DATA PROTECTION INFORMATION FOR SUPPLIERS

As of 06/03/2019 – according to articles 13, 14 and 21 of the basic data protection regulation DSGVO

In case of doubt, the original German version of these data protection information is legally binding.

Data protection is an important concern for us. In the following we inform you how we process your data and which rights you are entitled to.

Datenschutzinformation für Lieferanten

Stand 03.06.2019 – nach Art. 13, 14 und 21 der Datenschutz-Grundverordnung DSGVO

1. Who is responsible for data processing and whom can you contact?

MSO Consulting Daniel Voigtländer
Zeisigweg 11
71397 Leutenbach
www.mso.de
daniel.voigtlaender@mso.de
Fon +49 7195 / 977 2959
Fax +49 7195 / 977 2961

2. Contact details of the data protection officer

daniel.voigtlaender@mso.de

3. Processing purposes and legal basis

Your personal data will be processed in accordance with the provisions of the Basic Data Protection Regulation (DSGVO), the Federal Data Protection Act (BDSG) and other relevant data protection regulations. The processing and use of individual data depends on the service agreed upon or requested. In our contract documents, forms, declarations of consent and other information made available to you (e.g. on the website), you can find further details and additions to the processing purposes.

3.1 Consent (Art. 6 para. 1 letter a DSGVO)

If you have given us permission to process personal data, the respective consent is the legal basis for the processing mentioned there. You can revoke your consent at any time with effect for the future.

3.2 Fulfilment of contractual obligations (Art. 6 para. 1 letter b DSGVO

We process your personal data for the execution of our contracts with you, in particular within the scope of our order processing and use of services. Furthermore, your personal data is processed for the implementation of measures and activities within the scope of pre-contractual relations.

3.3 Compliance with legal obligations (Art. 6 para. 1 c DSGVO)

We process your personal data if this is necessary to fulfil legal obligations (e.g. commercial and tax laws).

Furthermore, we process your data if necessary for the fulfilment of fiscal control and reporting obligations as well as for the archiving of data for the purposes of data protection and data security and for audits by tax and other authorities. In addition, the disclosure of personal data may become necessary within the scope of official/judicial measures for the purpose of evidence collection, criminal prosecution or the enforcement of civil law claims.

3.4 Justified interest of us or third parties (Art. 6 para. 1 f DSGVO)

We may also use your personal data on the basis of a balancing of interests to protect the legitimate interest of us or third parties. This is done for the following purposes:

• for advertising or market research, if you have not objected to the use of your data.
• for obtaining information and exchanging data with credit agencies, if this exceeds our economic risk.
• for the limited storage of your data, if deletion is not possible or only possible at disproportionately high expense due to the special type of storage.
• for the enrichment of our data through the use or research of publicly accessible data.
• for the assertion of legal claims and defense in legal disputes which are not directly attributable to the contractual relationship.

4. Categories of personal data processed by us

The following data are processed:

• Personal data (first name/last name, profession/industry and comparable data)
• Contact details (address, e-mail address, telephone number and comparable data)
• Bank data
• Supplier history

We furthermore process personal data from public sources (e.g. internet, media, press, commercial and association registers, register of residents, debtor registers, land registers).

We process personal data that we have lawfully received from third parties (e.g. address publishers, credit agencies) if it is necessary for the provision of our services.

5. Who receives your data?

We pass on your personal data within our company to those areas that require this data to fulfil contractual and legal obligations or to implement our legitimate interests.

In addition, the following bodies may receive your data:

• contract processors (Art. 28 DS-GVO) and service providers employed by us for support activities and other responsible persons within the meaning of the DS-GVO, in particular in the areas of IT services, logistics, printing services, external computer centers, sup-port/maintenance of IT/IT applications, archiving, call center services, controlling, data destruction, marketing, tax consultancy, telephony, website management, auditing services and credit institutions
• public bodies and institutions if there is a legal or official obligation according to which we are obliged to provide information, report or pass on data or if the passing on of data is in the public interest
• bodies and institutions on the basis of our legitimate interest or the legitimate interest of the third party (e.g. to authorities, credit agencies, debt collection agencies, lawyers, courts, experts)
• other entities for which you have given us your consent to the transfer of data

6. Transfer of your data to a third country or international organization

No data processing takes place outside the EU or the EEA.

7. How long do we store your data?

If necessary, we process your personal data for the duration of our business relationship, this also includes the initiation and execution of a contract.
In addition, we are subject to various storage and documentation obligations arising from the German Commercial Code (HGB) and the German Fiscal Code (AO), among others. The periods of retention and documentation stipulated there are up to ten years after the end of the business relationship or the pre-contractual legal relationship.
Ultimately, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 ff. of the German Civil Code (BGB) are usually three years, but in certain cases can be up to thirty years.

8. To what extent is there automated decision making in individual cases (including profiling)?

We do not use purely automated decision-making procedures in accordance with Article 22 DSGVO. Should we use these procedures in individual cases, we will inform you of this separately if this is required by law.

9. Your privacy rights

You have the right to information according to Art. 15 DSGVO, the right to correction according to Art. 16 DSGVO, the right to deletion according to Art. 17 DSGVO, the right to restriction of processing according to Art. 18 DSGVO as well as the right to data transferability from Art. 20 DSGVO. In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 DSGVO). In principle, Article 21 DSGVO provides for the right to object to the processing of personal data by us. However, this right of objection only applies if there are very special circumstances of your personal situation, whereby our company’s rights may conflict with your right of objection. If you wish to assert one of these rights, please contact our data protection officer (daniel.voigtlaender@mso.de).

10. Scope of your obligations to provide us with your data

You only need to provide the data that is necessary for the establishment and execution of a business relationship or for a pre-contractual relationship with us or that we are legally obliged to collect. Without this data we will generally not be able to conclude or execute the contract. This may also refer to data required later within the scope of the business relationship. If we request additional data from you, you will be informed separately of the voluntary nature of the information.

11. Information about your right of objection Art. 21 DSGVO

You have the right to object at any time to the processing of your data, which is carried out on the basis of Art. 6 para. 1 f DSGVO (data processing on the basis of a balancing of interests) or Art. 6 para. 1 e DSGVO (data processing in the public interest), if there are reasons for doing so that arise from your particular situation. This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 DSGVO.
If you object, we will no longer process your personal data unless we can prove compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
The objection can be made informally to the address listed under point 1.

12. Your right of appeal to the competent supervisory authority

You have a right of appeal to the data protection supervisory authority (Art. 77 DSGVO). The supervisory authority responsible for us is:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit
Bayerisches Landesamt für Datenschutzaufsicht
Postanschrift
Postfach 606
91511 Ansbach
Deutschland
Telefon: +49 (0) 981 53 1300
Telefax: +49 (0) 981 3 98 1300
poststelle@lda.bayern.de