Data protection statement pursuant to the EU General Data Protection Regulation (GDPR)
Our Data Protection Guideline was changed with effect from 25 May 2018
For you to order our products and take advantage of our services we require certain data and information. Below you will find an overview of the processing of your personal data by us and your rights according to the data protection law.
We and our data protection officer ensure compliance with the data protection regulations, in particular the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG-new). You can retrieve the data protection statement via the "Data Protection" rider on our website at any time and print it out as necessary. Technical and organisational measures protect our EDP systems against access, alteration or distribution of your data by unauthorised parties and against loss and destruction.
Name and contact data of the person responsible for data processing:
Responsible for our customer data management is
Peters + Bey GmbH
Tel.: +49 40 547600-0
Fax: +49 40 54760076
Contact: Thomas Peters
Contact data of the person responsible for data protection:
For all queries and issues about the data protection of your data, data protection in our company and compliance with the statutory regulations, please contact our data protection officer at email@example.com your concern and providing your contact address. The topics and contents addressed will be handled confidentially.
Processing takes place pursuant to the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG-new).
Sources and data used:
We process personal data, which we receive from you in your capacity of customer, supplier, partner, representative, authorised agent, interested party or a similar capacity. In addition, we process personal data from publically accessible sources (e.g. commercial register, events, fairs, internet, media), the recording and processing of which is permitted. Relevant personal data can be: full name, date of birth, gender, nationality, address, telephone, fax, e-mail, position and area of responsibility in a company, status of self-employment or employee. When using our products, services or works additional personal data may be collected, processed and saved, whether it is a matter of data and recording of awareness and/or experience with our products and services, testing or investigation processes and/or traceability and logistics.
This is how we use your data:
We save your data at the central customer data management of Peters + Bey GmbH only to satisfy your queries, for the satisfaction and processing of contracts between you and us and for own information and publicity purposes. Apart from management our employees from purchasing, sales, service and production have access to the central customer data management of Peters + Bey. Customer data management depends on safeguarding the legitimate interests of Peters + Bey GmbH and facilitates compliance with the data protection regulations on data correctness and data portability. We ensure the protection of your interests and basic freedoms to the advisable extent. We also point out that you do not necessarily have to share personal data with us. If you give us your explicit consent to process personal data for specific purposes (e.g. provision of information, products, events, etc.) this ensures the legitimacy of processing based on your consent. Consent given can be withdrawn at any time. This also applies to the withdrawal of consent statements issued to us before the GDPR came into effect. This withdrawal is only effective for the future and does not concern the legitimacy of previous processing prior to the withdrawal.
Below you will find out why we need which data from you:
- basically to comply with contractual obligations (Article 6 (1 fb) GDPR);
- to conclude an effective purchase, service or work contract with you;
- to deliver your order to the desired address;
- to implement service tasks at the point requested by you;
- to send you product catalogues and/or brochures requested by post and/or e-mail;
- to process and handle returns, guarantees and complaints;
- to send you offers, order summary, order confirmation, contract, delivery note, etc. (we save the respective documents);
- to send you e-mail newsletters for publicity purposes, with information about our products and services, provided you have given us your consent beforehand. We use your data exclusively for publicity purposes of Peters + Bey GmbH, to inform you about specific products, services or events. This type of e-mail will however only be sent with your consent, which you can withdraw with future effect;
- within the scope of the consideration of interested parties (Article 6 (1 f) GDPR). Legitimate interests can be: compliance with IT security and IT operations, legal enforcement and defence against claims, prevention of criminal offences, measures for building and plant security and securing of access rights
Computer data (cookies, IP address) and personal data:
- the IP address will only be used where this is necessary to protect the legitimate interests of the person responsible or a third party, where the interests or basic rights and basic freedoms of the person concerned, which require the protection of personal data, are not predominant (e.g. to pursue legal claims and to clarify criminal offences).
- for payment processing to satisfy the sale of the goods ordered and/or the provision of services of work on our part;
- for possible refunds.
Recipients of personal data:
Within our company only those offices which require your data to satisfy our contractual and statutory obligations shall have access to your data. Service providers and vicarious agents used by us can also receive data for these purposes, provided they observe our written data protection instructions. We may only pass on information about you if this is required by statutory regulations, you have given your consent and/or aligned contractual data processors commissioned by us guarantee compliance with the provisions of the data protection regulation (GDPR).
Data shall only be transferred to countries outside of the EU if this is necessary/or statutorily required for the implementation of orders for the customer, on whose behalf we are acting (e.g. fiscal or security-related reporting obligations), you have given us your consent or in the scope of order data processing. If service providers outside of the EU are used, they are obliged to observe compliance with the level of data protection in the EU in addition to the written instructions of the agreement on EU standard contractual clauses.
Duration of data storage:
We shall store your data for as long as they are needed for the respective purpose and then they will be deleted. Data storage is required:
- for as long as we require your data to provide services to you or, if you are in contact with our customer service, only as long as the provision of support-related reports is necessary;
- if it is reasonably necessary or essential to satisfy statutory (e.g. data retention), fiscal and official regulations, for the clarification of disputes, prevention of fraud and misuse, that we store some of your information, we shall continue to do so even after this information is no longer required for us to provide services to you;
- the storage period for specific data, required for the processing of contracts and for which there is a fiscal retention period (document data) is at least 10 years. During this time processing of data is limited. The retention obligation starts with the end of the calendar year in which the offer was submitted or the contract fulfilled;
- for retention of evidence within the scope of limitation rules according to Sections 195 ff BGB [German Civil Code] (up to 30 years).
Your Data Protection Rights:
As the person concerned you are entitled to access (Art. 15 GDPR), rectification ((Art. 16 GDPR), deletion (Art. 17 GDPR), restriction of processing (Art. 18 GDPR), objection (Art. 21 GDPR), data portability (Art. 20 GDPR) and to lodge a complaint with a supervisory authority (Art. 77 GDPR in conj. with Section 19 BDSG-new). The restrictions of Section 34 and 35 BDSG-new apply to the right to information.
You can withdraw your consent to the processing of personal data at any time with future effect.
Right of objection pursuant to Art. 21 GDPR:
You have the right to object to the processing of your personal data at any time.
If you object we shall no longer process your personal data, unless we can present compelling and legitimate reasons for the processing, which outweigh your interests, rights and freedoms, or the processing would serve the assertion , exercise or defence of legal rights. Your statutory right to access, rectification or deletion of personal data shall not be affected.
To exercise your rights please contact our data protection officer at firstname.lastname@example.org.
Fiscal and tax matters and claims:
To regulate claims and for fiscal and tax matters we reserve the right to commission external companies and/or lawyer/tax offices. In this context data exchange for the processing of the individual case will be according to the respective valid regulations.
Updating and changes:
From time to time the data protection statement must be adjusted to the actual circumstances and the legal situation. You will be informed of any changes or updating of these data protection regulations.
Status: 25 May 2018