Information under data protection law according to Art. 13, 14 GDPR for customers and other data subjects
With the following information we would like to inform you about the processing of your personal data and give you an overview of your rights according to the EU General Data Protection Regulation (GDPR). Please note that not all parts of this letter will apply to you as the question which data are processed in detail and in which manner they will be used is decisively oriented to the agreed services.
I. Who is responsible for the data processing and who is the data protection officer?
The following is responsible for the data processing
taste! food & beverage communication GmbH
Westend Carree, Frankfurter Str. 111
63067 Offenbach am Main
You can contact our data protection officer under email@example.com.
II. Which data do we use and where do these stem from?
Within the scope of the business relationship we process the following personal data relating to you
Personal details (name, address and other contact data, date and place of birth as well as nationality)
Advertising and distribution data (incl. advertising scores)
Documentation data (e.g. consultation protocol)
as well as other data comparable with the stated categories
As a rule, we will receive the aforementioned personal data directly from you as customers within the scope of our business relationship. Moreover, we process – insofar as necessary for the provision of our services – personal data, which we permissibly gain from sources accessible to the public (e.g. records of debtors, land registers, commercial and association registers, the press, the internet) or which are justifiably transmitted to us by other companies of the group or by other third parties.
III. What do we process your data for (purpose of the processing) and on which legal basis?
We process personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act [Bundesdatenschutzgesetz – BDSG]. Within the scope of our business relationship you must provide those personal data as, without the availability of these data, we will as a rule not be in the position to conclude a contract with you, to carry out and end such a contract.
1. Fulfillment of contractual obligations (Art. 6 Para. 1 S. 1 lit. b GDPR)
The processing of your data is carried out to create advertising, market analyses, marketing strategies and designs within the scope of the execution of our contracts with our customers or in order to take pre-contractual measures, which are carried out upon request.
2. Consent (Art. 6 Para. 1 S.1 lit. a GDPR)
Insofar as you have granted us a consent for the processing of personal data for certain purposes (e.g. forwarding of data within the subsidiaries affiliated with taste! food & beverage communication GmbH, evaluation of payment traffic data for marketing purposes, photographs within the scope of events, newsletter dispatch and further measures that are necessary to perform the agency activity), the lawfulness of this processing shall exist on the basis of your consent. A granted consent can be revoked at all times. This shall also apply for the revocation of declarations of consent, which were granted towards us before the applicability of the GDPR, thus before May 25, 2018. We would like to point out that the revocation of consent will only have an effect for the future and shall not affect the lawfulness of the data processed until the revocation.
3. Weighing up of interests (Art. 6 Para. 1 S.1 lit. f GDPR)
Insofar as necessary we shall process your data beyond the actual fulfillment of the contract in order to safeguard legitimate interests of us or third parties. Examples:
Consultation of and data exchange with credit agencies (e.g. SCHUFA) in order to determine creditworthiness or default risks in the credit business and the need with the attachment protection or basic account
Examination and optimization of procedures for the requirements analysis for the purpose of direct customer address, further development of services and products as well as market and opinion research insofar as you have not objected to the use of your data
Assertion of legal claims and defense in case of legal disputes
Guarantee of the IT security and the IT operation
Prevention and investigation of criminal offenses
Measures for business control and further development of services and products
We send advertising information on the basis of our legitimate interest (regular customer exception of Section 7 III German Act Against Unfair Competition [Gesetz gegen den unlauteren Wettbewerb – UWG] and/or Art. 6 Para. 1 S. 1 lit. f GDPR).
Your data will be erased as soon as they are no longer required to achieve the purpose of their collection.
We would furthermore like to point out that you can object to the future processing of your personal data free of charge at all times in line with the statutory stipulations pursuant to Art. 21 GDPR. The objection can in particular be carried out against the processing for purposes of direct marketing within the meaning of Section 7 III UWG.
The objection can be sent informally to: firstname.lastname@example.org
IV. Data access: Who receives my data?
Within the company those parties will receive access to your data, which need these in order to fulfill our contractual and statutory obligations. Service providers and vicarious agents used by us can also receive data for this purpose. This particularly concerns the following companies: IT services, logistics, printing services, telecommunication, debt collection, consulting as well as distribution and marketing.
For the event that it is necessary to forward data to third parties outside of our company, this will only take place if this is required by statutory provisions, the customer has consented hereto or there is a legitimate interest.
Recipients of your personal data may be in this respect:
Public bodies and institutions with the existence of a statutory or official obligation,
other companies, to which we send personal data in order to execute the business relationship with you (depending on the contract e.g. photographers, audio and film studios),
other subsidiaries affiliated with taste! food & beverage communication GmbH for the risk control owing to a statutory or official obligation,
third parties, which are integrated into the commissioned creation process (e.g. proofreaders, legal advisers ),
service providers, which we use within the scope of contract data processing relationships.
Further data recipients may be those bodies for which you have granted us your consent to the data transmission respectively for which you have released us from the non-disclosure obligation pursuant to an agreement or consent or to which we are authorized to send personal data owing to a weighing up of interests.
V. Data transmission to a third country or to an international organization
A data transmission to bodies in states outside of the European Union (so-called third countries) will take place insofar as
it is necessary to carry out your orders
it is stipulated by law (e.g. reporting obligations under tax law) or
you have granted us your consent.
Furthermore, a transmission to bodies in third countries is envisaged in the following cases:
If this is necessary in individual cases, your personal data will possibly be transmitted to an IT service provider in the USA or another third country in order to guarantee the IT operation of the company by complying with the European level of data protection.
VI. How long will my data be stored for?
We shall process and store your personal data as long as this is necessary in order to fulfill our contractual and statutory obligations.
If the data are no longer required for the fulfillment of contractual or statutory obligations these will, as a rule, be erased, unless their – limited – further processing is necessary for the following purposes:
Fulfillment of storage obligations under commercial and tax law, which may arise e.g. from: the German Commercial Code [Handelsgesetzbuch – HGB], German Fiscal Code [Abgabenordnung – AO]. The deadlines stipulated therein for the storage respectively documentation are, as a rule, two to ten years.
Retention of items of evidence within the scope of the legal statute-of-limitations regulations. According to Sections 195 et seqq. of the German Civil Code [Bürgerlichen Gesetzbuches – BGB] these statutes-of-limitations can be up to 30 years, whereby the regular statute-of-limitations is 3 years.
VII. Which data protection rights do I have?
As a data subject you have
the right to information according to Article 15 GDPR (with the restrictions according to Sections 34 and 35 BDSG new)
the right to rectification according to Article 16 GDPR
the right to erasure according to Article 17 GDPR (with the restrictions according to Sections 34 and 35 BDSG new)
the right to limitation of the processing according to Article 18 GDPR
the right to data portability from Article 20 GDPR
as well as the right to object from Article 21 GDPR. If you file an objection we will no longer process your personal data, unless we can prove mandatory legitimate reasons for the processing, which outweigh your interests, rights and freedoms, or the processing serves the assertion, exercising or defense of legal claims.
There is furthermore a right to lodge a complaint at a responsible data protection supervisory authority (Article 77 GDPR in conjunction with Section 19 BDSG new).
VIII. Is there an obligation to provide data?
Within the scope of our business relationship you must provide those personal data, which are necessary for the commencement, execution and termination of a business relationship and to fulfill the thus associated contractual obligations or to the collection of which we are obligated by law. We would like to point out that, without the availability of these data, we will, as a rule, not be in the position, to conclude a contract with you, to carry out and end such a contract.
IX. Does an automated decision-making take place?
An automated decision-making within the meaning of Art. 22 GDPR is principally not used to establish and execute the business relationship. Should we use this process in individual cases, we will inform you hereof and about your rights in this respect separately if this is stipulated by law.
X. Does a profiling take place?
Within the scope of the business relationship we do not use any automated profiling.
XI. Information about your right to object according to Article 21 GDPR
1. Individual case-related right to object
You have the right to file an objection at all times for reasons, which arise from your particular situation, against the processing of personal data relating to you, which is carried out owing to Article 6 Para. 1 lit. e GDPR (Data processing in the public interest) and Article 6 Para. 1 lit. f GDPR (Data processing on the basis of a weighing up of interests); this shall also apply to a profiling that is supported on this provision within the meaning of Article 4 No. 4 GDPR.
If you file an objection we will no longer process your personal data, unless we can prove mandatory legitimate reasons for the processing, which outweigh your interests, rights and freedoms, or the processing serves the assertion, exercising or defense of legal claims.
2. Right to object to a processing of data for purposes of direct marketing
In individual cases we shall process your personal data in order to operate direct marketing. You have the right to file an objection against the processing of personal data relating to you for the purpose of such marketing; this shall also apply to the profiling, insofar as it is associated with such direct marketing. In case of an exercised objection a further data processing will no longer take place for the purposes of the direct marketing.