Duty of and right to information in regard to personal data according to Art. 13 and 14 GDRP
Here you will obtain an overview of our processing of your personal data and your rights according to data protection law. The individual data to be processed and the manner in which it is processed significantly depends on the commissioned and/or agreed services.
1. Who is responsible for data processing and who can I contact?
The responsible body is:
Hiller GmbH
Schwalbenholzstr.2
84137 Vilsbiburg
Germany
Phone: +49 (0) 8741-48-0
Fax: +49 (0) 8741-48-139
E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.
You can reach our company data protection officer under:
Hiller GmbH
Data Protection Officer
Schwalbenholzstr.2
84137 Vilsbiburg
Germany
Phone: +49 (0) 8741-48-0
Fax: +49 (0) 8741-48-700
E-mail address: This email address is being protected from spambots. You need JavaScript enabled to view it.
2. What sources and data do we use?
We process personal data that we receive from our customers, suppliers, service providers and applicants within the scope of our business relationship. If required for the rendering of our services, we also process personal data that we have obtained – with consent – from publicly accessible sources (such as commercial and association registers, press, Internet) or from other third parties (such as credit agencies) in an authorised manner.
Relevant personal data comprises personal details (name, address and other contact data, birthday, place of birth and citizenship) and authentication information (such as identification data). In addition, this information can include order data, data from the fulfilment of our contractual obligations, information on your financial situation, advertising and sales data, documentation data and other data comparable with the abovementioned categories.
3. Why do we process your data (purpose of processing) and on what legal basis?
We process personal data in compliance with the provisions of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz (BDSG)):
a. For the fulfilment of contractual obligations (Art. 6 Sect. 1 b/c GDRP)
The data is processed for the fulfilment of our contracts with our customers or the performance of precontractual measures performed upon request. The purposes of data processing are primarily compliant with the concrete process. Further details on data processing purposes can be found in the pertinent contract documents and terms and conditions of business.
b. Insofar as required in the balancing of interests (Art. 6 Sect. 1 f GDRP), we process your data beyond the actual fulfilment of the contract for the safeguarding of the legitimate interests of our company or of third parties.
Examples:
– Consultation of and data exchange with credit agencies (such as SCHUFA) to determine creditworthiness and/or risks of default in credit transactions and requirements for seizure protection or basic accounts
– Verification and optimisation of methods for requirement analysis for direct customer contact
– Advertising or market and opinion research insofar as you have objected to the use of your data
– Assertion of legal claims and defence in case of legal disputes
– Guarantee of IT security and the IT operation
– Prevention and clarification of criminal offences
– Measures for building and plant safety
– Measures for safeguarding domiciliary rights
– Measures for business management the further development of services and products
– Risk management
c. Based on your consent (Art. 6 Sect. 1 a GDRP) Insofar as you have granted us consent to process your personal data for certain purposes (e.g., passing on data within the company group, evaluation of product data, marketing purposes), the legality of this processing is based on your consent. Granted consent can be revoked at any time. This also applies to the revocation of declarations of consent granted to our company before the GDRP came into effect, i.e., 25 May 2018. The revocation of consent does not affect the legality of data processed up to the point in time of revocation.
4. Who receives my data?
Within the company, the functions that require access to your data in order to fulfil our contractual and legal obligations obtain this access. The service providers and subcontractors we use can also obtain data for these purposes as long as they work according to the GDRP. These service providers and subcontractors include companies in the categories of IT services, logistics, printing, telecommunications, debt collection and consulting, as well as sales and marketing.
Other recipients of data can include functions for which you have granted us your consent for the transmission of data.
5. Will data be transmitted to a third-party country or international organisation?
A data transmission to parties in countries outside of the European Union (so-called third-party countries) takes place insofar as one of the following applies: – Such a transmission is required to execute your orders. – It is legally required (e.g., reporting duties according to tax law). – You have granted us your consent.
In addition, we do not transmit personal data to bodies in third-party countries or international organisations. For certain tasks, we use service providers that in turn also use service providers whose company headquarters, parent companies or computer centres may be located in a third-party country. A transmission is permissible only if the European Commission has decided that the pertinent third-party country has an appropriate level of protection (Art. 45 GDPR). If the Commission has not made such a decision, we or the service provider must transmit personal data to a third-party country or international organisation only if suitable guarantees (e.g., standard data protection clauses that have been accepted in a determined procedure by the Commission or the supervisory body), implementable laws and effective legal remedies have been provided. With these service providers, we have contractually agreed that they will conclude agreements regarding data protection principles with their own contracting partners under observance of the European level of data protection.
6. How long is my data stored?
We process and store your personal data as long as it is required for the fulfilment of our contractual and legal obligations. If the data is no longer required for the fulfilment of contractual or legal obligations, it is deleted regularly unless further processing (under a deadline) is required for the following purposes:
– Fulfilment of storage obligations according to trade and tax law – Observance of evidence within the scope of statutory limitation period regulations According to § 195 ff. of the German Civil Code (Bürgerliches Gesetzbuch (BGB)), these limitation periods can amount to up to 30 years, whereby the normal limitation period is three years.
7. What are my data protection rights?
Each affected person has the right to information according to Article 15 GDPR, the right to correction according to Article 16 GDPR the right to deletion according to Article 17 GDPR, the right to the limitation of processing according to Article 18 GDPR, the right to objection according to Article 21 GDPR and the right to data transferability according to Article 20 GDPR.
In regard to the rights to information and deletion, the limitations according to §§ 34 and 35 German Federal Data Protection Act (BDSG) apply. In addition, you have a right to complain to a responsible data protection supervisory body (Article 77 GDPR in conjunction with § 19 German Federal Data Protection Act (BDSG)).
You may revoke any consent granted to us for the processing of your personal data at any time. This also applies to the revocation of declarations of consent granted to our company before the General Data Protection Regulation came into effect, i.e., 25 May 2018. Please note that this revocation only has future effect. Data processing that occurred before the revocation is not affected.
8. Am I obliged to provide data?
Within the scope of our business relationship, you must provide any personal data that is legally required for the assumption and execution of the contractual relationship and for the fulfilment of the associated contractual obligations or that we are legally obligated to collect. Without the provision of this data, we are generally not able to conclude or execute a contract with you. If you do not provide us with the necessary information and documents, we must not take up or continue the business relationship you desire.
9. To what extent does automatic decision-making take place?
For the justification and execution of the business relationship, we fundamentally do not perform fully automatic decision-making processes according to Art. 22 GDPR. If we use these processes in individual cases, we will inform you separately insofar as legally required.
10. Is profiling performed? We process your data automatically to some extent with the objective of evaluating certain personal aspects (profiling). We use profiling to inform and advise you about products in a targeted manner. This profiling enables needs-based communication and advertising, including market and opinion research.
Information on your right to objection according to Article 21 General Data Protection Regulation (GDPR)
1. Right to objection in relation to an individual case
For reasons arising from your particular situation, you have the right to object to the processing of your personal data that takes place on the basis of Art. 6 Sect. 1 lit. e) or f) GDPR (data processing on the basis of a consideration of interests) at any time; this also applies to any profiling based on this provision within the scope of Article 4 No. 4 GDPR.
If you object, we will no longer process your personal data unless we can prove we have compelling legitimate grounds for processing that are absolutely worthy of protection and that have priority over your interests, rights and freedoms or unless the processing of this data serves the assertion, exercise or defence of legal claims.
2. Right to object to the processing of data for the purposes of direct advertising
In individual cases, we process your personal data to engage in direct advertising. You have the right to object to the processing of your personal data for the purpose of such advertising at any time; this also applies to profiling insofar as this profiling is connected to such direct advertising.
If you object to the processing of your personal data for the purpose of direct advertising, we will no longer process your personal data for this purpose. This objection has no formal requirements and, if possible, should be sent to:
Hiller GmbH
Schwalbenholzstr. 2
84137 Vilsbiburg
Germany
Privacy protection Social Media
https://www.facebook.com/legal/terms/page_controller_addendum