Skip to main content

Information on the processing of customer/supplier data

Support
  • Updated

1.        General Information

Erwin Hymer Group Services GmbH takes the protection of your personal data very seriously. Your privacy is an important concern for us. We process your personal data in accordance with the applicable statutory data protection requirements for the purposes listed below. Personal data within the meaning of this data protection information is all information that relates to you personally.

Below you will find out how we handle this data. For a better overview, we have divided our data protection information into chapters.

1.1.     Centre responsible for data processing

Erwin Hymer Group Services GmbH

Holzstr. 15

D - 88339 Bad Waldsee

Telephone: +49 (0) 7524 999-0

E-mail: EHGS-info@erwinhymergroup.com

1.2.   Data Protection Officer

If you have any questions or comments about data protection (e.g. about accessing and updating your personal data), you can also contact our data protection officer directly.

DDSK GmbH

- Stefan Fischerkeller -

Dr.-Klein-Str. 29

D - 88069 Tettnang

Phone: +49 (0) 7542 949 21 00

E-mail: datenschutz@erwinhymergroup.com

2.      Processing frame

2.1.   Source and origin of data collection

We process personal data that we have collected directly from you.

Insofar as this is necessary for the provision of our services, we process personal data legitimately received from other companies or other third parties (e.g. credit agencies, address publishers). We also process personal data that we have legitimately taken, received or acquired from publicly accessible sources (e.g. telephone directories, commercial and association registers, population registers, debtor registers, land registers, press, internet and other media) and are authorised to process.

2.2.  Data categories

Relevant personal data categories can be in particular

2.2.1.       Data categories in the context of the supplier relationship

  • Personal data (e.g. name, date of birth, place of birth, nationality, profession/industry and comparable data)

  • Contact details (address, e-mail address, telephone number and similar data)

  • Confirmation of payment/cover for bank and credit cards

  • Customer history

  • Commissions and delivery addresses

  • Data about your use of the telemedia offered by us (e.g. time of access to our websites, apps or newsletters, pages/links clicked on by us or entries and comparable data)

  • Video and image recordings

  • Creditworthiness data

  • Communication data (user details, content data, connection data and comparable data) in the context of telephone conferences, video conferences and web meetings through the use of internet-based communication tools (hereinafter referred to as "communication tools"): Web meetings)

2.2.2.     Data categories as a dealer:

  • Personal data (name, date of birth, profession/industry and comparable data)

  • Contact data about you or about employees, if not collected directly (address, e-mail address, telephone number and similar data)

  • Confirmation of payment/cover for bank and credit cards, if personalised

  • Customer history

  • Commissions and delivery addresses

  • Correspondence

  • Vehicle information of your customers, e.g. in connection with guarantee and warranty claims (start/start of guarantee/warranty, serial or chassis numbers, year of manufacture, registration date, etc.)

2.2.3.     Data categories in the customer relationship:

  • Personal details (name, address)

  • Contact details (address, e-mail address, telephone number and similar data)

  • Details of your vehicle (e.g. serial or chassis number, year of manufacture, registration date or, in the case of uprating, copies of the vehicle licence, expert opinion on your vehicle, etc.)

2.3. Purposes and legal basis of the data processed

We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), the new version of the Federal Data Protection Act (BDSG-neu) and other applicable data protection regulations (details below). Which data is processed in detail and how it is used depends largely on the services requested or agreed in each case. Further details or additions to the purposes of data processing can be found in the respective contract documents, forms, a declaration of consent and/or other information provided to you (e.g. as part of the use of our website or our terms and conditions).

2.3.1.      Purposes for the fulfilment of a contract or pre-contractual measures (Art. 6 para. 1 b GDPR)

The processing of personal data is carried out to fulfil our contracts with you and to execute your orders, as well as to carry out measures and activities in the context of pre-contractual relationships, e.g. with interested parties. These essentially include

Contract-related communication with you, the corresponding billing and associated payment transactions, the verifiability of orders and other agreements as well as quality control through appropriate documentation, goodwill procedures, measures to control and optimise business processes and to fulfil general duties of care, management and control by affiliated companies; statistical evaluations for corporate management, cost recording and controlling, reporting, internal and external communication, emergency management, billing and tax assessment of operational services, risk management, assertion of legal claims and defence in legal disputes; warranty of IT security (including System or plausibility tests) and general security; warranty of the integrity, authenticity and availability of data, prevention and investigation of criminal offences, as well as monitoring by supervisory bodies or control authorities (e.g. Revision).

2.3.2.     Purposes within the scope of a legitimate interest of us or third parties (Art. 6 para. 1 f GDPR)

Beyond the actual fulfilment of the contract or preliminary contract, we may process your data if it is necessary to protect our legitimate interests or those of third parties, in particular for the following purposes

  • the assertion of legal claims and defence in legal disputes that are not directly attributable to the contractual relationship;

  • the further development of services and products as well as existing systems and processes;

  • the effective processing of enquiries using IT-supported ticket and document management systems, in particular for complaints, guarantee or warranty claims;

  • the prevention and investigation of criminal offences, unless exclusively for the fulfilment of legal requirements;

  • the restricted storage of the data if deletion is not possible or only possible with disproportionate effort due to the special type of storage;

  • internal and external investigations and security checks;

  • the receipt and maintenance of certifications of a private or official nature;

  • the effective and resource-saving organisation of web meetings through the use of internet-based communication tools.

2.3.3.     Purposes within the scope of your consent (Art. 6 para. 1 a GDPR)

The processing of your personal data for specific purposes (e.g. Use of your e-mail address for marketing purposes, for the use of further communication channels in the context of clarifying the facts) can also take place on the basis of your consent. As a rule, you can revoke your consent at any time. This also applies to the revocation of declarations of consent given to us before the GDPR came into force, i.e. before 25 May 2018.

You will be informed separately about the purposes and consequences of revoking or not granting consent in the corresponding text of the consent. In principle, the revocation of consent is only effective for the future. Processing that took place before the cancellation is not affected by this and remains lawful.

2.3.4.    Purposes for the fulfilment of legal requirements (Art. 6 para. 1 c GDPR) or in the public interest (Art. 6 para. 1 e GDPR)

Like everyone involved in business, we are also subject to a large number of legal obligations. These are primarily legal requirements (e.g. Commercial and tax laws), but also any regulatory or other official requirements. The purposes of processing may include the fulfilment of control and reporting obligations under tax law, as well as the archiving of data for the purposes of data protection and data security, as well as auditing by tax and other authorities. In addition, the disclosure of personal data may become necessary in the context of official/judicial measures for the purposes of gathering evidence, criminal prosecution or the enforcement of civil law claims.

2.4. Automated decisions in individual cases including profiling (Art. 22 GDPR)

We do not use any purely automated decision-making processes. Should we use such a procedure in individual cases in the future, we will inform you of this separately if this is required by law.

2.5. Consequences of not providing data

As part of the business relationship or communication with you, you must provide the personal data that is necessary for the establishment, execution and termination of the legal transaction and the fulfilment of the associated contractual obligations or for processing your request or that we are legally obliged to collect. Without this data, we will not be able to carry out the legal transaction with you or process your enquiry/request satisfactorily.

3.      Recipient of the data

3.1.   Within the EU

Within our company, those internal departments or organisational units receive your data that need it to fulfil our contractual and legal obligations or as part of the processing and implementation of our legitimate interest.

Your data will only be passed on to external bodies

  • in connection with the execution of the contract;

  • for the purpose of clarifying the facts on the basis of your enquiry/concern (e.g. complaints, warranty/warranty processing)

  • for the purposes of fulfilling legal requirements according to which we are obliged to provide information, report or pass on data or the passing on of data is in the public interest (see section 2.3.4);

  • insofar as external service providers process data on our behalf as processors or function providers (e.g. Data centres, support/maintenance of EDP/IT applications, archiving, document processing, call centre services, compliance services, controlling, data validation and plausibility checks, data destruction, purchasing/procurement, customer administration, lettershops, marketing, media technology, research, risk controlling, billing, telephony, website management, auditing services, credit institutions, printing companies or companies for data disposal, courier services, logistics);

  • on the basis of our legitimate interest or the legitimate interest of the third party for the purposes mentioned (e.g. to authorities, credit agencies, debt collection agencies, lawyers, courts, experts, subsidiaries and committees and supervisory bodies);

  • if you have given us your consent to transfer your data to third parties.

  • We will not pass on your data to third parties beyond this. Insofar as we commission service providers as part of order processing, your data is subject to the same safety standards as ours. In other cases, the recipients may only use the data for the purposes for which it was transmitted to them.

3.2. Outside the EU

Data is transferred to bodies in countries outside the European Union (EU) or the European Economic Area (EEA), so-called third countries.

3.3. Recipient overview

The following recipients receive your data as part of the data processing described here:

Recipient:                      Erwin Hymer Group SE, Holzstr. 19, D-88339 Bad Waldsee

Third country transfer:            There is no transfer to a third country.

4.     Storage periods

We process and store your data for the duration of our business relationship. This also includes the initiation of a contract (pre-contractual legal relationship) and the fulfilment of a contract.

In addition, we are subject to various record retention and documentation obligations, including – inter alia – those imposed by the German Commercial Code (Handelsgesetzbuch – HGB) and The Fiscal Code of Germany (Abgabenordnung – AO). The retention and documentation periods specified there are up to ten years to the end of the calendar year after the end of the business relationship or the pre-contractual legal relationship.

Furthermore, special statutory provisions may require a longer retention period, e.g. the preservation of evidence within the framework of statutory limitation periods. According to Sections 195 et seq. of the German Civil Code (BGB), the regular limitation period is three years; however, limitation periods of up to 30 years may also be applicable.

If the data are no longer required for the fulfilment of contractual or legal obligations and rights, they are regularly deleted unless their - temporary - further processing is necessary for the fulfilment of the purposes for an overriding legitimate interest. Such an overriding legitimate interest also exists, for example, if deletion is not possible or only possible with disproportionate effort due to the special type of storage and processing for other purposes is excluded by suitable technical and organisational measures.

5.      Your rights

Subject to certain conditions being met, you can also exercise your data protection rights in relation to us: When submitting requests to exercise your rights, you should – wherever possible – address them in writing or via e-mail to Hymer GmbH & Co. KG, info@hymer.com or address them directly to our Data Protection Officer in writing or via e-mail.

  • For instance, you have the right to obtain from us information about personal data concerning you that is in our storage systems in accordance with the provisions of Art. 15 GDPR (where applicable, subject to the restrictions of Section 34 BDSG-Neu = German Federal Data Protection Act, new version).

  • At your request, we will rectify any stored data concerning you in accordance with Art. 16 GDPR if the data are inapplicable or inaccurate.

  • If you so wish, we will erase your data in accordance with the principles of Art. 17 GDPR, unless this is prevented by other legal regulations (e.g. legal record retention obligations or the restrictions imposed by Section 35 BDSG-Neu) or unless we have an overriding legitimate interest (e.g. to defend our rights and claims).

  • Subject to the conditions of Art. 18 GDPR, you can demand that the processing of your data be restricted.

  • If your personal data are processed on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR or if they are necessary for the performance of a task carried out in the public interest or in the exercise of official authority, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, data subjects have a general right of objection, which will be implemented by us without reference to a particular situation.

  • Subject to the conditions of Art. 20 GDPR, you also have the right to receive your data in a structured, commonly used and machine-readable format or to have the data transmitted to a third party.

  • In addition, you have the right to revoke your consent to the processing of personal data at any time with effect for the future.

  • Furthermore, you have a right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). Nevertheless, we recommend that you always direct any complaints to our Data Protection Office in the first instance.

You can contact the supervisory authority responsible for us at

The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg

Heilbronner Street 35

70191 Stuttgart 

P.O. Box 10 29 32

Phone 0711/615541-0

poststelle@lfdi.bwl.de

Related articles