Information on the handling and processing of personal data pursuant to Art. 13 GDPR in conjunction with the transparency requirement pursuant to Art. 12ff GDPR
Intended purpose
Our company processes personal data for the purpose of entering into and fulfilling business relationships based on orders. All categories of data for the fulfillment of pre-contractual and contractual obligations are affected.
Lawfulness of data processing
The collection, processing and use of personal data takes place within the framework of what is legally permissible in accordance with Art. 5, 6 and 9 GDPR. If personal data is collected from the data subject, the data subject has the right to transparent information in accordance with Art. 13 GDPR. The same applies in accordance with Art. 14 GDPR if the data is not collected from the data subject. In principle, only such information is processed and used that is necessary for the fulfillment of operational tasks and is directly related to the purpose of processing. The special requirements for the collection, processing and use of special categories of personal data in accordance with Art. 9 GDPR and Section 22 BDSG are observed. According to the GDPR, the processing of sensitive data is only permitted subject to the principle of the reservation of permission or upon presentation of a legal basis.
Disclosure of data to third parties
Personal data will only be passed on to third parties if this is necessary to fulfill the business purpose or if there is a legal obligation to do so. Personal data will not be passed on to third parties, including to third countries with an unclear level of data protection (usually countries outside the EU) that are not involved in the business purpose, or only if the explicit consent of the data subject has been obtained or if EU standard contractual clauses or further suitable guarantees ensure that data protection rights are safeguarded.
The rights of data subjects
In accordance with Art. 12 ff GDPR, data subjects have the right to information, correction, deletion, restriction and objection to the processing of their data.
The right of data subjects to withdraw consent
Pursuant to Art. 7 para. 3 GDPR, data subjects have the right to withdraw their consent to the processing of personal data for the future if the processing is based on Art. 6 para. 1 a or Art. 9 para. 2 a GDPR. This does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.
However, revocation and failure to provide the required data usually means that the purpose for which the data was or should have been collected cannot be fulfilled. The written form is required to exercise these rights. To do so, please contact us by email at datenschutz.eska@eska.net
Deletion of personal data
Personal data will be deleted if the purpose for the storage no longer applies and no legal norm (e.g. statutory retention period) prescribes the retention of the data. The provisions of Art. 17 GDPR in conjunction with Section 35 BDSG apply. If deletion is not possible due to legal, contractual or commercial or tax law reasons, the processing of the data can be restricted at the request of the data subject. The written form is required to exercise this right.
The right of data subjects to data portability
Our company ensures the right to data portability in accordance with Art. 20 GDPR. Every data subject has the right to receive a copy of their personal data in a standard machine-readable file format.
Right to lodge a complaint
In accordance with Art. 77 GDPR, every data subject has the right to lodge a complaint with the competent supervisory authority.
The Saxon Data Protection and Transparency Officer can be contacted at the following URL: www.datenschutz.sachsen.de/beschwerde-einreichen.html.
Controller within the meaning of the GDPR and the BDSG
ESKA Automotive GmbH in Chemnitz
Data protection officer of the company
Steve Vetter, Vetter Consulting Data Protection Consulting
Available at: steve.vetter@vc-datenschutz.de