Data protection information for visitors to my website and other data subjects
With the following information I would like to give you an overview of the processing of your personal data by me or my companies and your rights pursuant to data protection law.
Who is responsible for data processing and to whom can I contact?
- Dr. Johannes Coy
What sources and data do I or my companies use?
We process personal data that we receive from our customers and business partners as part of our business relationships. In addition, to the extent necessary for the provision of our services, we process personal data which we legitimately obtain from publicly accessible sources (e.g. debtor registers, land registers, commercial and association registers, press, Internet) or which are legitimately transmitted to us by other companies or third parties (e.g. a credit agency).
Relevant data are personal data (name, address and other contact data, birthday and place as well as nationality), identification data (e.g. ID data, tax number, commercial register number etc.) and order data (e.g. payment order). Moreover, this may include data from the fulfilment of our contractual obligations, information about their financial situation (e.g. creditworthiness data, scoring or rating data), credit-relevant data (e.g. income and expenses), documentation data (e.g. consultation protocol) and other data comparable with the above categories.
What do I or my companies process your data for (purpose of processing) and on what legal basis?
We process personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz , BDSG).
1. for the fulfilment of contractual obligations (Article 6(1)(b) GDPR)
The processing of data takes place for the fulfilment and/or performance of contractual obligations between me or one of my companies and our business partners and customers. This includes logistics companies, shipping companies, credit agencies, lawyers and other business partners necessary for contract fulfilment and enforcement. This includes the forwarding of personal information such as name, address, date of birth, invoices and other invoice and financial data such as tax number, commercial register number etc.
2. as part of the balancing of interests (Article 6(1)(f) GDPR)
If necessary, we process your data beyond the necessary fulfilment of the contract to protect the legitimate interests of us or third parties. For example, to consult and exchange data with credit agencies, to assert legal claims and defend against legal disputes, to prevent or clear up criminal offences or for measures to manage business and further develop services and products.
3. on the basis of your consent (Article 6(1)(a) GDPR)
If you give us your consent to process personal data for certain purposes (e.g. for sending information, making offers, etc.), the legality of this agreement is given on the basis of your consent. A given consent can be withdrawn at any time. This also applies to the withdrawal of declarations of consent issued to us prior to the validity of the GDPR, i.e. before 25 May 2018. The withdrawal of consent is only effective for the future and does not affect the legality of the data processed until revocation.
Who gets my data?
Within my companies, those departments, which require your data to fulfil their contractual obligations and for billing and assertion of claims arising from the treatment will have access to your data.
Furthermore, personal data may be disclosed for the purpose of the contract for the manufacture, sale and provision of our products to other business partners necessary for this purpose, such as suppliers, logistics companies, credit agencies, debt registers and similar. Other data recipients are those entities for which you have given us your consent to the transfer of data or for which we are authorized to transfer personal data on the basis of a balancing of interests.
Is data transferred to a third country or to an international organisation?
In principle, no personal data is transferred to countries outside the European Union (so-called third countries), unless required by law (e.g. tax reporting obligations) or you have given your consent.
How long will my data be stored?
Me and my companies process and store your personal data as long as this is necessary to fulfil our contractual and legal obligations. If the data are no longer required for the fulfilment of the obligations, they are regularly erased, unless their – temporary – further processing is necessary for the following purposes:
- Fulfilment of commercial and tax storage obligations, which may arise, for example, from: German Commercial Code (Handelsgesetzbuch, HGB), German Fiscal Code (Abgabenordnung, AO). The periods for storage and documentation specified there are generally two to ten years.
- Preservation of evidence within the statutory limitation period. According to §§ 195 ff. of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is 3 years.
What data protection rights do I have?
Any data subject shall have the right of access pursuant to Article 15 GDPR, the right to rectification pursuant to Article 16 GDPR, the right to erasure pursuant to Article 17 GDPR, the right to restriction of processing pursuant to Article 18 GDPR, the right to object pursuant to Article 21 GDPR and the right to data portability pursuant to Article 20 GDPR. With regard to the right of access and the right to erase, the restrictions pursuant to §§ 34 and 35 BDSG apply. In addition, there is a right of appeal to a competent data protection supervisory authority (Article 77 GDPR read in conjunction with § 19 BDSG).
You can withdraw your consent to the processing of personal data at any time. This also applies to the withdrawal of declarations of consent issued to us prior to the validity of the GDPR, i.e. before 25 May 2018. Please note that the withdrawal will only take effect in the future. Processing that took place before the withdrawal is not affected by this.
Is there an obligation for me to provide data?
Within the framework of business relationships, you must provide those personal data which are necessary for the establishment, execution and termination of a business relationship and for the fulfilment of the associated contractual obligations, or those which we are legally obliged to collect. Without this information, we will generally not be able to enter into, execute or terminate a contract with you.
To what extent is there automated decision-making?
In principle, I and my companies do not use fully automated decision making in accordance with Article 22 GDPR for the establishment and implementation of business relationships. If we use these procedures in individual cases, we will inform you separately about this and about your rights in this regard, insofar as this is prescribed by law.
Information on your right of objection pursuant to Article 21 GDPR
Individual case-specific right of objection
You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data, which happens due to Article 6(1)(e) DSGVO (data processing in the public interest) and Article 6(1)(f) DSGVO (data processing on the basis of a balance of interests). This also applies to a profiling based on this provision within the meaning of Article 4 No. 4 GDPR.
If you object, I and my companies will no longer process your personal information unless we can establish compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, pursuing or defending legal claims.
Recipient of the objection
The objection can be made form-free with the subject “objection” stating your name, your address and your date of birth and should be addressed to: