Информационная рассылка
Будьте в курсе
Dear Sir or Madam,
The personal data of every individual who is in a contractual, pre-contractual or other relationship with our company deserve special protection. Our goal is to keep our data protection level to a high standard. Therefore, we are constantly developing our data protection and data security concepts.
Of course, we comply with the statutory provisions on data protection. According to Article 13, 14 GDPR, companies meet specific information requirements when collecting personal data. This document fulfills these obligations.
The terminology of legal regulations is complicated. Unfortunately, the use of legal terms could not be dispensed with in the preparation of this document. Therefore, we would like to point out that you are always welcome to contact our Data Protection Officer for all questions concerning this document, the used terms or formulations.
BDE Engineering GmbH
Industriestr. 10
37688 Beverungen
Germany Tel.: +49 5273 367700
E-Mail: info@bde-engineering.de
Website: www.bde-engineering.de
Commercial Trade Register-No.: HRB 9651 (AG Paderborn)
VAT Identification Number acc. § 27 a Umsatzsteuergesetz: DE 155578128
Evgeni Wittmann
BDE Engineering GmbH
Industriestr. 10
37688 Beverungen
Deutschland
Tel.: +49 4273 367700
E-Mail: datenschutzbeauftragter@bdeengineering.de
Website: www.bde-engineering.de
The purpose of the processing of personal data is the handling of all operations which concern the controller, customers, prospective customers, business partners or other contractual or pre-contractual relations between the named groups (in the broadest sense) or legal obligations of the controller.
Art. 6(1) lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on Article 6(1) lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services. Is our company subject to a legal obligation by which processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6(1) lit. d GDPR.
Finally, processing operations could be based on Article 6(1) lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the abovementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47 Sentence 2 GDPR).
Where the processing of personal data is based on Article 6(1) lit. f GDPR our legitimate interest is to carry out our business in favor of the wellbeing of all our employees and the shareholders.
All companies and branches that are part of our group (hereinafter referred to as "group companies") that have their place of business or an office in a third country may belong to the recipients of personal data. The addresses of all group companies are available on our website. Furthermore, a list of all group companies can be requested from our Data Protection Officer.
According to Article 46(1) GDPR a controller or processor may transfer personal data only to a third country if the controller or processor has provided appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available. Appropriate safeguards may be provided without requiring any specific authorisation from a supervisory authority by means of standard contractual clauses, Article 46(2) lit. c GDPR. The standard contractual clauses of the European Union are agreed with all recipients from third countries before the first transmission of personal data. Consequently, it is ensured that appropriate safeguards, enforceable data subject rights and effective legal remedies for data subjects which are resulting from the EU standard contractual clauses are guaranteed. Every data subject can obtain a copy of the standard contractual clauses from our Data Protection Officer. The standard contractual clauses are also available in the Official Journal of the European Union (OJ 2010 / L 39, page 518).
The criteria used to determine the period of storage of personal data is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of the contract or the initiation of a contract.
All data subjects have the following rights:
a) Right to access
Each data subject has a right to access the personal data concerning him or her. The right to access extends to all data processed by us. The right can be exercised easily and at reasonable intervals, in order to be aware of, and verify, the lawfulness of the processing (Recital 63 GDPR). This right results from Art. 15 GDPR. The data subject may contact our Data Protection Officer to exercise the right to access.
b) Right to rectification
According to Article 16 Sentence 1 GDPR the data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Moreover, Article 16 Sentence 2 GDPR provides that the data subject is entitled, taking into account the purposes of the processing, to have incomplete personal data completed, including by means of providing a supplementary statement. The data subject may contact our Data Protection Officer to exercise the right of rectification.
c) Right to erasure (right to be forgotten)
In addition, data subjects are entitled to a right to erasure and to be forgotten under Art. 17 GDPR. This right can also be exercised by contacting our Data Protection Officer. At this point, however, we would like to point out that this right does not apply insofar as the processing is necessary to fulfill a legal obligation to which our company is subject to, Article 17(3) lit. b GDPR. This means that we can approve an application to erase only after the expiration of the statutory retention period.
d) Right to restriction of processing
According to Article 18 GDPR any data subject is entitled to a restriction of processing. The restriction of processing may be demanded if one of the conditions set out in Article 18(1) lit. a-d GDPR is fulfilled. The data subject may contact our Data Protection Officer to exercise the right to restriction of processing.
e) Right to object
Furthermore, Art. 21 GDPR guarantees the right to object. The data subject may contact our Data Protection Officer to exercise the right to object.
f) Right to data portability
Art. 20 GDPR grants the data subject the right to data portability. Under this provision, the data subject has under the conditions laid down in Article 20(1) lit. a and b GDPR the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machinereadable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided. The data subject may contact our Data Protection Officer to exercise the right to data portability.
If processing of personal data is based on Art. 6(1) lit. a GDPR, which is the case, if the data subject has given consent to the processing of personal data for one or more specific purposes or is it based on Article 9(2) lit. a GDPR, which regulates the explicit consent to the processing of special categories of personal data, the data subject has according to Article 7(3) Sentence 1 GDPR the right to withdraw his or her consent at any time.
Withdraw of consent shall not affect the lawfulness of processing based on consent before its withdrawal, Article 7(3) Sentence 2 GDPR. It shall be as easy to withdraw as to give consent, Art. 7(3) Sentence 4 GDPR. Therefore, the withdrawal of consent can always take place in the same way as consent has been given or in any other way, that is considered by the data subject to be simpler. In todays information society, probably the simplest way to withdraw consent is a simple email. If the data subject wishes to withdraw his or her consent granted to us, a simple email to our Data Protection Officer is sufficient. Alternatively, the data subject may choose any other way to communicate his or her withdraw of consent to us.
As the controller, we are obliged to notify the data subject of the right to lodge a complaint with a supervisory authority, Article 13(2) lit. d GDPR. The right to lodge a complaint with a supervisory authority is regulated by Article 77(1) GDPR. According to this provision, without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the General Data Protection Regulation. The right to lodge a complaint with a supervisory authority was only limited by the law of the Union in such way, that it can only be exercised before a single supervisory authority (Recital 141 Sentence 1 GDPR). This rule is intended to avoid double complaints of the same data subject in the same matter. If a data subject wants to lodge a complaint about us, we therefore asked to contact only a single supervisory authority.
We clarify that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information on the contractual partner).
Sometimes it may be necessary to conclude a contract that the data subject provides us with personal data, which must subsequently be processed by us. The data subject is, for example, obliged to provide us with personal data when our company signs a contract with him or her. The non-provision of the personal data would have the consequence that the contract with the data subject could not be concluded.
Before personal data is provided by the data subject, the data subject must contact our Data Protection Officer. Our Data Protection Officer clarifies to the data subject whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of nonprovision of the personal data.
As a responsible company, we do not use automatic decision-making or profiling.
BDE Engineering GmbH
Industriestr. 10
37688 Beverungen
Germany
Tel.: +49 5273 367700
E-Mail: info@bde-engineering.de
Website: www.bde-engineering.de
Commercial Trade Register-No.: HRB 9651 (AG Paderborn)
VAT Identification Number acc. § 27 a Umsatzsteuergesetz: DE 155578128
Evgeni Wittmann
BDE Engineering GmbH
Industriestr. 10
37688 Beverungen
Deutschland
Tel.: +49 4273 367700
E-Mail: datenschutzbeauftragter@bdeengineering.de
Website: www.bde-engineering.de
The purpose of the processing of personal data is the handling of all operations which concern the controller, customers, prospective customers, business partners or other contractual or pre-contractual relations between the named groups (in the broadest sense) or legal obligations of the controller.
If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on Article 6(1) lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services. Is our company subject to a legal obligation by which processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR.
In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6(1) lit. d GDPR.
Finally, processing operations could be based on Article 6(1) lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the abovementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47 Sentence 2 GDPR).
Customer data Data of potential customers Data of employees Data of suppliers
All companies and branches that are part of our group (hereinafter referred to as "group companies") that have their place of business or an office in a third country may belong to the recipients of personal data. The addresses of all group companies are available on our website. Furthermore, a list of all group companies can be requested from our Data Protection Officer.
According to Article 46(1) GDPR a controller or processor may transfer personal data only to a third country if the controller or processor has provided appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available. Appropriate safeguards may be provided without requiring any specific authorization from a supervisory authority by means of standard data protection clauses, Article 46(2) lit. c GDPR.
The standard contractual clauses of the European Union are agreed with all recipients from third countries before the first transmission of personal data. Consequently, it is ensured that appropriate safeguards, enforceable data subject rights and effective legal remedies for data subjects which are resulting from the EU standard contractual clauses are guaranteed. Every data subject can obtain a copy of the standard contractual clauses from our Data Protection Officer. The standard contractual clauses are also available in the Official Journal of the European Union (OJ 2010 / L 39, page 518).
The criteria used to determine the period of storage of personal data is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of the contract or the initiation of a contract.
According to Article 6(1) lit. f GDPR, processing shall be lawful only if the processing is necessary for the purposes of legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. According to Recital 47 Sentence 2 GDPR a legitimate interest could exist where there is a relevant and appropriate relationship between the data subject and the controller, e.g. in situations where the data subject is a client of the controller. In all cases in which our company processes personal data based on Article 6(1) lit. f GDPR, our legitimate interest is in carrying out our business in favor ofthe well-being of all our employees and the shareholders.
All data subjects have the following rights:
a) Right to access
Each data subject has a right to access the personal data concerning him or her. The right to access extends to all data processed by us. The right can be exercised easily and at reasonable intervals, in order to be aware of, and verify, the lawfulness of the processing (Recital 63 GDPR). This right results from Art. 15 GDPR. The data subject may contact our Data Protection Officer to exercise the right to access.
b) Right to rectification
According to Article 16 Sentence 1 GDPR the data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Moreover, Article 16 Sentence 2 GDPR provides that the data subject is entitled, taking into account the purposes of the processing, to have incomplete personal data completed, including by means of providing a supplementary statement. The data subject may contact our Data Protection Officer to exercise the right of rectification. c) Right to erasure (right to be forgotten)
In addition, data subjects are entitled to a right to erasure and to be forgotten under Art. 17 GDPR. This right can also be exercised by contacting our Data Protection Officer. At this point, however, we would like to point out that this right does not apply insofar as the processing is necessary to fulfill a legal obligation to which our company is subject to, Article 17(3) lit. b GDPR. This means that we can approve an application to erase only after the expiration of the statutory retention period.
d) Right to restriction of processing
According to Article 18 GDPR any data subject is entitled to restriction of processing. The restriction of processing may be demanded if one of the conditions set out in Article 18(1) lit. a-d GDPR is fulfilled. The data subject may contact our Data Protection Officer to exercise the right to restriction of processing.
e) Right to object
Furthermore, Art. 21 GDPR guarantees the right to object. The data subject may contact our Data Protection Officer to exercise the right to object.
f) Right to data portability
Art. 20 GDPR grants the data subject the right to data portability. According to this provision the data subject has under the conditions laid down c) Right to erasure (right to be forgotten)
In addition, data subjects are entitled to a right to erasure and to be forgotten under Art. 17 GDPR. This right can also be exercised by contacting our Data Protection Officer. At this point, however, we would like to point out that this right does not apply insofar as the processing is necessary to fulfill a legal obligation to which our company is subject to, Article 17(3) lit. b GDPR. This means that we can approve an application to erase only after the expiration of the statutory retention period.
d) Right to restriction of processing
According to Article 18 GDPR any data subject is entitled to restriction of processing. The restriction of processing may be demanded if one of the conditions set out in Article 18(1) lit. a-d GDPR is fulfilled. The data subject may contact our Data Protection Officer to exercise the right to restriction of processing.
e) Right to object
Furthermore, Art. 21 GDPR guarantees the right to object. The data subject may contact our Data Protection Officer to exercise the right to object.
f) Right to data portability
Art. 20 GDPR grants the data subject the right to data portability. According to this provision the data subject has under the conditions laid down in Article 20(1) lit. a and b GDPR the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machinereadable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided. The data subject may contact our Data Protection Officer to exercise the right to data portability.
If processing of personal data is based on Art. 6(1) lit. a GDPR, which is the case, if the data subject has given consent to the processing of personal data for one or more specific purposes or is it based on Article 9(2) lit. a GDPR, which regulates the explicit consent to the processing of special categories of personal data, the data subject has according to Article 7(3) Sentence 1 GDPR the right to withdraw his or her consent at any time.
Withdraw of consent shall not affect the lawfulness of processing based on consent before its withdrawal, Article 7(3) Sentence 2 GDPR. It shall be as easy to withdraw as to give consent, Art. 7(3) Sentence 4 GDPR. Therefore, the withdrawal of consent can always take place in the same way as consent has been given or in any other way, that is considered by the data subject to be simpler. In todays information society, probably the simplest way to withdraw consent is a simple email. If the data subject wishes to withdraw his or her consent granted to us, a simple email to our Data Protection Officer is sufficient. Alternatively, the data subject may choose any other way to communicate his or her withdraw of consent to us.
As the controller, we are obliged to notify the data subject of the right to lodge a complaint with a supervisory authority, Article 14(2) lit. e GDPR. The right to lodge a complaint with a supervisory authority is regulated by Article 77(1) GDPR. According to this provision, without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the General Data Protection Regulation. The right to lodge a complaint with a supervisory authority was only limited by the law of the Union in such way, that it can only be exercised before a single supervisory authority (Recital 141 Sentence 1 GDPR). This rule is intended to avoid double complaints of the same data subject in the same matter. If a data subject wants to lodge a complaint about us, we therefore asked to contact only a single supervisory authority.
In principle, personal data is collected directly from the data subject or in cooperation with an authority (e.g. retrieval of data from an official register). Other data on data subjects are derived from transfers of group companies. In the context of this general information, the naming of the exact sources from which personal data is originated is either impossible or would involve a disproportionate effort within the meaning of Art. 14(5) lit. b GDPR. In principle, we do not collect personal data from publicly accessible sources.
Any data subject can contact our Data Protection Officer at any time to obtain more detailed information about the exact sources of the personal data concerning him or her. Where the origin of the personal data cannot be provided to the data subject because various sources have been used, general information should be provided (Recital 61 Sentence 4 GDPR).
As a responsible company, we do not use automatic decision-making or profiling.
Suche