Information according to Art. 13 GDPR
1. Information according to Art. 13 GDPR
1.1. Designation of the processing activity
This data protection information is provided in connection with the processing based on advertising, sales and the implementation of our business activities (manufacture, sale, delivery of confectionery).
1.2. Name and contact details of the person responsible
Hitschler International GmbH & Co. KG, An der Hasenkaule 10, 50354 Hürth, e-mail: firstname.lastname@example.org, Tel.: 0221 46016-53 is responsible for data collection
1.3. Contact details of the data protection officer
data protection officer
Dr. iur. Andreas Pinheiro, LL.M.
Berrenrather Str. 274, 50937 Cologne
Company ap data protection
1.4. Origin of the personal data
hitschler International GmbH & Co. KG processes personal data that it receives from you as part of its business relationship.
In addition, hitschler International GmbH & Co. KG processes personal data that it has legitimately obtained from publicly accessible sources (e.g. commercial and association registers, press, media) and is allowed to process.
1.5. Purposes and legal bases of processing
1.5.1. The following categories of data are processed:
- Personal data (name, address, telephone number, e-mail, date of birth)
- Order data (e.g. delivery order),
- payment details
- Data from the fulfillment of our contractual obligation (e.g. )
- Advertising and Sales Data
- Supplier data (e.g. ext. DL)
1.5.2. Purposes and legal bases of processing
hitschler International GmbH & Co. KG processes personal data (Art. 4 Para. 2 DS-GVO) on the basis of Art. 6 Para. 1 Sentence 1 Letter b DS-GVO. The processing serves to carry out our contracts or pre-contractual measures with you and to carry out your order, as well as all activities required for the operation and administration of our food business. The respective details on the purpose of data processing can be found in the respective contract documents and terms and conditions.
Beyond the actual fulfillment of the contract, hitschler International GmbH & Co. KG processes personal data in accordance with Art. 6 Para. 1 Sentence 1 Letter f GDPR. This is permissible insofar as the processing is necessary to protect our legitimate interests or those of a third party, provided your interests or fundamental rights and freedoms which require the protection of personal data do not prevail. Such a legitimate interest exists in
- Execution of payment processing via external service providers
- Assertion of legal claims and defense in legal disputes
- To advertise your own products within the permitted legal framework (e.g. advertising for existing customers or recommendation advertising (flyers) that is not relevant under data protection law)
- Ensuring the IT security and IT operations of the company
- To prevent and investigate criminal offenses, we use data analysis in particular to identify indications of fraud or misuse.
In addition, hitschler International GmbH & Co. KG processes personal data in accordance with Art. 6 Para. 1 Letter c DS-GVO insofar as this is necessary for the fulfillment of legal obligations to which it is subject as a company. The purposes of processing include: e.g. B. commercial and tax law storage obligations according to 257 Commercial Code (HGB) and 147 Tax Code (AO).).
1.5.3. Purposes and legal basis of processing (video conferences (VKS))
Insofar as you have given hitschler International GmbH & Co. KG consent to the processing of your personal data in order to participate in a separate seminar, web seminar or VK, the legality of this processing is given on the basis of your consent (Art. 6 Para. 1 S 1 letter a GDPR). A given consent can be revoked at any time. Please note that the revocation only applies to the future. Processing that took place before the revocation is not affected.
hitschler International GmbH & Co. KG processes personal data (Art. 4 Para. 2 DS-GVO) on the basis of Art. 6 Para. 1 Sentence 1 Letter b DS-GVO. The processing serves the implementation of our contracts or pre-contractual measures with you and the execution of your order, as well as all activities necessary for the operation and administration of our company. In this case, the implementation of the seminar, the VK or the training is part of a contract concluded with you, which we hereby fulfill. The respective details on the purpose of data processing can be found in the respective contract documents and terms and conditions.
1.5.4. Processing of your data in video conferences (VKS)
You can register for the web seminar, seminar or VK by emailing us by leaving your name and email. We verify your identity via a personal query via email.
We will then email you a personal invitation link to your email inbox. At the time of the event, you can join the event in the web application by clicking on the link. Your e-mail address is also visible to other participants. However, the address is not used for any other purpose. As the organizer, you will only be invited into the waiting area if your booking has been confirmed.
The traffic data (e-mail address, possibly name or pseudonym) are transmitted to the VKS platform in any case. This serves to identify the participant. In this regard, we refer to our legitimate interest in accordance with Article 6 (1) (f) GDPR.
The content data (conversations, video recordings) are stored [encrypted only] on the servers of the VKS operator. In the case of full encryption of the transmission, there is no forwarding. Incidentally, we also refer here to our legitimate interest in a functioning IT landscape, as long as the VKS provider provides suitable guarantees to protect the data.
The event takes place via the Teams service (Microsoft Deutschland GmbH, a subsidiary of Microsoft Inc.). In this regard, we refer to the data protection declaration of our IT service provider.
1.6. Recipients or categories of recipients of the personal data
Within hitschler International GmbH & Co. KG, those departments that need your data to fulfill the contractual and legal obligations of hitschler International GmbH & Co. KG will have access to it. Processors employed by hitschler International GmbH & Co. KG (Article 28 GDPR) may also receive data for these purposes.
Recipients in the following categories receive your data:
- IT services (e.g. hosting our e-mail accounts)
- Logistics (e.g. to ensure the storage and delivery of our goods)
- Sales and marketing (e.g. when creating marketing campaigns in the case of existing customer advertising)
- Courts, bailiffs and authorities (e.g. when applying for a payment order (court) or when enforcing an enforceable title (bailiff))
- Lawyers (e.g. to assert their own claims or to defend against third-party claims or lawsuits)
- Tax consultant (in the case of tax advice or preparation of the annual financial statements)
1.7. Transfer of personal data to a third country
It is planned to transfer your personal data to Microsoft, a company whose parent company is based in the USA. It cannot be ruled out that the mother may have access to your data.
There is no adequacy decision by the EU Commission for the level of data protection in the USA.
hitschler International GmbH & Co. KG has additional suitable and appropriate guarantees in the form of contracts with SDKs (standard data protection clauses) in accordance with Art. 26 GDPR for the intended data transfers to third countries. Microsoft guarantees that data will not be passed on to authorities without exhausting the legal process. More information is available here:https://www.microsoftvolumelicensing.com/Downloader.aspxDocumentId=178800
1.8. Duration of storage of personal data
We delete your personal data as soon as they are no longer required for the above purposes. It can happen that data is stored for the time in which legal claims are asserted against us (statutory regular limitation period 3 years 195 BGB, up to 30 years 197 BGB).).
In addition, we store your data insofar as we are legally obliged to do so. Corresponding proof and storage obligations arise for us from:
- of the tax code: 10 years for tax purposes (147 AO) (e.g. customer data and billing data for tax purposes))
- the requirements of 257 HGB: 6 years for documentation in accordance with commercial law requirements (e.g. documents and e-mails or order and order documents in communication))
1.9. data subject rights
According to the General Data Protection Regulation you have the following rights:
If your personal data is processed, you have itright information to receive information about the data stored about you (Art. 15 GDPR).
If incorrect personal data is processed, you are responsibleRight to Rectification to (Article 16 GDPR).
If the legal requirements are met, you canerasure or restriction of processing require as wellcontradiction object to the processing (Art. 17, 18 and 21 GDPR).
If you have consented to the data processing or if there is a contract for data processing and the data processing is carried out using automated procedures, you may be responsibleRight to data portability to (Article 20 GDPR).
If you make use of your above rights, the responsible body will check whether the legal requirements for this are met.
If you believe that data processing violates applicable data protection law, you have thatRight to complain to a data protection supervisory authority. You can reach the supervisory authority responsible for our company under the following contact details:
North Rhine-Westphalia State Commissioner for Data Protection and Freedom of Information, Postfach 20 24 44, 40102 Düsseldorf
1.10. Obligation to provide the data
For the conclusion of the contract [please add reference to the contract and, if necessary, also to the legal regulation], it is necessary that you provide hitschler International GmbH & Co. KG [list of personal data].
Without this data, hitschler International GmbH & Co. KG will generally have to reject the conclusion of the contract or will no longer be able to carry out an existing contract and may have to terminate it.
1.11. Special case: obligation to provide information in the event of a later change of purpose
No change of purpose
1.12. Indication of the existence of an automated decision including profiling
hitschler International GmbH & Co. KG automatically processes your data with the help of third-party providers (e.g. Shopify and Google Analytics) with the aim of evaluating certain personal aspects (profiling). We use profiling in the following cases:
- In order to be able to provide you with targeted information and advice about products, we use evaluation tools. These enable needs-based communication and advertising, including market and opinion research]
2. Information about your right to object according to Art. 21 GDPR
- For reasons arising from your particular situation, you have the right at any time to object to the processing of your personal data, which is based on Art. 6 Para. 1 Sentence 1 Letter f GDPR (data processing on the basis of a balance of interests). to file an objection. This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 DS-GVO, whichhitschler International GmbH & Co. KG used for advertising purposes.
If you file an objection, thehitschler International GmbH & Co. KG no longer process your personal data unless thehitschler International GmbH & Co. KG can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
- In individual cases, thehitschler International GmbH & Co. KG Your personal data to conduct direct marketing. You have the right to object at any time to the processing of data relating to you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising. If you object to the processing for direct marketing purposes, thehitschler International GmbH & Co. KG no longer process their personal data for these purposes.
The objection can be made informally and should be directed as far as possible
hitschler International GmbH & Co. KG, An der Hasenkaule 10, 50354 Hürth, email@example.com, 0221 46016-53