Data Privacy Information for Business Partners
according to Article 13 GDPR
Data protection is important to us. In the paragraphs below, we inform our business partners on how we at bbcom secure collect, store and process your personal data and which rights you are entitled to, in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the new German Privacy Law. By business partners, we mean our contact persons, incl. prospects, customers, distribution partners, suppliers and general partners, hereinafter collectively referred to as “business partners”.
This data protection declaration applies to all products and services offered to all companies affiliated with bbcom secure (see section 6). Services and offers that identify their own data protection declaration are excluded.
This data protection regulation is in addition to our existing general data protection regulation that provides you with specific information about how we process your personal information as part of the website visit or on other specific topics.
1. The company responsible and the data protection officer
The company responsible (hereinafter simply referred to as “company”) for the processing of your personal information is:
bbcom secure Deutschland gmbh
88250 Weingarten, Germany
Telefon: 0049 (0) 7531 584 799 0
You may contact our data protection officer by post or via e-mail at:
bbcom secure Deutschland gmbh
Data Privacy Officer
2. For what purpose do we process your data?
bbcom secure processes personal information as part of its collaboration with business partners for the following purposes:
- Initiation or implementation of a contractual relationship or the implementation of pre-contractual measures;
- Communication with business partners regarding products, services and projects, e.g. to process inquiries and orders of a business partner;
- Planning, implementation and management of the (contractual) business relationship between bbcom secure and the business partner, e.g. to handle the ordering of products and services, to collect payments, for bookkeeping, billing and debt recovery and to carry out deliveries, maintenance or repairs;
- Conducting customer surveys, marketing campaigns, market analyzes, sweepstakes, competitions or similar promotions and events;
- Maintaining and protecting the security of both our products and services and our websites,
- Compliance with legal requirements (such as legal obligations to retain data in terms of tax and commercial law), existing obligations to conduct compliance screening (to prevent white-collar crime or money laundering) and to ensure compliance with bbcom secure policies and industry standards;
- Preventing and detecting security risks, fraudulent activity or other criminal acts or those with the intention to cause damage;
- Settlement of litigation, enforcement of existing contracts and assertion, exercise and defense of legal claims.
3. On what legal basis are we processing your data?
We process your personal information in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the new German Privacy Law. If these are necessary for establishing, implementing and fulfilling the contract as well as for implementing pre-contractual measures, processing in accordance with article 6 (1) (b) GDPR is legitimate.
If you give us express consent for processing of personal information for specific purposes (e.g. disclosure to third parties, evaluation for marketing purposes or advertising), the legality of such processing, based on your consent, and in accordance with article 6 (1) (a) GDPR is ensured. A consent given can be withdrawn at any time with effect for the future.
If required and permitted by law, we process your data beyond the actual purpose of the contract in order to fulfill legal obligations in accordance to Article 6 (1) (c) GDPR. Additionally, processing in accordance with Article 6 (1) (f) GDPR may take place to protect legitimate interests of us or third parties. If necessary and insofar as it is prescribed by law, we will inform you separately indicating the legitimate interest.
4. Which of your information and personal data are we going to process:
For the purposes mentioned above, bbcom secure may process the following categories of personal information:
- Contact information such as first name and surname, business address, business phone number, business mobile number, business fax number and business e-mail address;
- Payment details and credit check data such as information required to process payment transactions or fraud prevention, as well as credit card information and card verification numbers for credit card payments;
- Information that is required for processing, as part of a project or the establishment, implementation and fulfillment of a contract with bbcom secure;
- Further information, voluntarily provided by our contacts to us, such as other project participants, internal and external contact persons or special implementation requests;
- Previously purchased products or services and their history;
- Information collected from publicly available sources, information databases or credit bureaus;
- As far as required in the context of compliance screening: Information on relevant court proceedings and other litigation where business partners are involved.
5. Who will receive your data?
We share your personal information within our company exclusively with the departments and persons who need this information to fulfill the contractual and legal obligations or with departments and persons who responsible for processing as part of our legitimate interest in accordance with Article 6 (1) (f) GDPR.
When processing your personal information, we also use service providers who support us, for example, in maintaining and servicing our software programs and IT infrastructure or in the prevention of cyber-crime. Your personal information will be shared with third parties and processed by them, on our behalf. This is done in accordance with instructions and on the basis of order processing contracts referred to in article 28, GDPR. In doing so, we ensure that the processing of personal information takes place in accordance with the provisions of the GDPR and that your data is both protected and processed pursuant to the applicable data protection regulations. Categories of recipients include companies that support us in the following fields: IT services, cyber-crime prevention, credit check, data storage and linking, marketing, market research, processing of payments, product and service delivery, online marketing, organization of trade fairs and events, shipping logistics, meeting compliance and legal requirements (e.g. alignment with anti-terrorist lists for exports). We only share the minimum amount of personal information that our service providers need to be able to provide their services.
In certain cases, we also share your personal information with business partners who represent our products as merchants or distributors nationally and internationally. If we receive an inquiry and, for example, we register a visitor at fairs with a request for further information that we can link to a specific trading partner of ours in terms of content, geography or topic, we will share the personal information with this business partner for processing purposes. Instead of us, our business partner will then contact you. When we share personal information with other business partners, we require them to protect and process your information in accordance with applicable data protection regulations. The data processing and sharing shall be based on article 6 (1) (f) GDPR. The legitimate interest lies in an efficient and customer-oriented sales structure and optimal customer support for our products and services. In case you do not want this disclosure, you can notify us at any time and have it revoked. However, we might be unable to complete your request or order in that case.
The sharing of data with recipients outside the company or those affiliated, is otherwise only taking place to the extent that this is permitted or required by law or if disclosure is required for processing and thus fulfilling the contract. This also includes pre-contractual measures that are carried out at your request and for which sharing with third parties is required for implementation.
Disclosure may also be based on your explicit consent or if we are authorized to provide information. Recipients of personal information can also be public authorities and institutions when there is a legal or regulatory obligation (e.g. public prosecution, police, supervisory authorities, tax office).
Sharing your information with other third parties without explicit consent, such as for advertising purposes, does not take place.
6. Sharing of personal information with affiliated companies
bbcom secure may share personal information with other Dover group companies or Dover affiliates (hereinafter referred to as Dover Group) for the purposes outlined above. However, this will only be done if necessary to fulfill the abovementioned purposes (see also sections 2, 3 and 5).
We only share the necessary minimum of personal information with other companies of the Dover Group. This may include the provision of products and services you requested or the management and improvement of our products, services and day-to-day operations. Companies of the Dover Group may also be outside the EU and the EEA economic area (third countries) and have lower data protection standards than those of the EU. Personal information will only be shared with recipients in third countries that are belonging to the Dover Group, if they have either agreed to EU standard contractual clauses with us or have introduced binding corporate rules at EU data protection level. Further information can be obtained from the contact specified in section 1.
The basis for data processing is article 6 (1) (b) GDPR, that justifies the processing of data for the fulfillment of a contract or pre-contractual measures and article 6 (1) (f) GDPR in accordance with the legitimate interests set out above (see also sections 2, 3 and 5).
7. Sharing information with a third country
Sharing with a third country is not intended.
Sharing of personal information with a country or an international organization outside the European Union (EU) or the European Economic Area (EEA) shall be subject to legal or contractual permissions only under the conditions set out in article 44 et seqq. GDPR. This means, for the country in question, there is an adequacy decision of the EU Commission covered by Article 45 GDPR, there are appropriate safeguards for data protection covered by article 46 GDPR or binding internal data protection provisions covered by article 47 GDPR exist.
Sharing information with offices in countries outside the European Economic Area EU/EEA (so-called third countries) will take place, if this becomes necessary to fulfill a contractual obligation towards you, if it is part of our legitimate interest or a third party or if you have given consent. The processing of your information in a third country can also take place in connection with the involvement of service providers as part of the order processing. For information on the appropriate or adequate warranties and how and where to obtain a copy of them, please contact us via the contact details in section 1.
8. How long will data be stored?
Ifnecessary, we process and store your personal information for the duration of our business relationship or the fulfillment of contractual purposes. This includes, among other things, the initiation and execution of a contract. Additionally, we are subject to various storage and documentation obligations, which arise, inter alia, from the German Commercial Code (HGB) and the Fiscal Code (AO). The prescribed periods for storage or documentation therein are two to ten years or in some cases up to thirty years.
We also store and use your information for a reasonable time period after the order has been placed, in order to keep you informed about our services and offers and to provide you with information about this. This shall be based on Article 6 (1) (f) GDPR. Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision. After this period, we will delete personal information in a secure manner. If data is needed for analytical, historical or other legitimate business purposes after this period, we will take appropriate measures to make this data anonymous.
In principle, our offer is aimed at adults. Persons under the age of 18 should not submit any personal information to us without the consent of their parents or guardians.
10. Necessity of providing personal information
The provision of personal information for the purpose of establishing, implementing and fulfilling the contract or for implementing pre-contractual measures, is generally neither required by law nor by contract. You are therefore not obliged to provide personal information. Please note, however, that said information is usually required to decide on the conclusion of a contract, fulfillment of the contract or for pre-contractual measures. If you do not provide us with personal information, we may not be able to make a decision in the context of contractual measures. We recommend that you always enter the personal information that is required for the conclusion of the contract, the fulfillment of the contract or pre-contractual measures only.
11. Automatic decision-making
In accordance with article 22 GDPR, we usually do not use fully automated decision-making to justify, fulfill or carry out the business relationship and for pre-contractual measures. In case we use those procedures in individual cases, we will inform you about this separately or obtain your prior consent.
12. What rights do I have with regard to my personal information?
You may request information about the personal data stored under the addresses listed in section 1. In addition, you may request the correction and, under certain conditions, also the deletion of your information. You also have the right to restrict the processing of your information and the right to disclose the information you provided in a structured, common and machine-readable format.
Right of objection
If we process your information in order to safeguard legitimate interests, you may object to this processing for reasons that arise from your particular situation. We will then no longer process your personal information unless we can demonstrate compelling legitimate processing reasons that outweigh your interests, rights and freedoms or the processing is used for asserting, pursuing or defending legal claims.
If the processing of information is based on your consent, you are entitled according to Article 7 GDPR to revoke your consent regarding the use of your personal information at any time. Please note that the revocation will only be effective in the future. Processing that took place before the revocation is not affected. Please also note that we may need to retain certain information for a certain period of time to meet the legal requirements.
In individual cases, we process your personal information for the purpose of direct mail. You have the right to object the processing for the purpose of such advertising at any time. This also applies to profiling as far as it is connected with this direct mail. If you refuseto the processing for the purpose of direct mail, we will no longer process your personal information for these purposes.
You may lodge a complaint with our data protection officer or a data protection supervisory authority.