Information pursuant to Art. 13/Art. 14 DS-GVO regarding the processing of your data and your rights under the EU General Data Protection Regulation
With these instructions, we inform you about the processing of your personal data and the rights to which you are entitled under the Privacy Policy. Which data is processed in detail and how it is used depends largely on the services provided and agreed upon.
Responsible entity for data processing and contact to the data protection officer:
Responsible entity for data processing:
JMS AG
Rainer-Haungs-Str. 42
77933 Lahr/Schwarzwald
GERMANY
Phone:+49 (7821) 99469-0
Fax:+49 (7821) 99469-100
You can reach our data protection officer at:
What data do we use and where do we get this data?
Basically, we process personal data that we receive from you as part of our initial business contact with you or ongoing business relationship. In addition, if necessary, we process personal data that we have received from third parties (such as credit bureaus) or from other sources where consent has been given by you to transfer data to us. We also process personal data that we may legitimately process from publicly available sources (e.g. commercial registers, press, media).
Relevant personal data are master data such as first name, name, address and communication data (e.g., telephone number, mobile phone number, e-mail address). In addition, these may also be pre-contractual initiation data, contract and order data, delivery and delivery data as well as credit rating data.
What are we processing your data for (purposes of processing) and on which legal basis is this done?
We process personal data in compliance with the EU General Data Protection Regulation (DS-GVO) and all other relevant laws:
1) For the fulfillment of contractual obligations (Article 6 (1b) DS-GVO)
The processing of personal data (Art. 4 No. 2 DS-GVO) takes place, for example, for the processing of orders, quotations and pre-contractual measures, provision of services, invoicing and delivery of goods. The purpose of the processing is primarily based on the service to be provided by us.
2) In the context of balancing of interests (Article 6 (1f) DS-GVO)
If necessary, we also process your data in order to safeguard the legitimate interests of us or third parties. This can e.g. be the case:
- ensuring IT security and IT operations including testing
- for the prevention and clarification of criminal offenses
- for statistical purposes
- for credit assessment with credit bureaus
- for the purpose of advertising
If we process your data in order to safeguard legitimate interests, you may object to this processing if your particular situation gives reasons that counter the processing of data.
Right of objection to direct mail/advertising:
You have the right to object to the processing of your personal data for direct marketing purposes.
3) On the basis of your consent (Article 6 (1a) of the DS-GVO, Art. 9 (2a) combined with Art. 7 DS-GVO)
Insofar as you have given us consent to the processing of personal data for specific purposes, the lawfulness of this processing is based on your consent. A consent once given can be revoked at any time. It should be noted that the revocation works for the future. Processing operations that were carried out prior to this revocation are unaffected.
4) Processing on the basis of legal requirements (Article 6 (1c) DS-GVO)
It may happen that we need to process your personal data in order to fulfill legal obligations. These include e.g. commercial and tax retention periods and, if necessary, information to authorities.
To whom are personal data passed on?
Data processing within the enterprise:
Certain data processing operations have been bundled in our company. These are handled centrally by specialized divisions. In this case, your data can be processed, for example, for telephone support or billing.
External contractors and service providers (processors):
In order to fulfill our tasks and the fulfillment of the contract, we sometimes use external contractors and service providers. These may include e.g. shredders, print service providers, logistics or IT service providers.
Other recipients:
In addition, data may go to recipients to whom we are required by law to disclose (e.g., law enforcement agencies and courts).
Duration of data storage:
If necessary, we process and store your personal data for the duration of our business relationship. This includes the initiation and execution of a contract or order. In addition, we are subject to various storage obligations, which may evolve from the Commercial Code. Finally, the retention period also follows the statutory limitation periods, which can generally amount to 3 years but also up to 30 years.
Data transmission to third countries:
A transfer of data to third countries (states outside the EU and the European Economic Area EEA) only takes place insofar as this is necessary for the execution of a contract/order/the business relationship including the initiation and only in compliance with the prescribed data protection requirements.
Rights of affected persons:
You are entitled to request information about the data stored about you via the contact details provided above (Art. 15 DS-GVO). In addition, under certain conditions, you may request the correction or deletion of your data (Articles 16 and 17 DS-GVO). You also have the right to restrict the processing of your personal data (Art. 18 GDPR). In addition, you have the right to return the data provided by you in a structured, common machine-readable format (Art. 20 DS-GVO).
Is there a duty to provide data?
As part of the initiation of a business relationship or ongoing relationship with us, you generally only need to provide the information we need to start, execute or terminate this relationship. Without the provision of the required data, we may not be able to start business with you or may be required to terminate the business relationship.
Right to appeal:
You have the right of complaining to the above-mentioned Data Protection Officer or the relevant Data Protection Authority.