1. Responsible party, Data protection officer
The data is processed by
FORTEC Elektronik AG, Augsburger Str. 2b, 82110 Germering, Phone: +49 89 / 894363 - 0, Fax: +49 89 / 894363 131, Email: info(at)fortecag.de.
The in-house data protection officer is Maximilian Hartung, SECUWING GmbH & Co. KG, Frauentorstraße 9, 86152 Augsburg, Phone: +49 821 90786458, Email: epost(at)datenschutz-agentur.de
2. Data collection, Data storage
We process personal data which we obtain from you in the context of our business relationship.
We process personal data – to the extent required for the provision of our service – which we have permissibly obtained from other companies (e.g. for execution of orders, for fulfilment of contracts or on the basis of a consent obtained from you).
We process personal data, which we have acquired from publicly accessible sources (e.g. press, media) and which we are allowed to process.
Relevant personal data is master data (name, address and other contact data, company, company address and other company contact data). Apart from that, it can also be job data (e.g. order data, product data), data from fulfilling our contractual obligations (e.g. revenues), creditworthiness data, scoring/rating data, promotional and sales data (including promotional scores), documentation data (e.g. from documented meetings), data about your use of the tele-media we offer (e.g. accessing our newsletter) as well as other data comparable with the categories mentioned.
The data is processed upon your request and is required according to Article 6 Para 1 S. 1 lit. b of GDPR for the mentioned objectives for the appropriate handling of the job and for the mutual fulfilment of obligations from the contract.
The personal data collected by us for the fulfilment of the job is stored till the expiry of the statutory retention requirement (up to 10 years after the end of the job) and then erased, unless we are obliged to a longer storage according to Article 6 Para 1 S. 1 lit. c of GDPR based on tax law and commercial law retention and documentation requirements (from Commercial Code (HGB), Penal Code (StGB), Tax Code (AO)) or you have consented to storage beyond this period under Article 6 Para 1 S. 1 lit. a of GDPR.
3. Data collection in the context of balancing of interests (Article 6 Para 1 letter f of GDPR)
If required, we process your data beyond the actual fulfilment of the contract for safeguarding our or third party’s legitimate interests, e.g.:
- Data exchange with credit agencies (e.g. SCHUFA) for determining credit or default risks;
- Testing and optimisation of procedure for needs analysis and direct customer contact;
- Promotion or market and opinion research, provided they have not contradicted the use of your data;
- Assertion of legal claims and defence in legal disputes;
- Guaranteeing the IT security and IT operation of our company;
- Prevention and clarification of offences;
- Measures for building and facility safety (e.g. admission control);
- Measures for ensuring the domiciliary right
- Measures for business management and advancement of services and products.
- Support in customer consultation & assistance, and sales
- General business management and advancement of services, systems and products.
- Fulfilling internal requirements and the requirements of the companies associated with us,
- Guaranteeing the IT security and IT operation
- Promotion, market and opinion research
- Assertion of legal claims and defence in legal disputes
- Prevention and clarification of offences as well as risk management and fraud prevention
Our interest and that of the additional responsible parties in the respective processing results from the respective objectives and is otherwise of economic nature (efficient task fulfilment, sale, avoiding legal risks). Provided it permits the specific objective, we and the additional responsible parties process your data; giving it pseudonyms or making it anonymous.
3.1. On the basis of your consent (Article 6 Para 1 letter a of GDPR)
Provided you have issued us a consent for processing of personal data for certain objectives (e.g. for the dispatch of newsletters), the legality of this processing is given on the basis of your consent. An issued consent can now be withdrawn. This also applies for the withdrawal of declarations of consent which have been issued to us before the 25th May 2018. Please note that the withdrawal works only in regards to the future. Processing that has happed before the withdrawal is not affected by it.
3.2. On the basis of legal requirements (Article 6 Para 1 letter c of GDPR)
We are subject to various legal obligations, i.e. legal requirements (e.g. terrorist list regulations, Money Laundering Act, tax laws), on the basis of which we must process personal data. The objectives of processing include prevention of fraud and money laundering, compliance of tax law control and reporting obligations as well as the assessment and management of risks among other things.
4. Use of the data
The departments within our company which require your data for fulfilling the contractual and legal duties or for fulfilling their respective tasks (e.g. sales and marketing) receive it.
Furthermore, following departments can receive your data:
order processers employed by us (Article 28 of GDPR), especially in the area of IT services, logistics and print services, who process your data for us bound by instructions, public bodies and institutions if a legal or official obligation exists, our respective agents, employees, representatives, authorized persons, auditors, service providers as well as any subsidiary companies or group companies (and their respective agents, employees, consultants, representatives, authorised persons)
Your personal data is disclosed only to the following recipients or categories of recipients:
Network operators, meter operators and service providers for the delivery and settlement of contract. This also applies for economically sensitive information in terms of §60 of Energy Industry Act (EnWG). Credit institutions and providers of payment services for settlement as well as handling of payments. Service providers for operation of IT infrastructure, for printing settlements and power recipients/customer newsletter, as well as for destruction of records. Public bodies in justified cases (e.g. social insurance agencies, finance authorities, police, public prosecutor’s office, supervisory authorities). Credit agencies and scoring providers for credit checks and assessment of credit risk. Collection service provider and lawyers to collect claims, where we inform you before the intended transmission.
5. Storage of data
If required, we process and store your personal data for the duration of the business relationship, which for example, also covers the initiation and processing of a contract. It must be noted in this that our business relationship is a regular continuing obligation, which lasts for years. Furthermore, we are subject to various retention and documentation requirements, which arise from Commercial Code (HGB) or the Tax Code (AO) among other things. The periods for retention or documentation specified there are two to ten years. Finally, the duration of storage is also assessed by the legal periods of limitation, which according to §§ 195 et. seq. of the Civil code (BGB)for example, can amount to 3 years as a rule, but in certain cases, even up to thirty years.
6. Passing on of data to third parties
Your personal data is not passed on to third parties for objectives other than those listed below. If it is necessary under Article 6 Para 1 S. 1 lit. b of GDPR for handling of contractual relationships with you, your personal data is passed on to third parties. This particularly includes the passing on to opponents in lawsuit and their representatives (especially their lawyers) as well as courts and other public authorities for the objectives of correspondence and for asserting and defending your rights. The data that is passed on may be used by the third party exclusively for the named objectives. Your data is transmitted outside the European Economic Area – EEA (third countries) only if it is required or legally prescribed for the execution of your orders or you have issued your consent.
7. Rights of person concerned
You have the right:
- as per Article 7 Para 3 of GDPR, to withdraw your consent once issued to us at any time. As a consequence of this, we shall no longer be allowed to continue the data processing which relates to this consent in the future;
- as per Article 15 of GDPR, to demand information about your personal processed by us. You can especially demand information in detail about the processing objectives, the category of personal data, the category of recipients to whom your personal data was or is disclosed, the planned storage duration, the existence of a right to correction, erasure, restriction of processing or objection, the existence of a right to appeal, the source of your data if it was not collected with us, as well as the existence of an automated decision making including profiling and meaningful information, where applicable;
- as per Article 16 of GDPR, to promptly demand the correction of your incorrect personal data stored with us or its completion;
- as per Article 17 of GDPR, to demand the erasure of your personal data stored with us, provided the processing is not necessary for exercising the right to freedom of expression and information, for fulfilment of a legal obligation, for reasons of public interest or for asserting, exercising or defence of legal claims;
- as per Article 18 of GDPR, to demand the restriction of processing of your personal data, provided the correctness of data is contested by you, the processing is unlawful, but you decline its erasure and we no longer need the data, but you need it for assertion, exercise or defence of legal claims or you have filed an objection against the processing under Article 21 of GDPR;
- as per Article 20 of GDPR, to obtain your personal data which you have provided to us, in a structured, current and machine-readable format or to demand the transmission to another responsible party and
- as per Article 77 of GDPR, to appeal with a supervisory authority. As a rule, you can contact the supervisory authority of your usual residence or workplace or our head office for this.
8. Right to objection
Provided your personal data is processed on the basis of legitimate interests, as per Article 6 Para 1 S. 1 lit. f of GDPR, you have the right, as per Article 21 of GDPR, to appeal against the processing of your personal data, provided there are reasons for it, which result from your special situation.
We can also process your data in the context of legal provisions for direct promotion. You have the right to appeal at any time against the processing of the personal data concerning you for the objectives of such promotion. This also applies to the profiling, provided it is in connection with such direct advertising. If you object the processing for the purposes of direct advertising, then we shall no longer process your personal data for these purposes.
If you would like to use your right to objection, an email to our contact data at the beginning of this information is sufficient.