Data Protection Notice pursuant to Art. 13 GDPR for customers, suppliers, and business partners
1. Responsible Party (Controller)/Data Protection Officer
Data processing is carried out by
MEA Group GmbH and all its subsidiaries, Sudetenstraße 1, 86552 Aichach, Germany, Phone: +49 8251 91 – 0, Fax: +49 8251 91 -1360, firstname.lastname@example.org.
The company’s Data Protection Officer is Maximilian Hartung, SECUWING GmbH & Co KG, Frauentorstraße 9, 86152 Augsburg, Germany, Phone: +49 821 90786458, E-mail: email@example.com
2. Data Collection, Data Storage
We process personal data that we receive from you in the course of our business relationship.
If and insofar as this is necessary for the provision of our services, we process personal data which we have legitimately received from third parties (e.g. for the execution of orders, for the fulfilment of contracts, or on the basis of consent given by you).
We process personal data that we have legitimately obtained from publicly accessible sources (e.g. press, media) and are authorised to process.
Relevant personal data are master data (name, address and other contact data, company, company address, and other company contact data). In addition, this may also include contract data (e.g. order data, product data), data from the fulfilment of our contractual obligations (e.g. sales), creditworthiness data, scoring/rating data, advertising and sales data (including advertising scores), documentation data (e.g. from documented conversations), data about your use of the telemedia services offered by us (e.g. time of calling up our newsletter), as well as other data comparable with the categories mentioned.
The data are processed at your request and in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR for the purposes mentioned above to appropriately process the order and for the mutual fulfilment of obligations arising from the contract.
The personal data collected by us for the performance of the order will be stored until the expiry of the legal obligation to store said data (up to 10 years after the conclusion of the order) and are then deleted, unless we are obligated to longer storage in accordance with Article 6 para. 1 sentence 1 lit. c GDPR due to tax and commercial lawful storage and documentation obligations (from HGB (German Commercial Code), StGB (German Penal Code), or AO (German Taxation Regulation)), or if we are legally bound to a longer storage period, or if you have given us your consent to store the data beyond the term as stipulated pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR.
3. Data Collection within the Framework of the Balancing of Interests (Art. 6 para. 1 lit. GDPR)
We also process your data beyond the actual fulfilment of the contract in order to protect our legitimate interests or those of third parties, e.g.:
- Data exchange with credit agencies (e.g. SCHUFA) to determine creditworthiness and default risks;
- Review and optimisation of procedures for needs analysis and direct customer approach;
- Advertising or market and opinion research, provided you have not objected to the use of your data;
- Assertion of legal claims and mounting a defence in legal disputes;
- Ensuring the integrity of company IT security and IT operations;
- Measures for building and maintaining system security (e.g. access controls);
- Measures to secure the householder’s rights;
- Measures for business management and further development of services and products;
- As an aid to customer advice and support, as well as sales;
- General business management and further development of services, systems, and products;
- Fulfilment of internal requirements and the requirements of our affiliated companies;
- Crime prevention and investigation, risk management, and fraud prevention.
Our interest, and that of the additional responsible parties (data controllers), in the respective processing results from the respective purposes and is otherwise of an economic nature (efficient performance of tasks, distribution and avoidance of legal risks). As far as the specific purpose permits, we and the additional data controllers will process your data in pseudonymised or anonymised form.
3.1 On the Basis of your Consent (Art. 6 para. 1 lit. a GDPR)
If you have given us your consent to process personal data for specific purposes (e.g. newsletter distribution), this processing is legal on the basis of your consent. You may revoke your consent at any time. This also applies to the withdrawal of declarations of consent given to us before 25 May 2018. Please note that such withdrawal only becomes effective in the future. Processing operations that are performed prior to the revocation are not affected.
3.2 On the Basis of Legal Requirements (Art. 6 para. 1 lit. c GDPR)
We are subject to various legal obligations, i.e. statutory requirements, (e.g. terrorist list regulations, money laundering laws, tax laws) on the basis of which we are obliged to process personal data. The purposes of processing include the prevention of fraud and money laundering, the fulfilment of tax monitoring and reporting obligations, as well as the assessment and management of risks.
4. Data Usage
Within our company, the departments that receive your data are those that need them to fulfil their contractual and legal obligations or to fulfil their respective tasks (e.g. sales and marketing).
In addition, the following recipients may receive your data:
contract processors (Art. 28 GDPR) used by us, in particular in the area of IT services and logistics and printing services, who process your data on our behalf and in accordance with our instructions, public authorities and institutions in the event of a legal or official obligation on the part of our respective agents, employees, representatives, authorised representatives, auditors, service providers, as well as any subsidiaries or group companies (and their respective agents, employees, consultants, representatives, authorised representatives).
Your personal data will only be disclosed to the following recipients or categories of recipients:
network operators, metering point operators and service providers for the supply and billing of the contract. This also applies to economically sensitive information within the meaning of §60 EnWG (Law on Energy Management). Credit institutions and providers of payment services for settlements and the processing of payments. Service providers for operating the IT infrastructure, for printing invoices and subscriber/customer information letters, as well as for destroying files. Public authorities in justified cases (e.g. social security institutions, tax authorities, police, public prosecutor’s office, supervisory authorities). Credit agencies and scoring providers for credit information and the assessment of credit risks. Collection service providers and lawyers to collect claims, in which case we will inform you before the intended transfer.
5. Data Storage
If necessary, we process and store your personal data for the duration of the business relationship, which also includes, for example, the initiation and processing of a contract. It should be noted that our business relationship is usually a long-term debt relationship which is designed to run for years. In addition, we are subject to various storage and documentation obligations, including those arising from the German Commercial Code (HGB) and the Fiscal Code (AO). The time limits for storage and documentation specified therein range from 2 years to 10 years. Finally, the retention period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 et seqq. of the German Civil Code (BGB) may be 3 years as a rule, but in certain cases also up to 30 years.
6. Transfer of Data to Third Parties
Your personal data will not be transferred to third parties for purposes other than those listed. Insofar as this is required to process contractual relations with you pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR, your personal data will be transferred to third parties. This in particular includes the transfer to opponents of proceedings and their representatives (in particular their lawyers) as well as courts and other public authorities for correspondence purposes, as well as for asserting and defending your rights. Third parties may exclusively use the transferred data for the specified purposes. Your data will only be transferred to countries outside the European Economic Area – EEA (third countries) – if this is necessary or legally required for the performance of your orders or if you have given your consent.
7. Rights of Data Subjects
You have the right:
- pursuant to Art. 7 para. 3 GDPR, to revoke your consent provided to us at any time. As a result, we are no longer allowed to continue processing data based on this consent in the future;
- to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may obtain information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, erasure, restriction of processing, or objection, the existence of a right of appeal, the origin of your data, if this has not been collected by us, and the existence of automated decision-making including profiling and, where appropriate, meaningful information about their details;
- to immediately request the completion of or the correction of incorrect personal data stored by us in accordance with Art. 16 GDPR;
- to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest, or to assert, exercise or defend legal claims;
- pursuant to Art. 18 GDPR, to demand the restriction of the processing of your personal data, as far as the accuracy of the data is disputed by you, the processing is unlawful, but you reject their erasure and we no longer need the data, but you still need them to assert, exercise, or defend legal claims or you have objected to processing in accordance with Art. 21 GDPR;
pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, current and machine-readable format or to request their transfer to another responsible person;
- according to Art. 77 GDPR, to complain to a supervisory authority. As a rule, you can contact the competent supervisory authority of your usual place of residence or workplace, or our headquarters.
8. Right of Objection
If your personal data are processed based on legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right, following Art. 21 GDPR, to object to the processing of your personal data if there are reasons for this that arise from your particular situation.
We can also process your data for direct advertising within the framework of legal regulations. You have the right to object to the processing of your personal data for the purpose of such advertising at any time. This also applies to any profiling connected with such direct advertising. If you object to the processing of your personal data for direct marketing purposes, we will no longer process your personal data for these purposes.
If you wish to exercise your right of objection, simply send us an email using the contact details given at the beginning of this notice.