Data privacy information on the processing of personal data

(in accordance with the EU General Data Protection Regulation GDPR)

In the following, we would like to inform you about the processing of your personal data, which we collect, process and use within the context of our business activities, and the rights you are entitled to in accordance with data privacy law.

1. Who is responsible for processing my personal data and whom can I contact if I have any questions?

The person responsible for processing your personal data within the meaning of the statutory provisions on data privacy (e.g. GDPR) is:

Henze BNP AG Grundweg 1
87493 Lauben Germany
+49 8374 589 97-0
www.henze-bnp.de

Our data privacy officer is happy to answer your questions regarding the processing of your personal data at
Henze BNP AG, Grundweg 1, 87493 Lauben, datenschutz@henze-bnp.de .

2. What types of personal data do I process? For what purposes and on what legal foundation is the processing performed?

We process the following categories of personal data:

  • Contact information such as first name, surname, title, department, position, business address, business telephone number, business mobile phone number, business fax number and business e-mail address
  • Further information that requires processing within the context of the processing of projects or for the execution of contractual relationships or which we receive voluntarily from our business partners
  • Information received from publicly available sources, information databases or from credit agencies

Information required within the framework of compliance screening or screening pursuant to commercial law provisions (sanction list screening).

The personal data related to you will be processed for the following purposes on the following legal basis:

  • Fulfilment (including accounting) of the contract (and execution of pre-contractual measures on your request) on the basis of Art. 6 Par. 1 lit. b) GDPR
  • Fulfilment of legal obligations (e.g. because of commercial or tax-legal defaults) on basis of Art. 6 Par. 1 lit. c) GDPR.
  • Direct advertising and market research on the basis of Art. 6 Par. 1 lit. f) GDPR or, in the case of telephone advertising, on the basis of consent in accordance with Art. 6 Par. 1 lit. a) GDPR. Processing on the basis of Art. 6 Par. 1 lit. f) GDPR may only be done to the extent that this is necessary for safeguarding justified interests of ours or of third parties and this does not outweigh the interests or fundamental rights and freedoms of the person concerned, which require the protection of personal data. You can revoke your consent to telephone advertising at any time in accordance with Art. 7 Par. 3 GDPR.
  • Assessment of your creditworthiness, as well as the communication of indications for establishing your creditworthiness by the credit agency on the basis of Art. 6 Par. 1 lit. b) and f) GDPR. Processing on the basis of Art. 6 Par. 1 lit. f) GDPR may only be done to the extent that this is necessary so as to safeguard justified interests of ours or of third parties and this does not outweigh the interests or fundamental rights and freedoms of the person concerned, which require the protection of personal data.
  • Within this context, personal data collected by the credit agency upon the application, execution and termination of the contractual relationship as well as data on non-contractual or fraudulent conduct will be transmitted.
  • The data exchange with the credit agency also serves the fulfilment of legal obligations to perform creditworthiness checks (§§ 505a and 506 of the German Civil Code).
  • The credit agency processes the data received and also uses it for the purpose of creating a profile (scoring) in order to provide third parties with information for assessing your creditworthiness. Your address data, among other things, is included in the calculation of creditworthiness.

3. Will my personal data be disclosed to other recipients?

Henze BNP AG cooperates with order data processors (e.g. with external service providers for IT systems). These only work on the instructions of Henze BNP AG and are contractually obliged to comply with the applicable data privacy requirements.

The transmission of personal data to courts, supervisory authorities or law firms solely follows - as far as this is legally necessary and permissible - in order to ensure compliance with valid law and for enforcing legal claims.

4. Will my personal data be transferred to third countries?

Your personal data will not be transmitted to third countries or to international organisations.

5. How long will my personal data be stored?

Personal data is stored for the purposes mentioned under 2 for as long as is necessary for the fulfilment of these purposes. Your personal data will be stored for as long as our company has an overriding legal interest in processing it in accordance with the relevant legal provisions for direct advertising and market research, but for no longer than two years exceeding the end of the contract.

6. What rights do I have with regard to the processing of my personal data?

In particular, you have the following rights toward us with regard to your personal data:

  • Right to information about your stored personal data (Art. 15 GDPR),
  • The right to rectification if the data stored concerning you is inaccurate, outdated or otherwise inaccurate (Art. 16 GDPR),
  • Right to deletion if the storage is inadmissible, the purpose of the processing and the storage has been fulfilled and therefore is no longer necessary, or you have revoked your consent granted for the processing of certain personal data (Art. 17 GDPR),
  • Right to restriction of the processing, if one of the conditions mentioned in Art. 18 Par. 1 lit. a) to d) GDPR is given (Art. 18 GDPR),
  • Right to transfer personal data related to you that you has been provided by you (Art. 20 GDPR),
  • The right to revoke a consent granted, whereby the revocation does not affect the lawfulness of the processing carried out up to then on the basis of the consent (Art. 7 Par. 3 GDPR) and
  • Right to submit a complaint to a supervisory authority (Art. 77 GDPR).

Right of Revocation

You can object to the processing of your personal data for purposes of direct marketing and/or market research at any time, without this requiring the provision of reasons. Once we have received your objection, we will no longer process your personal data for the purposes of direct advertising and/or market research and will delete the data, provided processing is not necessary for other purposes (e.g. to fulfil the contract).

You may also object to any other processing which we base on a legitimate interest within the meaning of Art. 6 Par. 1lit. f) GDPR for reasons arising from your particular situation, each time by mentioning these reasons. In the event of a justified objection, we will, as a general rule, no longer process the personal data for the purposes concerned and will delete the data, unless we can prove compelling reasons for the processing that outweigh your interests, rights and freedoms, or when the processing serves the assertion, exercise or defence of legal claims.
The objection is to be addressed to the above-mentioned responsible body.

We are happy to answer any questions you may have regarding the compliance with data privacy regulations.

2019 Henze BNP AG