Data protection statement
– Information derived from Art. 13, 14 and 21 of the General Data Protection Regulation (GDPR) –
In the following, we would like to inform you about the processing of your personal data ("data") in accordance with Art. 4 No. 2 GDPR by TA Triumph-Adler GmbH and the claims and rights to which you are entitled in accordance with the data protection regulations. The particular data that are processed and the way in which they are used are largely determined by the delivery or service requested by you or agreed with you.
1. Who is responsible for data processing and who can you contact?
The party responsible for data processing is:
TA Triumph-Adler GmbH
Tel.: +49 911 - 6898 - 0
Fax: +49 911 - 6898 - 204
You can contact our company data protection officer using the reference "Data Protection Officer" at the postal address given above or by email at firstname.lastname@example.org.
2. What sources and data do we use?
We process personal and company-related data that we receive from you within the context of our business relationship or the establishment thereof. We also process - insofar as necessary for providing our service - your data that we receive from third parties, e.g. the Verband der Vereine Creditreform e.V. (Association of Credit Reform Associations) or a credit or financial services institution, in a lawful manner (e.g. for the purpose of fulfilling orders, performing contracts, on the basis of legitimate interests or on the basis of consent given by you). On the other hand, we process data that we have legitimately obtained from publicly available sources (e.g. debtors' registers, land registers, commercial and association registers, press, media) and which we are permitted to process.
We process personal master data (e.g. title, first and last name), communication data (e.g. email address, telephone and fax number) and company data (position, company affiliation). This may also include project and order data (e.g. payment order data), data from fulfilling our contractual obligations (e.g. turnover data in payment transactions), information about your financial situation (e.g. creditworthiness data, scoring/rating data, origin of assets), advertising and sales data (e.g. email newsletters) and documentation data (e.g. consultation protocols).
Relevant company-related data, which may also be personal data, include balance sheet dates, sales revenues, annual surpluses, depreciation and amortisation, interest expenses and comparable data.
3. Why and on what legal basis do we process your data (purpose of the processing)?
We process your data in accordance with the provisions of the GDPR and the German Federal Data Protection Act (“BDSG”):
3.1 To fulfil contractual obligations (Art. 6 para. 1b GDPR)
Your data are processed for the purpose of initiating or fulfilling our contracts with you and fulfilling your orders (e.g. quotations, order confirmations, delivery notes, invoices, orders, dunning, service, logistics, pre-installation according to customer specification)
3.2 In the context of the balancing of interests (Art. 6 para. 1f GDPR)
Whenever required, your data is processed by us beyond the actual fulfillment of the contract in order to protect our legitimate interests or those of third parties. Examples:
- Testing and optimisation of procedures for needs analysis and addressing customers directly;
- Operating a retailer portal for communicating and providing information;
- Direct marketing measures, provided you have not objected to your data being used;
- Assertion of legal claims and defence in legal disputes;
- Securing IT security and IT operations;
- Business management measures and further development of services and products.
3.3 On the basis of your consent (Art. 6 para. 1a GDPR)
If you have granted us consent to process your data for certain purposes (e.g. transfer of data within the association/group), this processing is lawful because you have given your consent. Once given, consent may be revoked at any time. Please note that revoking your consent only applies with effect for the future. Processing that took place before the revocation is not affected by this.
3.4 On the basis of legal requirements (Art. 6 para. 1c GDPR)
We are also subject to various legal obligations (e.g. Money Laundering Act, tax laws). The purposes of data processing include creditworthiness checks, identity and age checks, fraud and money laundering prevention, compliance with control and reporting obligations under tax law and risk assessment and management.
4. Who has access to your data?
Only those departments that require your data in order for us to fulfil our contractual and legal obligations will receive your data from the controller. We will only disclose information about you to recipients other than the data controller in accordance with the principles set out in Section 3. Under these conditions, recipients of your data may include:
- Credit agencies (e.g. Atradius, Creditreform, see point 12 below) to determine creditworthiness and default risks;
- Credit and financial services institutions or similar institutions for the purpose of conducting the business relationship;
- Service providers that we use in the context of order processing relationships in accordance with Art. 28 GDPR (e.g. operation, support and maintenance of IT and TC systems or waste disposal services);
- Haulage companies for delivering goods.
Other recipients of data may include entities for which you have given us your consent to transfer data or to which we are authorised to transfer your data due to a legal obligation or a balancing of interests.
5. How long will your personal data be stored for?
We will process your data as necessary for the duration of our business relationship, which also includes, for example, the initiation and execution of a contract. We are also subject to various storage and documentation obligations arising from the German Commercial Code (HGB), the German Fiscal Code (AO) and the German Money Laundering Act (GwG), among others. The time limits for storage and documentation specified therein are between two and ten years.
Ultimately, the storage period is also determined by the statutory limitation periods, which can be up to thirty years, for example, according to §§ 195 et seq. of the German Civil Code (BGB), with the regular limitation period being three years.
6. Are data transferred to a third country or an international organisation?
Your data will only be passed on to recipients in third countries if compliance with data protection requirements is guaranteed and the level of data protection corresponds to that of the EU, or if this is guaranteed through contractual agreements, or if this is necessary for fulfilling your orders, is required by law or you have given us your consent. We will inform you separately about the details if required to do so by law.
7. What are your rights with regard to data protection?
You have the right to information under Article 15 of the GDPR, the right to rectification under Article 16 of the GDPR, the right to erasure under Article 17 of the GDPR, the right to restriction of processing under Article 18 of the GDPR and the right to data portability under Article 20 of the GDPR. If you have any questions regarding the assertion of your rights, please contact our data protection officer in writing.
Furthermore, according to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you are of the opinion that our processing of your data violates the relevant data protection laws. Our competent supervisory authority is: Bavarian State Office for Data Protection Supervision, Promenade 27, 91522 Ansbach
8. Is there an obligation for me to provide my data?
In the context of our business relationship, you only have to provide the data that is necessary for establishing and conducting a business relationship or which we are legally obliged to process. Without this data, we will usually have to refuse to conclude the contract or fulfil the order, or will no longer be able to perform an existing contract and may have to terminate it.
We are specifically obliged under money laundering regulations to identify you and collect data about you before entering into a business relationship. In order for us to comply with this legal obligation, you must provide us with the necessary information and documents and notify us immediately of any changes that arise in the course of the business relationship. If you do not provide us with the necessary information and documents, then we will not be permitted to enter into the business relationship you have requested.
9. To what extent is there automated decision-making in individual cases?
A decision on whether to enter into a contractual relationship may be based on automated processing of your data, which is used to evaluate individual personality traits. In the event of a negative decision, you have the right (provided you are a natural person) to make your point of view known to us and to have the decision reviewed. There is, however, no obligation to enter into a contract.
10. To what extent will your data be used for profiling (scoring)?
A scoring procedure may be used as part of a credit check. This calculates the probability that a business partner will meet its payment obligations as per the contract. The calculation can include, for example, current business evaluations, existing liabilities, the length of time the company has been in existence, experience from previous business relationships, contractual payments of previous liabilities and information from credit agencies. The scoring is based on a mathematically and statistically recognised and approved procedure. The calculated score values support the decision-making process when entering into contracts and are included in the ongoing risk management.
11. Information about your right to object according to Art. 21 GDPR
11.1 You have the right to object at any time, on grounds relating to your particular situation, to the processing of data relating to you which is carried out on the basis of Article 6(1)(f) GDPR (processing of data on the basis of a balance of interests); this also applies to profiling based on this provision as defined in Article 4(4) GDPR that we use to assess creditworthiness or for advertising purposes.
If you exercise your right to object, we will no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing is for the purpose of asserting, exercising or defending legal claims.
11.2 In isolated cases, we may process your data in order to carry out direct advertising. You have the right to object at any time to the processing of your data for the purpose of such advertising. If you object to processing for direct marketing purposes, we will no longer process your data for these purposes.
12. Note on credit rating companies
The credit or financial services institutions referred to in point 2 may transfer your data with regard to applying for, conducting or terminating this business relationship, as well as data relating to non-contractual conduct or fraudulent conduct, to the following companies as part of the contract initiation process:
- Lloyd´s Insurance Company S.A., 14th Floor, Bastion Tower, Marsveldplein 5, 1050 Brussels, Belgium, https://www.lloyds.com;
- Atradius N.V., David Ricardostraat 1, 1066 JS Amsterdam, Postfach 8982, 1006 JD Amsterdam, Netherlands, www.atradius.de;
- Verband der Vereine Creditreform e.V., Hellersbergstraße 12, D-41460 Neuss, https://www.creditreform.de/eu-dsgvo.html.
The exchange of data with credit rating companies also serves to fulfil legal obligations relating to conducting creditworthiness checks on customers (Section 505a of the German Civil Code (Bürgerliches Gesetzbuch), Section 18a of the German Banking Act (Kreditwesengesetz).
The credit rating companies process your data in order to provide authorised recipients in the European Economic Area and in Switzerland as well as, if applicable, other third countries (provided that there is an adequacy decision on these by the European Commission), with information for assessing the creditworthiness of natural persons and legal entities. To this end, score values are also calculated and transmitted. More detailed information about the activities of credit rating companies can be found on their respective websites.
Last updated: November 2018