Information for customers and business partners regarding data processing in accordance with Article 13 GDPR
1. Who is responsible for data processing and whom can you contact?
Wanzl GmbH & Co. KGaA
89340 Leipheim, Germany
Contact details for our Data Protection Officer:
89340 Leipheim, Germany
2. What data do we use and where does it come from?
We process data that we receive from you as part of our business relationship. We also process – insofar as this is required for the provision of our services – data that we have received permissibly (for example in order to complete orders, fulfil contracts or where you have given consent) from other companies in the Wanzl Group, external business partners, service providers or other third parties (such as credit reports). We also process personal data that we have obtained permissibly from publicly available sources (such as records of debtors, commercial registers, press, media, Internet) and are permitted to process.
Personal data that we process as part of the business relationship:
- Personal data (e.g. name, address, personal details)
- Contact details (e.g. telephone number, e-mail address)
- Financial data (e.g. account details, tax classification)
- Data regarding orders, contracts and sales
- Credit data
3. For which purposes and on what legal basis is your data processed?
We process your personal data in accordance with the provisions of the GDPR, national data protection regulations in Germany (e.g. the new Federal Data Protection Act (BDSG)) and all other relevant legislation:
a) To perform contractual obligations (Article 6(1)b GDPR)
Personal data is processed on the basis that processing is necessary for the performance of a contract or in order to take steps prior to entering into a contract to which you are or will be party. This covers in particular (but not exclusively):
- Performing contractually agreed activities
- Providing services in accordance with your orders and requests
- Communicating with you in connection with a contract or order
- Billing and collecting payments, remuneration or fees, and ensuring the traceability of the transactions performed.
b) Where there is a legitimate interest (Article 6(1)f GDPR)
Beyond the actual fulfilment of the contract, we process your data where necessary to uphold the legitimate interests of our company or of third parties. This includes the following:
- Obtaining information/exchanging data with credit agencies
- Notifying contractually bound debt-collection agencies or an external lawyer in the event of an unsuccessful collection procedure
- Developing our services, products or processes
- Benchmarking and market analyses
- Knowledge databases for sharing expertise and furthering the business
- IT security measures and compliance with data protection
- Direct advertising
- Asserting legal claims and defence in the event of legal disputes
c) Consent (Article 6(1)a GDPR)
If you have granted us consent to process personal data for specific purposes, it is lawful for us to perform this processing based on your consent. You can withdraw consent at any time.
d) Due to legal requirements (Article 6(1)c GDPR)
We also process your personal data where legal requirements necessitate this or where there is a public interest. This covers the following contexts in particular (but not exclusively):
- Commercial and tax legislation (e.g. monitoring and reporting obligations according to tax law, retention periods)
- Regulatory requirements
- Criminal legislation (e.g. prevention of fraud and money laundering, checks against anti-terror and corruption lists)
- Disclosure of your personal data for the purposes of evidence collection, law enforcement or enforcement of the requirements of civil law
4. Who receives your data?
The data is forwarded or made available within our company to employees and organisational units who require the data for the performance of our contractual, pre-contractual and legal obligations or to serve our legitimate interest.
Your data is shared with external third parties only for specific purposes, in particular:
- In connection with the performance of contractually agreed activities
- Due to our legitimate interest or the legitimate interest of a third party
- To comply with legal requirements that oblige us to share data
- Based on your consent
- With external service providers who are acting as a data processor for us (for example IT service providers, data destruction companies)
5. For how long is your data stored?
We process and store your personal data for the duration of our business relationship, insofar as this is required for the performance of our contractual and legal obligations. The duration of storage varies depending on the purpose of data processing. If the data is no longer required for the performance of contractual or legal obligations, the data will be regularly deleted or anonymised in accordance with the legal retention obligations.
6. Is data sent to a third country?
Data is transferred to locations in countries outside of the European Union (known as third countries) insofar as:
- This is necessary to execute your orders (e.g. group companies, suppliers)
- It is legally required (e.g. reporting obligations under tax law) or
- You have given us your consent.
Furthermore, if we share personal data with locations in countries outside the European Economic Area (EEA), this will only take place if the EU Commission has confirmed that the third country has an adequate level of data protection or other adequate data protection guarantees (e.g. agreement to the standard contractual clauses of the EU Commission).
7. What are your rights with regard to data protection?
Every data subject has the right to information (Art. 15 GDPR) about the data processed in relation to them, the right to rectification of inaccurate data (Art. 16 GDPR), the right to erasure of personal data (Art. 17 GDPR), the right to restriction of processing (Art. 18 GDPR), the right to object (Art. 21 GDPR) and the right to data portability in a commonly used machine-readable format (Art. 20 GDPR).
You can revoke consent you have granted us to process personal data at any time. You can also object to processing for the purposes of direct marketing. Please note that the revocation will only take effect for future instances. Data processing that was performed before the revocation is not affected.
8. Do you have an obligation to provide data?
In the course of our business relationship, you only need to provide the personal data that is required to establish, conduct and end a business relationship or that we are legally obliged to collect. If we do not have this data, we will be unable to conclude the contract with you or to execute it.
9. To what extent is automated individual decision-making used?
We do not use any fully automated decision-making to establish and conduct the business relationship.
10. Where can you lodge a complaint?
If you would like to raise a complaint, you can contact the Data Protection Officer named above or the data protection supervisory authority that is responsible for us: Bayerisches Landesamt für Datenschutzaufsicht, Promenade 27, 91522 Ansbach, Germany, Tel. +49(0)981- 531300.