Data protection information for business partners

This data protection information for business partners informs you about the processing of your personal data at Bega-Gruppe Holding GmbH (abbreviated to BEGA Group) incl. all affiliated companies.

Pursuant to Art. 4 lit. 1 of the General Data Protection Regulation (DSGVO), your personal data includes all information that relates or can be related to your person, in particular by means of assignment to an identifier such as a name or to an organisation or customer number by which your person can be identified.

We provide this data protection information for business partners in order to ensure that, as the data controller, the data processing procedures relating to our suppliers, clients and business partners (collectively

« Business Partners« ) and their employees who are associated with the Bega Group.

Scope

This notice applies if you are an independent business partner of the Bega Group, (e.g. as a supplier, principal, or consultant) or if you are an employee of a business partner acting on behalf of the business partner with the Bega Group.

Categories of personal data and data sources

The Bega Group processes the following personal data from your company or from third parties (e.g. your manager, public authorities or public resources):

  • Personal data relating to independent business partners: Name, business contact details, services or products offered, contract information, communication content (such as emails or business letters), payment information, billing information and business relationship history.
  • Personal data relating to employees of a business partner: name, business contact details, name of employer, title/position and communication content (such as emails or business letters).

Purposes of the data processing and the legal basis for processing the data

The Bega Group processes your data for the following purposes:

  • For the fulfilment of contractual obligations in accordance with Article 6 (1b) GDPR, i.e. the initiation, conclusion, implementation and termination of a contract for products or other agreements with you or third parties.
  • Within the framework of the balancing of interests pursuant to Article 6 para. 1f GDPR: To the extent necessary, we process your data beyond the actual fulfilment of the contract to protect the legitimate interests of us or third parties. measures for business management and further development of services and products, risk management in the group of companies, prevention of criminal offences, assertion of legal claims and defence in legal disputes, marketing measures such as sending newsletters to customers, preparation, implementation and evaluation of trade fair participations, procurement of products and services, initiation of customer contracts, application for, implementation and settlement of funding projects, etc.
  • Based on your consent in accordance with Article 6 (1a) GDPR, insofar as you have given us consent to process personal data for specific purposes, e.g. registration for the newsletter, etc.
  • Based on legal requirements in accordance with Article 6 (1c) GDPR, i.e. various legal obligations, e.g. Section 257 of the German Commercial Code and Section 147 of the German Fiscal Code and GoBD for the storage of tax-relevant data, the German Social Code and other relevant laws.

Recipient categories

Within our company, only those employees who need your data to fulfil our contractual and legal obligations are granted access to it.

Service providers and vicarious agents contracted by us may receive data for these purposes if the persons involved are bound to secrecy and written data protection instructions are observed. Essentially, these are service providers and vicarious agents from the categories listed below: Support/maintenance of IT applications, website hosting, archiving, call centre services, document and data media destruction, purchasing/procurement, debt collection, lawyers for the assertion or defence of legal claims, payment card processing such as credit cards, letter shops, marketing agencies, tax consultants for the preparation of monthly and annual financial statements, postal and transport services, payment transactions.

Furthermore, third parties may receive data for certain purposes if this is necessary for the initiation, conclusion, performance or termination of a contract with you or third parties within the scope of your contractual relationship for the

the above-mentioned purposes of the data processing and the legal basis to process the data is required or you have given us your consent

Retention period

The personal data will be stored by the Bega Group and our service providers for as long as necessary until our obligations have been fulfilled. The data will be secured for as long as is necessary for the purpose in accordance with the applicable data protection law. Once the Bega Group no longer needs the data to fulfil contractual or legal obligations, it will be removed from our systems and records and/or steps taken so that your personal data is properly anonymised so that it is no longer identifiable, unless we need to retain personal data from you to comply with legal or regulatory obligations to which the Bega Group is subject. For example, due to statutory retention periods arising from the Commercial Code and the Tax Code, which are usually between 6 and 10 years, or to preserve evidence within a limitation period, which is usually 3 years but can last up to 30 years.

Your rights

If you have given your consent with regard to certain processing activities, you can revoke this at any time with effect for the future. This revocation will not affect the prior processing of data. In accordance with the applicable data protection laws, you have the right:

  1. Inspect your personal data
  2. Schedule the rectification of your personal data
  3. request the deletion of your personal data
  4. To impose restrictions on the processing of your personal data
  5. Request the transfer of your personal data
  6. object to the processing of your personal data.

Note that the above rights may be limited by national law.

Right of access: You have the right to obtain confirmation from us as to whether we are processing and accessing your personal data. The access information will include, but is not limited to, the purpose of the processing, the categories of personal data, the data subjects and the recipients or categories of recipients. However, this is not an absolute right and the interests of others may limit your right of access. You have the right to obtain a copy of the personal data being processed. For further copies requested by you, we have the right to assess a reasonable fee for administrative costs.

Right to erasure (right to be forgotten): In certain circumstances, you have the right to erasure of personal data relating to you.

Right to Restricted Processing: In certain circumstances, you have the right to obtain from us a restriction on the processing of your personal data. In these circumstances, the relevant data will be flagged and only processed for a specific purpose.

Right to data transfer: In certain circumstances, you have the right to receive the personal data you have provided in a structured, commonly used and machine-readable format and have the right to freely transfer this data to another company.

You also have the right to lodge a complaint with the competent supervisory authority. Right of objection according to Article 21 GDPR.

The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her carried out on the basis of Article 6(1)(e) or (f).

As the Bega Group processes and uses your personal data primarily for the purposes of the contractual relationship with you, the Bega Group has in principle a legitimate interest to process your data, which on the other hand will override your restriction request. To exercise this right, contact us as mentioned in the « Questions » section

The Bega Group does not carry out automatic decision-making in accordance with Art.22 Para.1,4 DS-GVO.

Questions:

If you have any questions regarding the notice or your rights, you can contact the Bega Group’s data protection officer at the following contact details:

BITsic GmbH Mr Paul Köhler

E-mail: datenschutz@bitsic.de Internet: www.bitsic.de