Data protection information on the processing of applicant and employee data

Contact details of the responsible body

Responsible for the processing is

SARIA A/S GmbH & Co. KG
Norbert-Rethmann-Platz 1
59379 Selm
Germany
Telephone: +49 2592 210-0
Telefax: +49 2592 210-299

Data Protection Officer
Norbert-Rethmann-Platz 1
59379 Selm
Email: datenschutz@saria.de

What data is processed?
We process personal data that we receive from our contractual partners within the scope of our business relationship.

Personal data (hereinafter referred to as “Data”) is all information relating to an identified or identifiable natural person, e.g. your name, address, telephone number or date of birth. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identification, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

If you as a natural person are our contractual partner, your personal data are meant by this. If you have been named to us by our contractual partner as a contact person within the scope of the business relationship, we process the personal data that our contractual partner or you personally have made available to us for this purpose (usually name, address and other contact data such as email address and telephone number as well as function).

We also process – insofar as this is necessary to provide our services – personal data which we have permissibly received from other companies in the SARIA Group or from other third parties (e.g. to execute orders, to fulfil contracts or on the basis of a consent given by you). In addition, we process personal data that we have obtained and are permitted to process from publicly accessible sources (e.g. land registers, commercial and association registers, press, media, internet).

Relevant personal data in the prospect process, in the master data opening: Name, address/other contact details (telephone, email address), bank details, function.

Processing purpose, legal basis and forwarding of data
We process the aforementioned personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the Bundesdatenschutzgesetz (Federal Data Protection Act; BDSG):

a) For the fulfilment of contractual obligations (Article 6 (1) b GDPR)

The processing of personal data is carried out within the framework of the implementation of the contracts concluded with contractual partners with and for the implementation of pre-contractual measures.

The purposes of the data processing are primarily based on the requirements of the service and may include, among other things, needs analyses and advice. Further details regarding the purpose of data processing can be found in the respective contract documents and terms and conditions.

b) Within the framework of the balancing of interests (Article 6 (1) (f) GDPR)

  • As far as necessary, we process your data beyond the actual fulfilment of the contract in order to protect our legitimate interests or those of third parties.
    Examples:

    • Testing and optimization of procedures for demand analysis and direct customer contact.
    • Advertising or market and opinion research, unless you have objected to the use of your data.
    • Assertion of legal claims and defence in legal disputes.
    • Prevention of criminal offences.
    • Measures for business management and further development of services and products.

c) Based on your consent (Article 6 para. 1 lit. a GDPR)

If you have given us your consent to process personal data for specific purposes (e.g. transfer of data within the group/corporate group, advertising, market research), the legality of this processing is based on your consent. Consent can be revoked at any time. This also applies to the revocation of declarations of consent that were given to us before the EU General Data Protection Regulation came into force, i.e. before 25 May 2018. Please note that the revocation is only effective for the future. Processing operations that took place before the revocation are not affected.

d) Due to legal requirements (Article 6 para. 1 lit. c GDPR) or in the public interest (Article 6 para. 1 lit. e GDPR).

Furthermore, as a company we are subject to various legal obligations, i.e. legal requirements (e.g. tax law, waste law). The purposes of the processing include, among other things, the fulfilment of fiscal control and reporting obligations as well as the fulfilment of the verification system under waste management law, ensuring IT security and IT operation, measures for building and plant security (e.g. access controls).

Service providers and vicarious agents employed by us may also have access to your data, which they need to fulfil our contractual and legal obligations. These are the companies from the categories listed below:

  • Public bodies and institutions (e.g. regional council as waste authority) if there is a legal or official obligation.
  • Subcontractor for waste disposal and cleaning services.

Under these conditions, recipients of personal data may be:

  • Processors to whom we transmit personal data in order to carry out the business relationship with you. More specifically: Processing of subcontractor services, support/maintenance of EDP/IT applications, archiving, document processing, call centre services, compliance services, controlling, data destruction, purchasing/procurement, customer administration, letter-shops, marketing, media technology, reporting, expense accounting, telephony, video legitimation, website management, auditing services, payment transactions.
    Other data recipients may be those entities for which you have given your consent to the transfer of data.

Obligation to provide your data  
Within the scope of our business relationship, you must provide us with the personal data which is necessary for the establishment and execution of a business relationship and the fulfilment of the associated contractual obligations or which we are legally obliged to collect. Without this data we will usually have to refuse to conclude the contract or execute the order. Existing contracts can no longer be executed and may have to be terminated.

Duration of storage
We store your personal data for as long as this is necessary to fulfil our contractual and legal obligations. Data that is no longer required to fulfil contractual and legal obligations will be deleted, unless:

  • The storage serves the fulfilment of legal retention periods in particular according to § 147 AO (Abgabenordnung; General Fiscal Law), § 257 HGB (Handelsgesetzbuch; German Commercial Code). According to this, the retention periods are up to ten years.
  • The storage serves to preserve evidence within the framework of the statute of limitations. According to §§ 195 ff. BGB these periods of limitation can be up to 30 years.

Data subject rights
You can request information from us at any time about the processing of your personal data (Art. 15 GDPR). Furthermore, in accordance with the legal provisions, you have a right to rectification (Art. 16 GDPR) and erasure (Art. 17 GDPR) of your data, a right to limit processing (Art. 18 GDPR) and you can object to the processing of your data (Art. 21 GDPR).

If necessary, please contact our data protection officer in all matters mentioned above (datenschutz@saria.de).

Right of appeal to supervisory authorities:  
According to Art. 77 GDPR, you have the right to complain to the supervisory authority if you believe that your personal data is being processed unlawfully. The address of the supervisory authority responsible for our company is: State Commissioner for Data Protection and Information Security of North Rhine-Westphalia; Address: Kavalleriestr. 2-4 40213 Düsseldorf; Tel: 0211-38424-0; Fax: 0211-38424-10
Email: poststelle@ldi.nrw.de

Automated decision making / profiling
Automated decision making or profiling does not take place.