Information Obligations under the GDPR
Data protection and the safeguarding of your personal data are of the utmost importance to us. Below, we inform you about the processing of your personal data on our website and within our company. The processing of personal data is carried out in accordance with the provisions of the new Federal Data Protection Act (BDSG-new), which came into effect on May 25, 2018, and the General Data Protection Regulation (GDPR), effective as of May 25, 2018.
Name of the Data Controller
dcgreen AG, represented by Prof. Dr. Barnim Jeschke, jeschke@dcgreen.eu
Processing of Personal Data within the Company
We process personal data that we receive from you in connection with requests for information, inquiries, business initiation, contract execution, online orders, or as part of our business relationship. Additionally, we process personal data lawfully obtained from other companies or third parties (e.g., for order execution, contract fulfillment, or based on your consent), as far as it is necessary for the performance of contractual obligations. Relevant personal data include personal details (name, address, and other contact details). These may also include order data, data related to the fulfillment of our contractual obligations, advertising and sales data, documentation data, and other data comparable to the aforementioned categories.
Purposes and Legal Basis of Processing
The purposes of data processing primarily depend on the services you have requested or commissioned. The processing is necessary for the performance of a contract or the execution of pre-contractual measures (Art. 6(1)(b) GDPR).
Personal data is processed for the provision and facilitation of commercial activities, particularly for the initiation or conclusion of a contract with you and the execution of your orders.
Processing is also carried out within the framework of legitimate interests (Art. 6(1)(f) GDPR). Where necessary, we process your data beyond the fulfillment of the contract to protect legitimate interests of ourselves or third parties, such as in the following cases:
– Data exchange with credit agencies (SCHUFA, Creditreform) to assess credit or default risks
– Advertising or market and opinion research, provided you have not objected to the use of your data
– Responding to inquiries and requests for information
– Assertion of legal claims and defense in legal disputes
– Ensuring IT security
– Prevention and investigation of criminal offenses
– Business management measures and the development of services and products
You have given your consent to the processing of your personal data for one or more specific purposes (Art. 6(1)(a) GDPR).
If you have given us consent for the processing of personal data for certain purposes (e.g., advertising, newsletter distribution, publication of photos or personal data), the lawfulness of this processing is based on your consent.
Consent may be withdrawn at any time. This also applies to the withdrawal of consents given to us before the GDPR came into effect on May 25, 2018.
The withdrawal of consent will only take effect for the future. Processing that occurred before the withdrawal remains unaffected.
Processing is necessary to comply with a legal obligation to which we are subject (Art. 6(1)(c) GDPR). As a company, we are subject to various legal obligations, such as tax and social security control and reporting obligations. Further requirements may arise from the Disability Act, occupational health and safety laws, fraud and money laundering prevention, compliance with EU anti-terrorism regulations, among others.
Recipients or Categories of Recipients of the Data (if data is transmitted)
Within the company, departments that require your data to fulfill our contractual and legal obligations will receive it. Service providers we engage (Art. 28 GDPR) may also receive data for the aforementioned purposes. These include companies in the fields of financial services, IT services, printing services, telecommunications, consulting, and marketing.
Outside the company, third parties who require your data to fulfill contractual obligations may receive it, such as:
– Tax consultants, auditors, advisors
– Lawyers (e.g., in disputes, debt collection)
– Technicians and craftsmen (maintenance, repair measures)
– Transport and logistics companies
– Debt collection agencies
– Banks and savings banks
– Credit agencies (e.g., SCHUFA, Creditreform)
Storage Duration or Criteria for Determining the Duration
Where necessary, we process and store your personal data for the duration of our business relationship, which includes the initiation and execution of a contract. Additionally, we are subject to various retention and documentation obligations, which arise mainly from the German Commercial Code (HGB) and the German Fiscal Code (AO). The retention or documentation periods specified there range from six to ten years.
The storage duration also depends on the statutory limitation periods, which, according to Sections 195 et seq. of the German Civil Code (BGB), typically amount to 3 years. If evidence preservation is required, e.g., in the context of legal proceedings, the limitation periods under the German Civil Code (BGB) may extend up to 30 years if a court judgment exists.
Upon termination of the contractual relationship, the data will be deleted after the expiry of statutory retention periods. If the purpose for storing the data ceases, personal data will be blocked or deleted, provided there are no legal retention obligations to the contrary.
Rights of the Data Subject
Every data subject has the following data protection rights under the GDPR:
– Right of access (Art. 15 GDPR)
– Right to rectification of inaccurate data (Art. 16 GDPR)
– Right to erasure (Art. 17 GDPR)
– Right to restriction of processing (Art. 18 GDPR)
– Right to data portability (Art. 20 GDPR)
– Right to object (Art. 21 GDPR)
To exercise your aforementioned rights or to withdraw consent, please contact the data controller indicated above. You have the right to lodge a complaint with a supervisory authority. You can exercise this right with a supervisory authority in the member state of your residence, workplace, or the place of the alleged infringement. Before lodging a complaint, we kindly ask that you attempt to resolve the matter with our data protection officer.
Planned Data Transfers to Third Countries
Currently, no data transfers to third countries are taking place, nor are they planned for the future.
Voluntary Nature and Obligation to Provide Personal Data
In the context of our business relationship, you must provide personal data that is necessary for initiating and conducting a business relationship and fulfilling the associated contractual obligations or that we are legally obliged to collect. Without this data, we cannot enter into or perform a contract.
Automated Decision-Making, Including Profiling
We do not use automated decision-making, including profiling, within the meaning of Art. 22 GDPR to establish and carry out the business relationship.