1 Contact details of the responsible office and data protection officer

1.1 Responsible body:

CFC Europe GmbH
Rigistraße 20
73037 Göppingen

Telefon: +49 (0) 7161 8009 0
Telefax: +49 (0) 7161 8009 10
E-Mail: cs-gp@ITWSF.com

1.2 Data protection officer:

The data protection officer can be contacted at the above address or at the following e-mail address:

datenschutz-goeppingen@ITWSF.com

2 Purposes of processing

2.1 Consent (Article 6 (1a) GDPR)

A processing of personal data for specific purposes (e.g. sending our newsletter by e-mail after clicking on the confirmation link sent to you, forwarding to other third parties, evaluation of data for marketing purposes) will take place if you have given us your consent.

2.2 Contractual or pre-contractual obligations (Art. 6 (1b) GDPR)

We process personal data whose disclosure is necessary for the performance of a contract to which you are a party or for the implementation of pre-contractual measures which are carried out at your request, e.g. via our website contact form. The purposes of the data processing depend on the specific contract (e.g. purchase, supply, employment contract) and may include, among other things, evaluations, advice and the implementation of further actions. We process personal data of employees for the purposes of the employment relationship if this is necessary for the decision on the establishment of an employment relationship or, after the establishment of the employment relationship, for its execution or termination or for the exercise or fulfilment of rights and obligations arising from a law.

2.3 Legal requirements (Art. 6 Paragraph 1c GDPR)

Due to legal obligations, data is processed, e.g. for the purposes of fraud and money laundering prevention, fulfilment of fiscal control and reporting obligations and information to authorities.

2.4 Balancing of interests (Art. 6 Paragraph 1f GDPR)

In order to protect the legitimate interests of us or third parties, data processing is also carried out for specific purposes after prior consideration of interests, e.g. to secure domiciliary rights, protect legal claims, clarify criminal offences, determine default risks, optimise product development, optimise customer contact for advertising purposes, optimise demand planning or ensure data security.

3 Further data processing within the scope of website use

3.1 Contact form

We will only use the data collected via our contact form for the processing of inquiries received via the contact form. After processing the request, the collected data will be deleted.

3.2 Cookies

On various pages we use cookies to make the visit of our website more attractive and to enable the use of certain functions. The so-called ‘cookies’ are small text files that your browser can store on your computer. Some cookies are necessary for the operation of the website (category: necessary cookies), we only set other cookies if you have given us your prior consent (category: all cookies). The process of storing a cookie file is also called ‘setting a cookie’. You can set your browser according to your wishes so that you are informed about the setting of cookies, decide on the acceptance of all cookies or accept or generally exclude the acceptance of unnecessary cookies.

3.2.1 Necessary cookies

We use necessary cookies to perform or facilitate the transmission of a message over an electronic communications network. In addition, we use necessary cookies to provide an information society service that you expressly request.

Necessary cookies in detail: PHPSESSIONID (session lifetime)

3.3 Anonymous or pseudonymous usage

As a matter of principle, you can visit our websites without providing us personal data. Pseudonymized usage data are not merged with the data of the bearer of the pseudonym. A creation of pseudonymous usage profiles does not take place.

4 categories of recipients

In order to fulfil the intended purposes, the data required in each case can be accessed across departments within our company. Processors employed by us may also receive data for specific purposes, e.g. for IT services, document destruction and marketing. Other recipients of personal data may also be public authorities, credit and financial service institutions, lawyers and tax consultants or credit agencies.

5 Transfer to a third country or to an international organization

Data will only be transferred to third countries if this is necessary, for example, to implement a contract or if it is required by law, if you have given us your consent or if this is stipulated in a collective bargaining agreement or works agreement, e.g. as part of a group data transfer. Furthermore, in the context of the maintenance of IT components, it cannot be ruled out that an IT service provider from a third country (e.g. the USA) could in rare cases gain access to personal data. Otherwise, no personal data will be transferred to third countries or to an international organization.

6 Duration of data storage

For the duration of the contractual relationship, the personal data will be stored by us; in addition, statutory limitation periods are usually three years. There are various storage and documentation obligations, e.g. from the German Commercial Code (HGB) and the German Fiscal Code (AO), which are valid for up to ten years.

7 Right to information, correction, deletion, restriction, data transferability

You have the right to information in accordance with Art. 15 DS-GVO, the right to correction in accordance with Art. 16 DS-GVO, the right to deletion in accordance with Art. 17 DS-GVO, the right to restriction of processing in accordance with Art. 18 DS-GVO and the right to data transferability from Art. 20 DS-GVO. The right to information and the right to deletion are subject to the restrictions set out in Articles 34 and 35 of the Federal Data Protection Act.

8 Revocation of Consent

You can revoke a given consent at any time. You can also object to the sending of our newsletter by clicking on the unsubscribe link in the newsletter. Please note that your revocation is only effective for the future.

9 Existence of a right of complaint

In addition, you have a right of appeal to a data protection supervisory authority (Article 77 DS-GVO in conjunction with Section 19 BDSG).

10 Obligation to provide data

You only need to provide the personal data that is necessary for the establishment, execution and termination of a contract or that we are legally obliged to collect. If you do not provide us with the necessary information and documents, we may not commence or continue the business relationship you have requested.

11 Automated decision making in individual cases

As a matter of principle, we do not use fully automated decision making to establish and conduct the business relationship. Should we use these procedures in individual cases, we will inform you of this separately if this is required by law.

12 Profiling

We process some of your data automatically with the aim of evaluating certain personal aspects (profiling), e.g. evaluation for a targeted customer approach, needs-based advertising including market and opinion research as well as for scoring or rating. Data on payment behavior (e.g. account turnover, balances) as well as criteria such as industry affiliation and experience from the previous business relationship can be included in the evaluation.

13 Categories of personal data

We process the following categories of personal data, for example: Personal master data, contract master data, contract implementation and termination data, order data, data for the fulfilment of legal obligations, creditworthiness data, scoring/rating data, advertising and sales data, data on your use of our offered telemedia (e.g. time of access to our websites, apps or newsletters, pages clicked on by us or entries) as well as other data comparable to the categories mentioned.

14 Data sources

We process data that we have received from you within the scope of our business relationship as well as data that has been permissibly transferred to us by other third parties. Secondly, we collect data from publicly accessible sources (e.g. industry and debtor directories, commercial register, press).

Information about your right of objection according to Art. 21 of the Basic Data Protection Regulation (GDPR)

Right of objection based on individual cases

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1e) DPA (data processing in the public interest) and Article 6(1f) DPA (data processing based on a balancing of interests), including profiling based on this provision. If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.

Right to object to the processing of data for direct marketing purposes

We process your personal data in order to carry out direct advertising. You have the right to object at any time to the processing of personal data concerning you for the purpose of such direct marketing, including profiling, insofar as it is related to such direct marketing. If you object to processing for the purposes of direct marketing, we will no longer process your personal data for those purposes. The objection can be made without any formality and should be addressed if possible to:

CFC Europe GmbH
Rigistraße 20
73037 Göppingen

Telefax: +49 (0) 7161 8009 10
E-Mail: cs-gp@ITWSF.com