Skip to main content

Privacy Suppliers

Information on how we handle your supplier/subcontractor data.

 

An obligation based on the General Data Protection Regulation.

 

1. Introduction

The following points are intended to provide you with information regarding your data. The information required in this context is defined by law.

Please refer to Articles 12 to 22 and Article 34 of the General Data Protection Regulation for more detailed information. The text of the General Data Protection Regulation is available online at gdpr-info.eu.  If you have any further questions with regard to the General Data Protection Regulation, please do not hesitate to contact our data protection officer or our office.

 

2. What is personal data?

All information that refers to an identified or identifiable person. A person is deemed identifiable if they can be identified directly or indirectly, e.g. by linking them to an identifier such as a name, an ID number, location data, an online ID, or one or more specific features.

 

3. Basic information

3.1 Who is the controller responsible for my data?

The controller in charge of our data processing is

ASSMANN BÜROMÖBEL GMBH & CO. KG
Heinrich Assmann Strasse 11
49324 Melle, Germany
Phone: +49 (0)5422 706-0
Email: info@assmann.de

3.2 How can I contact you?

Contact person: Mr Reibeholz
E-Mail: joerg.reibeholz@assmann.de

3.3 Which authority is responsible for monitoring and ensuring compliance with the data protection legislation?

Responsible supervisory authority for data protection

State Representative for Data Protection in Lower Saxony
Prinzenstrasse 5, 30159 Hanover, Germany
Phone: +49 (0)511 120 45 00
Email: poststelle@lfd.niedersachsen.de

3.4 How do I contact the company's data protection officer?

Our company's data protection officer is Mr Claus Wissing. The data protection officer can be contacted at the following address:

Sachverständigenbüro Mülot GmbH
Grüner Weg 80, 48268 Greven, Germany
Email: datenschutz@svb-muelot.de

Phone: +49-257154020
Fax: +49-2571 5402 199

 

4. Other important information

4.1 Data processing (why?)

We process your data in order to fulfil the mutual obligations arising from a (potential) contract or to comply with our legal obligations.

4.2 Why are we allowed to do this?

The General Data Protection Regulation (Article 6 (1) (1b) GDPR) permits us to process all data that is necessary to fulfil a contract or to take any of the steps that are necessary prior to entering into a contract. If you voluntarily tell us more about yourself than is necessary, the data protection regulation permits us to process this additional data with your consent (in accordance with Article 6 (1) (1a) GDPR). The General Data Protection Regulation, specifically Art. 6 (1) (1c) of the GDPR, permits us to process your data where necessary to comply with a legal obligation.

4.3 Who may receive my data?

During the course of the processing, your data may be transmitted to:

  • Anyone within our company who is directly involved in our data processing operations (e.g. Sales, Purchasing).
  • Service providers who have signed non-disclosure agreements and are under contract to us as well as
  • other external parties (companies, government authorities etc.), where necessary.

4.4 Will you send my data to countries outside the European Union?

We do not intend to. The only conceivable exception to this would be if you were to give us permission to do so, or if this were necessary for contract fulfilment. Legal basis: Article 6 (1) (1b) of the GDPR; Article 49 (1b) of the GDPR.

4.5 How long will you store my data?

We will store your data for as long as we need to for the purposes described in 4.1 above. However, we are also legally required, e.g. as per Section 147 of the German Tax Code (AO) to retain certain documents for a period of six or even ten years. We erase all data that is no longer required at the end of these retention periods.

4.6 Do I have to make my data available to you?

For the purposes detailed in 4.1, you must make your personal data available to us.

This is an essential or a legal requirement for the fulfilment of our contract with you/your company. If you do not make this data available to us, we will not be able to fulfil the contract with you.

4.7 Automated decision-making and profiling

We do not carry out any automated decision-making or profiling.

 

5. What are my rights?

5.1 Information regarding your rights

As the data subject of a data processing activity, the General Data Protection Regulation guarantees you a number of rights (hereinafter referred to as "the rights of the data subject") including, but not limited to, the following:

5.2 Right of access (as per Article 15 GDPR)

You have the right to obtain confirmation about whether or not we are processing or have processed personal data concerning you. If we process your personal data, you have the right to be told:

  • Why we are processing your data (see 4.1)
  • What categories of personal data we are processing
  • The recipients or the kind of recipients that receive or may receive your personal data (see 4.3)
  • How long we will store your data; if we are unable to specify this, then we must explain to you how we determine the data retention period, e.g. until after the end of specific retention periods stipulated by law (see also 4.5)
  • That you have the right to request the rectification or erasure of data concerning you, including the right to restrict the processing of your data and/or the right to object to such processing (see 5.2, 5.3 and so on below)
  • That you have the right to lodge a complaint with a supervisory authority
  • Where we have obtained any personal data concerning you if we did not collect it directly from you
  • Whether your data is used for automated decision-making and, if so, the logic behind the automated decision-making and the potential consequences and significance of this decision for you
  • That, if data concerning you is transferred to a country outside the European Union, you have the right to be informed as to whether the recipient of said data has appropriate safeguards in place and, if so, how the existence of these safeguards is guaranteed
  • That you have the right to receive a copy of your personal data. Copies of data are generally provided in electronic form.      
    The first copy is free of charge; any further copies may be subject to a reasonable fee. Copies of data can only be provided in cases where this does not infringe upon the rights of other people.

5.3 Right to rectification (as per Article 16 GDPR)

If your personal data is incorrect and/or incomplete, you have the right to ask us to correct it. This right also includes the right to completion by means of providing additional explanations or information. Any rectification and/or completion you request must be carried out without undue delay.

5.4 Right to erasure of personal data (Article 17 GDPR)

You have the right to ask us to erase your personal data if:

  • Said personal data is no longer required for the purposes for which it was originally collected and processed
  • The data is processed on the basis of a consent provided by you which has since been withdrawn (this does not apply where said data processing is permitted for other legal reasons)
  • You have objected to data processing that was lawful due to "legitimate interests" as per Article 6 (1) (e) or (f); however, we are not required to erase the data if there are legitimate overriding reasons for the continuation of its processing
  • You have objected to the processing of said data for direct marketing purposes
  • Your personal data has been processed unlawfully
  • The data in question concerns a child and was originally collected with consent (as per Art. 8 (1) GDPR) for the offer of information society services (= electronic service).

You do not have the right to request the erasure of your personal data if

  • The request for erasure contravenes the right to freedom of expression and information
  • The personal data is processed
    • to fulfil a legal obligation (e.g. retention periods stipulated by law)
    • to perform a task carried out in the public interest in accordance with the applicable law (this also includes "public health”), or
    • for archiving and/or research purposes
  • For the establishment, exercise or defence of legal claims.

The erasure must be carried out immediately (without undue delay). If we have published personal data (e.g. online), we must take all technically feasible and reasonable measures to ensure that other processors of this data are informed of the request to erase the respective data, including all links, copies and/or replications.

5.5 Right to restriction of data processing (as per Article 18 GDPR)

You have the right to obtain the restriction of your personal data in the following situations:

  • If you believe your personal data to be inaccurate, you can ask us to no longer use your data in any other way, thereby restricting its use, until their accuracy has been established.
  • If your data is being processed unlawfully, you can demand its erasure, rather than a restriction of its processing
  • If you require your personal data for the establishment, exercise or defence of legal claims when we no longer need your personal data, you can ask us to restrict the processing of your data to the respective proceedings
  • If you have objected to the processing of your data (as per Art. 21 (1) GDPR; see also 5.7) and it has not yet been established whether our interests in its processing outweigh your interests, you can demand that your data is not used for other purposes for the duration of the establishment procedure, thereby restricting its processing.

With the exception of storage, personal data whose processing has been restricted on your request may only be processed

  • With your consent
  • For the purpose of establishing, exercising or defending a legal claim
  • To protect the rights of another natural or legal person, or
  • For reasons of important public interest.

You will be informed in advance of a processing restriction being lifted.

5.6 Right to data portability (as per Article 20 GDPR)

You have the right to receive the personal data you have provided to us in a commonly used and electronic format (e.g. PDF or Excel file).

You can also ask us to transmit this data directly to another controller defined by you, provided that this is technically feasible for us.

You only have this right if the processing is consent-based or serves the entering into a contract, and carried out with the aid of automated processes.

This exercising of your right to data portability must not infringe upon the rights or freedoms of other people.

If you exercise your right to data portability, you still also have the right to data erasure as per Article 17 of the GDPR.

5.7 Right to object to specific data processing (as per Article 21 GDPR)

If your data is being processed for the performance of a task that is carried out in either the public interest or our own legitimate interests, you have the right to object to this processing. In order to do so, you must provide evidence of the reasons for your objection on the grounds of your specific situation. This could be, for example, circumstances related to your family or a confidentiality that must be maintained.

If you object, we must cease all further processing of your data for the specified purposes, unless

  • There are compelling legitimate reasons for the processing which override your interests, rights and freedoms, or
  • The processing is necessary for the purpose of establishing, exercising or defending a legal claim

You can object to the use of your data for direct marketing purposes at any time; this also applies to any profiling, provided it is related to direct marketing. If you object, we will no longer be permitted to use your data for direct marketing purposes.

5.8 Prohibition of automated decision-making/profiling (as per Article 22 GDPR)

Any decisions made by us that will have legal consequences or affect you significantly must never be based exclusively on the automated processing of personal data. This also includes profiling. This restriction does not apply if the automated decision-making

  • Is necessary in order to enter into or fulfil a contract with you
  • Is permitted on the basis of legal regulations if these legal regulations include appropriate measures for safeguarding your rights, freedoms and legitimate interests, or
  • If you have explicitly consented to this.

Decisions based exclusively on the automated processing of special categories of personal data (i.e. sensitive data) are only permitted if they are based on

  • You having given your explicit consent to this
  • They are carried out due to a significant public interest in the processing
  • Appropriate measures were taken to safeguard your rights, freedoms and legitimate interests.

5.9 Exercising your rights as a data subject

To exercise your rights as a data subject, please contact the authority listed in 3.1. All enquiries submitted electronically are usually answered electronically. All information, notifications and measures that must be provided as per the GDPR, including the information on "exercising your rights as a data subject”, must usually be provided free of charge. We only reserve the right to charge a reasonable fee for responding to your request, or to refuse to respond to it at all, in the event of requests that are manifestly unfounded or excessive (as per Article 12 (5) GDPR).

If there are legitimate doubts with regard to your identity, we have the right to demand additional information from you for identification purposes. If we are unable to identify you, we reserve the right to refuse to respond to your request. In as far as possible, we will notify you separately if we have no means of identifying you (see Article 12 (6) and Article 11 GDPR).

Requests for access and information are generally processed without delay and within one month of the receipt of the enquiry. This period may be extended by a further two months if this is necessary due to the complexity and/or number of enquiries received; in the event of an extension of this period, we will inform you of the reasons for the delay within one month of the receipt of the enquiry. If we do not respond to your request, we will inform you of our reasons for this without delay and within one month of the receipt of your request, and inform you of your right to lodge a complaint with a supervisory authority or to seek legal remedy (see Article 12 (3) and (4) GDPR).

Please note that you can only exercise your rights as a data subject within the limitations and restrictions imposed by the European Union or its Member States. (Article 23 GDPR)