Data protection information for suppliers

Responsible is:

Materna Information & Communications SE
Robert-Schuman-Straße 20
44263 Dortmund

You can contact our data protection officer:

Materna Information & Communications SE
In person/confidential to the data protection officer
Robert-Schuman-Straße 20
44263 Dortmund
E-mail: [email protected]

You can contact our data protection officer:

Materna Information & Communications SE
In person/confidential to the data protection officer
Robert-Schuman-Straße 20
44263 Dortmund
E-mail: [email protected]

We process personal data that we receive from our customers, service providers (including freelancers) and suppliers.

We also receive personal data from the following organisations:

• Credit agencies
• Publicly accessible sources: Commercial or association registers, debtor directories, land registers, sanctions lists (of the EU, the UN, states such as the USA)
• Other group companies

We process your personal data in particular in compliance with the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) as well as all other relevant laws.

For the fulfilment of a contract (Art. 6 para. 1 b GDPR)

We use your personal data for Requests for Information and Requests for Purpose and to fulfil the customer order. Within this contractual relationship, we will process your data in particular to carry out the following activities

• Contract-related contact
• Profile-related contact for follow-up orders or new orders
• Contract management
• Ongoing contract management
• Exercise of warranty and liability claims
• Claims management
• Contract termination management

Further information on the purposes of data processing can be found in the respective contract documents and General Terms and Conditions.

For the fulfilment of legal obligations (Art. 6 para. 1 c GDPR)

As a company, we are subject to various legal obligations. It may be necessary to process personal data in order to fulfil these obligations.

• Control and reporting obligations
• Creditworthiness, age and identity checks
• Prevention/defence against criminal acts

On the basis of a legitimate interest (Art. 6 para. 1 f GDPR)

In certain cases, we process your data to protect our legitimate interests or those of third parties.

• Direct advertising or market and opinion research
• Central supplier and customer data management within the Group
• Measures for building and plant security
• Video surveillance to safeguard domiciliary rights
• Consultation of and data exchange with credit agencies to determine creditworthiness and default risks
• Ensuring IT security and IT operations

In order to fulfil our contractual and legal obligations, your personal data is disclosed to various public or internal bodies and external service providers.

Companies in the group of companies

The Materna Group maintains a centralised supplier and customer data management system. The companies in the Materna Group can be found at https://www.materna.de/DE/Unternehmen/Standorte/standorte_node.html.

External service providers

We work with selected external service providers to fulfil our contractual and legal obligations:

• IT service providers (e.g. maintenance service providers, hosting service providers)
• Service providers for file and data destruction
• Printing services
• telecommunications
• Payment service providers
• Advice and consulting
• Service providers for marketing or sales
• Credit agencies
• authorised dealers
• Service provider for telephone support (call centre)
• Web hosting service providers
• Lettershops
• Auditors

Public authorities

In addition, we may be obliged to transfer your personal data to other recipients, such as authorities to fulfil statutory reporting obligations.

• Tax authorities
• Customs authorities
• Social insurance organisations

Countries outside the European Union (and the European Economic Area "EEA") handle the protection of personal data differently than countries within the European Union. There is currently no decision by the EU Commission that these third countries generally offer an adequate level of protection.

We have therefore taken special measures to ensure that personal data is processed in third countries just as securely as within the European Union. We conclude the standard data protection clauses provided by the Commission of the European Union with service providers in third countries. These clauses provide suitable guarantees for the protection of your data with service providers in third countries.

Our service providers in the USA are generally bound by the standard data protection clauses.

If you have any further questions, please contact [email protected].

We store your personal data as long as it is necessary for the fulfilment of our legal and contractual obligations or for a partnership.

If storage of the data is no longer necessary for the fulfilment of contractual or legal obligations or for a partnership, your data will be deleted unless further processing is necessary for the following purposes:

• Consideration for upcoming tenders to which your expertise & qualifications match
• Fulfilment of retention obligations under commercial and tax law. These include retention periods from the German Commercial Code (HGB) or the German Fiscal Code (AO). The retention periods are up to 10 years.
• Preservation of evidence within the framework of statutory limitation periods. According to the statute of limitations of the German Civil Code (BGB), these limitation periods can be up to 30 years in some cases; the regular limitation period is three years.

Every data subject has the right of access under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to erasure under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR, the right to object under Art. 21 GDPR and the right to data portability under Art. 20 GDPR. The restrictions under Sections 34 and 35 BDSG apply to the right of access and the right to erasure.

Right to object

You can object to the use of your data for advertising by electronic mail at any time without incurring any costs other than the transmission costs according to the basic rates.

What rights do you have in the event of data processing based on your legitimate or public interest?

In accordance with Art. 21 para. 1 GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6 para. 1 e GDPR (data processing in the public interest) or Art. 6 para. 1 f GDPR (data processing to protect a legitimate interest); this also applies to profiling based on this provision.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

What rights do you have in the event of data processing for direct marketing purposes?

If we process your personal data for direct marketing purposes, you have the right under Art. 21 (2) GDPR to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If you object to processing for the purposes of direct marketing, we will no longer process your personal data for these purposes.

Revocation of consent

You can withdraw your consent to the processing of personal data at any time. Please note that the cancellation is only effective for the future.

Right to information

You can request information about whether we have stored personal data about you. If you wish, we will tell you what data is involved, for what purposes the data is processed, to whom this data is disclosed, how long the data is stored and what other rights you have in relation to this data.

Further rights

You also have the right to have incorrect data corrected or to have your data deleted. If there is no reason for further storage, we will delete your data, otherwise we will restrict processing. You can also request that we provide all personal data that you have provided to us in a structured, commonly used and machine-readable format either to you or to a person or company of your choice.

In addition, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR in conjunction with Section 19 BDSG).

Exercising your rights

To exercise your rights, you can contact the controller or the data protection officer using the contact details provided. We will process your requests immediately and in accordance with the legal requirements and inform you of the measures we have taken.

To enter into a business relationship, you must provide us with the personal data that is required to fulfil the contractual relationship or that we are required to collect by law. If you do not provide us with this data, it will not be possible for us to fulfil and process the contractual relationship.

If the purpose or the way in which we process your personal data changes significantly, we will update this information in good time and inform you of the changes in good time.