data protection

Privacy Policy

1.Privacy at a glance

General comments

The following provides a simple overview of what happens to your personal information when you visit our website. Personal data is all data that personally identifies you. Detailed information on the subject of data protection is available in our Privacy Policy, included below.

Data collection on our website
Who is responsible for the data collection on this website?
The data processing on this website is carried out by the website operator. Their contact details are available in the site notice of this website.
How do we collect your data?

One way in which we collect your data is when you provide it. This might be data that you enter in a contact form, for example.

Other data is collected automatically through our IT systems when visiting the website. These include mainly technical data (e.g. internet browser, operating system or time of the page request). The collection of this data takes place automatically, as soon as you access our website.

What do we use your data for?

One reason we collect information is to ensure that our website functions well. Other data can be used to analyse your user behaviour.

What rights do you have regarding your data?

At any time you have the right to obtain free information about the origin, recipient and purpose of your stored personal data. You also have a right to request the correction, blocking or deletion of this data. To do so, or ask other questions about data protection, you can contact us at any time via the address provided in the site notice. Furthermore, you have a right of appeal to the competent supervisory authority.

Analysis tools and third-party tools

When you visit our website, your surfing behaviour can be statistically evaluated. This happens mainly with cookies and so-called analysis programmes. The analysis of your surfing behaviour is usually anonymous; the surfing behaviour cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. Details can be found in our Privacy Policy. You can object to this analysis. This Privacy Policy includes options for objection.

2.General information and mandatory information

Data protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this Privacy Policy.

If you use this website, various personal data will be collected. Personal data is information that personally identifies you. This Privacy Policy explains what information we collect and what we use it for. It also explains how and for what purpose this happens.

Please note that data transmission over the Internet (e.g. in communication by email) can have security gaps. The complete protection of the data from access by third parties is not possible.

The responsible authority

The responsible authority for data processing on this website is:

BOSIG Holding GmbH & Co. KG
Legally represented by BOSIG Holding Beteiligungs-GmbH
These are legally represented by the Managing Director Oliver Schmid
Brunnenstrasse 75-77
73333 Gingen an der Fils, Germany

Register Court Ulm HRB 723498

Telephone: 0049 (0) 7162/4099-0
Fax: 0049 (0) 7162/4099-202

Email: info@bosig.de

The responsible body is the natural or legal person who, alone or with others, decides on the purposes and means of processing personal data (e.g. names, email addresses, etc.).

Data Protection Officer

We have appointed a data protection officer for our company.

MSO Consulting
Daniel Voigtländer
Zeisigweg 11
71397 Leutenbach, Germany
Telephone: 07195/9772959
Email: datenschutz@bosig.de

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke an existing consent at any time. An informal message by email is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right of appeal to the competent supervisory authority

In the case of violations of data protection law, the person concerned has the right of appeal to the competent supervisory authority. The competent supervisory authority for data protection issues is the state data protection officer of the federal state in which our company is based. A list of data protection officers and their contact details can be found via the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Right to data portability

You have the right to have access to the data that we process on the basis of your consent or in the fulfilment of a contract in a standard, machine-readable format. You also have the right to have it forwarded to a third party. If you require the direct transfer of data to another responsible party, this will only take place to the extent technically feasible.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognise an encrypted connection by the change in the address line of the browser from “http: //” to “https: //” and the lock symbol in your browser line.

If SSL or TLS encryption is enabled, the data you submit to us cannot be read by third parties.

Information, blocking, deletion

You have the right to free information on your stored personal data, their origin and recipient and the purpose of the data processing and, if necessary, a right to the rectification, blocking or deletion of this data. To do so, or ask other questions about data protection, contact us at any time via the address provided in the site notice.

Objection to advertising mails

We hereby object to the use of information provided in the site notice for the purposes of sending unsolicited advertising and information materials. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information (for example through spam emails).

3. Data collection on our website

Cookies

The internet pages use so-called cookies in some cases. Cookies do not harm your computer and do not contain viruses. Cookies serve to make our site more user-friendly, effective and secure. Cookies are small text files that are stored on your computer by your browser.

Most of the cookies we use are so-called “session cookies”. They are automatically deleted after your visit. Other cookies remain stored on your device until you delete them. These cookies allow us to recognise your browser the next time you visit.

You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general and enable the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.

Cookies that are required to carry out the electronic communication process or to provide certain functions that you want to use (e.g. shopping cart function) are saved on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the storage of cookies for the error-free and optimised provision of its services. If other cookies (e.g. cookies for the analysis of your surfing behaviour) are stored, they will be treated separately in this Privacy Policy.

Server Log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These include:

  • Browser type and browser version
  • Operating system
  • Refferrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP adress

We do not merge this data with other sources of information.

The basis for data processing is Art. 6 para. 1 lit. b GDPR, which allows the processing of data to fulfil a contract or pre-contractual actions.

Contact form

If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored in order to process the request and in case of follow-up questions. We will not share this information without your consent.

The processing of the data entered into the contact form is therefore exclusively based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. An informal message by email is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.

We keep the data entered by you in the contact form until you ask us for deletion, revoke your consent to the storage or the purpose for the data storage no longer exists (e.g. after completion of your request). Mandatory statutory provisions – especially retention periods – remain unaffected.

4. Social media

Facebook Plugins (Like & Share Button)

Our pages include integrated plugins from the social network Facebook, provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. The Facebook plugins can be recognised by the Facebook logo or the “like button” on our site. An overview of the Facebook plugins can be found here: https://developers.facebook.com/docs/plugins/.
When you visit our pages, the plugin establishes a direct connection between your browser and the Facebook server. Facebook receives the information that you have visited our site with your IP address. If you click on the Facebook “like button” while you are logged into your Facebook account, you can link the contents of our pages to your Facebook profile. As a result, Facebook can assign the visit to our pages to your user account. We point out that we as the provider of the pages are not aware of the content of the data transmitted and their use by Facebook. For more information, see the Facebook Privacy Policy at: https://de-de.facebook.com/policy.phpIf you do not wish Facebook to associate your visit to our pages with your Facebook user account, please log out of your Facebook user account.

5. Analysis tools and advertising

Google Analytics

This website uses functions of the web analytics service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and that enable the analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

Google Analytics cookies are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising.

Browser Plugin

You can prevent the storage of cookies via your browser settings; however, please note that if you do this, you may not be able to use this website to the fullest extent possible. In addition, you may prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by downloading and installing this browser plug-in: https://tools.google.com/dlpage/gaoptout?hl=en.

Objection to data collection

You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this site: Disable Google Analytics. For more information on the use of user data by Google Analytics, please refer to the Google Privacy Policy: https://support.google.com/analytics/answer/6004245?hl=en.

Demographics in Google Analytics

This website uses the demographics feature of Google Analytics. As a result, reports can be produced that contain statements on the age, gender and interests of the site visitors. This data comes from interest-based advertising from Google and third-party visitor data. This data cannot be assigned to a specific person. You can disable this feature at any time through the ad settings in your Google Account, or generally prohibit Google Analytics from collecting your data, as described in the “Objection to data collection” section.

Google reCAPTCHA

We use “Google reCAPTCHA” (hereafter “reCAPTCHA”) on our websites. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

reCAPTCHA checks whether the data entry on our websites (e.g. in a contact form) is done by a human or an automated programme. For this, reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis will be forwarded to Google.

The reCAPTCHA analyses take place in the background. Site visitors are not advised that an analysis is taking place.

The data processing is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its websites from abusive automated spying and SPAM.

For more information about Google reCAPTCHA and Google’s Privacy Policy, please visit the following links: https://policies.google.com/privacy?hl=en and https://www.google.com/recaptcha/intro/android.html.

6. Plugins and tools

Google Web Fonts

This site uses so-called web fonts, provided by Google, for the uniform representation of fonts. When you call up a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.

To do this, the browser you use must connect to Google’s servers. As a result, Google learns that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a consistent and attractive presentation of our online services. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

If your browser does not support web fonts, a default font will be used by your computer.

For more information about Google Web Fonts, see https://developers.google.com/fonts/faq and Google’s Privacy Policy: https://www.google.com/policies/privacy/.

Google Maps

This site uses the mapping service Google Maps via an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

To use the features of Google Maps, it is necessary to save your IP address. This information is usually transmitted to and stored on a Google server in the United States. The provider of this site has no influence on this data transfer.

The use of Google Maps is in the interest of an attractive presentation of our online offers and an easy findability of the places we have indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

For more information on how to handle user data, please refer to the Google Privacy Policy: https://www.google.de/intl/de/policies/privacy/.

Data privacy information for candidates

pursuant to Art. 13 and Art. 14 of the General Data Privacy Regulation GDPR

To us, data privacy is paramount. We will here inform you about how we process your data and the rights you have in this respect.

1. Who is responsible for data processing and whom may you contact in this regard?

BOSIG GmbH
Brunnenstraße 75-77
73333 Gingen

2. Contact details of the Data Privacy officer
3. Purpose of processing and legal basis

Your personal data will be processd in accordance with the provisions of the General Data Privacy Regulation (GDPR), the Bundesdatenschutzgesetzt BDSG [Federal Data Privacy Act] and other relevant data privacy regulations. You may find further details and amendments on the purposes of processing in our contract documents, forms, declarations of consent and other information made available to you (e.g. on the website).

3.1 Consent (Art. 6 (1) (a) GDPR)

Your consent to the processing of personal data will serve as the legal basis for processing. You may revoke your consent at any time, with effect into the future.

3.2 Performance of contractual obligations (Art. 6 (1) (b) GDPR)

We will process your personal data in the course of handling your application. Processing may also be digital. This will apply especially when you submit your application documentation electronically, e.g. by e-mail or via a form on the website.

3.3 Compliance with legal obligations (Art. 6 (1) (c) GDPR)

We will process your personal data should we be legally obligated to.
This may be the case if, among other:

  • Reference is required to European and international counter-terrorism lists

Disclosure of personal data is required within the framework of official/judicial measures for purposes of evidence, law enforcement or civil claims.

3.4 Our own legitimat interests or those of third parties (Art. 6 (1) (f) GDPR)

We may also use your personal data to assess the interests in ensuring that our own or third party legitimate interests will be maintained. This may be required for the following purposes:

  • Limited retention of your data should deletion be impossible or require unreasonably high effort due to special storage methods
  • Comparison with European and international counter-terrorism lists should this surpass legal obligations
  • Ensuring and exercising our domestic authority through corresponding action (e.g. video surveillance)
4. Categories of personal data we will process

The following data are processed:

  • Personal data (name, date of birth, place of birth, nationality, civil status, occupation/industry and similar)
  • Contact details (mailing adress, e-mail adress, telephone number and similar)
  • Complete application documentation (e.g. CV, certificates, references)
5. Who will obtain your data?

We will forward your personal data to internal departments that need the data for contractual and legal purpose or to protect our legitimate interests.

The following bodies may also receive your data:

  • public bodies and institutions in cases whrer we may be under legal or regulatory obligation to provide information, notification or disclosure of data, or should the latter be in the public interest
  • other entities that you agreed may receive your data.
6. Transmission of your data to a third country or an international organisation

No data will be processed outside the EU or the EEA.

7. How long will we store your data?

Should the entity responsible for processing conclude a contract of employment with a candidate, the transmitted data will be stored compliant with regulatory requirements, for purposes of the employment relationship. Should the entitiy responsible for processing not conclude an employment contract with the candidate, the application documents will be automatically deleted three months after communication of such decision, unless deletion opposes other legitimate interests of the entity responsible for processing. Other legitimate interest would, for instance, include provisioning of proof under an action under the Allgemeines Gleichbehandlungsgesetz (AGG) [General Equal Treatment Act].

8. To what extent will automated decision-making be applied in individual cases (including profiling)?

We are not using automated decision-making procedures as per Article 22 GDPR. We will specifically inform you should we resort to this in individual cases, provided this is required by law.

9. Your data privacy rights

You have the right to information under Art. 15 GDPR the right to correction under Art. 16 GDPR, the right to deletion under Art. 17 GDPR, the right to limit processing under Art. 18 GDPR and the right to data transferability under Art. 20 GDPR.

You also have the right to lodge a complaint with a supervisory data privacy authority (Art. 77 GDPR). Article 21 GDPR also grants you the basic right to object to our processing of your personal data. This right to objection will, however, be prerequisite upon your special personal circumstances; our domestic authority may oppose your right of objection. Please contact our Data Privacy Officer datenschutz@bosig.de should you intend to assert such a right.

10. Extent of your obligations to provide us with your data

You will need to provide only the data required for your application. We will generally not be able to conclude a contract of employment with you unless we have this information. You will be separaftely informed of the voluntary nature of any additional information we may request.

11. Your right to lodge a complaint with the competent supervisory authority

The Landesbeauftragte für den Datenschutz und die Informationsfreiheit [The State Commisioner for Data Privacy and Freedom of Information]

Königstrasse 10 a
70173 Stuttgart

Data privacy information for customers and interested parties

pursuant to Art. 13, 14 and 21 of the General Data Privacy Regulation GDPR

To us, data privacy is paramount. We will here inform you about how we process your data and the rights you have in this respect.

1. Who is responsible for data processing and whom may you contact in this regard?

BOSIG GmbH
Brunnenstraße 75-77
73333 Gingen

2. Contact details of the date privacy officer
3. Purpose of processing and legal basis

Your personal data will be processed in accordance with the provisions of the General Data Privacy Regulation (GDPR), the Bundesdatenschutzgesetz BDSG [Federal Data Privacy Act] and other relevant data privacy regulations. The processing and use of individual data depends on the service agreed to or applied for. You may find further details and amendments on the purposes of processing in our contract documents, forms, declarations of consent and other information made available to you (e.g. on the website or terms and conditions).

3.1 Consent (Art. 6 (1) (a) GPDR)

Your consent to the processing of personal data will serve as the legal basis for processing. You may revoke your consent at any time, with effect into the future.

3.2 Performance of contractual obligations (Art. 6 (1) (b) GPDR)

We will process your personal data to execute our contracts with you, i.e. especially for initiating and processing of orders. Your personal data will furthermore be processed for purposes of implementation of measures and activities in the context of pre-contractual relationships.

3.3 Compliance with legal obligations (Art. 6 (1) (c) GPDR)

We will process your personal data as required under statutory obligations (e.g. commercial or tax laws).

This may be the case if, among other:

  • Reference is required to European and international counter-terrorism lists
  • Compliance is required with tax control and reporting obligations and where data must be archieved for data privacy and data security purposes and for examination by fiscal and other authorities.

Disclosure of personal data may also be required in the context of official/judicial measures for evidentiary purposes or law enforcement or the assertion of civil claims.

3.4 Our own legitimate interests or those of third parties (Art. 6 (1) (f) GPDR)

We may also use your personal data to assess interests in ensuring that our own or third party legitimate interests will be maintained. Tis may be required for the following purposes:

  • for advertising or market research unless you have objected to the utilisation of your data
  • for obtaining information and exchanging data with credit agencies, should our economic risk be excessive
  • for limited retention of your data schould deletion be impossible or require unreasonably high effort due to special storage methods
  • for comparison to European and international counter-terrorism lists should this surpass legal obligations
  • for further development of services and products, including existing systems and processes
  • for ensuring and exercising our domestic authority through corresponding action (e.g. video surveillance)
4. Categories of personal data we will process

The following data are processed:

  • Personal data (first name, surname, occupation/industry and similar data)
  • Contact details (mailing address, e-mail address, telephone number and similar data)
  • Customer history
We will if necessary also process personal data available from public sources (e.g. internet, media, press, trade and club registries, registration records, debtor directories, land registers). To the extent required for provisioning of our service we will process personal data that we lawfully receive from third parites (e.g. address publishers, credit agencies).
5. Who will obtain your data?

We will forward your personal data to internal departments that need the data for contractual and legal purposes or to protect our legitimate interests.

The following bodies may also receive your data:

  • Our commissioned order processors (Art. 28 GDPR) especially in the fields of: IT services, logistics services, suppliers, external data centres, controlling, auditing service, credit institutes, courier services and logisitcs
  • Public bodies and institutions in cases where we may be under legal or regulatory obligation to provide information, notification or disclosure of data, or should the latter be in the public interest
  • Bodies and institutions, based on our legitimate interest or that of the third party in the context of purposes set out in Point 3.4 (e.g. to authorities, credit agencies, debt collection, lawyers, courts, appraisers, group companies and committees and supervisiory bodies)
  • Other entities you have agreed may receive your data (e.g. dealers or business partners)
6. Transmisson of your data to a third country or an international organisation

No data will be proccessed outside the EU or the EEA.

7. How long will we store your data?

We will to the extent necessary process your personal data for the duration of our business relationship, including also the initiation and execution of contracts.

We are also subject to various obligations of storage and documentation based, among other on the Commercial Code (HGB) and the Revenue Code (AO). The deadlines for such storage and documentation are up to ten years beyond the end of the business relationship or of pre-contractual legal relationships.

Storage periods will also depend on statutory periods of limitation which will normally be three years, but up to thirty years in some cases, pursuant to §§ 195 et. seq. of the Civil Code (BGB).

8. To what extent will automated decision-making be applied in individual cases (including profiling)?

We are not using automated decision-making procedures as per Article 22 GDPR. We will specifically inform you schould we resort to this in individual cases, privided this is required by law.

9. Your data privacy rights

You have the right to information under Art. 15 GDPR, the right to correction under Art. 16 GDPR, the right to deletion under Art. 17 GDPR, the right to limit processing under Art. 18 GDPR and the right to data transferability under Art. 20 GDPR. You also have the right to lodge a complaint with a supervisory data privacy authority (Art. 77 GDPR). Article 21 GDPR also grants you the basic right to object to our processing of your personal data. This may oppose your right of objection. Please contact our Data Privacy Officer datenschutz@bosig.de should you intend to assert such a right.

10. Extent of your obligations to provide us with your data

You only need to provide the information necessary to enter into a business or a pre-contractual relationship with us, or information we are required to collect by law. We will generally not be able to conclude or execute a contract with you unless we have this information. This may also apply to data required in a later phase of the business relationship. You will be separately informed of the voluntary nature of any additional information we may request.

11. Informaton about your right to object Ar. 21 GDPR

You have the right at any time to object to the processing of your data as per Art. 6 (1) (f) GDPR (data processing based on weighting of interests) or Art. 6 (1) (e) GDPR (data processing in the public interest) should you have reasons related to your particular situation. This will also apply to profiling in terms of Art. 4 (4) GDPR, based on this provision.
We will cease processing your personal data should you lodge an objection, unless we can demonstrate compelling legitimate reasons for processing to overrule your interets, rights and freedoms or unless processing serves a purpose of enforcing, pursuing or defending legal claims.
We will also, if required, process your personal data for purposes of direct advertising. You have the right at any time to object to receiving advertising. This will also apply to profiling, to the extent related to such direct advertising. We shall respect this objection with effect into the future.
We will cease processing your data for direct marketing purposes if you object to this.

The objection may be made informally to the address given under Point 1.

12. Your right to lodge a complaint with the competent supervisory authortity

You have the right to lodge a complaint with the supervisory data privacy authority (Art. 77 GDPR). The supervisory authority responsible for us is:

The Landesbeauftragte für den Datenschutz und die Informationsfreiheit [State Commisioner for Data Privacy and Freedom of Information]

Königstrasse 10 a
70173 Stuttgart

 

Data privacy information for suppliers

pursuant to Art. 13, 14 and 21 of the General Data Privacy Regulation GDPR

To us, data privacy is paramount. We will here inform you about how we process your data and the rights you have in this respect.

1. Who is respnsible for data processing and whom may youn contact in this regard?

BOSIG GmbH
Brunnenstraße 75-77
73333 Gingen

2. Contact details for the Data Privacy Officer
3. Purposes of processing and legal basis

Your personal data will be proccessed in accordance with the provisions of the General Data Privacy Regulation (GDPR), the Bundesdatenschutzgesetzt BDSG [Federal Data Privacy Act] and other relevant data privacy regulations. The processing and use of individual data depends on the service agreed to or applied for. You may find further details and amendments on the purposes of processing in our contract documents, forms, declarations of consent and other information made available to you (e.g. on the website or terms and conditions).

3.1 Consent (Art. 6 (1) (a) GDPR)

Your consent to the processing of personal data will serve as the legal basis for processing. You may revoke your consent at any time, with effect into the future.

3.2 Performance of contractual obligations (Art. 6 (1) (b) GDPR)

We will process your personal data to perform our contracts with you, especially in the context of processing orders and utilising services. Your personal data will furthermore be processed for purposes of implementation of measures and activities in the context of pre-contractual realationships.

3.3 Compliance with legal obligations (Art. 6 (1) (c) GDPR)

We will process your personal data as required under statutory obligations (e.g. commercial or tax laws).

This may be the case if, among other:

  • Reference is required to European and international counter-terrorism lists
  • Compliance is required with tax control and reporting obligations and where data must be archived for data privacy and data security purposes and for examination by fiscal and other authorities.

Disclosure of personal data may also be required in the context of official/judicial measures for evidentiary purposes or law enforcement or the assertion of civil claims.

3.4 Our own legitimate interests or those of third parties (Art. 6 (1) (f) GDPR)

We may also use your personal data to assess interests in ensuring that our own or third party legitimate interests will be maintained. This may be required for the following purposes:

  • for obtaining information and exchanging data with credit agencies, should our economic risk be excessive
  • for limited retention of your data should deletion be impossible or require unreasonably high effort due to special storage methods
  • for comparison to European and international counter-terrorism lists should this surpass legal obligations
  • for ensuring and excercising our domestic authority through corresponding action (e.g. video surveillance)

We will if necessary also process personal data available from public sources (e.g. internet, media, press, trade and club registries, registration records, debtor directories, land registers). To the extent required for provisioning of our service we will process personal data we lawfully receive from third parties (e.g. address publishers, credit agencies).

4. Categories of personal data we will process

The following data are processed:

  • Personal data (first name, surname, occupation/industry and similar data)
  • Contact details (mailling address, e-mai address, telephone number and similar data)
  • Supplier history
We will if necessary also process personal data available from public sources (e.g. internet, media, press, trade and club registries, registration records, debtor directories, land registers). To the extent required for provisioning of our service we will process personal data that we lawfully receive from third parties (e.g. address publishers, credit agencies).
5. Who will obtain your data?

We will forward your personal data to internal departments that need the data for contractual and legal purposes or to protect our legitimate interests.

The following bodies may also receive your data:

  • Our commissioned order processors (Art. 28 GDPR) especially in the fields of: IT services, logistics services, external data centres, controlling, auditing service, credit institutes, courier services and logistics
  • Public bodies and institutions in cases where we may be under legal or regulatory obligation to provide information, notification or disclosure of data, or should the latter be in the public interest
  • Bodies and institutions, based on our legitimat interest or that of the third party in the context of the purposes set out in Point 3.4 (e.g. to authorities, credit agencies, debt collection, lawyers, courts, appraisers, group companies and committees and supervisory bodies)
  • Other entities that you agreed may receive your data
6. Transmission of your data to a third country or an international organisation

No data will be processed outside the EU or the EEA.

7. How long will we store your data?

We will to the extent necessary process your personal data for the duration of our business relationship, including also the initiation and execution of contracts.

We are also subject to various obligations of storage and documentation based, among other, on the Commercial Code (HGB) and the Revenue Code (AO). The deadlines for such storage and documentation are up to ten years beyond the end of the business relationship or of the pre.contractual legal relationship.

Storage periods will also depend on statutory periods of limitation which will normally be three years, but up to thirty years in some cases, pursuant to §§ 195 et. seq. of the Civil Code (BGB).

8. To what extent will automated decision-making be applied in individual cases (including profiling)?

We are not using automated decision-making procedures as per Article 22 GDPR. We will specifically inform you should we resort this in individual cases, provided this is required by law.

9. Your data privacy rights

You have the right to information under Art. 15 GDPR, the right to correction under Art. 16 GDPR, the right to deletion under Art. 17 GDPR, the right to limit processing under Art. 18 GDPR and the right to data transferability under Art. 20 GDPR. You also have the right to lodge a complaint with a supervisory data privacy authority (Art. 77 GDPR). Article 21 GDPR also grants you the basic right to object to our processing of your personal data. This right to objection will, however, be prerequisite upon your special personal circumstances; our domestic authority may oppose your right of objection. Please contact our Data Privacy Office datenschutz@bosig.de should you intend to assert such a right.

10. Extent of your obligations to provide us with your data

You only need to provide the information necessary to enter into a business or a pre-contractual realtionship with us, or information we are required to collect by law. We will generally not be able to conclude or execute a contract with you unless we have this information. This may also apply to data required in a later phase of the business relationship. You will be separately informed of the voluntary nature of any additional information we may request.

11. Information about your right to object Art. 21 GDPR

You have the right at any time to object to the processing of your data as per Art. 6 (1) (f) GDPR (data processing based on weighing of interests) or Art. 6 (1) (e) GDPR (data processing in the public interest) should you have reasons realated to your particular situation. This will also apply to profiling in terms Art. 4 (4) GDPR based on this provision.
We will cease processing your personal data should you lodge an objection, unless we can demonstrate compelling legitimate reasons for processing to overrule your interests, rights and freedoms or unless processing serves a purpose of enforcing, pursuing or defending legal claims. The objection may be informal, addressed to the address given under Point 1.

12. Your right to lodge a complaint with the competent supervisory authority

You have the right to lodge a complaint with the supervisory data privacy authority (Art. 77 GDPR). The supervisory authority responsible for us is:

The Landesbeauftragte für den Datenschutz und die Informationsfreiheit [State Commisioner for Data Privacy and Freedom of Information]
Königstrasse 10 a
70173 Stuttgart