DATA PROTECTION INFORMATION

We take the protection of personal data very seriously and observe the rules under data protection law, in particular the General Data Protection Regulation of the EU (GDPR) and the Federal Data Protection Act (Bundesdatenschutzgesetz; BDSG). This in particular means that we only process personal data if a statutory rule permits this or if the data subject has consented to it.

In this data protection information, we explain to you what information (including personal data) is processed by us in connection with the business relationship existing between you and us.

WHO IS RESPONSIBLE FOR THE PROCESSING ACTIVITIES?

the controller under data protection law for processing of personal data is RHODIUS Mineralquellen und Getränke GmbH & Co. KG, Brohltalstr. 2, D-56659 Burgbrohl, phone 02636 920-100.
Where this data protection information speaks of "we" or "us", this refers to the above company.

Our data protection officer Simon Lenz is can be reached under datenschutzbeauftragter@rhodius.de datenschutzbeauftragter@rhodius.de erreichbar.

WHAT DATA DO WE PROCESS?

Carrying out of our business relationships requires processing of data from our customers, suppliers and business partners. Where such data permit any conclusions concerning you as a natural person (e.g. if you as an individual merchant enter into any business relationship with us), these are personal data.

Master data:

The process general data concerning your person and the business relationship existing with you, which we refer to as "master data" in general. This in particular includes

a) information that you have disclosed to us when founding the business relationship, or that we have requested from you or via your supplier (e.g. your name, address, email address, date of birth, nationality, VAT ID and other contact data)
b) the data that we have collected in connection with founding of the business relationship (such as in particular the details of the contracts concluded with you).

Progress data:

We process personal data that arise in the course of the business relationship that may exceed the mere change of your master data and that we call "progress data". This in particular includes

a) Information concerning the services rendered or purchased by you based on the concluded contracts,
b) Information concerning the services rendered or purchased by us based on the concluded contracts,Information that you provide to us in the course of the business relationship - either actively or upon our request,
c) Personal data that we obtain from you or third parties in any other manner within the course of our business relationship.

FOR WHAT PURPOSE AND ON WHAT LEGAL BASIS DO WE PROCESS YOUR DATA?

1. The master and progress data are processed to carry out the contracts existing with you or to carry out pre-contractual measures based on point (b) of Article 6(1), GDPR.

2. We also may process master and progress data to meet legal obligations imposed on us; this is done on the basis of point (c) of Article 6(1), GDPR. These legal obligations specifically include the notifications required from us to the (tax) authorities.

3. As far as necessary, we will process your data also to protect our legitimate interests or the interest of third parties, beyond carrying out of the contracts concluded with you and compliance with legal obligations; this is done based on point (f) of Article 6(1), GDPR. Our legitimate interests include

unique identification of customers and customer support,
valuation of creditworthiness and collateral,
compilation of settlements/credits,
establishment of legal claims and defences in legal disputes,
preventing and investigating criminal offence,
control and further development of our business activities, including risk control, etc.

As far as we give you the opportunity to give us consent to processing of personal data at the founding or in the course of the business relationship, we process the data covered by the consent for the purposes named in the consent; this is done based on point (c) of Article 6(1) GDP.

Please note that you give your consent towards us freely, and that neither the consent nor its later revocation will influence carrying out of the business relationship, but that refusal of consent or its later revocation may nevertheless lead to consequences that we inform you of before you give your consent, that you may withdraw any consent given to us at any time, effective for the future, e.g. by notifying us by mail, fax or email, via one of the contact methods named on the first page of this data protection informatio.

AM I OBLIGATED TO PROVIDE DATA?

Provision of the master data and progress data named in item II. is necessary for founding and carrying out of the business relationship between you and us, as far as we have not expressly stated anything to the contrary when collecting such data. If these data are not provided, we cannot found and carry out any business relationship with you.

WHO WILL OBTAIN MY DATA?

our personal data are generally processed within our company. Depending on the type of personal data, only specific departments/organisation units will have access to your personal data. This in particular includes our field service and the office employees and - in case of data processed via the IT infrastructure - the IT department to a certain extent. We may also transmit your personal data to third parties outside of our company at the legally permitted scale. Such external recipients may in particular include The service providers charged by us who render services for us on a separate contractual basis, which may also comprise processing of personal data, as well as the subcontractors of our service provides that are charged with our consent, non-public and public bodies, as far as we are obligated to transfer your personal data due to legal obligations, as far as you have concluded any rent/lease contract, we may pass on the customer data to the building owner if there is any right to move into the object. This is done for the purpose of supporting and settling claims for a rent/lease.

We transmit personal data collected within the context of a contractual relationship concerning the application, carrying out and termination of a business relationship, as well as data concerning non-contractual or fraudulent behaviour from case to case to our lawyers or the credit insurances and cash collection companies listed in annex 1. The legal basis of such data transfers are point (b) of article 6(1) and point (f) of Article 6(1) of the General Data Protection Regulation (GDPR). Transfers based on point (f) of Article 6(1) GDPR, as far as these are necessary to protect legitimate interests of our company or third parties and the interests or fundamental rights and fundamental freedoms of the data subjects that require protection of personal data are not overriding. Data exchange with the companies named above also serves to comply with statutory obligations to carry out creditworthiness checks for clients (§ 505a and 506 of the German Civil Code). These companies process the data obtained and will also use them for the purpose of profile creation (scoring) in order to provide their contracting partners in the European Economic Area and in Switzerland, as well as any third countries (as far as there is an appropriateness resolution for them from the European Commission) with information, inter alia, to evaluate the creditworthiness of natural persons.

IS AUTOMATED DECISION-MAKING USED?

At founding or during the course of the business relationship, we generally do not use any automated decision-making (including profiling) within the meaning of Article 22 GDPR. As far as we use such procedures in individual cases, we will inform you separately about this at the legally intended extent.

HOW LONG ARE MY DATA STORED FOR?

We will generally only store your personal data while we have a legitimate interest in storage and your interests in not continuing storage are not overriding.

Even without a legitimate interest, we may continue to store the data if we are obligated to do so by law (e.g. to meet storage obligations). We shall also erase your personal data without any action from you as soon as their knowledge is no longer necessary for compliance with the purpose of processing or if storage is legally prohibited for any other reasons.

As a rule, the master data and any further personal data arising in the course of the business relationship are stored at least until the end of the business relationship. The data shall be erased at the latest at the time at which their target is achieved. This may also occur after completion of the business relationship. Such personal data that we must store to meet the storage obligations shall be stored until the end of the respective storage obligation. As far as we store personal data only to meet storage obligations, these will be accessed only if access is necessary in light of the purpose of the storage obligation.

WHAT RIGHTS DO I HAVE?

As a data subject, you have the right to

access the personal data stored concerning you, Article 15 GDPR,
rectification of inaccurate or incomplete data, Article 16 GDPR,
erasure of personal data, Article 17 GDPR,
restriction of processing, Article 18 GDPR,
data portability, Article 20 GDPR,
object to processing of the personal data concerning you, Article 21 GDPR.

You may contact us to exercise these rights at any time - e.g. using one of the contact methods indicated at the beginning of this data protection information.

If there are any questions concerning processing of your data, you may also contact our data protection officer.

You also have the right to lodge a complaint with a competent supervisory authority for data protection, Article 77 GDPR.

 

ATTACHMENT 1: CREDIT INSURERS AND COLLECTION COMPANIES