This document provides you with information about the processing of your personal data by Witzenmann GmbH and the rights you are entitled to under data protection laws.
Responsible body / Data protection
Östliche Karl-Friedrich-Straße 134
Tel.: +49-(0) 7231-581-0
Fax: +49-(0) 7231-581-820
Data protection contact
Categories / Origin of data
Within the framework of the contractual relationship and for the purposes of contract initiation, we process the following personal data:
Purposes and legal bases of the data processing
The processing of your personal data will always comply with the provisions of the EU GDPR, the BDSG (new version) [German Federal Data Protection Act] and other relevant legal provisions.
Your personal data is used exclusively to carry out pre-contractual measures (e.g. to create offers for products or services) and to fulfil contractual obligations (e.g. to carry out our service, supplier contract or order/job/payment processing), (Art. 6 para. 1 (b) EU GDPR) or when a legal obligation related to processing exists (e.g. due to taxation law requirements) (Art. 6 para. 1 (c) EU GDPR). The personal data was originally collected for these purposes.
A permission mandate in accordance with data protection law can, of course, also represent your consent to data processing (Art. 6 para. 1 (a) EU GDPR). Before it is issued, we make clear to you the purpose of the data processing and your right to revoke consent in accordance with Art. 7 paragraph 3 of the EU GDPR.
Witzenmann GmbH is also interested in maintaining a customer relationship with you and sending you information and offers about our products / services via email. We therefore process your data to send you appropriate information and offers (Art. 6 para. 1 (f) EU GDPR).
Your personal data will only be processed for the investigation of crimes under the conditions of Art. 10 EU GDPR.
Data retention period
We will erase your data as soon as you revoke your permission or as soon as it is no longer required for the purposes indicated above. We shall only retain your data beyond the existence of the contractual relationship when we are obligated or entitled to do so. Regulations that impose a retention obligation upon us can be found in the Commercial Code or Revenue Code, for example. This may give rise to a retention obligation of up to ten years. In addition, statutory limitation periods must be observed, these also representing a reason for retention within our company.
Data recipients / Categories of recipients
Within our company, we ensure that your data is only received by persons and departments that need to access it for fulfilment of our contractual and legal obligations. Under these conditions, your data may also be transmitted within the Witzenmann Group. This is generally the case when centralised systems are being used, when the data is provided by the central body to the entire group.
In certain cases, service providers support our specialist departments in the fulfilment of their tasks. The contacts required by data protection legislation will be entered into with all service providers. This is particularly the case in relation to IT service providers, shipping service providers and financial service providers.
Furthermore, in legally prescribed cases we are obligated to transfer specific information to public bodies, e.g. financial authorities, criminal investigation authorities and customs authorities.
Third country transfer / Third country transfer intention
Data transfer to third countries (outside the European Union or European Economic Area) only takes place when this is necessary for implementation of the contractual or supplier relationship or when it is legally prescribed or you have give us your consent to do this.
In connection with this, your personal data may be processed in the Cloud. This is primarily used for the purposes of efficient communication and also for mutual contractual fulfilment. We have concluded the contracts required under data protection laws for this purpose. When the Cloud service provider is located in a country outside the EU / EEA (third country) and, as a result, access to your data cannot be excluded, we will take the measures which are possible and required in accordance with Art. 44 ff. EU GDPR in order to establish the data protection level in the third country concerned.
Rights of the data subjects
Your rights as a data subject are standardised in Art. 15 - 22 EU GDPR.
Obligation to provide data
You are obligated to provide certain data for the establishment or management of a contractual relationship. This is necessary for the establishment, implementation and termination of the contractual relationship and the fulfilment of the associated contractual and legal obligations. Implementation of the contract is impossible without the provision of this data.
We do not use any purely automated decision-making processes.