Customers, Suppliers and other Contact Persons

Data protection has a particularly high priority for the executive management at Certmedica International GmbH (Certmedica). Your person-related data is always processed in accord with the European General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to Certmedica. The purpose of this Data Privacy Declaration is to inform all of our business partners (such as customers, suppliers, business contacts, etc.) and other contact persons (such as consumers of products, inquiring persons, applicants, etc.), herein after jointly referred to as “Contact Persons”, of the way in which we process their person-related data.

 

 

(1) Who is responsible for the data collection, and to whom can the data subject turn?

Certmedica International GmbH

Magnolienweg 17
63741 Aschaffenburg, Germany

CEO: Ralf Domdey, Ulrich Girke

Phone: +49 (0) 60 21 / 15 09 3-0
Email: info@certmedica.de

 

The external data protection and security officer for our company is:

 

Oliver Krause
Untergasse 2
65474 Bischofsheim
Telefon: +49 (0) 61 44 / 40 21 97
E-Mail: certmedica@dsbok.de

(2) Which data and sources are used?

Certmedica processes person-related data which is received as part of its business activities from its con-tact persons or address handlers. Certmedica also processes data which you can find in public sources.

Person-related data that can be processed includes:
Names, titles, genders, addresses, telephone numbers, fax numbers, email addresses, professional ti-tles, employers

In addition, it can also include order information, data from fulfilling contractual duties such as sales data, payment data, product data, data regarding services which have been used, credit data, advertising and distribution data such as websites, apps, newsletters and other data comparable to the categories just named.

(3) Are telephone conversations or electronic communication recorded?

Telephone conversations are not recorded. Electronic and written communication with Certmedica may be digitally saved. This takes place under consideration of the statutory regulations. Storage is for the purpose of providing proof such as the fulfilment of statutory retention periods.

(4) Why do we save your data?

Certmedica processes your person-related data in compliance with the provisions of the European Gen-eral Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG):

  1. For fulfilling contractual obligations (Art. 6 para. 1B GDPR)
    • in order to be able to contact you by way of having it in our CRM system
    • to be able to process your customer order and your enquiries
    • to send you merchandise or to have merchandise picked up
    • to place orders with you or purchase services
    • to be able to comply with existing legal requirements
    • to be able to assert legal claims, or for defence in the event of legal disputes
  1. Within the framework of weighing interests (Art. 6 para. 1f GDPR)
    To the extent necessary, Certmedica processes data from contact persons beyond the actual fulfil-ment of the contract in order to safeguard justifiable interests from Certmedica or third parties.
    • to be able to perform customer surveys, marketing campaigns, market analyses and sweepstakes and evaluations
    • to proactively and regularly present our offers and services to contact persons
    • to inform you at your request of product, training and marketing information
    • to improve our operative business through analyses and trend surveys
    • to steadily optimise our customer service, further develop our products and services and for busi-ness management measures
  1. Based on customer consent (Art. 6 para. 1A GDPR)
    To the extent that the customer has given Certmedica consent to process personal data for specific purposes (e.g. receipt of newsletters, etc.), the lawfulness of this processing is based on the con-sent. Consent which has been granted can be revoked at any time. This also applies to the revoca-tion of declarations of consent given to Certmedica prior to the validity of the GDPR, i.e. before 25/05/2018. The revocation does not affect the lawfulness of the data processed up until consent was revoked.
  1. d. Due to legal requirements (Art. 6 para. 1c, GDPR) or in the public interest (Art. 6 para. 1e GDPR)

(5) Who receives contact person data?

Within Certmedica, the entities which need it to fulfil contractual obligations and legal duties have access to contact person data.

 Certmedica's employed service providers and vicarious agents may also receive data for these purpos-es, provided that they comply with data protection regulations.
These include mainly companies in the categories of IT services, logistics, printing services, banking, insurance or leasing company, telecommunications, consulting and advisory services as well as sales and marketing.

In regards to transferring data to recipients outside the company, it should first be noted that Certmedica is obliged to maintain secrecy about all customer-related facts and evaluations of which it becomes aware. The company may only pass on information about contact persons when required by law, when the contact person has given consent or when the processor commissioned by the company guarantees compliance with the requirements of the G and the GDPR. We usually have a contract processing agreement with these service providers.

(6) Is data transferred to a third country or to an international organisation?

Data is not transferred to a facility in countries outside of the European Union (so-called third-party states).

(7) How long is the data stored?

Certmedica processes and saves the person-related data of contact persons as long as necessary for the fulfilment of its contractual and statutory obligations. When the data is no longer needed for fulfilling the contractual or statutory obligations, it is routinely deleted unless limited additional processing is nec-essary, e.g. For the following purposes:

  • Fulfilment of commercial and tax law storage obligations, e.g. on the basis of the German Com-mercial Code (HGB) and the German Fiscal Code (AO). The periods specified there for the reten-tion of certain data are between 2 and 10 years.

(8) Which rights do contact persons have?

Every data subject has the right of access under Article 15 GDPR, the right of rectification under Article 16 GDPR, the right of deletion under Article 17 GDPR, the right to restrict processing under Article 18 GDPR, the right of objection under Article 21 GDPR and the right to data transferability under Article 20 GDPR. In the case of the right of information and the right of deletion, the restrictions under Sections 34 and 35 of the Federal Data Protection Act (BDSG) apply. In addition, there is a right of appeal to a com-petent data protection authority in accordance with Article 77 GDPR in conjunction with Section 19 BDSG.

A contact person can revoke consent given for the processing of personal data at any time. This also applies to the revocation of declarations of consent given to the company prior to the validity of the GDPR before 15/05/2018. In principle, revocation has effect only for the future. Processing which took place before the revocation is not affected.

(9) Do customers have a duty to provide data?

In the context of a business relationship with Certmedica, a contact person must provide the personal data necessary for the initiation, implementation and termination of the business relationship and the fulfilment of the contractual obligations related to it, or for the collection of data which
Certmedica is legally obliged to do. Without this data, Certmedica will generally not be able to conclude the contract with the contact person, to execute an order or to fulfil an existing contract, meaning that Certmedica may have to terminate the contract.

(10) Is there an automatic process for decision taking?

In principle, Certmedica does not perform a fully automatic decision taking according to Article 22 GDPR for the justification and performance of business relationships. If Certmedica uses this process in individ-ual cases, the person involved is separately informed of this if it is required by law.

(11) Does profiling take place?

Certmedica processes the data of contact persons partly automatically for the purpose of evaluating cer-tain business aspects (profiling). Certmedica uses profiling in the following, examples:

  • In order to inform and advise contact persons about products in a targeted manner, Certmedica uses evaluation tools. These enable communication and advertising, including market and opin-ion research, to be tailored to the needs of the customer.
  • In the context of assessing the creditworthiness of contact persons, Certmedica uses credit in-formation services where applicable. In doing so we receive information about the creditworthi-ness of contact persons. This involves calculating the probability with which a customer will meet its payment obligations in accordance with the contract.

(12) What happens in the case of inquiries per email, phone, fax or via the website?

If you contact us by email, phone, fax or via our website, your inquiry, including all person-related data (name, inquiry, etc.) will be stored and processed by us for the purpose of processing your request.

We will not share this data without your consent.

If your inquiry is related to the fulfilment of a contract, or is necessary for the implementation of pre-contractual measures, processing of the data is done in compliance with Art. 6 para. 1(b) GDPR. In all other cases, processing is based on your consent (Art. 6 para. 1(a) GDPR) and/or on our legitimate in-terests (Art. 6 para. 1(f) GDPR), as we have a legitimate interest in the effective processing of the re-quests addressed to us. The data sent to us by you via contact requests will remain with us until you request us to delete it, revoke your consent to its storage or the purpose for which it was stored no long-er applies (e.g. after your request has been processed). Mandatory statutory provisions, in particular statutory retention periods, remain unaffected by this.

(13) Changes to this Data Privacy Declaration

Certmedica reserves the right to change this Data Privacy Declaration at any time at its sole discretion, subject to legal requirements. We will publish these changes on our website www.certmedica.de under the point Data Protection, so that you are always fully informed about the collection and processing of your personal data by us. For that reason we recommend that you check the contents of our current data protection declaration at regular intervals.

Information about your right of objection under Article 21 of the General Data Protection Regu-lation (GDPR)

Right of objection in individual cases

You have the right to object at any time to the processing of your person-related data which is car-ried out according to Art. 6 para. 1(e) GDPR (data processing in the public interest) and Art. 6 para. 1(f) GDPR (processing based on a weighing of interests), including profiling based on this provision in the sense of Art. 4 No. 4 GDPR. If you object, we will no longer process your person-related data unless we can prove compelling reasons for processing that are worthy of protection, which outweigh your interests, rights and freedoms, or the processing serves to assert these rights, exercise or defence of legal claims.

2. Right to object to the processing of data for direct marketing purposes

In individual cases, we process your person-related data in order to carry out direct advertising. You have the right to object at any time to the processing of person-related data concerning you for the purpose of such direct marketing, including profiling, to the extent it is connected with such direct marketing. If you object to processing for the purposes of direct marketing, we will no longer process your per-sonal data for those purposes.

Your objection can be made without formality and should be addressed to our external data protec-tion officer, if possible: Oliver Krause , Untergasse 2, 65474 Bischofsheim, Phone: +49 (0) 61 44 / 40 21 97, Mobile: +49 (0) 160 / 53 84 72 7, email: info@dsbok.de

Version: 01/04/2020