Privacy policy
Thank you for your interest in our company. The protection of your private rights and freedoms is important to us; we only use your data for the purposes intended. As it is important to us that you know at all times to what extent we collect, use and, if necessary, transfer your data to third parties, we will inform you in detail below about the processing of your personal data collected by us or stored by us.
Visiting our website is generally possible without providing (personal) data; if there are exceptions to this for selected services, we will explain these in the following chapters. When processing personal data, we strictly adhere to the requirements of the EU General Data Protection Regulation (GDPR) and any other data protection regulations.
Name and address of the controller
fetra Fechtel Transportgeräte GmbH
Geschäftsführer: Hinrich Fechtel, Jochen Fechtel, Peter Beißmann
Industriestraße 17-21
33829 Borgholzhausen
Germany
Phone: +49 (0) 5425/9494-0
E-mail: info@fetra.de
Website: https://fetra.de
Name and address of the data protection officer
Martina Brinkmann
Cortina Consult
Hafenweg 24
48155 Münster
Germany
E-mail:
datenschutz@fetra.deWebsite:
https://www.cortina-consult.deActuality of the privacy policy
To ensure that we always have up-to-date data protection information in connection with the services of our website, we use the CLOUD DSE service of Cortina Consult GmbH, Hafenweg 24 in 48155 Münster. In this process, the contents of our privacy policy are hosted on the servers at Cortina Consult and managed centrally. Necessary changes are implemented promptly by Cortina Consult and immediately displayed via direct integration on our website.
Rights of data subjects
The EU General Data Protection Regulation (GDPR) provides for extensive rights for data subjects in Chapter III, which we explain to you accordingly below with regard to the processing of your personal data:
Right to information
This requirement concerns in particular information on the following details of data processing:
- Processing purposes
- Data categories
- Recipients or categories of recipients, if applicable
- If applicable, the planned storage duration or the criteria for determining this duration.
- Note on the respective right of correction, deletion, restriction or objection
- Existence of the right to complain to a supervisory authority
- If applicable, origin of the data (if not collected from you)
- If applicable, existence of automated decision-making including profiling, including meaningful information about the logic involved, the scope and the effects to be expected
- If applicable, (planned) transfer to a third country or international organization
Right to rectification
We will correct any erroneous data immediately, provided that you inform us of the circumstance accordingly.
Right to erasure (right to be forgotten)
Provided that the processing is no longer necessary and one of the following conditions is met:
- Discontinuation of the purpose of processing
- Withdrawal of their consent and absence of any other legal basis for processing
- Objection to processing without an important reason to the contrary
- Unlawful processing
- Required to fulfill a legal obligation
- Data collection was carried out in accordance with Art. 8 (1) GDPR
Right to restriction of processing
Provided that one of the following conditions is met:
- You dispute the accuracy of your data (restriction can be made for the duration of the review on our side)
- In the event of unlawful processing and if the data is not to be deleted, restriction of processing shall take the place of deletion
- If the processing purposes cease to apply, at the same time you need your data for the assertion, exercise or defense of legal claims
- After you have lodged an objection pursuant to Art. 21 (1) GDPR and for the duration of the examination as to whether our legitimate reasons outweigh yours.
Right to data portability
If it is technically possible and does not affect the rights and freedoms of other persons, we will - at your request - transfer your data to another recipient (responsible party).
Right to object
If we collect or have collected and process personal data from you (on the basis of Art. 6 (1) e or f or Art. 9 (2) a GDPR), you have the right to object to the data processing (including profiling) at any time (with effect for the future). In exceptional cases, the objection may be ineffective, e.g. if we can demonstrate compelling interests worthy of protection for the processing that outweigh your interests or processing serves the assertion, exercise or defense of legal claims. If we process your personal data for the purpose of direct marketing, you have the right to object to such processing at any time. This also applies to profiling, insofar as it is related to such direct advertising. You also have the right to object to processing of your data concerning you which is carried out by us for scientific or historical research purposes or for statistical purposes pursuant to Article 89 (1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.
Automated decisions in individual cases including profiling
If we collect or have collected and process personal data from you, you have the right not to be subject to any decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. Exceptions to this requirement apply if the decision is necessary for the conclusion or performance of a contract between you and us or you have expressly consented to the processing. In any case, we will take reasonable steps to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain the intervention of a person on our part, to express our own point of view and to contest the decision.
Right to revoke consent under data protection law
You have the right to revoke consent to the processing of personal data at any time.
Right to complain to a supervisory authority
The following information applies to data processing in general. If there are exceptions or additions to this information, these are described in detail in the respective sections.
Legal basis of processing
We process personal data in accordance with the requirements of the GDPR, depending on the type and purpose of the processing as follows:
| Permitted use | Specification of the GDPR |
| Informed consent | Art. 6 para. 1 a |
| Performance of a contract | Art. 6 para. 1 b |
| Implementation of pre-contractual measures | Art. 6 para. 1 b |
| Fulfillment of legal obligations | Art. 6 para. 1 c |
| Protection of vital interests | Art. 6 para. 1 d |
| Safeguarding our legitimate interest | Art. 6 para. 1 f |
Our legitimate interest
Our legitimate interest, as defined in Article 6 (1) f GDPR, is based on the performance of our business activities in order to maintain our ability to operate and secure the employment of our employees.
General deadlines for data deletion
After the purpose of storage has ceased, the retention periods are generally at least six or ten years. As a rule, data is deleted immediately in accordance with our deletion concept, provided that this does not conflict with any retention obligation, necessity for contract fulfillment or a legitimate interest.
Deletion or blocking of personal data
We store your personal data only for the period required to fulfill the specified purpose. After the purpose no longer applies and after expiration of any existing retention periods, your data will be deleted immediately. If deletion is not possible, the data will be blocked instead.
Obligation to provide personal data
Under certain circumstances (e.g. due to legal or contractual regulations), an obligation arises for you to provide us with your personal data. Examples of such processing as follows:
Nature or purpose of the processing | Need |
|---|
| Conclusion of a sales contract (e.g. your address) | Fulfillment of the contractual obligation (e.g. delivery of the goods to your address) |
| In the employee context (e.g. transmission of data to the tax office) | Compliance with legal requirements (e.g. tax regulations) |
If applicable, in deviation from or in addition to the above-mentioned general information, you will find details of the individual data processing on our website below.
Collection of general data and information
As soon as you visit our website, our web server collects some general data and technical information - as shown in the table below:
Data collected | Purpose of the survey |
|---|
| browser types and versions used | correct display of the page content |
| Operating system used, visitor origin (referrer, e.g. Google), subpages clicked on | Optimization of our website content as well as our advertising |
| Date and time of access to the website as well as IP address and internet service provider of the visitor | Ensuring the permanent functionality of our IT systems (for the operation of the website) and prevention of misuse |
Other data and information for security in the event of attacks | Providing relevant information to law enforcement agencies in the event of a cyberattack |
Data security information
We secure our website and other systems through technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons. In addition, we have implemented SSL encryption (SHA256) on our website to protect your data. However, despite regular checks, complete protection against all dangers is not possible.
Applications and application procedure
| Purpose of processing | Data of applicants are collected, processed and used for the purpose of selecting potential employees. |
| Recipient (if applicable) | A transfer to third parties and / or to a third country does not take place. |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | Forwarding does not take place and is not planned. |
| If known: Duration of data storage | The personal data of applicants whom we do not hire will be stored for the required period (maximum 6 months) for possible legal claims (e.g. under the General Equal Treatment Act (AGG)) and then immediately destroyed or deleted. |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | For a smooth application process, it is necessary that you truthfully provide us with the requested information. |
| Consequences of non-compliance (in case of failure to provide the required data) | Non-compliance (i.e. failure to provide the required data) may result in your inability to enter into an employment contract with us. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject him/herself; however, it may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | Master data, contact data, application data |
| Change of purpose if necessary | If we take you on as an employee after completion of the application process, the purpose for processing the relevant data changes: in this case, it will be used in the future to implement and maintain the employment relationship. |
Newsletter
| Purpose of processing | Provision of information in the form of electronic circulars |
| Legal basis | Consent (Art. 6 para. 1 lit. a GDPR) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | There is no obligation to provide personal data. Newsletters are sent exclusively after registration via a double opt-in procedure (voluntarily given and revocable informed consent pursuant to Article 6 (1) a DSGVO) or after a purchase contract has been successfully concluded and the e-mail address has been collected in this process (pursuant to Section 7 (3) UWG). |
| Consequences of non-compliance (in case of failure to provide the required data) | Non-compliance (i.e. not providing the required data) would result in the newsletter not being delivered to you. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data comes from the data subject himself. |
| Change of purpose, if applicable | none |
Contact form
| Purpose of processing | Processing and, if necessary, answering the request of the form sender |
| Recipient (if applicable) | The data will not be passed on to third parties and/or to a third country. |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | Data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | There is no obligation. |
| Consequences of non-compliance (in case of failure to provide the required data) | none |
| If applicable, existence of an automated decision-making process | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data originates from the person concerned. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | Data and categories requested in the respective form. |
| Change of purpose if necessary | none |
User login
| Purpose of processing | | Data type | Purpose of the survey |
|---|
| Username, Password | Access for the user |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b)Implementation of pre-contractual measures (Art. 6 para. 1 b) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Without the data, the user account cannot be created. |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the data, the user account cannot be created. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data comes from the data subject himself. |
| Change of purpose if necessary | none |
Customer account and product order
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Salutation, title, first name, last name, street, no., postal code, city, country, date of birth (voluntary) | Unique identification of the customer account, processing of the product purchase, delivery, payment transactions, processing of complaints | | E-mail address, password | Authentication, independent password reset | | Phone number (voluntary) | Contact by phone |
|
| Legal basis | Fulfillment of a contract (Art. 6 para. 1 lit. b GDPR) |
| Recipient (if applicable) | Parcel service provider, logistics service provider, payment service provider |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The data (in the mandatory fields) must be provided as part of the underlying contract. |
| Consequences of non-compliance (in case of failure to provide the required data) | The creation of a customer account is not possible in this case. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data comes from the data subject himself. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | The data comes from the data subject himself. |
| Change of purpose if necessary | none |
Google Fonts
| Purpose of processing | Uniform representation of the fonts |
| Legal basis | Consent (Art. 6 para. 1 lit. a GDPR) |
| Recipient (if applicable) | Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | If applicable, transfer, storage and processing in the USA. The data transfer is based on the standard contractual clauses of the EU Commission. Google LLC is certified in accordance with the EU-US Data Privacy Framework (DPF). |
| If known: Duration of data storage | Unknown duration See General time limits for data deletion. |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (in case of failure to provide the required data) | none |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | IP address, access time, access date |
| Change of purpose if necessary | none |
| Opt-Out | Use a browser that does not support Google Fonts |
| Privacy info of the addin | https://www.google.com/policies/privacy/ |
YouTube videos
| Purpose of processing | This is a video player service from Google. |
| Legal basis (according to Art. 6 / 9 DSGVO) | Informed consent (Art. 6 para. 1 a) |
| Recipient (if applicable) | Alphabet Inc, Google LLC, Google Ireland Limited |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | If applicable, transfer, storage and processing in the USA, Google LLC The data transfer is based on the EU-U.S. Data Privacy Framework via which Google LCC is certified. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (in case of failure to provide the required data) | none |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Change of purpose if necessary | none |
Data security information
We secure our website and other systems through technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons. In addition, we have implemented SSL encryption (SHA256) on our website to protect your data. However, despite regular checks, complete protection against all dangers is not possible.
The purposes, legal basis and other information may vary depending on the processing; you will find the exact classification of the information in the following section.
Video surveillance
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| 1) Image and video data | - Exercise of domiciliary rights and preventive protection against unauthorized access to the company premises or office building, recording of video material for the purpose of detecting and investigating criminal offences |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Protection of legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | Re 1) Internal (Details: Internal department: IT) Re 1) Public body (Details: Public body: public authority, organ of the administration of justice, federal institution under public law, federally directable corporations, institutions, foundations and their associations according to § 2 para. 1-3 BDSG: in case of criminal offense: competent authority) |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | Data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | The video recordings are stored and then overwritten by new recordings; in individual exceptional cases, storage may take place for a longer period of time to ensure the purpose of processing (e.g. over a long public holiday weekend). |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the described processing, the above-mentioned purposes cannot be achieved in an economically viable manner. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | Re 1) The data was collected directly from the data subject. |
| Change of purpose if necessary | none |
General administration
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| 1) All company data (details: billing data, address data, bank details/credit card data, creditworthiness data, date of birth, IT usage data/log data/log files, IP address, interests/preferences, contact data, CV, surname/first name/surname/title, social security data, contract and contract master data, payment data, time recording data, wage/salary data, correspondence, miscellaneous) | - File management
- General administration
- Order management
- Office communication
- Incoming mail
- Paper and document shredding
- Mailroom
- Key management
- Appointment management
- Contract management |
|
| Legal basis (according to Art. 6 / 9 GDPR) | The processing is necessary to fulfill a legal obligation pursuant to Art. 6 para. 1 lit. c GDPR.The processing is necessary for the performance of a contract or a pre-contractual measure pursuant to Art. 6 para. 1 lit. b GDPR. |
| Recipient (if applicable) | Re 1) Processor (Details: Processor within the meaning of Art. 4 No. 8 GDPR in conjunction with Art. 28 GDPR) Re 1) External (Details: Service providers, other organizations, other third parties) Re 1) Internal (Details: Internal department) Re 1) Public body (Details: Public body: Public authority, body of the administration of justice, public-law institution of the federal government, federally directable corporations, institutions, foundations and their associations pursuant to § 2 para. 1-3 BDSG). |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | Data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | If the data is not provided, the described processing cannot be carried out. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | Re 1) Direct collection (details: the data was collected directly from the data subject through: e.g. questionnaire, contract, contact form, online store, conversation) |
| Change of purpose if necessary | none |
Applicant management
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| 1) Applicant data (details: applicant data (personal details, contact details, CV, photo, certificates)) | - Applicant management
- Personnel questionnaire |
|
| Legal basis (according to Art. 6 / 9 GDPR) | The processing is necessary for the performance of a contract or a pre-contractual measure pursuant to Art. 6 para. 1 lit. b GDPR.Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party in accordance with Article 6(1)(f) GDPR and such interests are not overridden by the interests or fundamental rights and freedoms of the data subject. |
| Recipient (if applicable) | Re 1) Internal (Details: Internal department) |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | Data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | If the data is not provided, the described processing cannot be carried out in the context of the application process. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | Re 1) Direct collection (details: the data was collected directly from the data subject through: e.g. questionnaire, contract, contact form, online store, conversation) |
| Change of purpose if necessary | none |
Purchasing tasks
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| 1) All company data (details: billing data, address data, bank details/credit card data, creditworthiness data, date of birth, IT usage data/log data/log files, IP address, interests/preferences, contact data, CV, surname/first name/surname/title, social security data, contract and contract master data, payment data, time recording data, wage/salary data, correspondence, miscellaneous) | - Order report
- Ordering
- Supplier management |
|
| Legal basis (according to Art. 6 / 9 GDPR) | The processing is necessary to fulfill a legal obligation pursuant to Art. 6 para. 1 lit. c GDPR.The processing is necessary for the performance of a contract or a pre-contractual measure pursuant to Art. 6 para. 1 lit. b GDPR.Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party in accordance with Article 6(1)(f) GDPR and such interests are not overridden by the interests or fundamental rights and freedoms of the data subject. |
| Recipient (if applicable) | Re 1) Internal (Details: Internal department) |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | Data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | No |
| Consequences of non-compliance (in case of failure to provide the required data) | If the data is not provided, the described processing cannot be carried out in the context of purchasing tasks. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | Re 1) Direct collection (details: the data was collected directly from the data subject through: e.g. questionnaire, contract, contact form, online store, conversation) |
| Change of purpose if necessary | none |
Property management and facility management
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| 1) All company data (details: billing data, address data, bank details/credit card data, creditworthiness data, date of birth, IT usage data/log data/log files, IP address, interests/preferences, contact data, CV, surname/first name/surname/title, social security data, contract and contract master data, payment data, time recording data, wage/salary data, correspondence, miscellaneous) | - Facility Management |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Performance of a contract (Art. 6 para. 1 b)Fulfillment of legal obligations (Art. 6 para. 1 c)Protection of legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | Re. 1) Processor (Details: Processor within the meaning of Art. 4 No. 8 GDPR in conjunction with Art. 28 GDPR) Re. 1) Internal (Details: Internal department) Re. 1) Public body (Details: Public body: public authority, organ of the administration of justice, federal public law institution, federally directable corporations, institutions, foundations and their associations pursuant to § 2 para. 1-3 BDSG). |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | Data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | If the data is not provided, the described processing cannot be carried out as part of the property management. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | Re 1) Direct collection (details: the data was collected directly from the data subject through: e.g. questionnaire, contract, contact form, online store, conversation) |
| Change of purpose if necessary | none |
Internal reporting system for whistleblowers
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| 1) Notification data (details: personal data voluntarily included in the notification, such as name or other identifying information). 2) Technical data (Details: To operate the reporting system, technical data of the end device used by the reporting person (IP address, browser version, operating system) is processed by the processor to the extent necessary). | - Provision of an internal reporting office through which grievances or unlawful behavior in the company can be reported and processed confidentially. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | The processing of personal data takes place on the legal basis of Art. 6 para. 1 lit. c) GDPR and Art. 9 para. 2 lit. g) GDPR in conjunction with § 10 HinSchG, insofar as this is necessary to fulfill the task of the registration office. |
| Recipient (if applicable) | Re 1) Internal reporting office (Details: Persons who are responsible for receiving and processing the reports and the persons who support them in fulfilling these tasks have access to the incoming reports. Access authorizations are assigned according to the "need-to-know" principle). Re 1) Other recipients (Details: If necessary, the processor or the data protection officer can be granted access as well as other internal departments that may become active as part of follow-up measures). Re 2) Internal reporting office (Details: Persons who are responsible for receiving and processing the reports as well as the persons supporting them in the fulfillment of these tasks have access to the incoming reports. Access authorizations are assigned according to the "need-to-know" principle). |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | Data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | No |
| Consequences of non-compliance (in case of failure to provide the required data) | There is no obligation to provide personal data. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | Re 1) Direct collection (Details: The data of the whistleblower is collected directly from the person concerned. Other personal data of third parties may be processed if they are part of the report). Re 2) Direct collection (Details: The data is collected directly from the data subject). |
| Change of purpose if necessary | none |
Customer support
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| 1) All company data (details: billing data, address data, bank details/credit card data, creditworthiness data, date of birth, IT usage data/log data/log files, IP address, interests/preferences, contact data, CV, surname/first name/surname/title, social security data, contract and contract master data, payment data, time recording data, wage/salary data, correspondence, miscellaneous) | - Call processing
- Service
- Customer support |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Protection of legitimate interests (Art. 6 para. 1 f)Performance of a contract (Art. 6 para. 1 b) |
| Recipient (if applicable) | Re 1) Internal (Details: Internal department) |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | Data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | No |
| Consequences of non-compliance (in case of failure to provide the required data) | If the data is not provided, the processing described in the context of customer support cannot be carried out. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | Re 1) Direct collection (details: the data was collected directly from the data subject through: e.g. questionnaire, contract, contact form, online store, conversation) |
| Change of purpose if necessary | none |
Logistics tasks
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| 1) All company data (details: billing data, address data, bank details/credit card data, creditworthiness data, date of birth, IT usage data/log data/log files, IP address, interests/preferences, contact data, CV, surname/first name/surname/title, social security data, contract and contract master data, payment data, time recording data, wage/salary data, correspondence, miscellaneous) | - Warehouse management
- Delivery and shipping
- Logistics
- In-house customs clearance |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Performance of a contract (Art. 6 para. 1 b)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | Re 1) Internal (Details: Internal department) |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | Data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | No |
| Consequences of non-compliance (in case of failure to provide the required data) | If the data is not provided, the described processing cannot be carried out as part of logistics tasks. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | Re 1) Direct collection (details: the data was collected directly from the data subject through: e.g. questionnaire, contract, contact form, online store, conversation) |
| Change of purpose if necessary | none |
Marketing Management
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| 1) All company data (details: billing data, address data, bank details/credit card data, creditworthiness data, date of birth, IT usage data/log data/log files, IP address, interests/preferences, contact data, CV, surname/first name/surname/title, social security data, contract and contract master data, payment data, time recording data, wage/salary data, correspondence, miscellaneous) | - Acquisition
- Pictures and videos at events
- Competitions
- Contact form
- Customers
- Photo and film
- Customer survey (anonymous)
- Marketing measures
- Trade fair photos
- Trade fair stand support
- Newsletter
- Online marketing
- Press
- Print mailings
- Social media marketing
- Events and functions
- Website evaluation |
|
| Recipient (if applicable) | Re 1) Internal (Details: Internal department) |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | Data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | No |
| Consequences of non-compliance (in case of failure to provide the required data) | There is no obligation to provide personal data. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | Re 1) Direct collection (details: the data was collected directly from the data subject through: e.g. questionnaire, contract, contact form, online store, conversation) |
| Change of purpose if necessary | none |
Production and manufacturing
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| 1) All company data (details: billing data, address data, bank details/credit card data, creditworthiness data, date of birth, IT usage data/log data/log files, IP address, interests/preferences, contact data, CV, surname/first name/surname/title, social security data, contract and contract master data, payment data, time recording data, wage/salary data, correspondence, miscellaneous) | - CAD design
- Planning and production control
- Production data acquisition
- Quality assurance |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Protection of legitimate interests (Art. 6 para. 1 f)Performance of a contract (Art. 6 para. 1 b) |
| Recipient (if applicable) | Re 1) Internal (Details: Internal department) |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | Data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | No |
| Consequences of non-compliance (in case of failure to provide the required data) | If the data is not provided, the described processing in the area of production and manufacturing cannot be carried out. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | Re 1) Direct collection (details: the data was collected directly from the data subject through: e.g. questionnaire, contract, contact form, online store, conversation) |
| Change of purpose if necessary | none |
Accounting
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| 1) All company data (details: billing data, address data, bank details/credit card data, creditworthiness data, date of birth, IT usage data/log data/log files, IP address, interests/preferences, contact data, CV, surname/first name/surname/title, social security data, contract and contract master data, payment data, time recording data, wage/salary data, correspondence, miscellaneous) | - (Online) banking
- Quotation, order and invoice preparation
- Credit insurance
- Invoicing, dunning and financial accounting
- Direct delivery
- Credit reports, credit checks, debt collection |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of legal obligations (Art. 6 para. 1 c)Performance of a contract (Art. 6 para. 1 b) |
| Recipient (if applicable) | Re 1) External (details: service providers, other organizations, other third parties) Re 1) Internal (details: internal department) |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | Data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | If the data is not provided, the described processing cannot be carried out in the context of accounting. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | Re 1) Direct collection (details: the data was collected directly from the data subject through: e.g. questionnaire, contract, contact form, online store, conversation) |
| Change of purpose if necessary | none |
Technical data security measures
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| 1) All company data (details: billing data, address data, bank details/credit card data, creditworthiness data, date of birth, IT usage data/log data/log files, IP address, interests/preferences, contact data, CV, surname/first name/surname/title, social security data, contract and contract master data, payment data, time recording data, wage/salary data, correspondence, miscellaneous) | - General network protection
- Backup
- User administration
- Data carrier disposal
- Internet usage control
- Emergency concept
- Logging in IT systems
- Handling passwords
- Access control (authorization concept)
- Access control |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Protection of legitimate interests (Art. 6 para. 1 f)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | Re 1) Processor (details: IT service provider) Re 1) Public body (details: law enforcement authorities, if applicable) |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | Data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | If the data is not provided, the described processing in the area of IT security cannot be carried out. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | Re 1) Direct collection (Details: The data was collected directly from the data subject). |
| Change of purpose if necessary | none |
Company management
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| 1) All company data (details: billing data, address data, bank details/credit card data, creditworthiness data, date of birth, IT usage data/log data/log files, IP address, interests/preferences, contact data, CV, surname/first name/surname/title, social security data, contract and contract master data, payment data, time recording data, wage/salary data, correspondence, miscellaneous) | - Analysis and reporting
- Third-party inquiries
- Legal and court documents
- Information procedures for affected parties
- Tenders
- Controlling
- Data to tax advisors, auditors, customs authorities
- Data to management consultants
- Project management
- QM manual
- Complaints management
- Auditing, compliance
- Technical equipment
- Improvement process |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Performance of a contract (Art. 6 para. 1 b) |
| Recipient (if applicable) | Re 1) Processor (Details: Processor within the meaning of Art. 4 No. 8 GDPR in conjunction with Art. 28 GDPR) Re 1) External (Details: Service providers, other organizations, other third parties) Re 1) Internal (Details: Internal department) Re 1) Public body (Details: Public body: Public authority, body of the administration of justice, public-law institution of the federal government, federally directable corporations, institutions, foundations and their associations pursuant to § 2 para. 1-3 BDSG). |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | Data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
| Consequences of non-compliance (in case of failure to provide the required data) | If the data is not provided, the described processing in the company management area cannot be carried out. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | Re 1) Direct collection (details: the data was collected directly from the data subject through: e.g. questionnaire, contract, contact form, online store, conversation) |
| Change of purpose if necessary | none |
Sales tasks
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| 1) All company data (details: billing data, address data, bank details/credit card data, creditworthiness data, date of birth, IT usage data/log data/log files, IP address, interests/preferences, contact data, CV, surname/first name/surname/title, social security data, contract and contract master data, payment data, time recording data, wage/salary data, correspondence, miscellaneous) | - Order processing
- Order entry
- Distribution
- Prospect management
- POS system
- Contact management
- Customer care and CRM |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Informed consent (Art. 6 para. 1 a)Performance of a contract (Art. 6 para. 1 b)Protection of legitimate interests (Art. 6 para. 1 f)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | Re 1) Processor (Details: Processor within the meaning of Art. 4 No. 8 GDPR in conjunction with Art. 28 GDPR) Re 1) External (Details: Service providers, other organizations, other third parties) Re 1) Internal (Details: Internal department) |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | Data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | No |
| Consequences of non-compliance (in case of failure to provide the required data) | There is no obligation to provide personal data. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | Re 1) Direct collection (Details: The data was collected directly from the data subject through: e.g. questionnaire, contract, contact form, online store, conversation) Re 1) Publicly accessible (Details: Data collected from publicly accessible sources (e.g. telephone directory)). |
| Change of purpose if necessary | none |
Central IT systems and services
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| 1) All company data (details: billing data, address data, bank details/credit card data, creditworthiness data, date of birth, IT usage data/log data/log files, IP address, interests/preferences, contact data, CV, surname/first name/surname/title, social security data, contract and contract master data, payment data, time recording data, wage/salary data, correspondence, miscellaneous) | - CRM system (Customer Relationship Management)
- Data exchange portal
- DMS document management system
- Print and copy jobs
- Email archiving
- Electronic processing by email
- ERP software
- Hosting
- Internet and telephone use
- Intranet use
- IT support (remote)
- Communication systems (e.g. telephone system) - Mobile, mobile phone, smartphone use - Online meetings - Data centers - Company website - Webshop - WLAN (guests)e.g. telephone system)
- Mobile, cell phone, smartphone use
- Online meetings
- Data centers
- Company website
- Webshop
- WLAN (guests) |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Performance of a contract (Art. 6 para. 1 b)Fulfillment of legal obligations (Art. 6 para. 1 c)Protection of legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | Re 1) Processor (Details: Processor within the meaning of Art. 4 No. 8 GDPR in conjunction with Art. 28 GDPR) Re 1) External (Details: Service providers, other organizations, other third parties) Re 1) Internal (Details: Internal department) |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | Data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | No |
| Consequences of non-compliance (in case of failure to provide the required data) | If the data is not provided, the described processing cannot be carried out. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automated decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | Re 1) Direct collection (details: the data was collected directly from the data subject through: e.g. questionnaire, contract, contact form, online store, conversation) |
| Change of purpose if necessary | none |