MT-Propeller

Information Obligations ACC. Art 13 and 14 GDPR

• 
  1. Information Obligations for customers
  
  


• 
  2. Information Obligations for applicants
  
  


• 
  3. Information Obligations for whistleblowers
  
  


• 
  4. Information Obligations for suppliers
  
  


• 
  5. Information Obligations for employees
  
  


• 
  6. Information Obligations for Teams-User
  
  


• 
  7. Information Obligations for visiors
  
  

Information obligations for customers

The protection of your personal data is of particular concern to us. We therefore process your personal data ("data" for short) exclusively on the basis of the statutory provisions. With this data protection declaration, we would like to inform you comprehensively about the processing of your data in our company and the data protection claims and rights to which you are entitled in accordance with Articles 13 and 14 of the European General Data Protection Regulation (EU GDPR).

1 Who is responsible for data processing and who can you contact?

The controller is
MT-Propeller Entwicklung GmbH
Flugplatzstr. 1
94348 Atting
Telephone: 09429/9409 0
E-mail: support@mt-propeller.com

The company data protection officer is
Nico Becker
Project 29 GmbH & Co KG
Ostengasse 14
93047 Regensburg
E-mail: anfragen@projekt29.de
Phone: 0941-2986930

2 What data is processed and from which sources does this data originate?

We process your personal data as a customer (interested parties, applicants, representatives of legal entities, other contractual partners).

The personal data includes

• First name and surname,
• address
• e-mail address
• telephone number
• fax number

We also process the following data and information

• bank details
• the name of your legal representatives
• Company name, commercial register number
• VAT number,
• company number

3 For what purposes and on what legal basis is the data processed?

We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act 2018, as amended.

• for the fulfilment of (pre-)contractual obligations (Art. 6 para. 1 lit. b GDPR):
  Your data is processed for the fulfilment of the contract. Data is processed in particular when initiating business and when executing contracts with you:


• Initiation of the business relationship (such as consultation, offer), application, processing of the offer, contract processing and contract creation
• Assessment on the basis of characteristics as to whether and under what conditions a contract can be concluded or a contract amendment carried out
• Execution, fulfilment, administration and termination of the contract as well as invoicing, ongoing customer support, customer information, handling customer-related enquiries and complaints as well as administration of changes to master data and contract data


• for the fulfilment of legal obligations (Art. 6 para. 1 lit.c GDPR):
  Processing of your data is necessary for the purpose of fulfilling various legal obligations:


• regulatory requirements or due to laws
• tax and corporate law regulations (e.g. German Fiscal Code), advisory obligations under the EU Insurance Mediation Directive (IDD) and the German Money Laundering Act
• Sanctions checks (financial sanctions/embargoes - comparison against the so-called "terror lists" or "sanctions lists" to ensure that no funds or other economic resources are provided for terrorist purposes)
• the provision of information to authorities or courts
• recording/reporting obligations, internal auditing measures, management of internal complaints/claims


• to safeguard legitimate interests (Art. 6 para. 1 lit.f GDPR):
  Based on a balancing of interests, data processing may take place beyond the actual fulfilment of the contract in order to safeguard legitimate interests of us or third parties. Data processing to safeguard legitimate interests takes place, for example, in the following cases


• Preparation of analyses and statistics (e.g. for the development of new products and services, customer support, offer and application processing, contract management, service provision, claims processing and risk management)
• Modelling of acquisition, cancellation and conversion affinities
• Continuous improvement of internal business processes, services and products for the purpose of customer satisfaction, such as optimising the quality of advice and support
• Obtaining creditworthiness information, particularly in the case of high risks or to minimise the risk of default in advance in the case of long-term investments
• judicial and extrajudicial assertion, exercise and/or defence of legal claims (in particular existing contract data, performance data and associated advice as well as findings from the ongoing customer relationship)
• Prevention and investigation of criminal offences
• Ensuring IT security and IT operations, carrying out load tests, developing new products and systems and adapting existing ones, migrating data, primarily to ensure the functionality and performance of the systems and thus, by extension, the processed data. The personal data provided is mainly used for tests where this cannot be done with reasonable economic effort on the basis of anonymous data, whereby data security in accordance with Art. 32 GDPR is of course guaranteed at all times
• Fulfilment of internal reporting obligations and corresponding compliance guidelines such as social security deductions, recording/reporting obligations, audits, compliance with government/authority reviews, response to legal proceedings, pursuit of legal rights/remedies, defence in legal disputes
• Measures in the context of direct marketing, insofar as these can be regarded as processing serving our legitimate interest (e.g. welcome emails, information on new services to existing customers, event invitations, conducting satisfaction surveys, market research surveys and studies, insofar as these are legally permissible without your express consent)
• Profiling in the context of direct marketing for a targeted and relevant approach, target group and product selection, determination of advertising scoring (identification of individual customers with statistical affinity to certain products) to support direct marketing activities
• Video surveillance
• Taking photographs at company events with subsequent publication


• on the basis of your consent (Art. 6 para. 1 lit.a GDPR):
  We obtain your consent in accordance with Art. 6 para. 1 lit. a GDPR provided that none of the justification reasons described above apply. We will, of course, fully comply with any additional regulations. We require your voluntary consent, which can be revoked at any time, primarily for the following purposes


• processing for advertising and marketing purposes, unless this is in our legitimate interest (e.g. in the case of telephone advertising)
• Any recording of conversations during telephone contact

4 Processing of personal data for advertising purposes

You can object to the use of your personal data for advertising purposes at any time, either as a whole or for individual measures, without incurring any costs other than the transmission costs according to the basic rates.

Subject to the legal requirements of Section 7 (3) UWG, we are authorised to use the e-mail address you provided when concluding the contract for direct advertising for our own similar goods or services. You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter.

If you do not wish to receive such recommendations from us by e-mail, you can object to the use of your address for this purpose at any time without incurring any costs other than the transmission costs according to the basic rates. A message in text form is sufficient for this. Of course, each e-mail always contains an unsubscribe link.

5 Who receives my data?

The confidentiality of your personal data is very important to us. Your personal data will only be passed on if this is necessary to fulfil pre-contractual, contractual or legal obligations, to protect our overriding legitimate interest or that of a third party, or if we have your consent to do so. If necessary, your personal data will be passed on to the following categories of recipients, but only to the extent necessary in each case:

• Processors (Art. 4 Z 8 GDPR) - e.g. IT service providers
• Courts, public prosecutor's offices, tax authorities, supervisory authorities
• Interest groups, arbitration boards
• Credit agencies, debt collection agencies
• Lawyers, notaries
• Insolvency administrators
• Professional organisations
• Experts, surveyors
• Banks, credit institutions
• Assignee, pledgee and pledgee creditors
• Auditors, tax consultancy firms

6 How long will my data be stored?

If there are no statutory retention obligations to the contrary and we no longer need your data for the above-mentioned purposes, we will delete your data. However, as long as a contractual relationship exists between you and us, the processing of the data collected for this purpose is absolutely necessary.

We store certain data in accordance with the following rules for the duration specified in each case and delete or destroy it after the specified storage period has expired:

• If the processing is based on your consent, we will delete the data concerned after your cancellation
• If none of the following retention periods apply, we delete the data after the purpose of the processing has expired
• 3 years: Data and content relating to legal transactions (including their preparation) to the extent necessary for information and defence as well as for the assertion or defence of claims. This also includes data for marketing and customer support, unless they also fall under a category for a longer storage period.
• 6 years: Commercial letters received and sent (Section 257 para. 1 no. 2 and 3, para. 4 HGB)
• 10 years: documents relevant for taxation, accounting vouchers, trading books (§§ 147 para. 1 AO, 257 para. 1 no. 1 and 4, para. 4 HGB).
• 30 years: Data that is stored due to special circumstances in the company's own interests or those of third parties, as there are corresponding limitation periods or special retention periods (e.g. enforcement orders, special limitation periods).

7 Is personal data transferred to a third country?

The transfer of personal data to an EU third country is of course permitted. We have no plans to transfer data outside the EU or the EEA. Within the scope of the contractual relationship - in particular in the event of a claim and for the assertion, exercise and defence of any legal claims - it is necessary for us to transfer your personal data to recipients in third countries to the extent necessary. These are countries outside the EU or the EEA. In all other cases, data is transferred on the basis of an adequacy decision (Art. 45 GDPR), suitable guarantees (such as standard data protection clauses) within the meaning of Art. 46 GDPR or binding internal data protection regulations (Binding Corporate Rules of a group of companies). In any case, insurers may transfer personal data to recipients in third countries in individual cases in accordance with Art. 49 GDPR. This is done in particular for the fulfilment of the respective insurance contract (lit. b) or for the assertion or defence of legal claims (lit. e).

8 What data protection rights do I have?

You have the right to information, correction, deletion or restriction of the processing of your stored data, a right to object to the processing as well as a right to data portability and to lodge a complaint in accordance with the requirements of data protection law.

Right to information:
You can request information from us as to whether and to what extent we process your data.

Right to rectification:
If we process your data that is incomplete or incorrect, you can request that we correct or complete it at any time.

Right to erasure:
You can demand that we erase your data if we process it unlawfully or if the processing disproportionately interferes with your legitimate protection interests. Please note that there may be reasons that prevent immediate erasure, e.g. in the case of statutory retention obligations.
Irrespective of the exercise of your right to erasure, we will erase your data immediately and completely, provided that there are no legal or statutory retention obligations to the contrary.

Right to restriction of processing:
You can demand that we restrict the processing of your data if

• you contest the accuracy of the data, for a period enabling us to verify the accuracy of the data
• the processing of the data is unlawful, but you oppose the erasure of the data and request the restriction of its use instead,
• we no longer need the data for the intended purpose, but you still need this data for the assertion or defence of legal claims, or
• you have objected to the processing of the data.

Right to data portability:
You can demand that we provide you with the data you have provided to us in a structured, commonly used and machine-readable format and that you can transmit this data to another controller without hindrance from us, provided that

• we process this data on the basis of your revocable consent or for the fulfilment of a contract between us, and
• this processing is carried out by automated means.

If technically feasible, you can request that we transfer your data directly to another controller.

Right to object:
If we process your data on the basis of a legitimate interest, you can object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defence of legal claims. You can object to the processing of your data for the purpose of direct advertising at any time without giving reasons.

Right to lodge a complaint:
If you are of the opinion that we are violating German or European data protection law when processing your data, please contact us so that we can clarify any questions. Of course, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision. If you wish to assert one of these rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.

9 Am I obliged to provide data?

The processing of your data is necessary for the conclusion or fulfilment of the contract you have entered into with us. If you do not provide us with this data, we will generally have to refuse to conclude the contract or will no longer be able to fulfil an existing contract and will therefore have to terminate it. However, you are not obliged to give your consent to data processing with regard to data that is not relevant or legally required for the fulfilment of the contract.

back to the menu

Information obligations for applicants

The protection of your personal data is of particular concern to us. We therefore process your personal data ("data" for short) exclusively on the basis of the statutory provisions. With this data protection declaration, we want to inform you comprehensively about the processing of your data in our company and the data protection claims and rights to which you are entitled in accordance with Art. 13 and 14 of the European General Data Protection Regulation (EU GDPR).

1 Who is responsible for data processing and who can you contact?

The controller is
MT-Propeller Entwicklung GmbH
Flugplatzstr. 1
94348 Atting
Telephone: 09429/9409 0
E-mail: support@mt-propeller.com

The company data protection officer is
Mr Nico Becker
Project 29 GmbH & Co KG
Ostengasse 14
93047 Regensburg
Phone: 09 41 - 29 86 93-0
Fax: 09 41 - 29 86 93-16
E-mail: anfrage@projekt29.de

2 Which data is processed and from which sources does this data originate?

We process your personal data as applicant.

The personal data includes

• Master data (such as gender, first and last name, name affixes, date of birth, place and country of birth, nationality(ies), marital status, work permit and residence permit, if applicable)
• Contact details (private address, (mobile) telephone number, email address)
• If applicable, special categories of personal data within the meaning of Art. 9 GDPR (e.g. information on ethnic origin, religion and/or health)
• Tax identification number and tax class
• Social security data for proper accounting (e.g. health insurance membership certificate/number, pension insurance number, secondary employment)
• Information on special personal circumstances (e.g. health restrictions, relevant criminal record and, if applicable, certificate of good conduct)
• Information on education (highest general school-leaving qualification, highest vocational training qualification)
• Information on the transfer of remuneration (name of financial institution, IBAN, BIC)
• Qualifications with associated references or certificates
• Application documents
• Salary data
• Log data generated when using the IT systems
• Time recording data
• holiday periods
• periods of incapacity for work
• Severe disability / equalisation
• Data from a BEM procedure
• Image data (photo or video) possibly in connection with master data, metadata (date, time, place of recording), etc.

3 For what purposes and on what legal basis is the data processed?

Your personal data is processed for the purpose of initiating a contract and contractual relationship with you as a supplier or your organisational representatives or authorised representatives based on the following legal bases:

• for the fulfilment of (pre-)contractual obligations (Art. 6 para. 1 lit. b GDPR):
  Your personal data will be collected, stored and processed for the following personnel administration purposes exclusively for the purpose of establishing an employment relationship, evaluating professional and personal skills, providing information about possible job opportunities, training opportunities and career development:


• Applicant management
• payroll accounting
• Employee administration
• Asset management
• Training and seminar administration


• for the fulfilment of legal obligations (Art. 6 para. 1 lit.c GDPR):
  Processing of your data is necessary for the purpose of fulfilling various legal obligations:


• Possible claims based on general equal treatment




• on the basis of your consent (Art. 6 para. 1 lit.a GDPR):
  We obtain your consent in accordance with Art. 6 para. 1 lit. a GDPR provided that none of the justification reasons described above apply. We will, of course, fully comply with any additional regulations. We require your voluntary consent, which can be revoked at any time, primarily for the following purposes


• Storage of your data beyond the statutory retention periods, for inclusion in our applicant pool
• Health data that you have given us in accordance with Art. 9 para. 2 lit. a GDPR

4 Processing of personal data for advertising purposes

Your data will not be processed for advertising purposes.

5 Who receives my data?

The confidentiality of your personal data is important to us. Your personal data will only be passed on if this is necessary to fulfil pre-contractual, contractual or legal obligations, to protect our overriding interest or that of a third party or if we have your consent to do so. If necessary, your personal data will be passed on to the following categories of recipients, but only to the extent necessary in each case:

• Processors (Art. 4 Z 8 GDPR) - e.g. IT service providers, applicant management, etc.
• Legal and other authorised representatives such as lawyers
• Banks, credit institutions
• Health insurance funds
• Pension funds

6 How long will my data be stored?

Your data will be stored for 6 months after completion of the application process. This serves to safeguard any claims under the General Equal Treatment Act (AGG), as claims can be asserted within this period.

With your express consent, your data will be stored for one year, e.g. for future job offers.

7 Is personal data transferred to a third country?

The transfer of personal data to an EU third country is of course permitted. We have no plans to transfer data outside the EU or the EEA. Within the scope of the contractual relationship - in particular in the event of a claim and for the assertion, exercise and defence of any legal claims - it is necessary for us to transfer your personal data to recipients in third countries to the extent necessary. These are countries outside the EU or the EEA. In all other cases, data is transferred on the basis of an adequacy decision (Art. 45 GDPR), suitable guarantees (such as standard data protection clauses) within the meaning of Art. 46 GDPR or binding internal data protection regulations (Binding Corporate Rules of a group of companies). In any case, insurers may transfer personal data to recipients in third countries in individual cases in accordance with Art. 49 GDPR. This is done in particular for the fulfilment of the respective insurance contract (lit. b) or for the assertion or defence of legal claims (lit. e).

8 What data protection rights do I have?

You have the right to information, correction, deletion or restriction of the processing of your stored data, a right to object to the processing as well as a right to data portability and to lodge a complaint in accordance with the requirements of data protection law.

Right to information:
You can request information from us as to whether and to what extent we process your data.

Right to rectification:
If we process your data that is incomplete or incorrect, you can request that we correct or complete it at any time.

Right to erasure:
You can demand that we erase your data if we process it unlawfully or if the processing disproportionately interferes with your legitimate protection interests. Please note that there may be reasons that prevent immediate erasure, e.g. in the case of statutory retention obligations. Irrespective of the exercise of your right to erasure, we will erase your data immediately and completely, provided that there are no legal or statutory retention obligations to the contrary.

Right to restriction of processing:
You can demand that we restrict the processing of your data if

• you contest the accuracy of the data, for a period enabling us to verify the accuracy of the data
• the processing of the data is unlawful, but you oppose the erasure of the data and request the restriction of its use instead,
• we no longer need the data for the intended purpose, but you still need this data for the assertion or defence of legal claims, or
• you have objected to the processing of the data.

Right to data portability:
You can demand that we provide you with the data you have provided to us in a structured, commonly used and machine-readable format and that you can transmit this data to another controller without hindrance from us, provided that

• we process this data on the basis of your revocable consent or for the fulfilment of a contract between us, and
• this processing is carried out using automated procedures. If technically feasible, you can request that we transfer your data directly to another controller.

Right to object:
If we process your data on the basis of a legitimate interest, you can object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defence of legal claims. You can object to the processing of your data for the purpose of direct advertising at any time without giving reasons.

Right to lodge a complaint:
If you are of the opinion that we are violating German or European data protection law when processing your data, please contact us so that we can clarify any questions. Of course, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision.
If you wish to assert one of these rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.

9 Am I obliged to provide data?
The processing of your data is necessary for the conclusion or fulfilment of the contract you have entered into with us. If you do not provide us with this data, we will generally have to refuse to conclude the contract or will no longer be able to fulfil an existing contract and will therefore have to terminate it. However, you are not obliged to give your consent to data processing with regard to data that is not relevant or legally required for the fulfilment of the contract.

back to the menu

Information obligations for whistleblowers

The protection of your personal data is of particular concern to us. We therefore process your personal data ("data" for short) exclusively on the basis of the statutory provisions. With this data protection declaration, we would like to inform you comprehensively about the processing of your data in our company and the data protection claims and rights to which you are entitled in accordance with Articles 13 and 14 of the European General Data Protection Regulation (EU GDPR).

1 Who is responsible for data processing and who can you contact?

The controller is
MT-Propeller Entwicklung GmbH
Flugplatzstr. 1
94348 Atting
Telephone: 09429/9409 0
E-mail: support@mt-propeller.com

The company data protection officer is
Nico Becker
Project 29 GmbH & Co KG
Ostengasse 14
93047 Regensburg
E-mail: anfragen@projekt29.de
Phone: 0941-2986930

2 Which data is processed and from which sources does this data originate?

• Categories of data subjects:
• Employees (this includes all employees who may be the subject of the submitted notification)
• suppliers
• business partners


• Categories of personal data (potentially all types of personal data can be the content of a report):
• Surname, first name
• Telephone number
• e-mail address
• Video or image recordings
• Health data

3 For what purposes and on what legal basis is the data processed?

• Data is processed to fulfil a legal obligation in accordance with Art. 6 para. 1 lit. c GDPR in conjunction with § 17 para. 1 no. 6 and § 18 HinSchG

4 Who receives my data?

If we use a service provider in the sense of order processing, we nevertheless remain responsible for the protection of your data. All processors are contractually obliged to treat your data confidentially and to process it only within the scope of providing the service. The processors commissioned by us will receive your data if they require the data to fulfil their respective service. These are, for example, IT service providers that we require for the operation and security of our IT system.

5 How long will my data be stored?

In accordance with Section 11 (5) HinSchG, the documentation of a report under the HinSchG is deleted three years after the procedure has been completed. However, it may be stored for longer in order to fulfil the requirements of the HinSchG or other legal provisions as long as this is necessary and proportionate. The prohibition of reprisals against the whistleblower under Section 36 (1) HinSchG does not provide a reason to keep a report for longer than three years.

6 Is personal data transferred to a third country?

The transfer of personal data to an EU third country is of course permitted. We have no plans to transfer data outside the EU or the EEA. Within the scope of the contractual relationship - in particular in the event of a claim and for the assertion, exercise and defence of any legal claims - it is necessary for us to transfer your personal data to recipients in third countries to the extent necessary. These are countries outside the EU or the EEA. In all other cases, data is transferred on the basis of an adequacy decision (Art. 45 GDPR), suitable guarantees (such as standard data protection clauses) within the meaning of Art. 46 GDPR or binding internal data protection regulations (Binding Corporate Rules of a group of companies). In any case, insurers may transfer personal data to recipients in third countries in individual cases in accordance with Art. 49 GDPR. This is done in particular for the fulfilment of the respective insurance contract (lit. b) or for the assertion or defence of legal claims (lit. e).

7 What data protection rights do I have?

You have the right to information, correction, deletion or restriction of the processing of your stored data, a right to object to the processing as well as a right to data portability and to lodge a complaint in accordance with the requirements of data protection law.

Right to information:
You can request information from us as to whether and to what extent we process your data.

Right to rectification:
If we process your data that is incomplete or incorrect, you can request that we correct or complete it at any time.

Right to erasure:
You can demand that we erase your data if we process it unlawfully or if the processing disproportionately interferes with your legitimate protection interests. Please note that there may be reasons that prevent immediate erasure, e.g. in the case of statutory retention obligations.
Irrespective of the exercise of your right to erasure, we will erase your data immediately and completely, provided that there are no legal or statutory retention obligations to the contrary.

Right to restriction of processing:
You can demand that we restrict the processing of your data if

• you contest the accuracy of the data, for a period enabling us to verify the accuracy of the data.
• the processing of the data is unlawful, but you refuse to have it erased and instead request that the use of the data be restricted,
• we no longer need the data for the intended purpose, but you still need this data for the assertion or defence of legal claims, or
• you have objected to the processing of the data.

Right to data portability:
You can demand that we provide you with the data you have provided to us in a structured, commonly used and machine-readable format and that you can transmit this data to another controller without hindrance from us, provided that

• we process this data on the basis of your revocable consent or for the fulfilment of a contract between us, and
• this processing is carried out by automated means.
If technically feasible, you can request that we transfer your data directly to another controller.

Right to object:
If we process your data on the basis of a legitimate interest, you can object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defence of legal claims. You can object to the processing of your data for the purpose of direct advertising at any time without giving reasons.

Right to lodge a complaint: If you are of the opinion that we are violating German or European data protection law when processing your data, please contact us so that we can clarify any questions. Of course, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision.
If you wish to assert one of these rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.

8 am I obliged to provide data?

The processing of your data is necessary for the conclusion or fulfilment of the contract you have entered into with us. If you do not provide us with this data, we will generally have to refuse to conclude the contract or will no longer be able to fulfil an existing contract and will therefore have to terminate it. However, you are not obliged to give your consent to data processing with regard to data that is not relevant or legally required for the fulfilment of the contract.

back to the menu

Information obligations for suppliers

The protection of your personal data is of particular concern to us. We therefore process your personal data ("data" for short) exclusively on the basis of the statutory provisions. With this data protection declaration, we would like to inform you comprehensively about the processing of your data in our company and the data protection claims and rights to which you are entitled in accordance with Articles 13 and 14 of the European General Data Protection Regulation (EU GDPR).

1 Who is responsible for data processing and who can you contact?

The controller is
MT-Propeller Entwicklung GmbH
Flugplatzstr. 1
94348 Atting
Telephone: 09429/9409 0
E-mail: support@mt-propeller.com

The company data protection officer is
Nico Becker
Project 29 GmbH & Co KG
Ostengasse 14
93047 Regensburg
E-mail: anfragen@projekt29.de
Phone: 0941-2986930

2 Which data is processed and from which sources does this data originate?

We process your personal data as a supplier

The personal data includes

• First name and surname,
• address
• e-mail address
• telephone number
• fax number

We also process the following data and information

• bank details
• the name of your legal representatives
• Company name, commercial register number
• VAT number,
• company number

3 For what purposes and on what legal basis is the data processed?

For the purpose of contract initiation and contractual relationship with you as a supplier or your organisational representatives or authorised representatives, your personal data is processed based on the following legal bases:

• for the fulfilment of (pre-)contractual obligations (Art. 6 para. 1 lit. b GDPR):
  The processing of personal data serves to initiate a contract, to conclude a contract and to fulfil a contract with you as a supplier.


• for the fulfilment of legal obligations (Art. 6 para. 1 lit.c GDPR):
  Processing of your data is necessary for the purpose of fulfilling various legal obligations:


• regulatory requirements or due to laws
• tax and corporate law regulations (e.g. German Fiscal Code), advisory obligations under the EU Insurance Mediation Directive (IDD) and the Money Laundering Act
• Sanctions checks (financial sanctions/embargoes - comparison against the so-called "terror lists" or "sanctions lists" to ensure that no funds or other economic resources are provided for terrorist purposes)
• the provision of information to authorities or courts
• recording/reporting obligations, internal auditing measures, management of internal complaints/claims


• to safeguard legitimate interests (Art. 6 para. 1 lit.f GDPR):
  Based on a balancing of interests, data processing may take place beyond the actual fulfilment of the contract in order to safeguard legitimate interests of us or third parties. Data processing to safeguard legitimate interests takes place, for example, in the following cases


• Obtaining credit information, especially in the case of high risks or to minimise the risk of default in advance in the case of long-term investments
• judicial and extrajudicial assertion, exercise and/or defence of legal claims (in particular existing contract data, performance data and associated advice as well as findings from the ongoing customer relationship)
• Prevention and investigation of criminal offences
• Ensuring IT security and IT operations, carrying out load tests, developing new products and systems and adapting existing ones, migrating data, primarily to ensure the functionality and performance of the systems and thus, by extension, the processed data. The personal data provided is mainly used for tests where this cannot be done with reasonable economic effort on the basis of anonymous data, whereby data security in accordance with Art. 32 GDPR is of course guaranteed at all times
• Fulfilment of internal reporting obligations and corresponding compliance guidelines such as social security deductions, recording/reporting obligations, audits, compliance with government/authority reviews, response to legal proceedings, pursuit of legal rights/remedies, defence in legal disputes
• Video surveillance
• Taking photographs at company events with subsequent publication


• on the basis of your consent (Art. 6 para. 1 lit.a GDPR):
  We obtain your consent in accordance with Art. 6 para. 1 lit. a GDPR unless one of the justification reasons described above applies. We will, of course, fully comply with any additional regulations. We require your voluntary consent, which can be revoked at any time, primarily for the following purposes


• processing for advertising and marketing purposes, unless this is in our legitimate interest (e.g. in the case of telephone advertising)
• Any recording of conversations during telephone contact

4 Processing of personal data for advertising purposes

You can object to the use of your personal data for advertising purposes at any time, either as a whole or for individual measures, without incurring any costs other than the transmission costs according to the basic rates.

Subject to the legal requirements of Section 7 (3) UWG, we are authorised to use the e-mail address you provided when concluding the contract for direct advertising for our own similar goods or services. You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter.

If you do not wish to receive such recommendations from us by e-mail, you can object to the use of your address for this purpose at any time without incurring any costs other than the transmission costs according to the basic rates. A message in text form is sufficient for this. Of course, each e-mail always contains an unsubscribe link.

5 Who receives my data?

The confidentiality of your personal data is very important to us. Your personal data will only be passed on if this is necessary to fulfil pre-contractual, contractual or legal obligations, to protect our overriding interest or that of a third party, or if we have your consent to do so.
If necessary, your personal data will be passed on to the following categories of recipients, but only to the extent necessary in each case:

• Processors (Art. 4 No. 8 GDPR) - e.g. IT service providers
• Banks and credit institutions for the execution of payment transactions (e.g. for tracking, cancellation or correction of incorrectly made payments)
• Debt collection agencies and service providers in the course of combating fraud (e.g. detective agencies) to enforce our legitimate claims
• Lawyers for the assertion or defence of legal claims
• Logistics service providers for the dispatch of postal items.
• Dispute resolution organisations (interest groups, arbitration boards)
• Courts, public prosecutors, tax authorities, supervisory authorities
• Lawyers, notaries
• Insolvency administrators
• Auditors, tax consultancy firms
• Credit agencies and creditor protection organisations

6 How long will my data be stored?

If there are no statutory retention obligations to the contrary and we no longer need your data for the above-mentioned purposes, we will delete your data. However, as long as a contractual relationship exists between you and us, the processing of the data collected for this purpose is absolutely necessary.

We store certain data in accordance with the following rules for the duration specified in each case and delete or destroy it after the specified storage period has expired:

• If the processing is based on your consent, we will delete the data concerned after your cancellation
• If none of the following retention periods apply, we delete the data after the purpose of the processing has expired
• 3 years: Data and content relating to legal transactions (including their preparation) to the extent necessary for information and defence as well as for the assertion or defence of claims. This also includes data for marketing and customer support, unless they also fall under a category for a longer storage period.
• 6 years: Commercial letters received and sent (Section 257 para. 1 no. 2 and 3, para. 4 HGB)
• 10 years: documents relevant for taxation, accounting vouchers, trading books (§§ 147 para. 1 AO, 257 para. 1 no. 1 and 4, para. 4 HGB).
• 30 years: Data that is stored due to special circumstances in the company's own interests or those of third parties, as there are corresponding limitation periods or special retention periods (e.g. enforcement orders, special limitation periods).

7 Is personal data transferred to a third country?

The transfer of personal data to an EU third country is of course permitted. We have no plans to transfer data outside the EU or the EEA. Within the scope of the contractual relationship - in particular in the event of a claim and for the assertion, exercise and defence of any legal claims - it is necessary for us to transfer your personal data to recipients in third countries to the extent necessary. These are countries outside the EU or the EEA. In all other cases, data is transferred on the basis of an adequacy decision (Art. 45 GDPR), suitable guarantees (such as standard data protection clauses) within the meaning of Art. 46 GDPR or binding internal data protection regulations (Binding Corporate Rules of a group of companies). In any case, insurers may transfer personal data to recipients in third countries in individual cases in accordance with Art. 49 GDPR. This is done in particular for the fulfilment of the respective insurance contract (lit. b) or for the assertion or defence of legal claims (lit. e).

8 What data protection rights do I have?

You have the right to information, correction, deletion or restriction of the processing of your stored data, a right to object to the processing as well as a right to data portability and to lodge a complaint in accordance with the requirements of data protection law.

Right to information:
You can request information from us as to whether and to what extent we process your data.

Right to rectification:
If we process your data that is incomplete or incorrect, you can request that we correct or complete it at any time.

Right to erasure:
You can demand that we erase your data if we process it unlawfully or if the processing disproportionately interferes with your legitimate protection interests. Please note that there may be reasons that prevent immediate erasure, e.g. in the case of statutory retention obligations.
Irrespective of the exercise of your right to erasure, we will erase your data immediately and completely, provided that there are no legal or statutory retention obligations to the contrary.

Right to restriction of processing:
You can demand that we restrict the processing of your data if

• you contest the accuracy of the data, for a period enabling us to verify the accuracy of the data.
• the processing of the data is unlawful, but you oppose the erasure of the data and request the restriction of their use instead,
• we no longer need the data for the intended purpose, but you still need this data for the assertion or defence of legal claims, or
• you have objected to the processing of the data.

Right to data portability:
You can demand that we provide you with the data you have provided to us in a structured, commonly used and machine-readable format and that you can transmit this data to another controller without hindrance from us, provided that

• we process this data on the basis of your revocable consent or for the fulfilment of a contract between us, and
• this processing is carried out by automated means.

If technically feasible, you can request that we transfer your data directly to another controller.

Right to object:
If we process your data on the basis of a legitimate interest, you can object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defence of legal claims. You can object to the processing of your data for the purpose of direct advertising at any time without giving reasons.

Right to lodge a complaint:
If you are of the opinion that we are violating German or European data protection law when processing your data, please contact us so that we can clarify any questions. Of course, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision.
If you wish to assert one of these rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.

9 Am I obliged to provide data?

The processing of your data is necessary for the conclusion or fulfilment of the contract you have entered into with us. If you do not provide us with this data, we will generally have to refuse to conclude the contract or will no longer be able to fulfil an existing contract and will therefore have to terminate it. However, you are not obliged to give your consent to data processing with regard to data that is not relevant or legally required for the fulfilment of the contract.

back to the menu

Information obligations for employees

The protection of your personal data is of particular concern to us. We therefore process your personal data ("data" for short) exclusively on the basis of the statutory provisions. With this data protection declaration, we would like to inform you comprehensively about the processing of your data in our company and the data protection claims and rights to which you are entitled in accordance with Articles 13 and 14 of the European General Data Protection Regulation (EU GDPR).

1 Who is responsible for data processing and who can you contact?

The controller is
MT-Propeller Entwicklung GmbH
Flugplatzstr. 1
94348 Atting
Telephone: 09429/9409 0
E-mail: support@mt-propeller.com

The company data protection officer is
Nico Becker
Project 29 GmbH & Co KG
Ostengasse 14
93047 Regensburg
E-mail: anfragen@projekt29.de
Phone: 0941-2986930

2 Which data is processed and from which sources does this data originate?

We process your personal data as employee

The personal data includes

• Master data (such as gender, first and last name, name affixes, date of birth, place and country of birth, nationality(ies), marital status, work permit and residence permit, if applicable)
• Business e-mail addresses
• Contact details (private address, (mobile) telephone number, email address)
• If applicable, special categories of personal data within the meaning of Art. 9 GDPR (e.g. information on ethnic origin, religion and/or health)
• Tax identification number and tax class
• Social security data for proper accounting (e.g. health insurance membership certificate/number, pension insurance number, secondary employment)
• Information on special personal circumstances (e.g. health restrictions, relevant criminal record and, if applicable, certificate of good conduct)
• Information on education (highest general school-leaving qualification, highest vocational training qualification)
• Information on the transfer of remuneration (name of financial institution, IBAN, BIC)
• Qualifications with associated references or certificates
• Application documents
• Salary data
• Log data generated when using the IT systems
• Time recording data
• holiday periods
• periods of incapacity for work
• Severe disability / equalisation
• Data from a BEM procedure
• Image data (photo or video) possibly in connection with master data, metadata (date, time, place of recording), etc.

3 For what purposes and on what legal basis is the data processed?

Your personal data is processed for the purpose of initiating a contract and contractual relationship with you as a supplier or your organisational representatives or authorised representatives based on the following legal bases:

• for the fulfilment of (pre-)contractual obligations (Art. 6 para. 1 lit. b GDPR): We process personal data of employees for the purpose of fulfilling contractual obligations and pre-contractual measures in accordance with Art. 6 para. 1 lit. b GDPR.

If you work for us as an employee, the processing of personal data is necessary in the context of the employment relationship in accordance with Art. 6 para. 1 lit. b GDPR. This includes the processing and transmission of data for wage, salary and payroll accounting and compliance with recording, information and reporting obligations, insofar as this is required by law, collective bargaining standards or employment contract obligations, including automatically created and archived text documents (such as correspondence) in these matters.

• for the fulfilment of legal obligations (Art. 6 para. 1 lit. c GDPR):
  Processing of your data is necessary for the purpose of fulfilling various legal obligations:


• regulatory requirements or due to the law
• tax and corporate law regulations (e.g. tax code), the Financial Markets Anti-Money Laundering Act (FM-GwG)
• Sanctions checks (financial sanctions / embargoes - comparison against the so-called "terror lists" or "sanctions lists" to ensure that no funds or other economic resources are provided for terrorist purposes).
• the provision of information to authorities or courts
• Recording/reporting obligations, internal auditing measures, management of internal complaints/claims
• Administration and implementation of legally required training
• Legal requirements under Article 32 GDPR (ensuring information security).



• to safeguard legitimate interests (Art. 6 para. 1 lit. f GDPR):
  Furthermore, personal data may also be processed - after a corresponding balancing of interests - to protect our legitimate interests or the legitimate interests of third parties in accordance with Art 6 para. 1 lit. f GDPR, including the assertion, exercise or defence of legal claims. This is necessary in particular for the following purposes



• Preparation of personnel-specific statistics
• reporting, conducting employee surveys, risk management within the company,
• business management,
• Further development of processes, services and products
• To prevent and investigate criminal offences, in particular to identify indications that may point to insurance abuse or fraud
• Providing training and information
• Ensuring IT security and IT operations, including
• Logging of connection data, electronic means of communication (telephone calls, emails, websites accessed).
  
  
• on the basis of your consent (Art. 6 para. 1 lit. a GDPR):
  We also process personal data on the basis of existing consents pursuant to Art. 6 para. 1 lit. a GDPR of the data subjects. In the context of employees, we may use your profile picture and other image and video material for internal and marketing purposes if you consent to this processing. You can withdraw your consent at any time. The revocation does not affect the legality of the processing carried out on the basis of your consent until the revocation.

4 Who receives my data?

The confidentiality of your personal data is very important to us. Your personal data will only be passed on if this is necessary to fulfil pre-contractual, contractual or legal obligations, to protect our overriding interest or that of a third party or if we have your consent to do so.
If necessary, your personal data will be passed on to the following categories of recipients, but only to the extent necessary in each case:

• Processors (Art. 4 Z 8 GDPR) - e.g. IT service providers, HR management, etc.
• Legal and other authorised representatives such as lawyers
• tax consultants
• Auditors
• Banks, credit institutions
• tax office
• Customers or other parties with whom we maintain business relationships (business mail only)
• Health insurance companies
• Pension funds

5 How long will my data be stored?

Your employer will delete personal data as soon as it is no longer required for the above-mentioned purposes. After termination of the employment relationship, the personal data that your employer is legally obliged to retain will continue to be stored. This regularly results from legal obligations to provide evidence and retain data, which are regulated in the German Commercial Code and the German Fiscal Code, among others. The storage periods are up to ten years. In addition, personal data may be stored for the period during which claims can be asserted against the employer (statutory limitation period of three or up to thirty years).

6 Is personal data transferred to a third country?

The transfer of personal data to an EU third country is of course permitted. We have no plans to transfer data outside the EU or the EEA. Within the scope of the contractual relationship - in particular in the event of a claim and for the assertion, exercise and defence of any legal claims - it is necessary for us to transfer your personal data to recipients in third countries to the extent necessary. These are countries outside the EU or the EEA. In all other cases, data is transferred on the basis of an adequacy decision (Art. 45 GDPR), suitable guarantees (such as standard data protection clauses) within the meaning of Art. 46 GDPR or binding internal data protection regulations (Binding Corporate Rules of a group of companies). In any case, insurers may transfer personal data to recipients in third countries in individual cases in accordance with Art. 49 GDPR. This is done in particular for the fulfilment of the respective insurance contract (lit. b) or for the assertion or defence of legal claims (lit. e).

7 What data protection rights do I have?

You have the right to information, correction, deletion or restriction of the processing of your stored data, a right to object to the processing as well as a right to data portability and to lodge a complaint in accordance with the requirements of data protection law.

Right to information:
You can request information from us as to whether and to what extent we process your data.

Right to rectification:
If we process your data that is incomplete or incorrect, you can request that we correct or complete it at any time.

Right to erasure:
You can demand that we erase your data if we process it unlawfully or if the processing disproportionately interferes with your legitimate protection interests. Please note that there may be reasons that prevent immediate erasure, e.g. in the case of statutory retention obligations.
Irrespective of the exercise of your right to erasure, we will erase your data immediately and completely, provided that there are no legal or statutory retention obligations to the contrary.

Right to restriction of processing:
You can demand that we restrict the processing of your data if

• you contest the accuracy of the data, for a period enabling us to verify the accuracy of the data.
• the processing of the data is unlawful, but you refuse to have it erased and instead request that the use of the data be restricted,
• we no longer need the data for the intended purpose, but you still need this data for the assertion or defence of legal claims, or
• you have objected to the processing of the data.

Right to data portability:
You can demand that we provide you with the data you have provided to us in a structured, commonly used and machine-readable format and that you can transmit this data to another controller without hindrance from us, provided that

• we process this data on the basis of your revocable consent or for the fulfilment of a contract between us, and
• this processing is carried out by automated means.

If technically feasible, you can request that we transfer your data directly to another controller.

Right to object:
If we process your data on the basis of a legitimate interest, you can object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defence of legal claims. You can object to the processing of your data for the purpose of direct advertising at any time without giving reasons.

Right to lodge a complaint:
If you are of the opinion that we are violating German or European data protection law when processing your data, please contact us so that we can clarify any questions. Of course, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision.
If you wish to assert one of these rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.

8 Am I obliged to provide data?

The processing of your data is necessary for the conclusion or fulfilment of the contract you have entered into with us. If you do not provide us with this data, we will generally have to refuse to conclude the contract or will no longer be able to fulfil an existing contract and will therefore have to terminate it. However, you are not obliged to give your consent to data processing with regard to data that is not relevant or legally required for the fulfilment of the contract.

back to the menu

Information obligations for Teams users

The protection of your personal data is of particular concern to us. We therefore process your personal data ("data" for short) exclusively on the basis of the statutory provisions. With this data protection declaration, we would like to inform you comprehensively about the processing of your data in our company and the data protection claims and rights to which you are entitled in accordance with Articles 13 and 14 of the European General Data Protection Regulation (EU GDPR).

1 Who is responsible for data processing and who can you contact?

The controller is
MT-Propeller Entwickllung GmbH
Flugplatzstr. 1
94348 Atting
Telephone: 09429/9409 0
E-mail: support@mt-propeller.com

The company data protection officer is
Nico Becker
Project 29 GmbH & Co KG
Ostengasse 14
93047 Regensburg
E-mail: anfragen@projekt29.de
Phone: 0941-2986930

2 Purpose of the processing

We use the "Microsoft Teams" tool to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: "Online Meetings"). "Microsoft Teams" is a service of the Microsoft Corporation.

Note: If you access the "Microsoft Teams" website, the provider of "Microsoft Teams" is responsible for data processing. However, accessing the website is only necessary for the use of "Microsoft Teams" in order to download the software for the use of "Microsoft Teams".

If you do not want to or cannot use the "Microsoft Teams" app, you can also use "Microsoft Teams" via your browser. The service is then also provided via the "Microsoft Teams" website.

3 What data is processed?

Various types of data are processed when you use "Microsoft Teams". The scope of the data also depends on the data you provide before or when participating in an "online meeting".

The following personal data is processed:

• User details: e.g. display name ("Display name"), e-mail address if applicable, profile picture (optional), preferred language
• Meeting metadata: e.g. date, time, meeting ID, telephone numbers, location
• Text, audio and video data: You may have the option of using the chat function in an "online meeting". In this respect, the text entries you make are processed in order to display them in the "online meeting". In order to enable the display of video and the playback of audio, the data from the microphone of your end device and from any video camera of the end device will be processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time via the "Microsoft Teams" applications.

4 Scope of the processing

We use "Microsoft Teams" to conduct "online meetings". If we want to record "online meetings", we will inform you transparently in advance and - if necessary - ask for your consent.

If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will not usually be the case.

Automated decision-making within the meaning of Art. 22 GDPR is not used.

5 Legal basis for data processing

Insofar as personal data of employees is processed, Section 26 BDSG in conjunction with Art. 6 para. 1 lit. Art. 6 para. 1 lit. b GDPR is the legal basis for data processing.

If, in connection with the use of Teams, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component of the use of Teams, Art. 6 para. 1 lit. f) GDPR is the legal basis for data processing. Our interest in these cases is to organise meetings effectively.

Otherwise, the legal basis for data processing when organising online meetings is Art. 6 para. 1 lit. b) GDPR, insofar as the meetings are held within the framework of contractual relationships.

If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f) GDPR. Here, too, we have an interest in the effective organisation of online meetings.

6 Recipients / disclosure of data

Unless intended for disclosure, personal data processed in connection with participation in online meetings will not be passed on to third parties.

Other recipients:

The provider of Microsoft Teams necessarily receives knowledge of the above-mentioned data insofar as this is provided for in our order processing contract with Microsoft.

7 Data processing outside the European Union

"Teams" is a service provided by a provider from the USA. Personal data is therefore also processed in a third country. We have concluded an order processing contract with the provider of "Teams" that meets the requirements of Art. 28 GDPR.

An appropriate level of data protection is guaranteed on the one hand by Microsoft's "DPFP" certification and on the other hand by the conclusion of the so-called EU standard contractual clauses.

8 What data protection rights do I have?

You have the right to information, correction, deletion or restriction of the processing of your stored data, a right to object to the processing as well as a right to data portability and to lodge a complaint in accordance with the requirements of data protection law.

Right to information:
You can request information from us as to whether and to what extent we process your data.

Right to rectification:
If we process your data that is incomplete or incorrect, you can request that we correct or complete it at any time.

Right to erasure:
You can demand that we erase your data if we process it unlawfully or if the processing disproportionately interferes with your legitimate protection interests. Please note that there may be reasons that prevent immediate erasure, e.g. in the case of statutory retention obligations.
Irrespective of the exercise of your right to erasure, we will erase your data immediately and completely, provided that there are no legal or statutory retention obligations to the contrary.

Right to restriction of processing:
You can demand that we restrict the processing of your data if

• you contest the accuracy of the data, for a period enabling us to verify the accuracy of the data
• the processing of the data is unlawful, but you oppose the erasure of the data and request the restriction of its use instead,
• we no longer need the data for the intended purpose, but you still need this data for the assertion or defence of legal claims, or
• you have objected to the processing of the data.

Right to data portability:
You can demand that we provide you with the data you have provided to us in a structured, commonly used and machine-readable format and that you can transmit this data to another controller without hindrance from us, provided that

• we process this data on the basis of your revocable consent or for the fulfilment of a contract between us, and
• this processing is carried out by automated means.

If technically feasible, you can request that we transfer your data directly to another controller.

Right to object:
If we process your data on the basis of a legitimate interest, you can object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defence of legal claims. You can object to the processing of your data for the purpose of direct advertising at any time without giving reasons.

Right to lodge a complaint:
If you are of the opinion that we are violating German or European data protection law when processing your data, please contact us so that we can clarify any questions. Of course, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision. If you wish to assert one of these rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.

9 Am I obliged to provide data?

The processing of your data is necessary for the conclusion or fulfilment of the contract you have entered into with us. If you do not provide us with this data, we will generally have to refuse to conclude the contract or will no longer be able to fulfil an existing contract and will therefore have to terminate it. However, you are not obliged to give your consent to data processing with regard to data that is not relevant or legally required for the fulfilment of the contract.

back to the menu

Information obligations for visitors

The protection of your personal data is of particular concern to us. We therefore process your personal data ("data" for short) exclusively on the basis of the statutory provisions. With this data protection declaration, we would like to inform you comprehensively about the processing of your data in our company and the data protection claims and rights to which you are entitled in accordance with Art. 13 & 14 GDPR.

1 Who is responsible for data processing and who can you contact?

The controller is
MT-Propeller Entwicklung GmbH
Flugplatzstr. 1
94348 Atting
Telephone: 09429/9409 0
E-mail: support@mt-propeller.com

The company data protection officer is
Nico Becker
Project 29 GmbH & Co KG
Ostengasse 14
93047 Regensburg
E-mail: anfragen@projekt29.de
Phone: 0941-2986930

2 What data is processed and from which sources does this data originate?

We process your personal data as a customer (interested parties, applicants, representatives of legal entities, other contractual partners).

The personal data includes

• First name and surname,
• e-mail address
• telephone number
• Company name
• Date of the visit

3. For what purposes and on what legal basis is the data processed?

We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act 2018 as amended.

• to safeguard legitimate interests (Art. 6 para. 1 lit.f GDPR):
  For the traceability of visits and access control

4 Who receives my data?

The confidentiality of your personal data is important to us. Your personal data will only be passed on in cases where this is necessary to fulfil legal obligations.

• Courts, public prosecutors, tax authorities, supervisory authorities
• Interest groups, arbitration boards
• lawyers,

5 How long will my data be stored?

We store your data for one month in order to be able to clarify any incidents or similar. Your data will then be deleted.

7 Will personal data be transferred to a third country?

Personal data is not transferred to an EU third country.

8 rights of data subjects

Right to information:
You can request information from us as to whether and to what extent we process your data.

Right to rectification:
If we process your data that is incomplete or incorrect, you can request that we correct or complete it at any time.

Right to erasure:
You can demand that we erase your data if we process it unlawfully or if the processing disproportionately interferes with your legitimate protection interests. Please note that there may be reasons that prevent immediate erasure, e.g. in the case of statutory retention obligations.
Irrespective of the exercise of your right to erasure, we will erase your data immediately and completely, provided that there are no legal or statutory retention obligations to the contrary.

Right to restriction of processing:
You can demand that we restrict the processing of your data if

• you contest the accuracy of the data, for a period enabling us to verify the accuracy of the data
• the processing of the data is unlawful, but you oppose the erasure of the data and request the restriction of its use instead,
• we no longer need the data for the intended purpose, but you still need this data for the assertion or defence of legal claims, or
• you have objected to the processing of the data.

Right to data portability:
You can demand that we provide you with the data you have provided to us in a structured, commonly used and machine-readable format and that you can transmit this data to another controller without hindrance from us, provided that

• we process this data on the basis of your revocable consent or for the fulfilment of a contract between us, and
• this processing is carried out using automated procedures.

If technically feasible, you can request that we transfer your data directly to another controller.

Right to object:
If we process your data on the basis of a legitimate interest, you can object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defence of legal claims. You can object to the processing of your data for the purpose of direct advertising at any time without giving reasons.

Right to lodge a complaint:
If you are of the opinion that we are violating German or European data protection law when processing your data, please contact us so that we can clarify any questions. Of course, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision.
If you wish to assert one of these rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.

9 Am I obliged to provide data?
The processing of your data is necessary for the conclusion or fulfilment of the contract you have entered into with us. If you do not provide us with this data, we will generally have to refuse to conclude the contract or will no longer be able to fulfil an existing contract and will therefore have to terminate it. However, you are not obliged to give your consent to data processing with regard to data that is not relevant or legally required for the fulfilment of the contract.

back to the menu