Declaration of Consent according to EU General Data Protection Regulation (DSGVO)

Subject

In your customer portal (my.deprag.com), the company DEPRAG SCHULZ GMBH u. CO. KG (hereinafter DEPRAG) processes personal data in accordance with the legal requirements of the EU General Data Protection Regulation (DSGVO) and the German Federal Data Protection Act (BDSG). Pursuant to article 6 paragraph 1 lit. a DSGVO, consent must be granted for the processing of personal data required for the provision of services. Consent granted may be withdrawn at any time. Please note that withdrawal is only valid with future effect. Processing which occurred before withdrawal is not affected. An overview of the current status of your consent can be requested from us at any time.

Party responsible for data processing

DEPRAG SCHULZ GMBH u. CO. KG
Carl-Schulz-Platz 1
92224 Amberg
Deutschland
Tel: +49 (0) 9621 / 371-0
Fax +49 (0) 9621 / 371-120

Email: info@deprag.de
Internet www.deprag.com

Managing Directors:
Dr. Erik Hallmann / Dr.-Ing. Rolf Pfeiffer

Data Protection Officer for the responsible party

Bastian Blank
Carl-Schulz-Platz 1
92224 Amberg
Deutschland
Tel: +49 (0) 9621 / 371-208
Email: datenschutz@deprag.de

Intended purpose

Your personal data is processed for the following purposes:

• Personal address in the DEPRAG customer portal.
• Attribution of your data to a company.
• Creation of quotations, orders and order confirmations with our logistics system.
• Display of all quotations / order confirmations filed for your company in the DEPRAG customer portal.
• Display of orders placed by your company with the DEPRAG customer portal.
• Storage of favourites lists to process machine data

The following personal data is processed:

Address and communication data (title, name, address, telephone, email address, additional contact data).
In addition to the abovementioned data, if products and services are utilised within the scope of any contracts concluded with us, the following additional personal data may be collected, processed and saved:

Contract data (order data, data relating to the fulfilment of contractual obligations, data relating to any third parties), accounting, performance and payment data (direct debit data), tax information, additional personal master data (job title, employer), documentation data (e.g. protocols), product data (e.g. inquiries or orders of products and services).

Cookies

Like many other websites, we also use so-called “cookies”. Cookies are small text files which are transferred from a website server to your hard-drive. In this way, we automatically receive certain data such as IP address, browser and operating system used, and your internet connection.

Cookies cannot be used to start programs or transfer viruses to a computer. Using the information gained from the cookies we are able to simplify navigation and allow for the correct display of our website.

Under no circumstances is the data collected by us transferred to third parties or used to create a link with your personal data without your consent.

Data recipient

Access to your data is provided to those departments within DEPRAG which require it for the fulfilment of contractual and legal obligations. Service providers employed by us can also access the data for these purposes if they uphold our written data privacy instructions.

In regard to data forwarding to recipients outside DEPRAG, it should first be noted that we are bound to secrecy regarding all customer information of which we become aware. We may only pass on information related to you, as per statutory regulations, if you have given permission and/or the processor assigned by us equally guarantees the specifications of the EU General Data Protection Regulation (DSGVO) and the German Federal Data Protection Act (BDSG).

Under these preconditions recipients of personal data can be e.g.:

• Public offices and institutions in case of statutory or regulatory obligation.
• Processors, to whom we transmit your personal data for the purpose of conducting the business relationship. Specifically: Support/maintenance of IT applications, archiving, data destruction, website management, auditing services, payment transactions.

Furthermore, any data stored in the customer portal is made available to all employees of your company who are registered in the customer portal and have granted consent to the processing of their personal data.

Data transfer to third countries

Data transfer to countries outside the EU or the European economic zone (so-called third countries) is only permissible if it is required for the fulfilment of the contract, legally prescribed (e.g. for tax reporting obligations), if you have given permission or within the scope of order processing. If suppliers are situated in third countries, in addition to any written instructions, they are legal bound by agreement of the EU standard contractual clauses to adhere to the level of data protection level in Europe.
 

Duration of data storage

We process and save your personal data for the duration it is required for the fulfilment of our contractual and legal obligations. If data is no longer required for the fulfilment of contractual and legal obligations it is deleted regularly unless required for (temporary) processing for the following purposes:

• Fulfilment of tax and commercial retention periods in accordance with §257 German Commercial Code (HGB) and German Tax Code within the time periods stipulated for storage or documentation of two to ten years.
• Retention of evidence within the statute of limitations. According to §195 ff of the German Civil Code (BGB) the limitation period may be up to 30 years, whereby the regular limitation period is three years.

Data protection rights of the subject

Any person affected has the right to information pursuant to article 15 of the EU Data Protection General Regulation (DSGVO), the right to correction pursuant to article 16 DSGVO, the right to deletion pursuant to article 17 DSGVO, the right to restrict processing pursuant to article 18 DSGVO, the right to appeal pursuant to article 21 DSGVO, and the right to data portability pursuant to article 20 DSGVO. The rights to information and rights to deletion are subject to the constraints of §§34 and 35 of the German Federal Data Protection Act (BDSG). Furthermore, there is a right of complaint to a data protection authority pursuant to article 77 DSGVO in conjunction with §19 BDSG. Consent granted for the processing of personal data can be revoked at any time. This is also valid for the withdrawal of declarations of consent which were granted before the validity of the EU General Data Protection Regulation, i.e. before 25th May 2018. Withdrawal of consent does not affect the legality of processing which occurred before consent was revoked.

Data provision obligation

Within the framework of our business relationship you must provide any personal data required to commence and conduct our business relationship and to fulfil contractual or legal obligations. Without this data we will generally have to decline conclusion of the contract, supply of products and services or end an existing contract without completion.

Automated decision (including profiling)

In order to establish and conduct a business relationship we do not generally use automated decision-making (including profiling) in accordance with article 22 DSGVO. If, in individual cases, we were to take this approach, we would specifically inform you if legally required.

Right of withdrawal

You can withdraw your consent at any time. You may use the relevant function in the customer portal. You can also directly register your withdrawal with the above-named Data Protection Officer.

Consent

I hereby consent to the processing of my personal data for the purposes described above. I grant this consent voluntarily. This consent can be withdrawal at any time with effect for the future.