PRIVACY NOTICE FOR THE GLOMEX-BUSINESS PARTNER
The aim of this privacy notice is to inform you how we process personal data of our business partner contacts.
1. Data Privacy Contact. Data Controller within the meaning of the General Data Protection Regulation (GDPR) for the processing activities described below is glomex GmbH („glomex“), Dieselstrasse 1, 85774 Unterfoehring. You may contact the glomex’s Data Protection Officer with any questions and concerns about data protection by email (firstname.lastname@example.org) or by regular mail by addressing the letter explicitly to the glomex Data Protection Officer.
2. Data processing in the course of the business relationship with glomex. As part of our business relationship with our business partners, we also process personal data for the following purposes:
a. Customer management. In order to manage our business contacts, we process information about our business partners (in particular address, branch offices, if applicable, authorized representatives and their contact data, each „Business Partner Data“) as well as information about the respective contact person (in particular name, position, business contact information, each „Business Partner Contact Data“). We use this data in order to be able to reach the right contact person when contacting our business partners to process their requests and orders properly and to maintain our business relationship. The legal basis is Art. 6 (1) (b) GDPR. The data will be stored for the duration of this business relationship.
b. Order management and billing. As part of order processing and billing, we collect information on quotations, orders and invoice items as well as payment detail. Business Partner Contact Data may also be processed in this context. The legal basis is Art. 6 (1) (b) GDPR. The data will be stored for the duration of the business relationship, but at least for the duration of the statutory accounting obligations.
c. Controlling and Reporting. We also use information on orders and invoice items for internal cost and performance accounting, controlling and internal reporting, which we use for corporate management and forecasting. The legal basis is Art. 6 (1) (f) GDPR. In this context, no personal data is processed.
3. Direct marketing activities. We use our Business Partner Data and Business Partner Contact Data as well as information on previous orders, if applicable, in order to send you further relevant information on our products and services, as well as related news, promotions and offers. These will be sent to you by post or e-mail. To contact you, we use the contact data you have provided us with. The legal basis for the aforementioned data processing is Art. 6 (1) (f) GDPR based on our legitimate interest to promote our services to customers and business partners. You can object to the use of your Business Partner Contact Data for direct marketing purposes at any time by sending us an email or letter (see contact details under „Data Privacy Contact“). In addition, we offer the glomex newsletter, which informs you regularly about our technologies, products and solutions and their applications. You can unsubscribe from the newsletter at any time via the unsubscribe link contained in each newsletter. The legal basis for the aforementioned data processing is Art. 6 (1)(a) GDPR.
4. Categories of recipients. The Business Partner Data as well as the Business Partner Contact Data will generally be processed solely by glomex. Exceptionally, data may be passed on to third parties if required or stipulated by law (e.g. as part of a tax audit by the tax authorities or as part of money laundering prevention). In certain cases, it is necessary to pass on Business Partner Data or Business Partner Contact Data to third parties in order to protect your or our interests or to fulfil our contractual obligations (e.g. to reimburse our business partners for their services via our glomex partners). Such disclosure also occurs when we involve external service providers in our internal processes. In these cases, the service provider is bound by instructions and receives data only to the extent and for the period necessary for the provision of the services. In addition, we sometimes employ external consultants and auditors. Agreements are always concluded with them to ensure the confidentiality of all information. If personal data is transferred outside of the European Economic Area, we ensure that appropriate safeguards to ensure an adequate level of protection in third countries are in place (e.g. EU-US Privacy Shield , Standard Contractual Clauses etc.).
5. Your rights. At any time, you have the right
- to request access to or a copy of any personal data which we hold about you;
- to rectification of your personal data, if you consider that the information we are holding is inaccurate;
- to ask us to delete your personal data, if you consider that we do not have the right to hold it;
- to withdraw consent to our processing of your personal data (to the extent such processing is based on previously obtained consent);
- to restrict processing of your personal data;
- to data portability in certain circumstances;
- to object to your personal data being processed in certain circumstances and to object to the processing of your data for direct marketing purposes.
You also have the right to file a complaint to the data protection supervisory authority responsible for glomex (Data Protection Authority of Bavaria for the Private Sector / Bayerisches Landesamt für Datenschutzaufsicht, Postfach 606, 91511 Ansbach, Germany). If you are a resident of a member state in the European Economic Area, you are also free to contact your local data protection authority.
Last amended: February 2019