Information pursuant to Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR)

The responsible party is:

Glas Trösch Euroholding AG & Co. KGaA
Felix u. Nabor-Straße 8,
D-79189 Bad Krozingen
Phone: +49 (7633) 9521 682 (Ivo Backs)
eMail: datenschutz(at)glastroesch.de

You can contact our company data protection officer at:

Martina Pscheidt
Glas Trösch Euroholding AG & Co. KG aA
c/o Benzstr. 13, D-89079 Ulm
Phone: +49 731 4096-218
eMail: datenschutz(at)glastroesch.de

We process personal data you have provided during the course of our business relationship.

In addition, and to the extent necessary for the provision of our services, we process personal data that we have legitimately received from other companies or from other third parties (e.g. for the execution of orders, for the fulfilment of contracts or on the basis of a consent given by you).

On the other hand, we process personal data that we have legitimately obtained and may process from publicly accessible sources (e.g. debtor registers, land registers, commercial and association registers, press, media).

Relevant personal data include personal data (name, address and other contact data, date and place of birth, nationality), identification data (e.g. ID data) and authentication data (e.g. signature sample). In addition, this may include order data (e.g. delivery order), data from the fulfilment of our contractual obligations (e.g. sales data, credit lines, product data, etc.), advertising and sales data, contract and documentation data (e.g. business letters), register data, payment transaction data (account number, bank details), communication data (telephone number,.., e-mail address etc.), data about your use of our offered telemedia (e.g. time of calling up our websites, apps or newsletters, pages clicked on by us or entries) as well as other data comparable with the categories mentioned.

We process personal data in accordance with the provisions of the European Data Protection Regulation (GDPR):

 a)    For the fulfilment of contractual obligations (Art. 6 Paragraph 1 lit. b) GDPR)

The processing of personal data (Art. 4 No. 2 GDPR) takes place for the provision of services, delivery of goods, in particular for the execution of our contracts with you and the execution of your orders, as well as all activities necessary for the operation and administration of a company.

The purposes of data processing depend primarily on the specific products or services (e.g. recording of address data to ensure delivery to the desired location or recording of account data to process direct debits and credit notes as a result of the delivery or service).

b)    Within the framework of balancing of interests (Art. 6 Para.  1 lit. f) of the GDPR)

If necessary, we process your data beyond the actual performance of the contract to protect our own or a third party’s legitimate interests. Examples:

• Review and optimisation of procedures for requirement analysis and direct customer approach;
• Advertising or market and opinion research, as long as you have not objected to the use of your data;
• Enforcement of legal claims and defence in legal disputes;
• Ensuring IT security and operation;
• Prevention and investigation of criminal offences;
• Video surveillance to collect evidence in the event of criminal offences or to increase security in hazardous areas. They therefore serve to protect customers and employees.
• Measures for building and system security (e.g. access controls);
• Measures to secure domiciliary rights;
• Measures for business management and further development of services and products.

c)    Based on your consent (Art. 6 Para. 1a of the GDPR)

If you have given us your consent to process personal data for certain purposes (e.g. passing on data to third parties, evaluation of data for marketing purposes), the lawfulness of this processing is given on the basis of your consent. A given consent can be revoked at any time.

Please note that the revocation will only take effect in the future. This does not affect processing that took place before the revocation.

d)    Based on legal requirements (Art. 6 Para. 1 lit. c) of the GDPR) or in the public interest (Art. 6 Para. 1 lit. e) of the GDPR)

In addition, we are subject to various legal obligations, i.e. legal requirements (e.g. commercial law, tax law, customs law, competition law, etc.). As far as data are processed in this respect, this is done exclusively on the basis of these regulations.

Within the company, your data will be received by the departments which require them to fulfil our contractual and legal obligations. Contractors used by us (Art. 28 of the GDPR) may also receive data for these purposes. These can include companies in the categories IT services, logistics, debt collection, advisory services, marketing and consulting.

With regard to the transfer of data to recipients outside the company, please note that we will only pass on your data if this is permitted or required by law, if you have given your consent or if we are authorised to provide information. Under these conditions, recipients of personal data may include, for example:

• public authorities and institutions (e.g. public prosecutors, police, supervisory authorities, auditors) in the event of a legal or official obligation.
• Other companies to which we transfer personal data in order to carry out the business relationship with you (depending on the contract: e.g. banks, credit agencies, suppliers, commercial agents).

Other recipients of data may be those bodies for which you have given us your consent to the transfer of data.

If necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation and execution of a contract or to fulfil the contractual purposes.

In addition, we are subject to various storage and documentation obligations arising from commercial law (HGB, OR, etc.), tax law (e.g. AO) or employment law. The periods for storage and documentation specified there are usually between two to ten years but can also go well beyond this in individual cases.

Finally, the storage period is also determined according to the statutory limitation periods.

Data transmission to third countries (countries outside the European Economic Area (EEA)) takes place for the purpose of securing data in our server rooms in Bützberg and Oftringen within the Glas Trösch Group, so that in the event of a failure or an attack on our IT systems we can return to our delivery and performance obligations as quickly as possible. Otherwise, data transmission will only take place if this is necessary for the execution of your orders (e.g. payment orders), is required by law or if you have given us your consent. We will inform you separately about details, if required by law.

Any data subject has the right of information under Article 15 of the GDPR, the right to correction under Article 16 of the GDPR, the right to erasure under Article 17 of the GDPR, the right to limitation of processing under Article 18 of the GDPR and the right to data transferability under Article 20 of the GDPR. The restrictions according to §§ 34 and 35 of the Federal Data Protection Act (BDSG) apply to the right to information and the right to erasure. In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 of the GDPR in conjunction with § 19 of the BDSG).

In the context of our business relationship you only have to provide those personal data which are necessary for the establishment, execution and termination of a business relationship or which we are legally obliged to collect. Without these data we will usually have to refuse the conclusion of the contract or the execution of the order or we will no longer be able to execute an existing contract and may have to terminate it.

In particular, we may be obliged under the provisions of the Money Laundering Act to identify you on the basis of your identity card, for example, and to collect your name, place of birth, date of birth, nationality and address before establishing the business relationship. Further obligations may arise, for example, from the legally prescribed export control (e.g. review of sanction lists). In order for us to comply with this legal obligation, you must provide us with the necessary information and documents in accordance with the Money Laundering Act and notify us immediately of any changes arising in the course of the business relationship. Following the export control, however, so-called end-use declarations (Statement of End Use) may become necessary. If you do not provide us with the necessary information and documents, we may not establish or continue the business relationship you have requested.

In principle, we do not use fully automated decision making in accordance with Art. 22 of the GDPR for the establishment and implementation of the business relationship. Should we use these procedures in individual cases, we will inform you separately, insofar as this is required by law.

We process some of your data automatically with the aim of evaluating certain personal aspects (profiling). For example, we may apply profiling in the following cases:

We apply scoring for private customers and rating for corporate customers when assessing your creditworthiness (payment terms, payment breaks, instalment payments). We then calculate the probability with which a customer will meet his payment obligations in accordance with the contract. The calculation may include, for example, income, expenses, existing liabilities, occupation, employer, length of employment, payment behaviour (e.g. account transactions, balances), experience from the previous business relationship and information from credit agencies. For corporate customers, additional data such as industry, annual results and financial circumstances are also included. Both scoring and rating are based on mathematically and statistically recognised and proven methods. The calculated score values and credit ratings support us in decision-making within the scope of product contracts and are included in ongoing risk management.

1. Right to objection on a case-by-case basis

You have the right to object at any time to the processing of personal data concerning you on the basis of Article 6(1)(e) of the GDPR (data processing in the public interest) and Article 6(1)(f) of the General Data Protection Regulation (data processing on the basis of a balance of interests) for reasons arising from your particular situation; this also applies to profiling based on this provision within the meaning of Article 4(4) of the GDPR, which we use for credit assessment or for advertising purposes.

If you object, we will no longer process your personal data, unless we can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

2. Right of objection to the processing of data for direct marketing purposes

In individual cases we will process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct advertising.

If you object to the processing for direct advertising purposes, we will no longer process your personal data for these purposes.

The objection can be made informally and should be addressed to:

Glas Trösch Euroholding AG & Co. KGaA
Felix u. Nabor-Straße 8,
D-79189 Bad Krozingen
Phone: +49 (7633) 9521 682 (Ivo Backs)
eMail: datenschutz(at)glastroesch.de