Information obligation self-diagnostics according to Art.13 DS-GVO
1. Who is responsible for data processing and who can you contact?
nal von minden GmbH
Tel.: +49 2841 99820-0
The company data protection officer is:
Matthias Haßler (LL.M.)
Projekt 29 GmbH & Co. KG
Tel.: +49 941 2986930
2. Which data is processed and from which sources does this data originate?
We process the data which we have received from you in the scope of contract initiation or processing, on the basis of consents or in the scope of your application to us or in the scope of your employment.
Personal data includes:
Your master/contact data. For customers z.B. this includes first and last name, address, contact data (e-mail address, phone number, fax), bank data.
For applicants and employees , this includes, for example, first and last name, address, contact data (e-mail address, telephone number, fax), date of birth, data from curriculum vitae and job references, bank data, religious affiliation, pictures, tax-related data.
For business partners , this includes, for example, the name of your legal representative, company, commercial register number, VAT number, company number, address, contact person contact data (e-mail address, telephone number, fax), bank details.
For visitors to our company, this includes first and surnames.
Forjournalists , this includes first and last name, e-mail address, fax number.
For lottery participants , this includes first and last name, e-mail address.
In addition, we also process the following other personal data:
- information on the type and content of contract data, order data, sales and document data, customer and supplier history and consulting documents,
- advertising and sales data,
- information from your electronic dealings with us (e.g. IP address, log-in data),
- other data we have received from you in the context of our business relationship (e.g. in talks with customers),
- data we generate ourselves from master/contact data and other data, such as customer requirements and customer potential analyses,
3. For which purposes and on what legal basis is the data processed?
We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act 2018 as amended:
- fulfil (pre-)contractual obligations (Art. 6 para. 1lit.b GDPR):
The processing of your data takes place for contract handling online or in one of our branch offices, for contract handling regarding your employment in our company. The data is processed in particular during the initiation of business transactions and the execution of contracts with you.
- to fulfil legal obligations (Art. 6 para. 1 lit.f GDPR):
Processing of your data is necessary for the purpose of fulfilling various legal obligations, e.g. resulting from the Commercial Code or the Tax Code.
- to safeguard legitimate interests (Art. 6 para. 1 lit.f GDPR):
On the basis of a balancing of interests, data processing may take place beyond the actual performance of the contract in order to safeguard our legitimate interests or those of third parties. Data processing to safeguard legitimate interests is effected in the following cases, for example:
- advertising or marketing (see item 4),
- measures for business management and further development of services and products;
- maintaining a group-wide customer database to improve customer service
- in the scope of legal proceedings
- sending of non-promotional information and press releases.
- in the scope of your consent (Art. 6 para. 1 lit.a GDPR):
If you have given us your consent to process your data, e.g. publication of photos
4. Processing of personal data for advertising purposes
You may at any time object to the use of your personal data for advertising purposes in whole or for individual measures without incurring any costs other than the transmission costs according to the basic tariffs.
We are entitled, subject to the statutory requirements of § 7 para.3 UWG (German Unfair Competition Act), to use the e-mail address you provided when concluding the contract for direct advertising for our own similar goods or services. You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter or not. If you do not wish to receive such recommendations from us by e-mail, you can object to the use of your address for this purpose at any time without incurring any costs other than the transmission costs according to the basic tariffs. A written message is sufficient for this purpose. Of course, every e-mail always contains an unsubscribe link.
5. Who receives my data?
If we contract a service provider for order processing, we nevertheless remain responsible for the protection of your data. All contract processors are contractually obliged to treat your data confidentially and to process it only within the scope of the service provided. The contract processors commissioned by us will receive your data insofar as they require the data for the performance of their respective services. These are, for example, IT service providers who we require for the operation and security of our IT system as well as advertising and address publishers for our own advertising campaigns.
Your data is processed in our customer database. The customer database supports the improvement of the data quality of the existing customer data (duplicate cleansing, moved/deceased flags, address correction) and enables the enrichment with data from public sources.
If there is a legal obligation and in the context of legal proceedings, government authorities and courts as well as external auditors may be recipients of your data. In addition, insurance companies, banks, credit agencies and service providers may be recipients of your data for the purpose of initiating and performing contracts.
6. How long will my data be stored?
We process your data until termination of the business relationship or until expiry of the applicable statutory retention periods (e.g. from the German Commercial Code, the Tax Code or the Working Hours Act); furthermore until termination of any legal disputes in which the data is required as evidence.
7. Is personal data transferred to a third country?
On principle, we do not transfer any data to a third country. A transfer only takes place in individual cases on the basis of an adequacy decision of the European Commission, standard contractual clauses, appropriate safeguards or your explicit consent.
8. What data protection rights do I have?
You have the right at any time to information, rectification, deletion or restriction of the processing of your stored data, a right of objection to the processing as well as a right to data transferability, and a right of complaint subject to the requirements of data protection law.
Right to information:
You can request information from us as to whether and to what extent we process your data.
Right to rectification:
If we process your data that is incomplete or inaccurate, you may request that we correct or complete it at any time.
Right to deletion:
You can demand that we delete your data if we process it unlawfully or if the processing disproportionately intervenes in your legitimate protection interests. Please note that there may be reasons that prevent an immediate deletion, e.g. in the case of retention obligations regulated by law. Irrespective of the exercising of your right to deletion, we will delete your data immediately and completely, insofar as there is no legal or statutory obligation to retain data in this respect.
Right to restriction of data processing:
You can require us to restrict processing of your data if
- you dispute the accuracy of the data for a period of time which allows us to verify accuracy of the data.
- processing of the data is unlawful, but you refuse to delete it and instead demand a restriction on the use of the data,
- we no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or
- you have objected to processing of the data.
Right to data transferability:
You may request that we provide you with the data you have provided to us in a structured, common and machine-readable format and that you may provide this data to another responsible person without our interference, provided that
- we process this data on the basis of a consent given and revocable by you or for the performance of a contract between us, and
- such processing is effected using automated processes.
If technically feasible, you may request us to transfer your data directly to another responsible person.
Right of objection:
If we process your data to safeguard legitimate interests, you may object to such processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can prove compelling grounds for processing worthy of protection which outweigh your interests, rights and freedoms or processing serves the assertion, exercising or defence of legal claims. You can object to processing of your data for the purpose of direct marketing at any time without giving reasons.
Right to legal remedy:
If you are of the opinion that we are violating German or European data protection law when processing your data, we ask you to contact us in order to clarify any questions you may have. Of course, you also have the right to contact the supervisory authority responsible for you, i. e. the respective office for data protection supervision of the federal state in question. If you wish to assert any of the aforementioned rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.
9. Am I obliged to provide data?
The processing of your data is necessary to conclude or perform the contract concluded between you and us. If you do not provide us with this data, we will generally have to refuse to enter into the contract or will no longer be able to perform an existing contract and will therefore have to terminate it. However, you are not obliged to give your consent to data processing with regard to data which is not relevant for the performance of the contract or which is not required by law.