dormakaba International Holding GmbH
DORMA Platz 1, 58256 Ennepetal, Germany
We process personal data, which we receive from you when you make contact with us. We collect customer data, for example, when you use our online contact form, when you call our free information hotline, or when you send an e-mail to our central contact address with an enquiry.
Suppliers and service providers register in the supplier portal in order to take part in tenders, and to be considered as a contracting partner. Their data is collected on registration.
We obtain the delivery addresses of our contracting partners’ customers in order to send our products to the correct location. By these means, we receive data from our contracting partners, who previously acquired it from you directly.
We also process personal data retrieved with your consent from publicly accessible sources (e.g. debtors’ list), or transferred to us with your consent by other companies of dormakaba or by other third parties, such as credit agencies.We process personal data in compliance with the EU General Data Protection Regulation (EU-GDPR) and the German Federal Data Protection Law 2018 (BDSG-Neu).
1.1 for the fulfilment of contractual obligations (article 6 paragraph 1 point b EU-GDPR)
Data is processed for the purpose of fulfilling the contract with you or for implementing pre-contractual measures that take place on your own initiative.
For example, this applies if you order spare parts, services or products from us.
Suppliers and service providers can register in our tendering portal, where they can take part in tenders, in order to enable a contractual relationship.We will also transfer your address details to logistics companies and sub-contracting traders in order to fulfill our obligations and install/maintain the product. It is also possible that we will receive your address details if you are provided as a contact for installation or maintenance, e.g. by your lessor.
Further details about the purposes of data processing can be found in the relevant contract documentation and terms of business.1.2 for the purpose of balancing interests (article 6 paragraph 1 point f EU-GDPR)
Provided that you grant your consent for us to process your personal data for certain purposes (e.g. for sales pitches over the telephone, participating in a competition), it is lawful for your data to be processed on this basis. You may withdraw your consent at any time. This also applies to declarations of consent made prior to the validity of the EU-GDPR, i.e. before May 25, 2018. Withdrawals of consent are effective only for the future and do not affect the legality of data processing until the point of withdrawal.
In order to fulfil commercial and tax requirements, your personal data will be stored for a duration described in further detail below. In accordance with European Union law, we are obligated to take into account embargo and boycott lists when supplying customers, as well as the obligations of suppliers and service providers.
Within our company, your data can be accessed by those individuals or offices who require them to perform their respective role in the company, or to fulfill our contractual or legal obligations.
Service providers used by us may also receive your data. These are initially other dormakaba companies, as well as companies including postal and printing services, IT service providers, telecommunications service providers (call centers), sales partners, web service providers, credit agencies, collection agencies and other service providers hired for the fulfillment of orders.
Under certain conditions, personal data may also be transferred to public institutions, e.g. tax authorities, judicial and law enforcement authorities (e.g. police, prosecution offices, courts), lawyers and notaries, as well as accountants.
Specifically, the following recipients may receive your personal data:
As a rule, we only transfer your personal data to recipients within the European Economic Area as well as Switzerland. Expatriations to non-European countries are an exception. If your personal data is transmitted to third countries outside the European Economic Area, which might not provide an appropriate data protection level, we will take all necessary measures for such data transmissions according to EU-GDPR. We use adequate technical and organizational measures (TOMs) to protect your personal data from unauthorized access or usage as well as unintentional, accidental loss or destruction.
We will always delete your personal data, once the purpose of processing has expired, all mutual obligations have been fulfilled and no other legal obligations or justifications for the storage of your data exist to the contrary.
Legal data storage obligations arise in particular from the German Commercial Code (HGB) and German Fiscal Code (AO). The storage duration specified therein is usually six to ten years. If required, e.g. to secure evidence, customer data is stored until expiry of the legal limitation period. This period lasts three years according to § 195 BGB.
You have the following rights to data protection in accordance with the legal provisions:
You also have the right to complain to the responsible supervisory authority.For North Rhine-Westphalia, for example, this would be the responsibility of the Representative for Data Protection and Freedom of Information for North Rhine-Westphalia (LDI NRW) (https://www.ldi.nrw.de)
H. Am I required to provide you with my personal data?
As part of our business relationship, you must provide the personal data that is required for the initiation, fulfillment and termination of the business relationship and for the fulfillment of the associated contractual obligations, or that we are legally obliged to collect. Without this data, we are generally unable to enter into or fulfil a contract with you.
In our contract forms and on our website, it is clearly marked which information is voluntary and which is compulsory.
We acquire credit information about customers and other contracting partners. During this activity, we evaluate whether your credit rating is adequate enough to enter into a certain contract with you. This decision is partially automated using statistical methods with the aid of information from credit agencies.
We do not use any fully automated decision-making processes for the establishment and fulfillment of business relationships in the sense of article 22 EU-GDPR.
To be able to provide you with targeted information about our products, we sometimes use “profiling”. This means that we process your data in order to evaluate certain personal aspects. This enables tailored communication and advertising, including market and opinion research.