Information on data protection

Data protection information for customers, contractual partners and interested parties

 Information on data protection regarding our processing of customer and prospective customer data in accordance with Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR).

Hello,

In accordance with the provisions of Articles 13, 14, and 21 of the General Data Protection Regulation (GDPR), we hereby inform you about the processing of your personal data and your related data protection rights. Which data is processed and how it is used depends largely on the requested or agreed services. To ensure that you are fully informed about the processing of your personal data in the context of fulfilling a contract or implementing pre-contractual measures, please read the following information.

1. Responsible body within the meaning of data protection law
workshop GmbH
Rita-Maiburg-Straße 40
D-70794 Filderstadt
0711/55386-71
info@workstatt.de
https://www.workstatt.de/pages/informationen-zum-datenschutz


2. Contact details of the data protection officer
 Tobias Grosse-Puppendahl
tobias@workstatt.de

3. Purposes and legal bases of processing
 We process your personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG), insofar as this is necessary for the establishment, execution and fulfilment of a contract and for the implementation of pre-contractual measures.

  • To the extent that personal data is required for the initiation or execution of a contractual relationship or in the context of carrying out pre-contractual measures, processing is lawful in accordance with Art. 6 (1) (b) GDPR.
  • If you give us your express consent to process personal data for specific purposes (e.g., sharing with third parties, evaluating your data for marketing purposes, or contacting us via email), the legality of this processing is based on your consent in accordance with Article 6 (1) (a) GDPR. You may revoke your consent at any time with future effect (see Section 9 of this Privacy Policy).
  • If necessary and legally permissible, we will process your data beyond the actual contractual purposes to fulfill legal obligations in accordance with Art. 6 (1) (c) GDPR.
  • In addition, processing may be carried out to protect our legitimate interests or those of third parties, as well as to defend against and assert legal claims in accordance with Art. 6 (1) (f) GDPR. If required by law, we will inform you separately, stating the legitimate interest.

4. Categories of personal data

We only process data that is related to the establishment of a contract or pre-contractual measures. This may include general data about you or your company (name, address, contact details, etc.) as well as any other data you provide to us in the context of the establishment of the contract.

5. Sources of the data
 We process personal data that we receive from you when you contact us, when you enter into a contractual relationship or when you take pre-contractual measures.

 6. Recipients of the data
We only pass on your personal data within our company to those departments and persons who need this data to fulfill contractual and legal obligations or to implement our legitimate interests.

We may transfer your personal data to companies affiliated with us, insofar as this is permitted within the scope of the purposes and legal bases set out in Section 3 of this data protection information sheet.

Your personal data will be processed on our behalf based on order processing agreements pursuant to Art. 28 GDPR. In these cases, we ensure that the processing of personal data is carried out in accordance with the provisions of the GDPR. The categories of recipients in this case are logistics service providers and manufacturers.

Otherwise, data will only be passed on to recipients outside the company if permitted or required by law, if the transfer is necessary for the processing and thus the fulfillment of the contract or, at your request, for the implementation of pre-contractual measures, if we have your consent, or if we are authorized to provide information. Under these conditions, recipients of personal data may include, for example:
• External tax advisor
• Public bodies and institutions (e.g. public prosecutor, police,
  supervisory authorities, tax office) if there is a legal or official
  Engagement,
• Recipients to whom the transfer is directly necessary for the establishment or fulfilment of the contract
  is required, such as [financial service providers, parcel service providers, freight forwarders, etc.],
• Other data recipients for whom you have given us your consent to transfer data:

7. Transfer to a third country
There is no intention to transfer data to a third country.

8. Duration of storage
 If necessary, we process and store your personal data for the duration of our business relationship or to fulfill contractual purposes. This includes, among other things, the initiation and execution of a contract. Furthermore, we are subject to various retention and documentation obligations, which arise, among other things, from the German Commercial Code (HGB) and the German Tax Code (AO). The retention and documentation periods stipulated therein range from two to ten years. Finally, the storage period also depends on the statutory limitation periods, which, for example, according to Sections 195 et seq. of the German Civil Code (BGB), are generally three years, but in certain cases can be up to thirty years.

9. Your rights
Every data subject has the right
• to information according to Art. 15 GDPR,
• the right to rectification according to Art. 16 GDPR,
• the right to erasure according to Art. 17 GDPR,
• the right to restriction of processing pursuant to Art. 18 GDPR,
• the right to information pursuant to Art. 19 GDPR and
• the right to data portability according to Art. 20 GDPR.
• The right to lodge a complaint with a data protection supervisory authority pursuant to Art. 77 GDPR if you believe that the processing of your personal data is unlawful. This right of complaint exists without prejudice to any other administrative or judicial remedy.

If the processing of data is based on your consent, you are entitled, in accordance with Art. 7 GDPR, to revoke your consent to the use of your personal data at any time. Please note that the revocation only applies to the future. Processing that occurred before the revocation is not affected. Please also note that we may be required to retain certain data for a certain period of time to comply with legal requirements (see Section 8 of this privacy policy).

Right of objection

To the extent that your personal data is processed to protect legitimate interests pursuant to Art. 6 (1) (f) GDPR, you have the right, pursuant to Art. 21 GDPR, to object to the processing of this data at any time for reasons arising from your particular situation. We will then no longer process this personal data unless we can demonstrate compelling legitimate grounds for the processing. These grounds must outweigh your interests, rights, and freedoms, or the processing must serve to assert, exercise, or defend legal claims.

In individual cases, we process your personal data to conduct direct advertising. You have the right to object at any time to processing for such advertising purposes. This also applies to profiling insofar as it is related to such direct advertising. If you object to processing for direct advertising purposes, we will no longer process your personal data for these purposes.

To protect your rights, you can contact us using the contact details provided in section 1.

10. Credit reports
 Our company regularly checks your creditworthiness when concluding contracts and, in certain cases where there is a legitimate interest, also for existing customers.

For this purpose, we work with Euler Hermes Aktiengesellschaft (Information and Grading Division), Gasstraße 29, 22761, Hamburg, from which we receive the necessary data. For this purpose, we transmit your name and contact details to Euler Hermes Aktiengesellschaft.
The information pursuant to Art. 14 of the EU General Data Protection Regulation regarding data processing carried out by Euler Hermes Aktiengesellschaft can be found here: https://www.allianz-trade.de/datenschutz.html .

11. Necessity of providing personal data
The provision of personal data for the purpose of deciding whether to conclude or fulfill a contract, or for taking pre-contractual measures, is voluntary. However, we can only make a decision within the scope of contractual measures if you provide personal data that is necessary for the conclusion or fulfillment of the contract, or for taking pre-contractual measures.

12. Automated decision-making including profiling
 As a general rule, we do not use fully automated decision-making in accordance with Art. 22 GDPR to establish, fulfill or carry out the business relationship or for pre-contractual measures.
Should we use these procedures in individual cases, we will inform you separately or obtain your consent if this is required by law.

If you have any questions, please contact the responsible body mentioned in point 1.