Information on data protection concerning our data processing according to Article (Art.) 13, 14 and 21 of the General Data Protection Regulation (GDPR)
Many thanks for your visit to our website and your interest in vitreous enamel.
We take data protection seriously and herewith inform you how we will process your data and what your claims and rights are in accordance with data protection regulations.
Valid as of 25 May 2018.
European Enamel Authority e. V.
Dipl.-Kfm. Claus Thielmann
An dem Heerwege 10
58093 Hagen
Germany
Phone
+49 2331 788651
Fax
+49 2331 22662
E-mail
info(at)european-enamel-authority.org
We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) as well as other applicable data protection regulations (details will follow). Which individual data are processed and how they are used primarily depends on the services requested and or agreed upon. For further details or additions for the purpose of data processing, you may refer to the respective contract documents, forms, a declaration of consent and/or other information provided to you (e.g. when using our website or our general terms and conditions). Furthermore, this data protection information may be updated from time to time. Please, refer to our website www.european-enamel-authority.org.
2.1 Purposes for the fulfilment of a contract or of precontractual measures (Art. 6 section 1 b GDPR)
Personal data are being processed to implement our contracts with you and to execute your orders as well as to take measures and to carry out activities in the scope of precontractual relations, e.g. with interested parties. Processing such data particularly is required to be able to render services in accordance with your orders and requests and this includes the necessary services, measures and activities. This mainly includes the contract-related communication with you, the traceability of transactions, orders and other agreements as well as measures to control and optimize business processes as well as to exercise due diligence, steering and control by affiliated companies and associations; statistic evaluations for corporate management, cost recording and controlling, reporting, internal and external communication, emergency management, settlement and fiscal evaluation of operational performances, risk management, assertion of legal claims and defense in legal disputes; safeguarding IT security and the general safety, assurance of integrity, authenticity and availability of data, prevention and investigation of criminal offences; control by supervisory boards or supervisory bodies (e.g. audit).
2.2 Purposes in the scope of a legitimate interest of ourselves or of third parties (Art. 6 section 1 f GDPR)
In addition to the actual performance of the contract and/or preliminary contract, we will process your data where appropriate and if necessary in order to safeguard legitimate interests of ourselves or of third parties, particularly for the purposes:
2.3 Purposes in the scope of your agreement (Art. 6 section 1 a GDPR)
Processing your personal data for certain purpose (e.g. the use of your e-mail address for marketing purposes) may be carried out based on your agreement. Normally, you may revoke your permission any time. This also applies to the revocation of declarations of consent given to us before the GDPR came into effect, this means before 25 May 2018. You will be separately informed about the purposes and about the consequences of a revocation or a non-issuance of a declaration of consent in a corresponding text. Basically, the revocation of a declaration of consent will take effect in the future only. Processing carried out before the revocation are not concerned and remain legitimate.
2.4 Purposes to meet legal requirements (Art. 6 section 1 c GDPR) or for the public benefit (Art. 6 section 1 e GDPR)
Like anyone who participates in the economic process, we also have to comply with a lot of legal obligations. Primarily, these are legal requirements (e.g. trade and tax laws) but also supervisory or other official regulations (e.g. customs regulations, import and export regulations). The purposes of processing also may include identity and age verification, fraud and money laundering prevention, the prevention, combat and investigation of terrorist financing and of offences endangering assets, data comparisons with European and international counter-terrorism lists, compliance with tax-law control and reporting obligations as well as the storage of data for the purposes of data protection and of data security as well as audits by tax and other authorities. Moreover, the disclosure of personal data may become necessary in the framework of official/judicial measures for the purposes of evidence collection, law enforcement or the enforcement of claims under civil law.
Insofar as this is necessary for rendering our services, we will process permissibly received personal data from other companies or other third parties (e.g. credit agencies, address databases). Furthermore, we process personal data which we permissibly take, receive or acquire from publicly accessible sources (such as commercial and association register, civil register, record of debtors, land registers, press, Internet, and other media) and which we may process.
Categories of relevant personal data may particularly be:
Beyond that, we will not pass your data to third parties. Insofar as we engage service providers in the scope of order processing, your data will be subject to the same safety standards as in our company. In other cases, the recipients may only use the data for the purposes which they were transferred for.
We process and store your data for the duration of our business relationship. This also includes the initiation of a contract (precontractual relationship) and the implementation of a contract.
Moreover, we are subject to several retention and documentation obligations which, among others, result from the German Commercial Code (HG8) and the German Fiscal Code (AO) as well as the International Accounting Standards (I FRS). The periods for retention and/or documentation stated there, amount to up to ten years after the termination of the business relationship and/or the pre-contractual legal relationship.
Furthermore, particular legal provisions may require a longer retention period, as for example the maintenance of pieces of evidence in the scope of statutory limitation periods. According to §§ 195 ff. of the German Civil Code (8GB), the regular statutory limitation period is three years; however, even limitation periods of up to 30 years may apply.
When data are no longer required for complying with contractual or judicial obligations and rights, they will be deleted at regular intervals unless their - limited - further processing is required for complying with the purposes for a predominantly legitimate interest stated in item 2.2. Such a predominantly legitimate interest for example also exists when a deletion is not possible or only possible at disproportionate expense because of the kind of storage and a processing for other purposes by suitable technical and organisation measures is impossible.
A data transfer to units in states outside the European Union (EU) and/or the European Economic Area (EEA) (so-called third countries) will take place when this should be required to execute an order/contract from or with you, when this is prescribed by law (e.g. tax-law reporting obligations), when it is in the legitimate interest of our company or of a third party, or when you gave your consent to our doing so.
In this case, the processing of your data in a third country can also take place in connection with the appointment of service providers in the scope of order processing. Insofar as for the respective country no resolution of the EU Commission concerning the appropriate data protection level in that country should exist, we will warrant in accordance with the EU Data Protection Guidelines and on the basis of appropriate contracts that your rights and freedoms are suitably protected and granted. Upon request, we will provide you with respective detail information.
Information on suitable or appropriate warranties and on the possibility to obtain a copy of them, may be requested from the company's data protection officer.
Under certain conditions, you may assert your data protection rights towards our company
If possible, your requests for exercising your rights should be directed to the above stated address or directly to our data protection officer.
You only have to provide those data that are required for starting and performing business relations or for a precontractual relationship with us or that we are legally obliged to collect. Generally, we will not be in a position to conclude or execute a contract without these data. This may later on also refer to data that are required in the scope of our business relations. If we ask you for data going beyond that scope, you will be separately informed on the voluntary nature of your information.
We do not use any purely automated decisions procedures as per Article 22 GDPR. Should we nevertheless use such a procedure in future in individual cases, we will separately inform you accordingly, if this is prescribed by law.
Possibly we partly process your data with the objective to evaluate certain personal aspects (profiling). In order to purposefully be able to inform you about products and to advise you, we may use evaluation tools. These tools allow a needs-based product design, communication and advertising including market research and opinion polling.
We do not use own scoring procedures to assess your financial standing and creditworthiness. Where applicable, we use so-called "score values" we receive from credit agencies to assess your financial standing and creditworthiness. Such score values assist us for example in assessing the creditworthiness as well as making decisions in the scope of project and product transactions and those values influence our risk management.
Information on nationality as well as particular categories of personal data as per Art. 9 GDPR are not processed.
Information on your right of objection Art. 21 GDPR
If you file an objection, we will no longer process your personal data, unless we can prove compelling reasons for processing which outweigh your interests, rights and liberties or which serve the assertion, execution or defence of legal claims.
We will no longer process your data for the purposes of direct advertising when you object to a procession for these purposes.
Your objection may be filed without complying with a certain form and should preferably addressed to:
European Enamel Authority e. V.
An dem Heerwege 10
58093 Hagen
Germany
Our privacy statement as well as the information on data protection concerning our data processing as per Article (Art.) 13,14 and 21 GDPR may change from time to time. We will publish any changes on www.european-enamel-authority.org.