Information obligations in acc. with Art.13 EU GDPR
1. Who is responsible for data processing and who can you contact?
Hirmer GROSSE GRÖSSEN Online GmbH, Kaufingerstraße 28,
80331 Munich, Germany
Email: [email protected], phone +44 122 397 6344
The company data protection officer is
Project 29 GmbH & Co. KG
93047 Regensburg, Germany
Email: [email protected]
Tel.: +49 941-2986930
2. What kind of data is processed and what sources does this data come from?
We process the data that we have received from you as part of contract initiation or settlement, on the basis of your consent, as part of your application with us or within the framework of your employment.
Personal data includes:
Your master data or contact details, which for customers includes: first and last name, address, contact details (email address, telephone number, fax), bank details and credit card details.
For applicants and employees, this includes: first name and last name, address, contact details (email address, telephone number, fax), date of birth, CV data and employment certificates, bank details, religious affiliation and image recordings.
For business partners, this includes: the name of their legal representative, company, commercial registration number, VAT number, company number, address, contact details (email address, telephone number, fax) and bank details.
For visitors to our company, this includes their first names and last names.
For journalists, this includes first and last name, email address and fax number.
For competition entrants, this includes first and last name, address, date of birth and email address.
In addition, we also process the following other personal data:
-Information on the type and content of contract data, order data, sales and receipt data, customer and supplier history and advisory documents,
-Advertising and sales data,
-Information about your electronic traffic with us (e.g.: IP address, login data),
-Other data we have received from you as part of our business relationship (e.g. in customer relations),
-Data that we generate ourselves from master data or contact data as well as other data, e.g. using analyses of customer demand and customer potential, -The declaration of your consent for the receipt of e.g. newsletters.
-Photographs in the context of events.
3. For what purposes and on what legal basis is the data processed?
We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act 2018, as amended:
• For the fulfilment of (pre-)contractual obligations (Art. 6 (1) (b) EU GDPR):
The processing of your data takes place for the purpose of settling contracts online or in one of our branches, or handling contracts in the context of your employment in our business. The data is processed in particular when we conduct business with you and when we enter into a contract with you.
• For compliance with legal obligations (Art. 6 (1) (c) EU GDPR):
Processing your data for the purpose of meeting various legal obligations, e.g. those required by the Commercial Code or the Tax Code.
• For the protection of legitimate interests (Art. 6 (1) (f) EU GDPR):
In order to balance our interests, data processing beyond the actual fulfilment of the contract may take place in order to safeguard legitimate interests of ourselves or of third parties. Data processing for the protection of legitimate interests takes place in the following cases, for example:
-Promotional offers or marketing (see no. 4), -Business management and the development of services and products; -Implementing a company-wide customer database in order to improve customer service -In the context of legal action -Sending non-promotional information and press releases.
• With your consent (Art. 6 (1) (a) EU GDPR):
If you have given us your consent to process of your data, e.g. to send you our newsletter, for the publication of photos or for competitions.
4. Processing of personal data for advertising purposes
You may withdraw your consent to the use of your personal data for advertising purposes at any time, either entirely or for specific activities, without incurring any costs other than the transmission costs at the basic rates.
Under the legal requirements of the German Act against Unfair Competition (Section 7 (3) UWG), we are entitled to use the email address you provided when signing the contract for direct advertising for our own similar goods or services. These product recommendations are provided by us, regardless of whether you have subscribed to a newsletter
If you do not wish to receive such recommendations by email from us, you may opt out of the use of your address for this purpose at any time without incurring any costs other than the base rate of transmission costs. Communication in writing is sufficient. Of course, every email always includes an unsubscribe link.
5. Who receives my data?
If we use a service provider for order processing, we still remain responsible for the protection of your data. All processors are contractually obliged to treat your data confidentially and to process it only as part of their service provision. The processors commissioned by us will receive your data if they require that data to fulfil their respective functions. These are e.g. the IT service providers we use for the operation and security of our IT system, as well as advertising and address publishers for our own promotions.
This data is provided to the affiliated companies if necessary for the execution of the contract. The storage of customer data is enterprise-related and separate. In the event of a legal obligation and in the context of legal action, authorities and courts as well as external auditors may be recipients of your data.
In addition, insurance, banks, credit bureaus, and service providers may be recipients of your data for the purpose of contract initiation and fulfilment.
6. How long will my data be stored?
We process your data until the termination of the business relationship or until expiry of the applicable statutory retention periods (e.g. according the Commercial Code, the Tax Code, or the Working Hours Act). In addition, we will store your data until the termination of any legal disputes in which the data is required as proof.
7. Is personal data transmitted to a third country?
In principle, we do not transmit any data to a third country. Transmission in individual cases will only take place on the basis of: an adequacy decision by the European Commission, standard contractual clauses, appropriate guarantees, or your express consent.
8. Which data protection rights do I have?
You have the right to information, rectification, erasure or restriction of processing of your stored data, the right to object to the processing as well as a right to data portability and to lodge a complaint in accordance with the requirements of data protection law.
Right to information:
You may request information from us as to whether and to what extent we process your data.
Right to rectification:
You may request erasure of your data from us if we process it unlawfully or if the processing disproportionately interferes with your legitimate interests. Please note that there may be reasons opposing an immediate erasure, e.g. in the case of legally regulated storage requirements. Regardless of your right to erasure, we will immediately and completely erase your data, unless there is a contractual or legal duty to retain such information.
Right to restriction of processing:
You may request that we restrict the processing of your data if -You dispute the accuracy of the data for a period of time that allows us to verify the accuracy of the data, -The processing of the data is unlawful, but you decline an erasure and instead request a restriction of data usage, -We no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or -You have lodged an objection to the processing of the data.
Right to data portability:
You may request that we provide you with the information you have provided to us in a structured, conventional and machine-readable format and that we transfer that information to another person without hindrance, provided that -We process such data on the basis of consent given or revocable by you or for the performance of a contract between us, and -This processing is effected using automated methods. If technically feasible, you may require us to transfer your data directly to another responsible person.
Right to object:
If we process your data for legitimate interests, you can object to this data processing at any time; this would also apply to a profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or unless the processing is for the purpose of enforcing, pursuing or defending legal claims. You can object to the processing of your data for the purpose of direct advertising at any time without stating reasons.
Right to lodge a complaint:
If you believe that we have violated German or European data protection laws when processing your data, please contact us to clarify your concerns. Of course, you also have the right to contact the supervisory authority responsible for you, the respective State Office for Data Protection Supervision. If you would like to make a claim against us in regard to one of the aforementioned rights, please contact our data protection officer. If in doubt, we may request additional information to confirm your identity.
9. Am I obliged to provide data?
The processing of your data is required to conclude or fulfil your contract with us. If you do not provide us with this data, we will generally have to refuse to conclude the contract or be unable to complete an existing contract and consequently terminate it. However, you are not obliged to give your consent to the processing of data that is not relevant or legally required for the fulfilment of the contract.