Data Privacy
PRIVACY POLICY FOR OUR CUSTOMERS
Our handling of your data and your rights
– Information pursuant to Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR/DSGVO) –
Dear Customer,
Below we inform you about the processing of your personal data by us
and the claims and rights to which you are entitled according to the
data protection regulations.
Which data is processed in detail and how it is used depends largely on the requested or agreed services.
1. Who is responsible for data processing and whom can I contact?
The responsible body is:
Robbe & Berking Silbermanufaktur seit 1874 GmbH & Co. KG
Zur Bleiche 47
24941 Flensburg
Phone: +49 (0)461 90306-0
E-mail address: info@robbeberking.de
You can reach the data protection officer at:
Phone: +49 (0)4841 8968-20
E-mail: info@datensicherheit-nord.de
2. What sources and data do we use?
We process personal data that we receive from you in the course of our
business relationship. In addition, we process – insofar as necessary
for the provision of our services – personal data that we have received
from other companies (e.g. SCHUFA, Creditreform) or authorities in a
permissible manner (e.g. for the execution of orders, for the fulfilment
of contracts or on the basis of consent given by you). We also process
personal data that we have permissibly obtained from publicly accessible
sources (e.g. debtors' registers, land registers, commercial and
association registers, press, media) and are allowed to process.
Relevant personal data are personal details (name, address and other
contact details, date and place of birth and nationality) and
identification data (e.g. ID card data). In addition, this may also
include order data (e.g. payment order, purchase contract, service
contract), data from the fulfilment of our contractual obligations (e.g.
turnover data in goods transactions, credit line, product data,
information about your financial situation (e.g. creditworthiness data,
scoring/rating data, data from credit agencies), advertising and sales
data (including advertising scores), documentation data (e.g. advice
protocol), register data, data about your use of the telemedia we offer
(e.g. time of calling up our websites,apps or newsletters, pages clicked
on by us or entries) as well as other data comparable with the
categories mentioned.
3. What do we process your data for (purpose of processing) and on what legal basis?
We process personal data in accordance with the provisions of the
European General Data Protection Regulation (GDPR) and the German
Federal Data Protection Act (BDSG):
3.1. For the fulfilment of contractual obligations (Article 6(1)(b) GDPR/DSGVO)
The processing of personal data (Article 4(2) GDPR/DSGVO) is carried
out for the provision and mediation of services or goods transactions,
printing orders, lettering, trade fair equipment and, in particular, for
the performance of our contracts with you and the execution of your
orders, as well as all activities necessary with the operation and
administration of our company.
The purposes of the data processing
primarily depend on the specific contract/product and may include, among
other things, needs analyses, advice, contract administration and
support as well as the commissioning of third parties to fulfil the
contract or based on your request. Further details on the purpose of
data processing can be found in the respective contract documents and
terms and conditions.
3.2. Within the framework of the balancing of interests (Article 6(1)(f) GDPR/DSGVO)
Where necessary, we process your data beyond the actual performance of
the contract to protect the legitimate interests of us or third parties,
such as in the following cases:
- Measures for business management and further development of services and products
- Testing and optimisation of procedures for direct customer contact
- Advertising or market and opinion research, insofar as you have not objected to the use of your data
- Ensuring the IT security and operation of the company
- Assertion of legal claims and defence in legal disputes
- Prevention and investigation of criminal offences
- Video surveillance is used to collect evidence of criminal offences. They thus serve to protect customers and employees as well as to exercise domiciliary rights
- Measures for building and facility security (e.g. access controls)
- Measures to ensure the right of domicile
- Consultation of and data exchange with credit agencies (e.g. SCHUFA, Creditreform) to determine creditworthiness or default risks
3.3. Based on your consent (Article 6(1)(a) GDPR/DSGVO)
Insofar as you have given us consent to process personal data for
certain purposes (e.g. passing on data to other companies), the
lawfulness of this processing is based on your consent. Consent
given can be revoked at any time. This also applies to the revocation of
declarations of consent given to us prior to the application of the
GDPR/DSGVO, i.e. prior to 25 May 2018. Please note that the revocation
is only effective for the future. Processing that took place before the
revocation is not affected by this.
3.4. Due to legal requirements (Article 6(1)(c) GDPR/DSGVO) or in the public interest (Article 6(1)(e) GDPR/DSGVO)
In addition, as a company we are subject to various legal obligations,
i.e. statutory requirements (e.g. tax laws). The purposes of the
processing include, among others, the fulfilment of control and
reporting obligations under tax law, but also reports to other
authorities resulting from the nature and content of the contract
between us.
4. Who gets my data?
Within the
company, access to your data is granted to those departments that need
it to fulfil our contractual and legal obligations. Processors used by
us (Article 28 GDPR/DSGVO) may also receive data for these purposes.
These can be companies in particular from the categories of accounting
services, IT services, crafts, insurance, logistics, printing services,
telecommunications, debt collection, advice and consulting as well as
sales and marketing.
We may only pass on information about you if this is required by law, you have consented or we are authorised to provide information. Under these conditions, recipients of personal data may be, for example:
- Public bodies and institutions (e.g. tax authorities) in the event of a legal or official obligation.
- Other companies or comparable institutions to which we transfer personal data in order to carry out the business relationship with you (depending on the contract: e.g. companies of our suppliers, service providers and credit agencies).
- Further data recipients may be those bodies for which you have given us your consent to transfer data.
5. How long will my data be stored for?
Insofar as necessary, we process and store your personal data for the
duration of our business relationship, which also includes, for example,
the initiation and execution of a contract.
In addition, we are subject to various storage and documentation obligations resulting from the German Commercial Code (HGB), the German Fiscal Code (AO) and tax law, among others. The time limits for storage and documentation specified there are two to ten years.
Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to Sections 195 et seq. of the German Civil Code (BGB), are usually three years, but in certain cases can be up to thirty years.
6. Is data transferred to a third country or to an international organisation?
Data is only transferred to third countries (countries outside the
European Economic Area – EEA) if this is necessary to execute your
orders (e.g. payment orders, purchase orders, etc.), is required by law
or you have given us your consent. The transfer will only take place if
the third country has been confirmed by the EU Commission to have an
adequate level of data protection or if other adequate data protection
guarantees (e.g. binding internal company data protection regulations or
EU standard contractual clauses) are in place. We will inform you
separately about the details, if required by law.
7. Is there an obligation to provide data?
Within the scope of our business relationship, you only have to provide
the personal data that is required for the establishment,
implementation and termination of a business relationship or that we are
legally obliged to collect. Without this data, we will usually have to
refuse to conclude the contract or carry out the order, or we will no
longer be able to carry out an existing contract and may have to
terminate it.
8. To what extent is there automated decision-making in individual cases?
As a matter of principle, we do not use fully automated decision-making
pursuant to Article 22 GDPR/DSGVO to establish and implement the
business relationship. Should we use these procedures in individual
cases, we will inform you of this separately, insofar as this is
required by law.
9. To what extent will my data be used for profiling (scoring)?
We sometimes process your data automatically with the aim of evaluating
certain personal aspects (profiling). We use profiling in the following
cases, for example:
- In order to be able to inform and advise you about products in a targeted manner, we use evaluation tools. These enable needs-based communication and advertising, including market and opinion research.
- As part of the assessment of your creditworthiness, we use scoring (e.g. Schufa score). This calculates the probability that a customer will meet his payment obligations in accordance with the contract. The calculation may take into account, for example, income, expenses, existing liabilities, occupation, employer, length of employment, experience from the previous business relationship, repayment of previous loans in accordance with the contract and information from credit agencies. The scoring is based on a mathematically-statistically recognised and proven procedure. The calculated score values support us in decision-making in the context of product transactions and are included in ongoing risk management.
10. What rights do you have?
As a customer of ours, you have the following data protection rights
according to Art. 15-22, 34 GDPR/DSGVO, depending on the situation in
the individual case, which you can exercise at any time by contacting us
or our data protection officer at the data stated in Article 1:
- Information about the stored data and its processing (Art. 15 GDPR/DSGVO).
- Correction of inaccurate personal data (Art. 16 GDPR/DSGVO).
- Deletion of stored data (Art. 17 GDPR/DSGVO). The right to deletion is restricted insofar as the processing is necessary: o For compliance with a legal obligation which requires processing under European Union or Member State law to which we are subject. o For the assertion, exercise or defence of legal claims.
- Restriction of data processing if data may not yet be deleted due to legal obligations (Art. 18 GDPR/DSGVO).
- OBJECTION to the processing of the data (Art. 21 GDPR/DSGVO) and
- Data portability, provided that the data processing has been consented to or a contract has been concluded (Art. 20 GDPR/DSGVO).
- Consents to processing that have been given may be revoked at any time with effect for the future.
- Right of appeal to a data protection supervisory authority (Article 77 GDPR/DSGVO in conjunction with Section 19 BDSG).
The supervisory authority in Schleswig-Holstein is
Unabhängiges Landeszentrum für Datenschutz (ULD)
Holstenstraße 98
24103 Kiel
Phone: +49 (0)431 988 1200
Fax: +49 (0)431 988 1223
mail@datenschutzzentrum.de
www.datenschutzzentrum.de
You can also contact our data protection officer.
Information about your right to object
In accordance with Article 21 of the General Data Protection Regulation (GDPR/DSGVO)
1. You have the right to object at any time, on grounds relating to
your particular situation, to the processing of personal data relating
to you which is carried out on the basis of Article 6(1)(e) GDPR/DSGVO
(data processing in the public interest) and Article 6(1)(f) GDPR/DSGVO
(data processing on the basis of a balance of interests); this also
applies to profiling based on this provision within the meaning of
Article 4(4) GDPR/DSGVO which we use for credit assessment or
advertising purposes.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
2. In individual cases, we process your personal data in order to carry out direct advertising. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.
If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.
The objection can be made without formalities and should preferably be addressed to:
Robbe & Berking Silbermanufaktur seit 1874 GmbH & Co. KG
Zur Bleiche 47
24941 Flensburg