The purpose of this document is to provide you with information about the processing of your data and your rights under the data protection laws and regulations. The specific data which will be processed will depend largely on the nature and scope of the existing business relationship.

Please also pass this information on to the authorised representatives and contacts in your company.

Handling of personal data

Personal means any information relating to an identified or identifiable natural person, i.e. information that can be used to identify a person. This includes, for example, the name, the e-mail address or the telephone number.

Responsibilities

The controller responsible for your data and related queries is:

IBH Ingenieurbüro Harm Elektrotechnik GmbH

Gutenbergring 35

22848 Norderstedt

Managing director:                  Henning Sauerland

Data protection officer:            Andreas Heppner

Tel.:                                         +49 40 655 888 - 122

Email:                                      aheppner@elektrotechnik.de

What data do we use and how do we collect it?

As a rule, you can visit our websites without us requiring any personal data from you. We only collect, use or disclose personal data where we are permitted to do so by law or based on the user's given consent to data collection, e.g. through a product or information enquiry or by leaving their contact details for us to respond to. In this case, we may also use cookies. You will then be informed about this on the website. Your personal data will not be passed on, sold or otherwise transferred to third parties.

Access data/server log files

We (or our webspace providers) collect data about each access to our websites (known as server log files). These access data include:

Name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system and the IP address, which can also be used to trace the requesting provider.

The log data are only used for statistical, operational and security purposes or to optimise the website. However, we reserve the right to check the log data retrospectively, if there is concrete evidence providing reasonable grounds for suspecting illegal use.

Communication

As part of initiating and conducting the business relationship, we process, in particular, the following categories of data of our business partners or their contact persons, which we receive directly from them to implement contracts or based on prior consent. On the other hand, we process data that we have legitimately obtained from publicly accessible sources:

Prospective customers:
Personal / contact data such as first name, last name, company, address, communication data

Customers / suppliers / service providers:
Personal / contact data such as first name, last name, company, address, communication data
Contract and billing data such as bank details, tax or VAT ID numbers,
Goods and invoice data

Employees:
Personal / contact data such as first name, last name, date of birth, address and communication data, entry data, information relevant to tax and social security, certificates and appraisals.
 

Purpose and legal basis of data processing

The object of our company is the sales and distribution of electrotechnical and pneumatic products as well as related services. The data is processed for these purposes and in compliance with the provisions of the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and all other relevant laws (e.g. the German Commercial Code (HGB)). Data processing can be divided into the following areas:

• For the performance of a contract or the implementation of pre-contractual measures (Article 6 (1) (b) GDPR)

The primary purpose of processing personal data is the performance of a contract with our customers, suppliers and service providers. This also includes the performance of pre-contractual measures at the request of the business partner.

• For the purpose of balancing of interests (Article 6 (1) (f))
• For the purpose of balancing of interests (Article 6 (1) (f) GDPR)

If necessary, we process your data on the actual performance of the contract, to protect our legitimate interests or those of third parties.
Examples:

- Assessment and optimisation of procedures for needs analysis and direct marketing;
- Establishment and defence of legal claims
- Measures to ensure IT security and to protect IT operations

• Based on consent (Article 6 (1) (a) GDPR)

If you have given us consent to the processing of your personal data for specific purposes (e.g. newsletters, trade show information, campaigns), the lawfulness of this agreement will be based on your consent.

You have the right to withdraw your consent at any time with effect for the future, including consent given to us before GDPR entered into force, i.e. before 25 May 2018. Please note that the withdrawal will only affect future processing. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

• Processing is necessary for compliance with a legal obligation (Article 6 (1) (c) GDPR) or in the public interest (Article 6 (1) (e) GDPR)We are also subject to various legal obligations, i.e. we are required to comply with e.g. tax regulations, customs regulations.

Who has access to your personal data

In our company, your personal data will only be disclosed to departments, which require this information for us to meet our contractual and statutory obligations or for the purposes stated above.

Personal information will only be disclosed outside the company if required by law or if you have consented to it. All internal processors are bound to confidentiality. External recipients, for their part, are obliged to comply with data protection rules and regulations.

Under these conditions, recipients of personal data may include:

• Public bodies and institutions if there is a legal or official obligation
• Processors to whom we transfer personal data for the purpose of conducting the business relationship with you
  (e.g. contract manufacturing, maintenance of IT equipment, data destruction, payment transactions, accounting, auditors)
• Any organisations for which you may have given us your consent to transfer data.

Retention period

We process and store your personal data for as long as it is necessary to fulfil the above-mentioned purposes. It should be noted that our business relationships are generally long-term. If the data is no longer required for the performance of our contractual or legal obligations, we will erase or pseudonymise the data on a regular basis, unless their further processing is required temporarily for the following purposes:

• Adherence to retention periods under commercial and tax laws, e.g. under the German Commercial Code or the German Tax Code. The retention periods specified there can be up to 10 years
• Storage of quality-relevant data regarding the EN 9100ff standard
• Preservation of evidence under the statute of limitations (e.g. Section 195ff. BSG).

Right of access, erasure of data

Every data subject has the right of access under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to object under Article 21 GDPR, as well as the right to data portability under Article 20 GDPR. The restrictions under Articles 34 and 35 BDSG apply to the right of access and the right to erasure. In addition, data subjects have the right to lodge a complaint with a supervisory authority (Article 77 GDPR in conjunction with Article 19 BDSG).

You have the right to withdraw your consent to the processing of personal data at any time,

Provision of data from your side?

As part of our business relationship, you are required to provide the personal data we need for the establishment and implementation of a business relationship and the fulfilment of the associated contractual obligations or which we are required to collect by law.