Data Protection Information concerning business relationships and relationships with interested parties for the purposes of the General Data Protection Regulation (GDPR)
We are delighted that you have shown interest in our enterprise. Data protection is of a particularly high priority for the eucatech AG (“eucatech”). With this data protection information, we would like to inform our (prospective) clients, interested parties and business partners of the nature, scope, and purpose of the personal data we process.
Name and address of the controller according to Art. 4 Nr. 7 of the GDPR:
79576 Weil am Rhein
Phone: +49 7621 4220 0
Telefax: +49 7621 4220 100
For further information, if you have any questions, or if you wish to exercise your data protection rights under the GDPR, you may, at any time, contact us at the contact details indicated above or our Data Protection Officer directly at the following e-mail-address: email@example.com.
I. Data processing in business relationships and relationships with interested parties
eucatech processes the personal data of companies. In business contact with companies personal data is also processed, such in connection with the legal form of companies and designated contacts in companies.
1) Categories of personal data
Depending on the specific service or product, eucatech may process the following categories of data in the context of a contract or request:
- Company (stock corporation, partnership, sole proprietorship, self-employed, freelancer); company name and, if necessary, contact person with their surname, first name, address, contact details (phone, fax, and email), website, industry;
- identification data (e.g. personal identification data), authentication data (e.g. specimen signature), tax ID, VAT ID, payment and order data (e.g. bank account/credit card details, payment orders), credit rating;
- client history, turnover history
If direct contact takes places during the business relationship, further data may be processed, such as information regarding the contact channel, date, reason for contact, result of contact, and copies of correspondence.
2) Purposes of data processing and legal basis
eucatech processes personal data for the performance of a contract or to take steps at the request of the data subject prior entering into a contract (e.g. contact requests, offers) in accordance with Art. 6 (I) b) of the GDPR.
eucatech is also subject to various legal obligations (e.g. the German Money Laundering Act (Geldwäschegesetz), tax laws, export regulations, medical devices regulations), and in this respect processes data in accordance with Art. 6 (I) c) of the GDPR, or in the public interest in accordance with Art. 6 (I) e) of the GDPR. The purposes of the processing include:
- preventing fraud or money laundering; fulfilling monitoring and reporting obligations relating to tax;
- the assessment and management of risks at eucatech.
If necessary, taking into account the balancing of interests in accordance with Article 6 (I) f) of the GDPR, eucatech will process your data for the purposes of the legitimate interests of eucatech or a third party. For example:
- data exchange with credit agencies to determine credit or default risks;
- assertion of legal claims and defense in the case of legal disputes;
- ensuring IT security and IT operations at eucatech;
- prevention of criminal offences;
- measures relating to building and facility safety and security (e.g. access controls);
- usage of the guest WLAN;
- measures for business management and the further development of services and products.
Taking account of the balancing of interests in accordance with Art. 6 (I) f) of the GDPR, eucatech may also process data for the purposes of the legitimate interests of eucatech, for example, based on existing contracts or requests for needs-based information on further services and products (marketing), such as:
- postal marketing, if this processing is not objected to (this use for marketing purposes can be rescinded with future effect at any time using the above-mentioned contact details);
- email marketing for similar products and services, if eucatech has obtained the email addresses in connection with the sale of products and services from the contractual partner, and the contractual partner has not objected to this processing (this use for marketing purposes can be rescinded with future effect at any time using the above-mentioned contact details without incurring any costs additional to the communication of the objection; every use of the email address will also contain a clear and explicit indication that this use for marketing purposes can be rescinded at any time);
- telemarketing to companies if there is presumed consent for this and this processing is not objected to; this use for marketing purposes can be rescinded with future effect at any time using the above-mentioned contact details.
3) Recipients and categories of recipients of data
Within eucatech, access to data shall be granted only to those areas that need such access to perform their contractual and legal duties. Service providers engaged by eucatech may also gain access to data for these purposes if they are engaged as a processor in accordance with Art. 28 of the GDPR. Potential recipients of personal data include:
- public bodies and institutions (e.g. tax authorities, the German Federal Central Tax Office, the Federal Office of Economics and Export Control, the Federal Institute for Drugs and Medical Devices) if there is a legal or official obligation;
- credit and financial services institutions;
- processors supporting or maintaining IT applications, archiving, document processing, call center services, compliance services, controlling, data screening in accordance with legal requirements, data destruction, auditing services, and payment transactions;
- credit agencies in the context of creditworthiness assessments;
- other recipients of data, based upon your consent.
4) Contact possibility via e-mail and contact form
eucatech may process personal data for contact purposes. If you contact us by e-mail or via our contact form, the personal data transmitted by you are automatically stored. Such personal data transmitted on a voluntary basis by you to us are stored for the purpose of processing your request and/or contacting you. Your personal data will not be transferred to third parties. This processing activity can be based on Art. 6 (I) b) or f) of the GDPR.
5) Data processing based on your consent
Where eucatech processes personal data based on consent (Art. 6 (I) a) of the GDPR), eucatech will ask for your consent on a case-by-case basis. Where processing is based on consent, you have the right to withdraw your consent regarding the processing of your personal data with effect for the future at any time. If you wish to exercise your right to withdraw consent with effect for the future, you can contact eucatech directly at any time.
II. Retention periods
eucatech shall process and store your personal data only for the period indicated above or generally for the period necessary to achieve the respective purpose. Once the purposes for which eucatech has collected and processed the personal data have been achieved, eucatech will delete the personal data unless further processing is required for purposes such as:
- the fulfillment of commercial law and tax law retention periods, for example, as provided in the German Commercial Code (Handelsgesetzbuch), the German Banking Act (Kreditwesengesetz), and the German Money Laundering Act (Geldwäschegesetz), which stipulate retention periods for data and documentation of between two to ten years;
- and/or the retention of evidence in the context of limitation periods. For example, the German Commercial Code (Bürgerliches Gesetzbuch) has a limitation period of up to 30 years, and a standard limitation period of three years.
III. Transfers of data to a third country
A transfer of data to countries outside the EU or EEA (“third countries“) shall only take place if it is required to perform your contract, is legally required (e.g. tax reporting obligations), consent has been provided, or as part of commissioned processing. If service providers in third countries are used, these service providers are additionally required to confirm in writing that they maintain the European levels of data protection by taking the corresponding measures (e.g. by agreeing to the EU standard contract clauses).
IV. Your Rights
Subject to the applicable data protection laws, you have the following rights regarding the processing of your personal data:
- You have the right to obtain confirmation as to whether or not personal data concerning you are being processed and, where this is the case, access to the personal data and information (Art. 15 of the GDPR).
- You have the right to rectification of personal data concerning you (Art. 16 of the GDPR).
- You have the right to erasure of personal data concerning you in accordance with Art. 17 of the GDPR (“right to be forgotten“).
- You have the right to restriction of processing (Art. 18 of the GDPR).
- You have the right to data portability (Art. 20 of the GDPR).
- You have the right not to be subject to a decision based solely on automated processing, including profiling (Art. 22 of the GDPR).
- You have the right to object to the processing of personal data concerning you (Art. 21 of the GDPR). For details, please see below.
Information regarding the right to object, Art. 21 of the GDPR
- You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you, that is based on Article 6 (I) e) of the GDPR (data processing for purposes of public interest) or Article 6 (I) f) of the GDPR (data processing for purposes of prevailing legitimate interests pursued by eucatech). This also applies to profiling based on these provisions.
- If you object, eucatech shall no longer process the personal data, unless eucatech can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of you, or for the establishment, exercise or defense of legal claims.
V. Existence of automated decision-making
As a responsible company, we do not use automatic decision-making or profiling.
VI. Obligation to provide data
In the context of a business relationship, you have to provide those personal data that are necessary for the commencement and execution of a business relationship and the performance of the related contractual obligations, as well as those personal data that eucatech is legally obliged to collect. Without these data, eucatech will generally have to refuse the conclusion or performance of a contract and will not be able to continue with the performance of an existing contract, and may have to terminate it.