Our Handling of Your Data and Your Rights
– Information in accordance with Articles 13, 14, and 21 of the General Data Protection Regulation (GDPR) –
Overview
Dear Customer
hereby, we inform you about the processing of your personal data by us and the claims and rights to which you are entitled under the data protection regulations.
The specific data processed and the way in which they are used largely depend on the services requested or agreed upon.
Who is responsible for data processing?
The responsible entity is:
D2G HR GmbH
Fasanenweg 27
25826 Sankt Peter-Ording
Phone: +49 160 383 1525
E-Mail: contact@traze-hr.com
You can reach our Data Protection Officer at:
Phone: +49 160 383 1525
E-Mail: contact@traze-hr.com
2. What sources and data do we use?
We process personal data that we receive from you in the course of our business relationship. In addition, we process personal data that we have lawfully obtained from other companies (e.g., SCHUFA Creditreform) or authorities (e.g., for the execution of orders to fulfill contracts or based on your consent) to the extent necessary for the provision of our services. Furthermore, we process personal data that we have lawfully obtained from publicly accessible sources (e.g., debtor directories, land registers, commercial and association registers, press, media).
Relevant personal data include personal details (name, address, and other contact details, date and place of birth, and nationality) and identification data (e.g., ID data). In addition, this may include order data (e.g., payment orders, service contract), data from the fulfillment of our contractual obligations (e.g., sales data in merchandise traffic, credit limits, product data), information about your financial situation (e.g., credit data, scoring/rating data, data from credit agencies), advertising and sales data (including advertising scores), documentation data (e.g., consultation protocol), register data, data about your use of our offered telemedia (e.g., time of accessing our websites, apps or newsletters, clicked pages of ours or entries), as well as other data comparable to the aforementioned categories.
3. For what purposes and on what legal basis do we process personal data?
We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the German data protection law (BDSG):
3.1. To fulfill contractual obligations (Art. 6(1)(b) GDPR)
The processing of personal data (Art. 4(2) GDPR) is carried out for the provision and mediation of services, and in particular for the execution of our contracts with you and the execution of your orders, as well as all activities required for the operation and administration of our company.
The purposes of data processing are primarily based on the specific contract/service and may include, among other things, needs assessments, consulting, contract management and support, as well as the engagement of third parties to fulfill the contract or based on your request.
Further details on the purpose of data processing can be found in the respective contractual documents and terms and conditions.
3.2. As part of balance of interests (Art. 6(1)(f) GDPR)
Where necessary, we process your data beyond the actual fulfillment of the contract to safeguard legitimate interests of ours or third parties, such as in the following cases:
- Measures for business management and further development of services
- Review and optimization of procedures for direct customer approach
- Advertising or market and opinion research, as long as you have not objected to the use of your data
- Ensuring IT security and the company's IT operations
- Assertion of legal claims and defense in legal disputes
- Prevention and investigation of criminal offenses
- Measures for building and facility security (e.g., access controls)
- Measures to ensure domestic authority
- Consultation with and data exchange with credit agencies (e.g., SCHUFA, Creditreform) to determine creditworthiness or default risks
3.3. Based on your consent (Art. 6(1)(a) GDPR)
Where you have given us consent to process personal data for specific purposes (e.g., disclosure of data to other companies), the legality of this processing is based on your consent. Consent given can be withdrawn at any time.
Please note that the withdrawal only applies to future processing. Processing that took place before the withdrawal is not affected.
3.4. Due to legal obligations (Art. 6(1)(c) GDPR) or in the public interest (Art. 6(1)(e) GDPR)
In addition, we as a company are subject to various legal obligations, i.e., legal requirements (e.g., tax laws). The purposes of processing include, among other things, the fulfillment of tax control and reporting obligations as well as reports to other authorities that arise from the nature and content of the contract between you and us.
4. Who receives your data?
Within the company, those departments that need your data to fulfill our contractual and legal obligations will have access to it. Also, processors engaged by us (Art. 28 GDPR) may receive data for these purposes.
We may only share information about you if legal provisions require it, you have given your consent, or we are authorized to provide such information. Under these conditions, recipients of personal data may include:
- Public authorities and institutions (e.g., tax authorities) when a legal or official obligation exists
- Other companies or comparable entities to whom we transmit personal data to carry out the business relationship with you (depending on the contract, e.g., appraisers, banks, notaries or lawyers, brokers, insurance companies, accounting services, IT services, tradesmen, logistics, printing services, telecommunications, credit agencies, collection, consulting, and sales and marketing)
- Other entities for which you have given us your consent to transfer data
5. Is data transmitted to a third country or an international organization?
Data transfer to countries outside the European Economic Area (EEA) only occurs if necessary to execute your orders (e.g., payment orders, etc.), is legally required, or you have given us your consent. The transfer only takes place if the third country has been confirmed by the EU Commission as having an adequate level of data protection or if other appropriate data protection guarantees (e.g., binding internal company data protection regulations or EU standard contractual clauses) are in place. We will inform you of the details separately, provided this is required by law.
6. Is there an obligation to provide data?
As part of our business relationship, you must provide the personal data that is necessary for establishing, executing, and terminating a business relationship or that we are legally obliged to collect. Without this data, we will generally have to refuse to conclude the contract or execute the order or will no longer be able to carry out an existing contract and may need to terminate it.
7. To what extent is automated decision-making used on a case-by-case basis?
We do not generally use fully automated decision-making processes as defined by Art. 22 GDPR for the establishment and implementation of the business relationship. Should we use these procedures in individual cases, we will inform you separately, provided this is required by law.
8. To what extent is your data used for profiling (scoring)?
We partly process your data automatically with the aim of evaluating certain personal aspects (profiling). For example, we use profiling in the following cases:
- To inform and advise you about products in a targeted manner, we use evaluation tools. These enable communication and advertising tailored to your needs, including market and opinion research.
- In the context of assessing your creditworthiness, we use scoring (e.g., Schufa score). In doing so, the probability that a customer will meet their payment obligations in accordance with the contract is calculated. For example, income, expenses, existing liabilities, occupation, employer, duration of employment, experiences from the previous business relationship, contractual repayment of previous loans, as well as information from credit agencies may be included in the calculation. The scoring is based on a mathematically and statistically recognized and proven procedure. The calculated score values help us make decisions during product conclusions and are incorporated into ongoing risk management.
9. How long will your data be stored?
We process and store your personal data for as long as it is necessary for our business relationship, including the initiation and execution of a contract.
In addition, we are subject to various retention and documentation obligations that arise, among other things, from the German Commercial Code (HGB), the Tax Code (AO), and tax law. The periods specified for retention or documentation are between two and ten years.
Finally, the storage duration is also determined by the statutory limitation periods, which, for example, according to §§ 195 ff. of the German Civil Code (BGB), are generally three years, but in some cases, can be up to thirty years.
10. What rights do you have?
As our customer, you have the following data protection rights according to Art. 15-22, 34 GDPR, depending on the situation in individual cases, which you can exercise at any time by contacting us or our Data Protection Officer using the contact information provided in Section
- Information about the stored data and their processing (Art. 15 GDPR).
- Correction of incorrect personal data (Art. 16 GDPR).
- Deletion of stored data (Art. 17 GDPR). The right to deletion is restricted if processing is necessary:
- To fulfill a legal obligation that requires processing under Union or Member State law to which we are subject.
- For the establishment, exercise, or defense of legal claims
- Restriction of data processing, provided that data cannot be deleted due to legal obligations (Art. 18 GDPR).
- Objection to the processing of data (Art. 21 GDPR).
- Data portabilityprovided that consent has been given for data processing or a contract has been concluded (Art. 20 GDPR).
- Consents given for processing can be revoked at any time with effect for the future.
- The right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG).
The supervisory authority in Schleswig-Holstein is:
Unabhängiges Landeszentrum für Datenschutz (ULD)
Holstenstraße 98
24103 Kiel
Telefon: 0431 988 1200
Fax: 0431 988 1223
mail@datenschutzzentrum.de
www.datenschutzzentrum.de
You can also contact our Data Protection Officer.
Information about your right to object
in accordance with Art. 21 General Data Protection Regulation (GDPR)
- You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you, which is based on Art. 6(1)(e) GDPR (data processing in the public interest) and Art. 6(1)(f) GDPR (data processing based on a balancing of interests); this also applies to profiling based on these provisions within the meaning of Art. 4(4) GDPR, which we use for credit assessment or for advertising purposes.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defense of legal claims.
- In individual cases, we process your personal data to conduct direct marketing. You have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.
If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.
The objection can be made in any form and should preferably be directed to:
D2G HR GmbH
Fasanenweg 27
25826 Sankt Peter-Ording