Data protection information for our business partners

Compliance with data protection regulations is a high priority for us. In the following, we would like to inform you as a business partner or as the contact person of a corresponding business partner responsible for us about the collection and processing of your personal data.

Status: April 01, 2024

Person responsible

The controller responsible for data processing is

gastronovi GmbH
Buschhöhe 2
28357 Bremen
Telefon: +49 421 408942-0
E-Mail: kontakt@gastronovi.com

Type of data

As part of our business relationship, you must provide the personal data that is necessary for the establishment, execution and termination of a business relationship and for the fulfillment of the associated obligations, which we are legally obliged to collect or which we are entitled to collect on the basis of legitimate interests. Without this data, we will generally not be able to enter into a business relationship with you.
If you as a business partner or your company enter into a business relationship with us, we therefore generally process the following personal data:

  • Title, first name, last name,
  • a valid e-mail address,
  • Address of the business partner,
  • Business phone number (landline/mobile)
  • the required offer and contract information (including a. Object of the business relationship, type of service, related price information, execution modalities, time of execution, Information on the due date),
  • Information relating to the implementation of the business relationship (correspondence data, any warranty issues, duration of the business relationship),
  • If applicable, tax number, HRB number and business bank details

Purposes and legal bases of data processing

For the fulfillment of contractual obligations (Art. 6 para. 1 sentence 1 b) GDPR)

The processing of your personal data may be necessary on the one hand due to the implementation of pre-contractual measures that precede a contractually regulated business relationship with you. This may be the case if you contact us - in person, by telephone or electronically (e.g. by e-mail) - to apply for a test account or submit a general request via our online contact form.

On the other hand, the necessity for the fulfillment of the obligations may arise from a contract that you have either concluded with us yourself or have entered into with one of our partners (resellers). This may include, for example, the processing of purchase or rental orders, deliveries or payments. This includes, in particular, the provision of the desired software and, if applicable, hardware, as well as the preparation of and response to requests for quotations from individuals to determine the establishment or terms of a contractual relationship. Contract fulfillment primarily includes customer service in the context of processing complaints and receiving (technical) support requests.

For the fulfillment of a legal obligation (Art. 6 para. 1 sentence 1 c) GDPR)

In individual cases, the purposes of data processing result from legal requirements. These legal obligations include, for example, the fulfillment of retention and identification obligations, e.g. in the context of requirements for the prevention of money laundering, tax control and reporting obligations, commercial and foreign trade law or sanction law regulations and data processing in the context of inquiries from authorities.

For the fulfillment of legitimate interests (Art. 6 para. 1 sentence 1 f) GDPR)

It may also be necessary to process your personal data in order to safeguard legitimate interests. The legitimate interests are in particular the conclusion or execution of contracts and other business relationships with our business partners for whom you may act as a representative or employee.

Furthermore, legitimate interests are internal administrative purposes (e.g. for accounting or process and workflow optimization) or the selection of suitable business partners, securing the IT infrastructure of our company and conducting compliance investigations, asserting legal claims, defending against liability claims, ensuring building and plant security or preventing criminal offences and settling claims resulting from the business relationship.

When a contract is concluded, we collect data about your creditworthiness via credit agencies in order to fulfill the above-mentioned legitimate interests. We use the credit rating data from the credit agencies to check creditworthiness. The credit agencies store data that they receive from banks or companies, for example. This data includes, in particular, surname, first name, date of birth, address and information on payment history. You can obtain information about your stored data directly from the credit agencies.

If you participate in the conclusion of a contract offered by us by means of a digital signature (e.g. Adobe Sign), we process your data, in particular your e-mail address, IP address and the times at which you have processed the respective contract document, e.g. released, displayed or digitally signed, in each case with the time and date. Our legitimate interest lies in the efficient and fast digital processing of the contract signing and the corresponding logging of the signature procedure for verification purposes. It is also possible to sign certain contracts with a so-called qualified electronic signature. In this case, we also process the certificate data of your signature in addition to the data mentioned. Our legitimate interest here is to check whether you have a valid qualified electronic signature, which can be used to replace a possible legal requirement for the written form. The prerequisite for using a qualified electronic signature is registration with a trust service provider (e.g. D-Trust / Bundesdruckerei), which you must carry out yourself. However, the respective provider processes the data you provide during registration under its own responsibility and not on our behalf.

Data processing for direct marketing

We process your data for the purpose of direct advertising, in particular for sending our newsletter if you have purchased a license. This may include invitations to webinars, in-house information events or public trade fairs as well as other information on products similar to those you have purchased.
Data processing is carried out on the basis of § 7 para. 3 UWG and pursuant to Art. 6 para. 1 p. 1 lit. f GDPR in the interest of informing you about new products and services. Each customer has their own right to object to this processing, the exercise of which leads to the termination of processing for the purpose of direct advertising. If data is stored exclusively for direct marketing purposes, it will be deleted after an objection has been made.

On the basis of consent (Article 6(1)(1)(a) GDPR)

In addition, the processing of your personal data may be based on voluntary consent within the meaning of Art. 6 para. 1 sentence 1 a) GDPR. As part of the consent required from your side, we will inform you separately and in detail about the associated data processing.

Obligation to provide your personal data

As part of our business relationship, you must provide the personal data that is necessary for the establishment, execution and termination of a business relationship and for the fulfillment of the associated obligations, which we are legally obliged to collect or which we are entitled to collect on the basis of legitimate interests. Without this data, we will generally not be able to enter into a business relationship with you.

Storage period/criteria for determining the storage period

The personal data will be stored for as long as is necessary to fulfill the above-mentioned purposes or for as long as statutory or contractual retention obligations exist (of particular relevance here are the statutory retention obligations under the German Commercial Code (HGB) and the German Fiscal Code (AO), which provide for storage for up to twelve years) or you have consented to storage beyond this period in accordance with Art. 6 para. 1 lit. a GDPR. 1 sentence 1 a) GDPR have consented.

If you assert your rights as a data subject, your personal data will be stored for 3 years after the final response to prove that we have provided you with comprehensive information and that the legal requirements have been met.

Recipients/categories of recipients of your data

Processors, authorities or service providers also receive access to your personal data within the scope of contractual relationships, to fulfill legal obligations and to protect legitimate interests.
Compliance with data protection regulations is ensured by contract. The data may also be transmitted to companies within the Transgourmet Group in order to fulfill contractual obligations or on the basis of legitimate interest.

In the case of contracts concluded using a digital signature, your data is also accessible to all persons involved in approving and signing the contract, as they receive a record of all processing steps, including the signature, after the contract has been signed. e-mail address, IP address, date and time. Furthermore, your data may be accessible to the respective service providers that we use for the corresponding digital signature process.

If we transfer personal data to recipients outside the European Economic Area (EEA), the transfer will only take place if the third country has been confirmed by the EU Commission to have an adequate level of data protection, an adequate level of data protection has been agreed with the data recipient (e.g. by means of EU standard contractual clauses), or you have given us your consent to do so.

Data origin and data categories (in the case of third-party collection (Art. 14 GDPR))

We also process the categories of data about you listed under "Type of data" (see above, page 1) (in particular contract and correspondence data) if we have received them via one of our digitization partners.

Data transfer outside the EU/EEA

a) Adequacy decision

Switzerland
As part of the process, we also transmit your data to our partners in Switzerland for the purpose of contract processing and customer service. The legal basis for data transmission is Art. 6 para. 1 p. 1 lit. b GDPR. For Switzerland, there is an adequacy decision by the European Commission. You can view it here: https://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32000D0518&from=BG. Further information on how to obtain an adequacy decision from the European Commission can be found here: https://edps.europa.eu/data-protection/data-protection/glossary/a_de. If you would like more information about this, please contact our data protection officer.

b) EU standard contractual clauses

We also transfer your data to Atlassian as part of the process. Pty Ltd (Atlassian for short) in Australia to operate the status display for our customer systems (https://status.gastronovi.com) strictly in accordance with our instructions. The legal basis for data transmission is Art. 6 para. 1 p. 1 lit. f GDPR. There is no adequacy decision for Australia pursuant to Art. 45 para. 3 GDPR by the European Commission, so that we have agreed with Atlassian on the data processing in accordance with Art. 46 para. 2 lit. c GDPR by the EU Commission (as of 2021) and have agreed further guarantees to ensure a secure level of data protection in the third country. Information on the EU standard contractual clauses can be found on the EU Commission's website: https://commission.europa.eu/publications/standard-contractual-clauses-international-transfers_de. If you would like to receive further information about this or a copy of these contracts, please contact our data protection officer."

Your data protection rights

You have the right to receive information about the personal data stored about you free of charge upon request (Art. 15 para. 1 GDPR). In addition, if the legal requirements are met, you have the right to rectification (Art. 16 GDPR), erasure (Art. 17 GDPR) and restriction of processing (Art. 18 GDPR) of your personal data and to data portability (Art. 20 GDPR).

You have the right to withdraw your consent at any time with effect for the future if the data is processed on the basis of Art. 6 para. 1 p. 1 lit. a GDPR are processed. Please send your revocation to: privacy@gastronovi.com

You have the right to object to data processing in accordance with Art. 21 GDPR if the data is processed on the basis of Art. 6 para. 1 p. 1 lit. f GDPR are processed. Please send your objection to: privacy@gastronovi.com

In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a data protection supervisory authority: The State Commissioner for Data Protection and Freedom of Information, Arndtstraße 1, 27570 Bremerhaven Tel.: +49 421 3612010 or +49 471 5962010 E-Mail: office@datenschutz.bremen.de.

Contact details of the data protection officer

You can contact our data protection officer (datenschutz nord GmbH) at office@datenschutz-nord.de. When contacting our data protection officer, please indicate the above-mentioned person responsible.