Data protection information for clients and business partners
We are providing this information to give you an overview of your personal data processing and your rights arising therefrom under our business relationship.
As a customer and business partner of Speedlog GmbH you are to pass this data protection information on to any employees who are involved or participate in a business relationship with our company in any way, shape or form. Personal data processing encompasses any procedure such as collecting, recording, storage, organisation, sorting, use, disclosure through communication, linking and deletion.
1. Who is responsible for processing your data and whom can you contact about data protection?
The party responsible for data processing pursuant to Art. 4 No. 7 of the GDPR is:
Speedlog GmbH – Internationale Spedition
Geschäftsführer: Grigo Simsek
Tel: +49 561 – 589 468 -0
Please take note that we have appointed an operational data protection officer for our company Speedlog GmbH. You can reach our data protection officer Mr. Björn Kaiser in all matters relating to data protection at the e-mail-address firstname.lastname@example.org or by calling +49 561 589468123.
2. Where does your data come from and what data is processed?
We mainly process data that we receive directly from you through our business relationship and that is required for it for the purposes of communication and contract implementation/scheduling. This principally includes:
– Business legitimisation and contact details (e.g. first and last name of contact person, business address, email address and telephone number)
– Order and sales details (e.g. account, IBAN and client number)
– Documentation data required for setting up communication during the business relationship
– Other socio-demographic details (e.g. profession)
– Tax data (e.g. tax number, tax ID number for order processing and fulfilling legal requirements, especially for the financial authorities)
– Any location details (GPS) for order scheduling/delivery in individual cases
We also receive your data from publicly accessible sources, particularly the Federal Gazettes, Trade Registers, Credit Bureaus (e.g. Creditreform), Internet, Freight Exchanges.
The main third-party data categories are:
• Name and business address of the Managing Director and Shareholder
• Creditworthiness data, such as credit scores, payment histories
• Names of department manager or official in charge, where evident from the homepage
3. What is your data processed for and on what legal basis?
Data processing is always carried out in line with the provisions of data protection law, first and foremost in order to meet the contractual and statutory requirements for contractual and service performance.
We do so by adhering to the principle of data minimisation, meaning that, as a general rule, only data actually required for the relevant transaction or contract is processed
a) Collection and processing for a contractual/business relationship
We collect and process your business and personal data as described above in greater detail for the purposes of observing and meeting our contractual obligations to you (Art. 6 Section 1 b of the GDPR). For example, we process your contact details for making contact with you to conclude a contract and the associated implementation. In entering a business relationship with you as a prospective buyer, supplier or business partner (pre-contract data processing) we will store your contact details and information about business processes and communication with you and processes and process it for at least the duration of the business relationship.
b) Processing on the basis of legitimate interest
We also process your personal data where required to protect our legitimate interests or those of a third party (Art. 6 Section 1 f of the GDPR). For carrying out the contractual relationship, we have a legitimate interest in processing data for conducting credit assessments and recovering receivables, and also for commissioning debt collection agencies. In individual cases, and on the basis of our legitimate interests, we may also subrogate a claim and, for the purposes of due subrogation, pass personal data on to such companies. We also process your personal data where this is necessary for exercising legal claims and defending ourselves in legal disputes and where required for meeting legal obligations.
c) Processing on the basis of legal requirements
Furthermore, we process your data under legal requirements (Art. 6 Section 1 c of the GDPR). This specifically includes the statutory requirements of the Tax Code. We also process your data under further statutory obligations. For deliveries outside the EEA, during the necessary customs clearance procedure, your dispatch details are checked against “EU terror lists” on the basis of European anti-terrorism laws 2580/2001 and 881/2002 to ensure that no money or other economic resources are made available for terrorist purposes at a future date.
d) Processing on the basis of consent
When you consent to personal data processing for certain purposes (e.g. passing on details to third parties), the legality of the processing is derived from Art. 6 Section 1 P. 1 a) of the GDPR. Consent may be withdrawn at any time with future effect. This also applies to consents given to us before the GDPR came into force i.e. prior to 25 May 2018. However, withdrawal of consent does not affect the legality of data processed before the withdrawal or any other processing on a different legal basis.
Where we process personal data on the basis of declarations of consent, we will inform separately any persons affected by the granting of consent for the intended data processing.
4. Is your data passed on?
Within our company, only those persons actually needing access to your data for fulfilling their tasks have access to such data. Depending on the task or service, these are the department managers/staff who need the data for conducting, handling and coordinating the relevant business/contractual relationship.
Furthermore, our service providers and contracting companies receive personal data for processing purposes as described above for reasons of preserving confidentiality and the passing on of data is on one of the legal bases stated above. We employ processors and service providers both temporarily and long-term for IT services, logistics, post, editing, telecommunications and tax consultancy etc. In all instances, any service providers and contracting companies employed receive only the data that is required and absolutely necessary for performing individual tasks. Furthermore, such service providers and contracting companies are under a struct obligation to observe data protection and confidentiality with regard to any personal data they receive from us.
Please note that, with regard to passing data on to recipients outside the company, we only pass on your data if statutory regulations allow or require it, you have given your consent or we are authorised to issue notification. Under these conditions, recipients of your personal data may for example be:
a) Public bodies and institutions (e.g. customs authorities (e.g. via ATLAS) for conducting customs procedures on the basis of authorisation granted, Public Prosecutor’s Office, Police, regulatory authorities, approved transport companies, supervisory authorities and financial authorities etc.) where there is statutory or official requirement/permission (Art. 6 Section 1 c and f of the GDPR).
b) Other companies, to which we send personal data for handling an individual order/contract or contract initiation with you (e.g. sub-contractors for order coordination/implementation, banks, tax consultants, authorities, goods transport insurers). This includes our order processors pursuant to Art. 28 of the GDPR, external payroll accounting, freight exchange, phone/IT etc. and our contracting entities, to whom me may pass on your personal data for order processing and coordination in individual cases.
c) Security authorities/ contracting entities (e.g. armoured transport) at our logistics centre, where required, for example for a security or identity check for access to restricted areas.
Where, as part of our business relationship, we pass personal data on to service providers outside the European Economic Area (EEA), data is generally only passed on if the EU Commissions has confirmed an appropriate data protection level for the third country (such as Switzerland) or other appropriate data protection guarantees (e.g. binding in-house data protection regulations or agreement to the standard contract clauses of the EU Commission) are in place or passing it on is essential to the execution of the contract.
Where statutory provisions (Art. 6 Section 1 c of the GDPR) require us to pass your data on to authorities or other government institutions, these entities will also receive your data.
In the interests of increasing data protection compliance and data security, we advise all of our clients and business partners not to use WhatsApp when communicating with our company and recommend communicating via alternative channels such as email, phone and post.
5. How long is your data stored?
As soon as your data is no longer needed for contractual, statutory or procedure-related processing purposes, it will be deleted immediately, unless you have given consent to continued storage or we have a legitimate interest in (continued) storage.
However, we are generally required to store personal data beyond the contractual relationship period for commercial law and tax law reasons. The period can last up to ten years. Please refer to the relevant laws, in particular § 257 of the German Commercial Code and § 147 of the German Tax Code.
Where we need data and documents relating to individuals as evidence for the enforcement, exercise or defence of legal claims, we will retain this in line with the respective periods of limitation, whilst restricting processing for any other purpose. For example, this also applies to the enforcement and handling of warranty and service claims (30 years max) brought to us by you and where we process your data in this regard (contact persons, companies and relevant invoice/delivery). The legal basis of this type of processing is Art. 6 Section 1 f of the GDPR.
6. What are your rights?
You have many rights relating to the processing of your personal data, particularly the right to information about personal data stored by us (Art. 15 of the GDPR), correction (Art. 16 of the GDPR), deletion (Art. 17 of the GDPR), restricted processing (Art. 18 of the GDPR), data portability (Art. 20 of the GDPR) and objection to processing (Art. 21 of the GDPR), especially in the case of direct mailing. In terms of the right to information and correction, §§ 34 and 35 of the German Federal Data Protection Act
(BDSG) are to be taken into consideration.
Furthermore, you have the right to complain to the appropriate Data Protection Supervisory Authority (Art. 77 of the GDPR), to which we draw your specific attention. You may contact the Supervisory Authority for our operations as follows:
The Hesse Officer for Data Protection and Freedom of Information
This notice reflects the status of the law as at May 2019. We reserve the right to adapt our data protection notice to changes in legislation and case law.