General data protection information of HERMLE AG

Data protection information of Maschinenfabrik Berthold HERMLE AG
For customers, interested parties, suppliers, dealers and business partners
Date: 22.05.2018

The following information is intended to provide you with an overview of the processing of your personal data by us and your rights under data protection law. Which data is processed in detail and how it is used depends largely on the agreed services. Therefore, not all parts of this information will apply to you.


1. Who is responsible for data processing and who can I contact?


Maschinenfabrik Berthold HERMLE AG
Industriestraße 8-12
78559 Gosheim
Telephone: +49 (0) 7426/95-0
Fax: +49 (0) 7426/95-1309
Email: info@hermle.de

You can reach our data protection officer at: datenschutz@hermle.de


2. What sources and data do we use?

We process personal data which we receive from our customers or other parties concerned as part of our business relationship. In addition, we process - to the extent necessary for the provision of our services - personal data which we legitimately obtain from publicly accessible sources (e.g. debtor directories, land registers, commercial and association registers, the press, Internet) or which are legitimately transferred to us by other third parties.

Relevant personal data are personal details (name, address and other contact details such as email address, date and place of birth and nationality), legitimisation data (e.g. ID card data) and authentication data (e.g. specimen signature). In addition, this may also include order data, data from the fulfilment of our contractual obligations, documentation data and other data comparable with the aforementioned categories
 

3. Why do we process your data (purpose of processing) and on what legal basis?

We process personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG)

a) for the fulfilment of contractual obligations (Article 6 (1) (b) GDPR)

Data is processed in order to provide our services as part of the fulfilment of our contracts with our customers or to take pre-contractual measures in response to an enquiry. The purposes of data processing are primarily based on the specific product or service. In particular, data processing is carried out

  • in order to be able to identify you as our customer, prospective customer, supplier or business partner;
  • in order to be able to advise you appropriately;
  • for the purpose of corresponding with you;
  • for invoicing purposes.

Further details on the purposes of data processing can be found in the relevant contract documents and terms and conditions.

b) as part of the balancing of interests ( Article 6 (1) (f) GDPR)

Where necessary, we process your data beyond the actual fulfilment of the contract to protect our legitimate interests or those of third parties. Examples:

  • Advertising unless you have objected to the use of your data,
  • Assertion of legal claims and defence in legal disputes,
  • Ensuring IT security and IT operations,
  • Prevention and investigation of criminal offences,
  • Measures for building and plant security (e.g. access controls),
  • Measures to safeguard domiciliary rights, measures for business management and further development of services and products, risk management in our company.

    c) on the basis of your consent ( Article 6(1) (a) GDPR)

If you have given us your consent to process personal data for specific purposes, the lawfulness of this processing is based on your consent. Any consent given can be revoked at any time. This also applies to the revocation of declarations of consent given to us before the GDPR came into force, i.e. before 25 May 2018. The revocation of consent is effective only for the future and does not affect the legality of the data processed until the revocation.

d) due to legal requirements (Article 6 (1) (c) GDPR) or in the public interest (Article 6 (1) (e) GDPR)

As a company, we are also subject to various legal obligations, i.e. statutory requirements (e.g. tax laws). The purposes of processing include the fulfilment of reporting obligations under tax law and the assessment and management of risks within our company.
 

4. Who receives my data?

Within our company, those departments which require your data to fulfil our contractual and legal obligations will have access to it. Even service providers and vicarious agents employed by us may receive data for these purposes.

These are companies in the categories of IT services, logistics, printing services, telecommunications, debt collection, consulting as well as sales, marketing and order processing. We only pass on information about our customers if this is required by law or if the customer has given their consent. Under these conditions, recipients of personal data may be, for example:

  • Public bodies and institutions,
  • Other companies within the group,
  • Service providers which we use within the scope of order processing relationships.

Other data recipients may be those bodies for which you have given us your consent to transfer data or to which we are authorised to transfer personal data on the basis of a balancing of interests.

5. Is data transferred to a third country or an international organisation?

Data is transferred to bodies in countries outside the European Union (so-called third countries) insofar as

  • it is necessary for the fulfilment of your orders (e.g. processing of letters of credit),
  • it is required by law (e.g. reporting obligations under tax law) or
  • you have given us your consent.

Furthermore, transfer to bodies in third countries is provided for in the following cases:

  • If this is necessary in individual cases, your personal data may be transferred to an IT service provider in the USA or another third country to ensure the IT operations of our company in compliance with the European level of data protection.

With the consent of the person concerned or due to legal regulations to combat money laundering, terrorist financing and other criminal offences, as well as in the context of a balancing of interests, personal data is transferred in individual cases in compliance with the data protection level of the European Union.


6. How long will my data be stored?

We process and store your personal data as long as this is necessary for the fulfilment of our contractual and legal obligations. It should be noted that our business relationship is generally a continuing obligation which is intended to last for years.

If the data is no longer required for the fulfilment of contractual or legal obligations, it will be deleted irregularly, but at the latest after 25 years, unless its - temporary - further processing is necessary for the following purposes:

  • Fulfilment of retention obligations under commercial and tax law, which may result, for example, from: German Commercial Code (HGB), German Fiscal Code (AO). The retention and documentation periods specified in these codes are generally six to ten years.
  • Preservation of evidence within the scope of the legal statute of limitations. According to §§ 195 ff of the German Civil Code (BGB), these limitation periods may be up to 30 years, although the regular limitation period is 3 years.

     

7. What data protection rights do I have?

You have the right:

  • pursuant to Article 7 (3) GDPR, to withdraw your consent at any time. As a result, we must no longer continue the data processing, which was based on this consent, in the future;
  • pursuant to Article 15 GDPR, to request information about your personal data which we process. In particular, you have the right to request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of or objection to processing, the existence of a right of appeal, the origin of your data unless collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about their details;
  • pursuant to Article 16 GDPR, to request the immediate correction of inaccurate or incomplete personal data which we have stored;
  • pursuant to Art. 17 GDPR, to demand the erasure of your personal data which we have stored, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest, or to assert, exercise or defend legal claims;
  • pursuant to Art. 18 GDPR, to demand the restriction of the processing of your personal data if you dispute the accuracy of the data, the processing is unlawful but you refuse to delete the data and we no longer require the data, but you require it to assert, exercise or defend legal claims or you have lodged an objection to the processing pursuant to Article 21 GDPR;
  • pursuant to Article 20 GDPR, to receive your personal data which you have provided to us in a structured, commonly used and machine-readable format or to request transfer to another controller and
  • pursuant to Article 77 GDPR, to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.

 

Information about your right to object pursuant to Article 21 GDPR

Individual right of objection

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Article 6 (1) (e) GDPR (data processing in the public interest) and Article 6 (1) (f) GDPR (data processing on the basis of a balancing of interests).

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is required to assert, exercise or defend legal claims.

Right to object to the processing of data for the purposes of direct advertising

In individual cases, we will process your personal data for the purposes of direct advertising. You have the right to object at any time to the processing of your personal data for the purpose of such advertising, insofar as it is associated with such direct advertising.

If you object to processing for the purposes of direct advertising, we will no longer process your personal data for these purposes.

 

Recipient of an objection

The objection can be made informally with the subject "Objection", stating your name, address and date of birth, and should be addressed to:

Maschinenfabrik Berthold HERMLE AG
Industriestraße 8-12
78559 Gosheim
datenschutz@hermle.de

Online-Schulungen der HERMLE AG

Do you have
any questions?
We are happy
to answer them

Ein HERMLE Mitarbeiter

Tailor-made
career? Start
with HERMLE

Data privacy settings

Cookie settings
This website uses cookies that enable services from external providers, e.g. YouTube or Google Maps. The legal basis for data processing is Article 6 (1a) GDPR.

Please note that some functions may not be available depending on your settings.

More information can be found in our Statement on data protection