OUR DATA PROTECTION POLICY – INFORMATION BASED ON ART. 13, 14 AND 21 OF THE GDPR

With the following information we want to give you an overview of the collection and use of your personal data and your rights that come with it. Which data is being collected and used is subject of the contract between you and us. Therefore, some parts of this document may not apply to you.

In addition, this data protection information may be updated from time to time. You can find the latest version at any time on our website at:https://xtras-log.de/en/disclaimer/

 

Who is responsible for the processing of data and who can I contact?

 

The controller is:

XTRAS forward thinking GmbH & Co. KG

Bergiusstraße 1

28816 Stuhr-Brinkum

 

You can contact our data protection officer as follows:

Sven Schulter

LSR IT-Beratung GmbH

Brockdorfer Esch 1

49393 Lohne

Phone.: 04442-93450

E-Mail: info@lsr-it-beratung.de

 

Types of personal data being processed

We process the following data, which we collect from you during our business relationship:

  • Business name and contact information
  • Title and name
  • Telephone numbers
  • Fax numbers
  • E-Mail addresses
  • Position and function within the company

 

We process your data based on the following laws

We process personal data based on the laws of the GDPR as well as the german „Bundesdatenschutzgesetz“ (BDSG):

For performance of a contract (Art. 6 Paragraph 1 Point b GDPR)

We process to perform:

  • of our contract
  • of ancillary contractual services (e.g. warranty notifications or collection by the manufacturer)

To be in compliance with a legal obligation (Art. 6 Paragraph 1 Point c GDPR)

We are subject to many different legal obligations which require data processing. Some examples are:

  • Tax laws and accounting
  • Answering questions to and being in compliance with legal obligations of regulators or law enforcement agencies
  • Being in compliance with reporting obligations

Furthermore, disclosure of personal data can be necessary in order to meet the requirements of regulators and law enforcement agencies during lawsuits and alike.

 

For the purposes of legitimate interest (Art. 6 Paragraph 1 Point f GDPR)

If needed, we process your data for the purposes of our or your legitimate interest. Examples are:

  • To protect ourselves from lawsuits
  • Processing your data in our CRM system

 

Who are you transferring data to?

Within our company

  • Employees that are in contact with you to perform a contract

Within data processing contracts

Your data may be transferred to service contractors which help us perform our contracts:

  • IT service companies
  • Accounting
  • Data destruction and deletion companies

All contractors are subject to respective data processing agreements and are obliged to handle your data accordingly.

Other third parties

Disclosure of data to other third parties only happens under GDPR laws. Examples are:

  • Public services and institutions, if a regulation exists that mandates data disclosure
  • Credit card businesses and financial services in order to process payments
  • Tax consultants or auditing companies

 

Is data being transferred to an international organisation or a country outside of the EU?

Your data is only processed within the EU or the EEA.

 

How long do you store my data?

We only store data while it is still needed to perform our contracts and be in compliance with regulations. As soon as the data is not needed anymore, we will delete it.

There are exceptions,

  • insofar as statutory retention obligations are to be fulfilled, e.g. German Commercial Code (HGB) and German Fiscal Code (AO). The retention and documentation periods specified there are generally six to ten years;
  • for the preservation of evidence within the scope of the statutory statute of limitations. According to §§ 195 ff of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is 3 years.
  • further.

If we process data based on a legitimate interest, we will delete the data after it is no longer of interest. The aforementioned exceptions apply.

 

Which data protection rights do I have?

You have the right of access (Art. 15 GDPR), the right of rectification (Art. 16 GDPR), the right to erasure (Art. 17 GDPR), the right to restriction of processing (Art. 18 GDPR), the right to object (Art. 21 GDPR) as well as the right to data portability (Art. 20 GDPR).

There are limitations regarding the right of access and the right to erasure (§§ 34 and 35 BDSG).

Furthermore, you have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR, §19 BDSG). The supervisory authority is:

Die Landesbeauftragte für den Datenschutz Niedersachsen

Barbara Thiel

Prinzenstraße 5

30159 Hannover

Phone: (0511) 120 45 00

Fax: (0511) 120 45 99

E-Mail: poststelle@lfd.niedersachsende

 

Do I have to give my data to you?

As part of the contractual relationship, you must provide the personal data that is required for the commencement, execution and termination of the contractual relationship and for the fulfillment of the associated contractual obligations or that we are legally obliged to collect. Without this data, we will generally not be able to conclude or execute the contract with you.

 

Further information on your right to object (Art. 21 GDPR)

Individual right to object

You have the right to object the processing of data based on Art. 6 Paragraph 1 Point f GDPR. This also applies to data being processed via profiling.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

Contact information for objection

You can object simply by sending an e-mail or letter with the subject „Objection“ and your name, address and date of birth to:

Sven Schulter

LSR IT-Beratung GmbH

Brockdorfer Esch 1

49393 Lohne

Phone.: 04442-93450

E-Mail: info@lsr-it-beratung.de