Data protection information for suppliers
We take the protection of personal data seriously and observe the data protection regulations, in particular the EU General Data Protection Regulation ("GDPR") and the Federal Data Protection Act ("BDSG"). In particular, this means that we only process personal data if a statutory provision allows us to do so or if the person concerned has given his or her consent.
In this data protection information we explain to you which information (including personal data) is processed by us in connection with the business relationship between you and us.
1. Who is responsible for data processing?
The controller responsible for the processing of personal data under data protection law is:
Fels-Werke GmbH, Geheimrat-Ebert-Str. 12, 38640 Goslar, Tel.: 05321-703-0,
Fax: 05321-703-321, Mail: firstname.lastname@example.org
Fels Sales and Service GmbH & Co. KG, Ebert-Str. 12, 38640 Goslar, Germany,
Phone: 05321-703-0, Fax: 05321-703-321, Mail: email@example.com
Fels Netz GmbH, Hornberg 1, 38875 Oberharz am Brocken, OT Elbingerode,
Phone: 05321-703-0, Fax: 05321-703-321, Mail: firstname.lastname@example.org
Insofar as "we" or "we" are mentioned in this data protection information, this refers in each case to the company concerned.
Our data protection officer can be reached via the above contact channels as well as at email@example.com or by telephone on +49 170 4587328.
2. Which principles do we observe?
The execution of our business relations requires the processing of data of our service providers/suppliers. If these data allow conclusions to be drawn about a natural person (e.g. if you enter into a business relationship with us as a sole trader), these are personal data. Regardless of the legal form of our contractual partner, we also process data on the contact persons at our contractual partner.
We process basic data about our contractual partner and the contact persons and the existing business relationship with our contractual partner, which we generally refer to as "master data". This includes in particular
- all information that was provided to us when the business relationship was established or that we received from our contractual partner or a contact person (e.g. addresses, telephone/fax and mobile phone numbers, e-mail addresses, tax numbers, bank details); and
- the data that we have collected in connection with the establishment of the business relationship with us (such as, in particular, the details of the contracts concluded);
We process personal data that arises in the course of the business relationship, which may go beyond a mere change of master data and which we call "history data". This includes in particular
- Information on the services provided or accepted by our contractual partner on the basis of the contracts concluded;
- Information on the services provided or accepted by us on the basis of the contracts concluded;
- Information that our contractual partner or a contact person provides to us in the course of the business relationship - either actively or at our request;
- personal data which we receive in the course of our business relationship in any other way from our contractual partner, a contact person or from third parties;
To the extent permitted by law, we may also store personal data from third parties relating to the master and history data. This includes, for example, data on the economic situation of our contractual partners if this is necessary to assess economic risks - such as payment defaults.
3. For what purposes and on what legal basis do we process personal data?
- The processing of master data and historical data takes place for the execution of contracts existing with a natural person as contractual partner or for the execution of pre-contractual measures on the basis of Article 6 paragraph 1 b) EU GDPR. Regardless of the legal form of our contractual partner, we process master and process data with reference to one or more contact persons in order to safeguard our legitimate interest in the implementation of the business relationship on the basis of Article 6 paragraph 1 f) EU GDPR.
- We may also process master and historical data to fulfil legal obligations to which we are subject; this is done on the basis of Article 6 paragraph 1 c) EU GDPR. These legal obligations include in particular the reports to (tax) authorities required of us.
- Where necessary, we process data beyond the execution of the concluded contracts and the fulfilment of legal obligations also for the protection of our legitimate interests or the interests of third parties; this is done on the basis of Article 6 paragraph 1 f) EU GDPR. Our legitimate interests include:
- Group-wide processes for the internal administration of business partner data
- the identification of economic risks - such as payment defaults - in connection with our business relationships;
- the assertion of legal claims and defence in legal disputes;
- the prevention and investigation of criminal offences;
- the management and further development of our business activities, including risk management
- Insofar as we give a natural person the option of granting consent to the processing of personal data, we process the data covered by the consent for the purposes stated in the consent; this is done on the basis of Article 6 paragraph 1 a) EU GDPR.
Please note that
- the granting of consent to us is voluntary;
- that the non-granting of a consent or its later revocation can nevertheless be connected with consequences, about which we inform before granting of the consent and
- that a consent given to us can be revoked at any time with effect for the future, e.g. by notification by post, fax or e-mail via one of the contact channels specified in the chapter "1 Who is responsible for data processing" of this data protection information.
4. Is there an obligation to provide personal data?
If there is an obligation to provide personal data?the provision of the master data and historical data mentioned under "2. Which data do we process? is necessary for the establishment and implementation of the business relationship with our contractual partners, unless expressly stated otherwise by us when collecting this data. Without the provision of this data, we cannot establish a business relationship and carry it out.
If we also collect personal data, we will indicate in the collection whether the provision of this information is required by law or contract or is necessary for the conclusion of a contract. As a rule, we identify information that is provided voluntarily and is not based on any of the aforementioned obligations or is not required for the conclusion of a contract.
5. Who receives personal data?
Personal data are processed within our company. Depending on the type of personal data, only certain departments / organizational units have access to personal data. This includes in particular the purchasing department and - for data processed via the IT infrastructure - to a certain extent also the IT department. A role and authorization concept limits access within our company to those functions and to the extent necessary for the respective purpose of processing.
We may also transfer personal data to third parties outside our company to the extent permitted by law. These external recipients may include in particular
- affiliated companies within the CRH Group to which we transmit personal data for internal administrative purposes;
- the service providers employed by us who provide services for us on a separate contractual basis, which may also include the processing of personal data, as well as the subcontractors of our service providers engaged with our consent;
- non-public and public authorities, insofar as we are obliged to transfer your personal data due to legal obligations;
6. Is automated decision making used?
When establishing or in the course of the business relationship, we do not use automated decision-making (including profiling) within the meaning of Article 22 EU GDPR. If we use such procedures in individual cases, we will inform the persons concerned separately to the extent provided for by law.
7. Are data transmitted to countries outside the EU/EEA?
Personal data are processed exclusively within the EU or the European Economic Area; a transfer to other countries (so-called "third countries") is not planned.
8. How long is personal data stored?
We store personal data as long as we have a legitimate interest in this storage and the interests of the person concerned in the discontinuation of storage do not outweigh.
Even without a legitimate interest, we may continue to store the data if we are legally obliged to do so (e.g. to fulfil storage obligations). We also delete personal data without the involvement of the data subject as soon as their knowledge is no longer necessary to fulfil the purpose of the processing or storage is otherwise legally inadmissible.
As a rule, the master data and other personal data accrued in the course of the business relationship are stored at least until the end of the business relationship. The data will be deleted at the latest when they reach their purpose. This may only occur after the business relationship has ended. The personal data that we have to store in order to fulfil our storage obligations will be stored until the end of the respective storage obligation. As far as we store personal data exclusively for the fulfilment of storage obligations, these are usually blocked, so that they can only be accessed if this is necessary with regard to the purpose of the storage obligation.
9. What rights does a data subject have?
A data subject has the right to
- for information on the personal data stored about them, Article 15 EU GDPR;
- correction of inaccurate or incomplete data, Article 16 EU GDPR;
- for deletion of personal data, Article 17 EU GDPR;
- restriction of processing, Article 18 EU GDPR;
- to data portability, Article 20 EU GDPR;
- to object to the processing of personal data concerning you, Article 21 EU GDPR;
- to lodge a complaint with a competent supervisory authority for data protection, Article 77 EU GDPR.
If you have any questions or requests for changes regarding the use of your personal data by us, please send them - for reasons of complete and rapid processing please only in writing - to: firstname.lastname@example.org
We will examine your request immediately and take the necessary measures.
You can find our current data protection declaration under: