Obligation to inform
Information to be provided on the collection of personal data
as required by Articles 13 and 14 GDPR
The following obligations relating to the supply of information as set out in Articles 13 and 14 GDPR are intended to present you with detailed information about how your personal data is handled by the controller (see Point 1). If you have any questions you may contact us at any time. (See Point 2).
Information in accordance with Article13, Paragraph 1 GDPR
-
Who are we, and who processes your data?
Your data will be processed by Kinshofer GmbH, Raiffeisenstrasse 12, 83607 Holzkirchen, Germany, phone +49 8021 8899 – 0, fax +49 8021 8899 – 37, e-mail info@kinshofer.com, Internet www.kinshofer.com.
-
Who are your contact persons?
You may direct your questions relating to the law on data protection to Kinshofer GmbH (see item 1 above for the address).
You may also contact our Data Protection Officer. The officer is:
DS Consult + Compliance GmbH, Christian Paulus, e-mail datenschutz@kinshofer.com
-
For what purpose do we process your personal data?
Your data are processed for the following purposes:
-
Suppliers
-
so that we can identify you as a supplier
-
so that we can communicate with you
-
so that we can process and perform the underlying contracts and undertake pre-contractual activities with you
-
so we can send our newsletter to you if you have subscribed to it
-
Customers/clients
-
so that we can identify you as a customer/client
-
so that we can communicate with you
-
so that we can invoice you
-
so that we can process and perform the underlying contracts and orders we receive from you and undertake pre-contractual activities with you
-
so we can send our newsletter to you if you have subscribed to it
-
Applicants
-
so we can manage applicants’ data
-
so we can document decisions which have been taken, actions which have been defined, as well as their outcomes
-
What is the legal basis for processing your data?
-
Suppliers, customers/clients
The legal basis for processing your data derives from the contract concluded with you and pre-contractual activities (Article 6, Paragraph 1, Letter b GDPR), from legal obligations to which we are subject (Article 6, Paragraph 1, Letter c GDPR), from your consent (Article 6, Paragraph 1, Letter a GDPR) and from our legitimate interests (Article 6, Paragraph 1, Letter f GDPR).
-
Applicants
The legal basis for processing your data derives from pre-contractual activities (Article 6, Paragraph 1, Letter b GDPR), your statement of consent (applicants’ pool) (Article 6, Paragraph 1, Letter a GDPR) and from legal obligations to which we are subject (Article 6, Paragraph 1, Letter c GDPR).
-
What legitimate interest is there for processing your data?
Customers/clients/subscribers to our newsletter
The legitimate interest is based on the purposes of direct contact (e.g. marketing activities) and the forwarding of offers and information on products and services (see Point 3).
-
To whom is your data sent?
The following entities receive your personal data:
-
Suppliers
-
Tax consultants
-
Financial authorities e.g. the Tax Office
-
Banks (as part of payment processes)
-
Public authorities/Offices in so far as a legal obligation to supply information or forward data exists
-
If applicable, Customs Authorities in the context of requirements under customs-related law when despatching goods
-
If applicable, the processor, in the context of fulfilling the order, in accordance with Article 28 GDPR
-
Customers/clients
-
Tax consultants
-
Financial authorities e.g. the Tax Office
-
Banks (as part of payment processes)
-
If applicable, Public Authorities/Bodies in so far as a legal obligation to supply information or forward data exists
-
If applicable, Customs Authorities in the context of requirements under customs or tax-related law when despatching goods
-
If applicable, the processor, in the context of fulfilling the order, in accordance with Article 28 GDPR
-
If applicable, logistics service-providers in the context of the performance of the contract (delivery services)
-
If applicable, lawyers/cash collection agencies in the context of debt collection
-
If applicable, banks/credit institutions or similar in the context of the securing and assignment of claims, as well as factoring
-
If applicable, affiliated companies, in the context of fulfilling the order, in accordance with Article 28 GDPR, full list and contacts here
-
Applicants
Data sent to us as part of an application will not be sent to third parties as a matter of principle.
However, it can happen that your personal data is passed to Public Authorities/Public Bodies as part of legal requirements e.g. The German Employment Agency (Agentur für Arbeit).
-
Is there any intention of passing your data to a third country?
-
Suppliers, customers/clients
There is absolutely no intention of passing your data to a third country or an international organisation.
However, it can happen that your data is passed to an affiliated company (e.g. Auger Torque, Doherty, Solesbee’s) located in a third country e.g. Italy, the USA, Canada, Australia, New Zealand.
-
Applicants
There is no intention of passing your personal data to a third country. If such an eventuality should arise we will inform you before the data is sent.
Additional information as required by Article 13, Paragraph 2 GDPR
-
How long do we store your data?
-
Suppliers, customers/clients
Your data is stored for as long as we have a contract with you, as long as we have your consent, or for as long as required by the legal retention periods, depending on which retention period is the longest. The legal retention periods stipulate that your data should be retained for at least 10 years.
-
Applicants
Your data is stored for six months after the end of the application process. If you have agreed to be included in the applicants’ pool your data is stored for one year.
-
What rights (right of information, right of objection, etc.) do you have?
You are entitled to various rights under the General Data Protection Regulation. The details derive in particular from Articles 15 to 18 and 21.
-
Right to information. You may request confirmation from the controller whether personal data which relates to you are processed by us
-
Right to rectification. You have the right to rectification and/or completion by the data controller if the personal data relating to you is incorrect or incomplete.
-
Right to erasure. You may demand the erasure of your personal data. Your right to erasure depends on whether the data which relates to you is subject to a legal retention obligation.
-
Right to restriction. Under certain circumstances, you may demand the restriction of the processing of your personal data.
-
Right to object. For reasons resulting from your own particular situation, you have the right at any time to object to any processing of personal data relating to you undertaken by reason of Article 6, Paragraph 1, Letters e or f GDPR. This also applies to any profiling supported by this provision.
-
Data portability. You have the right to receive personal data relating to you which you have provided to the controller in a structured, commonly used, machine-readable format.
-
Right to complain. If you are of the opinion that we have not responded to your concern or have not responded to the full extent, then you may submit a complaint to the relevant Data Protection Supervisory Authority. This right exists irrespective of any other appeal under administrative law or legal remedy before the courts.
The Data Protection Authority responsible for us is:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Promenade 27 (Schloss), 91522 Ansbach, phone +49 981 531300, fax +49 981 53981300, E-Mail poststelle@lda.bayern.de, Internet www.lda.bayern.de
You will find a list of additional Data Protection Authorities at https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
-
Withdrawal of consent to processing in accordance with Article 6, Paragraph 1, Letter a or Article 9, Paragraph 2, Letter a GDPR.
You have the right to withdraw your declaration of consent given under data protection law at any time. By withdrawing your consent, the lawfulness of processing which has taken place by reason of consent up to the time of its withdrawal is not affected.
-
Is there an obligation to provide your personal data, and what are the consequences in the event of failure to provide data?
-
Suppliers, customers/clients, applicants
If you fail to provide us with certain data we are unable to enter into, perform or terminate the contract or parts of the contract with you, or undertake any pre-contractual measures.
-
Suppliers, customers/clients
By reason of certain legal obligations you must provide us with certain data so that we can perform the contracts we have concluded with you, e.g. under the requirements of commercial or tax law.
-
Does an automated decision-making process including profiling take place?
We do not undertake any automated decision-making including profiling.
Additional information as required by Article 14 GDPR
-
Where does your data come from?
Your data originates from the following sources:
-
Suppliers, customers/clients
-
from you yourself (direct collection)
-
recommendations
-
if applicable, from affiliated companies (Demarec, RF, Auger Torque, Solesbee’s, Doherty)
-
if applicable, from Internet content for which a charge is made e.g. company, commercial and association registers
-
if applicable, from credit agencies
-
Applicants
-
from you yourself (direct collection)
-
from data transferred from job portals
-
Does your data originate from public sources?
Your data may originate from the following public sources:
-
Suppliers, customers/clients
-
freely available Internet content e.g. company registers, your website etc.
-
third party recommendations
-
press reports, media
-
phone books, including on-line phone books
-
Applicants
-
freely available Internet content including social networks e.g. Xing, LinkedIn, job advertisements, job portals etc.
-
phone books, including on-line phone books
Newsletter
If you have registered for our newsletter you will find the data protection information relating to your registration in our Data Protection Statement.