Information on data protection concerning our data processing according to Article (Art.) 13, 14 and 21 of the
General Data Protection Regulation (GDPR)
Many thanks for your visit to our website and your interest in vitreous enamel.
We take data protection seriously and herewith inform you how we will process your data and what your claims and
rights are in accordance with data protection regulations.
Valid as of 25 May 2018.
Authority responsible for data processing and contact data
Responsible authority in terms of data protection law:
Deutscher Email Verband e. V.
Dipl.-Kfm. Claus Thielmann
An dem Heerwege 10
|Phone||+49 2331 788651
|Fax||+49 2331 22662
Purposes and legal basis for our processing your data
We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), the
German Federal Data Protection Act (BDSG) as well as other applicable data protection regulations (details will follow).
Which individual data are processed and how they are used primarily depends on the services requested and or agreed upon.
For further details or additions for the purpose of data processing, you may refer to the respective contract documents,
forms, a declaration of consent and/or other information provided to you (e.g. when using our website or our general terms
and conditions). Furthermore, this data protection information may be updated from time to time. Please, refer to our
Purposes for the fulfilment of a contract or of precontractual measures (Art. 6 section 1 b GDPR)
Personal data are being processed to implement our contracts with you and to execute your orders as well as to take
measures and to carry out activities in the scope of precontractual relations, e.g. with interested parties.
Processing such data particularly is required to be able to render services in accordance with your orders and requests
and this includes the necessary services, measures and activities. This mainly includes the contract-related communication
with you, the traceability of transactions, orders and other agreements as well as measures to control and optimize
business processes as well as to exercise due diligence, steering and control by affiliated companies and associations;
statistic evaluations for corporate management, cost recording and controlling, reporting, internal and external
communication, emergency management, settlement and fiscal evaluation of operational performances, risk management, assertion
of legal claims and defense in legal disputes; safeguarding IT security and the general safety, assurance of integrity,
authenticity and availability of data, prevention and investigation of criminal offences; control by supervisory boards or
supervisory bodies (e.g. audit).
Purposes in the scope of a legitimate interest of ourselves or of third parties (Art. 6 section 1 f GDPR)
In addition to the actual performance of the contract and/or preliminary contract, we will process your data where appropriate
and if necessary in order to safeguard legitimate interests of ourselves or of third parties, particularly for the purposes:
- of advertising or market and opinion research insofar as you have not objected to the use of your data;
- of collecting information as well as exchanging data with credit agencies insofar as this exceeds our
- of reviewing and optimizing the processes of requirement analysis;
- of further developing services and products as well as existing systems and processes;
- of disclosing personal data in the scope of a due diligence during company sales negotiations;
- of enriching our data, a. o. by using or researching publicly accessible data;
- of statistic evaluations or market analysis;
- of bench marking;
- of asserting legal claims and defence in case of legal disputes which are not directly attributable to the
- of a limited storage of data when deleting the same is not possible or only possible with a disproportionately high
effort because of the particular kind of storage;
- of avoiding and resolving criminal offences unless exclusively for the compliance with legal provisions;
- of internal and external investigations, security checks;
- of assuring and exercising the domiciliary right by appropriate measures such as video surveillance for the
protection of our customers and employees as well as the preservation of evidence in case of offences and
Purposes in the scope of your agreement (Art. 6 section 1 a GDPR)
Processing your personal data for certain purpose (e.g. the use of your e-mail address for marketing purposes) may be carried
out based on your agreement. Normally, you may revoke your permission any time. This also applies to the revocation of
declarations of consent given to us before the GDPR came into effect, this means before 25 May 2018. You will be separately
informed about the purposes and about the consequences of a revocation or a non-issuance of a declaration of consent
in a corresponding text. Basically, the revocation of a declaration of consent will take effect in the future only.
Processing carried out before the revocation are not concerned and remain legitimate.
Purposes to meet legal requirements (Art. 6 section 1 c GDPR) or for the public benefit (Art. 6 section 1 e GDPR)
Like anyone who participates in the economic process, we also have to comply with a lot of legal obligations. Primarily,
these are legal requirements (e.g. trade and tax laws) but also supervisory or other official regulations (e.g. customs
regulations, import and export regulations). The purposes of processing also may include identity and age verification,
fraud and money laundering prevention, the prevention, combat and investigation of terrorist financing and of offences
endangering assets, data comparisons with European and international counter-terrorism lists, compliance with tax-law
control and reporting obligations as well as the storage of data for the purposes of data protection and of data security
as well as audits by tax and other authorities. Moreover, the disclosure of personal data may become necessary in the
framework of official/judicial measures for the purposes of evidence collection, law enforcement or the enforcement of
claims under civil law.
Data categories processed by us unless we directly receive data from your end and their origin
Insofar as this is necessary for rendering our services, we will process permissibly received personal data from other companies
or other third parties (e.g. credit agencies, address databases). Furthermore, we process personal data which we permissibly take,
receive or acquire from publicly accessible sources (such as commercial and association register, civil register, record of
debtors, land registers, press, Internet, and other media) and which we may process.
Categories of relevant personal data may particularly be:
- Personal data (name, date of birth, place of birth, nationality, marital status, profession/trade and similar data)
- Contact data (address, e-mail address, ip address, phone number and similar data)
- Address data (registration data and similar data)
- Payment / cover confirmation with bank and credit cards
- Information on financial situation (credit-history data including scoring, i.e. data required to evaluate an economic risk)
- Customer history
- Data concerning your use of the telemedia offered by us (e.g. time of your opening our websites or newsletters, our
pages / links clicked and/or entries and comparable data)
- Video data
- Client and supplier data we obtain in the scope of our services rendered.
Recipients or categories of recipients of your data
In our company, those internal departments and/or organisational units will receive your data who need them so that we are able to
comply with our contractual and legal duties or to handle and implement our legitimate interest. Your data will exclusively
be transferred to external units
Beyond that, we will not pass your data to third parties. Insofar as we engage service providers in the scope of order
processing, your data will be subject to the same safety standards as in our company. In other cases, the recipients may only
use the data for the purposes which they were transferred for.
- in connection with contract processing;
- for the purposes of complying with legal requirements according to which we are obliged to inform, report or transfer data
or when the data transfer is of public interest (refer to item 2.4);
- insofar as external service providers process data on our account as processor or function assuming unit (e.g. external
computer centers, supportlmainte4nance of EDPIIT applications, archiving, document processing. call center services, compliance
services, controlling, data screening for anti-money-Iaundering purposes, data validation and/or plausibility check, data
destruction, purchase / procurement, customer management, letter shops, marketing, media technology, research, risk controlling,
settlement, telephony, website management, auditing services, credit institutes, printing shops or companies for data removal,
courier services, logistics;
- on the basis of our legitimate interest or the legitimate interest of a third party in the scope of the purposes stated in
item 2.2 (e.g. to authorities, credit agencies, debt collection, lawyers, courts, experts, group enterprises and bodies and
- when you enabled us to transfer data to third parties.
Duration of retention of your data
We process and store your data for the duration of our business relationship. This also includes the initiation of a contract
(precontractual relationship) and the implementation of a contract.
Moreover, we are subject to several retention and documentation obligations which, among others, result from the German Commercial
Code (HG8) and the German Fiscal Code (AO) as well as the International Accounting Standards (I FRS). The periods for retention
and/or documentation stated there, amount to up to ten years after the termination of the business relationship and/or the
pre-contractual legal relationship.
Furthermore, particular legal provisions may require a longer retention period, as for example the maintenance of pieces of evidence
in the scope of statutory limitation periods. According to §§ 195 ff. of the German Civil Code (8GB), the regular statutory
limitation period is three years; however, even limitation periods of up to 30 years may apply.
When data are no longer required for complying with contractual or judicial obligations and rights, they will be deleted at regular
intervals unless their - limited - further processing is required for complying with the purposes for a predominantly legitimate
interest stated in item 2.2. Such a predominantly legitimate interest for example also exists when a deletion is not possible or
only possible at disproportionate expense because of the kind of storage and a processing for other purposes by suitable technical
and organisation measures is impossible.
Processing of your data in a third country or by an international organisation
A data transfer to units in states outside the European Union (EU) and/or the European Economic Area (EEA) (so-called third countries)
will take place when this should be required to execute an order/contract from or with you, when this is prescribed by law (e.g. tax-
law reporting obligations), when it is in the legitimate interest of our company or of a third party, or when you gave your consent to
our doing so.
In this case, the processing of your data in a third country can also take place in connection with the appointment of service
providers in the scope of order processing. Insofar as for the respective country no resolution of the EU Commission concerning the
appropriate data protection level in that country should exist, we will warrant in accordance with the EU Data Protection Guidelines
and on the basis of appropriate contracts that your rights and freedoms are suitably protected and granted. Upon request, we will
provide you with respective detail information.
Information on suitable or appropriate warranties and on the possibility to obtain a copy of them, may be requested from the
company's data protection officer.
Your data protection rights
Under certain conditions, you may assert your data protection rights towards our company
If possible, your requests for exercising your rights should be directed to the above stated address or directly to our data
- You are entitled to be informed by us about your data stored by us according to the provisions of Art. 15 GDPR
(if necessary, with restrictions as per § 34 BDSG).
- Upon your request we will correct the data stored about you as per Art. 16 GDPR when they are incorrect or inaccurate.
- If you wish, we will delete your data according to the principles of Art. 17 GDPR unless other statutory requirements
(e.g. legal retention obligations or restrictions as per § 35 GDPR) or a predominant interest of our company (e.g. for the
defence of our rights and claims) exist.
- Considering the prerequisites of Art. 18 GDPR, you may request from us to limit the processing of your data.
- Furthermore, you can appeal against the processing of your data in accordance with Art. 21 GDPR and we have to stop the
processing of your data. This right of appeal however only applies under quite special circumstances of your personal situation and
rights of our company could be opposed to your right of appeal.
- According to the provisions of Art. 20 GDPR you also are entitled to receive your data in a structured, common and
machine-readable format or to transfer them to a third party.
- Moreover, you are entitled to revoke a given consent to the processing of personal data any time with us taking effect
for the future (refer to item 2.3).
- Furthermore, you have a right of appeal with a data protection supervisory authority (Art. 77 GDPR). However, we
recommend to always direct any complaint to our data protection officer first.
Extent of your obligations to provide us your data
You only have to provide those data that are required for starting and performing business relations or for a precontractual
relationship with us or that we are legally obliged to collect. Generally, we will not be in a position to conclude or execute a
contract without these data. This may later on also refer to data that are required in the scope of our business relations.
If we ask you for data going beyond that scope, you will be separately informed on the voluntary nature of your information.
Existence of an automated decision-making in an individual case (including profiling)
We do not use any purely automated decisions procedures as per Article 22 GDPR. Should we nevertheless use such a procedure in
future in individual cases, we will separately inform you accordingly, if this is prescribed by law.
Possibly we partly process your data with the objective to evaluate certain personal aspects (profiling). In order to purposefully
be able to inform you about products and to advise you, we may use evaluation tools. These tools allow a needs-based product design,
communication and advertising including market research and opinion polling.
We do not use own scoring procedures to assess your financial standing and creditworthiness. Where applicable, we use so-called
"score values" we receive from credit agencies to assess your financial standing and creditworthiness. Such score values assist us
for example in assessing the creditworthiness as well as making decisions in the scope of project and product transactions and
those values influence our risk management.
Information on nationality as well as particular categories of personal data as per Art. 9 GDPR are not processed.
Information on your right of objection Art. 21 GDPR
1. When there are reasons resulting from your particular situation, you always are entitled to object to the
processing of your data on the basis of Art. 6 Section 1 f GDPR (Data processing on the basis of balancing of
interests) or on the basis of Art. 6 section e GDPR (Data processing in public interest) This will also apply
to a profiling in terms of Art. 4 No.4 GDPR based on this provision.
If you file an objection, we will no longer process your personal data, unless we can prove compelling reasons
for processing which outweigh your interests, rights and liberties or which serve the assertion, execution or
defence of legal claims.
2. Where appropriate, we will process your personal data also to conduct direct advertising. If you do not want
to receive any advertising, you always will be entitled to object to receiving advertising; the same also applies
to profiling when it is connected to such direct advertising. We will respect this objection for the future.
We will no longer process your data for the purposes of direct advertising when you object to a procession for
Your objection may be filed without complying with a certain form and should preferably addressed to:
Deutscher Email Verband e. V.
An dem Heerwege 10
Our privacy statement as well as the information on data protection concerning our data processing as per Article (Art.) 13,14 and 21
GDPR may change from time to time. We will publish any changes on www.emailverband.de.