Note on the protection of your data
These notes serve to inform you about the processing of your personal data by KERSTEN Elektrostatik GmbH and about your rights under new data privacy legislation.
Responsible entity for data processing
The responsible entity pursuant to Art. 4 par. 7 of the EU General Data Protection Regulation (GDPR) and the data privacy regulations, as amended, of the specific states will be:
KERSTEN Elektrostatik GmbH
D - 79115 Freiburg
Telephone: +49 761 47944-0
Fax: +49 761 47944-99
You may contact our Data Privacy Officer, Mr. Sven Bartsch, reference Data Privacy Officer, at the above address or by e-mail at:
What data and sources will we be using?
Personal data are generated through personal, telephonic or written contact when business relationships are explored or in the course of such relationships, initiated either by you or by us. Such information may constitute contact means, dates, occasions and outcomes, also digital or other copies of correspondence.
Relevant personal data exchanged with interested parties may include: Names, addresses and other contact information (phone, e-mail). In addition to the above data, other personal data may be acquired, processed and saved as our products are procured and used.
The reasons why we process your data (purpose) and based on what legal provisions
We will process your abovementioned personal data compliant with the EU General Data Protection Regulation (GDPR) and the new Federal Data Privacy Act (BDSG).
Processing to allow performance of contractual obligations (Art. 6 (1) lit. b GDPR)
Personal data will be processed in the course of performance of contracts with our customers or when carrying out tasks in response to your enquiries and prior to conclusion of a contract.
Processing within the framework of balancing of interests (Art. 6 (1) lit. f GDPR)
We may also where necessary process your data for the protection of our or a third party’s legitimate interests, even over and above processing for contractual purposes. Examples:
- Consultation of and data exchange with credit agencies (e.g. Schufa) in terms of creditworthiness or risk of default
- Checks and optimisation of analysis of demand procedures and for direct customer contact, including customer segmentation
- Promotion of our products, unless you have objected to such use of your data
- Assertion of legal claims and defence in the event of legal disputes
- Ensuring the security of IT and IT operation
- Prevention of felonies
- Measures to ensure the security of buildings and facilities (e.g. access control)
- Measures towards ensuring domestic authority
- Business control measures and development of services and products
Processing based on your consent (Art. 6 (1) lit. a GDPR)
Data processing based on your consent will be lawful provided you have agreed to the processing of personal data for the specific purposes (e.g. distribution of data within a group/corporation). Your consent may be withdrawn at any time. This also applies to the withdrawal of consent you may have given us prior to the EU General Data Protection Regulation entering into effect, i.e. before 25 May 2018. Please take note that your withdrawal will not be retroactive. Processing that took place prior to such withdrawal will not be affected.
Processing based on statutory requirements (Article 6 (1) c GDPR) or in the public interest (Article 6 (1) lit. e GDPR)
We will also over and above this process your personal data as required by law, e.g. requirements by supervisory authorities, retention periods required under the commercial or tax regime, or our consultative duties.
Who will obtain my data?
Those departments within our company that need your data for the fulfilment of their contractual and statutory duties will have access to such data. We will not pass on your information unless we are legally obliged to (e.g. social insurance carriers, fiscal authorities or law enforcement agencies), unless you have given your consent and/or unless our subcontractors guarantee compliance with the EU General Data Protection Regulations / the Federal Data Privacy Act. Subcontractors whom we may task with processing your personal data as required by our business relationship may fall under the following categories: Handling of banking information, supporting/servicing EDP/IT applications, archiving, processing of invoices, compliance services, controlling, data screening for detection of money laundering, data purging, buying/procurement, customer management, communication, research, risk control, statement of expenses, telephones, video legitimisation, Web page management, auditing, payments.
For how long will my data be retained?
We will process and store your personal data for as long as needed for the execution of our contractual and statutory obligations. Your personal data will normally be deleted or blocked when they are no longer needed for compliance with contractual or statutory obligations, after you have exercised your right to demand deletion, or when all mutual claims have been settled and no other statutory obligations to retain the data or to serve as a basis for legitimate storage exist.
What are my rights under data privacy?
You have a right to demand information on your stored personal data at the above address (Art. 15 GDPR). You may also demand corrections should your personal data we have stored be incorrect (Art. 16 GDPR). You may furthermore under certain conditions also demand that your personal data be deleted (Art. 17 GDPR) or exercise your right to objection (Art. 21 GDPR). You also have a right to demand that processing of your personal data be limited (Art. 18 GDPR) or that the data you have made available be returned (Art. 20 GDPR). The restrictions pursuant to §§ 34 and 35 BDSG [Federal Data Protection Act] apply to the rights of information and deletion.
You may at all times withdraw your consent that we process your personal data. This also applies to the withdrawal of any consent given prior to the EU General Data Protection Regulation entering into effect, i.e. before 25 May 2018. Please take note that your withdrawal will not be retroactive. Processing that took place prior to such withdrawal will not be affected.
You are also over and above this entitled to lodge a complaint with a supervisory data protection authority (Art. 77 GDPR in conjunction with § 19 BDSG).