GDPR PRIVACY NOTICE
WE TAKE A PERSONAL INTEREST IN PROTECTING YOUR PERSONAL DATA
We are delighted that you have shown interest in our enterprise, our products and services, and we want you to feel confident with how we handle your personal data. We take the protection of your personal data very seriously. Observing the terms and conditions of the General Data Protection Regulation (GDPR) is a matter of utmost importance to us.
We want you to be aware when we collect your data, understand which data we collect and how we use it. We have taken technical and organisational measures to guarantee that the data protection regulations are observed by us as well as by our authorised external service providers.
Pursuant to Article 4, Paragraph 1 of the European General Data Protection Regulation (GDPR), ‘personal data’ means any information relating to you as an identified or identifiable natural person (data subject), in particular, with reference to an identifier such as their name or identification number, allowing your data subject to be identified in the company. Personal data is defined, as for example, data, such as: your name, postal address, phone number or email address.
It’s not necessary for you to disclose your personal data to use our website. However, in certain cases, we need your name and your address as well as other data to provide you with the desired service.
This also applies, for example, to the delivery of information materials and ordered goods, or to answering individual questions. We will inform you accordingly, where this is necessary. In addition, we only store and process data that you provide us voluntarily, and if necessary, data that we collect automatically when you visit our websites (see section: “Personal data, recorded automatically by visiting our websites”).
In the event that you decide to take up our service, we usually only collect data that is needed to carry out the required tasks. Any further data is required on a strictly voluntary basis. Processing personal data is carried out exclusively for providing the desired service, and to maintain our own legitimate commercial interests.
CONTROLLER FOR PROCESSING PERSONAL DATA
Controller pursuant to the data protection law is
Bader Holding GmbH
You can find further information about our company, details about our authorised representatives, and additional contacts in the legal notice of our website:
OUR DATA PROTECTION OFFICER (DPO)
We have appointed a DPO for our company. He can be contacted via the following email address:
PURPOSES OF COLLECTING AND PROCESSING DATA
The Bader Gruppe collects, processes and uses your personal data exclusively for the following purposes:
- processing requests, offers and orders
- carrying out sales and purchase orders
- setting up/maintaining prospective buyer/customer/supplier databases
- carrying out general management of prospective buyers/customers/suppliers, including all corresponding subsidiary aims
- providing specified information or offers
Moreover, to cultivate customer relations, it can be necessary that we or one of our authorised service providers use your personal data to inform you about product offers or to carry out online surveys to better fulfil our customers’ needs and requests.
We understand and respect your wish not to disclose any of your personal data to support our customer relationship building (especially for direct marketing or market research purposes).
USE FOR A SPECIFIED PURPOSE
Your data is only collected, processed and used for other purposes other than the abovementioned, if these processes are pursuant to Article 6 Paragraph 4 of GDPR and compatible with the purposes they were designed for.
We will only collect and transmit personal data to authorised state institutions and authorities within the provisions of the relevant laws, or if an enforceable court order is in place. Our employees and authorised external service providers are bound by a confidentiality obligation (NDA) as well as by the provisions of the General Data Protection Regulation (GDPR).
LEGAL BASIS FOR PROCESSING
The legal basis for processing your personal data is pursuant to Article 6 paragraph 1 (b) of GDPR. The data processing encapsulates the pre-contractual actions and signing the contract by the data subject, who is simultaneously the owner of the data processed.
DATA WILL BE TRANSMITTED TO THE FOLLOWING RECIPIENTS (OR CATEGORIES OF RECIPIENTS):
Your personal data can be transmitted to another company of the Bader Gruppe for further handling of your requests or orders. Moreover, for a detailed list of companies concerned, please visit the following link: http://badergruppe.com/en/contact/
Furthermore, the names and contact data of the contact persons will be transmitted to the factoring company seated in Germany within the remit of assignment of accounts receivable, if necessary.
Of course, we negotiated relevant data protection agreements with all our group companies as well as our contractual partners, guaranteeing that the data processing was completed in a lawful manner.
We will not pass on any of your personal data to third-party countries or to international organisations and this is not planned in the near future either.
It is our company principle that only persons who are competent to deal with the prospective parties, customers and supplier management have access to your data.
STORAGE AND RETENTION TIMES
Your personal data is stored only as long as the data is used for the purposes for which it was collected or if there are legal or contractual retention regulations to be observed. The retention times of your data are pursuant to § 257 of the Handelsgesetzbuch (HGB, the German Commercial Code) as well as to § 147 of the Abgabenordnung (AO, the German Financial Order). In Germany, every merchant must safeguard account books for ten years and business letters (including emails relevant to the contract) for six years. The retention period will take effect at the end of the calendar year in which the last entry was logged in the trading book, or a business letter was received or sent.
WHAT DATA IS COLLECTED AUTOMATICALLY WHEN YOU VISIT OUR WEBSITES
When using our websites, the following data is retained for organisational and technical purposes: the names of the pages visited by the client, their browser and operating system, date and time of access, search engines used, names of the downloaded files and IP address.
We analyse and assess the technical data anonymously and only for statistical purposes to optimise our web presence continuously, and to be able to make our web offers more attractive. The data is stored in secure systems, separately from other personal information. The data will not be used to draw any conclusions about individual persons.
While visiting our websites, we may store information in form of cookies on your computer. Cookies are small text files that are sent from a web server to your browser and stored on the hard disk of your computer.
Nevertheless, no personal data of the user is stored except for the IP address. With this information we can recognize you automatically, when you visit our websites the next time, making navigating easier for you. For example, cookies allow us to adapt a website to your interests, or to save your password; so, that you don’t have to re-enter it every time.
Of course, you can browse our websites without accepting cookies as well. If you don’t want us to recognize your computer, you can prevent the storage of cookies on your hard disk by selecting “don’t accept cookies” in your browser settings. For a detailed description, please read your browser instructions. If you don’t wish to accept cookies, this can, however, lead to functional limitations of our offers.
When contacting our company (for example via the contact form or email), the user data is stored for dealing with your request as well as for further questions.
We have taken technical and organisational measures to protect your personal data against loss, destruction, manipulation and unauthorised access.
All of our employees and all persons involved in the data processing are obliged to observe the General Data Protection Regulation (GDPR) and other data protection relevant laws and to handle personal data confidentially.
Our protective measures are revised regularly in step with technological advances.
CHANGES TO OUR DATA PROTECTION REGULATIONS
We reserve the right to change our protection and data protection measures as far as it will be necessary in step with technological advances. In these cases, we will also adapt our notices to protecting personal data accordingly. For this reason, please always review the current version of our privacy notice.
This privacy notice does not apply to external links offered by our websites. As far as we offer links, we ensure that at the time of generating the link we couldn’t recognize any violation of existing law on the linked websites. Although, we cannot influence whether other providers observe the data protection regulations. For this reason, please check the websites of the other providers regarding their privacy policies.
DATA PROTECTION RIGHTS
Right of access by the data subject
You can get access to the data we have stored about you at any time and request a confirmation from the controller, whether the personal data is being processed.
If the information request is not made in writing, we would ask for your understanding that, since we might request you to provide us with proof of your identity.
Right to rectification, right to erasure/to be forgotten,
right to restrict processing
If personal data is inaccurate or no longer necessary for the purposes they were collected for, you can request a rectification, erasure or restriction of the processing.
Right to data portability
You have the right to request that we provide the personal data transmitted to us in a format that makes it possible to transmit it to another controller.
Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint about our processing of personal data with a supervisory authority who is data protection responsible for you.
Right to object
You have the right to object to the processing of your personal data within the remit of the statutory provisions.
If the processing of your personal data is based on your freely given consent, you can revoke it at any time.
(Last modified 06/2019)