Information Obligations
We have issued this privacy policy because we want to inform you about the processing of your data in our company and the data protection claims and rights to which you are entitled to by law according to Art. 13 of the European Data Protection Regulation (EU GDPR).
1. Controller
2. Data processing
3. Legal grounds
4. Processing of personal data
5. Who receives my data?
6. Data storage
7. Data protection rights
8. Am I obligated to provide data?
1.Who is the controller for the data processing
and who can you contact?
Confiserie Burg Lauenstein GmbH
Thomas Luger / Maximilian Kaub, Managing Directors
Lauensteiner Str. 41
96337 Ludwigsstadt
Phone: 09263 / 945 - 0
Telefax: 09263 / 945 – 45
E-Mail: info@lauensteiner.de
The company data protection officer is
Gerald Lill
Projekt 29 GmbH & Co. KG
Ostengasse 14
93047 Regensburg
E-Mail: g.lill@projekt29.de
Phone: 0941 / 2986930
2. What data is processed and what
are the sources of this data?
We process the data that we have received from you the initiation or processing of a contract, on the basis of your consent, because you have submitted your job application to us or in relation to your employment at our company.Personal data include:
- Your master/contact data; for customers, they include such data as your first and last name, address, contact data (email address, phone number, fax), bank account details
- For job applicants and employees, they include such data as your first and last name, address, contact data (email address, phone number, fax), date of birth, data from your curriculum vitae and references, bank account data, religious affiliation
- For business partners, they include such data as the name of your legal representatives, your company name, Commercial Register number, VAT ID number, company number, address, contact person data (email address, phone number, fax), bank account data
We also process the following miscellaneous personal data:
- Information about the nature and content of contract data, order data, sales and voucher data, customer and supplier history and consultation documents
- Advertising and sales data
- Information from your electronic communication with us (e.g. IP address, login data)
- Other data we have received from you in the course of our business relationship (e.g. during discussions with customers)
- • Data that we generate ourselves from master/contact data and other data obtained from analyses of customer demand and customer potential
- • The documentation of your declaration of consent for the receipt of newsletters etc.
3. For what purposes and on what legal grounds is the data processed?
We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act 2018, each as most recently revised:
- For the fulfilment of (pre-)contractual obligations (point (b) of Art. 6(1) GDPR):
Your data are processed for the performance of contracts online or in one of our branches, for the performance of contracts for your employment in our company. The data are processed in particular during the initiation of business transactions and the performance of contracts with you. - For the fulfilment of legal obligations (point (c) of Art. 6(1) GDPR):
The processing of your data is necessary for the fulfilment of various legal obligations, e.g. pursuant to the Commercial Code or the Tax Code. - To safeguard legitimate interests (point (f) of Art. 6(1) GDPR):
Data processing may take place beyond the actual performance of the contract for the safeguarding of our legitimate interests or those of third parties if and when determined by a weighing of interests. Data processing for the safeguarding of legitimate interests takes place in the following cases (for example):- Advertising or marketing (see no. 4)
- Measures for business management and further development of services and products
- Maintenance of a group-wide customer database for the improvement of customer service
- In seeking legal remedy
- o On the basis of your consent (point (a) of Art. 6(1) GDPR):
If you have given your consent to the processing of your data, e.g. for a subscription to our newsletter.
4. Our processing of personal data for marketing purposes
You may object to the use of your personal data for marketing purposes at any time, either as a whole or for specific measures, without incurring any costs other than the transmission costs charged according to basic rates.
Subject to the legal prerequisites of section 7(3) Illegal Competition Act [Gesetz gegen den unlauteren Wettbewerb; UWG], we are entitled to use the email address you provided when concluding the contract for direct marketing of our own similar products or services. You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter.
If you do not wish to receive such recommendations from us by email, you can object to the use of your address for this purpose at any time without incurring any costs other than the transmission costs charged according to basic rates. A notification in text form is sufficient for this purpose. It goes without saying that a link to unsubscribe is always included in every email.
As a matter of principle, we do not transfer any data to a third country. Data are transferred in individual cases solely on the basis of an adequacy decision issued by the European Commission, standard contractual clauses, appropriate guarantees or your express consent.
5. Who receives my data?
Even if we engage a service provider for the processing, we remain responsible for the protection of your data. All processors are contractually obligated to treat your data confidentially and to process them solely within the framework of the service performance. The processors we have engaged receive your data insofar as they require the data for the performance of their service. These include (for example) IT service providers that we require for the operation and security of our IT system and marketing and address publishers for our own advertising campaigns.
Your data are processed in our customer database. The customer database supports the enhancement of the data quality of the current customer data (removal of duplicates, indicators that customers have moved/are deceased, address correction) and enables us to supplement the information with data from public sources.
These data are made available to group companies insofar as this is necessary for the performance of the contract. Customer data are stored specifically to the company and separately while our parent company acts as a service provider for the participating companies as discrete entities.
Government authorities and courts as well as external auditors may also receive your data if there is a legal obligation or as part of legal proceedings. Furthermore, insurance companies, banks, credit agencies and service providers may receive your data for the initiation and performance of contracts
6. How long is my data stored?
We process your data until the termination of the business relationship or until the expiry of the applicable statutory retention periods (such as set forth in the Commercial Code, the Tax Code, the Home Act or the Working Hours Act); furthermore, they will be archived until any legal disputes in which the data are required as evidence have been concluded.
7. What data protection rights do I have?
You have a right to access, rectification and erasure of the stored data or to restriction of their processing at any time, a right to object to the processing, a right to data portability and a right to lodge a complaint in accordance with the prerequisites of data protection law.
Right of access:
You may request information from us as to whether and to what extent we process your data.
Right to rectification:
If we process your data that are incomplete or incorrect, you may request that we rectify or complete the data at any time.
Right to erasure:
You may request that we erase your data insofar as we process them unlawfully or if the processing disproportionately interferes with your legitimate interests for protection. Please note that there may be circumstances that prevent immediate erasure, e.g. in the case of legally regulated retention obligations. Irrespective of the exercise of your right to erasure, we will erase your data without delay and completely insofar as there is no transactional or statutory obligation to archive the related data.
Right to restriction of processing:
You may request that we restrict the processing of your data if and when- You dispute the accuracy of the data; the processing will be restricted pending our verification of the accuracy of the data;
- The processing of the data is unlawful, but you refuse erasure and instead request restriction of the use of the data
- We no longer need the data for the intended purpose, but you still require these data for the establishment or defence of legal claims; or
- You have objected to the processing of the data
Right to data portability:
You may request that we make available to you the data you have provided to us in a structured, commonly used and machine-readable format and that you may transfer this data to another controller without hindrance from us, provided that- We process these data on the basis of your consent (which may be withdrawn) or for the performance of a contract between us; and
- Automated means are used for the processing,
- If technically feasible, you may request that we transfer your data directly to another controller.
Right to object:
If we process your data in pursuit of our legitimate interests, you may object to this data processing at any time; the objection would also apply to any profiling based on these provisions. We will no longer process your data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or the processing serves the establishment, exercise or defence of legal claims. You may object to the processing of your data for direct marketing purposes at any time without giving reasons.
Right to lodge a complaint:
If you are of the opinion that we are in breach of German or European data protection law when processing your data, please contact us so that we can clarify any questions. Of course, you also have the right to contact the supervisory authority competent for you, the pertinent state office for data protection supervision. If you wish to assert any of these rights against us, please contact our data protection officer. In case of doubt, we may request additional information for confirmation of your identity.
8. Am I obligated to provide data?
The processing of your data is necessary for the conclusion or performance of the contract you have concluded with us. If you do not provide these data to us, we will usually have no choice but to refuse to conclude the contract or will no longer be able to perform an existing contract and will consequently have to terminate it. However, you are not obligated to give your consent to the processing of data that are not relevant for the performance of the contract or that are not required by law.
Privacy policy as PDF file: IT DSGVO Verpflichtungserklaerung Artikel 13 P
Stand:
31.05.2023