Privacy notice

Information on data protection concerning our data processing according to Article (Art.) 13, 14 and 21 of the General Data Protection Regulation (GDPR)

Many thanks for your visit to our website and your interest in vitreous enamel.
We take data protection seriously and herewith inform you how we will process your data and what your claims and rights are in accordance with data protection regulations.
Valid as of 25 May 2018.

  1. Authority responsible for data processing and contact data
    Responsible authority in terms of data protection law:

    European Enamel Authority e. V.
    Dipl.-Kfm. Claus Thielmann
    An dem Heerwege 10
    58093 Hagen
    Germany

    Phone
    +49 2331 788651

    Fax
    +49 2331 22662

    E-mail
    info(at)european-enamel-authority.org

  2. Purposes and legal basis for our processing your data

    We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) as well as other applicable data protection regulations (details will follow). Which individual data are processed and how they are used primarily depends on the services requested and or agreed upon. For further details or additions for the purpose of data processing, you may refer to the respective contract documents, forms, a declaration of consent and/or other information provided to you (e.g. when using our website or our general terms and conditions). Furthermore, this data protection information may be updated from time to time. Please, refer to our website www.european-enamel-authority.org.

2.1 Purposes for the fulfilment of a contract or of precontractual measures (Art. 6 section 1 b GDPR)
​​​​​​Personal data are being processed to implement our contracts with you and to execute your orders as well as to take measures and to carry out activities in the scope of precontractual relations, e.g. with interested parties. Processing such data particularly is required to be able to render services in accordance with your orders and requests and this includes the necessary services, measures and activities. This mainly includes the contract-related communication with you, the traceability of transactions, orders and other agreements as well as measures to control and optimize business processes as well as to exercise due diligence, steering and control by affiliated companies and associations; statistic evaluations for corporate management, cost recording and controlling, reporting, internal and external communication, emergency management, settlement and fiscal evaluation of operational performances, risk management, assertion of legal claims and defense in legal disputes; safeguarding IT security and the general safety, assurance of integrity, authenticity and availability of data, prevention and investigation of criminal offences; control by supervisory boards or supervisory bodies (e.g. audit).

2.2 Purposes in the scope of a legitimate interest of ourselves or of third parties (Art. 6 section 1 f GDPR)
In addition to the actual performance of the contract and/or preliminary contract, we will process your data where appropriate and if necessary in order to safeguard legitimate interests of ourselves or of third parties, particularly for the purposes:

  • of advertising or market and opinion research insofar as you have not objected to the use of your data;​
  • of collecting information as well as exchanging data with credit agencies insofar as this exceeds our economic risk;
  • of reviewing and optimizing the processes of requirement analysis;
  • of further developing services and products as well as existing systems and processes;
  • of disclosing personal data in the scope of a due diligence during company sales negotiations;
  • of enriching our data, a. o. by using or researching publicly accessible data;
  • of statistic evaluations or market analysis;
  • of bench marking;
  • of asserting legal claims and defence in case of legal disputes which are not directly attributable to the contractual relationship;
  • of a limited storage of data when deleting the same is not possible or only possible with a disproportionately high effort because of the particular kind of storage;
  • of avoiding and resolving criminal offences unless exclusively for the compliance with legal provisions;
  • of internal and external investigations, security checks;
  • of assuring and exercising the domiciliary right by appropriate measures such as video surveillance for the protection of our customers and employees as well as the preservation of evidence in case of offences and their avoidance.

2.3 Purposes in the scope of your agreement (Art. 6 section 1 a GDPR)
Processing your personal data for certain purpose (e.g. the use of your e-mail address for marketing purposes) may be carried out based on your agreement. Normally, you may revoke your permission any time. This also applies to the revocation of declarations of consent given to us before the GDPR came into effect, this means before 25 May 2018. You will be separately informed about the purposes and about the consequences of a revocation or a non-issuance of a declaration of consent in a corresponding text. Basically, the revocation of a declaration of consent will take effect in the future only. Processing carried out before the revocation are not concerned and remain legitimate.

2.4 Purposes to meet legal requirements (Art. 6 section 1 c GDPR) or for the public benefit (Art. 6 section 1 e GDPR)
Like anyone who participates in the economic process, we also have to comply with a lot of legal obligations. Primarily, these are legal requirements (e.g. trade and tax laws) but also supervisory or other official regulations (e.g. customs regulations, import and export regulations). The purposes of processing also may include identity and age verification, fraud and money laundering prevention, the prevention, combat and investigation of terrorist financing and of offences endangering assets, data comparisons with European and international counter-terrorism lists, compliance with tax-law control and reporting obligations as well as the storage of data for the purposes of data protection and of data security as well as audits by tax and other authorities. Moreover, the disclosure of personal data may become necessary in the framework of official/judicial measures for the purposes of evidence collection, law enforcement or the enforcement of claims under civil law.

  1. Data categories processed by us unless we directly receive data from your end and their origin

    Insofar as this is necessary for rendering our services, we will process permissibly received personal data from other companies or other third parties (e.g. credit agencies, address databases). Furthermore, we process personal data which we permissibly take, receive or acquire from publicly accessible sources (such as commercial and association register, civil register, record of debtors, land registers, press, Internet, and other media) and which we may process.

    Categories of relevant personal data may particularly be:

  • Personal data (name, date of birth, place of birth, nationality, marital status, profession/trade and similar data)
  • Contact data (address, e-mail address, ip address, phone number and similar data)
  • Address data (registration data and similar data)
  • Payment / cover confirmation with bank and credit cards
  • Information on financial situation (credit-history data including scoring, i.e. data required to evaluate an economic risk)
  • Customer history
  • Data concerning your use of the telemedia offered by us (e.g. time of your opening our websites or newsletters, our pages / links clicked and/or entries and comparable data)
  • Video data
  • Client and supplier data we obtain in the scope of our services rendered.
  1. Recipients or categories of recipients of your data
    In our company, those internal departments and/or organisational units will receive your data who need them so that we are able to comply with our contractual and legal duties or to handle and implement our legitimate interest. Your data will exclusively be transferred to external units
  • in connection with contract processing;
  • for the purposes of complying with legal requirements according to which we are obliged to inform, report or transfer data or when the data transfer is of public interest (refer to item 2.4);
  • insofar as external service providers process data on our account as processor or function assuming unit (e.g. external computer centers, supportlmainte4nance of EDPIIT applications, archiving, document processing. call center services, compliance services, controlling, data screening for anti-money-Iaundering purposes, data validation and/or plausibility check, data destruction, purchase / procurement, customer management, letter shops, marketing, media technology, research, risk controlling, settlement, telephony, website management, auditing services, credit institutes, printing shops or companies for data removal, courier services,  logistics;
  • on the basis of our legitimate interest or the legitimate interest of a third party in the scope of the purposes stated in item 2.2 (e.g. to authorities, credit agencies, debt collection, lawyers, courts, experts, group enterprises and bodies and supervisory bodies);
  • when you enabled us to transfer data to third parties.

Beyond that, we will not pass your data to third parties. Insofar as we engage service providers in the scope of order processing, your data will be subject to the same safety standards as in our company. In other cases, the recipients may only use the data for the purposes which they were transferred for.

  1. Duration of retention of your data

    We process and store your data for the duration of our business relationship. This also includes the initiation of a contract (precontractual relationship) and the implementation of a contract.

    Moreover, we are subject to several retention and documentation obligations which, among others, result from the German Commercial Code (HG8) and the German Fiscal Code (AO) as well as the International Accounting Standards (I FRS). The periods for retention and/or documentation stated there, amount to up to ten years after the termination of the business relationship and/or the pre-contractual legal relationship.

    Furthermore, particular legal provisions may require a longer retention period, as for example the maintenance of pieces of evidence in the scope of statutory limitation periods. According to §§ 195 ff. of the German Civil Code (8GB), the regular statutory limitation period is three years; however, even limitation periods of up to 30 years may apply.

    When data are no longer required for complying with contractual or judicial obligations and rights, they will be deleted at regular intervals unless their - limited - further processing is required for complying with the purposes for a predominantly legitimate interest stated in item 2.2. Such a predominantly legitimate interest for example also exists when a deletion is not possible or only possible at disproportionate expense because of the kind of storage and a processing for other purposes by suitable technical and organisation measures is impossible.
     

  2. Processing of your data in a third country or by an international organisation

    A data transfer to units in states outside the European Union (EU) and/or the European Economic Area (EEA) (so-called third countries) will take place when this should be required to execute an order/contract from or with you, when this is prescribed by law (e.g. tax-law reporting obligations), when it is in the legitimate interest of our company or of a third party, or when you gave your consent to our doing so.
    In this case, the processing of your data in a third country can also take place in connection with the appointment of service providers in the scope of order processing. Insofar as for the respective country no resolution of the EU Commission concerning the appropriate data protection level in that country should exist, we will warrant in accordance with the EU Data Protection Guidelines and on the basis of appropriate contracts that your rights and freedoms are suitably protected and granted. Upon request, we will provide you with respective detail information.
    Information on suitable or appropriate warranties and on the possibility to obtain a copy of them, may be requested from the company's data protection officer.
     

  3. Your data protection rights

Under certain conditions, you may assert your data protection rights towards our company

  • ​​​​​​You are entitled to be informed by us about your data stored by us according to the provisions of Art. 15 GDPR (if necessary, with restrictions as per § 34 BDSG).
  • Upon your request we will correct the data stored about you as per Art. 16 GDPR when they are incorrect or inaccurate.
  • If you wish, we will delete your data according to the principles of Art. 17 GDPR unless other statutory requirements (e.g. legal retention obligations or restrictions as per § 35 GDPR) or a predominant interest of our company (e.g. for the defence of our rights and claims) exist.
  • Considering the prerequisites of Art. 18 GDPR, you may request from us to limit the processing of your data.
  • Furthermore, you can appeal against the processing of your data in accordance with Art. 21 GDPR and we have to stop the processing of your data. This right of appeal however only applies under quite special circumstances of your personal situation and rights of our company could be opposed to your right of appeal.
  • According to the provisions of Art. 20 GDPR you also are entitled to receive your data in a structured, common and machine-readable format or to transfer them to a third party.
  • Moreover, you are entitled to revoke a given consent to the processing of personal data any time with us taking effect for the future (refer to item 2.3).
  • Furthermore, you have a right of appeal with a data protection supervisory authority (Art. 77 GDPR). However, we recommend to always direct any complaint to our data protection officer first.

If possible, your requests for exercising your rights should be directed to the above stated address or directly to our data protection officer.

  1. Extent of your obligations to provide us your data

    You only have to provide those data that are required for starting and performing business relations or for a precontractual relationship with us or that we are legally obliged to collect. Generally, we will not be in a position to conclude or execute a contract without these data. This may later on also refer to data that are required in the scope of our business relations. If we ask you for data going beyond that scope, you will be separately informed on the voluntary nature of your information.
     

  2. Existence of an automated decision-making in an individual case (including profiling)

    We do not use any purely automated decisions procedures as per Article 22 GDPR. Should we nevertheless use such a procedure in future in individual cases, we will separately inform you accordingly, if this is prescribed by law.

    Possibly we partly process your data with the objective to evaluate certain personal aspects (profiling). In order to purposefully be able to inform you about products and to advise you, we may use evaluation tools. These tools allow a needs-based product design, communication and advertising including market research and opinion polling.

    We do not use own scoring procedures to assess your financial standing and creditworthiness. Where applicable, we use so-called "score values" we receive from credit agencies to assess your financial standing and creditworthiness. Such score values assist us for example in assessing the creditworthiness as well as making decisions in the scope of project and product transactions and those values influence our risk management.

    Information on nationality as well as particular categories of personal data as per Art. 9 GDPR are not processed.

Information on your right of objection Art. 21 GDPR

  1. When there are reasons resulting from your particular situation, you always are entitled to object to the processing of your data on the basis of Art. 6 Section 1 f GDPR (Data processing on the basis of balancing of interests) or on the basis of Art. 6 section e GDPR (Data processing in public interest) This will also apply to a profiling in terms of Art. 4 No.4 GDPR based on this provision.

    If you file an objection, we will no longer process your personal data, unless we can prove compelling reasons for processing which outweigh your interests, rights and liberties or which serve the assertion, execution or defence of legal claims.
     

  2. Where appropriate, we will process your personal data also to conduct direct advertising. If you do not want to receive any advertising, you always will be entitled to object to receiving advertising; the same also applies to profiling when it is connected to such direct advertising. We will respect this objection for the future.

    We will no longer process your data for the purposes of direct advertising when you object to a procession for these purposes.

Your objection may be filed without complying with a certain form and should preferably addressed to:

European Enamel Authority e. V.
An dem Heerwege 10
58093 Hagen
Germany

Our privacy statement as well as the information on data protection concerning our data processing as per Article (Art.) 13,14 and 21 GDPR may change from time to time. We will publish any changes on www.european-enamel-authority.org.