Privacy information for customers & suppliers
Privacy policy according to EU Data Protection Regulation GDPR according to Art. 13 and 14
Valid for customers, prospective customers, suppliers as well as sales and cooperation partners of Riedel Networks GmbH & Co. KG. (hereinafter referred to as, “Riedel Networks”).
With the following information, we provide you with an overview of how we process your personal data and your rights under the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). Which data is processed in detail and how it is used depends largely on the products and services requested or ordered.
1. person responsible for data processing
Riedel Networks GmbH & Co KG
Schlossstrasse 10
35510 Butzbach
Phone +49 (0) 6033 / 91691 100
Fax +49 (0) 6033 / 91691 119
E-mail RN-info@riedel.net
Internet www.Riedel-Networks.net
2. data protection officer of the controller
Herr Dr. Arndt Glienke LL.M
CLARIUS.LEGAL Rechtsanwaltsaktengesellschaft
Rolandsbrücke 4
20095 Hamburg
Mail: Dataprotection@riedel.net
3. data and services
a) Sources
We process personal data that we receive from you in the course of our business relationship. In addition, we process (to the extent necessary for the provision of our products and services) personal data that we have permissibly received from other third parties (e.g. for the execution of orders, the performance of contracts or on the basis of consent given by you). On the other hand, we process personal data that we have permissibly obtained from publicly accessible sources (e.g. commercial and association registers, press, media, Internet) and are allowed to process.
b) Categories of personal data
When initiating a business relationship or creating master data, the following personal data may be collected, processed and stored:
Address and communication data (name, address, telephone, e-mail address, other contact data), personal master data (date/place of birth, gender, nationality, marital status, business capacity, occupational group key, legitimation data (e.g. ID card data), authentication data (e.g. specimen signature), tax ID).
When using products and services within the scope of the contracts concluded with us, the following additional personal data may essentially be collected, processed and stored in addition to the aforementioned data:
Contract master data (order data, data from the fulfillment of our contractual obligations, details of any third-party beneficiaries), billing, performance and payment data (direct debit data, tax information, other personal master data (occupation, employer), documentation data (e.g. logs), product data (e.g. services and products requested or booked) and the following business creditworthiness documents: income/surplus statements, balance sheets, business evaluation , type and duration of self-employment.
c) Customer contact information
In the course of the business initiation phase and during the business relationship, in particular through personal, telephone or written contacts, initiated by you or by Riedel Networks, further personal data is generated. This includes, for example, information about the contact channel, date, occasion and result, (electronic) copies of correspondence and information about participation in direct marketing activities.
d) Information society services
When processing data in the context of information society services, you will receive further information on data protection in connection with the respective service.
4. purpose and legal basis of the processing
We process the personal data mentioned under 3. in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG):
a) For the fulfillment of contractual obligations (Article 6 para.1 lit. b GDPR)
The processing of personal data is carried out for the establishment, implementation and termination of a contract for the provision of products or provision of services, as well as for the implementation of pre-contractual measures for the preparation of offers, contracts or other requests directed towards the conclusion of a contract, which are made in response to your request.
The purposes of data processing are primarily determined by the specific products and services and may include, but are not limited to, needs analysis, consulting and support. Further details on the purpose of data processing can be found in the respective (also pre-contractual) contractual documents of our cooperation. Interested parties may be contacted, taking into account any restrictions expressed, during the contract initiation phase, and customers, suppliers, distributors and cooperation partners may be contacted during the business relationship, using the data they have provided.
b) Based on your consent (Article 6 para. 1 lit. a GDPR)
Insofar as you have given us consent to process personal data for certain purposes (e.g. transfer of data within the group of companies), the lawfulness of this processing is based on your consent. Consent given can be revoked at any time. This also applies to the revocation of declarations of consent given to us before the EU General Data Protection Regulation came into force, i.e. before May 25, 2018. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected. You can request an overview of the status of the consents you have granted from us at any time.
c) Due to legal requirements (Article 6 para.1 lit. c GDPR) or in the public interest (Article 6 para.1 lit. e GDPR).
We are subject to various legal obligations and statutory requirements and process data for the following purposes, among others: Identity and age verification, the fulfillment of control and reporting obligations under tax law, and the assessment and management of risks in the organizational group.
d) Within the framework of the balancing of interests (Article 6 para. 1 lit. f GDPR)
To the extent necessary, we process your data beyond the actual performance of the contract to protect legitimate interests of us or third parties. Examples:
- Testing and optimization of procedures for needs analysis and direct customer approach; incl. Segmentations and calculation of completion probabilities,
- Advertising or market and opinion research, insofar as you have not objected to the use of your data
- Assertion of legal claims and defense in legal disputes
- Ensuring IT security and IT operations
- Consultation with and exchange of data with credit agencies to determine creditworthiness and credit ratings. Default risks
- Prevention of criminal acts
- Video surveillance for the preservation of domiciliary rights, for the collection of evidence in the case of criminal offences
- Building and office security measures (e.g. access controls)
- Measures to ensure the right of domicile
- Measures for business management and further development of services and products
- Risk management in the organizational group
5. recipient of the data
Within Riedel Networks, access to your data is granted to those departments that need it to fulfill our contractual and legal obligations. Service providers employed by us may also receive data for these purposes if they comply with our written instructions under data protection law.
With regard to the transfer of data to recipients outside Riedel Networks, it should first be noted that we are obligated to maintain confidentiality about all customer-related information of which we become aware. We may only pass on information about you if this is required by law, if you have given your consent and/or if processors commissioned by us guarantee that the requirements of the EU General Data Protection Regulation and the Federal Data Protection Act are met in the same way.
Under these conditions, recipients of personal data may be, for example:
- Public bodies and institutions in the case of a legal or regulatory obligation
- Processors to whom we transfer personal data in order to carry out the business relationship with you. In detail: Support/maintenance of EDP/lT applications, archiving, document processing, call center services, compliance services, controlling, data destruction, purchasing/procurement, space management, recovery, customer administration, lettershops, marketing, media technology, reporting, research, risk controlling, expense reporting, telephony, video legitimation, website management, auditing services, payment transactions.
Other data recipients may be those entities for which you have given your consent to the transfer of data.
6. data transfer to third countries or to international organization
Data is only transferred to countries outside the EU or the EEA (so-called third countries) if this is necessary for the execution of your orders, is required by law (e.g. reporting obligations under tax law), you have given us your consent or within the framework of order processing. If service providers in the third country are used, they are obligated to comply with the level of data protection in Europe by agreeing to the EU standard contractual clauses in addition to written instructions.
7. duration of data storage
We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations. If the data are no longer required for the fulfillment of contractual or legal obligations, they are regularly deleted, unless their (temporary) further processing is necessary for the following purposes:
- Fulfillment of retention periods under commercial and tax law in accordance with §257 of the German Commercial Code (HGB) and the German Fiscal Code (Abgabenordnung), with the retention and documentation periods of two to ten years specified therein.
- Preservation of evidence under the statute of limitations. According to Sections 195 et seq. of the German Civil Code (BGB), these limitation periods can be up to 30 years, with the regular limitation period being three years.
8. obligation to provide data
Within the scope of our business relationship, you must provide those personal data that are necessary for the establishment and implementation of a business relationship and the fulfillment of the associated contractual obligations, or which we are required to collect by law. Without this data, we will usually have to refuse to conclude the contract, provide products and services, or be unable to perform an existing contract and may have to terminate it.
9. automated decision-making (including profiling)
For the establishment and implementation of the business relationship, we generally do not use fully automated decision-making (including profiling) pursuant to Article 22 GDPR. If we use these procedures in individual cases, we will inform you separately if required by law.
10. profiling
We process your data partly automatically with the aim of evaluating certain personal aspects (profiling). We use profiling, for example, to provide you with targeted information and advice about products with the help of evaluation tools. These enable needs-based communication and advertising, including market and opinion research.
11. your rights
According to Articles 15–21 GDPR, you may exercise the following rights with respect to personal data we store provided the relevant requirements of the GDPR are met.
You can request information pursuant to Art. 15 GDPR about your personal data processed by us.
If incorrect personal data is processed, you have a right to rectification pursuant to Art. 16 GDPR.
If the legal requirements are met, you may request the deletion or restriction of processing (Art. 17, 18 GDPR).
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
Right of objection according to Art. 21 GDPR
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time, to processing of personal data concerning him or her which is carried out on the basis of Article 6 (1)(a) of the Data Protection Act. e) or f) GDPR; this also applies to profiling based on these provisions.
12. right of appeal to a supervisory authority
Pursuant to Art 77 GDPR, every data subject has the right to lodge a complaint with a supervisory authority if he or she considers that the processing of personal data concerning him or her infringes the GDPR. The competent supervisory authority for data protection issues is the state data protection commissioner of the federal state in which our organization is based.
The Hessian Commissioner for Data Protection and Freedom of Information
Gustav-Stresemann-Ring 1
65189 Wiesbaden
Phone: 0611/1408-0
Fax: 0611/1408 -900
E-mail: poststelle@datenschutz.hessen.de