Art. 12 of the General Data Protection Regulation (DSGVO) - transparent information
We are aware of the significance of the personal data that you have entrusted us with. We consider it to be one of our most important tasks to ensure the confidentiality of your data.
In accordance with the General Data Protection Regulation (DSGVO), which will come into force on May 25, 2018, we would like to comply with our information obligation in conjunction with the collection of personal data, and inform you in a transparent manner of the type, scope and purpose of the personal data collected by us, and provide you with explanatory information on the rights to which you are entitled.
1. Contact information of the controller
Controller within the meaning of the General Data Protection Regulation is:
Enterprise: IMM Photonics GmbH
Street: Ohmstrasse 4
Postal code/city: D-85716 Unterschleissheim
Tel +49 (0)89 3214120
The following person has been appointed data protection officer:
Mr. Stephan Hartinger
Tel.: +49 (0)8232 80988 70
2. Which sources are used for the collection of personal data?
We process personal data which we have received directly from our customers within the scope of our business relationship. In addition, we process personal data which we have received from other companies, e.g. in order to execute orders, fulfil contracts or based on consent issued by you.
On the other hand, we also process personal data which we have legally acquired from publicly accessible sources (e.g. commercial and association registers, press, media, internet) and are permitted to process.
Personal data which is of relevance to us includes:
Customer contact information
During the scope of initiating a business relationship and during the business relationship, in particular via personal, telephone or written contact we record the following personal data:
· Form of address
· First name
· Last name
· Email address
· Telephone number
· Fax number
· Company address
Additional data, which may be recorded, are as follows:
· channel of contact
· occasion and result
· (electronic) copies of the written correspondence
Only in the case of your explicit consent, will we use the data for direct marketing purposes. You may revoke your consent at any time.
Business-related credit-rating information: income/net profit calculations, balance sheets, commercial analysis, type and duration of self-employment.
3. Why is your personal data processed (purposes) and which legal principles is such processing based on?
We process the personal data specified hereinabove in line with the provisions of the EU General Data Protection Regulation (DSGVO) and the German Federal Data Protection Act (BDSG - new):
With regard to the processing of personal data, for which we obtain the consent of the data subject, Art. 6 (1) letter a of the General Data Protection Regulation serves as the underlying legal principle.
With regard to the processing of personal data which is required for the performance of a contract to which the data subject is party, Art. 6 (1) letter b DS-GVO serves as the underlying legal principle. This regulation also covers processing procedures which are required for the performance of measures prior to entering into a contract.
To the extent that the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) sentence 1 c) DS-GVO serves as the underlying legal principle.
If the processing is necessary to safeguard a legitimate interest on the part of our company or of a third party and the interests, fundamental rights and freedoms of the affected party do not outweigh the afore-mentioned interest, Art. 6 (1) sentence 1 f) DS-GVO serves as the underlying legal principle for the processing. The legitimate interest of our company lies in the performance of our business activities.
4. Disclosure of data to third parties
Within our company, only persons and units that require your personal data for compliance with our contractual and statutory obligations receive the said data.
We transmit data to third parties to the extent that we require these for the performance of a contractual obligation.
No transmission of data to third parties which goes above and beyond the scope of the purposes specified under item 3 takes place.
Moreover, we transmit data to third parties if there is a statutory obligation to do so. This is the case when state institutions (e.g. authorities and administrative offices) make written enquiries, a judicial order has been submitted, or a specific legal principle permits such disclosure.
To the extent that we advance costs, e.g. with regard to purchase on account, we reserve the right to obtain information pertaining to identification and credit rating from service providers specialised in this field for the purpose of safeguarding our legitimate interests.
5. Disclosure of data to companies in third countries
The disclosure of personal data to so-called third countries outside of the EU/EEA shall not take place.
6. Data storage periods / deletion deadlines
We process and store your personal data as long as it is necessary for the performance of our contractual obligation as well as for all additional purposes specified under item 3, or as is stipulated by the retention periods provided for by legislature.
If the data is no longer required for the performance of contractual or statutory obligations, it shall be blocked from further processing or erased on a regular basis and in accordance with the statutory provisions.
7. Data-protection rights of the data subject
If you have any questions regarding your personal data, please feel free to contact us in writing at any time.
You have the following rights pursuant to DS-GVO:
The right to information (sub-item Art. 15 DS-GVO)
You are entitled, at any time, to receive information with regard to which categories and information in terms of your personal data are processed by us, and to what purpose and how long, and according to which criteria this data is stored, and whether automated decision-making, including profiling, is applied in this connection. In addition, you are also entitled to learn the recipients or categories of recipient to whom your personal data has been or will be disclosed, in particular recipients in third countries or international organisations. In this case, you also have the right to be informed of appropriate guarantees in connection with the disclosure of your personal data.
In addition to the right of action with the supervisory authority and the right to information with regard to the origins of your data, you are also entitled to the erasure, rectification, as well as restriction of and/or the right of objection to the processing of your personal data.
In all the above-mentioned cases, you have the right to request, from the data processor, a copy – issued at no additional charge – of your personal data which is processed by us. With regard to all additional copies which you request or which go above and beyond the data subject's right to information, we are entitled to charge an appropriate fee.
Right to rectification (Art. 16 DS-GVO)
You have the right to request the immediate rectification of any incorrect personal data pertaining to you and, taking into account the purposes of the processing, you shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
If you would like to assert your right to rectification, you can contact our data protection officer or the data controller at any time.
Right to erasure (Art. 17 DS-GVO)
You have the right to request the immediate erasure of your data ("right to be forgotten"), in particular, if the storage of the data is no longer required, you revoke your consent to the data processing, your data has been unlawfully processed or unlawfully collected and a legal obligation of erasure is in force pursuant to EU or national law.
The right to be forgotten shall, however, not apply if an overriding right to the freedom of expression or information is in force, the data storage is necessary for compliance with a statutory obligation (e.g. retention obligations), the erasure is contradictory to purposes of archiving, or the storage serves the assertion, exercise or defence of legal rights.
Right to restriction (Art. 18 DS-GVO)
You have the right to demand from the controller that the processing of your data be restricted if you contest the accuracy of the data, the processing is unlawful, you reject the erasure of your personal data and you request a restriction of the processing instead, if the necessity for the processing purpose no longer applies or you have objected to the processing pursuant to Article 21 paragraph 1, as long as it has not been determined that legitimate grounds on our part outweigh yours.
Right to data portability (Art. 20 DS-GVO)
You have the right to the portability of your personal data which you have made available to our company using a commonly used format, so that you are able to have your personal data transmitted to another controller without any problems to the extent that, for example, consent on your part has been issued and the processing takes place via an automated procedure.
Right to objection (Art. 21 DS-GVO)
You have the right to object to the collection, processing, or use of your personal data for direct marketing purposes or market and opinion research purposes as well as the general commercial data processing at any time, unless we can bring forward compelling legitimate grounds for the data processing which override your interests, rights and freedoms. In addition, you may not exercise your right of objection if such collection, processing and use of the data is provided for by law or mandatorily stipulated by it.
Right of action with the Data Protection Supervisory Authority (Art. 77 DS-GVO in conjunction with § 19 BDSG [German Federal Data Protection Act])
You shall be entitled to bring action with the responsible supervisory authority if you are of the opinion that a breach has taken place in connection with the processing of your personal data.
Right to revoke consent issued under data-protection law (Art. 7 (3) DS-GVO)
You shall be entitled to revoke any consent issued for the processing of your personal data at any time and without having to provide reasons therefor. This shall also apply to the revocation of declarations of consent which were issued to us prior to the entry into force of the EU General Data Protection Regulation.
8. Statutory or contractual regulations on the provision of personal data as well as possible consequences of non-provision
We would like to call your attention to the fact that the provision of personal data is required by law in certain cases (e.g. tax regulations), or may arise from contractual regulations (e.g. information pertaining to the contractual partner). It may, for example, be necessary for the conclusion of a contract for the data subject/contractual partners to make their personal data available so that we are able to process their concern/the matter at hand (e.g. order) in the first place. The conclusion of a contract, in particular, gives rise to an obligation to make personal data available. Should no personal data be made available in this case, the contract with the data subject cannot be concluded. The data subject may contact our data protection officer or the data controller prior to the provision of the said personal data. The data protection officer or the data controller shall explain to the data subject whether the provision of the required personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data in the light of the data subject's concern, and of the possible consequences for the data subject of failure to provide the requested data.
9. Statutory existence of automated decision-making (incl. profiling)
As a responsible company, we have done away with automated decision-making or profiling with regard to our business relationships.