Austria
Belgium
Denmark
Estonia
Finland
France
Germany
Greece
Iceland
Ireland
Italy
Liechtenstein
Netherlands
Norway
Poland
Portugal
Spain
Sweden
Switzerland
Turkey
United Kingdom
Australia
Hong Kong
New Zealand
India
Indonesia
Japan
Malaysia
Philippines
Singapore
Thailand
Brazil
Chile
Colombia
Mexico
Peru
Bahrain
Israel
Morocco
Oman
UAE
Saudi Arabia
Tanzania
Data protection information for customers and business partners
DATA PROTECTION INFORMATION ACC. ART. 13 / ART. 14 GDPR
The protection of your personal data is of particular concern to us. We therefore process your personal data ("data" for short) exclusively on the basis of the statutory provisions. With this general data protection information, we want to inform you comprehensively about the processing of your data in our company and the data protection claims and rights to which you are entitled in accordance with Art. 13 / Art. 14 of the General Data Protection Regulation (GDPR).
1. Who is responsible for data processing and who can you contact?
Responsible is
Howden Deutschland AG
Mies-van-der-Rohe-Straße 6
80807 Munich
Deutschland
Phone: +49 89 543290
E-Mail: [email protected]
The company data protection officer is
Robert Heindl
Projekt 29 GmbH & Co. KG
Ostengasse 14
93047 Regensburg
Phone: +49 941 2986930
E-Mail: [email protected]
2. Which data is processed and from which sources does this data originate?
We process the data that we have received from you or our business partners in the context of contract initiation or processing or on the basis of consent.
Personal data includes the following
For customers, e.g. first name and surname, address, contact details (e-mail address, telephone number, fax), bank details and, in the case of certain insurance contracts, health data.
For business partners, this includes, for example, the name of their legal representative, company, commercial register number, VAT number, company number, address, contact details (e-mail address, telephone number, fax), bank details.
For visitors to our company, this includes name and signature.
For journalists, this includes first and last name, e-mail address, fax number.
For competition participants, this includes first name and surname, e-mail address.
In addition, we also process the following other personal data:
- Information on the type and content of contract data, order data, sales and document data, customer and supplier history and consulting documents,
- Advertising and sales data,
- Information from your electronic communication with us (e.g. IP address, log-in data),
- other data that we have received from you in the course of our business relationship (e.g. in discussions with customers),
- Data that we generate ourselves from master / contact data and other data, e.g. by means of customer demand and customer potential analyses,
- the documentation of your declaration of consent for the receipt of e.g. newsletters.
- Photographs in the context of events.
3. For what purposes and on what legal basis is the data processed?
We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act 2018 as amended:
- for the fulfilment of (pre-)contractual obligations (Art. 6 para. 1 lit. b GDPR):
Your data is processed for the purpose of contract fulfilment. The data is processed in particular when initiating business and when executing contracts with you, including claims processing.
- for the fulfilment of legal obligations (Art. 6 para. 1 lit. c GDPR):
The processing of your data is necessary for the purpose of fulfilling various legal obligations, e.g. from the German Commercial Code, the German Fiscal Code or sanction checks.
- to safeguard legitimate interests (Art. 6 para. 1 lit.f GDPR):
Based on a balancing of interests, data may be processed beyond the actual fulfilment of the contract to protect our legitimate interests or those of third parties. Data processing to protect legitimate interests takes place in the following cases, for example:
- Advertising or marketing (see no. 4),
- Measures for business management and further development of services and products;
- Maintaining a group-wide customer database to improve customer service
- in the context of legal prosecution
- Sending of non-sales-promoting information and press releases.
- within the scope of your consent (Art. 6 para. 1 lit. a GDPR):
If you have given us your consent to process your data, e.g. to send you our newsletter, publish photos, competitions, etc., we will use your data for this purpose.
You can revoke your consent at any time by sending us a short message.
4. Processing of personal data for advertising purposes
Subject to the legal requirements of Section 7 (3) UWG, we are authorised to use the email address you provided when concluding the contract for direct advertising for our own similar goods or services. You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter.
If you do not wish to receive such recommendations from us by e-mail, you can object to the use of your address for this purpose at any time without incurring any costs other than the transmission costs according to the basic rates. A message in text form is sufficient for this. Of course, each e-mail always contains an unsubscribe link.
5 Who receives my data?
If we use a service provider in the sense of order processing, we nevertheless remain responsible for the protection of your data. All processors are contractually obliged to treat your data confidentially and to process it only within the scope of providing the service. The processors commissioned by us will receive your data if they require the data to fulfil their respective service. These are, for example, IT service providers that we need for operation and security of our IT system as well as advertising and address publishers for our own advertising campaigns.
Your data is processed in our customer database. The customer database supports the enhancement of the data quality of the existing customer data (duplicate cleansing, moved/deceased indicator, address correction) and enables the enrichment with data from public sources.
This data is made available within the group of companies to the extent necessary for contract processing. Customer data is stored separately for each company, with our parent company acting as a service provider for the individual participating companies.
In the event of a legal obligation and in the context of legal prosecution, authorities and courts as well as external auditors may be recipients of your data.
In addition, insurance companies, banks, credit agencies, experts or service providers may be recipients of your data for the purpose of contract initiation and fulfilment.
6 How long will my data be stored?
We process your data until the termination of the business relationship or until the expiry of the applicable statutory retention periods (e.g. from the German Commercial Code, the German Fiscal Code or the Working Hours Act); in addition, until the termination of any legal disputes in which the data is required as evidence.
7. is personal data transferred to a third country?
Data processing generally takes place in the EU/EEA. If data is transferred to a third country, then only if the appropriate level of protection is guaranteed on the basis of one of the measures specified in Art. 44 ff GDPR (e.g. adequacy decision, standard contractual clauses).
8 Where did we obtain your personal data?
In principle, we collect the data directly from you. In some cases, however, we also receive your data from our contractual partners (e.g. brokers, insurance companies) in order to fulfil our contractual obligations.
9. What data protection rights do I have?
You have the right to information, correction, deletion or restriction of the processing of your stored data, a right to object to the processing as well as a right to data portability and to lodge a complaint in accordance with the requirements of data protection law.
Right to information:
You can request information from us as to whether and to what extent we process your data.
Right to rectification:
If we process your data that is incomplete or incorrect, you can request that we correct or complete it at any time.
Right to cancellation:
You can demand that we erase your data if we process it unlawfully or if the processing disproportionately interferes with your legitimate protection interests. Please note that there may be reasons that prevent immediate erasure, e.g. in the case of statutory retention obligations.
Irrespective of the exercise of your right to erasure, we will erase your data immediately and completely, provided that there is no legal or statutory retention obligation to the contrary.
Right to restriction of processing:
You can request that we restrict the processing of your data if
- you contest the accuracy of the data, for a period enabling us to verify the accuracy of the data.
- the processing of the data is unlawful, but you refuse to have it erased and instead request that the use of the data be restricted,
- we no longer need the data for the intended purpose, but you still need this data for the assertion or defence of legal claims, or
- you have objected to the processing of the data.
Right to data portability:
You may request that we provide you with the data you have provided to us in a structured, commonly used and machine-readable format and that you may transmit this data to another controller without hindrance from us, provided that
- we process this data on the basis of a consent given and revocable by you or for the fulfilment of a contract between us, and
- this processing is carried out using automated procedures.
If technically feasible, you can request that we transfer your data directly to another controller.
Right of objection:
If we process your data on the basis of a legitimate interest, you can object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defence of legal claims. You can object to the processing of your data for the purpose of direct marketing (see point 4) at any time without giving reasons.
Right of appeal:
If you are of the opinion that we are violating German or European data protection law when processing your data, please contact us so that we can clarify any questions you may have. Of course, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision.
If you wish to assert one of these rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.
10. Am I obliged to provide data?
In most cases, the processing of your data is necessary for the conclusion or fulfilment of the contract you have entered into with us. If you do not provide us with this data, we will generally have to refuse to conclude the contract or will no longer be able to fulfil an existing contract and will therefore have to terminate it.
However, you are not obliged to give your consent to the processing of data that is not relevant or legally required for the fulfilment of the contract.