Privacy policy
Privacy policy
§ 1 General matters
Processing of your personal data (e.g., form of address, name, address, email address, phone number) always takes place in harmony with the provisions of German data protection law and the data protection law of the European Union (EU). The following provisions will inform you about the purpose of the processing, recipients, legal basis, and storage periods, as well as about your rights and the controller for processing activities concerning your data. This privacy policy refers only to our websites. If you are redirected to any other sites via links on our pages, please inform yourself there about the respective handling of your data.
§ 2 Web analytics with Google Analytics
(1) Purpose of processing
This website uses Google Analytics, a web analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. (“Google”). Google Analytics uses “cookies”, i.e., text files that are stored on your computer and that permit analysis of your use of the website. As a rule, the information generated by the cookie through your use of this website is sent to a Google server in the USA and stored there. If internet protocol address anonymisation was activated on this website, your internet protocol address will be shortened by Google, however, within the member states of the European Union or in other states that are party to the Treaty on the European Economic Area. Only in exceptional cases will the full IP-Address be transmitted to a Google server in the USA and shortened there. On the order of the provider of this website, Google will use this information to evaluate your use of the website, in order to compile reports on the website activities and to provide further services connected to website use and internet use towards the website operator.
(2) Legal basis
The legal basis for this processing shall be point (f) of Article 6 (1) GDPR.
(3) Legitimate interest
Our legitimate interest is the statistical analysis of user behaviour for optimisation and marketing purposes. This website uses Google Analytics with the extension “anonymiseIP()” to protect your interest in data protection so that the IP addresses are only processed in abbreviated form to exclude direct personal reference.
(4) Categories of recipients
Google, partner company
(5) Transfer to a third country
Google Ireland Limited is an affiliated company of Google LLC. Google LLC is located in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043).
(6) Storage period
38 months
(7) RIGHT OF OBJECTION
You may prevent storage of the cookies by making the corresponding settings in your browser software; however, note that you may not be able to fully use all features of the website in such a case. You may furthermore prevent recording of the data generated by the cookie and referring to your use of the website (incl. your internet protocol address) and processing of these personal data by Google by downloading and installing the browser plug-in available under the following link: optout. You can also prevent recording by placing an opt-out cookie. Please click here to prevent future collection of your data when you visit this website: Deactivate Google Analytics
§ 3 Information about cookies
(1) Purpose of processing
This website uses technically necessary cookies. These are small text files that are stored in or by your internet browser on your computer system.
(2) Legal basis
The legal basis for this processing shall be point (f) of Article 6 (1) GDPR.
(3) Legitimate interest
Our legitimate interest is in the functionality of our website. The user data collected by the technically necessary cookies are not used to compile user profiles. This preserves your interest in data protection.
(6) Storage period
The technically necessary cookies are usually deleted when your browser is closed. Permanently stored cookies have different lifetimes that may range from a few minutes to several years.
(7) RIGHT OF OBJECTION
If you do not want your cookies to be stored, please deactivate acceptance of such cookies in your internet browser. This may, however, cause limitation of the function of our website. Permanently stored cookies can also be deleted at any time through your browser.
§ 4 Plugins & tools
Google Maps
We use an API from the mapping service Google Maps on our website. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Your internet protocol address must be stored for using the functions of Google Maps. This information will usually be transmitted to a server of Google in the USA and stored there. We as a provider have no influence on this data transmission. Google Maps are used in the interest of an attractive presentation of our online offer and to make it easier to find the places named by us on the website. This is a legitimate interest within the meaning of point (f) of the first sentence of Article 6 (1) GDPR. For more information on handling user data, see the Google privacy policy: https://www.google.de/intl/de/policies/privacy/.
§ 5 Rights of the data subject
If any personal data concerning you are processed, you are a data subject within the meaning of the GDPR and you have the following rights towards the controller:
1. Right of access
You may demand that the controller confirm whether any personal data concerning you are processed by us. In case of such processing, you may demand the following information from the controller:
(1) the purposes for which the personal data are processed;
(2) the categories of personal data concerned;
(3) the recipients or categories of recipients to whom the personal data concerning you have been disclosed or will be disclosed;
(4) the planned duration of storage of the personal data concerning you or, if specific information on this cannot be provided, criteria for specification of the storage duration;
(5) the existence of the right to request from the controller rectification or erasure of personal data or a right to restriction of processing of personal data concerning the data subject or to object to such processing;
(6) the existence of the right to lodge a complaint with a supervisory authority;
(7) all available information on the origin of the data, if the personal data are not collected from the data subject;
(8) the existence of automated decision-making, including profiling in accordance with Article 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. You have the right to demand communication on whether the personal data concerning you are transmitted to a third country or an international organisation. In this context, you may demand provision of information about appropriate safeguards in accordance with Article 46 GDPR in connection with the transfer.
2. Right to rectification
You have a right to rectification and/or completion towards the controller, provided that the personal data processed concerning you are inaccurate or incomplete. The controller shall rectify them without undue delay.
3. Right to restriction of processing
You may demand restriction of processing of the personal data concerning you under the following condition:
(1) if you dispute the accuracy of the personal data concerning you for a duration that enables the controller to verify the accuracy of the personal data;
(2) if the processing is unlawful and you oppose the erasure of the personal data and requests the restriction of their use instead;
(3) if the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise, or defence of legal claims; or
(4) if you have objected to processing in accordance with Article 21 (1) (1) GDPR and it is not yet certain if the legitimate reasons of the controller override your reasons. Where processing of the personal data concerning you has been restricted, such personal data must – with the exception of storage – only be processed with your consent or for the establishment, exercise, or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If the restriction of processing was limited according to the above conditions, you will be informed by the controller before the restriction is revoked.
4. Right to erasure
a) Erasure obligation
You may demand that the controller erase the personal data concerning you without undue delay and the controller shall have the obligation to erase such data without undue delay where one of the following grounds applies:
(1) The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
(2) You withdraw consent on which the processing was based according to Article 6 (1) or point (a) of Article 9 (2) GDPR and there is no other legal basis for the processing.
(3) You object to processing in accordance with Article 21 (1) GDPR and there are no overruling legitimate grounds for processing, or you object to processing in accordance with Article 21 (2) GDPR.
(4) The personal data concerning you have been unlawfully processed.
(5) Erasure of the personal data concerning you is required for compliance with a legal obligation under Union or Member State law to which the controller is subject.
(6) The personal data concerning you have been collected in relation to the offer of information society services referred to in Article 8 (1) GDPR.
b) Information to third parties
Where the controller has made the personal data concerning you public and is obligated in accordance with Article 17 (1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
c) Derogations
The right to erasure shall not exist if processing is necessary
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9 (2) as well as Article 9 (3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 (1) GDPR in so far as the right referred to in point (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise, or defence of legal claims.
5. Right to provision of information
If you have asserted a right to rectification, erasure, or restriction of processing towards the controller, the controller is obligated to inform all recipients to whom the personal data concerning you were disclosed of this rectification or erasure of data or reconstruction of processing, except if this turns out to be impossible or subject to disproportionate effort. You are due the right to provision of information about such recipients by the controller.
6. Right to data portability
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used, and machine-readable format. In addition to this, you have the right to transmit these data to another controller without any impairment by the controller to whom the personal data were provided, as long as
(1) processing is based on consent in accordance with point (a) of Article 6 (1) GDPR or point (a) of Article 9 (2) GDPR or a contract in accordance with point (b) of Article 6 (1) GDPR and
(2) processing is carried out by automated means.. In exercising this right, you further have the right to demand that the personal data concerning you be transmitted directly from one controller to another, where technically feasible. Freedoms and rights of other persons must not be impaired by this. That right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
7. Right to object
You have the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning you which is based on points (e) or (f) of Article 6 (1) GDPR, including profiling based on those provisions.
The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defence of legal claims. Where personal data concerning you are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes. You have the option to exercise the right to object in connection with use of information society services, irrespective of directive 2002/58/EC, where technical specifications are used.
8. Right to withdraw the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
9. Automated decision-making in an individual case, including profiling
You have the right not to be subject to a decision based exclusively on automated processing – including profiling – which produces legal effect concerning you or similarly relevantly affects you. This shall not apply if the decision
(1) is necessary for entering into, or performance of, a contract between you and the controller;
(2) is authorised by provisions of Union or Member State law to which the controller is subject, and which also lays down suitable measures to safeguard your rights and freedoms and your legitimate interests; or
(3) is made with your express consent. However, such decisions shall not be based on special categories of personal data referred to in Article 9 (1) GDPR, unless point (a) or (g) of Article 9 (2) GDPR applies and suitable measures to safeguard the rights and freedoms and your legitimate interests are in place. Regarding the cases referred to in (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express their point of view and to contest the decision.
10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy in accordance with Article 78 GDPR.
Data processing controller:
Barthel GmbH
Daniel-Eckhardt-Strasse 10
45356 Essen
Contact details of our data protection officer:
Daniel-Eckhardt-Straße 10,
45356 Essen,
datenschutz@Barthel.net
Information obligations
Below, we will inform you about collection of personal data at 1. Quotations, 2. Order confirmations, 3. Credit checks, 4. CRM system with enterprise resource planning, 5. Inbound invoices, 6. Electronic payment transactions, 7. Global address book, 8. Debt collection, 9. Reminders, 10. Invoices, 11. Complaints, 12. Telephone system, 13. Webshop, 14. WhatsApp, 15. External audits
Personal data are any data that permit a conclusion to you personally, e.g., your name, address, email addresses, phone number.
1. Contact details and company data protection officer
The controller in accordance with Article 4 (7) GDPR is Barthel GmbH, Daniel-Eckhardt-Straße 10, phone: +49 201/ 83518-0, fax: +49 201/83518-55, email: info@barthel.net. The company data protection officer of Barthel GmbH can be reached at the above address, for the attention of the Data Protection Department, or at Datenschutz@Barthel.net.
2. Purposes of data processing and legal basis
Re. 1. Quotations:
We will collect, store, and, if necessary, pass on the data to the extent necessary to make the customer or interested party a quotation for the requested goods and services. The collection, storage, and disclosure are, therefore, carried out for the purpose of fulfilling the contract and on the basis of sentence 1 point (b) of Article 6 (1) GDPR, and for the purpose of pre-contractual measures at the request of the data subject on the basis of sentence 1 point (b) of Article 6 (1) GDPR. Failure to provide such data may render us unable to offer goods to the customer. They cannot place any new service or product orders then anymore.
Re. 2. Order confirmations:
We will collect, store, and, if necessary, pass on the data to the extent required to send the customer a confirmation of receipt of the order. The collection, storage, and disclosure are, therefore, carried out for the purpose of fulfilling the contract and on the basis of sentence 1 point (b) of Article 6 (1) GDPR, and for the purpose of pre-contractual measures at the request of the data subject on the basis of sentence 1 point (b) of Article 6 (1) GDPR. Failure to provide such data may prevent the customer from receiving confirmation of order receipt. The customer also will be unable to check the delivery date, delivery address, price, billing address, and product data.
Re. 3. Credit check:
Credit check: We will collect, store, and, if necessary, pass on the data to the extent required to verify the creditworthiness of a contractual partner prior to conclusion of the contract and during the term of the contract. The collection, storage, and disclosure are, therefore, carried out for the purpose of fulfilling the contract and on the basis of sentence 1 point (b) of Article 6 (1) GDPR, and for the purpose of pre-contractual measures at the request of the data subject on the basis of sentence 1 point (b) of Article 6 (1) GDPR. Failure to provide such data may render it impossible to conclude the contract and to ship the goods or render the service.
Re. 4. CRM system with enterprise resource planning:
We will collect, store, and, if necessary, pass on the data to the extent necessary to enable an administration of customer data (also called ERP), where also movements of goods are recorded. The collection, storage, and disclosure are, therefore, carried out for the purpose of fulfilling the contract with the data subject and on the basis of sentence 1 point (b) of Article 6 (1) GDPR, and for the purpose of pre-contractual measures at the request of the data subject on the basis of sentence 1 point (b) of Article 6 (1) GDPR. Failure to provide such data may render it impossible to deliver the goods and/or render the services or to do so in a timely manner.
Re. 5. Inbound invoices:
The collection, storage, and disclosure are, therefore, carried out for the purpose of fulfilling the contract and on the basis of sentence 1 point (b) of Article 6 (1) GDPR.
We will collect, store, and, if necessary, pass on the data to the extent required for the payment of incoming invoices from suppliers and service providers. Failure to provide such data may result in inability to pay incoming invoices due to lack of recording.
Re. 6. Electronic payments:
We will collect, store, and, if necessary, pass on the data to the extent required to record any payment orders still submitted in voucher form on EDP media and to process them in clearing transactions between the banks using the voucherless data medium exchange procedure (cashless payment transactions). The collection, storage, and disclosure are, therefore, carried out for the purpose of the employment relationship on the basis of Article 88 (1) GDPR in conjunction with § 26 (1) of the revised Federal Data Protection Act (Bundesdatenschutzgesetz; BDSG-neu) or for the purpose of fulfilling a contract with the data subject on the basis of sentence 1 point (b) of Article 6 (1) GDPR. Failure to provide such data may render it impossible to make payments of outstanding debts, collection of liabilities.
Re. 7. Global address book:
We will collect, store, and, if necessary, pass on the data to the extent necessary to maintain a searchable directory in Outlook that includes all users, groups, shared contacts, and resources defined for our G Suite domain. These contacts are also available via Outlook or Gmail interfaces online. Global addresses are shared with everyone in your organisation by default. These include the primary email address for each user and any associated email aliases or nicknames. The collection, storage, and disclosure are, therefore, carried out for the purpose of fulfilling the employment relationship and on the basis of Article 88 (1) GDPR in conjunction with § 26 (1) BDSG-neu. Failure to provide such data may render it impossible to properly perform workflows and may cause delays.
Re 8. Debt collection:
We collect, store and, if necessary, pass on the data to the extent necessary to ensure the collection of monetary claims in our own name or in the name of third parties. The collection, storage, and disclosure are, therefore, carried out for the purpose of fulfilling the contract and on the basis of sentence 1 point (b) of Article 6 (1) GDPR. Failure to provide such data may render us unable to effectively collect outstanding receivables.
Re. 9. Reminders:
We will collect, store, and, if necessary, pass on the data to the extent required to claim the debtor’s performance owed by the creditor. When the debt is due, an unsuccessful reminder will put the debtor in default in accordance with § 286 of the German Civil Code (Bürgerliches Gesetzbuch; BGB). The collection, storage, and disclosure are, therefore, carried out for the purpose of fulfilling the contract and on the basis of sentence 1 point (b) of Article 6 (1) GDPR. Failure to provide such data may render us unable to collect outstanding receivables.
Re. 10. Invoices:
We will collect, store, and, if necessary, pass on the data to the extent required to create a document in which a company informs its customer about the fee due on the basis of a contract. The collection, storage, and disclosure are, therefore, carried out for the purpose of fulfilling the contract and on the basis of sentence 1 point (b) of Article 6 (1) GDPR. Failure to provide such data may render billing of services impossible.
Re. 11. Complaints:
We collect, store and, if necessary, disclose the data to the extent necessary to address oral or written expressed dissatisfaction with a product or service from both internal and external customers. The collection, storage, and disclosure are, therefore, carried out for the purpose of fulfilling the contract and on the basis of sentence 1 point (b) of Article 6 (1) GDPR, and for the purpose of fulfilling a legal obligation of the controller on the basis of sentence 1 point (c) of Article 6 (1) GDPR. Failure to provide such data may render it impossible to process the complaint.
Re. 12. Telephone system:
We will collect, store, and, if necessary, pass on the data to the extent necessary to connect a switching device that connects several terminal devices, such as telephone, fax, answering machine, both with each other and with one or more lines of the public telephone network. The collection, storage, and disclosure are, therefore, carried out for the purpose of fulfilling the employment relationship and on the basis of Article 88 (1) GDPR in conjunction with § 26 (1) BDSG-neu. Failure to provide such data may render it impossible to properly perform workflows and may cause delays.
Re. 13. Webshop:
We will collect, store, and, if necessary, pass on the data to the extent necessary to offer the customer a platform for viewing and changing their data. The customer can view their orders and products through this platform. The customer may also view PDF documents, such as delivery bill, order confirmation, or invoices. The collection, storage, and disclosure are, therefore, carried out for the purpose of fulfilling the contract and on the basis of sentence 1 point (b) of Article 6 (1) GDPR, and for the purpose of pre-contractual measures at the request of the data subject on the basis of sentence 1 point (b) of Article 6 (1) GDPR. Failure to provide such data may result limit our ability to provide services and, as a result, slow the process flow.
Re. 14. WhatsApp:
We will collect, store, and, if necessary, pass on the data to the extent necessary to exchange messages using an instant messenger that enables real-time exchanges via the Extensible Messaging and Presence Protocol (XMPP). This makes it possible to transmit and receive texts, voice messages, images, videos, and audio files. The collection, storage, and disclosure are, therefore, carried out for the purpose of legitimate interest, which is weighed up in individual cases by weighing up the interests if an interest worthy of protection is opposed to this (in particular in the case of children) on the basis of sentence 1 point (f) of Article 6 (1) GDPR. Failure to provide such data may render communication via WhatsApp and optimal exchange of data in real time impossible. Operational processes may come to a standstill as a result.
Re. 15. Audits:
We will collect, store, and, if necessary, pass on the data to the extent necessary to comply with a required standard of customers and legislators. The collection, storage, and disclosure are, therefore, carried out for the purpose of fulfilling a legal obligation of the controller on the basis of sentence 1 point (c) of Article 6 (1) GDPR. Failure to provide such data may result in audits no longer being possible. Thus, certifications can no longer be performed. Customers can no longer place orders with missing certificates.
We will transfer personal data to:
Customers, employees, employees of subsidiaries, tax consultants, lawyers, courts, collection service providers, credit rating service providers, financial institutions, forwarding service providers, auditors (certification bodies), ERP/MIS service providers via VPN and remote access, IT system house via VPN.
Further processing will only take place if you have consented to it or if there is a legal permission. In some cases, we will use external service providers based in the European Economic Area to process your data. We have carefully selected these service providers, commissioned them in writing, and they are bound to our instructions. We review them on a regular basis. The service providers will not pass these on to any third parties. They will delete them after fulfilment of the contract and completion of legal storage periods, except if you have consented to storage beyond this.
3. Duration of data storage
To the extent that we do not process your contact data for operational purposes, we will store the data collected until the purpose for which the data was collected has been fulfilled and is no longer required, or as follows:
1. Offers will be stored until the expiry of a period of 6 years (or if no contract is concluded, immediately thereafter). Your data will also be erased if storage is not permitted. After this period, the data collected for this procedure will be erased or blocked if erasure is not possible.
2. Order confirmations will be stored until the expiry of a period of 6 years. Your data will also be erased if storage is not permitted. After this period, the data collected for this procedure will be erased or blocked if erasure is not possible.
3. Credit assessment will be stored until the expiry of a period of 6 years. After the expiry of these periods, will we retain the information required under commercial and tax law for the periods specified by law on the basis of sentence 1 point (c) Article 6 (1) GDPR. Your data will also be erased if storage is not permitted. After this period, the data collected for this procedure will be erased or blocked if erasure is not possible.
4. CRM system with enterprise resource planning or until expiry of the statutory retention period of 10 years. Your data will also be erased if storage is not permitted. After this period, the data collected for this procedure will be erased or blocked if erasure is not possible.
5. Incoming invoices will be stored until the expiry of a period of 10 years. We will keep the information of the contractual relationship required by commercial and tax law for the periods determined by law on the basis of sentence 1 point (c) of Article 6 (1). The data will be processed again during this period solely in the event of a review by the tax authorities. Your data will also be erased if storage is not permitted. After this period, the data collected for this procedure will be erased or blocked if erasure is not possible.
6. Electronic payment transactions will be stored until expiry of the statutory retention period of 10 years. Your data will also be erased if storage is not permitted. After this period, the data collected for this procedure will be erased or blocked if erasure is not possible.
7. Global address book data will be stored until the expiry of a period of 3 months after leaving the company. Your data will also be erased if storage is not permitted. After this period, the data collected for this procedure will be erased or blocked if erasure is not possible.
8. Debt collection data will be stored until the expiry of a period of 10 years. We will keep the information on the contractual relationship required by commercial and tax law for the periods determined by law on the basis of sentence 1 point (c) of Article 6 (1). The data will be processed again during this period (usually 10 years) solely in the event of a review by the tax authorities. Your data will also be erased if storage is not permitted. After this period, the data collected for this procedure will be erased or blocked if erasure is not possible.
9. Reminder data will be stored until the expiry of a period of 10 years. After the expiry of these periods, will we retain the information from the contractual relationship as required under commercial and tax law for the periods specified by law on the basis of sentence 1 point (c) Article 6 (1) GDPR. The data will be processed again during this period (usually 10 years from conclusion of the contract) solely in the event of a review by the tax authorities. Your data will also be erased if storage is not permitted. After this period, the data collected for this procedure will be erased or blocked if erasure is not possible.
10. Invoice data will be stored until the expiry of a period of 10 years. We will keep the information of the contractual relationship required by commercial and tax law for the periods determined by law on the basis of sentence 1 point (c) of Article 6 (1). ´´The data will be processed again during this period solely in the event of a review by the tax authorities. Your data will also be erased if storage is not permitted. After this period, the data collected for this procedure will be erased or blocked if erasure is not possible.
11. Complaint data will be stored until the expiry of a period of 10 years. We will keep the information on the contractual relationship required by commercial and tax law for the periods determined by law on the basis of sentence 1 point (c) of Article 6 (1). The data will be processed again during this period (usually 10 years) solely in the event of a review by the tax authorities. Your data will also be erased if storage is not permitted. After this period, the data collected for this procedure will be erased or blocked if erasure is not possible.
12. Telephone system data will be stored until the expiry of a period of 6 months after leaving the company. Your data will also be erased if storage is not permitted. After this period, the data collected for this procedure will be erased or blocked if erasure is not possible.
Your data will also be erased if storage is not permitted. Your data will also be erased if storage is not permitted. After the period, the data collected for this procedure will be erased or blocked if erasure is not possible.
15. External audit data will be stored until the expiry of a period of 6 years. Your data will also be erased if storage is not permitted. After the period, the data collected for this procedure will be erased or blocked if erasure is not possible.
4. Your data protection rights
You have the right to request information from us at any time about the personal data we have stored about you (Article 15 GDPR). This also concerns the recipients or categories of recipients to whom these data are passed on and the purpose of such storage. You also have the right to demand rectification under the conditions of Article 16 GDPR and/or erasure under the conditions of Article 17 GDPR and/or restriction of processing under the conditions of Article 18 GDPR. Furthermore, you can request a data transfer at any time under the conditions of Article 20 GDPR – provided that the data are still stored by us.
If any personal data are processed for the performance of tasks in the public interest (sentence 1 point (e) of Article 6 (1)) or for the performance of legitimate interests (sentence 1 point (f) of Article 6 (1)), you may object to the processing of personal data concerning you at any time with effect for the future. If you object, we shall refrain from any further processing of your data for the aforementioned purposes, except if
- there are compelling legitimate grounds for processing which override your interests, rights, and freedoms, or
- processing is necessary for the establishment, exercise, or defence of legal claims.
Subject to the conditions of Article 21 (1) of the GDPR, objection to data processing is possible on grounds relating to the particular situation of the data subject.
You also have the right, in accordance with Article 22 (3) of the GDPR, to have a person intervene on the part of the controller, to express your point of view, and to challenge the decision with regard to automated individual decision-making.
5. Contact
All information requests, requests for communication, revocations, or objections to data processing should be emailed to our data protection officer at Datenschutz@Barthel.net or by letter to the address provided in 1. Please refer to the full text of the GDPR, which is available on the internet at https://dsgvo-gesetz.de and our privacy policy, which is available on the internet at www.barthel-gruppe.de/datenschutz,for more detailed information.
You may also lodge a complaint with the competent supervisory authority regarding matters relating to data protection law.
The Federal Commissioner for Data Protection and Freedom of Information:
P.O. Box 20 04 44
40102 Düsseldorf
Kavalleriestraße 2-4
40213 Düsseldorf
Phone: 02 11/384 24-0
Fax: 02 11/384 24-10
E-Mail: poststelle@ldi.nrw.de
Website: https://www.bfdi.bund.de/SharedDocs/Adressen/LfD/NordrheinWestfalen.html?nn=5217144