Information about the processing of personal data in the context of business relationships with customers, suppliers and other business contacts
1. What information does this paraphraph contain for you?
thyssenkrupp Automation Engineering GmbH ("we") is in a business relationship with you or your employer/client, e.g. the initiation or execution of a contractual relationship in the course of our business activities.
In doing so, we ensure that we comply with the requirements of the applicable data protection laws. In the following, we provide you with a detailed overview of our handling of your data and your rights.
2. Who is responsible for the processing and who is the data protection officer?
The person responsible for the processing is
thyssenkrupp Automation Engineering GmbH
Richard Taylor Street 89
Phone: +49 421 6888 0
You can reach our data protection officer at the above address (Attn. Data Protection Officer) or by e-mail: firstname.lastname@example.org.
3. What categories of data do we process and where do they come from?
We process personal data that you provide to us as part of the business relationship. If our business relationship is with your employer or client, we also collect the personal data from you or from your employer or client. This involves the following data or categories of data:
Master data (e.g. name and salutation, title, function title/position designation)
Contact details (e.g. phone number, fax number, e-mail address, postal address)
Communication data (e.g. contents of personal, telephone or written communication)
In addition, we process the following categories of personal data that we generate independently or receive from third parties (e.g. other group companies of tk AG):
Master data (e.g. customer number)
Contract data (e.g. contract ID, contract history)
Communication data (e.g. consultation protocols)
4. For what purposes and on what legal basis is data processed?
We process your data in compliance with the provisions of the EU General Data Protection Regulation (GDPR) and all other applicable laws.
We process personal data primarily for the fulfillment of contractual obligations (Art. 6 para. 1 lit. b GDPR), more specifically for the purpose of initiating, executing or fulfilling a contract. These are, for example, the placement of orders, internal sales work, the shipment and payment of goods or contract negotiations.
If you are not a contractual partner yourself - for example, an employee of a business partner - the processing is carried out for the same purposes as a legitimate interest pursuant to Art. 6 (1) lit. f GDPR. We are in the process of initiating or implementing a contractual relationship with your employer/client as part of our business activities. Due to your activity for your employer/client, we process your personal data for this purpose.
We also process, to the extent necessary, personal data for the fulfillment of legal requirements (Art. 6 para. 1 lit. c GDPR) for the following purposes:
In addition, we process personal data to protect the following legitimate interests (Art. 6 para. 1 lit. f GDPR):
Maintaining the business relationship with existing customers (e.g. customer satisfaction survey)
Implementation of events (e.g. admission control)
Assertion of legal claims and defense in legal disputes
Inclusion in our contact database, contact maintenance after business contact (e.g. after handing over your business card)
Direct marketing to customers or employees of customers (e.g. information about products and events, newsletters)
In addition, we may process personal data for the processing of which we have been given consent (Art. 6 para. 1 lit. a GDPR). We obtain this separately and in the following cases:
5. Who receives your data?
Your data will be processed within thyssenkrupp Automation Engineering GmbH by the employees involved in the initiation/execution of the business relationship and the execution of the respective business processes.
Within our group of companies, your data will be transferred to certain companies if they perform data processing tasks for the companies affiliated in the group on a centralized basis (e.g. centralized contact data management, centralized contract management, disposal of files).
In addition, in order to fulfill our contractual and legal obligations, we sometimes use various external service providers who are bound by data protection law through order processing agreements, Art. 4 No. 8 GDPR. These are service providers in the following areas
In addition, we transfer your data to other recipients outside the company who process your data under their own responsibility, Art. 4 No. 7 GDPR. These may be, for example, the following categories of responsible parties:
Public bodies based on statutory regulations (e.g. tax authorities)
Third parties, e.g. credit institutions, credit agencies - insofar as transmission is permissible due to legitimate interest
6. How long will your data be stored?
We process your personal data as long as they are required for the above stated purposes. After termination of the business relationship, your data will be stored as long as we are legally obliged to do so. This regularly results from legal obligations to provide proof and to retain data, which are regulated, among other things, in the German Commercial Code (Handelsgesetzbuch) and the German Fiscal Code (Abgabenordnung). The storage periods are then up to ten years. In addition, it may be necessary to retain personal data for the period during which claims can be asserted against us (statutory limitation period of up to thirty years).
7. Are you obliged to provide your data?
There is no contractual or legal obligation to provide personal data. However, without processing your personal data, we are not able to carry out the necessary pre-contractual measures or the contractual relationship with you or your employer/client.
8. What data protection rights can you assert as a data subject?
You have the right to request information about the data stored about you, Art. 15 GDPR. In addition, you can request the correction or deletion of your data, Art. 16, 17 GDPR. You may also have the right to restrict the processing of your data and the right to receive the data you have provided in a structured, common and machine-readable format, provided that this does not adversely affect the rights and freedoms of other persons, Art. 18, 20 GDPR.
If you have given us consent to process your personal data, you can revoke this consent at any time. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.
To exercise these rights, please contact the data controller or data protection officer named in section 2.
In addition, you have a right to object, which is explained in more detail at the end of this privacy notice.
You also have the possibility to lodge a complaint with a data protection supervisory authority, Art. 77 GDPR. The right of appeal is without prejudice to any other administrative or judicial remedy. The data protection supervisory authority responsible for us is:
State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia
P.O. Box 20 04 44
Tel.: + 49(0)211/38424-0
Information about your right to object according to Art. 21 of the General Data Protection Regulation (GDPR)
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you, which is carried out on the basis of Article 6 (1) (f) of the GDPR (processing of data on the basis of a balance of interests); this also applies to any profiling based on this provision within the meaning of Article 4 (4) of the GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
In individual cases, we process your personal data for the purpose of direct marketing. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct advertising.
If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.
The objection can be made without any formalities and should, if possible, be addressed to the responsible office or data protection officer named in the data protection declaration under section 2.
Status: November 2022