Privacy information for customers and interested parties
In accordance with Art. 13, 14 and 21 of the General Data Protection Regulation (GDPR)
1. Who is responsible for data processing and who can you contact?
FHR Anlagenbau GmbH
Am Hügel 2
Tel.: 035205 520 0
Fax: 035205 520 40
2. Data Protection Officer’s contact details
3. Purposes of processing and legal basis
Your personal data are processed in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other relevant data protection requirements. The processing and use of individual data depends on the agreed or requested service. Our contract documentation, forms, consent declarations and other information made available to you (e. g. on our website or in our General Terms and Conditions) contain further details and supplementary information about the purposes for which data are processed.
3.1 Consent – Art. 6 (1) (a) GDPR
If you have given us your consent to the processing of your personal data, that consent provides the legal basis for the processing specified therein. You may withdraw your consent at any time with future effect.All you need to do is send us an informal email.
3.2 Fulfilment of contractual obligations – Art. 6 (1) (b) GDPR
We process your personal data to fulfil our contracts with you. Your personal data are furthermore processed to undertake measures and activities within the scope of precontractual relationships.
3.3 Fulfilment of legal obligations – Art. 6 (1) (c) GDPR
We process your personal data where this is necessary for the fulfilment of legal obligations (e. g. commercial or fiscal laws). Checking identity and age; fraud and money laundering prevention; prevention, combatting and solving of terrorism financing and crimes that jeopardise assets; comparisons with European and international anti-terror lists; fulfilment of fiscal controlling and reporting obligations and the archiving of data for the purposes of data protection and data security and inspection by fiscal and other authorities. It may furthermore be necessary to disclose personal data within the scope of measures imposed by the authorities/courts of law for the purposes of obtaining evidence, criminal proceedings or to enforce claims under civil law.
3.4 Our legitimate interest or that of third parties – Art. 6 (1) (f) GDPR
We can also use your personal data on the basis of an overriding interest, in order to preserve our legitimate interest or the legitimate interest of a third party. This is undertaken for the following purposes:
- For advertising or market research where you have not refused the use of your data,
- To obtain information and for the exchange of data with credit agencies where this exceeds our economic risk,
- For the limited storage of your data where erasure is not possible or would entail disproportionate effort owing to the special nature of that storage,
- For comparison with European and international anti-terror lists where this extends beyond statutory obligations,
- For the further development of services and products and existing systems and processes,
- For the disclosure of personal data within the scope of due diligence, e. g. with regard to the sale of a company,
- To enrich our data through using or searching publicly accessible data,
- For statistical evaluations or market analyses,
- For benchmarking,
- To assert legal claims and for the purpose of defence in the event of legal disputes that are not directly associated with the contractual relationship,
- For internal and external examinations and/or security checks,
- To certify matters relating to private law or official matters,
- To secure and preserve our right to determine who may have access to our premises by means of appropriate measures (e. g. video surveillance; visitor badge).
4. Categories of personal data that we process
The following data are processed:
- Personal details (name, date of birth, profession/sector and similar data)
- Contact details (address, email address, telephone number and similar data)
- Customer history
We furthermore process personal data from public sources (e. g. internet, media, press, trade and association registers, register of residents, debtor lists, land registers).
5. Who receives your data?
Within our company we pass on your personal data to those departments who require these data to fulfil contractual and statutory obligations and/or to assert our legitimate interest.Your data may moreover be shared with the following instances:
- Processors contracted by us (Art. 28 GDPR) particularly in areas such as IT services, support/ maintenance of IT applications, data screening for anti-money laundering purposes, data validation and plausibility checks, data destruction companies, auditing services, courier services,
- Public authorities and institutions on presentation of a statutory or official order under the terms of which we are obliged to provide information about data, report or share data, or where sharing data is in the public interest,
- Instances and institutions relating to our legitimate interest or the legitimate interest of a third party for the purposes set out in 3.4 above (e. g. authorities, credit agencies, debt collection services, lawyers, courts of law, assessors, Group-owned companies, committees and super-visory authorities),
- Other instances with whom you have authorised us to share your data. (e. g. for suppliers to perform services or other contractual obligations)
6. Transfer of your data to a third country or an international organisation
Data is transferred to instances in states outside the European Union (EU) and/or the European Economic Area (EEA) – so-called “third countries” – where necessary for the fulfilment of an order/contract from and/or with you, where this is a statutory requirement (e. g. fiscal reporting obligations), where it is in our legitimate interest (e. g. address book shared by the entire centrotherm Group) or the legitimate interest of a third party to do so, or where you have given us your consent.The processing of your data in a third country may also be undertaken in connection with the employment of service providers within the scope of order processing. Where the country in question is not covered by a resolution of the EU Commission confirming that an adequate level of data protection is in place there, we shall in accordance with EU data protection requirements ensure by means of suitable contracts that your rights and freedoms are adequately protected and guaranteed. We will provide corresponding detailed information to you on request.
7. For how long do we store your data?
Where necessary we process your personal data throughout the duration of our business relationship. This also includes the initiation and handling of a contract. We are moreover subject to various retention and documentation obligations arising out of the German Commercial Code (HGB) and the German Fiscal Code. The prescribed retention and/or documentation periods set out therein extend up to ten years beyond the end of the business relationship and/or the precontractual legal relationship. Finally, the retention period is also defined on the basis of legal statutes of limitation which, for instance, are three years according to Art. 195 ff of the Federal Civil Code (BGB) as a rule, but may also be thirty years in certain cases.
8. To what extent is automated decision-making (including profiling) used in individual cases?
We do not use any purely automated decision-making processes as set out in Art. 22 GDPR. Should we use these processes in individual cases we will notify you separately where this is a legal requirement.
9. Your rights to privacy
You have the right to information (Art. 15 GDPR), the right to rectification (Art. 16 GDPR), the right to erasure (Art. 17 GDPR), the right to restriction of processing (Art. 18 GDPR) and the right to data portability (Art. 20 GDPR). You also have the right to lodge a complaint with a data protection authority (Art. 77 GDPR). In principle, Art. 21 GDPR gives you the right to object to our processing of personal data. However this right to object only applies where you can show the existence of very special personal circumstances whereby the rights of our company may override your right to object.Should you wish to exercise one of these rights, please contact our Data Protection Officer.
10. Your obligations in providing us with your personal data
You only need to provide us with those data that are necessary for the initiation and performance of a business relationship or a precontractual relationship with us, or those data which we are legally obliged to collect. As a rule, without these data we will not be in a position to conclude or perform the contract. This may also include data that are required later within the scope of the business relation-ship. Insofar as we request data from you at a later date, you will be informed separately that the provision of such data is voluntary.
11. Information about your right to object – Art. 21 GDPR
You have the right at all times to object to the processing of your data under the provisions of Art. 6 (1) (f) GDPR (processing is necessary for the purposes of a legitimate interest) or Art. 6 (1) (e) GDPR (processing is necessary in the public interest) where grounds exist arising out of your particular situation. This shall also apply to processing for the purposes of profiling in the sense of Art. 4 (4) GDPR.If you object, your personal data will no longer be processed unless where we can demonstrate compelling legitimate grounds for such processing that override your interests, rights and freedoms, or where the processing serves the establishment, exercise or defence of legal claims.We may also process your personal data for the purposes of direct advertising. If you do not wish to receive advertising, you have the right to object at any time. This also applies to profiling where this is connected with direct marketing. We will observe this objection in the future.Your data will no longer be processed for the purposes of direct advertising if you object to processing for these purposes.Your objection can be made by simply writing to the address shown at 2. above.
12. Your right to lodge a complaint with the competent supervisory authority
You have the right to lodge a complaint with the data protection authority (Art. 77 GDPR). The competent supervisory authority in our case is:
Der sächsische Datenschutzbeauftragte
1067 Dresden Germany