1. Who is responsible for data processing and whom can you contact?
3. Purposes for which data is processed and legal basis
Your personal data will be processed in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other relevant data protection regulations. The processing and use of specific data depends on the type of agreed or requested service. Our contractual documents, forms, declarations of consent and other information provided to you (e.g. on the website) contain further details and additional information concerning the purposes for which data is processed.
3.2 Performance of contractual obligations (Art. 6 para. 1 b GDPR)
We process your personal data in the course of performing our contracts with you, in particular in the context of our order processing and the use of our services. Furthermore, your personal data will be processed within the scope of pre-contractual activities.
3.3 Compliance with legal obligations (Art. 6 para. 1 c GDPR)
We process your personal data if necessary to comply with legal obligations (e.g. commercial or tax laws).
Furthermore, we process your data if necessary for the fulfillment of tax control and reporting obligations as well as the archiving of data for purposes of data protection and data security as well as the examination by tax and other authorities. It may be necessary to disclose personal data in response to official/judicial measures for the purposes of taking evidence, prosecution or enforcement of civil law claims.
3.4 Legitimate interests of the controller or a third party (Art. 6 para. 1 f GDPR)
We may also use your personal data to protect our legitimate interests of those of a third party subject to a weighing of interests. This may be done for the following purposes:
- for advertising or market research, if you have not objected to the use of your data
- for obtaining information and exchanging information with credit bureaus, if this goes beyond our economic risk
- for the limited storage of your data, if a deletion due to the special nature of the storage is not possible or only with disproportionate effort
- for the assertion of legal claims and defence in the case of legal disputes that are not directly attributable to the contractual relationship
- to ensure and exercise our domestic law through appropriate measures (for example video surveillance)
4. Categories of personal data we process
We process the following data:
- Personal data (name, date of birth, place of birth, nationality, marital status, occupation/industry and similar data)
- Contact details (address, email address, telephone number and similar data)
- Payment/Coverage confirmation for bank and credit cards
- Suppliers history
In addition, we process personal data from public sources (e.g. Internet, media, press, trade and association registers, civil registers, debtor registers, land registers).
We also process personal data that we have legally obtained from third parties (e.g. mailing list providers, credit agencies) if necessary for the provision of our services.
5. Who receives your data?
We share your personal data within our company with those departments that require your data to comply with contractual and legal obligations or to pursue our legitimate interests.
In addition, the following entities/bodies may receive your data:
- Contract processors commissioned by us (Art. 28 GDPR), service providers for supporting activities and other responsible persons within the meaning of the GDPR, especially in the areas of, e.g. IT services, logistics and printing services, external computer centres, support/maintenance of data processing/IT applications, archiving, document processing, compliance services, data validation and plausibility checks, data destruction, customer administration, letter shops, marketing, research, billing, telephony, website management, auditing services, credit institutions.
- Public authorities and institutions in the event of a legal or official obligation under which we are obliged to disclose, report or share data or the disclosure of data is in the public interest
- Bodies and institutions on the basis of our legitimate interest or the legitimate interest of a third party (e.g. shared with public authorities, credit agencies, debt collection, lawyers, courts)
- other bodies for which you have given us your consent to the transfer of data
7. How long do we store your data?
We process your personal data during the entire course of our business relationship as necessary; this also includes the initiation and performance of a contract.
In addition, we are subject to various retention and documentation obligations that are set out in the German Commercial Code (HGB) and the German Fiscal Code (AO), among others. The retention and/or documentation periods specified there are up to ten years beyond the end of the business relationship or the pre-contractual legal relationship.
Ultimately, the retention period is also determined in line with statutory limitation periods, which under section 195 et seq. of the German Civil Code (BGB) are generally three years but may be up thirty years in certain cases.
8. To what extent is automated decision-making used in individual cases (including profiling)?
We do not use purely automated decision-making procedures as referred to in Article 22 GDPR. Should we use these procedures in individual cases, we will inform you separately provided we are required to do so by law.
9. Your data protection rights
You have the right to request information pursuant to Art. 15 GDPR, the right to rectification pursuant to Art. 16 GDPR, the right to erasure pursuant to Art. 17 GDPR, the right to limitation of processing pursuant to Art. 18 GDRP and the right to data portability pursuant to Art. 20 GDPR. In addition, you have right to lodge a complaint with the competent data protection authority pursuant to Art. 77 GDPR. As a fundamental principle, you have the right to object to the processing of your personal data in accordance with Article 21 GDPR. However, this right of objection only applies in the event of very special circumstances related to your personal situation. It may also be the case that our rights override your right of objection in certain circumstances. Please contact our data protection officer if you wish to assert any of these rights: datenschutz(at)hilt-evolution.com.
10. Scope of your duties to provide us your data
You only need to provide data that is necessary for the establishment and implementation of a business relationship or for a pre-contractual relationship with us or data we are legally obliged to collect. Without this data, we will usually not be able to conclude or execute the contract. This may also relate to data required later in the course of the business relationship. If we request further data from you, you will be separately informed of the voluntary nature of the information.
11. Information about your right to object Art. 21 GDPR
You have the right to object to the processing of your data at any time on the basis of Art. 6 para. 1 f GDPR (data processing on the basis of a balance of interests) or Art. 6 para. 1 e GDPR (data processing in the public interest) on grounds relating to your particular situation. This also applies to profiling on the basis of these provisions within the meaning of Art. 4 no. 4 GDPR.
If you submit an objection, we will no longer process your personal data unless we can substantiate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
The objection can be sent informally to the address listed under No. 1.
12. Your right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). The supervisory authority responsible for us is:
[The State Commissioner for Data Protection and Freedom of Information]
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit