Data protection information for suppliers and service providers

pursuant to EU General Data Protection Regulation (GDPR), Article 13, 14 and 21

Data protection is of utmost importance to us. The following information explains how we process your data and what your rights are.

1.    Who is responsible for data processing and who can you contact?
Gänsäcker 15
D-78532 Tuttlingen
Phone: +49 (0)7462 200 90
Fax: +49 (0)7462 200 950

2.    Contact details of the Data Protection Officer
Edmund Hilt
hilt evolution

3.    Purpose of processing and legal basis
Your personal data shall be processed in accordance with the provisions of the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other relevant data protection regulations. The processing and use of the individual data depends on the agreed or requested service. Please find further details and additional information regarding processing purposes in our contractual documents, forms, declarations of consent and other information provided (e.g. on the website or in the Terms and Conditions).

3.1    Consent (GDPR, Art. 6(1)(a))
If you have given us consent to process your personal data, this consent shall serve as the legal basis for the processing specified therein. You may revoke your consent with future effect at any time.

3.2    Fulfilling contractual obligations (GDPR, Art. 6(1)(b))

We shall use your personal data for the purpose of fulfilling the contracts we enter into with you, in particular within the context of our order processing and availing of services. Your personal data shall also be processed to implement measures and activities within the framework of pre-contractual relationships.

3.3    Fulfilling legal obligations (GDPR, Art. 6(1)(c))
We shall process your personal data if this is necessary for compliance with legal obligations (e.g. commercial and taxation laws).
Furthermore, we shall process your data if necessary for the fulfilment of fiscal control and reporting obligations, the archiving of data for the purposes of data protection and data security as well as for auditing by tax authorities and other authorities. Disclosure of personal data may also become necessary in the course of official/judicial action for the purposes of gathering evidence, prosecution or enforcement of civil claims.

3.4    Legitimate interest on our part or on the part of third parties (GDPR, Art. 6(1)(f))

We may also use your personal data on the basis of a weighing of interests to protect the legitimate interests on our part or on the part of third parties. This shall apply with regard to the following purposes:
Advertising or market research, provided that you have not objected to the use of your data

  • For the collection of information and the exchange of data with credit agencies if this goes beyond our economic risk
  • For the limited storage of your data if deletion is not possible or only possible with disproportionately great effort on account of the special type of storage
  • For continuing development of services and products as well as existing systems and processes
  • For the assertion of legal claims and defence in legal disputes which are not directly attributable to the contractual relationship
  • For internal and external investigations and/or security audits
  • For certification under private law or official matters
  • For safeguarding and exercising our property rights through appropriate measures (e.g. video surveillance)

4.    Categories of personal data processed by us
The following data shall be processed:

  • Personal details (name, occupation/industry and comparable information)
  • Contact details (address, e-mail address, phone number and comparable information)
  • Supplier history

5.    Who receives your data?

We pass on your personal data within our company to those departments that require this data to fulfil their contractual and legal obligations, or to comply with our legitimate interest.
Moreover, the following bodies may receive your data:

  • Contract processors used by us (GDPR, Art. 28), providers of support services and other parties responsible pursuant to the GDPR, in particular in the areas of: IT services, logistics, courier services, printing services, external computer centres, support/maintenance of IT applications, archiving, document processing, bookkeeping and controlling, data destruction, purchasing/procurement, customer administration, letter shops, marketing, telephony, website management, tax consultancy, auditing services, credit institutions
  • Public bodies and institutions where there is a legal or official obligation requiring us to provide information, report or disclose data or where the disclosure of data is in the public interest
  • Bodies and institutions on the basis of our legitimate interest or the legitimate interest of the third party (e.g. to authorities, credit agencies, debt collection agencies, lawyers, courts, experts and supervisory bodies)
  • Other bodies for which you have given us your consent for the data transfer

6.    Transfer of your data to a third country or an international organisation

Data processing shall not take place outside the EU or EEA.

7.    How long do we store your data?

If required, we shall process your personal data for the duration of our business relationship, including the initiation and execution of a contract.
Furthermore, we are subject to various storage and documentation obligations, including those arising from the German Commercial Code (HGB) and the German Fiscal Code (AO). The periods for storage and documentation specified therein are up to ten years following termination of the business relationship or the pre-contractual legal relationship.
Ultimately, the storage period shall also be determined by the statutory limitation periods, which pursuant to Sections 195 et seq. of the German Civil Code (BGB), for example, are generally three years; however, in certain cases, these may be as long as thirty years.

8.    To what extent is there automatic decision-making in individual cases (including profiling)?
We do not use purely automated decision-making procedures in accordance with GDPR, Article 22. If we use these procedures in individual cases, we shall inform you separately of this, insofar as this is required by law.

9.    Your privacy
You have the right of access to information under GDPR, Article 15, the right to correction under Article 16, the right to deletion under Article 17, the right to limitation of processing under Article 18, and the right to data transferability under Article 20. Furthermore, the right to appeal to a data protection supervisory authority shall apply pursuant to GDPR, Article 77. In accordance with GDPR, Article 21, the right to object to the processing of personal data by us shall always apply. However, this right of objection shall only apply in the case of very special circumstances in your personal situation, where the rights of our company may conflict with your right of objection. If you wish to exercise any of these rights, please contact our Data Protection Officer at

10.    Extent of your obligations to provide us with your data

You shall only be required to provide data which is necessary for the establishment and performance of a business relationship or for a pre-contractual relationship with us or which we are legally obliged to collect. Without this data, we shall not usually be able to enter into or carry out our contract with you. This may also refer to data required later within the framework of the business relationship. If we request additional data from you, you shall be informed of the voluntary nature of the information separately.

11.    Information regarding your right of objection GDPR, Art. 21

You have the right to object to the processing of your data at any time on the basis of GDPR, Art. 6(1)(f) (data processing on the basis of a weighing of interests) or GDPR, Art. 6(1)(e) (data processing in the public interest) if reasons exist relating to your particular situation. This shall also apply to profiling based on this provision as defined in GDPR, article 4(4).
If you object, we shall cease processing your personal data, unless we can provide compelling reasons for its processing worthy of protection, which outweigh your interests, rights and freedoms or if the processing serves to assert, exercise or defend legal claims.
The objection may be sent informally to the address listed under point 1.

12.    Your right to appeal to the competent supervisory authority

Pursuant to GDPR, Art. 77, you have the right to appeal to the data protection supervisory authority. The responsible supervisory authority is:
The State Commissioner for Data Protection and Freedom of Information (Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit)
Königstrasse 10 a
70173 Stuttgart