Skip to main content
Brünofix - Surface treatment since 1905 logoBrünofix - Surface treatment since 1905 logo

INFORMATION OBLIGATION FOR COSTUMERS

Duty to provide information pursuant to Art. 13 and Art. 14 GDPR on the processing of customer data and prospective customer data

Duty to provide information Art. 13 and 14Customer data and prospective customer data

We would like to inform you about how we handle your personal data and what rights you have under the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). Responsibility for data processing lies with the organisation DEWE Brünofix GmbH (hereinafter referred to as ‘we’ or ‘us’).

Responsibilities

The following party is responsible for processing your personal data:

DEWE Brünofix GmbH
Ralf S. Schmidt
Pruppacher Weg 8
D-91126 Rednitzhembach
Telephone: +49 9122 9868-100
Email: info@bruenofix.de

Contact details for the data protection officer

Data protection Pöllinger GmbH
Gisela Pöllinger
Dresdner Straße 38 
92318 Neumarkt
E-mail: kontakt@datenschutz-poellinger.de
Telephone: 09181-2705770

General information on the legal basis for data processing

‘Personal data’ is any information relating to an identified or identifiable natural person. We process this data in accordance with the applicable data protection laws, in particular the GDPR and the BDSG. We may only process personal data if we have legal permission to do so.

We process personal data only with your consent, to conclude a contract with you or to respond to your enquiry in connection with a potential business relationship, to fulfil legal obligations or to protect our legitimate interests, provided that this does not adversely affect your interests or fundamental rights and freedoms that require the protection of personal data.

Storage period for personal data

We only store your data for as long as is necessary to fulfil the purpose of the processing or to fulfil our contractual or legal obligations, unless otherwise stated in the following information. Statutory retention obligations may arise from commercial or tax law. After the end of the calendar year in which we collected the data, we will store personal data contained in our accounting documents for ten years and personal data contained in business letters and contracts for six years. Furthermore, we will store data in connection with consents requiring verification as well as complaints and claims for the duration of the statutory limitation periods. Data stored for advertising purposes will be deleted if you object to the processing for this purpose.

Processing in the exercise of your rights

If you wish to exercise your rights under Articles 15 to 22 of the GDPR, we will process the personal data you have provided in order to implement these rights and to be able to provide proof of this. We will process the data stored for the purpose of providing information and preparation exclusively for this purpose and for the purpose of data protection control and otherwise restrict the processing in accordance with Article 18 of the GDPR.

These processing operations are based on the legal basis of Article 6(1)(c) of the GDPR in conjunction with Articles 15 to 22 of the GDPR and Section 34(2) of the BDSG.

Rights of the data subject

The General Data Protection Regulation (GDPR) guarantees every data subject certain rights with regard to their personal data. These include:

  • The right of access: Every data subject has the right to obtain from us confirmation as to whether or not personal data is being processed and to request access to this data, as well as further information and copies of this data.
  • The right to rectification: Every data subject has the right to request the immediate rectification of inaccurate personal data.
     
  • The right to erasure (‘right to be forgotten’): every data subject has the right to request the immediate erasure of their personal data.
     
  • The right to restriction of processing: Every data subject has the right to request the restriction of the processing of their personal data.
  • The right to data portability: Every data subject has the right to receive the personal data concerning them, which they have provided to us, in a structured, commonly used and machine-readable format.
     
  • Right to object: Every data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. If we process personal data about the data subject for the purpose of direct marketing, the data subject may object to this processing in accordance with Art. 21 (2) and (3) GDPR.
  • Please address the objection in writing to:
    DEWE Brünofix GmbH
    Ralf S. Schmidt
    Pruppacher Weg 8
    D-91126 Rednitzhembach
    Telephone: +49 9122 9868-100
    Email: info@bruenofix.de

The data subject also has the right to complain to a supervisory authority if they believe that the processing of their personal data violates the GDPR.

The supervisory authority responsible for us is: Bavarian Data Protection Authority

Information on the processing of personal data

Scope of processing, purpose and legal basis for processing
Purpose of processing

We process your personal data to the extent necessary to fulfil the following purposes:

  • Fulfilment of contractual obligations (order, commission and payment processing, invoicing)
  • Collection, processing or use of personal data is carried out to fulfil the business purpose, such as pre-contractual measures (e.g. to prepare offers, process enquiries)
  • Maintaining business contact and providing information to the business partner about new products and services
  • Conducting satisfaction surveys
  • Legal obligation to process (e.g. due to tax requirements)
  • Conducting telephone conferences, online meetings and video conferences
Legal basis

The legal basis for the processing of your personal data for the above-mentioned purposes is/are

  • Consent (Art. 6 para. 1 lit. a GDPR, Art. 7 GDPR)
  • Fulfilment of contract (Art. 6 para. 1 lit. b GDPR)
  • Legal obligations (Art. 6 para. 1 lit. c GDPR)
  • Legitimate interest (Art. 6 para. 1 lit. f GDPR)
Sources of personal data

The stored data was collected in the context of our contractual relationship and for the purpose of initiating the contract, as well as for individual orders, or it was created in the context of business relationships and business initiation. The data is stored for the purpose of fulfilling and processing the orders placed with us, as well as for the purposes of commercial and tax law documentation and archiving obligations, e.g.: data from entries in the ERP system, signatures from e-mails and documents. In this respect, your data is processed on the basis of Article 6 (1) (b), (c), (f) EU-GDPR.

If personal data is not collected directly from the data subject, the controller is obliged to inform the data subject about the sources of this data.

  • From the data subject
  • Technically-related, automatic transmission
Categories of personal data

If personal data is not collected directly from the data subject, the controller is obliged to inform the data subject about the categories of data concerned.

  • Contact details
  • Name
  • Address
  • Customer number
  • Billing and payment data
  • Order and contract data
  • Communication data
  • Meeting metadata
  • Log data
  • Text, audio and video data
  • ID number and issuing authority
Legitimate interests

The specification of the ‘legitimate interests’ of the controller or third party, which are pursued by the processing of personal data, refers to Art. 6 para. 1 sentence 1 lit. f GDPR.

  • Company interest
Storage duration

We will inform you about the period for which the personal data will be stored or, if this is not possible, the criteria for determining that period.

  • 10 years: Annual financial statements, opening balance sheets, commercial and business books, records, work instructions, organisational documents, invoices and accounting vouchers (HGB, AO, EStG, KStG, GewStG, UStG, AktG, GmbHG, GenG)
  • 30 years: Enforceable titles
  • 6 years: Commercial and business letters and other documents (HGB, BGB)
Possible consequences of not providing personal data

The provision of personal data by the data subject may be required on a legal or contractual basis or may be necessary for the conclusion of a contract. There may also be a legal obligation to provide the data.

Failure to provide personal data could lead to the following consequences:

  • The contract cannot be properly fulfilled. Legal obligations cannot be guaranteed.
Automated decision-making and profiling

There are no automated decision-making procedures in accordance with Art. 22 GDPR or other profiling measures in accordance with Art. 4 No. GDPR.

Data recipients

Recipients of personal data outside the organisation

Article 4, paragraph 9 of the General Data Protection Regulation (GDPR) defines the term ‘recipient’ as ‘the natural or legal person, public authority, agency or any other body to which personal data are disclosed, whether or not it is a third party’.

  • Website provider
  • IT service provider
  • Software provider
  • Waste disposal company
  • Banks
  • Tax authorities
  • Tax advisors
  • Customs
  • Court
  • Financial authorities
  • Lawyer
  • Law enforcement authorities
  • Credit reform
Timeliness and amendment of this information obligation in accordance with Art. 13 and Art. 14 DSGVO

This data protection information is currently valid and is dated 13.03.2024
Due to changes in legal or official requirements, it may be necessary to change this information.

Back