Data privacy protection
We hereby inform you about processing of your personal data by SITEMA GmbH & Co. KG and your rights connected to this.
A. The controller is
SITEMA GmbH & Co. KG
Phone: +49 721 98661-0
The data protection officer can be contacted by mail under the above address with the addition "Data protection officer" or by e-mail (firstname.lastname@example.org).
B. Categories of data, purposes and legal basis of processing
We process your personal data that we obtain from you or from third parties in the scope of our business relationships. These usually are contact details (name, address, phone number and email address) and – as far as necessary within the scope of processing of the transaction – bank and payment (transaction) details (bank, account details, payment reference, credit card information if applicable), information from publicly available sources, information databases and credit agencies (e.g. internet, commercial register, rating agency) and any other data that you provide to us freely in the scope of processing of a project or a contractual relationship, or in the scope of preparation of a contract.
We process your personal data only in the scope of the statutory provisions, in particular under observation of the rules of the general data protection regulation ("GDPR") and the EU data protection adjustment and implementation act (Datenschutzanpassungs- und Umsetzungsgesetz EU; "BDSG new").
We will process your personal data based on the legal bases described below and for the purposes
- of preparation of a contract, performance of a contract and termination of contractual relationships (point (b) of Article 6(1) GDPR), e.g. compliance with a contract (such as delivery or rendering of a service and processing of a payment), general communication with business partners, e.g. answering of queries about products and services, contract negotiations, etc.;
- based on consent given (point (a) of Article 6(1) GDPR), e.g. the submission of newsletters or information letters, participation in marketing campaigns or surveys, etc.;
- based on statutory specifications (point (c) of Article 6(1) GDPR), e.g. to meet archiving obligations under commercial or tax law, to meet reporting or information obligations towards public authorities, etc.;
- based on legitimate interest (point (f) of Article 6(1) GDPR); e.g. measures for IT safety or measures to ensure proper business operation, to protect domiciliary rights, to assert legal claims or to defend in case of legal disputes, to ensure compliance requirements are met, etc.
C. Recipients or categories of recipients of personal data
We will transmit your personal data to public authorities/public bodies if predominant provisions require this.
We may transmit your personal data to companies of our group of undertakings if this is necessary to meet the purposes named in section B. above.
We use external service providers as processors for various business processes within the meaning of Article 28 GDPR. We have concluded data processing agreements with these service providers in order to ensure protection of your personal data.
The recipients described above may also be located in countries outside of the European Economic Area ("Third Countries"). Third Countries may not warrant the same level of the protection of personal data as the European Economic Area does. If data transfer takes place to a Third Country, we shall ensure that this transfer will only take place according to the proviso of the statutory provisions (Chapter V GDPR).
D. Duration of storage
Usually, personal data are deleted after the end of the legal archiving periods (primarily under commercial and tax law). If the personal data are not affected by the legal archiving periods, they will be erased when they are no longer necessary for the purposes described in section B. above. The storage period may deviate if you have consented to this at the time of collection of the data.
E. Rights of data subjects
You have the right to obtain access to your personal data stored by us, to have inaccurately stored personal data rectified or – if relevant – to change or revoke your consent to processing activities at any time, also without stating any reasons, effective for the future, to have processing of your personal data restricted, effective for the future, to object to processing of your personal data, effective for the future, or to demand erasure of your personal data. You have the right, subject to the conditions stipulated in Article 20 GDPR, to obtain the personal data that have been stored concerning you in a structured, common and machine-readable format and to transmit these data to another controller without any impairment by us.
Furthermore, you may contact the group data protection officer named in section A. In order to avoid misuse, we may demand that requests be hand-signed or that the requester proves his or her identity otherwise.
You have the right to lodge a complaint with a data protection supervisory authority. The supervisory authority competent for us is:
The state officer for data protection and freedom of information in Baden-Württemberg, Königstraße 10 a, D-70173 Stuttgart