Data protection information for suppliers
in accordance with Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR)
Data protection is important to us. Here, we provide information on how we process your data and what rights you have.
1. Who is responsible for data processing and who can you contact?
MEIKO CLEAN SOLUTIONS IBÉRICA, S.L.U.
Cityparc Ronda de Dalt - Edificio Atenas
Ctra. de l'Hospitalet, 147-149
08940 Cornellà de Llobregat Barcelona
Spain
2. Contact details for our data protection officer
3. Processing purposes and legal basis
Your personal data is processed in accordance with the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other relevant data protection regulations. The way in which individual items of data are processed and used depends on the service agreed or requested.
3.1 Consent (Article 6(1) a of the GDPR)
If you have given us consent to process personal data, your consent represents the legal basis for this processing. You may revoke your consent at any time with effect for the future.
3.2 Fulfilment of contractual obligations (Article 6(1) b of the GDPR)
We process your personal data in order to execute our contracts and agreements with you. Furthermore, your personal data is processed in order to implement measures and take actions as part of pre-contractual relationships.
3.3 Fulfilment of legal obligations (Article 6(1) c of the GDPR)
Where necessary, we process your personal data in order to fulfil our legal obligations (e.g. to comply with trade and tax laws). Furthermore, where necessary, we process your data in order to fulfil financial controlling and reporting obligations and in order to archive data for the purposes of data protection, data security and auditing by tax authorities and other authorities. In addition, we may be required to disclose personal data in the case of administrative/court proceedings for the purpose of gathering evidence, prosecuting crimes or enforcing civil claims.
3.4 Our legitimate interest or the legitimate interest of third parties (Article 6(1) f of the GDPR)
Provided we balance the parties’ interests, we may also use your personal data to protect our legitimate interest or that of a third party. This applies if the following purposes are being fulfilled:
- examining and optimising procedures for needs analysis and direct supplier approach.
- advertising or market research, if you have not objected to this use of your data
- storing your data subject to certain limitations, if deletion is not possible or would impose disproportionately high costs due to the peculiarity of the storage method
- further developing services, products, and existing systems and processes
- statistical evaluations or for market analyses
- certification of private law matters or official matters
- asserting legal claims and mounting a defence in legal disputes that are not directly attributable to the contractual relationship
- safeguarding and exercising our domiciliary rights through appropriate measures (e.g. video surveillance)
- collecting data in line with our online supplier self-disclosure form
4. Categories of personal data that we process
The following data is processed:
• Personal data (name, occupation/industry and similar data)
• Contact details (address, email address, telephone number and similar data)
• Supplier history
We also process personal data from public sources (e.g. the Internet, media, press). If necessary for the provision of our services, we process personal data that we have lawfully received from third parties (e.g. address publishers, credit agencies).
5. Who receives your data?
We pass on your personal data within our company to those departments that require this data to fulfil their contractual and legal obligations or to implement our legitimate interest.
In addition, the following may receive your data:
- our nominated processor (Article 28 of the GDPR); service providers in supporting roles and other controllers as defined by the GDPR, particularly those in the fields of IT services, logistics, courier services, printing services, external data centres, IT application support/maintenance, archiving, document processing, accounting and financial controlling, data destruction, purchasing/procurement, customer administration, letter shops, marketing, telephone services, website management, tax advice, auditing services, financial institutions
- public bodies and institutions in the event of a legal or official obligation, according to which we are obligated to provide information, report data or pass on data, or in cases where passing on data is in the public interest
- bodies and institutions on the basis of our legitimate interest or the legitimate interest of the third party (e.g. authorities, credit agencies, debt collection agencies, lawyers, courts,experts and supervisory bodies)
- other bodies, provided that you have given us your consent to transfer your data to them
6. Transfer of your data to a third country or to an international organisation
Data processing does not take place outside the EU or the EEA.
7. For how long do we store your data?
Where necessary, we process your personal data for the duration of our business relationship. This also includes the initiation and execution of a contract.
In addition, we are subject to various storage and documentation obligations, including those arising from the German Commercial Code (HGB) and the German Fiscal Code (AO). The periods for storage and documentation specified in these laws are up to ten years beyond the end of the business relationship or the pre-contractual legal relationship.
Ultimately, the duration for which we store data is also determined on the basis of statutory limitation periods such as the ones defined in sections 195 et seq. of the German Civil Code (BGB); a limitation period is generally three years but may be up to 30 years in specific cases.
8. To what extent does automated decision making apply to individual cases?
In accordance with Article 22 of the GDPR, we do not use purely automated decision-making procedures. Should we use these procedures in individual cases, we will inform you of this separately if we are required to by law.
9. Your rights to data protection
In accordance with Article 15 of the GDPR, you have the right to access; in accordance with Article 16 of the GDPR, you have the right to rectification; in accordance with Article 17 of the GDPR, you have the right to erasure; in accordance with Article 18 of the GDPR, you have the right to restrict processing; in accordance with Article 20 of the GDPR, you have the right to data portability. In addition, you have the right to lodge a complaint with a data protection supervisory authority (Article 77 of the GDPR). In accordance with Article 21 of the GDPR, you have the right to object to the processing of personal data. However, this right to object only applies in certain specific circumstances regarding your individual situation, in which case the rights of our company may conflict with your right of objection. If you wish to exercise any of these rights, please contact our Data Protection Officer (datenschutz@meiko.de)
10. Scope of your obligations to provide us with your data
You only need to provide the data that is necessary for the establishment and execution of a business relationship or for a pre-contractual relationship with us, or the data that we are legally obligated to collect. Without this data, we will not be able to conclude or execute the contract in most cases. This may also apply to data required later as part of the business relationship. If we request further data from you, you will be informed separately that providing this data is voluntary.
11. Information about your right to object, Article 21 of the GDPR
At any time, you have the right to object to the processing of your data on the basis of Article 6(1) f of the GDPR (data processing having balanced interests) or Article 6(1) e of the GDPR (data processing in the public interest), if there are reasons for this arising from your individual situation. This also applies to profiling based on this provision, as referred to in Article 4(4) of the GDPR.
If you object, we will cease processing your personal data unless we can demonstrate compelling and legitimate reasons to process it. These reasons must override your interests, rights and freedoms or the processing must be for the purposes of establishing, exercising or defending legal claims. We may also process your personal data for the purpose of direct advertising. If you do not wish to receive any advertising, you have the right to object at any time. We will consider this objection to apply to the future.
We will no longer process your data for the purpose of direct advertising if you object to processing for these purposes. Your objection may be sent, in no particular form, to the address listed under point 1.
12. Your right to complain to the competent supervisory authority
You have the right to lodge a complaint with the data protection supervisory authority (in accordance with Article 77 of the GDPR).
The competent supervisory authority in our case is:
State Commissioner for Data Protection and Freedom of Information, Baden-Württemberg
Königstraße 10 a
70173 Stuttgart, Germany
Phone: +49 711 615541-0
poststelle@lfdi.bwl.de