Fair Processing Notice GDPR
Fair Processing Notice GDPR
With the following information, we would like to give you an overview of the processing of your personal and business data by us and your rights under the Data Protection Act. Which data is processed in detail and how it is used depends largely on the requested or agreed services. The following data protection notices apply in particular to customers, suppliers, interested parties and authorized persons / authorized representatives.
1. Who is responsible for data processing and whom can I contact?
Responsible for data processing:
EIZO Technologies GmbH
Benzweg 3, 82538 Geretsried
Phone: +49 (0)8171 34920
Represented by the managing director Mr. Andy Kürz
You can reach our data protection officer Stephan Krischke under firstname.lastname@example.org
2. Which sources do we use?
We process personal data that we receive in the course of our business relationship from our customers, suppliers, business partners and interested parties. This usually happens in the following cases:
You or your employer will send us emails and other correspondence, business cards, forms and documents that you or your employer use to subscribe to our marketing or market data newsletter or when you are appointed as the representative of your employer. You or your employer provide us with information that allow you / your employer access to our products or services on your behalf or on behalf of your employer.
We may also collect personal information from other sources, such as affiliates, credit bureaus, and fraud prevention organizations, as well as regulatory records that we legitimately obtain.
3. Which data do we use?
3.1 We process the following personal data about you:
a) Name, eMail and additional address information;
b) Details of your professional role and position;
c) Details of your preferences for marketing events or marketing materials;
d) Data on your access to our premises and access to our Systems and websites;
e) and your news, feedback, or participation in surveys.
3.2 In some cases, we may need your personal information for business or operational reasons, to maintain the relationship with you or your employer, to provide our products or services to you or your employer, or to comply with our legal and regulatory obligations.
3.3 We do our best to ensure the accuracy and completeness of the personal information we process and to ensure that your personal information is always up-to-date. You can make an important contribution to this by informing us immediately if your personal information changes or you find that we have incorrect personal information about you (see Section 8). We are not responsible for any loss resulting from any erroneous, inaccurate, inadequate or incomplete personal information you have provided to us.
4. What do we process your data for (purpose of processing) and on what legal basis?
We process personal / company-related data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG):
a) Providing required products or services to you / your employer;
b) Answering messages or posts from you / your employer;
c) Providing promotional and marketing material on our products and services that may be of interest to you / your employer;
d) Management, development and improvement of our products, services, points of sale, IT systems and websites;
e) Control and audit of compliance with legal requirements and own guidelines and standards;
f) Follow the legal and regulatory obligations and related applications at the global level, including audits and reporting requirements vis-à-vis state and international regulators;
g) Detection of money laundering, financial and credit checks, prevention and detection of fraud and crime;
h) Administrative purposes relating to security and access to our systems, our premises, our platforms, websites and applications;
i) Enforce court decisions and exercise and / or defend our rights;
j) Other legitimate business purposes;
k) Other purposes that are permitted or required under applicable law.
5. Who gets my data?
Within our organization, those employees have access to your data, which they need to fulfill our contractual and legal obligations. Even service providers and vicarious agents employed by us may receive data for this purpose if they maintain the corresponding secret. With regard to the transfer of data to recipients outside of our company, it should first of all be noted that we as a company undertake to maintain secrecy about all customer-related facts and evaluations from which we become aware. We may only disclose information about you if statutory provisions so dictate, if you have approved or if we are obliged to provide information by law.
Are data transmitted to a third country or an international organization?
Your personal data may be transferred to a country or territory outside the European Economic Area (“EEA”) and then stored and retrieved there. This includes countries whose laws do not protect personal data to the same extent as within the EEA. In particular, we may disclose your personal information to our subsidiaries outside the EEA, including Japan. We ensure that the transfer of personal data to foreign countries takes appropriate security precautions in accordance with GDPR. You can request a copy of the security documents concerned.
6. How long will my data be stored?
We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations, or you have given us your approval for longer storage. If the data is no longer required for the fulfillment of contractual or legal obligations, these data are deleted on a regular basis, unless their – temporary – further processing is required for the following purposes:
- Fulfillment of commercial and tax-related retention requirements: the Commercial Code (HGB), the Tax Code (AO), the Money Laundering Act (GwG). The deadlines for storage and documentation are between two and ten years.
- Preservation of evidence in the context of the statutory statute of limitations. According to §§ 195 ff. Of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is 3 years.
7. What are my privacy rights?
Each affected person has the right to information (Art. 15 GDPR), the right to data correction (Art. 16 GDPR), the right to delete data (Art. 17 GDPR), the right to restriction of processing (Art. 18 GDPR), the right to contradict (Art. 21 GDPR) and the right to data portability (Art. 20 GDPR). With regard to the right to information and the right to erase, the restrictions under §§ 34 and 35 German Federal Data Protection Act (BDSG) apply.
In addition, there is a right of appeal to a competent data protection supervisory authority (article 77 GDPR in conjunction with section 19 BDSG). You may revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent that were issued to us before the validity of the General Data Protection Regulation before 25.05.2018. Please note that the revocation only works for the future. Processing that occurred before the revocation is not affected.
8. Is there a duty for me to provide data?
In the course of our activities, you must provide the personal data necessary for the commencement and performance of our services and the fulfillment of the associated contractual obligations or which we are legally obliged to collect. Without this data, we will generally have to refuse to execute the order or be unable to complete an existing order and may have to terminate it.
9. To what extent is there an automated decision-making process?
In principle, we do not use automated automatic decision-making pursuant to Art. 22 GDPR to justify and implement the services.
10. Is there data profiling?