We understand the importance of the personal information you entrust to us. We see it as one of our most important tasks to ensure the confidentiality of your data.In accordance with the General Data Protection Regulation (GDPR), we would like to comply with our obligation to provide information when collecting personal data and to inform you transparently about the type, scope and purpose of the processing of the personal data we collect and to inform you about the rights to which you are entitled.
The person responsible within the meaning of the General Data Protection Regulation is:
Company: SME GmbH
Street: Pahlbloken 7
ZIP/City: 24232 Schönkirchen
Phone: +49 431/533226-71
Email: alexander.samoylov@smegroup.eu
We have appointed a data protection officer.
You can reach him at dsb@dsgvonord.de or with the note “Data Protection Officer” at the above company address.
We process personal data that we receive directly from our customers as part of our business relationship. In addition, we process personal data that we receive from other companies, e.g. B. for the execution of orders, for the fulfillment of contracts or on the basis of a consent given by you.
On the other hand, we process personal data that we have legitimately obtained and are allowed to process from publicly accessible sources (e.g. commercial and association registers, press, media, internet).Personal data relevant to us can be:
Customer contact information
As part of the business initiation phase and during the business relationship, in particular through personal, telephone or written contacts initiated by you or one of our employees, further personal data is generated, e.g. information about contact channel, date, reason and result; (Electronic) copies of correspondence and information about participation in direct marketing measures.
Credit Report
Business creditworthiness documents: Income/surplus calculations, balance sheets, business evaluation, type and duration of self-employment.
We process the aforementioned personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG-new):
When processing personal data for which we obtain the consent of the data subject, Article 6 Paragraph 1 Letter a of the General Data Protection Regulation serves as the legal basis.
Article 6 (1) (b) GDPR serves as the legal basis for the processing of personal data required to fulfill a contract to which the data subject is a party. This regulation also includes processing operations that are necessary to carry out pre-contractual measures.
Insofar as processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Article 6 (1) (c) GDPR serves as the legal basis
If the processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the person concerned do not outweigh the first interest, Art. 6 Para. 1 Letter f DSGVO serves as the legal basis for the processing. The legitimate interest of our company lies in the conduct of our business.
Within our company, only those people and departments who need your personal data to fulfill our contractual and legal obligations receive it.
We transmit data to third parties if we need them to fulfill a contractual obligation.
A transmission to third parties beyond the purposes mentioned under point 3 does not take place.
In addition, we transmit data to third parties if there is a legal obligation to do so. This is the case when state institutions (e.g. authorities and offices) request information in writing, a court order has been issued or a legal basis allows disclosure.If we make advance payments, e.g. when purchasing on account, we reserve the right to obtain identity and creditworthiness information from service companies specializing in this (credit agencies) in order to protect our legitimate interests.
A transfer of personal data to so-called third countries outside the EU/EEA area does not take place.
We process and store your personal data as long as it is necessary for the fulfillment of our contractual obligations and for all other purposes mentioned under point 3 or as required by the retention periods provided for by law.
If the data is no longer required for the fulfillment of contractual or legal obligations, it is regularly blocked for further processing or deleted in accordance with the statutory provisions.
If you have any questions about your personal data, you can contact us in writing at any time.
According to the GDPR, you have the following rights:
The right to information (sub-item Art. 15 GDPR):
You have the right to receive information at any time about which categories and information about your personal data we process for what purpose and for how long and according to which criteria this data is stored and whether automated decision-making including profiling is used in this context. You also have the right to know which recipients or categories of recipients your data has been disclosed or will be disclosed; especially for recipients in third countries or international organizations. In this case, you also have the right to be informed about suitable guarantees in connection with the transfer of your personal data.
In addition to the right to complain to the supervisory authority and the right to information about the origin of your data, you have the right to deletion, correction and the right to restrict or object to the processing of your personal data.
In all of the above cases, you have the right to request a copy of your personal data processed by us from the data processor free of charge. We are entitled to charge a reasonable administrative fee for any further copies that you request or that go beyond the data subject’s right to information.
The right to rectification (Article 16 GDPR):
You have the right to request the immediate correction of your inaccurate personal data and, taking into account the purposes of the processing, to request the completion of incomplete personal data, also by means of a supplementary statement.
If you would like to exercise the right to rectification, you can contact our data protection officer or the person responsible for processing at any time.
The right to erasure (Art. 17 GDPR):
You have the right to demand the immediate deletion of your data (“right to be forgotten”), in particular if the storage of the data is no longer necessary, you revoke your consent to data processing, your data was processed unlawfully or was collected unlawfully and there is a legal obligation to delete under EU or national law.
However, the right to be forgotten does not apply if there is an overriding right to freedom of expression or information, data storage is necessary to fulfill a legal obligation (e.g. storage obligations), archiving purposes prevent deletion or storage to assert exercise or defense of legal claims.
The right to restriction (Article 18 GDPR):
You have the right to request that the data controller restrict the processing of your data if you dispute the accuracy of the data, the processing is unlawful, you refuse to delete your personal data and instead request that the processing be restricted if the necessity for the processing purpose no longer applies or you have objected to the processing in accordance with Article 21 Paragraph 1, as long as it is not certain whether legitimate reasons on our part outweigh yours. The right to data portability (Art. 20 GDPR) You have the right to portability of your personal data, which you have provided to our company in the form of a common format, so that you can have your personal data forwarded to another person responsible without hindrance, provided, for example, you have given your consent and the processing is carried out by means of an automated procedure takes place.
The right to object (Art. 21 GDPR):
You have the right to object to the processing of your personal data at any time, except for reasons worthy of protection. Reasons for data processing worthy of protection exist, for example, if the interests, rights and freedoms of the data subject prevail or the processing serves to assert, defend and exercise legal claims. In addition, you can also express a separate, express right to object to the processing of your personal data for direct advertising purposes at any time.
Right of appeal to a data protection supervisory authority (Art. 77 GDPR in conjunction with Section 19 BDSG):
You are granted the right to complain to a supervisory authority if you consider that there has been a breach in the processing of your personal data.
Supervisory authority:Independent State Center for Data Protection (ULD)Marit Hansen – State Commissioner for Data Protection Schleswig-HolsteinHolstenstrasse 9824103 KielTelephone: 0049 431 988-1200Email: mail@datenschutzzentrum.de
Right to withdraw consent under data protection law (Article 7 (3) GDPR):
You can revoke your consent to the processing of your personal data at any time and without giving reasons. This also applies to the revocation of declarations of consent that were given to us before the EU General Data Protection Regulation came into force.
We hereby point out that the provision of personal data is required by law in certain cases (e.g. tax regulations) or can result from contractual regulations (e.g. information on the contractual partner). For example, in order to conclude a contract, it may be necessary for the person concerned/the contractual partner to make their personal data available so that we can process their request (e.g. order) at all. An obligation to provide personal data arises primarily when contracts are concluded. If no personal data is provided in this case, the contract with the data subject cannot be concluded. Before personal data is provided by the person concerned, the person concerned can contact our data protection officer or the person responsible for processing. The data protection officer or the person responsible for processing then explains to the person concerned whether the provision of the required personal data is required by law or contract or is necessary for the conclusion of the contract and whether the concerns of the person concerned result in an obligation to provide the personal data or the consequences of non-provision of the desired data for the person concerned.
As a responsible company, we do not use automatic decision-making or profiling in our business relationships.
(1) We use the job advertisement and applicant management software of On-apply GmbH to optimise our recruitment processes. If you apply to us, we will process the data that you have provided to us as part of the application process for this purpose.
(2) The legal basis for this is Article 88 DSGVO in conjunction with Section 26 BDSG as well as Article 6 (1) (b) DSGVO for the initiation of contractual relationships. If an employment relationship is established between you and us, we will subsequently process the personal data already received from you for the purpose of employment.
(3) If you have also given your express consent in your application to the(3) If you have also given express consent to extended storage in an applicant tool in your application, the duration of the processing will extend to this period. Any consent given can be revoked at any time, with effect for the future, by sending us a message.
(4) The deletion of the data takes place after six months, provided that there are no legal obligations to retain the data and no interests worthy of protection prevail.