Data protection; protection of personal data regarding our Processing of CONTACT PARTNER DATA OF BUSINESS PARTNERS in accordance with Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR)

Herbert Waldmann GmbH & Co KG

Dear business partner, in accordance with the provisions of Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR), we hereby inform you about the Processing of the personal data collected about you and your rights under data protection law in this regard. Which data is processed in detail and how it is used depends largely on the services requested or agreed. In order to ensure that you are fully informed about the processing of your personal data in the context of the fulfilment of a contract or the implementation of pre-contractual measures, please take note of the following information.

1. CONTROLLER; DATA CONTROLLER WITHIN THE MEANING OF DATA PROTECTION LAW

Herbert Waldmann GmbH & Co KG

Peter-Henlein-Strasse 5

78056 Villingen-Schwenningen

Phone: +49 7720 601 0

E-mail: info@waldmann.com

2. CONTACT DETAILS OF OUR DATA PROTECTION OFFICER

vimopro GmbH

Phone: +49 7721 69811 51

E-mail: datenschutz@vimopro.de

3. PURPOSES AND LEGAL BASIS OF PROCESSING

We process your personal data in accordance with the provisions of the European General Data Protection Regulation (EU GDPR) and the German Federal Data Protection Act (BDSG), insofar as this is necessary for the establishment, execution and fulfilment of a contract and for the implementation of pre-contractual measures. Insofar as the provision of personal data is necessary for the initiation or execution of a contractual relationship or in the context of the implementation of pre-contractual measures, processing is lawful pursuant to Art. 6 para. 1 lit. b GDPR.

If you give us your express consent to the processing of personal data for specific purposes (e.g. disclosure to Third Parties, evaluation for marketing purposes or advertising), the lawfulness of this processing is given on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. Consent that has been granted can be revoked at any time with effect for the future (see section 9 of this data protection information). If necessary and legally permissible, we process your data beyond the actual contractual purposes to fulfil legal obligations in accordance with Art. 6 para. 1 lit. c GDPR. Processing may also be carried out to protect our legitimate interests or those of Third Parties in accordance with Art. 6 para. 1 lit. f GDPR. If necessary, we will inform you separately, stating the legitimate interest, insofar as this is required by law.

4. CATEGORIES OF PERSONAL DATA

We only process data that is related to the establishment of the contract or the pre-contractual measures. This may be general data about you or people in your company (name, address, contact details, minutes of meetings, etc.) as well as any other data that you provide to us. Principle: We collect the data directly from you.

5. SOURCES OF THE DATA

We process personal data that we receive from you in the context of establishing contact or establishing a contractual relationship or in the context of pre-contractual measures.

6. RECIPIENT OF THE DATA

We only pass on your personal data within our company to those areas and persons who need this data to fulfil contractual and legal obligations or to implement our legitimate interest. We may transfer your personal data to companies affiliated with us insofar as this is permitted within the scope of the purposes and legal bases set out in section 3 of this data protection information sheet.

Your personal data is processed on our behalf on the basis of order processing contracts in accordance with Art. 28 GDPR. In these cases, we ensure that the processing of personal data is carried out in accordance with the provisions of the GDPR. The categories of recipients in this case are internet service providers and providers of IT systems and software.

Otherwise, data will only be passed on to recipients outside the company if this is permitted or required by statutory provisions, if the transfer is necessary for the processing and thus fulfilment of the contract or, at your request, for the implementation of pre-contractual measures, if we have your Consent or if we are authorised to provide information. Under these conditions, recipients of personal data may be, for example

· Public bodies and institutions (e.g. public prosecutor's office, police, Supervisory authorities, tax office) in the event of a legal or official obligation

· Recipients to whom the disclosure is directly necessary for the establishment or fulfilment of the contract, such as banks, partners and, if applicable, suppliers

o Credit assessment:
Creditreform Konstanz Müller & Schott GmbH & Co. KG
Villingen branch
Marie-Curie-Str. 2
78048 Villingen-Schwenningen

· Service providers in the area of hardware and software by concluding order processing contracts.

· Other data recipients for whom you have given us your Consent to Data transmission

7. TRANSFER TO A THIRD COUNTRY

Personal data may be transferred to countries outside the EEA (European Economic Area) or to an international organisation. In these cases, recipients may include hosting or cloud services for which we have obtained appropriate safeguards on the basis of a standard contractual clause contract.

8. DURATION OF DATA STORAGE

Where necessary, we process and store your personal data for the duration of our business relationship or for the fulfilment of contractual purposes. This also includes the initiation and fulfilment of a contract. In addition, we are subject to various retention and documentation obligations, including those arising from the German Commercial Code (HGB) and the German Fiscal Code (AO). The retention and documentation periods stipulated there are two to ten years. Finally, the storage period is also based on the statutory limitation periods, which, for example, according to Sections 195 et seq. of the German Civil Code (BGB), are generally three years, but in certain cases can be up to thirty years.

9. YOUR RIGHTS

Every data subject has the Right of access under Art. 15 GDPR, the Right to rectification under Art. 16 GDPR, the Right to erasure under Art. 17 GDPR, the Right to restriction of processing under Art. 18 GDPR, the Right to notification under Art. 19 GDPR and the Right to data portability under Art. 20 GDPR.

In addition, you have the right to lodge a complaint with a data protection supervisory authority in accordance with Art. 77 GDPR if you believe that the processing of your personal data is not lawful. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy.

If the Processing of data is based on your consent, you are entitled under Art. 7 GDPR to withdraw your consent to the Utilisation of personal data at any time. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected. Please also note that we may have to retain certain data for a certain period of time in order to fulfil legal provisions (see section 8 of this data protection information).

Right of objection

Insofar as your personal data is processed in accordance with Art. 6 para. 1 lit. f GDPR to protect legitimate interests, you have the right to object to the processing of this data at any time in accordance with Art. 21 GDPR for reasons arising from your particular situation. We will then no longer process this personal data unless we can demonstrate compelling legitimate grounds for the Processing. These must outweigh your interests, rights and freedoms, or the Processing must serve the assertion, exercise or defence of legal claims.

With your express consent, we will process your e-mail address and/or your telephone number for advertising purposes. You have the right to object to Processing for the purpose of such advertising at any time. This also applies to Profiling insofar as it is associated with such direct advertising. If you object to Processing for the purpose of direct advertising, we will no longer process your personal data for these purposes. You are welcome to contact us to protect your rights.

10. NECESSITY OF PROVIDING PERSONAL DATA

The provision of personal data for the establishment, execution or fulfilment of a contract or for the implementation of pre-contractual measures is generally not required by law or contract. You are therefore not obliged to provide personal data. However, please note that this is generally necessary for the decision on the conclusion of a contract, the fulfilment of a contract or for pre-contractual measures. If you do not provide us with any personal data, we may not be able to make a decision within the scope of contractual measures. We recommend that you only ever provide personal data that is necessary for the conclusion of a contract, the fulfilment of a contract or pre-contractual measures.

11. AUTOMATED DECISION MAKING

In principle, we do not use fully automated decision-making in accordance with Art. 22 GDPR to establish, fulfil or implement the business relationship or for pre-contractual measures. If we use these procedures in individual cases, we will inform you of this separately or obtain your Consent if this is required by law.