Data Security Notice
Information provided by Brauns International Moving Services GmbH concerning the processing of data pursuant to Article (Art.) 13, 14 and 21 of the General Data Protection Regulation (GDPR) applicable as of May 25th, 2018
We take data protection seriously. The following notice intends to inform you about our means of processing data concerning you and your claims and rights in accordance with the relevant data protection regulations.
1. The parties responsible for the processing of your data and contact details
1.1 Data controller
1.2 Contact details of our company data protection officer:
2. Purposes and legal basis for the processing of your data
We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other applicable data protection rules.
The individual type, scope and purpose of data being processed und used by us, is principally determined by the content of the respective cooperation requested or agreed upon.
Please find further details or amendments about the purposes of the data processing below or in the respective contract documents, forms, the declaration of consent and/or other sources of information provided to you (such as the use of our website or our Terms and Conditions).
2.1 Purposes for the performance of a contract or in order to take steps prior to entering into a contract
(Art. 6 (1) b) GDPR)
We process personal data for the purpose of providing business to perform the contracts with you, execute your orders, implement activities and take all necessary steps prior to entering into a contract, for example with interested customers. The processing of data in particular serves the supply of goods in accordance with your orders and requests and includes all necessary services, steps and activities.
These primarily include the contract-related communication with you, the traceability of transactions, orders and other agreements, quality control and the documentation of such controls, goodwill proceedings, measures in order to manage and optimise business processes and to fulfil general duties of care, statistical analyses for corporate management, recording and controlling of costs, reporting activities, internal and external communication, emergency management, accounting and tax assessment of operational performances, risk management, establishing legal claims and defending legal interests; guarantee of the IT security (incl. system or plausibility checks) and general security, including building and facility safety, exercising the householder's rights (for example by admission controls); assured integrity, authenticity and availability of the data, preventing and fighting crimes.
2.2 Purposes of legitimate interests pursued by us or by a third party
(Art. 6 (1) f) GDPR)
In addition to the prime fulfilment of our contract or preliminary agreement, we may process your data, if applicable and necessary, in order to safeguard the legitimate interests pursued by us or by a third party, in particular for the following purposes:
- Customer service/support, advertising or market and opinion research, unless you objected the further use of your data;
- Gathering of information and data exchange with credit agencies for anything that goes beyond our commercial risk;
- Evaluating and optimising procedures for demand analysis;
- Further development of services and products, existing systems and processes;
- Enhancement of our data, for example by using or researching publicly available data;
- statistical evaluations or market analyses;
- Asserting legal claims and mounting a defence in the event of litigation which cannot be attributed directly to the contractual relationship;
- Restricted storage of data if special storage methods makes the deletion impossible or involve a disproportionately effort;
- Development of scoring systems or automated decision-making processes;
- Prevention and investigation of crimes, unless to comply with legal requirements;
- Ensuring the security of the building and facilities (e.g. through admission control and video surveillance) if exceeding general duties of care;
- Internal and external examinations, security screening;
- Obtaining and maintaining certifications of public or private nature;
- Ensuring and enforcing the householder's rights by taking respective measures, such as video surveillance for the safety of our customers and staff members and preserving evidence in the event of crimes or their prevention.
2.3 Purposes of processing on the basis of your consent
(Art. 6 (1) a) GDPR)
Your personal data may also be processed for specific purposes (such as the use of your e-mail address for marketing purposes) if you have granted us your consent. Generally, you may revoke any consent granted at any time. This also applies to the revocation of declarations of consent that were granted to us prior to the entry into force of the GDPR, i.e. prior to May 25th, 2018. You will be informed separately about the purposes and the consequences of revoking or not granting your consent with a corresponding note in the text of the declaration of consent. Please be advised that the revocation shall only have effect for the future. Any data processing carried out prior to the revocation shall not be affected thereby and will remain lawful.
2.4 Purposes of processing for compliance with a legal obligation (Art. 6 (1) c) GDPR) or in the public interest (Art. 6 (1) e) GDPR)
We are subject to various legal obligations. These are primarily statutory or legal regulations (such as trade and tax laws), but also, if applicable, supervisory or other official requirements (such as sanctions lists). These purposes of processing include, but are not limited to, identity and age verification, prevention, combating & clarification of terrorism financing and property-related offenses, reconciliation with European and international anti-terror lists, fraud and money laundering prevention, compliance with tax control and reporting requirements and archiving data for the purposes of data protection and data security as well as audits by tax and other authorities. Apart from this, the disclosure of personal data may be necessary in the case of official or judicial measures for the purpose of taking evidence, prosecution or enforcement of claims under civil law.
3. Categories of the data we process and their origin if not received from you directly
We process personal data that we receive from you in the course of our business relationship. In addition, we process - insofar as necessary for the provision of our services - personal data which have lawfully been transmitted to us from other companies or other third parties (e.g. credit agencies, address publishers). We also process personal data that we obtained and are permitted to process from publicly accessible sources (such as telephone directories, commercial and association registers, residential registers, debtor directories, land registry records, the press, the internet and other media).
Relevant categories of personal data categories can be:
- Personal data (name, date/place of birth, nationality, marital status, occupation/branch and comparable data)
- Contact details (address, e-mail, telephone number and comparable information)
- Credentials (ID details and comparable information)
- Proof of payment/guaranteed amount of bank and credit cards
- Information about your financial situation (credit-history data including scoring, also data to assess the economic risk)
- Your customer history
- Data about your use of the telemedia we offer (e.g. time when you visit our websites, apps or newsletters, visited pages/links or entries and comparable data)
- Video data
4. Recipients or categories of recipients of your personal data
Within our company, we will only give access to your data to internal bodies or organizational entities that require them for the fulfilment of our contractual and legal obligations or the processing and implementation of our legitimate interest. Your data will only be disclosed to external bodies
- in order to perform the business relation with you;
- to comply statutory obligations when we are legally required to give information or notification or in the event of a public interest (see Para. 2.4);
- when external service institutions have been commissioned by us to process data as processors or took over this function (e.g. external datacentres, support/maintenance of EDP/IT applications, archiving, document processing, call-centre services, compliance services, controlling, data screening for anti-money laundering purposes, data validations or plausibility checks, data destruction, purchasing/procurement, customer management, letter shops, marketing, media technology, research, risk controlling, accounting, telephony, website management, auditing services, credit institutes, print shops or data removal firms, courier services, logistics);
- in the event of a legitimate interests pursued by us or by a third party in compliance with the purposes listed in Para. 2.2 (e.g. to authorities, credit agencies, collection companies, lawyers, courts, experts/evaluators);
- if you have given us your consent to transfer your data to a third party.
- Apart from the above mentioned provisions, we will not disclose your data to a third party. When we commission service providers with the processing of orders, they fulfil the same safety standards as we do. In all other cases, the recipients of the data may only use the data transferred for the purposes for which they were transmitted.
5. Period of storage of personal data concerning you
We process and store your personal data only for the duration of our business relation. This also includes the initiation of a contract (pre-contractual relations) and the execution of a contract.
In addition, we are subject to various requirements for storage and documentation, including the German Commercial Code (HGB) and the German Tax Code (AO). The deadlines for storage and documentation specified there are up to ten years after the business relation or the pre-contractual relation has ended.
Furthermore, the storage period may also be based on special statutory provisions, such as the preservation of evidence that provides longer statutory limitation periods. According to §§ 195 ff. of the German Civil Code (BGB), the statutory limitation period generally amounts to three years, but in some cases it is up to 30 years.
If the personal data are no longer required for the performance of contractual or statutory rights and obligations, they will be deleted on a regularly basis, unless their - temporary - processing is necessary to fulfil an overriding legitimate interest of the purposes listed in Art. 2.2. An overriding legitimate interest shall be regarded as such when the deletion of data is impossible or involves a disproportionately effort due to the special way of storage and the processing for other purposes can be excluded through suitable technical and organisational measures.
6. Processing of your data in a third country or by an international organisation
Your data will only be transmitted to bodies in countries outside the European Community (EC) or the European Economic Area (EEA) (so-called third countries) if it is necessary for the execution of your order or the performance of a contract with you, or if there is a statutory obligation (e.g. fiscal reporting requirements), or in order to safeguard the legitimate interest pursued by us or a third party or if you have granted us consent to do so.
The processing of your data in a third country may also take place when service providers are commissioned with the processing of an order. In the absence of a decision by the Commission regarding adequate data protection in the respective country, we will provide appropriate safeguards for the enforcement of your rights and freedoms and effective legal remedies pursuant to the EC data protection requirements by means of adequate contracts. Detailed information will be available for you upon request.
Information on appropriate or adequate safeguards and the possibility of receiving copies from you, are available upon request from the company's data protection officer.
7. Your data protection rights
You can enforce your data protection rights against us under certain circumstances:
- You shall have the right of access to stored data concerning you pursuant to the regulations of Art. 15 GDPR (which may also be subject to the restrictions under section 34 BDSG).
- Upon request, we will correct the stored data concerning you pursuant to Art. 16 GDPR if they are inaccurate or incorrect.
- If you wish, we will erase the data concerning you pursuant to the principles of Art. 17 GDPR unless this is opposed by other statutory regulations (e.g. legal archiving periods or restrictions under section 35 BDSG) or an overriding legitimate interest pursued by us (e.g. to defend our rights and claims).
- In the light of the conditions set out in Art. 18 GDPR, you shall have the right to obtain from us the restriction of processing the data concerning you.
- You shall also have the right to object at any time to processing of personal data concerning you pursuant to Art. 21 GDPR. We shall then no longer process your personal data. However, this right to object only applies on grounds relating to your particular situation, whereas our legitimate grounds for the processing may prelude your right to object.
- Under the conditions set out in Art. 20 GDPR, you shall also have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format and have the right to transmit those data to a third person.
- Furthermore you shall have the right to revoke at any time your consent to the processing of personal data which shall have an effect for the future (see Para 2.3).
- You also have a right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). However, we recommend you to first contact out data protection officer when you have complaint.
Your requests to exercise your rights should be made in writing, if possible, and sent to the address mentioned above or to our company's data protection officer directly.
8. Scope of your obligation to provide us data
You must only provide personal data which is necessary for the initiation and execution of a business relationship or a pre-contractual relationship or which we are legally obligated to collect. As a rule, we would not be able to enter into any contract or execute the order without these data. This may also apply to any future data that become necessary during the course of our business relation. If we need any additional data from you beyond the above mentioned purposes, we will inform you separately that the provision of these data is voluntary.
9. Automated individual decision-making (including profiling)
We do not make decisions based on automated processing as defined in article 22 GDPR. If we use these procedures in individual cases in the future, we will inform you of this separately, provided that this is prescribed by law.
In some cases, we process your data with the aim of evaluating certain personal aspects (profiling).
In order to inform you about and give you advice on our products in a more targeted way, we may use evaluation methods. They allow us to provide a more needs-oriented product design, communication and advertisement, including market and opinion research.
These methods may also be used to assess your solvency and creditworthiness and to combat money laundering and fraud. In order to assess your solvency and creditworthiness, we may use so-called score values. Scoring uses mathematical methods to assess the probability that a costumer will fulfil his or her contractual payment commitments. The results (score values) help us, for example, to assess the creditworthiness, have an impact on our decision-making when we sell products and flow into our risk management. The evaluation is based on proven and recognised mathematical and statistical methods using your data, including, but not exclusively, your income situation, expenses, further liabilities, profession, employer, period of employment, experiences from the previous business relationship, contractual payment of previous loans and information from credit agencies.
We do not process any details on the nationality or special categories of personal data as defined in Art. 9 GDPR.
10. Information about your rights of objection based on Art. 21 GDPR
1. You have the right to object, on the grounds relating to you particular situation, at any time to processing of personal data concerning you which is based on article 6 (1) f) GDPR (processing for the purposes of safeguarding legitimate interests) or article 6 (1) e) GDPR (processing in the public interest). This also includes any profiling based on those provisions within the meaning of article 4 (4) GDPR.
If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or unless the processing is for the establishment, exercise or defence of legal claims.
2. In certain cases, we may process your personal data for direct marketing purposes. You have the right to object at any time to processing of personal data concerning yourself for such marketing, which includes profiling to the extent that it is related to such direct marketing. We will respect your objection in the future.
If you object to processing for direct marketing purposes, we will no longer process your personal data for such purposes.
Managementhandbuch (1-13-FB-04.19-1-Datenschutzinformation Kunden.docx) MF 0567/a