Privacy Policy for Business Customers and Suppliers of the HUECK Group

Information on data protection regarding our processing of data pursuant to Art. 13, 14 and 21 of the General Data Protection Regulation (GDPR)

With the following information, we would like to provide you with an overview of the processing of your personal data and your rights under the General Data Protection Regulation (Regulation (EU) 2016/679 – “GDPR”) as well as the German Federal Data Protection Act (“BDSG”).
This privacy policy applies to personal data of individuals with whom we enter into contractual or business relationships, as well as to representatives, managing directors, key account managers or other employees of our contractual or business partners whose data we process in the context of existing or initiating business relationships. This includes, among others, existing or potential suppliers, service providers, customers, consultants, as well as existing or potential cooperation partners or affiliated companies.

1. Controller and Data Protection Officer

The controller within the meaning of the GDPR for the data processing described in this privacy policy is:
HUECK Rheinische GmbH
HUECK Engraving GmbH & Co. KG
Helmholtzstraße 9
41747 Viersen
Phone: +49 (0) 2162 954694-0
E-Mail: info@hueck-rheinische.de
Managing Director: Mr. René Blume

PhoneUnsere Datenschutzbeauftragte, Frau Ursula Viehauser, erreichen Sie unter:
Holger Baunach – Organisationsberatung und Datenschutz
Telefon: +49 (0)2166 2625165
E-Mail: kontakt@baunach.eu

2. Sources and Categories of Personal Data

We primarily process personal data that we receive directly from the data subjects within the framework of contractual and business relationships or that we receive from our contractual or business partners (e.g. from their colleagues with whom we are already in contact), for example in the course of handling an inquiry or an order.
In addition, we process personal data that we have lawfully obtained from publicly accessible sources (e.g. commercial registers, press, internet) or that we receive from third parties (e.g. credit agencies, business partners). We will inform you separately if personal data is collected from third-party sources.
Relevant personal data includes in particular master data (e.g. name, first name, address, bank details, invoice address, tax number/VAT ID) and other contact data (e.g. telephone number, e-mail address). In addition, this may include contract or order data (e.g. sales figures, volumes, planning quantities), data relating to the performance of our contractual obligations (e.g. information on financial circumstances such as creditworthiness data), data relating to your person (e.g. business interests, profession, industry, position, tasks and authorisations) as well as other data comparable to the categories mentioned.
The scope of the personal data processed about an individual depends on the role in which that person interacts with us, for example which position they hold at the respective business partner.

3. Purposes of Processing and Legal Bases

We process personal data for the following purposes on the basis of the following legal grounds:
3.1 Consent (Art. 6 (1) lit. a GDPR)
In individual cases, we process data because you have expressly given your consent, for example to receive advertising by electronic mail (e.g. newsletter) and/or telephone.
3.2 Performance of Contract (Art. 6 (1) lit. b GDPR)
Data processing is carried out for the performance of contracts concluded with you or your employer or for the implementation of pre-contractual measures. This includes in particular:
Purchase and delivery contracts (e.g. processing of purchase and sales inquiries, authentication of contractual partners, preparation and signing of contractual documents, execution of purchases and sales, invoicing and settlement of payments);
Service and work contracts and other contractual relationships (e.g. processing and review of corresponding offers and inquiries, authentication of contractual partners, preparation and signing of contractual documents, processing of payments; dispatch of information letters).
3.3 Legal Obligations (Art. 6 (1) lit. c GDPR)
Further data processing takes place due to legal requirements, for example for the fulfilment of tax and other statutory control and reporting obligations, as well as for audits by tax or other authorities and to comply with statutory retention periods.
3.4 Legitimate Interests (Art. 6 (1) lit. f GDPR)
We also process your data to safeguard our legitimate interests, in particular for the following purposes:
Optimal contact support in relation to employees of our business partners;
Optimisation of our business processes, e.g. by maintaining a supplier or prospect database within a customer relationship management system;
Direct marketing to existing customers;
Centralisation or outsourcing of corporate functions;
Reduction of default risks in our business processes through consultation of credit agencies (e.g. Creditreform, Bürgel) and determination of scoring values (profiling) to assess, using recognised mathematical-statistical methods, the likelihood that contractual partners will meet their payment obligations in accordance with the contract;
Assertion and defence of legal claims;
Market research purposes.
3.5 Public Interest (Art. 6 (1) lit. e GDPR)
Data processing may also be necessary in the public interest or for the performance of official tasks, for example to comply with embargo measures against suspected terrorists.

4. Recipients of Personal Data

In certain cases (beyond those already mentioned), your personal data may be transferred for the above purposes, in particular:
4.1 Disclosure for Legal Claims
If necessary for the clarification or prosecution of unlawful or abusive incidents, personal data will be forwarded to our legal advisors, law enforcement authorities and, where applicable, to injured third parties. This only takes place if there are concrete indications of illegal or abusive conduct. Disclosure may also occur if it serves to enforce contractual regulations between us and our contractual and business partners.
4.2 We are also legally obligated to provide information to certain public authorities upon request. These include primarily law enforcement agencies, authorities that prosecute administrative offenses subject to fines, and tax authorities.
4.3 Insofar as it is necessary for processing your inquiry or for the conclusion or execution of a contractual or business relationship with you, as well as in the case of centralized or outsourced corporate functions, your data may be transferred to affiliated companies for the fulfillment of the aforementioned purposes.
4.4 Occasionally, we rely on contractually affiliated third-party companies or other cooperation partners as well as external service providers, potentially located outside the EU or EEA, to fulfill the purposes described in this privacy policy or to provide our services—for example, brokers, logistics companies, IT service providers, business consultants, and financial institutions. In such cases, information is transferred to these companies or individuals to enable them to process it further. Insofar as these are entities outside the EU or EEA, we ensure an appropriate level of data protection, for example, by concluding appropriate contracts with the data recipient.
4.5 As part of the further development of our business, the structure of our company may change by altering the legal form, or by establishing, purchasing, or selling subsidiaries, business units, or components. In such transactions, customer information is transferred together with the part of the company being transferred. With every transfer of personal data to third parties to the extent described above, we ensure that this is done in accordance with this privacy policy and the applicable data protection laws.

5. Processing Duration

We process your personal data during the period of your employment with one of our business partners, but not longer than until the final termination of the respective business relationship between us and your employing company. Transaction-related information (such as regarding a specific contractual or order relationship) is deleted after completion of the respective transaction, e.g., fulfillment of a delivery contract, with a period of three years after the end of the respective calendar year, unless this information is subject to longer statutory retention obligations (such as the six- or ten-year retention pursuant to Section 257 of the German Commercial Code); in such a case, the affected data will be blocked for any further processing.

6. Data Subject Rights

6.1 You have the right to obtain information about the data stored about you at any time. If the respective requirements are met, you also have the following rights:
– Right to rectification: You have the right to rectification of incorrect personal data concerning you.
– Right to erasure: You may also request the erasure of your personal data, for example, if your data is no longer necessary for the purposes for which it was collected or otherwise processed.
– Right to restriction of processing: You also have the right to request the restriction of processing of your personal data; in such a case, the data will be blocked for any processing. This right exists in particular if the accuracy of the personal data is disputed between you and us.
– Right to data portability: Insofar as we process your personal data to fulfill a contract with you or on the basis of your consent, you also have the right to receive your personal data in a structured, commonly used, and machine-readable format, to the extent that you have provided the data to us.
– Right to withdraw consent: If you have given us consent to process your personal data, you may withdraw it at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
– Right to object:
Insofar as the processing of your personal data is carried out pursuant to Article 6(1)(f) GDPR to safeguard legitimate interests, you have the right pursuant to Article 21(1) GDPR to object to the processing of this data at any time on grounds relating to your particular situation. We will then no longer process this personal data unless we can demonstrate compelling legitimate grounds for the processing. These must override your interests, rights, and freedoms, or the processing must serve the assertion, exercise, or defense of legal claims.
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (Article 21(2) GDPR).
6.2 If you wish to obtain information about the data stored about you, wish to assert your other rights, or have questions about data protection at our company, you can contact us at the following email address: privacy@hueck-rheinische.de.
6.3 You also have the right to lodge a complaint with a supervisory authority at any time, in particular with a supervisory authority in the member state of your residence, your place of work, or the place of the alleged infringement, if you believe that the processing of personal data concerning you violates data protection regulations.

7. Status and Amendment of This Privacy Policy

The status of this privacy policy is August 8, 2024.

The further development of our company may also affect the handling of personal data. We therefore reserve the right to amend this privacy policy in the future within the framework of applicable data protection laws and, if necessary, to adapt it to changed data processing realities. We will inform you separately of significant, substantive changes.