Data Privacy Statement pursuant to Art. 13,14 EU General Data Protection Regulation (GDPR)
-for our business partner contacts-
Dear Sir or Madam
By means of this statement it is our intention to give you an overview about the way we process your personal data and of your rights in this regard according to current data protection legislation.
‘Personal data’ is all information that can be directly or indirectly attributed to a living person. “Processing” of your data is understood to mean any application of your data by us, including the use, storage, deletion or transfer of such data.
The way your personal data is processed in detail depends essentially on the provided/requested services and of course on your specific task within your company. Apart from this, processing of your personal data is carried out as a matter of principle in accordance with the General Data Protection Regulation.
1. Responsible data controller
ESE GmbH, Friedrich-Bückling-Straße 8, 16816 Neuruppin
2. Contact details of the data protection officer
You can reach our data protection officer by post at the aforementioned address (please include the additional address line "Data Protection Officer") or by e-mail: datenschutzmanagement@ese.com
3. We process the following personal data relating to you for the following purposes:
3.1. Data of business partners / customer data / supplier data
As a business partner, we receive and process data (in particular, name, position, business contact data and information on the business relationship) in order to fulfil our contractual, accounting and fiscal obligations.
Personal data processing may well occur even before any contractually agreed collaboration takes place. In fact, such “pre-contractual measures” are taking place regularly (e.g. use of contact data to submit an offer, processing of personal data while creating customer and vendor accounts). The legal basis for the processing of personal data for the aforementioned purposes is Art. 6 (1) b) GDPR.
Most commonly, it is due to that you provide your personal data to us. In addition, we may also process personal data properly transferred to us by third parties. E.g. for the evaluation of creditworthiness and non-payment risks, in the context of the business relationship with our customers, we regularly consult credit reference agencies. In this process, the data processing is carried out for the protection of our legitimate interests, specifically to reduce the risk of a payment default. The legal basis for the processing of personal data for these purposes is Art. 6 (1) f) GDPR.
Our company is subject to various legal obligations, that is to say legal requirements. In certain circumstances, we may therefore process your personal data in fulfilment of our legal duties. Such obligations occur, for example, in tax law and commercial law. Here, the law requires that we store data and impart it on demand. In the context of tax audits, for example, the tax authority collects such data as our customers’ and suppliers’ company name and address, the account number and annual turnover figures. The legal basis for the processing of personal data for the aforementioned purposes is Art. 6 (1) c) GDPR.
3.2. Webmeetings
To communicate with you, we may use the online conferencing tool ‘Microsoft Teams’. If you communicate with us via video or audio conference via the Internet, your personal data will be collected and processed by us and the provider of the respective conference tool.
The conferencing tool collects the data that you provide/enter in order to use it (e-mail address and/or your telephone number). Furthermore, the conferencing tool processes the duration of the conference, start and end (time) of participation in the conference, number of participants and other “contextual information” related to the communication process (metadata).
Furthermore, the provider of the tool processes all technical data that are necessary for the handling of the online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker and the type of connection.
If content is exchanged, uploaded or otherwise made available within the tool, this is also stored on the servers of the tool provider. Such content includes, but is not limited to, cloud recordings, chat/instant messages, uploaded photos and videos, files and other information shared while using the service.
Please note that we do not have full influence on the data processing procedures of the tool used. Our options are largely determined by the corporate policy of the provider. For details on data processing, please refer to the Microsoft Teams privacy policy: https://privacy.microsoft.com/de-de/privacystatement.
The use of the online conferencing tool serves the general simplification and acceleration of communication with us or our company Art. 6 (1) f) GDPR. Insofar as consent has been requested, the tool in question is used on the basis of this consent Art. 6 (1) a) GDPR; consent can be withdrawn at any time with effect for the future.
3.3. Conduct of competitions and surveys
As your business partner, we conduct competitions and surveys. To this end, we may process your personal data if you have given us your consent in this regard. The legal basis for the processing of personal data for the afore-mentioned purposes is Art. 6 (1) a) GDPR.
3.4. Usage of business cards
In the context of general business contacts, trade fairs or similar events, business cards are being exchanged regularly. We process the personal data given on the business card with a view to possibly making subsequent contact, or to potentially update the data in our Outlook address book and in our SAP master data.
You are under no contractual or legal obligation to supply your personal data, that is to say, you are not obliged to make your personal data available to us. Should you decide not to provide us with your personal data, the consequences will be as follows: non-reception implies no use of your business card. The legal basis for the processing of personal data for the aforementioned purpose is Art. 6 (1) f) GDPR.
3.5. Mailing of newsletters
As a business partner, you will from time to time receive emails or letters from us to keep you informed. This may concern the announcement of company events, a trade fair or perhaps a new product. Here, we process your personal data (in particular, name and position together with your contact data) beyond the actual fulfilment of our contractual obligations to safeguard our legitimate interests in accordance with Art. 6 (1) f) GDPR. Our interest then consists of strengthening our business relationship.
3.6. Visitors’ Book entry
When visiting our site, visitors are asked to enter their details, or have them entered, in our visitors’ book. When doing this, we process your personal data (in particular, name, company, arrival and departure times) in the interests of safety on our sites. The legal basis for the processing of personal data for the aforementioned purpose is Art. 6 (1) f) GDPR.
Providing your personal data is not a legal requirement but inevitable to provide safety and protection at our local sites. You are under no contractual or legal obligation to supply your personal data that is to say, you are not obliged to make your personal data available to us. Should you decide not to make your personal data available to us, you will not be admitted to our sites.
3.7. Recording and publishing of pictures
During internal and external events, we may take photos or videos (collectively referred to as “pictures”) for documentation purposes. We assume that the participants foresee the recording of pictures as we regularly publish information about this mode of data processing (e.g. in the context of the invitation). We process this data and rely on our legitimate interests in accordance with Art. 6 (1) f) GDPR. Our interest then consists of documenting the event.
In case of publishing of selected pictures containing your personal data (for example, on our web site, in social media or print media), the purpose of such processing is internal or external communication. Your data will only be used in this way if you have given your consent. The legal basis for the processing of personal data for the afore-mentioned purposes is Art. 6 (1) a) GDPR.
You are under no contractual or legal obligation to supply your personal data. Should you decide not to make your personal data available to us, no pictures of you will be taken or published.
4. Transfer of your personal data
4.1. Data of business partners / customer data / supplier data
Within the company, access to your data is restricted to positions in which the data must be processed in fulfilment of our contractual and legal obligations.
In order to fulfil our contractual and legal obligations we utilise to some extent external service providers to whom we may also transfer your personal data for these purposes. E.g. for the transportation of our products to our customers we regularly transfer data such as the recipient’s name and address to various delivery service providers.
In the context of fulfilment of legal obligations or on the basis of weighing of interests for the protection of the legitimate interests of ourselves or a third party, we may, in certain circumstances, transfer your personal data to the following recipients: public and regulatory authorities, judicial and law enforcement authorities, tax advisers, lawyers, notaries and auditors.
The transfer of your personal data is processed in accordance with the provisions of the General Data Protection Regulation.
In principle we do not transmit any personal data to a third country. Third countries are countries which are not either members of the EU or states of the EEA (European Economic Area).
4.2. Transfer to external IT service providers
In order to fulfill our contractual services and legal obligations and, in particular, to protect our IT infrastructure, personal data is partly processed by external IT service providers. These service providers only act on our instructions and are contractually obligated to comply with the applicable data protection requirements.
These service providers may be located in countries outside the European Economic Area ("third countries"), in which the applicable law does not guarantee the same level of data protection as in the European Economic Area.
However, we only transfer your personal data to countries for which the EU Commission has decided that there is an adequate level of data protection as defined in Article 45 (1) of the GDPR or we take measures to ensure that the recipients guarantee an adequate level of data protection. For this purpose, we use the EU standard contractual clauses approved by the European Commission.
You can request a copy of the appropriate and adequate safeguards and measures from us.
Please use the information in section 2 for this purpose.
4.3. Conduct of competitions and surveys
Within the company, access to your data is restricted to positions in which the data must be processed in order to conduct competitions and surveys.
To conduct our pseudonymous surveys, we work with external service providers based in Germany, who make the questionnaire available as an online tool.
However, the invitations to participate in the surveys are specifically not issued by these external service providers. Thus, these external service providers receive no personal data relating to you from us. For this very reason, processing of the survey data in compliance with data protection regulations is ensured. Invitations to the survey participants are sent either directly by us or by an independent other service provider.
We do not transmit any personal data to a third country.
4.4. Usage of business cards
We may transfer your personal data to responsible contact persons within our company. We do not transmit any personal data to a third country.
4.5. Mailing of newsletters
Within the company, access to your data is restricted to positions in which your personal data must be processed in order to mail newsletters.
Newsletters are sent either directly by us or by an independent other service provider, who receives the necessary personal data (your contact data) from us for this purpose.
We do not transmit any personal data to a third country.
4.6. Visitors’ Book entry
As a rule, we do not pass on your personal data, except if necessary to protect our legitimate interests (e.g. detection, prevention or investigation of the crime or criminal activities).
4.7. Recording and publishing of pictures
The transfer of your personal data will only take place in an agreed way to which you have consented.
5. Duration of data storage
We erase your personal data as soon as they are no longer needed for the aforementioned purposes. In this context it may occur that personal data are stored for the period in which claims can be asserted against our company (statutory limitation period of three or up to thirty years). In addition, we store your personal data to the extent that we are required to do so by law. Corresponding documentation and retention duties derive from, among other things, the Commercial Code and the Fiscal Code. The retention periods under such laws are up to ten years.
6. Your rights
In accordance with GDPR Art. 15, you can demand information regarding the processing of your personal data.
Should the personal data processed by us be incorrect or incomplete, you can demand its rectification in accordance with GDPR Art. 16.
According to the provisions of GDPR Art. 17 and 18, you can demand the deletion and limitation of processing of your personal data.
In cases where the processing of your personal data is founded on your consent, you have rights under GDPR Art. 20. You may require that we provide you or a third party with the information you have submitted to us in a structured, common and electronic format, if this is technically feasible.
Where we process your data for legitimate interest, you can object to the data processing at any time (GDPR Art. 21).
If you wish to know more about your rights or if you want to exercise them, you can, of course, contact our data protection officer. (datenschutzmanagement@ese.com)
If you believe that we violate German or European data protection laws when processing your data, we ask you to contact us for clarification. According to the provisions of GDPR Art. 77 you have the right to contact a regulatory authority. Contact data for the regulatory authority responsible for us is as follows:
Landesbeauftragte für den Datenschutz Brandenburg, Stahnsdorfer Damm 77, 14532 Kleinmachnow, Telephone: 03 32 03/356-0, Fax: 033203/356-49, Email: Poststelle@LDA.Brandenburg.de
>> Print version (pdf)