Information on how we process your data as customer/prospect or supplier
This is to inform you on how we, ebm-papst Mulfingen GmbH & Co. KG, process your personal data and what your rights are in keeping with the European data protection regulation.
Who is responsible for data processing, and who is our data protection officer?
Responsible for data processing is:
ebm-papst Mulfingen GmbH & Co. KG
74673 Mulfingen / Germany
Phone: +49 (0)7938 81-0
Fax: +49 (0)7938 81-110
Our data protection officer can be reached at: Datenschutzfirstname.lastname@example.org.
Which data categories do we use and where are they from?
We generally ask you directly to supply your personal data when entering into a business relationship with you or when you inform us of your interest in our services and products.
This data is needed for doing business and offering our services. The categories of personal data we process include
- Master data to implement and fulfill our services (e.g. name and address, e-mail, phone number, login data for online services)
- Data in the context of payment transactions
- Correspondence (e.g. by letter or e-mail)
- Marketing and sales data (e.g. inviting you to trade shows or informing you on new and possibly interesting offers)
- Data related to the operation of our products (user, location, mobile number/IP address)
What purpose is served and what legal basis is complied with in our processing of your data?
We process your personal data in strict accordance with the EU General Data Protection Regulation (GDPR), our national data protection laws as well as any other laws pertaining to the protection of your data. In doing so, we pay special attention to the following key legal regulations and directives:
- Art. 6. 1 lit. a GDPR for processing personal data with the consent of the person affected.
- Art. 6. 1 lit. b GDPR for the necessary processing of personal data to fulfill a contract with the person and too carry out any action aimed at but prior to such contract being established.
- Art. 6. 1 lit. c GDPR for the necessary processing of personal data to comply with legal obligations we as a company must observe and are bound to.
- Art. 6. 1 lit. f GDPR for the necessary processing of personal data to protect the legitimate interests of us or third parties if the fundamental freedom and rights as well as the legitimate interests of the person in question do not outweigh this. Legitimate interests include, in particular, our commercial interests to be able to run our website, information safety, your information as a customer or prospect, the enforcement of own legal claims and compliance with other legal provisions.
First and foremost, data processing is done to fulfill a contract or in the context of a legitimate interest.
Who gets your data?
Within our company, your personal data is made accessible only to those people or departments (e.g. Marketing, Sales, Customer Service, Purchasing) requiring them in the proper course of their duties and services (e.g. sending out product information and catalogs, inviting you to fairs or trade shows, processing your orders or ordering supplies from you, etc.). Insofar as third parties are involved in these processes, your personal data is made available to them only to the specific extent necessary for them to carry out and fulfill their respective tasks and functions.
What data protection rights can you as data subject exercise?
You are entitled to demand information on your stored personal data by contacting our data protection offices at the address given above. In addition to this and under special conditions, you may also demand the correction or elimination of your data. You have a right to object to your personal data being processed without having to cite any specific reasons. You may also exercise your right to limit processing of your personal data as well as to demand the data you provided being released to you in a structured, conventional and machine-readable format (data portability).
Where can you lodge a complaint?
You may address your complaint to our above-mentioned data protection officer or an independent data protection supervisory authority.
How long do we store your data?
We delete your personal data as soon as we no longer need them for the purposes stated above. However, legal provisions concerning accountability and retention of data as evidence, as stipulated in the Commercial Code and the Tax Code may result in storage times of up to ten years.
Are your data transmitted to third countries?
In case we transmit personal data to service providers or group companies outside the European Economic Area (EEA), any such transmission will only take place if the third country has been approved by the EU commission to have adequate data protection levels or if there are any other appropriate data protection guaranteed (e.g. binding inter-company data protection regulation or standard EU contract clauses).
For further information, simply look up our data protection statement at www.ebmpapst.com.