/DSGVO)
Where necessary, we process your data beyond the actual performance of the contract to protect the legitimate interests of us or third parties, such as in the following cases:
3.3. Based on your consent (Article 6(1)(a) GDPR/DSGVO)
Insofar as you have given us consent to process personal data for certain purposes (e.g. passing on data to other companies), the lawfulness of this processing is based on your consent. Consent given can be revoked at any time. This also applies to the revocation of declarations of consent given to us prior to the application of the GDPR/DSGVO, i.e. prior to 25 May 2018. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected by this.
3.4. Due to legal requirements (Article 6(1)(c) GDPR/DSGVO) or in the public interest (Article 6(1)(e) GDPR/DSGVO)
In addition, as a company we are subject to various legal obligations, i.e. statutory requirements (e.g. tax laws). The purposes of the processing include, among others, the fulfilment of control and reporting obligations under tax law, but also reports to other authorities resulting from the nature and content of the contract between us.
4. Who gets my data?
Within the company, access to your data is granted to those departments that need it to fulfil our contractual and legal obligations. Processors used by us (Article 28 GDPR/DSGVO) may also receive data for these purposes. These can be companies in particular from the categories of accounting services, IT services, crafts, insurance, logistics, printing services, telecommunications, debt collection, advice and consulting as well as sales and marketing.
We may only pass on information about you if this is required by law, you have consented or we are authorised to provide information. Under these conditions, recipients of personal data may be, for example:
5. How long will my data be stored for?
Insofar as necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation and execution of a contract.
In addition, we are subject to various storage and documentation obligations resulting from the German Commercial Code (HGB), the German Fiscal Code (AO) and tax law, among others. The time limits for storage and documentation specified there are two to ten years.
Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to Sections 195 et seq. of the German Civil Code (BGB), are usually three years, but in certain cases can be up to thirty years.
6. Is data transferred to a third country or to an international organisation?
Data is only transferred to third countries (countries outside the European Economic Area – EEA) if this is necessary to execute your orders (e.g. payment orders, purchase orders, etc.), is required by law or you have given us your consent. The transfer will only take place if the third country has been confirmed by the EU Commission to have an adequate level of data protection or if other adequate data protection guarantees (e.g. binding internal company data protection regulations or EU standard contractual clauses) are in place. We will inform you separately about the details, if required by law.
7. Is there an obligation to provide data?
Within the scope of our business relationship, you only have to provide the personal data that is required for the establishment, implementation and termination of a business relationship or that we are legally obliged to collect. Without this data, we will usually have to refuse to conclude the contract or carry out the order, or we will no longer be able to carry out an existing contract and may have to terminate it.
8. To what extent is there automated decision-making in individual cases?
As a matter of principle, we do not use fully automated decision-making pursuant to Article 22 GDPR/DSGVO to establish and implement the business relationship. Should we use these procedures in individual cases, we will inform you of this separately, insofar as this is required by law.
9. To what extent will my data be used for profiling (scoring)?
We sometimes process your data automatically with the aim of evaluating certain personal aspects (profiling). We use profiling in the following cases, for example:
10. What rights do you have?
As a customer of ours, you have the following data protection rights according to Art. 15-22, 34 GDPR/DSGVO, depending on the situation in the individual case, which you can exercise at any time by contacting us or our data protection officer at the data stated in Article 1:
The supervisory authority in Schleswig-Holstein is
Unabhängiges Landeszentrum für Datenschutz (ULD)
Holstenstraße 98
24103 Kiel
Phone: +49 (0)431 988 1200
Fax: +49 (0)431 988 1223
mail@datenschutzzentrum.de
www.datenschutzzentrum.de
You can also contact our data protection officer.
In accordance with Article 21 of the General Data Protection Regulation (GDPR/DSGVO)
1. You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6(1)(e) GDPR/DSGVO (data processing in the public interest) and Article 6(1)(f) GDPR/DSGVO (data processing on the basis of a balance of interests); this also applies to profiling based on this provision within the meaning of Article 4(4) GDPR/DSGVO which we use for credit assessment or advertising purposes.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
2. In individual cases, we process your personal data in order to carry out direct advertising. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.
If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.
The objection can be made without formalities and should preferably be addressed to:
Robbe & Berking Silbermanufaktur seit 1874 GmbH & Co. KG
Zur Bleiche 47
24941 Flensburg