Information on the processing of customer/supplier data

1. General

SaluVet GmbH takes the protection of your personal data very seriously. Your privacy is an important concern for us. We process your personal data in accordance with the applicable legal data protection requirements for the purposes listed below. Personal data in the sense of this data protection information is all information that has a reference to your person.

 

In the following, you will learn how we handle this data. For a better overview, we have divided our data protection information into chapters.

The person responsible for data processing is

 

SaluVet GmbH

Stahlstrasse 5

88339 Bad Waldsee

Telephone: +49 (0) 7524-4015-0

E-mail address: info@saluvet.de

 

If you have any questions or comments about data protection (for example, about accessing and updating your personal data), you can also contact our data protection officer.

 

Stefan Fischerkeller

German Data Protection Office

Telephone: +49 (0) 7542 949 2101

E-mail address: datenschutz@saluvet.de

 

2. Processing framework

Source and origin of data collection

We process personal data that we have collected directly from you.

To the extent necessary to provide our services, we process personal data permissibly received from other companies or other third parties (e.g. credit agencies, address publishers). In addition, we process personal data that we have permissibly taken, received or acquired from publicly accessible sources (such as telephone directories, commercial and association registers, civil registers, debtor registers, land registers, the press, the Internet and other media) and are permitted to process.

Data categories

Relevant categories of personal data may include, in particular:

  • Personal data (surname, first name, profession/industry and comparable data)
  • Contact data (address, e-mail address, telephone number and comparable data)
  • Payment/coverage confirmation in the case of bank and credit cards Customer history
  • Data about your use of the telemedia offered by us (e.g. time of calling up our websites, apps or newsletters, pages/links clicked on by us or entries and comparable data)

Purposes and legal bases of the data processed

We process personal data in accordance with the provisions of the General Data Protection Regulation (DSGVO), the Federal Data Protection Act new version (BDSG-neu) and other applicable data protection regulations (details below). Which data is processed in detail and how it is used depends largely on the services requested or agreed in each case. Further details or additions to the purposes of data processing can be found in the respective contractual documents, forms, a declaration of consent and/or other information provided to you (e.g. in the context of using our website or our terms and conditions).

Purposes for the performance of a contract or pre-contractual measures (Art. 6 para. 1 b DSGVO)

Personal data is processed for the performance of our contracts with you and the execution of your orders as well as for the performance of measures and activities in the context of pre-contractual relationships, e.g. with interested parties. This essentially includes: the contract-related communication with you, the corresponding billing and associated payment transactions, the verifiability of orders and other agreements as well as quality control through corresponding documentation, goodwill procedures, measures for the control and optimisation of business processes as well as for the fulfilment of general due diligence obligations, the management and control by affiliated companies; statistical evaluations for corporate management, cost recording and controlling, reporting, internal and external communication, emergency management, billing and fiscal evaluation of operational services, risk management, assertion of legal claims and the defence in legal disputes; guaranteeing IT security (including system or plausibility checks). The purposes of the service include: ensuring IT security (including system and plausibility tests) and general security; ensuring and exercising domiciliary rights (e.g. through access controls); ensuring the integrity, authenticity and availability of data; preventing and investigating criminal offences; and monitoring by supervisory bodies or control authorities (e.g. auditing).

Purposes within the scope of a legitimate interest of us or third parties (Art. 6 para. 1 f DSGVO)

Beyond the actual performance of the contract or preliminary contract, we may process your data if it is necessary to protect legitimate interests of us or third parties, in particular for purposes of

  • of advertising or market and opinion research, insofar as you have not objected to the use of your data;
  • the testing and optimisation of procedures for needs analysis;
  • the further development of services and products as well as existing systems and processes;
  • enriching our data, including by using or researching publicly available data;
  • statistical evaluations or market analysis; benchmarking;
  • the assertion of legal claims and defence in legal disputes which are not
  • directly attributable to the contractual relationship;
  • the limited storage of the data, if deletion is not possible or only possible with disproportionate effort due to the special nature of the storage;
  • the prevention and investigation of criminal offences, insofar as this is not exclusively for the fulfilment of legal requirements;
  • the security of buildings and facilities (e.g. through access controls), insofar as this goes beyond the general duties of care;
  • of internal and external investigations as well as security checks;
  • the receipt and maintenance of certifications of a private law or official nature;
  • of securing and exercising domiciliary rights through appropriate measures (such as video surveillance) as well as for securing evidence in the event of criminal offences and their prevention;

Purposes within the scope of your consent (Art. 6 para. 1 a DSGVO)

Processing of your personal data for certain purposes (e.g. use of your e-mail address for marketing purposes) may also be based on your consent. As a rule, you can revoke this at any time. This also applies to the revocation of declarations of consent given to us prior to the application of the GDPR, i.e. prior to 25 May 2018. You will be informed separately about the purposes and consequences of revoking or not granting consent in the relevant text of the consent. As a general rule, the revocation of consent only takes effect for the future. Processing that took place before the revocation is not affected by this and remains lawful.

Purposes for compliance with legal requirements (Art. 6 para. 1 c DSGVO) or in the public interest (Art. 6 para. 1 e DSGVO)

Like anyone who participates in economic activity, we are also subject to a variety of legal obligations. These are primarily legal requirements (e.g. commercial and tax laws), but also regulatory or other official requirements where applicable. The purposes of processing may include the fulfilment of control and reporting obligations under tax law as well as the archiving of data for data protection and data security purposes and for auditing by tax and other authorities. In addition, the disclosure of personal data may be necessary in the context of official/court measures for the purposes of gathering evidence, criminal prosecution or enforcement of civil claims.

Scope of your obligations to provide us with data

You only need to provide us with the data that is necessary for the establishment and performance of a business relationship or for a pre-contractual relationship with us, or which we are legally obliged to collect. Without this data, we will generally not be able to conclude or execute the contract. This may also refer to data required later in the course of the business relationship. If we request additional data from you, you will be informed separately of the voluntary nature of the information.

 

Existence of automated decision-making in individual cases (including profiling)

We do not use any purely automated decision-making procedures pursuant to Article 22 DSGVO. If we do use such a procedure in individual cases in the future, we will inform you of this separately, insofar as this is required by law.

Consequences of not providing data

Within the scope of the business relationship, you must provide those personal data that are necessary for the establishment, execution and termination of the legal transaction and the fulfilment of the associated contractual obligations or which we are legally obliged to collect. Without this data, we will not be able to carry out the legal transaction with you.

Receivers of data within the EU

Within our company, those internal offices or organisational units receive your data that require it to fulfil our contractual and legal obligations or in the context of processing and implementing our legitimate interest.

Your data will only be passed on to external bodies if

  • in connection with the processing of the contract;
  • for the purpose of fulfilling legal requirements according to which we are obliged to provide information, report or pass on data or the data transfer is in the public interest (cf. point 2.4);
  • insofar as external service companies process data on our behalf as order processors or function transferees (e.g. data processing centres, support/maintenance of EDP/IT applications, archiving, document processing, call centre services, compliance services, controlling, data validation or plausibility checks, data processing, etc.). -data destruction, purchasing/procurement, customer administration, lettershops, marketing, media technology, research, risk controlling, accounting, telephony, website management, auditing services, credit institutions, printers or companies for data disposal, courier services, logistics);
  • on the basis of our legitimate interest or the legitimate interest of the third party for within the scope of the aforementioned purposes (e.g. to authorities, credit agencies, debt collection, lawyers, courts, appraisers, subsidiaries and committees and control bodies);
  • if you have given us consent to transfer data to third parties;

We will not pass on your data to third parties beyond this. Insofar as we commission service providers within the scope of order processing, your data is subject to the same security standards there as it is with us. In other cases, the recipients may only use the data for the purposes for which it was transmitted to them.

Receivers of data outside the EU

No data is transferred to bodies in states outside the European Union (EU) or the European Economic Area (EEA), so-called third countries.

Storage periods

We process and store your data for the duration of our business relationship. This also includes the initiation of a contract (pre-contractual legal relationship) and the processing of a contract.

In addition, we are subject to various storage and documentation obligations, which result from the German Commercial Code (HGB) and the German Fiscal Code (AO), among others. The periods specified there for storage and documentation are up to ten years to the end of the calendar year beyond the end of the business relationship or the pre-contractual legal relationship.

Furthermore, special statutory provisions may require a longer retention period, such as the preservation of evidence within the scope of statutory limitation provisions. According to §§ 195 ff. of the German Civil Code (BGB), the regular limitation period is three years; however, limitation periods of up to 30 years may also be applicable.

If the data are no longer required for the fulfilment of contractual or legal obligations and rights, they are regularly deleted, unless their – temporary – further processing is necessary for the fulfilment of the purposes due to an overriding legitimate interest. Such an overriding legitimate interest also exists, for example, if deletion is not possible or only possible with disproportionate effort due to the special nature of the storage and processing for other purposes is precluded by appropriate technical and organisational measures.

Your rights

Under certain circumstances, you can exercise your data protection rights against us. Your requests about the exercise of your rights should, where possible, be addressed in writing or by email to the address above or directly in writing or by email to our Data Protection Officer.

  • You have the right to receive information from us about your data stored by us according to the rules of Art. 15 DSGVO (if necessary with restrictions according to § 34 BDSG-Neu).
  • Upon your request, we will correct the data stored about you in accordance with Art. 16 DSGVO if it is inaccurate or incorrect.
  • If you wish, we will delete your data in accordance with the principles of Art. 17 DSGVO, provided that other statutory regulations (e.g. statutory retention obligations or the restrictions in accordance with § 35 BDSG-Neu) or an overriding interest on our part (e.g. for the defence of our rights and claims) do not prevent this.
  • In consideration of the requirements of Art. 18 DSGVO, you may request us to restrict the processing of your data.
  • You may also lodge an objection to the processing of your data in accordance with Art. 21 of the GDPR, on the basis of which we will terminate the processing of your data. This right of objection only applies in the case of very special circumstances of your personal situation, in which case our rights may conflict with your right of objection.
  • You also have the right to receive your data in a structured, common and machine-readable format under the conditions of Art. 20 DSGVO or to transmit them to a third party.
  • In addition, you have the right to revoke your consent to the processing of personal data at any time with effect for the future.
  • You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). However, we recommend that you always first address a complaint to our data protection officer.

You can reach the supervisory authority responsible for us at:

https://www.baden-wuerttemberg.datenschutz.de/die-aufsichtsbehorden-der-lander/

All AB are listed here.

The State Commissioner for Data Protection and Freedom of Information

Königstraße 10 a

70173 Stuttgart