Contact details of the responsible body
Responsible for the processing is
SARIA A/S GmbH & Co. KG
Telephone: +49 2592 210-0
Telefax: +49 2592 210-299
Data Protection Officer
What data is processed?
We process personal data that we receive from our contractual partners within the scope of our business relationship.
Personal data (hereinafter referred to as “Data”) is all information relating to an identified or identifiable natural person, e.g. your name, address, telephone number or date of birth. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identification, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
If you as a natural person are our contractual partner, your personal data are meant by this. If you have been named to us by our contractual partner as a contact person within the scope of the business relationship, we process the personal data that our contractual partner or you personally have made available to us for this purpose (usually name, address and other contact data such as email address and telephone number as well as function).
We also process – insofar as this is necessary to provide our services – personal data which we have permissibly received from other companies in the SARIA Group or from other third parties (e.g. to execute orders, to fulfil contracts or on the basis of a consent given by you). In addition, we process personal data that we have obtained and are permitted to process from publicly accessible sources (e.g. land registers, commercial and association registers, press, media, internet).
Relevant personal data in the prospect process, in the master data opening: Name, address/other contact details (telephone, email address), bank details, function.
Processing purpose, legal basis and forwarding of data
We process the aforementioned personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the Bundesdatenschutzgesetz (Federal Data Protection Act; BDSG):
a) For the fulfilment of contractual obligations (Article 6 (1) b GDPR)
The processing of personal data is carried out within the framework of the implementation of the contracts concluded with contractual partners with and for the implementation of pre-contractual measures.
The purposes of the data processing are primarily based on the requirements of the service and may include, among other things, needs analyses and advice. Further details regarding the purpose of data processing can be found in the respective contract documents and terms and conditions.
b) Within the framework of the balancing of interests (Article 6 (1) (f) GDPR)
c) Based on your consent (Article 6 para. 1 lit. a GDPR)
If you have given us your consent to process personal data for specific purposes (e.g. transfer of data within the group/corporate group, advertising, market research), the legality of this processing is based on your consent. Consent can be revoked at any time. This also applies to the revocation of declarations of consent that were given to us before the EU General Data Protection Regulation came into force, i.e. before 25 May 2018. Please note that the revocation is only effective for the future. Processing operations that took place before the revocation are not affected.
d) Due to legal requirements (Article 6 para. 1 lit. c GDPR) or in the public interest (Article 6 para. 1 lit. e GDPR).
Furthermore, as a company we are subject to various legal obligations, i.e. legal requirements (e.g. tax law, waste law). The purposes of the processing include, among other things, the fulfilment of fiscal control and reporting obligations as well as the fulfilment of the verification system under waste management law, ensuring IT security and IT operation, measures for building and plant security (e.g. access controls).
Service providers and vicarious agents employed by us may also have access to your data, which they need to fulfil our contractual and legal obligations. These are the companies from the categories listed below:
Under these conditions, recipients of personal data may be:
Obligation to provide your data
Within the scope of our business relationship, you must provide us with the personal data which is necessary for the establishment and execution of a business relationship and the fulfilment of the associated contractual obligations or which we are legally obliged to collect. Without this data we will usually have to refuse to conclude the contract or execute the order. Existing contracts can no longer be executed and may have to be terminated.
Duration of storage
We store your personal data for as long as this is necessary to fulfil our contractual and legal obligations. Data that is no longer required to fulfil contractual and legal obligations will be deleted, unless:
Data subject rights
You can request information from us at any time about the processing of your personal data (Art. 15 GDPR). Furthermore, in accordance with the legal provisions, you have a right to rectification (Art. 16 GDPR) and erasure (Art. 17 GDPR) of your data, a right to limit processing (Art. 18 GDPR) and you can object to the processing of your data (Art. 21 GDPR).
If necessary, please contact our data protection officer in all matters mentioned above (firstname.lastname@example.org).
Right of appeal to supervisory authorities:
According to Art. 77 GDPR, you have the right to complain to the supervisory authority if you believe that your personal data is being processed unlawfully. The address of the supervisory authority responsible for our company is: State Commissioner for Data Protection and Information Security of North Rhine-Westphalia; Address: Kavalleriestr. 2-4 40213 Düsseldorf; Tel: 0211-38424-0; Fax: 0211-38424-10
Automated decision making / profiling
Automated decision making or profiling does not take place.