You Have Questions?

For personal information, please use the following contact form or give us a call.

Privacy policy for customers and interested parties

Privacy inform­ation for customers and inter­ested parties

In accordance with Art. 13, 14 and 21 of the General Data Protection Regulation (GDPR)

1. Who is respons­ible for data pro­cessing and who can you con­tact?
FHR Anla­gen­bau GmbH
Am Hügel 2
01458 Otten­dorf-Okrilla
Tel.: 035205 520 0
Fax: 035205 520 40

2. Data Pro­tec­tion Officer’s con­tact details
Daniel Voigtländer

3. Pur­poses of pro­cessing and legal basis
Your per­sonal data are pro­cessed in accord­ance with the pro­vi­sions of the Gen­eral Data Pro­tec­tion Reg­u­la­tion (GDPR), the Fed­eral Data Pro­tec­tion Act (BDSG) and other rel­ev­ant data pro­tec­tion require­ments. The pro­cessing and use of indi­vidual data depends on the agreed or reques­ted ser­vice. Our con­tract doc­u­ment­a­tion, forms, con­sent declar­a­tions and other inform­a­tion made avail­able to you (e. g. on our web­site or in our Gen­eral Terms and Con­di­tions) con­tain fur­ther details and sup­ple­ment­ary inform­a­tion about the pur­poses for which data are pro­cessed.

3.1 Con­sent – Art. 6 (1) (a) GDPR
If you have given us your con­sent to the pro­cessing of your per­sonal data, that con­sent provides the legal basis for the pro­cessing spe­cified therein. You may with­draw your con­sent at any time with future effect.All you need to do is send us an informal email.

3.2 Ful­fil­ment of con­trac­tual oblig­a­tions – Art. 6 (1) (b) GDPR
We pro­cess your per­sonal data to ful­fil our con­tracts with you. Your per­sonal data are fur­ther­more pro­cessed to under­take meas­ures and activ­it­ies within the scope of pre­con­trac­tual rela­tion­ships.

3.3 Ful­fil­ment of legal oblig­a­tions – Art. 6 (1) (c) GDPR
We pro­cess your per­sonal data where this is neces­sary for the ful­fil­ment of legal oblig­a­tions (e. g. com­mer­cial or fiscal laws). Check­ing iden­tity and age; fraud and

money laun­der­ing pre­ven­tion; pre­ven­tion, com­batting and solv­ing of ter­ror­ism fin­an­cing and crimes that jeop­ard­ise assets; com­par­is­ons with European and inter­na­tional anti-ter­ror lists; ful­fil­ment of fiscal con­trolling and report­ing oblig­a­tions and the archiv­ing of data for the pur­poses of data pro­tec­tion and data secur­ity and inspec­tion by fiscal and other author­it­ies. It may fur­ther­more be neces­sary to dis­close per­sonal data within the scope of meas­ures imposed by the author­it­ies/​courts of law for the pur­poses of obtain­ing evid­ence, crim­inal pro­ceed­ings or to enforce claims under civil law.

3.4 Our legit­im­ate interest or that of third parties – Art. 6 (1) (f) GDPR
We can also use your per­sonal data on the basis of an over­rid­ing interest, in order to pre­serve our legit­im­ate interest or the legit­im­ate interest of a third party. This is under­taken for the fol­low­ing pur­poses:

  • For advertising or market research where you have not refused the use of your data,
  • To obtain information and for the exchange of data with credit agencies where this exceeds our economic risk,
  • For the limited storage of your data where erasure is not possible or would entail disproportionate effort owing to the special nature of that storage,
  • For comparison with European and international anti-terror lists where this extends beyond statutory obligations,
  • For the further development of services and products and existing systems and processes,
  • For the disclosure of personal data within the scope of due diligence, e. g. with regard to the sale of a company,
  • To enrich our data through using or searching publicly accessible data,
  • For statistical evaluations or market analyses,
  • For benchmarking,
  • To assert legal claims and for the purpose of defence in the event of legal disputes that are not directly associated with the contractual relationship,
  • For internal and external examinations and/or security checks,
  • To certify matters relating to private law or official matters,
  • To secure and preserve our right to determine who may have access to our premises by means of appropriate measures (e. g. video surveillance; visitor badge).

4. Cat­egor­ies of per­sonal data that we pro­cess
The fol­low­ing data are pro­cessed:

  • Personal details (name, date of birth, profession/sector and similar data)
  • Contact details (address, email address, telephone number and similar data)
  • Customer history

We fur­ther­more pro­cess per­sonal data from pub­lic sources (e. g. inter­net, media, press, trade and asso­ci­ation registers, register of res­id­ents, debtor lists, land registers).

5. Who receives your data?
Within our com­pany we pass on your per­sonal data to those depart­ments who require these data to ful­fil con­trac­tual and stat­utory oblig­a­tions and/​or to assert our legit­im­ate interest.Your data may moreover be shared with the fol­low­ing instances:

  • Processors contracted by us (Art. 28 GDPR) particularly in areas such as IT services, support/ maintenance of IT applications, data screening for anti-money laundering purposes, data validation and plausibility checks, data destruction companies, auditing services, courier services,
  • Public authorities and institutions on presentation of a statutory or official order under the terms of which we are obliged to provide information about data, report or share data, or where sharing data is in the public interest,
  • Instances and institutions relating to our legitimate interest or the legitimate interest of a third party for the purposes set out in 3.4 above (e. g. authorities, credit agencies, debt collection services, lawyers, courts of law, assessors, Group-owned companies, committees and super-visory authorities),
  • Other instances with whom you have authorised us to share your data. (e. g. for suppliers to perform services or other contractual obligations)

6. Trans­fer of your data to a third coun­try or an inter­na­tional organ­isa­tion
Data is trans­ferred to instances in states out­side the European Union (EU) and/​or the European Eco­nomic Area (EEA) – so-called “third coun­tries” – where neces­sary for the ful­fil­ment of an order/​con­tract from and/​or with you, where this is a stat­utory require­ment (e. g. fiscal report­ing oblig­a­tions), where it is in our legit­im­ate interest (e. g. address book shared by the entire centro­therm Group) or the legit­im­ate interest of a third party to do so, or where you have given us your con­sent.The pro­cessing of your data in a third coun­try may also be under­taken in con­nec­tion with the employ­ment of ser­vice pro­viders within the scope of order pro­cessing. Where the coun­try in ques­tion is not covered by a res­ol­u­tion of the EU Com­mis­sion con­firm­ing that an adequate level of data pro­tec­tion is in place there, we shall in accord­ance with EU data pro­tec­tion require­ments ensure by means of suit­able con­tracts that your rights and freedoms are adequately pro­tec­ted and guar­an­teed. We will provide cor­res­pond­ing detailed inform­a­tion to you on request.

7. For how long do we store your data?
Where neces­sary we pro­cess your per­sonal data throughout the dur­a­tion of our busi­ness rela­tion­ship. This also includes the ini­ti­ation and hand­ling of a con­tract. We are moreover sub­ject to vari­ous reten­tion and doc­u­ment­a­tion oblig­a­tions arising out of the Ger­man Com­mer­cial Code (HGB) and the Ger­man Fiscal Code. The pre­scribed reten­tion and/​or doc­u­ment­a­tion peri­ods set out therein extend up to ten years bey­ond the end of the busi­ness rela­tion­ship and/​or the pre­con­trac­tual legal rela­tion­ship. Finally, the reten­tion period is also defined on the basis of legal stat­utes of lim­it­a­tion which, for instance, are three years accord­ing to Art. 195 ff of the Fed­eral Civil Code (BGB) as a rule, but may also be thirty years in cer­tain cases.

8. To what extent is auto­mated decision-mak­ing (includ­ing pro­fil­ing) used in indi­vidual cases?
We do not use any purely auto­mated decision-mak­ing pro­cesses as set out in Art. 22 GDPR. Should we use these pro­cesses in indi­vidual cases we will notify you sep­ar­ately where this is a legal require­ment.

9. Your rights to pri­vacy
You have the right to inform­a­tion (Art. 15 GDPR), the right to rec­ti­fic­a­tion (Art. 16 GDPR), the right to eras­ure (Art. 17 GDPR), the right to restric­tion of pro­cessing (Art. 18 GDPR) and the right to data port­ab­il­ity (Art. 20 GDPR). You also have the right to lodge a com­plaint with a data pro­tec­tion author­ity (Art. 77 GDPR). In prin­ciple, Art. 21 GDPR gives you the right to object to our pro­cessing of per­sonal data. However this right to object only applies where you can show the exist­ence of very spe­cial per­sonal cir­cum­stances whereby the rights of our com­pany may over­ride your right to object.Should you wish to exer­cise one of these rights, please con­tact our Data Pro­tec­tion Officer.

10. Your oblig­a­tions in provid­ing us with your per­sonal data
You only need to provide us with those data that are neces­sary for the ini­ti­ation and per­form­ance of a busi­ness rela­tion­ship or a pre­con­trac­tual rela­tion­ship with us, or those data which we are leg­ally obliged to col­lect. As a rule, without these data we will not be in a pos­i­tion to con­clude or per­form the con­tract. This may also include data that are required later within the scope of the busi­ness rela­tion-ship. Inso­far as we request data from you at a later date, you will be informed sep­ar­ately that the pro­vi­sion of such data is vol­un­tary.

11. Inform­a­tion about your right to object – Art. 21 GDPR
You have the right at all times to object to the pro­cessing of your data under the pro­vi­sions of Art. 6 (1) (f) GDPR (pro­cessing is neces­sary for the pur­poses of a legit­im­ate interest) or Art. 6 (1) (e) GDPR (pro­cessing is neces­sary in the pub­lic interest) where grounds exist arising out of your par­tic­u­lar situ­ation. This shall also apply to pro­cessing for the pur­poses of pro­fil­ing in the sense of Art. 4 (4) GDPR.If you object, your per­sonal data will no longer be pro­cessed unless where we can demon­strate com­pel­ling legit­im­ate grounds for such pro­cessing that over­ride your interests, rights and freedoms, or where the pro­cessing serves the estab­lish­ment, exer­cise or defence of legal claims.We may also pro­cess your per­sonal data for the pur­poses of dir­ect advert­ising. If you do not wish to receive advert­ising, you have the right to object at any time. This also applies to pro­fil­ing where this is con­nec­ted with dir­ect mar­ket­ing. We will observe this objec­tion in the future.Your data will no longer be pro­cessed for the pur­poses of dir­ect advert­ising if you object to pro­cessing for these pur­poses.Your objec­tion can be made by simply writ­ing to the address shown at 2. above.

12. Your right to lodge a com­plaint with the com­pet­ent super­vis­ory author­ity
You have the right to lodge a com­plaint with the data pro­tec­tion author­ity (Art. 77 GDPR). The com­pet­ent super­vis­ory author­ity in our case is:
Der säch­s­is­che Datens­chutz­beau­ftragte
Bernhard-von-Lindenau-Platz 10
1067 Dresden Ger­many