Data protection notice for externals
as of March 2021
We process personal data that we receive from you for the implementation of pre-contractual measures. In addition, we process personal data that we have received from you, to the extent necessary for the purposes of fulfilling the contract.
2.1 Personal data includes:
Full name, address, company, telephone-/faxnumber, e-mail, information concerning newsletter-subscription, possibly additional department, position/function, secretariat and/or supervisor, data with regard to funds, data with regard to investors.
We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG):
2.3 For the fulfilment of contractual obligations (Art. 6 sec. 1 b GDPR, Section 26 BDSG)
The processing of data is carried out for the implementation of pre-contractual measures, which are carried out at your request and for the purpose of fulfilling the respective contract.
2.4 In order to safeguard the legitimate interests of the controller (Art. 6 sec. 1 f GDPR)
If necessary, we process your data beyond the actual performance of the contract in order to safeguard legitimate interests of us or of third parties:
(1) Passing it on to our tax advisors for the purpose of fulfilling our tax obligations;
(2) Pursuant to recital 47 DSGVO
2.5 Based on your consent (Art. 6 sec. 1 a GDPR in conjunction with Art. 88 GDPR and Section 26 (2) BDSG)
If you have given us consent for the processing of your personal data, processing will only take place in accordance with the purposes set out in the declaration of consent and to the extent agreed therein. Consent granted may be revoked at any time with effect for the future. This also applies to the revocation of declarations of consent that were granted to us before the GDPR, i.e. before 25 May 2018. The revocation of consent only has effect for the future and does not affect the legality of the data processed until the revocation.
2.6 Due to legal requirements (Art. 6 sec. 1c GDPR as well as Art. 88 GDPR and Section 26 BDSG)
As a company, we are subject to various legal obligations, i.e. legal requirements as well as regulatory requirements. The purposes of the processing include, among other things, identity verification, the fulfilment of tax control-, reporting- or documentation obligations as well as the management of risks in the company.
Within DLE, those positions that need it to fulfil the contractual, legal and supervisory obligations as well as to safeguard legitimate interests will have access to it.
Service providers and vicarious agents employed by us may also receive data for these purposes, provided that they need the data to perform their respective services. These are, for example, companies in the categories of taxes, training providers and IT services. All service providers are contractually obliged to treat your data confidentially.
With regard to the transfer of data to recipients outside our company, it should first be noted that we only disclose necessary personal data in compliance with the applicable data protection regulations. In principle, we may only disclose such information if statutory provisions require this, you have given your consent or if we are otherwise authorised to disclose it.
Under these conditions, recipients of personal data may include:
(1) Tax authorities
(2) Public authorities and institutions (e.g. finance authorities and law enforcement authorities) in the event of a legal or regulatory obligation
(3) Other companies for the processing of transactions or similar entities to which we transmit personal data for the purpose of conducting the contractual relationship (e.g. banks)
(4) Auditors of economic and wage tax
(5) Service providers in the context of contract data processing relationships
(6) Joint controllers.
Other data recipients may be the entities for which you have given us your consent to the transfer of data or to which we are authorised to transmit personal data on the basis of a balance of interests.
Data is transferred to bodies in countries outside the European Economic Area (so-called third countries) to the extent that
(1) it is required by law (e.g. tax reporting obligations)
(2) you have given us your consent or
(3) this is legitimised by the legitimate interest in data protection law and no higher interests worthy of protection of the data subject preclude this.
In addition, we do not transmit personal data to third-countries or international organizations.
However, for certain tasks, we use service providers who also use service providers who may have their headquarters, parent companies or data centres in a third country. A transfer is admissible if the European Commission has decided that there is an adequate level of protection in a third country (Article 45 GDPR). If the Commission has not taken such a decision, companies or service providers may only transfer personal data to service providers in a third country where appropriate safeguards are provided for (standard data protection clauses adopted by the EU Commission or the supervisory authority in a specific procedure) and enforceable rights and effective remedies are available.
We have also contractually agreed with our service providers that even with their contractual partners, guarantees of data protection must always be in place in compliance with the European level of data protection. On request, we will provide you with a copy of these warranties.
We process and store your personal data as long as this is necessary for the fulfilment of our contractual and legal obligations, in the case of a permanent obligation, if necessary, for a longer period of time.
If the data is no longer necessary for the fulfilment of contractual or legal obligations, it will be deleted on a regular basis, unless its temporary processing is necessary for the following purposes:
(1) Fulfilment of statutory retention obligations, which may arise, for example, from: German Commercial Code (Handelsgesetzbuch, HGB) and German Tax Code (Abgabenordnung, AO). The time limits for storage or documentation are usually six to ten years.
(2) Preservation of evidence within the framework of the statutory period of limitation. Pursuant to Section 195 ff of the German Civil Code (Bürgerliches Gesetzbuch, BGB), these limitation periods can be up to 30 years, with a regular limitation period of 3 years.
If the data is processed in the legitimate interest of us or a third party, the personal data will be deleted as soon as this interest no longer exists. The above exceptions apply. The same applies to data processing on the basis of consent provided. As soon as you revoke this consent for the future, the personal data will be deleted, unless one of the mentioned exceptions exists.
Everyone data subject has the right to information under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restrict processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR. The restrictions in the case of the right of access and the right of cancellation apply in accordance with Sections 34 and 35 of the German Data Protection Code (Bundesdatenschutzgesetz, BDSG).
You can revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent that were granted to us before the General Data Protection Regulation (25 May 2018). Please note that the revocation will only have effect for the future. Processing operations that took place before the revocation are not affected.
In addition, there is a right of complaint with a competent data protection supervisory authority (Article 77 GDPR). For example, you can contact the National Commissioner for Data Protection and Freedom of Information at the following address:
The Berlin Commissioner for Data Protection and Freedom of Information
We do not use fully automated automatic decision-making in accordance with Article 22 GDPR to establish, execute and terminate the contractual relationship. Should we use these procedures in individual cases, we will inform you about this and your rights in this regard separately, if this is required by law.
We do not process your data with the aim of automatically evaluating certain personal aspects.
The objection can be made without form with the subject “opposition” with your name and address and should be addressed to:
DLE Group AG
DATA PROTECTION AGENT