Privacy policy for suppliers
according to Arts. 13, 14 and 21 of the General Data Protection Regulation (GDPR)
We attach a great deal of importance to data privacy. We have provided information for you below to explain how we process your data and what rights you are entitled to.
1. Who is responsible for data processing and who can you contact?
Karl Knauer KG
Zeller Str. 14
77781 Biberach
Germany
Tel.: +49 (0)7835 782 0
Email: datenschutz@karlknauer.de
Web: www.karlknauer.com
2. The data protection officer’s contact details
Christoph Boser
Tel.: +49 (0)7835 782 0
Email: datenschutz@karlknauer.de
3. Purposes of processing and legal bases
Your personal data will be processed according to the provisions set out in the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other relevant data protection regulations. The processing and use of individual pieces of data depends on the agreed or requested service.
3.1. Consent (Art. 6 (1) (a) of the GDPR)
If you have given us consent to process personal data, the consent in question forms the legal basis for the processing mentioned there. You may revoke your consent at any time with effect for the future.
3.2. Fulfilling contractual obligations (Art. 6 (1) (b) of the GDPR)
We process your personal data to implement our contracts and agreements with you. Your personal data will also be processed to carry out measures and activities in the context of pre-contractual relations.
3.3. Fulfilling legal obligations (Art. 6 (1) (c) of the GDPR)
We process your personal data if doing so is necessary to fulfil legal obligations (e.g. commercial or tax legislation). We also process your data, if necessary, to fulfil inspection and reporting obligations under tax law, as well as to archive data for the purposes of data protection and data security, not to mention auditing by tax and other authorities. Additionally, the disclosure of personal data may become necessary in the context of official / court measures for the purpose of collecting evidence, criminal prosecution or the enforcement of civil claims.
3.4. Our or third parties’ legitimate interests (Art. 6 (1) (f) of the GDPR)
We may also use your personal data based on balancing of interests to safeguard our or third parties’ legitimate interests. This is done for the following purposes:
-
Assessing and optimising needs analysis procedures and addressing suppliers directly.
-
Marketing or market research, if you have not objected to such use of your data.
-
Limited storage of your data, if erasure is not possible, or is only possible with a disproportionately high effort due to the special nature of the storage.
-
Further developing services and products, as well as existing systems and processes.
-
Statistical evaluations or market analyses.
-
Certifications of private law or official matters.
-
Asserting legal claims and providing defence in legal disputes that are not directly attributable to the contractual relationship.
-
Securing and exercising our domiciliary rights using appropriate means (e.g. video surveillance).
-
Collecting data according to our ‘Supplier self-disclosure’ form.
4. Categories of personal data that we process
We process the following data:
-
Personal data (name, occupation / industry and similar data)
-
Contact details (postal address, email address, phone number and similar data)
-
Supplier history
We also process personal data that is accessible from public sources (e.g. the internet, media, press). If doing so is necessary for our service provision operations, we process personal data that we have lawfully received from third parties (e.g. address publishers, credit agencies).
5. Who receives your data?
We disclose your personal data within our company to the divisions that need the same to meet contractual and legal obligations or to implement our legitimate interests.
The following bodies may receive your data too:
-
Processors that we engage (Art. 28 of the GDPR), service providers for supporting activities and other controllers under the GDPR, particularly in the areas of IT services, logistics, courier services, printing services, external data centres, support / maintenance of IT applications, archiving, document processing, accounting and controlling, data destruction, purchasing / procurement, customer management, letter shops, marketing, telephony, website management, tax consulting, auditing services, credit institutions
-
Public bodies and institutions in the event of a legal or official obligation that we are obligated to provide information, report or disclose data under, or if the disclosure of data is in the public interest
-
Authorities and institutions based on our or the third party’s legitimate interest (e.g. to authorities, credit agencies, debt collection companies, lawyers, courts, expert consultants and inspection bodies)
-
Other bodies for which you have given us your consent to such data transfer operations
6. Data transfer to a third country or an international organisation
Data is not processed outside of the EU or the EEA.
7. How long do we store your data for?
As far as is necessary, we process your personal data for the duration of our business relationship; this also includes the initiation and performance of a contract.
Additionally, we are subject to various retention and documentation requirements, resulting from the German Commercial Code (HGB) and the German Fiscal Code (AO), to name but two examples. The retention or documentation periods specified there are up to ten years beyond the end of the business relationship or the pre-contractual legal relationship.
Ultimately, the storage period is also assessed according to the statutory limitation periods, which are generally three years according to Section 195 et seq. of the German Civil Code (BGB), for example, but can be up to thirty years in certain cases.
8. To what extent does automated individual decision-making take place?
We do not use any purely automated decision-making processes according to Art. 22 of the GDPR. Insofar as doing so is required by law, we will inform you separately should we use these methods in individual cases.
9. Your rights under data protection legislation
You have a right of access according to Art. 15 of the GDPR, a right to rectification according to Art. 16 of the GDPR, a right to erasure according to Art. 17 of the GDPR, a right to restriction of processing according to Art. 18 of the GDPR and a right to data portability from Art. 20 of the GDPR. You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 of the GDPR). You have the right to object to our personal data processing operations according to Art. 21 of the GDPR in principle. But this right of objection only applies in the case of very special circumstances arising from your personal situation, whereby our company’s rights may potentially conflict with your right of objection. Please contact our data protection officer if you’d like to exercise any of these rights. (datenschutz@karlknauer.de)
10. Scope of your obligations to provide us with your data
You only need to provide such personal data that is needed to establish and implement a business relationship or for a pre-contractual relationship with us, or such personal data that we are legally obligated to collect. Without this data, we will generally be unable to conclude or perform the contract. This may also relate to data required later on in the context of the business relationship. If we request additional data from you, you will be informed separately that providing such information is voluntary.
11. Information about your right of objection (Art. 21 of the GDPR)
You have the right, at any time, to object to processing of your data that is carried out based on Art. 6 (1) (f) of the GDPR (data processing based on balancing of interests) or Art. 6 (1) (e) of the GDPR (data processing in the public interest) if there are grounds for doing so arising from your particular situation. This also applies to profiling based on this provision under Art. 4 (4) of the GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling and legitimate grounds for processing that take precedence over your interests, rights and freedoms, or if processing serves to assert, exercise or defend legal claims. We may also process your personal data for the purposes of direct marketing. You have the right to object to this at any time if you do not wish to receive any advertising. We will bear this objection in mind for the future.
We will no longer process your data for direct marketing purposes if you object to processing for these purposes. You can object informally by contacting the address listed under (1).
12. Right to lodge a complaint with the competent supervisory authority
You have the right to lodge a complaint with the data protection supervisory authority (Art. 77 of the GDPR).
Our competent supervisory authority is:
Baden-Württemberg State Commission for Data Protection and Freedom of Information
Königstrasse 10 a
70173 Stuttgart
Germany
Tel.: +49 (0)711 615541-0
poststelle@lfdi.bwl.de