Contact person for interested parties, business customers and business partners
DATA PROTECTION INFORMATION FOR DATA SUBJECTS
In the following we inform you about the processing of your personal data, which we may process from contact persons at interested parties, business partners, etc., insofar as this is necessary or necessary for the implementation of pre-contractual measures or contract execution.
1. Name and contact details of the controller
The controller within the meaning of Art. 4 para. 7 GDPR for data processing in the context of communication with you is:
FireDos GmbH, Auf der Kaulbahn 6, DE-61200 Wölfersheim
Phone +49 6036 97 96-0, https://www.firedos.com
Contact details of the data protection officer
You can contact our Data Protection Officer (DPO) by post using the contact details given in section 1 (our address) with the addition ‘To the Data Protection Officer’. You can reach our data protection team (DPO and data protection coordinator) by email at datenschutz@firedos.de
2. Purposes and legal bases for the processing of your personal data
We process your personal data in accordance with the provisions of the European General Data Protection Regulation (EU GDPR) and the German Federal Data Protection Act (BDSG), insofar as this is necessary for the establishment, execution and fulfilment of a contract and for the implementation of pre-contractual measures.
Insofar as the provision of personal data is necessary for the initiation or execution of a contractual relationship or in the context of the implementation of pre-contractual measures, processing is lawful pursuant to Art. 6 para. 1 lit. b GDPR.
If you give us your express consent to process personal data for specific purposes (e.g. disclosure to third parties, evaluation for marketing purposes or advertising), the lawfulness of this processing is given on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. Any consent given can be revoked at any time with effect for the future (see section 9 of this data protection information).
If necessary and legally permissible, we process your data beyond the actual contractual purposes to fulfil legal obligations in accordance with Art. 6 para. 1 lit. c GDPR.
We process your data as an existing customer within the framework of the legally permissible requirements in accordance with Art. 6 para. 1 lit. f) GDPR in conjunction with Section 7 para. 3 UWG in order to send you direct advertising about our product offers and services. You can object to these advertising mailings at any time for the future. In addition, processing may be carried out to protect the legitimate interests of us or third parties in accordance with Art. 6 para. 1 lit. f GDPR. If necessary, we will inform you separately, stating the legitimate interest, insofar as this is required by law.
3. Description of the categories of personal data
We only process data that is related to the establishment of the contract or pre-contractual measures. This may be general data about you or persons in your company as well as any other data that you provide to us in the context of establishing the contract, such as
§ Contact data (surname, first name, e-mail address, telephone number, address data, contact type, fax number), communication content.
§ Address management and (e-mail) communication
Contract and order processing (services provided by XY GmbH) Contract data, communication and order content and other data that we receive from you as part of order processing
§ Data used for the assertion, exercise or defence of potential legal claims against you or against third parties
§ Customer management (sales system, CRM, service enquiries, support, etc.)
4. Origin of the data
We process personal data that we receive from you in the context of establishing contact or establishing a contractual relationship or in the context of implementing a contractual or order relationship, or which may have been provided to us by your employer as our customer and business partner. We work with data that you provide to us directly; in addition, we may receive data from other persons in your company or other business contacts.
5. Categories of recipients to whom the personal data has been or will be disclosed
Otherwise, data will only be passed on to recipients outside the company if this is permitted or required by law, if the transfer is necessary for processing and thus for the fulfilment of the contract or, at your request, for the implementation of pre-contractual measures, if we have your consent or if we are authorised to provide information. Under these conditions, recipients of personal data may be, for example:
5.1. Contract processors
If your personal data is processed on our behalf on the basis of order processing contracts in accordance with Art. 28 GDPR, we ensure that the processing of personal data is carried out in accordance with the provisions of the GDPR by concluding order processing agreements. The categories of recipients in this case are providers of internet service providers and providers of customer management systems and software.
5.2. Partner companies
We may transfer your personal data to companies affiliated with us, insofar as this is permitted within the scope of the purposes and legal bases set out in section 3 of this data protection information. In this respect, forwarding is also possible to our branch and operating facility in the USA
FireDos US Inc.
9000 Hempstead Rd Ste 280
Houston, TX 77008
United States of America
if the pre-contractual measures or execution of the contract require this with regard to the efficient cooperation desired by both contracting parties.
5.6. Sales representatives abroad and outside the EU and transfer to sales representatives in your country
If you send us an enquiry or order from abroad, it may be necessary for us to pass on your personal data to our sales representatives or sales partners in your country. This is done in order to process your enquiry efficiently and to ensure optimal order processing. The data will only be passed on to the extent necessary for this purpose. The legal basis for the transfer of data is our legitimate interest in the efficient and optimal processing of enquiries from interested parties or orders by local/local sales representatives in order to efficiently optimise the global distribution and sale of our products.
5.7. Other possible recipients
Under certain circumstances, recipients may also be institutions such as public prosecutors, police, supervisory authorities, tax authorities if there is a legal or official obligation.
5.8. Meetings and webinars via Microsoft Teams
We use Microsoft Teams as a platform for online meetings and webinars with contact persons at business customers, business partners and interested parties.
Purpose of the processing
Personal data is processed in order to conduct and organise online meetings and webinars as part of the business relationship or to initiate business relationships.
Processed data categories
The following personal data may be processed when using Microsoft Teams:
- Name, e-mail address, other contact details if applicable
- Communication content (e.g. chat or video conference contributions)
- Connection data (e.g. IP address, device information)
- Webinar content and recordings (video and audio)
Legal basis of the processing
Processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR if the meetings or webinars are necessary for the fulfilment of a contract or for the implementation of pre-contractual measures. In all other cases, processing is based on Art. 6 para. 1 lit. f GDPR (legitimate interest in efficient communication and cooperation).
Storage period
Personal data processed in the context of online meetings or webinars is only stored for as long as is necessary for the respective purpose. Chat histories or other communication content are not systematically stored.
Order processing by Microsoft
Microsoft Teams is provided as a software solution by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland. Microsoft acts as a processor within the meaning of Art. 28 GDPR. Storage location and processing takes place exclusively on Microsoft servers in the EU.
No data transfer to third countries
There is no transfer of personal data to third countries, in particular not to the USA.
Recording of meetings and webinars
Meetings and webinars are recorded on an ad hoc basis. If a recording or transcript is made, this will be communicated transparently in advance and only carried out with the prior consent of the participants. If you, as a webinar participant, do not wish to be recorded, please make this clear at the start of the webinar. Depending on the webinar content, it may then not be possible to participate in a free webinar. The recordings will be stored for 10 years and made available by us to the webinar participants by e-mail with a link to our website. The recording is only made with regard to the speaker, the participant contributions such as questions or comments in the chats or video and audio contributions of the participants are not recorded. The participants' microphone and camera functions will be permanently deactivated by the webinar leader / moderator.
6. Third country data transfer or transfer to an international organisation
Personal data will only be transferred to countries outside the EEA (European Economic Area) or to an international organisation if this is necessary for the processing and thus fulfilment of the contract or, at your request, for the implementation of pre-contractual measures, if the transfer is required by law or if you have given us your consent.
Any data transfer to commercial agents outside the EU will only take place if this is necessary for the implementation of pre-contractual or contractual measures in accordance with the provisions of Art. 49 para. 1 b) GDPR.
Subject to legal or contractual authorisations, we only process or have the data processed in a third country if the special requirements of Art. 44 et seq. GDPR, i.e. the processing is carried out, for example, on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to the EU or compliance with officially recognised special contractual obligations (so-called EU ‘standard contractual clauses’).
7. Deletion periods for the various data categories or criteria for storage
Once the purpose of the data processing no longer applies, the personal data will be deleted, at the latest after termination of the business relationship (storage limitation), unless statutory retention periods (e.g. commercial and tax law) prevent deletion or statutory limitation periods.
8. Rights of the data subject vis-à-vis the controller
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
Right of access
You can request information from the controller at any time as to whether and how your personal data is processed by us, taking into account the requirements of Art. 15 GDPR.
Right to rectification
Subject to the requirements of Art. 16 GDPR, you have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you is incorrect or incomplete.
Right to erasure (‘right to be forgotten’)
You have the right to obtain from the controller the erasure of your personal data and the right to be forgotten, subject to the requirements of Art. 17 GDPR.
Right to restriction of processing
You have the right to obtain from the controller restriction of processing in accordance with the requirements of Art. 18 GDPR.
Right to information
If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients in accordance with Art. 19 GDPR.
Right to data portability
Subject to the requirements of Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format.
Right to object
Insofar as your personal data is processed in accordance with Art. 6 para. 1 lit. f GDPR to protect legitimate interests, you have the right to object to the processing of this data at any time in accordance with Art. 21 GDPR for reasons arising from your particular situation. We will then no longer process this personal data unless we can demonstrate compelling legitimate grounds for the processing. These must outweigh your interests, rights and freedoms, or the processing must serve the assertion, exercise or defence of legal claims.
In individual cases, we process your personal data for direct marketing purposes. You have the right to object at any time to processing for the purpose of such advertising. This also applies to profiling insofar as it is associated with this direct advertising. If you object to processing for the purpose of direct marketing, we will no longer process your personal data for these purposes.
Right to revoke the declaration of consent under data protection law
If the processing of your personal data is based on Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, you have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
To exercise these rights, a data subject can contact us at any time - e.g. via one of the contact channels specified at the beginning of this data protection information.
Right to lodge a complaint with a data protection supervisory authority
Without prejudice to any other administrative or judicial remedy, a data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the GDPR.
Questions about data protection
If a data subject has any questions about the processing of data, they can also contact our data protection officer and our data protection team, ideally by email at datenschutz@firedos.de.