Home Home

Data protection information for customers, suppliers, interested parties & other contractual partners


Data protection information regarding our processing of the data of customers, suppliers and interested parties according to Article 13, 14 and 21 of the General Data Protection Regulation (GDPR)

 

1. Name and contact details of the controller
The controller, the person responsible for the data collection, is
Heidolph Scientific Products GmbH 
Walpersdorfer Str. 12
91126 Schwabach, Germany 
Tel: +49 9122-9920-0
Email: sales@heidolph.de 

2. Contact details of the data protection officer
You can reach our data protection officer Ms. Nadine Heyn at:
datenschutz@heidolph.de

3. Purposes and legal basis of the processing
We process your personal data according to the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other relevant data protection regulations.

3.1. Purposes of the processing
Your personal data are processed and used for the purposes of customer and supplier support, customer acquisition, inquiry processing, customer surveys, forwarding information in the form of an interest-based communication by email, telephone, letter or fax, the procurement of material, of services, of supplies and working materials and contractual performance.

3.2. Legal basis of the processing
The legal basis for the processing of your personal data is one of the following:

  • Your consent (Art. 6 para. 1 letter a GDPR) – you can withdraw this consent at any time with effect for the future
  • Performance of contractual obligations or taking precontractual steps (Art. 6 para. 1 letter b GDPR)
  • Fulfillment of legal obligations (for example, commercial, tax laws)
  • The legitimate interest of us or third parties (Art. 6 para. 1 letter f) for the following purposes:
    • for interest-based communication, if you have not objected to use of your data
    • to obtain information and for data exchange with credit agencies, if this extends beyond our economic risk
    • for the restricted storage of your data, if erasure is not possible due to the special type of storage or is only possible with disproportionately large effort
    • for alignment with European and international anti-terror lists, if this extends beyond the statutory obligations
    • for statistical evaluations or for market analyses
    • for benchmarking
    • for the establishment of legal claims and defense in case of legal disputes, which cannot be directly assigned to the contractual relationship

 

4. Categories of personal data processed by us

The following data are processed:

  • Personal data (name, profession/industry and comparable data)
  • Contact details (address, email address, phone number and comparable data)
  • Payment / cover confirmation for bank debit and credit cards
  • Customer history
  • Supplier history

 

5. Sources of the data
We process personal data that we have received from you for the purposes of making contact or establishing a contractual relationship or as part of precontractual steps or which you have provided through our dealers.

Furthermore, we process personal data that we have received from third parties. We only process these data if we have received a consent from the data subject for the transfer to third parties and processing by third parties.

6. Recipients or categories of recipients of the personal data
We pass on your personal data within our company to the departments that need these data to perform the contractual obligations and fulfill legal obligations or for the realization of our legitimate interests.
Furthermore, the following bodies can receive your data:

  • companies of the ATS Group, which also includes Heidolph Scientific Products GmbH, provided this is allowed within the scope of the purposes and legal basis set out in section 3 of this data protection information
  • data processors used by us (Art. 28 GDPR), for example, IT services, printing services, support/maintenance of EDP/IT applications, archiving, document processing, data screening for anti-money laundering purposes, data validation or plausibility checking, data destruction, letter shops,
  • public bodies and institutions if a statutory or official obligation exists under which we are obliged to provide information, report or transfer data or the data transfer is in the public interest
  • bodies and institutions due to our legitimate interest or the legitimate interest of the third party (for example, to authorities, credit agencies, collection agencies, lawyers, courts, assessors, companies belonging to the Group, and committees and supervisory bodies);
  • other bodies, for which you have given us your consent to transfer data
     

8. Transfer of your data to a third country or to an international organization

Your personal data are mainly processed within the EU or the EEA. Only in the exceptional case with your consent or in case of our legitimate interest (for example, cost cutting, optimization of the service, etc.) and guaranteed adequate level of data protection of the recipient is data transferred to a third country or an international organization.

9. Period of the storage of personal data
Where necessary, we process your personal data for the duration of our business relationship, this also includes the initiation and processing of a contract.

In addition, we are subject to various retention and documentation obligations arising, among other things, out of the German Commercial Code (HGB) and the Fiscal Code (AO). The retention and documentation periods specified there are up to ten years beyond the end of the business relationship or the precontractual legal relationship.

Ultimately, the storage period also depends on the statutory periods of limitation, for example, according to §§ 195 ff. of the German Civil Code (BGB) generally three years, but in certain cases can also be up to thirty years.

10. Data subject rights

According to the General Data Protection Regulation you have the following rights:

If your personal data are processed, you have the right to receive information about the data stored about you (Art. 15 GDPR).

If inaccurate personal data are processed, you have the right to rectification (Art. 16 GDPR).

If the legal prerequisites exist, you can demand the erasure or restriction of the processing and object to the processing (Art. 17, 18 and 21 GDPR).

If you have consented to the data processing or a data processing contract exists and the data processing is carried out by automated means, you have a right to data portability if applicable (Art. 20 GDPR).

If you want to exercise one of the above-named rights, please contact our data protection officer (datenschutz@heidolph.de).

Furthermore, you have a right to complain to the Bavarian State Commissioner for Data Protection (Bayerischen Landesbeauftragten für den Datenschutz).

11. Information about your right to object Art 21 GDPR

You have the right to object to the processing of your data that is carried out on the basis of Art. 6 para. 1 a GDPR (consent) or Art. 6 para. 1 f GDPR (data processing for the purposes of the legitimate interests of the controller) at any time. This also applies to profiling based on this provision as defined in Art. 4 para. 4 GDPR.

If you object, we will no longer process your personal data, unless we can demonstrate compelling legitimate ground for the processing, which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

We possibly also process your personal data  for direct marketing purposes. If you do not wish to receive any marketing, you have the right to object to it at any time. This also applies to profiling to the extent that it is related to such direct marketing. We will comply with this objection for the future.

We will no longer process your data for direct marketing purposes if you object to the processing for these purposes.

The objection can be made informally by sending an email to datenschutz@heidolph.de or can be sent to the address listed in section 2.

12. Obligation to provide the data
You only need to provide the data necessary to conduct a business relationship or for a precontractual relationship with us or which we are legally obliged to collect. This can also relate to data required later in the context of the business relationship. If we ask you for further data, you will be advised separately of the voluntary nature of the information.

13. Automated decision-making
We do not use any fully automated decision-making in accordance with Art. 22 GDPR to justify, fulfill or conduct the business relationship or for precontractual measures. If we use these procedures in individual cases, we will inform you separately or obtain your consent, insofar as this is legally required