Data protection information for customers and business partners pursuant to Art. 13 GDPR

Dear customer, 
Dear Business Partner,

We at CREMER take the protection of your personal data seriously. This data protection notice informs you about the processing of personal data in the context of a business relationship with us and your rights in connection with this data processing. Please also make the data protection information available to your employees.

 

1.              Controller:

The controller for processing your personal data is:

Peter Cremer Holding GmbH & Co. KG

Glockengiesserwall 3

20095 Hamburg -

 

2.              Data protection officer:

You can contact our data protection officer at the above postal address, with the addition “To the data protection officer” or at the e-mail address:

Datenschutz@cremer.de

 

3.              What data do we process?

We process personal data that you voluntarily provide to us as part of our business relationship. This includes the following data or categories of data:

  • Master data (e.g. title, surname, first name, email address, telephone number, fax number, address)
  • Bank details (e.g. IBAN, BIC)
  • tax number
  • Business transaction data
  • Data that arises during the business relationship

 

We do not process any personal data that we receive from third parties.

 

4.              For what purpose do we process your data and on what legal basis?

We use your data for the initiation, conclusion and performance of the contract, as well as for invoicing and managing payments made or received. In addition, we use your data for accounting processes and use the communication data provided by you for contract-related communication. The legal basis for this processing is Art. 6 para. 1 lit. b GDPR. 
We also use your data to inform you about our products/services to the extent permitted by law.

If we contact you by post, the processing is based on the legal basis of Art. 6 para. 1 lit. f GDPR and serves our legitimate interest in direct marketing. We will always inform you by telephone or e-mail with your consent on the basis of Art. 6 para. 1 lit. a GDPR. For advertising to existing customers, feedback requests and press accreditation, the legal basis in each case is the legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR. The legitimate interests include our advertising interests, organizational interests and our desire to continuously improve our products, range and service. In addition, we process your data to fulfill legal obligations (e.g. regulatory requirements, commercial and tax law retention and verification obligations, Art. 6 para. 1 sentence 1 lit. c GDPR).

  

5.              Who receives the data?

Your data will be passed on to the employees responsible within our company for the aforementioned purposes (Art. 6 para. 1 sentence 1 lit. b GDPR). Data will only be passed on to third parties outside our company if this is necessary for contract processing or billing, if you have given your consent or if there is a legal basis or obligation.

Where we use the services of third parties (so-called processors) to carry out and handle processing operations, the provisions of the GDPR are complied with. Service providers who support us in fulfilling our services to you are:

  • Hosting-Provider
  • E-Mail service provider
  • IT service provider
  • Service provider for data destruction
  • HR service provider
  • Financial service provider
  • Tax service provider
  • CMS service provider
  • Credit assessment service provider
  • Marketing provider
  • Cloud services and software (SaaS) providers

 

We pass on personal data to the following third parties who process personal data under their own responsibility (so-called controllers, cf. Art. 4 No. 7 GDPR) within the scope of legal admissibility and necessity:

  • Auditors
  • public authorities
  • tax consultants

 

6.              Storage of data

We only process your personal data as long as necessary to fulfill the respective processing purpose.

In addition, we are subject to various retention and documentation obligations arising from the German Commercial Code (HGB) or the German Fiscal Code (AO), among others. These can last up to 10 years.

Finally, the storage period is also assessed according to the statutory limitation periods, which can be up to thirty years, for example according to §§ 195 ff. of the German Civil Code (BGB), whereby the regular limitation period is three years.

 

7.              Your rights

Every person concerned has the right of access under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to erasure under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR and the right to data portability under Art. 20 GDPR. To exercise the aforementioned rights, you can contact the offices listed under point 1.

You can revoke your consent to data processing at any time without any formal requirements. To do so, you can contact the office named under paragraph 1.

If we process your data to protect legitimate interests, you can object to this processing at any time for reasons arising from your particular situation. To do so, you can contact the office named in section 1.

You also have the right to complain to a data protection supervisory authority (Art. 77 GDPR).