Below we, Dr. Schumacher GmbH, our group companies, departments and groups, wish to inform you about the processing of your personal data as our business partner. Business partners are parties interested in our products and services, as well as existing customers, suppliers, sales and cooperation partners and their employees (contact persons), hereinafter referred to as “business partners”. Please also make sure that this data protection information is made available to the persons within your company who come into business contact with us, for example as contact persons. According to Article 4 No. 1 Sentence 1 GDPR, personal data is all information relating to an identified or identifiable natural person. This includes, for example, your name or your customer number, if it refers to a natural person.
Controller responsible for the processing of your personal data:
As long as no deviating contractual agreements have been made, the competent and responsible controller (responsible controller according to Art. 4 No. 7 GDPR) for the collection, processing and use of your personal data is:
Dr. Schumacher GmbH
Am Roggenfeld 3
in the Federal Republic of Germany.
Categories of personal data and data sources:
- Master data
This is information about our business partner that we have received from you, your company or from third parties, e.g. publicly available sources. This may include, for example, first name, surname, title, position in the company, business address or business contact data.
- Contractual data
Personal data is regularly required for the initiation, execution or fulfillment of a contract, this may include, for example, order data, bank data, turnover, sales tax ID, commercial register number, course of business or communication data. This data is collected directly from you or results from the course of the contractual relationship itself.
- Personal data is collected from publicly available sources or credit agencies.
Purposes of data processing and legal basis:
- Fulfillment of contractual obligations in accordance with Art. 6 (1) (b) GDPR
Data processing is carried out for the purpose of contract initiation, execution and fulfillment.
- Fulfillment of legal obligations according to Art. 6 (1) (c) GDPR
Data processing is carried out on the basis of legal obligations, which may result from tax and commercial laws, among other things.
- Legitimate interests pursuant to Art. 6 (1) (f) GDPR
Data processing is carried out on the basis of a legitimate interest from us or a third party. This would be, for example, the group-wide exchange of information, processing in our CRM system, IT security, marketing activities or even physical security.
- Based on a consent pursuant to Art. 6 (1) (a) GDPR
Necessity of data provision:
It is necessary that you provide us with your personal data for the execution of the contract or pre-contractual measures and is voluntary on your part. If you do not provide us with the personal data, this could delay certain processes or make it impossible for us to conclude or execute the contract with you.
Categories of recipients:
Dr. Schumacher GmbH may transfer personal data within the group if this becomes necessary to fulfill the purpose.
Where appropriate, personal data may be disclosed to courts, governmental authorities, law firms or similar third parties, to the extent permitted and necessary to comply with applicable law or to defend or assert legal claims.
In some areas Dr. Schumacher GmbH uses service providers (so-called contract processors), e.g. IT service providers, who could possibly have access to your personal data if this is necessary to provide the services. The contract processors are contractually obliged to comply with the applicable data protection laws (in accordance with Art. 28 GDPR) and act exclusively in accordance with the instructions of Dr. Schumacher GmbH.
Dr. Schumacher GmbH and its service providers store your personal data as long as it is necessary to fulfill contractual and legal obligations. If your personal data is no longer required to fulfill legal or contractual obligations, it will be regularly deleted, unless there is a statutory retention period which may result from tax and commercial law regulations to the contrary; these amounts are usually 6 to 10 years. It can also be necessary to secure evidence within a limitation period, which is usually 3 years, but can also last up to 30 years.
Your rights as a data subject:
If you have given your consent to certain processing activities, you can revoke this consent at any time with effect for the future. This revocation will not affect the previous processing of data.
If the legal requirements are met, you have the right:
- to request information about which of your data we process (Art. 15 GDPR)
- to have your data corrected or deleted, insofar as this does not conflict with our legitimate interest or a legal obligation to process it (Art. 16, 17 GDPR)
- to restrict the processing of your data (Art. 18 GDPR)
- to be able to claim data transferability (Art. 20 GDPR)