Privacy policy
With this privacy policy, we would like to inform you of the processing of your personal data by Lanico Maschinenbau Otto Niemsch GmbH, as well as your rights as an affected person according to the new EU General Data Protection Regulation (GDPR) and the new Federal Data Protection Act (BDSG), from 25 May 2018.
Person responsible for the processing of your personal data
KSM Klingner und Siegmund Maschinenbau GmbH
Broitzemer Str. 25-28
38118 Braunschweig
Telefon: 0531/809060
Fax: 0531/8090627
ksm-info@lanico.de
Purposes and legal basis of data processing
We process your personal data exclusively in accordance with the legal requirements of the EU General Data Protection Regulation (GDPR), the new Federal Data Protection Act (BDSG) as well as any relevant sector-specific laws. Therefore, we process your data only if there is a contractual basis, you have given us your consent for the processing of data, or a law allows or necessitates the processing of your data.
Data processing for the purpose of fulfilment of a contract or the implementation of pre-contractual measures
We process your personal data that you have supplied to us to the extent necessary for the conclusion of the contract, the performance of the contract and the termination of the contractual relationship. This includes the data of the services contracted by you or goods ordered by you, your first name, your last name, your customer number, your address and your account data.
In order to enable your contract to be properly processed and to be able to contact you, for example in case of any questions or problems, as soon as possible, we process your address and/or your telephone or mobile phone number and/or your e-mail address, insofar as you have provided it to us for this purpose.
The legal basis for the data processing for the fulfilment of a contract and the implementation of pre-contractual measures is usually art. 6 Para. 1 lit. b GDPR.
Data processing for the purpose of safeguarding the legitimate interests of the controller or a third party
We may also use your personal data to the extent necessary to protect our legitimate interests or the legitimate interests of a third party. Legitimate interests for the processing carried out by us on a regular basis include direct advertising for our own products, the creation of internal statistics, the investigation of criminal offences, as well as measures to ensure the proper operation of our IT infrastructure.
The legal basis for data processing in order to protect the legitimate interests of the controller or a third party is art. 6 Para. 1 lit. f GDPR.
Data processing for compliance with a legal obligation
In addition, we process your data if necessary to fulfil a legal obligation to which we are subject. Legal obligations that must be fulfilled include, in particular, the tax and commercial law retention obligations.
The legal basis for the processing for compliance with a legal obligation is art. 6 Para. 1 lit. c GDPR in conjunction with the relevant legal standard in each case.
Data processing on the basis of a consent and for other purposes
Also, if necessary, we may process your personal data as far as you have issued an explicit consent (cf. 6 Para. 1 lit. a GDPR). In these cases, we will provide you with additional data protection legal information as part of the consent procedure separately. You can revoke your consent at any time under the aforementioned contact details.
If we use your personal data in the future for other purposes not listed in this privacy policy, we will notify you about this process, if necessary, in accordance with the legal requirements separately.
Categories of recipients of the personal data
Data processing in the Company Group
In the context of our administration and the execution of the contract, it may be necessary that we pass on your personal data to companies tasked with the respective data processing task within our company group. Your address and/or your telephone or mobile phone number and/or your e-mail address will be used for the processing of inquiries, offers and orders to the following companies in our group:
Lanico Maschinenbau Otto Niemsch GmbH
External service providers
Our external service providers, who process data on our behalf, are as per art. 28 GDPR contractually obliged to ensure that the personal data is handled according to the applicable regulations. As far as these companies come into contact with your personal data, we have ensured through legal, technical and organisational measures as well as regular checks that they comply with the provisions of the data protection laws. We currently use the following types of service providers with regard to the processing of your data: Accountants, tax consultants, shredding, banks and credit agencies.
Authorities
We will forward your personal data to the authorities if necessary, if this is required in the context of our legal duty of notification.
Data transfer to a third country
In principle, we will transfer your personal data to a third country or an international organisation outside the European Economic Area (EEA). In individual cases, if we should make such a transfer, it shall be done only in such third countries for which there is an adequacy decision of the European Commission, or their level of data protection has been confirmed by means of suitable or appropriate guarantees (e.g. Binding Corporate Rules or EU standard contractual clauses).
Duration of data storage
We store your personal data only for the duration for which it is required as part of the aforementioned purposes as well as for the period in which we must potentially expect the assertion of legal claims against us. The statutory limitation period for such claims can, in individual cases, be between three and thirty years.
In addition, we store your personal data as far as we are obligated to do so within the context of the legal proof and retention obligations (e.g. according to commercial law, tax law book or the Money Laundering Act). The statutory retention periods can be up to ten years. In addition, in exceptional cases, special proof obligations may exist, which necessitate the storage of your personal data over a longer period.
Rights of the affected persons
As an affected person according to art. 15 ff. GDPR, you have the following rights against us:
Right to information
You have the right to demand information from us as to whether we process personal data concerning you. If this is the case, you have the right to request information about this personal data with us.
Right to correction
You have the right to demand from us the correction of any inaccurate personal data concerning you.
Right to delete
In certain cases, you have the right to demand from us that personal data concerning you be deleted immediately.
Right to restriction of processing
In certain cases, you have the right to demand from us the restriction of the processing.
Right to data transferability
You have the right to access personal data concerning you, which you have provided to us, in a structured, common and machine-readable format.
Right to object to the processing
You have the right for reasons related to your specific situation to object at any time to the processing of personal data concerning you that takes place on the basis of art. 6 Para. 1 lit. e or f GDPR. If we use your data for direct marketing, you can object against this at any time.
Right of revocation
Insofar as you provide us with your consent to the use of personal data, you can revoke this at any time.
Data Protection Supervisory Authority
You also have the option of complaining to a data protection supervisory authority about our data processing of your personal data. The respective data protection supervisory authority is:
The State Commissioner for Data Protection Lower Saxony
Prinzenstraße 5
30159 Hanover, Germany
Should you have any further questions or comments, please do not hesitate to get in touch with us or our data protection officer at any time.
Date: 24/05/2018