Data protection – General information
Information obligations when data are collected from the data subject in accordance with Art. 13 GDPR
1. Name and contact details of the data controller
inevvo solutions GmbH & Co. KG
2. Contact details of the data protection officer
Dachauer Str. 65
3. Purposes and legal basis of processing
Purposes of processing:
Your personal data will be processed for the purpose of carrying out pre-contractual measures or to fulfil the agreed services within the framework of our business relationship. It may also be the case that we process the data to fulfil legal obligations, such as certain storage obligations.
Legal basis for processing:
Your data will be processed on the basis of Art. 6 para. (1) sen. (1) lit. (a) GDPR, i.e. on the basis of your consent (e.g. when sending out newsletters), as well as on the basis of Art. 6 para. (1) sen. (1) lit. (b) GDPR, i.e. on the basis of pre-contractual measures or on the basis of the execution of our contract, as well as on the basis of Art. 6 para. (1) sen. (1) lit. (c) GDPR in connection with Sections 257 HGB (German Commercial Code), 147 AO (The Fiscal Code of Germany), 14 UStG (German Value Added Tax Act), i.e. on the basis of the fulfilment of a legal obligation.
Finally, processing can also be based on a legitimate interest according to Art. 6 para. (1) sen. (1) lit. (f) GDPR, for example for the following cases:
- Passing on your data within the GEMÜ Group;
- Measures to improve our service and strengthen our customer relationship, e.g. customer surveys;
- Cooperation with credit agencies for the purpose of credit checks;
- Direct advertising, unless you have objected to the processing of your personal data for these purposes;
- The monitoring of publicly accessible premises in our facilities using optical-electronic devices (video surveillance).
4. Recipients or categories of recipients of the personal data
Your personal data will be transferred to the following:
- The GEMÜ Group
- Commissioned dataulprocessors
- External service providers/consulltants
Personal data will only be made available to other companies in the GEMÜ Group if and insofar as this is necessary to safeguard our legal and contractual rights and obligations. This can be the case, for example, for the coordination of our contractual services to our customers. Typical cases are the cooperation between the sales department and the company providing support or the support of major customers by several companies of the GEMÜ Group.
In order to fulfil certain contractual obligations, we may work with external service providers/consultants. As far as we involve external service providers/consultants, this is always done within the limitations and in compliance with the applicable data protection regulations. If commissioned data processing occurs in such cases, a data processing agreement will be concluded by which we satisfy ourselves in advance of the sufficient level of data protection at the respective service provider.
In addition, we only transfer personal data to other recipients outside the GEMÜ Group if we are legally obliged to do so. In all other cases, we will only transfer your data to other third parties if you have given us the appropriate and express consent to do so.
5. Transfer of personal data to a third country
Any transfer of your personal data to a third country takes place exclusively as part of the group-wide data transfer within the GEMÜ Group. Within the GEMÜ Group, a uniform level of data protection is guaranteed through the existence of a data protection policy and through mutual contractual obligations based on the so-called standard contractual clauses or equivalent measures provided/audited by the European Union.
In addition, so-called adequacy decisions of the EU Commission also exist for some countries (Art. 45 GDPR): The EU Commission has determined that personal data is protected in such countries in the same way as in the European Union.
Adequacy decisions of the EU Commission according to Art. 45 GDPR are available on the website of the EU Commission (under https://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm).
6. Duration of storage of personal data
We only process personal data as long as it is required for the respective task fulfilment, i.e. in particular for the proper handling of our business relationship.
As soon as the relevant data is no longer required for this purpose, it will be deleted.
In order to meet certain legal requirements, we must also store individual data beyond the termination of contractual relationships. This includes, for example, documentation, proof and retention requirements under national commercial and tax law. In these cases, we are legally obliged to store or retain the data for the periods specified in these regulations. For example, the storage or retention periods relevant to the law applicable to our headquarters in Germany are usually three to ten years, or in exceptional cases, for example in the event of legal disputes, up to 30 years.
7. Rights of data subjects
According to the General Data Protection Regulation (GDPR), you have the following rights:
- If your personal data is processed, you have the right to obtain information from the controller about the data stored about you (Art. 15 GDPR).
- If incorrect personal data is processed, you have the right to have it rectified (Art. 16 GDPR).
- If the legal requirements are met, you can request the erasure of the data or restriction of the processing and lodge an objection to the processing (Art. 17, 18 and 21 GDPR).
- If you have consented to data processing or a data processing agreement exists and data processing is carried out using automated procedures, you may have the right to data portability (Art. 20 GDPR).
- You also have a right of appeal to a supervisory authority (Art. 77 GDPR).
8. Right of revocation of consent
If you have given your consent to the processing through a corresponding declaration, you can revoke your consent at any time with effect for the future. The legality of the data processing based on the consent up to the revocation is not affected by this revocation.
9. Obligation to provide the data
We must process certain personal data in order for us to provide our services to you, or we are legally obliged to process such data. We collect the relevant data from you when the contract is concluded (e.g. address, business contact details and role) or you provide it to us (e.g. support data). Without this data, we cannot conclude contracts with you.