Data protection information for our business partners

Purposes and legal bases of data processing

For the fulfillment of contractual obligations (Art. 6 para. 1 sentence 1 b) GDPR)

The processing of your personal data may be necessary on the one hand due to the implementation of pre-contractual measures that precede a contractually regulated business relationship with you. This may be the case if you contact us - in person, by telephone or electronically (e.g. by e-mail) - to apply for a test account or submit a general request via our online contact form.

On the other hand, the necessity for the fulfillment of the obligations may arise from a contract that you have either concluded with us yourself or have entered into with one of our partners (resellers). This may include, for example, the processing of purchase or rental orders, deliveries or payments. This includes, in particular, the provision of the desired software and, if applicable, hardware, as well as the preparation of and response to requests for quotations from individuals to determine the establishment or terms of a contractual relationship. Contract fulfillment primarily includes customer service in the context of processing complaints and receiving (technical) support requests.

For the fulfillment of a legal obligation (Art. 6 para. 1 sentence 1 c) GDPR)

In individual cases, the purposes of data processing result from legal requirements. These legal obligations include, for example, the fulfillment of retention and identification obligations, e.g. in the context of requirements for the prevention of money laundering, tax control and reporting obligations, commercial and foreign trade law or sanction law regulations and data processing in the context of inquiries from authorities.

For the fulfillment of legitimate interests (Art. 6 para. 1 sentence 1 f) GDPR)

It may also be necessary to process your personal data in order to safeguard legitimate interests. The legitimate interests are in particular the conclusion or execution of contracts and other business relationships with our business partners for whom you may act as a representative or employee.

Furthermore, legitimate interests are internal administrative purposes (e.g. for accounting or process and workflow optimization) or the selection of suitable business partners, securing the IT infrastructure of our company and conducting compliance investigations, asserting legal claims, defending against liability claims, ensuring building and plant security or preventing criminal offences and settling claims resulting from the business relationship.

When a contract is concluded, we collect data about your creditworthiness via credit agencies in order to fulfill the above-mentioned legitimate interests. We use the credit rating data from the credit agencies to check creditworthiness. The credit agencies store data that they receive from banks or companies, for example. This data includes, in particular, surname, first name, date of birth, address and information on payment history. You can obtain information about your stored data directly from the credit agencies.

If you participate in the conclusion of a contract offered by us by means of a digital signature (e.g. Adobe Sign), we process your data, in particular your e-mail address, IP address and the times at which you have processed the respective contract document, e.g. released, displayed or digitally signed, in each case with the time and date. Our legitimate interest lies in the efficient and fast digital processing of the contract signing and the corresponding logging of the signature procedure for verification purposes. It is also possible to sign certain contracts with a so-called qualified electronic signature. In this case, we also process the certificate data of your signature in addition to the data mentioned. Our legitimate interest here is to check whether you have a valid qualified electronic signature, which can be used to replace a possible legal requirement for the written form. The prerequisite for using a qualified electronic signature is registration with a trust service provider (e.g. D-Trust / Bundesdruckerei), which you must carry out yourself. However, the respective provider processes the data you provide during registration under its own responsibility and not on our behalf.

Data processing for direct marketing

We process your data for the purpose of direct advertising, in particular for sending our newsletter if you have purchased a license. This may include invitations to webinars, in-house information events or public trade fairs as well as other information on products similar to those you have purchased.
Data processing is carried out on the basis of § 7 para. 3 UWG and pursuant to Art. 6 para. 1 p. 1 lit. f GDPR in the interest of informing you about new products and services. Each customer has their own right to object to this processing, the exercise of which leads to the termination of processing for the purpose of direct advertising. If data is stored exclusively for direct marketing purposes, it will be deleted after an objection has been made.

On the basis of consent (Article 6(1)(1)(a) GDPR)

In addition, the processing of your personal data may be based on voluntary consent within the meaning of Art. 6 para. 1 sentence 1 a) GDPR. As part of the consent required from your side, we will inform you separately and in detail about the associated data processing.

Obligation to provide your personal data

As part of our business relationship, you must provide the personal data that is necessary for the establishment, execution and termination of a business relationship and for the fulfillment of the associated obligations, which we are legally obliged to collect or which we are entitled to collect on the basis of legitimate interests. Without this data, we will generally not be able to enter into a business relationship with you.

Storage period/criteria for determining the storage period

The personal data will be stored for as long as is necessary to fulfill the above-mentioned purposes or for as long as statutory or contractual retention obligations exist (of particular relevance here are the statutory retention obligations under the German Commercial Code (HGB) and the German Fiscal Code (AO), which provide for storage for up to twelve years) or you have consented to storage beyond this period in accordance with Art. 6 para. 1 lit. a GDPR. 1 sentence 1 a) GDPR have consented.

If you assert your rights as a data subject, your personal data will be stored for 3 years after the final response to prove that we have provided you with comprehensive information and that the legal requirements have been met.

Recipients/categories of recipients of your data

Processors, authorities or service providers also receive access to your personal data within the scope of contractual relationships, to fulfill legal obligations and to protect legitimate interests.
Compliance with data protection regulations is ensured by contract. The data may also be transmitted to companies within the Transgourmet Group in order to fulfill contractual obligations or on the basis of legitimate interest.

In the case of contracts concluded using a digital signature, your data is also accessible to all persons involved in approving and signing the contract, as they receive a record of all processing steps, including the signature, after the contract has been signed. e-mail address, IP address, date and time. Furthermore, your data may be accessible to the respective service providers that we use for the corresponding digital signature process.

If we transfer personal data to recipients outside the European Economic Area (EEA), the transfer will only take place if the third country has been confirmed by the EU Commission to have an adequate level of data protection, an adequate level of data protection has been agreed with the data recipient (e.g. by means of EU standard contractual clauses), or you have given us your consent to do so.

Data origin and data categories (in the case of third-party collection (Art. 14 GDPR))

We also process the categories of data about you listed under "Type of data" (see above, page 1) (in particular contract and correspondence data) if we have received them via one of our digitization partners.

Your data protection rights

You have the right to receive information about the personal data stored about you free of charge upon request (Art. 15 para. 1 GDPR). In addition, if the legal requirements are met, you have the right to rectification (Art. 16 GDPR), erasure (Art. 17 GDPR) and restriction of processing (Art. 18 GDPR) of your personal data and to data portability (Art. 20 GDPR).

You have the right to withdraw your consent at any time with effect for the future if the data is processed on the basis of Art. 6 para. 1 p. 1 lit. a GDPR are processed. Please send your revocation to: privacy@gastronovi.com

You have the right to object to data processing in accordance with Art. 21 GDPR if the data is processed on the basis of Art. 6 para. 1 p. 1 lit. f GDPR are processed. Please send your objection to: privacy@gastronovi.com

In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a data protection supervisory authority: The State Commissioner for Data Protection and Freedom of Information, Arndtstraße 1, 27570 Bremerhaven Tel.: +49 421 3612010 or +49 471 5962010 E-Mail: office@datenschutz.bremen.de.