This Privacy Notice is to inform you of the processing of your personal data by PEINER SMAG Lifting Technologies GmbH and your personal rights as per the new EU General Data Protection Regulation (GDPR) and the new Federal Data Protection Law [Bundesdatenschutzgesetz -BDSG] starting 25th May 2018.
Responsible party for the processing of your personal data
PEINER SMAG Lifting Technologies GmbH
Tel: +49 5341 302-0
Fax: +49 5341 302-424
Data protection officer
Our person responsible for data protection can be reached at:
c/o BEL NET GmbH
Purposes and legal basis of the data processing
We process your personal data only in accordance with the legal provisions stated in the EU General Data Protection Regulation (GDPR), the new Federal Data Protection Law (BDSG) and other laws which may be applicable. We therefore only process your data in as far as a contractual basis exists, we have your permission to process your data or the law allows or requires us to process your data.
Data processing in order to fulfil a contract or perform prerequisite services
We process the personal data which you provide us in the registration sheet / order form to the extent to which it is necessary to conclude the contract, perform the duties of the contract and to terminate the contractual relationship. In addition to the data for the services you have requested or goods you have ordered, it includes your forename, your surname, your customer number and your address.
In order to enable proper performance of the contract and to be able to contact you as quickly as possible to respond to queries or problems, we process your address and/or your telephone/mobile number and/or your e-mail address should you have provided us with these for this purpose. The legal basis for the data processing for fulfilment of a contract and the performance of prerequisite services is generally Art. 6 Sec. 1 lit. b GDPR.
Data processing for the purposes of the protection of legitimate interests of the responsible party or a third Party
We also process your data where it is necessary to protect our legitimate interests or the legitimate interests of a third party. Processing which we may perform based on a legitimate interest include direct marketing of our products, generating internal statistics, investigation of crimes or measures to ensure the proper operation of our IT infrastructure. The legal basis for data processing to protect our legitimate interests as the responsible party or the legitimate interests of a third party is Art. 6 Sec. 1 lit. f GDPR.
Data processing to fulfil legal requirements
We also process your data where it is necessary to fulfil the legal duties to which we are subject. The duties which we have to fulfil include archiving requirements for tax law or commercial law purposes. The legal basis for the processing in order to fulfil a legal duty is Art. 6 Sec. 1 lit. c GDPR plus the additionally relevant legal standards.
Data processing on the basis of a permission for other purposes
We also may process your personal data in cases where you have granted your express permission (cf. Art. 6 Sec. 1 lit. a GDPR). In such cases we provide you with additional data protection legal information as part of the permission process. You can revoke your permission at any time via the above-mentioned contact details. Should we process your personal data in future for other purposes which are not listed in this Privacy Notice, we will inform you of this and the associated legal requirements.
Categories of recipients of the personal data
Data processing in the company Group
As part of our administrative activities and the performance of the contract, it may be necessary for us to transmit your personal data to the company in our Group which handles the task of processing the data.
External service Providers
Our external service providers which process data in our name are contractually obliged as per Art. 28 GDPR to handle the personal data in accordance with the applicable laws. If these companies come into contact with your personal data, we have ensured by legal, technical and organisational means and by regular checks that these companies adhere to the requirements of the data protection laws.
We may make your personal data available to government authorities in cases where required by our legal duty to provide information.
Transmission of data to a third country
We generally do not transmit your personal data to a third country or an international organisation outside the European Economic Area (EEA). Should such a transmission occur in a specific case, this will only involve countries covered by the European Commission’s adequacy decision or where suitable or appropriate guarantees of this level of data protection are confirmed (e.g. binding corporate rules or EU standard contractual clauses).
Duration of the data storage
We store your personal data only for as long as necessary to achieve the purposes mentioned above and for the time period during which we may potentially be subject to legal claims. The period of legal limitation for such claims can range from three to thirty years depending on the case. We also store your personal data to the extent to which we are subject to legal documentation and archiving requirements (e.g. commercial laws, fiscal code or money laundering laws). The archiving durations required by law can be up to ten years. In certain cases, there can also be special documentation requirements which necessitate storage of your personal data for a longer period.
Rights of the persons concerned
As the person concerned, you are entitled to the following rights in accordance with Art. 15 ff. GDPR:
Right of information
You have the right to demand information from us on whether we process personal data referring to you. If this is the case, you have the right to demand information from us concerning this personal data.
Right to correction
You have the right to demand that we correct any personal data which we hold on you which is incorrect.
Right to deletion
In certain cases, you have the right to demand from us that personal data which we hold on you be deleted promptly.
Right to restriction of processing
In certain cases, you have the right to demand from us that we restrict the processing of data.
Right to data portability
You have the right to receive from us the personal data which we hold on you and which you provided to us in a structured, usual and machine-readable format.
Right to objection against the processing
You have the right to object to the processing of your personal data on the basis of Art. 6 Sec. 1 lit. e or f GDPR at any time for reasons resulting from your personal situation. If we use your data for direct marketing, you can raise objection at any time.
Right of revocation
If you have granted us permission to use your personal data, you can revoke this at any time.
Data Protection Supervisory Authority
You also have the possibility to make a complaint to the Data Protection Supervisory Authority regarding our processing of your personal data. The Data Protection Supervisory Authority which is responsible is:
Die Landesbeauftragte für den Datenschutz Niedersachsen
Should you have any further questions or comments, please contact us or our Data Protection Officer at any time.