Data protection information for suppliers and service providers
pursuant to Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR)
Data protection is an important concern for us. Information regarding how we process your data and what rights you are entitled to is set out below.
1. Who is responsible for data processing and whom can you contact?
Dr. Maier + Partner GmbH
+49 (711) 228610
2. Contact information for the data protection officer
3. Purposes for which data is processed and legal basis
Your personal data will be processed in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other relevant data protection regulations. The processing and use of specific data depends on the type of agreed or requested service. Our contractual documents, forms, declarations of consent and other information provided to you (e.g. on the website or in the terms and conditions) contain further details and additional information concerning the purposes for which data is processed.
- Consent (Art. 6 para. 1 lit. a) GDPR)
If you have given us your consent to process your personal data, this consent represents the legal basis for the processing referred to in the consent. You can revoke your consent at any time with prospective effect.
- Performance of contractual obligations (Art. 6 para. 1 lit. b) GDPR)
We process your personal data in the course of performing our contracts with you, in particular in the context of our order processing and the use of our services. Furthermore, your personal data will be processed within the scope of pre-contractual activities.
- Compliance with legal obligations (Art. 6 para. 1 lit. c) GDPR)
We process your personal data if necessary to comply with legal obligations (e.g. commercial or tax laws).
It may be necessary to disclose personal data in response to official/judicial measures for the purposes of taking evidence, prosecution or enforcement of civil law claims.
- Legitimate interests of the controller or a third party (Art. 6 para. 1 f) GDPR)
We may also use your personal data to protect our legitimate interests of those of a third party subject to a weighing of interests. This may be done for the following purposes:
- For the enhancement of services and products as well as existing systems and processes.
- For the enrichment of our data through the use or research of publicly accessible data.
- For statistical analysis or market analyses.
- For benchmarking.
We may also use your personal data to protect our legitimate interests of those of a third party subject to a weighing of interests.
4. Categories of personal data we process
We process the following data:
- Personal data (name, date of birth, place of birth, nationality, marital status, occupation/industry and similar data)
- Contact details (address, email address, telephone number and similar data)
- Payment/Coverage confirmation for Bank and Credit Cards
- Customer history
In addition, we process personal data from public sources (e.g. Internet, media, press, trade and association registers, civil registers, debtor registers, land registers).
We also process personal data that we have legally obtained from third parties (e.g. mailing list providers, credit agencies) if necessary for the provision of our services.
5. Who receives your data?
We share your personal data within our company with those departments that require your data to comply with contractual and legal obligations or to pursue our legitimate interests.
In addition, the following entities/bodies may receive your data:
- Contract processors commissioned by us (Art. 28 GDPR), e.g. IT services, logistics and printing services, external computer centres, support/maintenance of data processing/IT applications, archiving, document processing, compliance services, data validation and plausibility checks, data destruction, customer administration, letter shops, marketing, research, billing, telephony, website management, auditing services, credit institutions.
- Public authorities and institutions in the event of a legal or official obligation under which we are obliged to disclose, report or share data or the disclosure of data is in the public interest
- Bodies and institutions on the basis of our legitimate interest or the legitimate interest of a third party (e.g. shared with public authorities, credit agencies, debt collection, lawyers, courts)
6. Transfer of your data to a third country or an international organisation
Data is not processed outside the EU or the EEA.
Data is transmitted to entities in countries outside the European Union (EU) or the European Economic Area (EEA - so-called third countries) should this be necessary for the execution of an order/performance of a contract from or with you, if it is legally required (e.g. tax reporting obligations), if it is within the scope of a legitimate interest of ours or that of a third party or if you have given us your consent.
In this context, data may also be processed in a third country in connection with commissioning service providers such as contract data processors. If there is no determination from EU Commission concerning an adequate level of data protection in the respective country, we ensure that your rights and freedoms are adequately protected and guaranteed by means contractual obligations in accordance with EU data protection regulations.
7. How long do we store your data?
We process your personal data during the entire course of our business relationship as necessary; this also includes the initiation and performance of a contract.
In addition, we are subject to various retention and documentation obligations that are set out in the German Commercial Code (HGB) and the German Fiscal Code (AO), among others. The retention and/or documentation periods specified there are up to ten years beyond the end of the business relationship or the pre-contractual legal relationship.
Ultimately, the retention period is also determined in line with statutory limitation periods, which under section 195 et seq. of the German Civil Code (BGB) are generally three years but may be up thirty years in certain cases.
8. To what extent is automated decision-making used in individual cases (including profiling)?
We do not use purely automated decision-making procedures as referred to in Article 22 GDPR. Should we use these procedures in individual cases, we will inform you separately provided we are required to do so by law.
9. Your data protection rights
You have the right to request information pursuant to Art. 15 GDPR, the right to rectification pursuant to Art. 16 GDPR, the right to erasure pursuant to Art. 17 GDPR, the right to limitation of processing pursuant to Art. 18 GDRP and the right to data portability pursuant to Art. 20 GDPR. In addition, you have right to lodge a complaint with the competent data protection authority (Art. 77 GDPR). As a fundamental principle, the right to object to the processing of your personal data by us pursuant to Article 21 GDPR remains available. However, this right of objection only applies in the event of very special circumstances related to your personal situation. It may also be the case that our rights override your right of objection in certain circumstances. Please contact our data protection officer if you wish to assert any of these rights:
10. Scope of your duties to provide us your data
You only need to provide data that is necessary for the establishment and implementation of a business relationship or for a pre-contractual relationship with us or data we are legally obliged to collect. Without this data, we will usually not be able to conclude or execute the contract. This may also relate to data required later in the course of the business relationship. If we request further data from you, you will be separately informed of the voluntary nature of the information.
11. Information about your right to object Art 21 GDPR
You have the right to object to the processing of your data at any time on the basis of Art. 6 para. 1 lit f) GDPR (data processing on the basis of a balance of interests) or Art. 6 para. 1 lit. e) GDPR (data processing in the public interest) on grounds relating to your particular situation. This also applies to profiling on the basis of these provisions within the meaning of Art. 4 no. 4 GDPR.
If you submit an objection, we will no longer process your personal data unless we can substantiate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
The objection can be sent informally to the address listed under No. 1.
12. Your right to lodge a complaint with a supervisory authority
They have a right to lodge a complaint with a supervisory authority (Art. 77 GDPR). The supervisory authority responsible for us is:
The State Commissioner for Data Protection and Freedom of Information
Landesbeauftragte für den Datenschutz und die Informationsfreiheit
Königstrasse 10 a