The protection of your rights in the processing of personal data is an important concern for the companies of the Masterflex Group. With the following information, we would like to give you an overview of the processing of your personal data by us and your data protection rights.
I. Name and contact details of the data controller and data protection officer
The person responsible for data collection is (i.e. the “controller”):
In den Langen Stücken 6
phone: +49 3941 6869-0
You can reach our data protection officer as follows:
Dachauer Straße 65
phone: +49 89 452459-900
II. Purpose and legal basis of processing
Within the framework of the initiation and implementation of the business relationship, we process the following personal data about you:
· Bank details
· Customer number
· First name
· Your e-mail address
· Your mobile phone numer
· Your landline number
· Your fax number
Purposes of processing:
Your personal data is collected for the purpose of,
· to process your enquiry as an interested party.
· to prepare and carry out pre-contractual measures - this includes, for example, the preparation and sending of an individual offer or individual agreement and transmission of contractual condictions with the aim of concluding a contract.
· to include you in our customer database.
· to check your creditworthiness.
· to fulfil our contractual obligations.
· to inform you about our products and services in the best possible way. This also includes sending direct advertising by e-mail or by post.
· to ensure smooth billing for the services provided.
· to comply with our legal obligations.
· in order to provide you, as our customer, with the best possible service.
· for the purpose of sending newsletters, insofar as you have registered for our newsletter.
· to fulfil post-contractual measures.
· to assert, exercise or defend legal claims.
III. Legal basis of processing:
Your data will be processed on the basis of the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and all other relevant laws (e.g. § 257 HGB, § 147 AO, § 14 UStG etc.).
Processing on the basis of legitimate interest, pursuant to Art. 6 para. 1 p.1 lit. f GDPR.
To the extent necessary, we process your data beyond the performance of the contract to protect legitimate interests of us or third parties. For example:
· Enforcement, exercise or defence of legal claims.
· For internal administrative purposes within the group of companies.
· Ensuring IT security and IT operations.
· Access control.
· Testing and optimizing procedures for demand analysis and direct customer contact.
· Advertising or customer surveys, unless you have objected to the use of your data.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) sentence 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) p. 1 lit. c GDPR serves as the legal basis.
Processing on the basis of legitimate interest, pursuant to Art. 6 (1) p.1 lit. a GDPR.
Insofar as you should have given us consent to process personal data for certain purposes (e.g. newsletter), the lawfulness of this processing is based on your consent.
IV. Recipients or categories of recipients of personal data
Your personal data will be disclosed to:
Within our group of companies (Masterflex SE including its subsidiaries), access to your data will be granted to those entities that need it in order to fulfill our contractual and legal obligations or for the above-mentioned purposes. Service providers employed by us may also receive data for this purpose.
Data will only be passed on outside the group of companies if this is required by law or if you have given your consent.
All recipients, for their part, are obligated to comply with data protection.
Under these conditions, recipients of personal data may include:
· Public bodies and institutions (e.g. tax authorities) in the event of a legal or official obligation.
· Order processors to whom we transfer personal data in order to carry out the business relationship with you (e.g. data destruction, financial accounting, payment transactions, maintenance of IT systems, collection companies).
V. Transfer of personal data to a third country
A transfer of your personal data to a third country or to an international organisation does not take place and is not intended.
The software providers we use may have their (main) headquarters in third countries. In the opinion of the EU, third countries generally do not have an adequate level of data protection. In order to ensure the security of personal data within the meaning of the special requirements of Art. 44 et seq. GDPR, we have agreed on standard data protection clauses in accordance with Art. 46 (2) c GDPR for the transfer to processors (in the form of software providers) outside the European Union or the European Economic Area. Should a transfer of personal data to processors (in the form of software providers) outside the European Economic Area (EEA) be necessary in exceptional cases, this will only take place if the third country has been confirmed by the EU Commission to have an adequate level of data protection or if other adequate data protection guarantees (e.g. binding internal company data protection regulations or EU standard contractual clauses) are in place.
VI. Duration of storage of personal data
After collection, your data will be stored by the data controller for as long as is necessary to fulfil the purposes stated in section 3. If the data is no longer required for the fulfilment of contractual or legal obligations, it will be regularly deleted, unless its further processing is necessary for the following purposes:
· Compliance with statutory retention periods, e.g. in accordance with the German Commercial Code or the German Fiscal Code.
· Preservation of evidence within the framework of the statute of limitations (e.g. §§ 195 ff. German Civil Code).
VII. Rights of the data subject
According to the GDPR, you have the following rights:
If your personal data is processed, you have the right to receive information from the controller about the data stored about you (Art. 15 GDPR).
If inaccurate personal data is processed, you have the right to rectification (Art. 16 GDPR).
If the legal requirements are met, you may request erasure or restriction of processing as well as object to processing (Art. 17, 18 and 21 GDPR).
If the personal data concerning you are processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
If you have consented to the data processing or if a contract for data processing exists and the data processing is carried out with the help of automated procedures, you may have a right to data portability (Art. 20 GDPR).
Furthermore, you have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR).
VIII. Right of revocation in the event of consent pursuant to Art. 7 (3) sentence 1 GDPR
If you have consented to processing by the data controller by means of a corresponding declaration, you may revoke your consent at any time for the future. The lawfulness of the data processing carried out on the basis of the consent until the revocation is not affected by this.
IX. Obligation to provide data
Within the scope of our business relationship, you must provide us with those personal data that are necessary for the establishment and implementation of the business relationship and for the fulfilment of the associated obligations or which we are legally obliged to collect. These obligations may arise, for example, from § 14 UStG, § 6 IfSG or contract.
If you do not provide the required data, a contract with you cannot be concluded or continued.
Status: December 2021