Data Protection Information for Business Partners
BAUER Aktiengesellschaft takes the protection of your personal data very seriously and treats your personal data confidentially, in accordance with the statutory data protection regulations and the company's privacy policy and data protection information.
Below, we provide specific information about the processing of personal data.
Further information on data protection, including the use of our website, can be found in our privacy policy.
We hereby inform you about the processing of your personal data as our business partner and the rights granted to you under the data protection law.
Who is responsible for the data processing and who is the data protection officer?
Responsible for data processing is, the company of the BAUER Group that has sent this data protection information to you.
BAUER Straße 1
86529 Schrobenhausen
Germany
Tel. +49 8252 97-0
Fax: +49 8252 97-1359
E-Mail: DSGVO-Ruecklauf@bauer.de
You can reach our data protection officer of the BAUER Group at:
BAUER - data protection officer
BAUER Straße 1
86529 Schrobenhausen
Germany
Tel. +49 8252 97-0
Fax +49 8252 97-1359
E-Mail: bag-datenschutz@bauer.de
What personal data do we have and where does this data come from?
We process personal data that we have legitimately received from our business partners, from other companies of the BAUER Group or from other third parties in order to initiate a contract or in connection with our business relationship, or the data that we have legitimately obtained from publicly available sources (e.g. commercial registers, credit bureaus, internet) and which we are allowed to process, such as:
name, address, other contact information (such as telephone number, fax, e-mail address), occupation, job position, company, payment details, credit data, documentation data (minutes of meetings), tax ID.
For what purposes and on what legal basis is data processed?
We process your personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act [German: Bundesdatenschutzgesetz (BDSG)] for the following purposes:
a.) For the fulfilment of contractual obligations (Article 6 (1) (b) GDPR)
The processing of personal data takes place in order to carry out our contracts with our business partners or to carry out pre-contractual measures, which take place at the request of the business partners. The purposes of the processing in detail are according to the contractual services and the respective contract documents and include needs analysis, consulting and order processing including the creation of offers, delivery notes and invoices as well as after-sales services.
b.) As part of the balance of interests (Article 6 (1) (f) of the GDPR)
If necessary, we process business partner data beyond the actual fulfilment of the contract for the protection of our legitimate interests or of those of third parties, for example,
- Consultation with credit bureaus (such as Bürgel) to identify credit risk,
- Advertising, market and opinion research as well as invitation to corporate events, as long as you have not objected to the use,
- Creation of business partner history / profile
- Data transfer to branches or sales partners responsible for you,
- Visitor Management,
- Exercise of and defence against legal claims
c.) On the basis of your consent (Article 6 (1) (a) of the GDPR)
Insofar as you have given your consent to the processing of personal data, the respective consent is the legal basis for the processing mentioned therein. Any consent granted may be revoked informally at any time for the future, without duly affecting the legality of the processing already carried out on the basis of the consent until the revocation.
d.) Due to legal obligations (Article 6 (1) (c) of the GDPR)
To the extent that we are required to comply with legal obligations (e.g. money laundering legislation, tax laws, export control regulations, anti-terrorism provisions) and requirements of national or foreign supervisory or investigating authorities, as well as taxation and reporting related obligations, personal data is also processed for compliance with legal obligations and legitimate regulatory requirements.
Who gets your data?
Within our group of companies, the entities that need your personal information to fulfil our contractual and legal obligations are the ones who gain access to your personal information. Also, affiliated companies, service providers, processors, subcontractors and vicarious agents, as well as other third parties employed by us for the provision of services in particular, may receive data for the aforementioned purposes.
These are undertakings in the categories: distribution partners, IT services, accounting services, logistics, payment services, telecommunications, debt collection, public authorities and institutions (e.g. financial and customs authorities, law enforcement agencies, courts) in the presence of a legal or regulatory obligation, insolvency administrator under a bankruptcy proceedings, insurance companies, auditors, tax consultants, lawyers.
Is your data transmitted to a third country or international organization?
A transfer of data to offices in countries outside the EU or the EEA (the so-called third countries) takes place, as far as it is necessary for the execution of contractual services (e.g. delivery orders), it is required by law (e.g. tax reporting obligations), you have given us your consent, or as part of an order processing. However, the transfer will only take place if the EU Commission has confirmed to the third countries an adequate level of data protection, if there are other appropriate data protection safeguards (such as standard contractual clauses) or if there is an exception under Art. 49 GDPR. Copies of the appropriate or adequate guarantees can be obtained from the relevant department.
For how long will your data be stored?
Your data will be stored by us only as long as it is necessary for the provision of the service to you. Thereafter, such data will be erased, if there are no other legal obligations to retain the data, in particular with regard to commercial and tax retention periods (up to 10 years), if the data is necessary for the assertion, exercise or defence of legal claims under the applicable statute of limitation (up to 30 years) or if a legitimate interest of the responsible person exists.
Is the provision of data mandatory?
As part of our business relationship, you must provide only that personal information that is required for the establishment, implementation and termination of a business relationship or information that we are legally obliged to collect (in particular, anti-money laundering identification obligations or checking list of sanctions). Without this data, we may have to refuse to conclude a contract or to execute a contract or we may not be able to implement an existing contract and may possibly have to terminate it.
To what extent do automated individual regulatory decisions or profiling measures take place?
We do not use purely automated processing to make decisions.
What rights can you exercise as the person concerned?
You have the right of access (Article 15 of the GDPR), the right to rectification (Article 16 of the GDPR), the right to erasure (Article 17 of the GDPR), the right to restrict processing (Article 18 GDPR), the right of objection to the processing (Article 21 GDPR) and the right to data portability (Article 20 of the GDPR). For the right to information and the right of cancellation the restrictions according to §§ 34, 35 BDSG apply. Please contact the above-mentioned data protection officer to exercise your rights.
Insofar as the processing of the personal data is based on your consent, you have the right to revoke the consent at any time without affecting the legality of the processing based on the consent up until the revocation.
You also have the option to lodge a complaint with the above-mentioned data protection officer or to a data protection supervisory authority.
Information about your right to object according to Article 21 GDPR
a.) Case-specific right of objection
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you, which is based on Article 6 (1) (e) or (f) GDPR. We will, on your objection, no longer process your personal data, unless we can demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms, or unless the processing is for the purpose of enforcing, pursuing or defending legal claims.
b.) Right to object to the processing of data for advertising purposes
If personal data is processed in order to use it in direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes.
The respective objection can be addressed to the above mentioned data protection officer without the requirement of a particular form.