In the following we inform you in accordance with the General Data Protection Regulation (GDPR) about the processing of your personal data (hereinafter referred to as “data”) in connection with your business relationship with SPIE, and explain your rights in this context.
1. Controller as defined by the GDPR
SPIE Pulte GmbH & Co. KG
Obere Illbach 2-4
(hereinafter: “we”, “our”)
2. Data protection officer
You can reach our data protection officer by emailing email@example.com.
3. Processing of your data
a. Managing customers, business partners and interested parties
For the purpose of managing our customers, business partners and interested parties, we will process the information about your company (in particular its address, branches if applicable, authorised representatives and their contact details; hereinafter: “company data”) as well as information about the respective contact persons (in particular their name, position, professional contact information; hereinafter: “contact details”) and any communication with you.
We use this data for correspondence with you and in order to reach the appropriate contact person when you contact us; to process your enquiries appropriately; and to maintain our business relationship.
The legal basis is Art. 6(1) (b) GDPR, if and insofar as the processing is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract, for example in connection with the offer phase prior to the potential conclusion of a contract or similar. Otherwise, the legal basis is our legitimate interest in efficiently managing the data of our business partners and maintaining contacts, in accordance with Art. 6(1) (f) GDPR. We will store the data for the duration of the business relationship. We erase the data of interested parties 6 months after the last contact, provided that there is no other legal basis for retaining the data.
b. Contract management and billing
We will process the data required in connection with the contractually owed scope of services, in particular to conduct business relationships, to conclude contracts, to process orders, for deliveries and services, and to carry out analyses and evaluations.
For billing purposes, we record information about offers, orders, services rendered and invoice items as well as bank details. Contact details may also be processed in this context. The legal basis is Art. 6(1) (b) GDPR. We will store the data for the duration of the business relationship, but at least as long as required in order to meet our legal and accounting obligations.
c. Controlling and reporting
We will also use your information on orders, services rendered and invoice items for internal cost accounting and results accounts, controlling, and internal reporting, which serves our corporate management and planning purposes. The legal basis for this is Art. 6(1) (f) GDPR.
d. Commercial use, marketing, surveys
We will use your company data and contact details and, if applicable, other details about previous orders in order to send you relevant information about our services (e.g. news, promotions and offers) and surveys by email or post.
Especially at events and trade fairs, we collect your contact details for advertising purposes. We also occasionally conduct surveys to improve our services at trade fairs.
Depending on the advertising measure, the legal basis is either your consent (Art. 6(1) (a) GDPR) or our legitimate interest in sending you advertising, for example in the case of advertising to existing customers, postal advertising, or surveys at trade fairs (Art. 6(1) (f) GDPR).
You may object to direct advertising on the basis of a legitimate interest at any time and withdraw your consent at any time (see section 5).
In principle, only we process the personal data collected from you. We will only transfer your data to third parties if we are legally obliged to do so (Art. 6(1) (c) GDPR) or in order to safeguard your or our interests or to fulfil our contractual obligations, for example by involving external service providers as well as consultants and auditors.
External service providers are bound by instructions and will receive your data only to the extent and for the period of time required to provide the service. We always conclude agreements with our external consultants and auditors in order to ensure the confidentiality of all information.
Your data may be passed on to the following recipients in particular: Group companies, IT service providers (e.g. for customer data management or for sending newsletters), subcontractors (e.g. when carrying out services contractually agreed with you), waste disposal service providers, authorities and offices, banks.
If your data is transferred to a country outside the EU (a “third country”), we will ensure an adequate level of data protection, either contractually or otherwise, in particular by means of appropriate safeguards (e.g. certification under the EU-US Privacy Shield or the conclusion of EU Standard Contractual Clauses).
We work with our Group companies (see list) and exchange personal data in the context of providing our services in order to carry out processing operations on each other’s behalf. We and our Group companies are joint controllers pursuant to Art. 26 GDPR, meaning we are jointly responsible for your personal data in the context of central contact management as part of our customer relationship management (CRM). The joint purpose is the central and efficient management of business contacts within the SPIE Group. This may involve your contact details in particular being processed in central systems used by all Group companies.
In this respect, we have concluded agreements within the Group to determine which of us fulfils which data protection obligations. Your rights as described in section 5 also apply in relation to our Group companies, insofar as these companies perform the data processing.
The legal basis of the processing is Art. 6(1) (b) GDPR, if and insofar as the processing is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract. Otherwise, the legal basis is our legitimate interest in efficiently managing the data of our business partners and maintaining contacts, in accordance with Art. 6(1) (f) GDPR.
5. Your rights
You have the right to know at any time whether we process your personal data, as well as a right of access to such personal data. If data stored by us is incorrect or no longer up to date, you have the right to have this data rectified. You may also demand that your data be erased. You may also have the processing of your personal data restricted, if for example you have doubts as to the accuracy of the data. You also have the right to data portability.
You have the right to object, on grounds relating to your particular situation, to processing of your data which is based on our legitimate interest. In addition, you have the right to object to the promotional use (“direct marketing”) of your data at any time. In this case, your personal data will no longer be processed for these purposes.
Furthermore, you have the right to withdraw your consent to the processing of your data at any time (Art. 7(3) GDPR). The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
You also have the right to lodge a complaint with our competent data protection supervisory authority.
In order to assert your rights described here, you can contact us at any time using the contact details provided.