2. Information for current and potential customers
2.1. Voluntary basis of data provision
Personal data is always provided on a voluntary basis. However, in order to conclude and implement the business relationship, it is necessary for us to process certain per-taining to you.
2.2. General data from the business relationship
We process the data which you provide us in conjunction with our business relationship. In particular, this includes the following data:
Contact information of the customer's contact person, particularly their title, name, business address, phone number and email address; bank account details and invoicing information, master data changes made by you, e.g. address changes
2.3. Data from other sources
We do not process personal data from publicly available sources (e.g. commercial registers, public agencies, Internet) unless this is legally permissible, for example because it is necessary in order for us to provide our services.
In particular, this includes the following data:
Name and business address of the CEO and shareholder, if available from public sources and commercial registers.
2.4. Purpose and legal bases for data processing
We collect and process your aforementioned personal data as necessary for the acceptance and performance of our contractual obligations to you (Article 6 Sect. 1 lit. b GDPR). For instance, we process your contact information in order to establish contact for the purpose of concluding a contract. If you establish a business relationship with us as a prospective customer, supplier or customer, we will save or otherwise process your contact information as well as information pertaining to business transactions and communication with you.
We also process your personal data where processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, or in order to enforce legal claims and defend against claims in legal disputes (Article 6 Sect. 1 lit. f GDPR). In line with contract performance, we have a legitimate interest in processing the data, e.g. in order to perform credit checks or sanctions list checks and collect debts, including in partnership with debt collectors.
We also process your data where processing is necessary for compliance with a legal obligation on our part (Art. 6 Sect. 1 c GDPR).
2.5. How are my data transferred?
Your data are processed and shared exclusively for the purpose of meeting contractual, business and/or legal obligations. We use processors in order to provide special services. Your data are transferred to them strictly in accordance with the obligation of confidentiality and the terms of the GDPR. As a globally active corporation, in conjunction with our business relationships, we transfer personal data to subsidiaries and other recipients, including outside of the EU, as legally permissible. Potential categories of recipients include: shipping service providers, collection service providers, financial and tax authorities, police and investigative authorities (with valid legal basis), regulatory bodies (if the transfer is legally required), insurance providers, banks and credit institutions (payment processing, auditors, printing service providers).
2.6. How long will my data be stored?
We only process and store your personal data for as long as necessary in order to fulfil our contractual, legal or in-process obligations. If there is no longer a legal basis for storing the data, it will be deleted. This includes the legal retention requirements of 6 and 10 years for accounting and tax reasons.