Privacy Notice

for customers and other data subjects

Data protection notice for customers and other data subjects

Information on data protection

As a data processing company for us (see "Who is responsible for data processing?"), the protection of your personal data is very important to us. We treat your personal data confidentially and in accordance with the applicable local data protection regulations (e.g. European General Data Protection Regulation [GDPR], German Federal Data Protection Act [BDSG], Austrian Data Protection Act 2018 [DSG 2018] and so on).

The General Data Protection Regulation stipulates that individuals who collect data must be informed about the respective processing context in order to ensure fair and transparent processing.

The following information provides you with an overview of how we process your personal data, informs you of your rights under data protection law and tells you who you can contact if you have any questions. Which data is processed in detail and how depends largely on the services you have requested or commissioned. Therefore, not all parts of this information will probably apply directly to you.

 

Who is responsible for data processing?

Within the meaning of the law, the company with which you conclude your contract or have concluded your other agreement. Please refer to your documents to find out which company this is. There you will find the following information about the respective controller:
 

Scheer PAS Germany GmbH
Scheer Tower
Uni-Campus North
D-66123 Saarbrücken
Phone: +49 681 96777-0

 
 

Scheer PAS Switzerland AG
Lautengartenstraße 12
CH-4052 Basel
Phone +41 61 27097-10
Fax +41 61 27097-11
E-mail: info@scheer-pas.com

Within the European Union, Scheer PAS Deutschland GmbH (see above) acts as a representative within the meaning of Article 27 GDPR of Scheer PAS Schweiz AG.

 

On what legal basis do we process your data?

We process your personal data for the following purposes on the basis of the following legal bases.

 

For the fulfilment of contractual obligations

If you are already our customer or if you provide us with your personal data as part of a business initiation ¬ (e.g. if you have expressed an interest in our services, e.g. at trade fairs), or if you wish to update this data, we will process this personal data for the fulfilment of the contractual relationship or for pre-contractual purposes at your request in accordance with Art. 6 para. 1 lit. b GDPR. This includes the use for the purpose of an in-depth examination of whether an order can be accepted at all and for the purpose of fulfilling mutual outstanding claims. The purposes of data processing are primarily based on your product interest and may also include needs analyses and general advice.

Please refer to the respective contract documents, terms and conditions and product information for the specific services. In the case of existing contracts, we may collect further personal data from you in individual cases. This may be the case, for example, if we advise you on a contract amendment or an extension of services, which may be useful in order to consider the entire customer relationship.

 

Compliance with legal requirements

We also process your personal data to fulfil numerous legal obligations, e.g. in connection with contract processing. These include, in particular, retention periods under commercial, trade or tax law, e.g. for offers, contracts or invoices. This also includes reporting obligations or possible regulatory and industry-specific requirements. Industry-specific requirements may also have been imposed on us by you as part of the business relationship. We process your personal data in the event of the fulfilment of a legal obligation to which we are subject pursuant to Art. 6 para. 1 lit. c GDPR. A legal obligation arises, for example, in particular from Section 147 of the German Fiscal Code [AO].

 

Legitimate interest

We also process your data to protect the legitimate interests of us or third parties (e.g. cooperation partners), insofar as this is legally permissible (Art. 6 para. 1 lit. f GDPR), if no corresponding consent has been given and no legal basis for the data processing is apparent and only if the requirements of Art. 6 para. 1 lit. f GDPR are met. We are not only happy to send you personalised communications (e.g. invitations) to provide you with further information about us or our products and services, but also invite you to participate in customer surveys, for example, so that we can better understand your overall needs, deepen our relationship with you and design our products and services to meet your needs. We compile customer or market-specific statistics in order to optimise our range of services for you and thus support our company management. We also process your personal data in order to potentially assert our rights and enforce our legal claims in the event of a dispute. Finally, we process your personal data insofar as this is necessary to prevent or prosecute criminal offences, to ensure smooth IT operations, as part of building security measures (e.g. access control) and to safeguard domiciliary rights.

 

Consent

Insofar as you have given us your consent to process your data for specific purposes (e.g. receiving our newsletter), the lawfulness according to Newsletter Art. 6 para. 1 lit. a GDPR. Consent can of course be revoked at any time with effect for the future. Please note that if the processing has already begun, a revocation can only be made with a time delay and that in individual cases, especially in connection with information that is available on the Internet, a further revocation may be hardly or not at all possible.

 

What sources and data categories do we use?

In principle, we process personal data that we receive from you as part of our business relationship. In addition, insofar as this is necessary for the provision of our services, we process personal data that we have lawfully received (e.g. creditworthiness information in connection with the execution of orders) from companies in the Scheer PAS or other third parties (e.g. credit agencies). On the other hand, we may also process data that we have lawfully obtained and process from publicly accessible sources (e.g. commercial register, press).

We may have collected information about the following categories of data:

  • Personal master data (e.g. surname, first name, address data)
  • Contact information (e.g. telephone, e-mail, preferred language, time zone)
  • Information about planned projects and your interest in products and services
  • Information about your profession/your company (e.g. industry, occupation, employer, position, title, department, company address)
  • Order characteristics (e.g. customer number)
  • Data from the fulfilment of our contractual obligations (e.g. sales data in payment transactions),
  • Data for legitimisation and authentication
  • Documentation data (e.g. protocols)
  • Data in connection with the visit to our website (see data protection notice on the respective page, e.g. https://www.scheer-pas.com/en/privacy-notice-for-website-visitors/).

Obligation to provide the data

As part of our business relationship, you must provide the personal data that is necessary for the establishment and implementation of our business relationship and the fulfilment of the associated contractual obligations or that we are legally obliged to collect.

Without processing your personal data, we will generally not be able to conclude or fulfil the contract with you or comply with your request.

 

Who has access to your data?

Within our group of companies, your personal data will only be made available to those departments that require it to fulfil the above-mentioned purposes (e.g. marketing, sales, project staff, accounting). Your data will not be passed on outside our group of companies. However, other bodies may be those to which we are legally obliged to disclose in some way (e.g. authorities and institutions), for the enforcement of outstanding claims (e.g. lawyers) to whom you have given your consent (e.g. as a reference), or such service providers who necessarily support us in the provision of services. This may occur, for example, in the categories of IT services, certification/auditing, logistics, printing services, archiving, waste disposal, telecommunications, consulting, debt collection or marketing, provided that a data protection law applies. If processors are directly involved in the provision of part of the service, this is done in accordance with the requirements of Article 28 GDPR. Under no circumstances will we sell your data. We do not transfer your data to third countries. Since our group of companies also includes companies in third countries or, for competitive reasons, we support service providers with headquarters, parent companies or data centres in third countries in individual cases, it may be necessary to transfer data. In these cases, we ensure as far as possible that only data that is necessary for the fulfilment of the specific task is accessed and that suitable security measures have also been taken (e.g. adequacy decision of the EU Commission, standard contractual clauses, other technical measures).

 

Your rights

Within the framework of the relevant regulations (in particular Articles 15 - 21 GDPR), you have a wide range of rights in relation to the processing of your personal data: Right of access, right to rectification, right to erasure, right to restriction of processing and right to data portability. You also have the right not to be subject to an exclusively automated individual decision. Finally, you have the right to lodge a complaint with a competent data protection supervisory authority.

The right of access and the right to erasure are subject to legal restrictions. You also have the right to object to the processing of your personal data for direct marketing purposes. If we process your data to protect legitimate interests, you can object to this processing if there are reasons relating to your particular situation that speak against data processing. Further information on the right to object can be found below.

 

Is there an exclusively automated decision-making process?

Fully automated decision-making (a decision based purely on automated processing) does not take place in accordance with Article 22 GDPR, neither in the case of an establishment nor for the implementation of the business relationship.

 

Does profiling take place?

We process some of your data partially automatically (e.g. click rate in the online area, credit check, customer management, payment behaviour) with the aim of getting to know and understand you and your needs better. This enables us to provide customised communication and advertising, including market and opinion research. Fully automated profiling does not take place.

 

Data storage period

Unless you request the deletion of the data, we will store it for as long as it is required for the purpose for which it was collected. In addition, the data may be stored, in particular if a contractual relationship exists or existed, to fulfil retention obligations under commercial and tax law (e.g. 2 to 10 years) or to preserve evidence within the framework of statutory limitation periods (e.g. up to 30 years).

 

Information about your right to object in accordance with Article 21 of the General Data Protection Regulation

Right to object in individual cases: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(f) GDPR (data processing on the basis of a balancing of interests); this also applies to profiling based on this provision within the meaning of Article 4(4) GDPR which we use to check creditworthiness or for advertising purposes. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. Right to object to the processing of data for direct marketing purposes: In individual cases, we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes. The objection can be made informally and should be addressed to the above-mentioned responsible person if possible.

 

Data Protection Officer

You can reach our data protection officer or a contact person for data protection at: datenschutz@scheer-group.com and by post via the address of the controller stated at the beginning.

 

Other notes

As the recipient of this information, please inform other persons in your organisation who are affected by this information. The status of this information is 2022, September. We reserve the right to update this information if necessary.