Articles 13, 14 and 21 of the General Data Protection Regulation
Schüco International KG processes your personal data as a controller.
To this end, article 12 ff. of the General Data Protection Regulation (GDPR) grants you as a data subject whose personal data is processed rights, which we as a company must observe. The data that is processed individually and the way in which it is used depends heavily on our respective relationship with you. You can find out further details or amendments for the purposes of data processing in the relevant contract documents, forms, declaration of consent (if necessary) and/or other information provided to you (e.g. within the context of using our website).
This data protection information is updated regularly.
Who is responsible for data processing and who can you contact?
Name: Schüco International KG
Address: Karolinenstraße 1-15, 33609 Bielefeld
E-mail: firstname.lastname@example.org, Tel.: +49 (0)521 783-0
Contact details of data protection officer
Address: Schüco International KG, Karolinenstraße 1-15, 33609 Bielefeld
E-mail: email@example.com, Tel.: +49 (0)521 783-0
Legal basis and purpose of the data processing
The storing of your data can have different legal bases.
The processing of your data depends on the type of service we are providing as well as the type of relationship we have with you.
Article 6(1)(b) Contract or initiation of a contract
Your data can be processed for the performance of our contracts with you and the implementation of your orders as well as for the implementation of measures and activities within the context of pre-contractual relationships, e.g. with you as a potential customer.
We are unable to fulfil our contractual or pre-contractual duties unless we process your personal information.
In particular, processing serves to fulfil our contractual duties in accordance with your orders and requirements and includes the services, measures and activities required for this. These essentially include contract-related communication with you, traceability of transactions, orders and other agreements as well as for quality control checks through corresponding documentation, goodwill proceedings, measures for managing and optimising business processes as well as for fulfilling our general duties of care, management and control through affiliated companies; statistical evaluations for corporate management, recording of costs and controlling, reporting, internal and external communication, billing and tax evaluation of operational services, risk management, assertion of legal claims and defence of legal disputes; safeguarding of IT security and general security, including building and plant safety, safeguarding and awareness of house rules (e.g. by means of access control); safeguarding the integrity, authenticity and availability of data, prevention and investigation of crimes; check by supervisory boards or monitoring bodies (e.g. auditing).
Article 6(1)(f) Our legitimate interests or those of third parties
We may process your data (i.e. as a customer or potential customer) beyond the actual fulfilment of contracts or pre-contracts if it is necessary in order to protect our legitimate interests or those of third parties and where your data does not prevent legitimate interests.
Processing will take place in particular for the following reasons:
Transfer as part of a business activity
The external appearance of our company (photos and video recordings at events) for marketing purposes and sales promotions
Obtaining information as well as data exchange with credit agencies, if this exceeds our commercial risk
Further development of services and products as well as existing systems and processes
Enhancement of our data, for example through the use or research of data that is available to the public
Statistical evaluations or market analysis
The assertion of legal claims and defence of legal disputes which cannot be directly assigned to the contractual relationship
The limited storage of data, if deletion is not possible or only possible with disproportionately high effort due to the particular way the data is saved
Prevention and investigation of crimes, if not exclusively for the fulfillment of legal provisions
Building and plant security (e.g. by means of access control and video surveillance), insofar as this goes beyond the general duties of care
Safeguarding and awareness of house rules by means of corresponding measures and by means of video surveillance to protect our customers and employees and to safeguard evidence in the event of crimes and their prevention
The sending of product information (direct advertising) on our products which are similar to the ones you have already purchased from us, unless you have objected to the use of your personal data for this purpose.
Article 6(1)(a) Consent
If you have consented to the processing of your personal data (e.g. use of your data for marketing purposes), this consent forms the legal basis – in addition to others where appropriate – of the data processing. You can revoke this consent at any time with effect for the future by sending a letter with the header “Withdrawal of consent for advertising” to Schüco International KG, Data Protection department, Karolinenstraße 1-15, 33609 Bielefeld, Germany. You will be informed separately in the corresponding consent text of the purposes and consequences of withdrawing or not granting consent.
Article 6(1)(e) Legal compliance
As with any company that is part of the economic process, we are also subject to a variety of legal obligations. These are primarily legal requirements (e.g. trade and tax laws, social legislation), but may also be supervisory or other official regulations.
The purposes of processing may include identity and age checks, prevention of fraud and money laundering, fulfilment of tax-related monitoring and reporting obligations as well as the archiving of data for the purposes of data protection and data security as well as auditing by the tax office and other authorities.
Furthermore, the publishing of personal data may be required as part of official/judiciary measures for the purposes of evidence collection, criminal proceedings or the assertion of civil claims.
The data categories processed by us, if we do not receive data directly from you, and the origin thereof
If this is required in order to render our services, we process personal data received with permission from other companies or other third parties (e.g. credit agencies, address sales companies). We also process personal data which we have extracted, received or purchased with permission from publicly accessible sources (e.g. telephone directories, commercial and association registers, civil register, record of debtors, land registries, the press, the internet and other media) and which we are allowed to process.
Relevant personal data categories may include in particular:
- Personal data (name, date of birth, place of birth, nationality, marital status, profession/industry and comparable data)
Contact details (address, e-mail address, telephone number and comparable data)
Address data (transaction information and comparable data)
Payment confirmation/cover note for bank and credit cards
Information about your financial situation (creditworthiness data including credit score, i.e. data for assessing the economic risk)
Data about your use of the telemedia supplied by us (e.g. the time you have accessed our websites, apps or newsletter, pages/links of ours that you have called up and/or entries and comparable data), video data
Recipients or categories of recipients of your data
Within our company, your data is received by internal departments or organisational units which required it in order to fulfil our contractual and legal obligations or within the context of processing and implementing our legitimate interest.
Your data will only be passed on to external offices in conjunction with the contract execution and/or following your consent:
For the purposes of fulfilling legal provisions which we are obligated to fulfill for the disclosure, reporting or transfer of data or where the transfer of data is in the public interest
If external service providers process data on our behalf as processors or parties that assume certain functions (e.g. external data centres, support/maintenance of IT applications, archiving, document processing, call centre services, controlling, data validation or plausibility checks, data destruction, purchasing/procurement, customer administration, lettershops, marketing, media technology, research, risk controlling, billing, telephony, website management, audit services, credit institutes, printers or data disposal companies, courier services, logistics)
Based on our legitimate interests or the legitimate interests of third parties
Furthermore, we will not pass your data on to third parties. If we commission service providers within the context of processing, your data will be subject to the same security standards with them as it would with us. In other cases, the recipients may only use the data for the purposes for which the data has been sent to them.
Length of time your data is stored
We process and store your data for the duration of our business relationship. This also includes the initiation of a contract (pre-contractual legal relationship) and the execution of a contract.
Furthermore, we are subject to various retention and documentation obligations, which emerge from the German Commercial Code (HGB) and the German Fiscal Code (AO), among others. The deadlines prescribed there for retention and/or documentation are up to ten years beyond the end of the business relationship or the pre-contractual legal relationship.
Moreover, special legal provisions may require a longer retention period, such as the safeguarding of evidence in conjunction with of legal statutes of limitation. Under §§ 195 ff. of the German Civil Code (BGB), the regular period of limitation is three years, but periods of limitation of up to 30 years may also be applicable.
If the data is no longer required to fulfil the relevant processing purpose, it is regularly deleted, unless – limited – further processing thereof is required due to our overriding legitimate interest. Such an overriding legitimate interest also exists, for example, if it is not possible to delete data due to the way it is saved or it is only possible to do so with disproportionately high effort, and processing for other purposes is excluded by suitable technical and organisational measures.
Rights of access, erasure, objection and other rights of data subjects from Articles 15-22 of the GDPR
You can also assert your claims against us in terms of your data subject rights in accordance with Articles 15-22 of the GDPR.
Right of access
You have the right to obtain from us confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and the information listed in Article 15 of the GDPR.
Right of rectification
You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you and, if necessary, the completion of incomplete personal data (Article 16 of the GDPR).
Right to erasure
You have the right to obtain from us the erasure of personal data concerning you without undue delay where one of the grounds listed in Article 17 of the GDPR applies, e.g. if the personal data is no longer necessary in relation to the purposes for which they were collected.
Right to restriction of processing
You have the right to obtain from us restriction of processing where one of the conditions listed in Article 18 of the GDPR applies, e.g. if you have objected to processing, for the duration of the assessment by us.
Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you. We shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims (Article 21 of the GDPR).
Right to lodge a complaint with the supervisory authority
You have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes the GDPR (Article 77 of the GDPR). You can assert this right at a supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement.