We stored data concerning you for the purpose of contract performance or implementing pre-contractual measures, which is in good hands.
The following information outlines how your personal data is processed and your rights under data protection law.
The controller as defined by data protection law is:
Dokas Handelsgesellschaft mbH
Phone +49 (0)201 522612-0
Fax +49 (0)201 522612-99
Managing Partners: Angela Ufermann, Marcel Wolf
Amtsgericht Essen HRB 19318
You may contact our data protection officer at firstname.lastname@example.org or add ‘Datenschutzbeauftragter’ to our postal address.
Personal data and sources
We process personal data we obtain from you in connection with our business relationship or leading up to the business relationship.
We process further – where necessary to provide our services in connection to the contractual relationship or for pre-contractual measures – personal data we have legitimately obtained from third parties such as payment services or other third parties (e.g. on fulfilment of orders, performance of contracts or with your consent).
We further process personal data obtained from reliable public sources (e.g. internet, press, media, commercial registry and register of associations) and are permitted to process.
Relevant personal data for pre-contractual measures and performance of contracts may be:
- name and business address of the contact person
- other contact data of the contact person (phone, e-mail address)
- position of the contact person within the company
- order data
- data related to compliance with our contractual obligations (e.g. delivery data)
- banking data / account and payments
Additional contact information
During pre-contractual measures and during the business relationship, particularly due to personal, telephone or written contact initiated by you or by us, additional personal data is generated, e.g. information about contact channel, date, reason and result, (electronic) copies of correspondence, as well as information about participation in marketing efforts.
Purpose and legal basis for processing
We process the aforementioned personal data in compliance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Data Protection Act (BDSG):
a. For compliance with our contractual obligations (Article 6(1)(b) GDPR)
Personal data is processed for performance of our contracts with our customers to carry out pre-contractual measures based on your request.
b. In line with weighing of interests (Article 6(1)(f) GDPR)
Where necessary, we process your data beyond the actual performance of contract based on our legitimate interests or those of third parties.
- inquiries with and data exchange with credit agencies to determine credit worthiness or the risk of payment default
- review and optimisation of processes for analysis of needs and for direct customer approach
- advertising and market research or opinion polls provided you have not objected to the use of your personal data
- enforcing legal claims and defence of legal disputes
- guaranteeing IT security and IT operation at our company
- preventing crimes
- video surveillance to determine access to premises
- building and premises security (e.g. access security)
c. With your consent (Article 6(1)(a) GDPR)
If you have consented to your personal data being processed for specific purposes (e.g. sending information), the lawfulness of this processing exists based on your consent. Consent may be withdrawn at any time. This also applies to withdrawing consent granted prior to the EU General Data Protection Regulation coming into force, so prior to 25 May 2018. Withdrawing consent applies to future actions, i.e. it does not apply to processing which took place prior to withdrawing consent.
Disclosure of data
We only disclose your personal data if a legal basis exists.
a) Within our company, your personal data is only made accessible to the departments/persons requiring your personal data for compliance with our contractual and legal obligations.
b) Apart from this, the following bodies may receive your data:
- Processing data including sharing said is required for performance of contract, Article 6(1)(b) GDPR. This particularly includes sharing data with financial institutions, parcel services, delivery services, carriers.
- Our data processor, Article 28 GDPR, particularly IT service provider, DATEV
c) We do not intend to transmit data to entities outside the European Economic Area (so-called third countries).
Duration of storage of personal data
We process and store your personal data as long as required for compliance with our contractual and legal obligations. If this is no longer the case, the personal data is routinely erased unless temporary further processing is required for the following purposes:
- Compliance with retention periods required under commercial and tax law (e.g. under Commercial Code or Fiscal Code). Those retention periods are up to 10 years.
- Keeping proof and reviewing justification of claims. The statute of limitations under §§ 195 ff of the German Civil Code can be up to 30 years.
- Data from video surveillance or access control is stored up to 72 hours to guarantee effective protection of persons and our property.
Your data protection rights
You have the
- Right of access to the personal data we have stored, Article 15 GDPR;
- Right to rectification of incorrect or incomplete data, Article 16 GDPR;
- Right to erasure of the your data we have stored or, where legal retention periods apply, a right to restrict processing of your data, Article 17, Article 18 GDPR;
- Right to data portability, i.e. to receive the data concerning you in a structured format, Article 20 GDPR;
Under the conditions set forth in Article 21(1) GDPR, you may object to data processing on grounds relating to your particular situation.
You further have the right to lodge a complaint with a competent data protection supervisory authority, Article 77 GDPR.
Automated decision-making / including profiling
We do not use fully automated decision-making with respect to personal data (so-called scoring), Article 22 GDPR, including to establish, implement or terminate the contractual relationship.
We do not use profiling; according to Article 4(4) GDPR this means any form of automated processing of personal data to evaluate, analyse or predict certain personal aspects relating to a natural person (e.g. economic situation, personal preferences, reliability, behaviour, location).
Duty to provide data
In line with our business relationship you are required to provide the personal data necessary to establish and implement a business relationship or for compliance with the related contractual duties or which we are required by law to collect. Without this data we must typically decline entering into contract or performance of contract or are no longer able to implement an existing contract and may need to terminate it.