Information on data protection pursuant to Art. 13 GDPR Processing of personal data of interested parties, customers and business partners
1. who is responsible for data processing and who can I contact?
Controller for the processing of personal data within the meaning of Art. 4 No. 7 GDPR
is:
PROSIS GmbH
Rinnberg 25
85296 Rohrbach
Tel: 08458 33 30 - 0
Fax: 08458 33 30 - 9899
E-Mail: info@prosis.de
If you have any concerns about data protection, you can also contact our company data protection officer in accordance with Art. 37 GDPR:
PROSIS GmbH, Data Protection Officer
Carl-Benz-Ring 4 - 6
85080 Gaimersheim
Phone: +49 8458 33 30 - 893
Fax: +49 8458 33 30 - 9899
Mail: dsb@prosis.de
2. which data is processed and from which sources does it originate?
We process data that we have received from you in the context of contract initiation, contract conclusion or contract fulfillment, to protect our legitimate interests or on the basis of your consent. The personal data includes
- For customers and interested parties:
z. e.g. first and last name, address, contact data (e.g. e-mail address, telephone number, mobile phone number, fax), IT usage data (e.g. user ID, roles, authorizations, login times, computer name, IP address, GID, etc.) and bank data. - With business partners and suppliers:
z. e.g. the name of the legal representatives, company, commercial register number, VAT number, company number, address, contact details (e.g. first and last name, e-mail address, telephone number, mobile phone number, fax) and bank details.
In addition, we also process the following other personal data, for example:
- Information on the type and content of contract data, order data, sales and document data, customer and supplier history and consulting documents,
- Sales data,
- other data that we receive in the course of our business relationship (e.g. in discussions with customers),
- Data that we generate ourselves from master/contact data and other data, e.g. by means of customer demand and customer potential analyses,
- Photographs taken as part of events
3. for what purposes do we process the data and on what legal basis?
We process your data in accordance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) as amended from time to time
- for the fulfillment of a contract or for the implementation of pre-contractual measures (Art. 6 para. 1 lit. b) GDPR)
- to fulfill legal obligations (Art. 6 para. 1 lit. c) GDPR), e.g. from the German Commercial Code (HGB) or the German Fiscal Code (AO)
- to safeguard legitimate interests (Art. 6 para. 1 lit. f) GDPR), e.g. measures for business management and further development of services and products, maintaining a customer database to improve customer service, in the context of legal prosecution, sending non-sales-promoting information and press releases
- within the scope of your consent (Art. 6 para. 1 lit. a) GDPR), e.g. publication of photos, competitions, contact form, etc.
Notwithstanding the above-mentioned purposes and legal bases, we may process your data for other purposes (change of purpose) without prior notification if the following conditions are met:
- another legal basis permits the change of purpose without the obligation to provide information,
- you have given your express consent or
- This is anonymized data.
4. am I obliged to provide data?
The provision of your data is necessary for further contact or the execution and processing of a contractual relationship. If you do not provide us with this data, we will generally have to refuse to conclude the contract or will no longer be able to perform an existing contract and will therefore have to terminate it. However, you are not obliged to give your consent to data processing with regard to data that is not relevant or legally required for the fulfillment of the contract.
5 Who receives my data?
Your personal data will be passed on to the respective bodies that require data within the scope of the contractual relationship due to a legal obligation as well as to external business partners and customers, insofar as this is necessary for the initiation, fulfillment or execution of the contractual relationship or is in the legitimate interest of the person responsible.
Processors commissioned by us will receive your data if they require the data to perform their respective services. These are, for example, IT service providers and hosting providers that we need for the operation and security of our IT systems.
6. how long will my data be stored?
Your data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. The decisive factor here is the duration of the existing contract and any additional statutory retention obligations (e.g. under the German Commercial Code (HGB) or the German Fiscal Code (AO)). Finally, the storage period is also assessed according to the statutory limitation periods, which can be up to 30 years, e.g. according to §§ 195 ff. of the German Civil Code (BGB), whereby the regular limitation period is three years.
Under certain circumstances, your data must also be stored for longer, e.g. if a so-called legal hold or litigation hold (i.e. a ban on data deletion for the duration of the proceedings) is ordered in connection with official or court proceedings.
In the event of a legal dispute in which the data serves as evidence, your data will be processed until the dispute has ended.
7. is personal data transferred to a third country?
A transfer to a third country or an international organization of the personal data provided by you does not take place and is not planned.
8 What rights do I have?
8.1 Right to information
In accordance with Art. 15 GDPR, you have the right to information at any time about what data we have stored about you, for what purpose, who receives your data and how long we store your data.
Your right to information exists independently of the information provided about the processing of your personal data. You can assert your right to information at appropriate intervals.
Your right to information may be restricted, e.g. if the information would reveal information that must be kept secret in accordance with a legal provision or by its nature, in particular due to the overriding legitimate interests of a third party.
8.2 Right to rectification and erasure
If we have stored incorrect information from you, you can request that we correct this immediately and complete incomplete information (Art. 16 GDPR).
You can demand that we erase your personal data without undue delay if the requirements of Art. 17 GDPR are met, in particular if the personal data is no longer necessary for the purposes for which it was processed, if you withdraw your consent or if you have objected to the processing. You have the same right if we have processed your personal data unlawfully. These rights are restricted in accordance with Art. 17 para. 3 GDPR, in particular as long as we need your data to assert, exercise or defend legal claims.
8.3 Right to restriction of processing
Under the conditions of Art. 18 GDPR, you can also request the restriction of the processing of your personal data, in particular as long as you dispute the accuracy of the personal data and we verify it.
8.4 Right of objection
If we process your personal data on the basis of legitimate interests or in the public interest, you have the right under Art. 21 GDPR to object to the processing of your data on personal grounds.
You have the right to object to the processing of your personal data on grounds relating to your particular situation. The prerequisite for this is that the data processing is carried out in the public interest or on the basis of a balancing of interests.
Insofar as we base the processing of your personal data on a balancing of interests, we generally assume that we can demonstrate compelling legitimate grounds, but will of course examine each individual case.
In the event of an objection, we will no longer process your personal data. Unless,
we can demonstrate compelling legitimate grounds for the processing of this data which override your interests, rights and freedoms, or
Your personal data is used to assert, exercise or defend legal claims.
Exercising the right of objection
The objection can be made informally and should preferably be sent to the contact details listed in this data protection notice.
8.5 Right to data portability
In accordance with Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided. If technically feasible, you can request that we transfer your data directly to another controller.
8.6 Right to withdraw consent
You have the right to revoke your consent to the processing of personal data concerning you at any time with effect for the future in accordance with Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR.
8.7 Right of appeal
You have the right under Art. 77 GDPR - without prejudice to any other administrative or judicial remedy - to lodge a complaint with a supervisory authority, in particular a supervisory authority in Germany, if you consider that the processing of personal data relating to you infringes the General Data Protection Regulation.
The contact details of the Bavarian State Office for Data Protection Supervision (BayLDA) are as follows:
Promenade 27
91522 Ansbach
Phone: +49 981 - 53 1300
Fax: +49 981 - 53 98 1300
Mail: poststelle@lda.bayern.de; https://www.lda.bayern.de/
Version 1.3 from 16.03.2021
