Transparency and information obligations for customers, clients, contractual partners and interested parties of the Laetus GmbH
according to the EU General Data Protection Regulation (GDPR)
With this document, we would like to inform you about the processing of your personal data by the Laetus GmbH and the rights to which you are entitled under data protection law.
Responsible body (controller)/ data protection contact
D- 64665 Alsbach-Hähnlein
Tel: +49 6257 5009-0
Fax: +49 6257 3119
Contact information for data protection
Categories of data / data sources
We process the following personal data within the framework of the contractual relationship and for the initiation of a business relationship:
- Contact data (e.g. first/surname of current and previous contact persons, if applicable, name affixes, company name and address (employer), telephone number including extensions, business e-mail address)
- Occupational data (e.g. department including position)
- Website URL
- Differing Shipping Address
- payment terms
- order history
- if necessary, bank account (as part of a SEPA direct debit mandate also the first / last name of the account holder)
As a matter of principle, we collect your personal data directly from you within the framework of current contractual transactions and the underlying relationship or in the framework of the initiation of a business relationship.
In certain constellations, your personal data may exceptionally also be collected from other sources. This includes event-related queries on relevant information from credit agencies, in particular with regard to credit risk assessments and former credit behavior.
Purposes and lawfulness of data processing
When processing your personal data, the provisions of the GDPR, local data protection laws and other relevant legal provisions are always observed.
Your personal data is exclusively processed for the execution of pre-contractual measures (e.g. for the preparation of offers for products or services) and/or for the fulfilment of contractual obligations (e.g. for the execution of our services or for sales/order/payment processing), (Art. 6 para. 1 lit. b GDPR) or if there is a legal obligation for processing (e.g. due to tax regulations) (Art. 6 para. 1 lit. c GDPR). Personal data was originally collected for these purposes.
Of course, your consent may also constitute a legal basis for the processing of your personal data (Art. 6 para. 1 lit. a GDPR). Before you grant such consent, we will inform you about the purpose of the data processing and about your right of revocation according to Art. 7 para. 3 GDPR. Should the consent also refer to the processing of special categories of personal data in accordance with Art. 9 GDPR, we will explicitly point this out to you in advance.
The Laetus GmbH is also interested in maintaining customer relations with you and providing you with information and offers about our products / services (for example, offers for new products and trainings) by e-mail and telephone. Therefore, we process your data in order to send you the relevant information and offers (Article 6 para- 1 lit. f GDPR).
Your personal data will only be processed for the detection of criminal offences if the requirements of Art. 10 GDPR are met.
Duration of data storage
We will delete data as soon as your data is no longer needed for the above-mentioned purposes or in the event that you revoked your consent. Data will only be stored beyond the existence of the contractual relationship only in cases in which we are either obliged or entitled to do so.
Regulations which oblige us to keep data can for example be found in commercial or tax laws. This may result in a storage period of up to ten years. For example, we may be entitled to keep data in accordance with our contractual agreement or under Article 18 of the GDPR. In addition, statutory limitation periods must be observed.
Data recipients / categories of recipients
In our company, we make sure that only those departments and individuals receive your data that need them to fulfil contractual and legal obligations.
In many cases, service providers support our specialist departments in fulfilling their tasks. These are IT service providers and credit check service providers. In this case, the necessary data protection agreements have been concluded with all service providers.
Additionally, we’re required by law to submit certain information to public authorities, e.g. tax authorities, possibly also law enforcement or customs authorities.
Rights of data subjects
Your rights as a data subject are set out in Articles 15 – 22 GDPR, and include:
- The right to access (Art. 15 GDPR),
- The right to erasure (Art. 17 GDPR),
- The right to rectification (Art. 16 GDPR),
- The right to data portability (Art. 20 GDPR),
- The right to object to processing (Art. 21 GDPR),
- The right to restriction of processing (Art. 18 GDPR).
To exercise these rights, please contact: firstname.lastname@example.org. The same applies if you have questions about data processing in our company or want to revoke a given consent. You can also file a complaint against data processing at a data protection authority.
In the event that we process your data to protect legitimate interests, you may object to such processing at any time for reasons that arise from your specific situation; this also applies to profiling based on these provisions.
We will then cease to process your personal information unless we can demonstrate compelling legitimate grounds for processing such information that outweigh your interests, rights and freedoms, or the processing is intended to assert, exercise or defend legal claims.
If we process your personal data for the purpose of direct marketing, you have the right to object to this data processing at any time without providing the reasons for such objection. This also applies to profiling insofar as it is associated with direct marketing. If you object to the processing for direct marketing, we will no longer process your personal data for such purposes.
Intention to transfer data to a third country
We transfer your personal data to group companies outside the European Economic Area, namely: USA.
Compliance with the data protection level is ensured by: EU standard contractual clauses.
Obligation to provide data
Certain personal data needs to be provided in the framework of our contractual/business relationship as such data are necessary for the establishment, execution and termination of the contractual relationship and the fulfilment of the associated contractual and legal obligations. Without the provision of such data, an execution of the above tasks and duties is not possible.
Automated individual decision-making
We do not use any automated decision-making.