Data Protection Information for Business Partners

Below we, Dr. Schumacher GmbH, our group companies, departments and groups, wish to inform you about the processing of your personal data as our business partner. Business partners are parties interested in our products and services, as well as existing customers, suppliers, sales and cooperation partners and their employees (contact persons), hereinafter referred to as “business partners”. Please also make sure that this data protection information is made available to the persons within your company who come into business contact with us, for example as contact persons. According to Article 4 No. 1 Sentence 1 GDPR, personal data is all information relating to an identified or identifiable natural person. This includes, for example, your name or your customer number, if it refers to a natural person.

Controller responsible for the processing of your personal data:

As long as no deviating contractual agreements have been made, the competent and responsible controller (responsible controller according to Art. 4 No. 7 GDPR) for the collection, processing and use of your personal data is:

Dr. Schumacher GmbH
Am Roggenfeld 3
34323 Malsfeld
in the Federal Republic of Germany.

Categories of personal data and data sources:

  • Master data
    This is information about our business partner that we have received from you, your company or from third parties, e.g. publicly available sources. This may include, for example, first name, surname, title, position in the company, business address or business contact data.
  • Contractual data
    Personal data is regularly required for the initiation, execution or fulfillment of a contract, this may include, for example, order data, bank data, turnover, sales tax ID, commercial register number, course of business or communication data. This data is collected directly from you or results from the course of the contractual relationship itself.
  • Personal data is collected from publicly available sources or credit agencies.

Purposes of data processing and legal basis:

  • Fulfillment of contractual obligations in accordance with Art. 6 (1) (b) GDPR
    Data processing is carried out for the purpose of contract initiation, execution and fulfillment.
  • Fulfillment of legal obligations according to Art. 6 (1) (c) GDPR
    Data processing is carried out on the basis of legal obligations, which may result from tax and commercial laws, among other things.
  • Legitimate interests pursuant to Art. 6 (1) (f) GDPR
    Data processing is carried out on the basis of a legitimate interest from us or a third party. This would be, for example, the group-wide exchange of information, processing in our CRM system, IT security, marketing activities or even physical security.
  • Based on a consent pursuant to Art. 6 (1) (a) GDPR

Necessity of data provision:

It is necessary that you provide us with your personal data for the execution of the contract or pre-contractual measures and is voluntary on your part. If you do not provide us with the personal data, this could delay certain processes or make it impossible for us to conclude or execute the contract with you.

Categories of recipients:

Dr. Schumacher GmbH may transfer personal data within the group if this becomes necessary to fulfill the purpose.
Where appropriate, personal data may be disclosed to courts, governmental authorities, law firms or similar third parties, to the extent permitted and necessary to comply with applicable law or to defend or assert legal claims.
In some areas Dr. Schumacher GmbH uses service providers (so-called contract processors), e.g. IT service providers, who could possibly have access to your personal data if this is necessary to provide the services. The contract processors are contractually obliged to comply with the applicable data protection laws (in accordance with Art. 28 GDPR) and act exclusively in accordance with the instructions of Dr. Schumacher GmbH.

Retention periods:

Dr. Schumacher GmbH and its service providers store your personal data as long as it is necessary to fulfill contractual and legal obligations. If your personal data is no longer required to fulfill legal or contractual obligations, it will be regularly deleted, unless there is a statutory retention period which may result from tax and commercial law regulations to the contrary; these amounts are usually 6 to 10 years. It can also be necessary to secure evidence within a limitation period, which is usually 3 years, but can also last up to 30 years.

Your rights as a data subject:

If you have given your consent to certain processing activities, you can revoke this consent at any time with effect for the future. This revocation will not affect the previous processing of data.
If the legal requirements are met, you have the right:

  • to request information about which of your data we process (Art. 15 GDPR)
  • to have your data corrected or deleted, insofar as this does not conflict with our legitimate interest or a legal obligation to process it (Art. 16, 17 GDPR)
  • to restrict the processing of your data (Art. 18 GDPR)
  • to be able to claim data transferability (Art. 20 GDPR)

Revocation pursuant to Art. 21 of the General Data Protection Regulation

The data subject has the right to object at any time, for reasons arising from their particular situation, to the processing of personal data relating to them which is carried out pursuant to Article 6 (1) (f) of the GDPR.
Your personal data will not be processed after this unless we can prove compelling reasons for processing worthy of protection that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

To exercise this right, please contact us as indicated in the “Queries” section.

You also have the right to lodge a complaint with the competent supervisory authority (Art. 77 GDPR in connection with Section 19 BDSG).
Please note that the above rights may be limited by national law.
To exercise your rights, please contact us as indicated in the “Queries” section.

Guest Management Tool Guestoo

This website uses guestoo to send out invitations and for guest management. For the processing of events, you provide personal data to guestoo. For this purpose, the following personal data is set or collected.

  • E-mail address
  • First name, last name

The provider is Code Pirates UG (haftungsbeschränkt) Am Ruhmbach 44, 45149 Essen, Germany. Guestoo is a service to organize and analyze your guest management. The data entered by you for the purpose of sending invitations (e.g. e-mail address) is stored on guestoo's servers in Germany or other EU countries. Our invitations sent with guestoo allow us to manage the acceptances and refusals and to analyze the behavior of the recipients. Among other things, we can analyze how many recipients opened the invitation.

For more information about data analysis with guestoo, please visit: https://www.guestoo.de/datenschutzerklaerung?back=/.

If you do not wish to have your data analyzed by guestoo, you can have your data deleted by guestoo.  The data you have provided for the purpose of invitations will be stored by us until you unsubscribe from the invitation mailing list and will be deleted from our servers as well as from the servers of guestoo after you have unsubscribed. This does not affect any existing legal obligations to retain data. If you do not unsubscribe, your data will be deleted by guestoo within two weeks after the event.

For further details, please refer to guestoo's privacy policy at: https://www.guestoo.de/datenschutzerklaerung?back=/.

Automated decision making:

Dr. Schumacher GmbH does not use automated decision making including profiling within the meaning of Article 22 GDPR.

Queries:

If you have any questions regarding this data protection information or your rights, please contact us at:  

Data Protection Officer

Dr. Schumacher GmbH

Am Roggenfeld 3

34323 Malsfeld

Email: datenschutzbeauftragter(at)schumacher-online.com