1. By whom is your data collected and what are their contact details:
Schiller & Mayer GmbH & Co. KG, Rupert-Bodner-Str. 16, 81245 Munich, Germany
Phone: +49 (0)89 863 20 49, Internet: www.schiller-mayer.de, E-mail: info(at)schiller-mayer.de
2. What data do we process from you, for what purpose and on what legal basis?
a) The following data may be collected and processed in individual cases:
Name, address, Internet address, e-mail address, telephone number, fax number, bank details, tax number, names and contact details of contact persons in the company.
The data collected is generally provided to us by you. We also obtain our information from freely accessible and public sources such as the Internet, the commercial and land register, the press, the media, SCHUFA and Creditreform.
The data is processed in accordance with the provisions of the European Data Protection Regulation (EU GDPR) and the Federal Data Protection Act (BDSG).
b) We use your data for the following purposes:
Data collection and management is carried out for the following purposes before and after conclusion of the contract:
- Contract initiation and execution
- Receivables and payables management
- Implementation of electronic payment transactions
- Settlement of payment obligations
- For the execution of contractually agreed deliveries
- For the handling of complaints and claims
- For warranty management
- Within the framework of product monitoring and product liability
- In the interest of comprehensive customer care and for customer loyalty measures
- In the interest of comprehensive supplier management and evaluation, for example within the framework of quality management
- For the fulfilment of requirements under tax law
To protect our legitimate interests or those of third parties, we also process personal data for:
- The exchange of data with credit agencies to determine creditworthiness
- Advertising, unless the use of the data has been objected to
- The assertion of legal claims and defence in legal disputes
- Measures for business management and further development of services and products
c) Your data is processed on the following legal basis:
Art. 6 (1) (b) GDPR: Requirement of data collection and processing for contract fulfilment
Art. 6 (1) (f) GDPR: Safeguarding the balance of interests
Processing may also be based on consent pursuant to Art. 6 (1) (a) and Art. 9 (2) (a) in conjunction with Art. 7 GDPR.
3. Who are the recipients of your data?
Within the company, access to your data is granted to those departments that need it to fulfil our contractual and legal obligations. Service providers and vicarious agents employed by us may also receive data for these purposes. These are companies in the categories of IT services, billing, logistics, suppliers, credit institutions, printing services, telecommunications, debt collection, advice and consulting as well as sales, marketing and address tracing.
Under these conditions, recipients of personal data may be, for example:
- Chartered accountants, consultants
- Delivery partners, forwarding agents, other suppliers and service providers
- Public bodies and institutions in the event of a legal or regulatory obligation
Further data recipients may be those bodies for which we have been given consent to transfer data.
4. Will the data you provide be transferred to third countries or international organisations?
Under no circumstances will the data you have provided be transferred to a third country or an international organisation.
5. How long will the data be stored for?
The data you provide is processed for as long as it is necessary to achieve the contractually agreed purpose, in principle for as long as the contractual relationship with you exists. After termination of the contractual relationship, the data you have provided will be processed to comply with statutory retention obligations or on the basis of our legitimate interests. After the expiry of the statutory retention periods and/or the lapse of our legitimate interests, the data provided by you will be deleted.
Anticipated deadlines of the retention periods concerning us and our legitimate interests:
- Fulfilment of retention obligations under commercial, tax and professional law. The retention periods specified here are up to ten years.
- Preservation of evidence under the statute of limitations. According to Sections 195 et seq. of the German Civil Code (BGB), these limitation periods can be up to 30 years, with the regular limitation period being three years.
6. What information rights do you have?
- Right to information according to Art. 15 GDPR:
You have the right, upon request and free of charge, to receive information as to whether and what data is stored about you and for what purpose it is stored.
- Right to rectification according to Art. 16 GDPR:
You have the right to request the controller to correct your inaccurate personal data without delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary declaration.
- Right to deletion ("right to be forgotten") according to Art. 17 GDPR:
You have the right to request that the data controller deletes your data without delay. The controller is obliged to delete personal data without delay unless processing is necessary for compliance with legal obligations, for reasons of public interest or for the assertion, exercise or defence of legal claims.
- Right to restriction of processing according to Art. 18 GDPR & Section 35 BDSG:
You have the right to demand restriction if the accuracy of the data is disputed, the processing is unlawful, but you have refused to delete it and the data is no longer required, but you need it to assert, exercise or defend legal claims or you have objected to the processing in accordance with Art. 21 GDPR.
- Right to data transferability according to Art. 12 GDPR:
You have the right to receive the data you have provided in a structured, common and machine-readable format from the data controller. Forwarding to another responsible person must not be hindered by us.
- Right to objection according to Art. 21 GDPR:
You have the right to object to the collection and processing of your personal data if there are grounds for doing so that arise from a specific situation. To do so, please contact the person responsible (see above).
- Right to complain to the supervisory authority pursuant to Art. 13 (2) (d) & Art. 77 GDPR in conjunction with Section 19 BDSG:
You have the right to lodge a complaint with the responsible supervisory authority if you believe that the processing of your data violates the GDPR.
- Right to withdraw consent according to Art. 7 (3) GDPR:
You have the right to withdraw your consent to the processing of your data at any time.
7. Is there an obligation to provide personal data?
Within the scope of the business relationship, only such data shall be provided as is necessary for the establishment, implementation and termination of the business relationship or the collection of which is mandatory by law. We would like to point out that we do not (cannot) conclude a contract if the data relevant to the conclusion of the contract is not provided. The submission of further data is voluntary.