Data Protection Information

With this data protection notice, we would like to inform you about the processing of your personal data by NORDMEYER TECHNOLOGIES GmbH and the rights to which you are entitled as a data subject under the new EU General Data Protection Regulation (GDPR) and the new German Federal Data Protection Act (BDSG) from 25 May 2018.

Controller for the processing of your personal data

NORDMEYER TECHNOLOGIES GmbH
Windmühlenbergstr. 20-22
38259 Salzgitter
Phone: +49 5341 302-300
Fax: +49 5341 302-719
Email: info[at]nordmeyer.de

Data Protection Officer

You can reach our data protection officer at

Niklas Hanitsch
c/o Secjur GmbH
Steinhöft 9
20459 Hamburg
Email: dsb[at]secjur.com

Purposes and legal basis of data processing

We process your personal data exclusively in accordance with the legal requirements of the EU General Data Protection Regulation (GDPR), the new German Federal Data Protection Act (BDSG) and any relevant sector-specific laws. We therefore only process your data if there is a contractual basis for this, if you have given us your consent to process the data or if a law permits or obliges us to process your data.

Data processing for the purpose of fulfilling a contract or implementing pre-contractual measures

We process your personal data, which you have provided to us on the registration form/order form, insofar as this is necessary for the conclusion of the contract, the fulfilment of the contract and the termination of the contractual relationship. In addition to the data relating to the service you have ordered or the goods you have ordered, this includes your first name, your surname, your customer number and your address. We also process your address and/or your telephone or mobile phone number and/or your email address, insofar as you have provided these to us for this purpose, in order to enable proper contract processing and to be able to contact you as quickly as possible, for example in the event of queries or problems. The legal basis for data processing for the fulfilment of a contract and the implementation of pre-contractual measures is generally Art. 6 para. 1 lit. b GDPR.

Data processing for the purpose of safeguarding the legitimate interests of the controller or a third party

We also process your data if this is necessary to protect our legitimate interests or the legitimate interests of a third party. The processing carried out by us on the basis of a legitimate interest regularly includes direct advertising for our own products, the compilation of internal statistics, the investigation of criminal offences and measures to ensure the proper operation of our IT infrastructure. The legal basis for data processing to protect the legitimate interests of the controller or a third party is Art. 6 para. 1 lit. f GDPR.

Data processing to fulfil a legal obligation

We also process your data if this is necessary to fulfil a legal obligation to which we are subject. The obligations to be fulfilled by us include, in particular, retention obligations under tax and commercial law. The legal basis for processing to fulfil a legal obligation is Art. 6 para. 1 lit. c GDPR in conjunction with the relevant legal standard.

Data processing on the basis of consent and for other purposes

We may also process your personal data if you have given your express consent for this (see Art. 6 para. 1 lit. a GDPR). In these cases, we will provide you with additional data protection information separately as part of the consent procedure. You can revoke your consent at any time using the contact details above. If we process your personal data in the future for other purposes not listed in this data protection notice, we will inform you of this separately in accordance with the legal requirements.

Categories of recipients of the personal data

Data processing within the corporate group

As part of our administrative activities and the fulfilment of the contract, it may be necessary for us to transfer your personal data to the company in our group of companies involved in the respective data processing task.

External service providers

Our external service providers who carry out data processing on our behalf are contractually obliged within the meaning of Art. 28 GDPR to treat personal data in accordance with the applicable regulations. Insofar as these companies come into contact with your personal data, we have taken legal, technical and organisational measures and carried out regular checks to ensure that they comply with the provisions of data protection laws.

Authorities

We may make your personal data available to the authorities if this is required as part of our statutory reporting obligations.

Data transfer to a third country

In principle, we do not transfer your personal data to a third country or to an international organisation outside the European Economic Area (EEA). If we do transfer data in individual cases, we will only do so to third countries for which an adequacy decision has been issued by the European Commission or whose level of data protection has been confirmed by suitable or appropriate guarantees (e.g. Binding Corporate Rules or EU standard contractual clauses).

Duration of data storage

We only store your personal data for the period for which it is required for the above-mentioned purposes and for the period in which we potentially have to expect the assertion of legal claims against us. The statutory limitation period for such claims can be between three and thirty years in individual cases. In addition, we store your personal data insofar as we are obliged to do so within the framework of the statutory obligations to provide evidence and retain records (e.g. in accordance with the German Commercial Code, the German Fiscal Code or the German Money Laundering Act). The statutory retention periods can be up to ten years. Furthermore, in exceptional cases there may be special obligations to provide evidence that make it necessary to store your personal data for a longer period of time.

Rights of the data subjects

As a data subject, you have the following rights pursuant to Art. 15 et seq. GDPR, you have the following rights vis-à-vis us:

Right to information

You have the right to request information from us as to whether we are processing personal data concerning you. If this is the case, you have the right to request information from us about this personal data.

Right to rectification

You have the right to request that we rectify any inaccurate personal data concerning you.

Right to erasure

In certain cases, you have the right to demand that we erase personal data concerning you without undue delay.

Right to restriction of processing

In certain cases, you have the right to demand that we restrict processing.

Right to data portability

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format.

Right to object to processing

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR. If we use your data for direct advertising, you can object to this at any time.

Right of cancellation

If you have given us your consent to use your personal data, you can revoke this at any time.

Data protection supervisory authority

You also have the option of complaining to the data protection supervisory authority about our processing of your personal data. The competent data protection supervisory authority is:

The State Commissioner for Data Protection of Lower Saxony
Prinzenstraße 5
30159 Hannover

If you have any further questions or comments, please feel free to contact us or our data protection officer at any time.