Dear Sir or Madam,

Please allow us to provide you with information regarding the processing of your personal data according to paragraphs 13 and 14 of the General Data Protection Regulation (GDPR). This information is valid for our relationships with both customers and suppliers.

1. Name and contact details for the responsible party

Bräuer Systemtechnik GmbH
Managing director: Karolin Wolf
Gewerbering 33
09456 Annaberg-Buchholz
GERMANY
Phone: 0049 3733 59676 10
E-Mail: info@braeuersysteme.de
Website: www.braeuersysteme.de

2. Name and contact details for our data protection officer

Tina Grunert
Gewerbering 33
09456 Annaberg-Buchholz
GERMANY
Phone: 0049 3733 59676 18
E-Mail: datenschutz@braeuersysteme.de

3. Data processing

3.1. Order processing with business partners

a.  Collected data categories

• Personal master data (first name, surname, title, position in the company, department)
• Contact details (Email address, mailing address, phone number)
• Payment data/ bank details
• Company name, value added tax – identification number
• Order data
• Communication/correspondence data

b. Purposes and legal foundations of data processing, and duration of storage

We use your data for contract fulfillment and/or preparation according to paragraph 6 section 1 b) GDPR. This includes:

• Sales order processing (offers, orders, order confirmations, delivery notes, billing, receipt/shipment of goods, complaints, etc.)
• Customer support
• Communication via mail, email, phone, fax

   

Our justified interests according to paragraph 6 section 1 f) GDPR can also be the basis for processing your personal data. Justified interests include:

• Simplification of administrative procedures
• Use of contact data for contact partners for more efficient communication and customer support and organization/ preparation of festivities (such as anniversaries, events)
• Processing requests on a non-contractual basis

The data are stored until the processing purpose is no longer relevant. Legal retention periods are considered in this process.

c. Transmission of data

• IT service providers
• Software support company (ERP Systemhaus am Neumarkt/ SAGE GmbH)
• Tax consultant office/ auditor
• Banks/financial institutions
• Shipment service providers
• Authorities upon request
• Insurance companies

3.2 Financial accounting

a. Collected data categories

• Name
• Company mailing address
• Bank details
• Value added tax – identification number
• Sales volume
• Invoice numbers
• Purposes of use
• Miscellaneous information related to financial operations
• Data on fixed assets

b. Purposes and legal foundations of data processing, and duration of storage

We use your data for contract fulfillment according to paragraph 6 section 1 b) GDPR. This includes:

• Invoicing/ accounting
• Billing
• Creating balances and annual financial statement
• Inspection of accounts receivable and payable entries
• Factual examination of invoices

Another legal foundation can be paragraph 6 section 1 c) GDPR. This includes:

• Duty to report and inspect for taxes

Your data remain with us according to the legal retention periods.

c. Transmission of data

• Tax consultant
• Auditor
• Authorities (audits)
• Banks/financial institutions
• Software support company (ERP Systemhaus am Neumarkt/ SAGE GmbH)
• if necessary, IT service provider

3.3 Sanction list inspection

a. Collected data categories

• First name, surname
• Firm name
• Firm mailing address
• if necessary, phone number

b. Purposes and legal foundations of data processing, and duration of storage

We regularly and automatically match data against sanction lists. As an authorized economic operator (AEO), we must inspect sanction lists to comply with supply prohibitions. The legal foundations are found in paragraph 6 section 1 b) GDPR and paragraph 6 section 1 f) GDPR. The justified interests consist of retention of our AEO-permit, and the use of a tool connected with ERP software. Data are stored according to the legal retention period.

c. Transmission of data

• Software support company (ERP Systemhaus am Neumarkt/ SAGE GmbH)
• if necessary, IT service provider

3.4 Online-Meetings (Webex by Cisco)

a. Collected data categories

• Surname, first name
• Email address
• if necessary, video recording

b. Purposes and legal foundations of data processing, and duration of storage

Your data are processed for technical and commercial coordination within the scope of a contract or pre-contractual measures according to paragraph 6 section 1 b) GDPR. Other foundations are justified interests according to paragraph 6 section 1 f) GDPR. The justified interest is to use an available, efficient, and widely used meeting platform. The data are stored until the processing purpose is no longer relevant.

c. Transmission of data

• Webex by Cisco

For other information (such as possible data transmission into third party countries), please see Cisco’s data privacy policy:
https://www.cisco.com/c/de_de/about/legal/privacy-full.html

3.5 Visiting our company – video surveillance

a. Collected data categories

• Video recordings

b. Purposes and legal foundations of data processing, and duration of storage

In the area surrounding our company’s location, cameras are installed to meet our justified interests according to paragraphs 6 section 1 f) GDPR. Justified interests are vandalism prevention and the protection of company property. The video recordings are deleted as soon as they are no longer needed.

c. Transmission of data

• if necessary, authorities / police upon request 
• if necessary, IT service provider

» see www.braeuersysteme.de/en/data-protection/video-monitoring/

3.6 Visiting our company – WLAN for guests

a. Collected data categories

• IP address
• MAC address
• Device (hardware) name

b. Purposes and legal foundations of data processing, and duration of storage

Data are processed to make available WLAN for guests visiting our firm location. The legal foundation is paragraph 6 section 1 f) GDPR. Our justified interest is to provide a WLAN connection for visitors using mobile phones or laptops. The data retention period is two months.

c. Transmission of data

• IT service provider

3.7 Visiting our company – visitor documentation

a. Collected data categories

• First name, surname
• Company data (name, mailing address)
• Function / department /task inside the company
• Business contact data (phone number, email address, mailing address)
• Date, time of the visit (start and end)
• Purpose of the visit
• if necessary, vehicle license plate number

b. Purposes and legal foundations of data processing, and duration of storage

Your data are processed to maintain requirements for workplace safety according to paragraph 6 section 1 c) GDPR. Justified interests according to paragraph 6 section 1 f) GDPR can also be the foundation. Justified interests are, for instance, to fulfill the obligation to provide documentation and the use of contact data for more efficient communication. The data are stored until the processing purpose of processing is no longer relevant. Legal retention periods are considered in this.

c. Transmission of data

• if necessary, IT service provider, and/ or, if necessary, authorities

4 Your rights

As a data subject, you have the following rights:

4.1 Right to information (according to paragraph 15 GDPR)

You are entitled to be informed of whether and which of your personal data are processed. This also includes the purposes of processing, the recipients, and the period of storage.

4.2 Right to correction (according to paragraph 16 GDPR)

You have a right to correct or complete your data if they are incorrect or incomplete. We will make the correction immediately.

4.3 Right to deletion (according to paragraph 17 GDPR)

You are entitled to have your data deleted provided the legal preconditions are met (among others, in case of illegal processing, lapse of necessity, revocation of consent, entry of objection, and/ or lack of justified reasons for processing).

4.4 Right to limited processing (according to paragraph 18 GDPR)

You may demand limited processing of your personal data provided the legal requirements are met (among others, when exercising or defending legal claims).

4.5 Right to information (according to paragraph 19 GDPR)

If you have asserted your right to correction, deletion, or limitation of processing, we are obliged to inform all recipients of your data of this correction, deletion, or limitation of processing, unless this proves to be impossible or entails disproportionate efforts. You are entitled to be informed of these recipients.

4.6 Right to data transferability (according to paragraph 20 GDPR)

You are entitled to obtain the personal data which you have made available to us in a structured, commonly used, and machine-readable format, or, if technically feasible, to have the data sent to a third party.

4.7 Right to objection (according to paragraph 21 GDPR)

You have the right to object to data processing performed based on paragraph 6 section 1 e) GDPR or paragraph 6 section 1 f) GDPR. We will then no longer process your data, unless there are compelling, legitimate reasons for processing that take precedence over your interests, rights, and licenses (degrees of freedom), or if processing is for the assertion, exercise, or defense of legal claims.

4.8 Right to revocation (according to paragraph 7 GDPR)

You are entitled to revoke your legal data protection declaration of consent at any time. Revocation of approval will not affect the lawfulness of processing your data prior to revocation.

4.9 Right to complain to a supervisory authority (according to paragraph 77 GDPR)

You are entitled to lodge a complaint to the responsible authority. This is the Saxon data protection and transparency officer:
Sächsische Datenschutz- und Transparenzbeauftragte
Postfach 11 01 32
01330 Dresden

As a matter of course, we and our data protection officer are available to provide information and answer questions.