Data protection information for customers

Responsible is:

Materna Information & Communications SE
Robert-Schuman-Straße 20
44263 Dortmund

You can contact our data protection officer:

Materna Information & Communications SE
In person/confidential to the data protection officer
Robert-Schuman-Straße 20
44263 Dortmund
E-mail: [email protected]

If you have an enquiry, request a quote from us or conclude a contract with us, we process your personal data. In addition, we also process your personal data to fulfil legal obligations, to protect a legitimate interest or on the basis of your consent.

Depending on the legal basis, the following categories of personal data are involved

• First name, surname
• gender
• your address
• Communication data (telephone, e-mail address)
• Date of birth
• Contract master data, in particular contract number, term, cancellation period, type of contract
• Billing data/turnover data
• Creditworthiness data
• Payment data/account information
• Account information, in particular registration and logins
• Video or image recordings

In the course of contract initiation, we also use data provided to us by third parties. Depending on the type of contract, the following categories of personal data are involved:

• Information on creditworthiness (via credit agencies)

We process personal data that we receive from our customers, service providers and suppliers.

We also receive personal data from the following organisations:

• Credit agencies
• Publicly accessible sources: Commercial or association registers, debtor directories, land registers, business networks
• Other group companies

We process your personal data in particular in compliance with the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) as well as all other relevant laws.

On the basis of your consent (Art. 6 para. 1 a GDPR)

If you have given us your voluntary consent to the collection, processing or transfer of certain personal data, this consent is the legal basis for the processing of this data in accordance with Art. 6 para. 1 lit. a) GDPR.

In the following cases, we process your personal data on the basis of your consent:

• Sending an email newsletter
• Personalised newsletter tracking
• Market research (e.g. customer satisfaction surveys)
• Marketing and advertising creation of customer profiles
• Publication of a customer reference (name and picture)

For the fulfilment of a contract (Art. 6 para. 1 b GDPR)

If you conclude a contract with us as a natural person or consumer, we use your personal data to fulfil the customer order. Within this contractual relationship, we will process your data in particular to carry out the following activities

• Contract-related contact
• contract management
• Ongoing customer support
• Service centre
• Exercise of warranty claims
• Claims management
• Contract termination management

Further information on the purposes of data processing can be found in the respective contract documents and General Terms and Conditions.

For the fulfilment of legal obligations (Art. 6 para. 1 c GDPR)

As a company, we are subject to various legal obligations. It may be necessary to process personal data in order to fulfil these obligations.

• Control and reporting obligations
• Creditworthiness, age and identity checks
• Prevention/defence against criminal acts

On the basis of a legitimate interest (Art. 6 para. 1 f GDPR)

In certain cases, we process your data to protect our legitimate interests or those of third parties.

• Direct advertising or market and opinion research
• Central customer data management within the Group
• Measures for building and plant security
• Video surveillance to safeguard domiciliary rights
• Consultation of and data exchange with credit agencies to determine creditworthiness and default risks
• Ensuring IT security and IT operations
• To receive and process reports of compliance violations
• Contacting you for business purposes

As part of a contractual relationship with another company or the initiation of such a relationship, we process the personal data of employees to fulfil the customer order and insofar as this is necessary for the business relationship. We process this data on the basis of our legitimate interest in carrying out the following activities

• Contract-related contact
• Contract management
• Ongoing customer support
• Service centre
• Exercise of warranty claims
• Claims management
• Contract termination management

In order to fulfil our contractual and legal obligations, your personal data is disclosed to various public or internal bodies, as well as external service providers.

Companies in the group of companies

The Materna Group maintains a central customer data management system that can be accessed by employees of all affiliated companies in order to offer you the full range of our services from a single source. You can call upthe companies in the Materna Group at t3://page?uid=254.

External service providers

We work with selected external service providers to fulfil our contractual and legal obligations:

• IT service providers (e.g. maintenance service providers, hosting service providers)
• Service providers for file and data destruction
• Printing services
• telecommunications
• Payment service providers
• Advice and consulting
• Service providers for marketing or sales
• Credit agencies
• authorised dealers
• Service provider for telephone support (call centre)
• Web hosting service providers
• Lettershops
• Auditors

Public authorities

In addition, we may be obliged to transfer your personal data to other recipients, such as authorities to fulfil statutory reporting obligations.

• Tax authorities
• Customs authorities
• Social insurance organisations

Countries outside the European Union (and the European Economic Area "EEA") handle the protection of personal data differently than countries within the European Union. There is currently no decision by the EU Commission that these third countries generally offer an adequate level of protection.

We have therefore taken special measures to ensure that personal data is processed in third countries just as securely as within the European Union. We conclude the standard data protection clauses provided by the Commission of the European Union with service providers in third countries. These clauses provide suitable guarantees for the protection of your data with service providers in the third country.

We store your personal data for as long as is necessary to fulfil our legal and contractual obligations.

If storage of the data is no longer required for the fulfilment of contractual or legal obligations, your data will be deleted unless further processing is required for the following purposes:

• Fulfilment of retention obligations under commercial and tax law. These include retention periods from the German Commercial Code (HGB) or the German Fiscal Code (AO). The retention periods are up to 10 years.
• Preservation of evidence within the framework of statutory limitation periods. According to the statute of limitations of the German Civil Code (BGB), these limitation periods can be up to 30 years in some cases; the regular limitation period is three years.

Every data subject has the right of access under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to erasure under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR, the right to object under Art. 21 GDPR and the right to data portability under Art. 20 GDPR. The restrictions under Sections 34 and 35 BDSG apply to the right of access and the right to erasure.

Right to object

You can object to the use of your data for advertising by electronic mail at any time without incurring any costs other than the transmission costs according to the basic rates.

What rights do you have in the event of data processing based on your legitimate or public interest?

In accordance with Art. 21 para. 1 GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6 para. 1 e GDPR (data processing in the public interest) or Art. 6 para. 1 f GDPR (data processing to protect a legitimate interest); this also applies to profiling based on this provision.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

What rights do you have in the event of data processing for direct marketing purposes?

If we process your personal data for direct marketing purposes, you have the right under Art. 21 (2) GDPR to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If you object to processing for the purposes of direct marketing, we will no longer process your personal data for these purposes.

Revocation of consent

You can withdraw your consent to the processing of personal data at any time. Please note that the cancellation is only effective for the future.

Right to information

You can request information about whether we have stored personal data about you. If you wish, we will tell you what data is involved, for what purposes the data is processed, to whom this data is disclosed, how long the data is stored and what other rights you have in relation to this data.

Further rights

You also have the right to have incorrect data corrected or to have your data deleted. If there is no reason for further storage, we will delete your data, otherwise we will restrict processing. You can also request that we provide all personal data that you have provided to us in a structured, commonly used and machine-readable format either to you or to a person or company of your choice.

In addition, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR in conjunction with Section 19 BDSG).

Exercising your rights

To exercise your rights, you can contact the controller or the data protection officer using the contact details provided. We will process your enquiry immediately and in accordance with the legal requirements and inform you of the measures we have taken.

To enter into a business relationship, you must provide us with the personal data that is required to fulfil the contractual relationship or that we are required to collect by law. If you do not provide us with this data, it will not be possible for us to fulfil and process the contractual relationship.

If the purpose or the way in which we process your personal data changes significantly, we will update this information in good time.