Information about the processing of personal data for business relationships with customers, suppliers and other business contacts
(Articles 13 and 14 GDPR)
The following information provides you with an overview of how we handle your personal data (hereinafter, the “data”) and of your data protection rights. The specific data that we process depends on our business relationship. It may therefore be the case that not all the information provided here is relevant or applies to you.
The data controller is:
Dynamit Nobel Defence GmbH
Address: Dr.-Hermann-Fleck-Allee 8, 57299 Burbach, Germany
Phone: +49 2736 46-2014
Contact details of our data protection officer
You can contact our data protection officer at the above address and at: firstname.lastname@example.org
Categories of personal data that are processed
We primarily collect your data directly from you. You normally provide us with this data when you place or accept an order or in the course of our business relationship. We only collect data in this regard that is mandatory and that is necessary for the applicable purpose.
This data includes master data (e.g. first name, last name, title, professional activity/position, gender, employer, date of birth), contact details (e.g. phone number, fax number, e-mail address, postal address) and communication data (e.g. the content of personal, phone or written communication).
We also process master data, contract data and communication data that we generate independently or receive from third parties.
Data is only obtained by third parties (e.g. for credit checks) for the purpose of verifying current and potential business relationships.
Any further information you provide is voluntary.
Purpose and legal basis
We collect and process your data in accordance with the statutory provisions, in particular the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG), as well as other laws, such as the German Telemedia Act (TMG) (which covers electronic communication), and for the following purposes:
Based on consent you have given for one or more specific purposes; for sales and marketing information that we send you electronically (e.g. e-mail, phone, fax, SMS, messenger, etc.). (Article 6(1)(a) GDPR, Section 7 of the German Act against Unfair Competition (UWG))
For the performance of a contract or to take steps prior to entering into a contract (Article 6(1)(b) GDPR). The purposes of data processing are principally based on the specific product or the reason for contact. Further details of the purposes of data processing are set out in the applicable contractual documents and terms and conditions of business/use.
To fulfil the legal obligations to which we are subject (Article 6(1)(c) GDPR), including compliance with the provisions under commercial law, tax law and control and reporting obligations.
To safeguard our legitimate interests, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject (Article 6(1)(f) GDPR).
Legitimate interests include, but are not limited to:
- Asserting legal claims and defence in legal disputes
- Conducting a credit check before entering into a contractual relationship
- Providing information about our products and services (advertising or market and opinion research)
- Processing on the CRM system
- Measures for business management and further development of services and products
- Statistical analyses to develop (marketing) measures on the basis of calculated key figures, as well as analysis of existing contractual relationships regarding whether to maintain, improve or terminate such relationships
- Guaranteeing IT security and IT operations
- Preventing and investigating criminal offences
- Video surveillance to protect property and collect evidence in case of robbery
- Building and plant security measures (e.g. physical access controls)
- Measures to secure property
- Measures for business management and further development of services and products
Data is primarily collected in marketing/sales, business segment development and purchasing. These departments store all the data that is necessary to take steps prior to entering into a contract, to perform a contract and for supplier/customer support on the IT systems.
We reserve the right to send you information about similar goods and services to those you have purchased from us by e-mail in accordance with Section 7(3) of the German Act against Unfair Competition (UWG). You may object at any time to receiving such information by e-mail. Each e-mail contains information about how you can stop receiving e-mails in the future.
Transfer to third parties; recipients of the data
Access to your data within our company is only given to employees who require the data to fulfil the above purposes, in particular to fulfil our contractual rights and obligations.
To perform our contractual obligations, we also use selected service providers (processors) and agents from the categories described below, who may be given access to your data to the extent necessary in each case and may use the data to fulfil orders we have placed.
Any other data is only transferred to recipients outside the company:
- if required or permitted by law,
- for hotel bookings,
- for the registration process when visiting other companies (third parties), or with your consent.
Under these conditions, recipients of your data may include, for example:
- Public bodies and institutions where there is a statutory or official obligation to disclose data, e.g.
Financial or criminal prosecution authorities
- Credit and financial service providers (to process payment transactions)
- Tax consultants, annual auditors, wage tax auditors and tax auditors (statutory audits)
- Other companies and service providers (processors)/agents in various fields:
- IT service and consulting companies
- IT services
- Advice and consulting
- File and data destruction
- Hotels/restaurants/cultural bodies
- Print service providers
- Telecommunications service providers
- Billing service providers
- Financial institutions
- Sales and marketing
- Sales representatives
- Management consultancies, as well as auditing and tax consulting companies
- Credit services
- Meter operators
- Service providers for disconnection and reconnection
All service providers and agents are bound by contract and are, in particular, obliged to treat your data confidentially.
Transfer to a third country
Disclosure of data to the extent described above may in some cases take place in countries outside the European Economic Area (EEA). Some of these countries do not have a level of data protection comparable to that in the EU (e.g. USA and the United Kingdom). To protect your data, our contractual partners located outside the EEA to whom data is transferred, such as representatives abroad, are obliged to ensure adequate data protection on the basis of the EU Commission’s adequacy decision or the EU standard contractual clauses for the transfer of data to third countries.
Storage period & erasure (deletion)
Your data is stored for the duration of the term of the contract and statutory obligations. The data is deleted or it is blocked or anonymised after the purpose for which it was collected has been achieved, unless there are contrary requirements under commercial or tax law.
If the data is processed on the basis of our legitimate interest or the legitimate interest of a third party, the data is deleted as soon as such an interest no longer applies.
Every data subject has the right of access under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure (deletion) under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR, unless otherwise provided for by law (in particular Articles 15 and 17 GDPR and Sections 34 and 35 of the German Data Protection Act (BDSG)).
Consent that has been given to processing of data may be withdrawn at any time with effect for the future.
Data subjects also have a right to lodge a complaint with a data protection supervisory authority (Article 77 GDPR in conjunction with Section 19 BDSG). For more information, see the section on “Complaints” below.
Providing data and profiling
Within our business relationship, you must provide us with the data required to establish and conduct a business relationship and to perform the associated contractual obligations or rights and you must provide the data that we are legally obliged to collect. Without this data, we are usually not able to conclude or perform a contract.
Other data is provided voluntarily.
We generally do not use any fully automated decision making or profiling in accordance with Article 22 GDPR. If we use such procedures in individual cases, we will inform you separately, provided that we are required to do so by law.
Information about your right to object under Article 21 GDPR
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you, which is based on Article 6(1)(f) GDPR (data processing based on a balancing of interests).
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
You have the right to object at any time to the processing of data concerning you for direct marketing purposes.
Change of purpose
Your personal data shall only be processed for purposes other than those described above to the extent permitted by law or if you have consented to the changed purpose of data processing. In the event of further processing for purposes other than those for which the data was originally collected, we shall inform you of such other purposes before further processing takes place and shall provide you with any further information relevant to the further processing.
You may also lodge a complaint with a data protection supervisory authority (Article 77 GDPR). The right to lodge a complaint is without prejudice to any other administrative or judicial remedy. The address of our competent data protection supervisory authority:
North Rhine-Westphalia Commissioner for Data Protection and Freedom of Information
P.O. Box 20 04 44
40102 Düsseldorf, Germany