Art. 12 GDPR Transparent Information
We are aware of the importance of the personal data that you entrust to us. We understand it to be one of our paramount tasks to ensure the confidentiality of your data.
In accordance with the General Data Protection Regulation (GDPR), we want to fulfill our duty to inform when gathering personal data and inform you transparently about the kind, scope and purpose of the personal data gathered by us, as well as about your rights.
1. Contact Details of the Data Controller
The controller as defined by the EU General Data Protection Regulation (GDPR) is:
Aliseo GmbH
Leutkirchstraße 63
77723 Gengenbach
Telefon: +49 (0) 7803 60279 0
E-Mail: datenschutz@aliseo.de
The appointed Data Protection Officer is:
Herr Stephan Hartinger
Coseco GmbH
Telefon: +49 (0) 8232 80988 70
E-Mail: datenschutz@coseco.de
2. What sources are used for the gathering of personal data?
We process personal data that we receive directly from our customers in the course of our business relationship. Furthermore, we process personal data that we receive from companies, e.g., for fulfillment of orders, performance of contracts, or based on consent you have given.
Personal data that can be relevant to us are:
- Company name
- First name
- Last name
- Street
- Zip code/City
- Email address
- Phone number
In addition, it may become necessary to gather the date of birth in the context of sponsored projects.
2.1. New Customer Acquisition
To acquire new customers, we process personal data that we have legitimately received from publicly accessible sources (e.g., trade and association registers, media, social networks, internet) and which we are allowed to process.
2.2 Customer Contact Details
In the course of the initiation of business and during the business relationship, especially when you or one of our employees initiate contact in person, by telephone or in writing, further personal data arise, such as information about the contact channel, the date, reason and result of the contact, (electronic) copies of the correspondence, and information about participation in direct marketing measures.
2.3 Trade Fairs/Events
In the course of trade fairs/events, we gather data (salutation, title, first and last name, company name, street, zip code, city, email address, and if applicable, industry information) that we use for the purpose specifically agreed with you.
2.4 Credit Rating Information
Business credit rating documents: Income/expense statements, balance sheets, business analyses, kind and duration of self-employment. We furthermore process data, which we have permissibly received from a credit information bureau, for the purpose of a credit check.
3. For what purpose are your data processed (purposes) and on what legal basis?
We process the aforementioned personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and of the German Federal Data Protection Act (BDSG):
For the processing of personal data for which we obtain consent from the data subject, Art. 6(1)(a) GDPR serves as the legal basis.
For the processing of personal data that is required for the performance of a contract to which the data subject is a party, Art. 6(1)(b) GDPR serves as the legal basis. This regulation also covers processing that is required for the execution of pre-contractual measures.
Where processing of personal data is required for the fulfillment of a legal obligation that applies to our company, Art. 6(1)(c) GDPR serves as the legal basis.
If the processing has the purpose of protecting a legitimate interest of our company or of a third party and if the interests, civil rights and fundamental freedoms of the data subject do not override the interest mentioned first, Art. 6(1)(f) GDPR serves as the legal basis for the processing. Our company’s legitimate interest is the performance of our business activity.
4. Transfer of Data to Third Parties
Internal of our company, only the persons and office that require your personal data for the fulfillment of our contractual obligations and statutory duties receive these data.
We transfer data to third parties if we are required to do so for the fulfillment of a contractual obligation.
Beyond this, we transfer data only if there is a legal obligation to do so. This is the case when public institutions (e.g., law enforcement authorities) request information in writing, if a court order is presented, or if there is a legal basis permitting the transfer.
An additional transmission to third parties can occur to the relevant dealers within the scope of the contractual relationship.
5. Transfer of Data to Third Countries
We transfer personal data to service providers or companies affiliated in our corporate group to the following countries outside of the European Economic Area:
- USA
The data protection level is guaranteed for this as follows:
- Confirmation of appropriate level of data protection by the EU Commission
- EU standard contract clauses
- Binding company-internal data protection policies
6. Data Storage Duration/Deletion Periods
We process and store your personal data for as long as required for the fulfillment of our contractual obligations and achievement of the purposes named under Point 3 or as prescribed by legal retention periods.
When the data are no longer needed for the fulfillment of contractual or statutory obligations, they will be blocked from further processing or deleted in the normal case and in accordance with the legal regulations.
7. Data Privacy Rights of Data Subjects
You can write to us at any time if you have questions about your personal data.
Pursuant to the GDPR, you have the following rights:
The right to obtain confirmation (sub-point of Art. 15 GDPR)
The right to rectification (Art. 16 GDPR)
The right of erasure (Art. 17 GDPR)
The right to restrict the processing (Art. 18 GDPR)
The right of data portability (Art. 20 GDPR)
The right to object (Art. 21 GDPR)
Right to lodge a complaint with the data protection supervisory authority (Art. 77 GDPR in conjunction with Sec. 19 BDSG)
Right to revoke consent under data protection regulations (Art. 7(3) GDPR)
8. Legal or Contractual Terms on the Provision of Personal Data and Possible Consequences of Withheld Provision
We hereby inform you that in certain cases the provision of personal data may be prescribed by law (e.g., tax regulations) or can result from contractual terms (e.g., details of the contractual partner). For example, it may be required for the closing of a contract that the data subject/contract partner has to provide their personal data so that their concern (e.g., order) can be processed by us in the first place. An obligation to provide personal data results foremost from contract closings. If no personal data are provided in that case, the contract with the data subject cannot be concluded. Before the data subject provides personal data, the data subject can contact our Data Protection Officer or the controller of the data processing. The Data Protection Officer or the controller of the processing will then inform the data subject on whether the provision of the needed personal data is prescribed by law or required for the closing of the contract, and whether an obligation to provide the personal data arises from the data subject’s concern, and what the consequences of not providing the requested data will have on the data subject, respectively.
9. Existence of Automated Decision-Making (Including Profiling)
We, as a responsible company, forego automated decision-making or profiling in our business relationships.