Data Protection Business Partner Information

pursuant to Article 13 GDPR Rübig GmbH & Co KG

Since 25/05/2018, the EU General Data Protection Regulation (‘GDPR’) has been directly applicable and the Austrian Data Protection Act (‘DSG’) has come into force. The entry into force is also associated with extended information obligations. Accordingly, we as Rübig GmbH & Co KG, Schafwiesenstraße 56, A-4600 Wels (therefore the data controller according to the GDPR), would like to inform you about the data processing carried out by us with regard to the data of our business partners.

In the context of our business relationship, it is essential that personal data about business partners (i.e. customers, suppliers, interested parties and other business partners) are processed. These data are used by us in compliance with the EU Data Protection Regulation (GDPR) for the following purposes:

 

1. Managing business relationships with customers and suppliers

In the context of cooperation with business partners (these are customers, suppliers and other business partners), we process personal data for the following purposes:

  • Communicating with business partners about our products, services and projects, for example to process enquiries sent to and received from the business partner.
  • Processing and administration as well as maintenance of business relationships between us and the business partners, e.g. to process the ordering of products and services as well as to collect or settle payments.
  • Carrying out proper invoicing and cost accounting.
  • Carrying out credit checks.

The following data are processed by us in this regard:

  • Professional contact information such as name, professional contact address, professional telephone number and email address;
  • Payment data, such as information required to process payment transactions;
  • Other personal data, the processing of which is necessary for the initiation, processing and administration of (contractual) business relationships as well as maintenance of business relationships or which is provided voluntarily, such as orders, order details, enquiries made or project details, correspondence, other data on cooperation.

The processing of personal data is necessary for the above-mentioned purposes, including the fulfilment of a contractual relationship or a pre-contractual activity relating to the business partner. The legal basis for the data processing is Article 6(1)(a) (if consent has been given) or Article 6(1)(b) and (f) GDPR:

  • Processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures;
  • Processing is necessary to protect the legitimate interests of the controller or a third party.

Within the scope of the legal permission and insofar as it is necessary for the fulfilment of the contract, personal data will be passed on to other group companies or courts, authorities, law firms or other business partners (such as shipping or logistics partners for the execution and processing of orders) for the above purposes.

In addition, we commission processors (service providers) with the processing of personal data (for example within the framework of an IT support contract). These processors are contractually obliged to comply with the provisions of data protection law.

The recipients described may be located in countries outside the European Union (‘third countries’), in which the applicable law does not guarantee the same level of data protection as within the EU. In this case, data will only be transferred in accordance with the legal requirements if an adequacy decision has been issued by the European Commission for the third country, appropriate guarantees have been agreed with the recipient, the recipient participates in an approved certification system, binding internal data protection regulations exist in accordance with Article 47 of the General Data Protection Regulation or an exception exists in accordance with Article 49 of the General Data Protection Regulation.

 

2. Customer care, marketing or similar activities and events

As part of our customer care and marketing activities, we use personal data to initiate business with prospective or existing customers regarding our own range of products or services.

Marketing includes customer relationship management, the implementation of customer and prospect letters such as newsletters, the organisation of events and the implementation of other advertising campaigns.

The following data are processed by us in this regard:

  • Professional contact information such as name, professional contact address, professional telephone number and email address;
  • Data on orders and contracts placed;
  • Information collected from publicly available sources, information databases or credit agencies.

Data are not transferred to third parties. In addition, we commission processors (service providers) with the processing of personal data. These processors are contractually obliged to comply with the provisions of data protection law.

The data will be kept until the end of the third year after the last contact with us.

 

3. Conducting seminars and training courses for external parties

We conduct seminars / training courses on various topics for employees of our customers or interested parties either at our premises or at the premises of the customer / interested party. For the implementation of these continuing education events, lists of participants are kept and certificates and confirmations of participation are issued for the participants.

The following data are processed by us in this regard:

  • Professional contact information such as name, professional contact address, professional telephone number and email address;
  • The company they belong to and their role in that company;
  • Data on seminars and training courses completed, including certificates and training records.

Certificates and training attendance are transmitted directly to the client within the scope of contract fulfilment pursuant to Article 6(1)(b) GDPR.

Participant data are deleted 3 years after the end of a training course. Insofar as data must be retained for the billing of the controller’s services in accordance with tax and/or commercial law requirements, deletion will only take place after the expiry of these periods.

 

4. Data processing for the purpose of pursuing legal claims

If a judicial or extrajudicial dispute arises in connection with a visit to our website, or if a request is made to the management by a court of law or an authority to disclose personal data of visitors, the personal data required for the appropriate prosecution of legal claims will be passed on to lawyers, courts and authorities and stored in any case for the duration of the appropriate prosecution.

 

5. Storage period

Unless an explicit storage period is specified in the above-mentioned description of the individual processing activities or in the course of the collection of data (e.g. in the context of a declaration of consent), personal data will be deleted insofar as they are no longer required to fulfil the purpose for which they were stored and no legal storage obligations (e.g. storage obligations under commercial and tax law) or the assertion of legal claims stand in the way of deletion.

 

6. Data subject rights

You have the right

  • to request confirmation as to whether personal data are being processed by us and the right to information about these data.
  • to immediately request the correction of incorrect data concerning you and/or the completion of incomplete personal data.
  • to the deletion of your personal data.
  • to the restriction of processing.
  • to data portability.
  • to object to the processing of your data.

If the processing of your data is based on your consent, you have the right to revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation. To ensure an efficient response to such requests, we ask you to contact us at datenschutz[at]rubig[dot]com , in which case we will always ask you to provide proof of your identity, for example by sending an electronic copy of your ID.

In addition, you have the right to lodge a complaint with the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, dsb[at]dsb.gv[dot]at.