Our complete contact details as the responsible body within the meaning of the DS-GVO are
Neukirchner Str. 5
The contact details of our data protection officer are as follows:
Dr. Christian Velten, firstname.lastname@example.org
What data do we process from you?
We process personal data in accordance with the provisions of the Basic Data Protection Regulation (DS-GVO), the Federal Data Protection Act (BDSG) and other applicable data protection regulations (details below). Which data is processed in detail and in what way it is used depends largely on the contractual services requested or agreed upon in each case.
We process the following data from you:
– Surname, first name
– Contact details (address, telephone number, e-mail address)
– Order data (especially ordered goods, date, time of the order)
– Bank and payment data (in particular, depending on the selected payment method, bank details, credit card data)
– Data on complaints and satisfaction assessment (for suppliers)
– Communication flow / e-mail correspondence
– Creditworthiness data
– Date of birth
With regard to the data processed when using our website, we refer to our data protection declaration at www.biogrund.com
For what purpose do we process your data and what is the legal basis?
We process your data for various purposes. There are different legal bases for these purposes. We would like to explain this to you in more detail below:
a) Establishment and processing of contractual relationships
The purpose of the data processing carried out is first of all the justification and execution of the contract. For this purpose, we process your personal data to the extent necessary for the execution of a contract concluded with you or for pre-contractual measures which are carried out on the basis of your application. In particular, the processing serves to process your orders or deliveries according to your or our orders and requests and includes the necessary measures and activities. This includes in particular contract-related communication with you, the traceability of transactions, orders and other agreements as well as quality control through appropriate documentation, complaint and goodwill procedures, measures for the control and optimization of business processes as well as for the fulfillment of the general duty of care, management and control by affiliated companies (e.g. e.g. parent company); statistical evaluations for corporate management, cost recording and controlling, reporting, internal and external communication, emergency management, accounting and tax evaluation of operational services, risk management, assertion of legal claims and defence in legal disputes; ensuring IT security (including system and plausibility tests)
The legal basis for the processing is Article 6(1)(b) of the DS-GVO.
A processing of your personal data for certain purposes (e.g. use of your e-mail address for marketing purposes) can also take place on the basis of your consent. The legal basis for data processing on the basis of your consent is Art. 6 Paragraph 1 lit. a DS-GVO.
You can revoke your consent at any time without giving reasons. The revocation is effective for the future. The lawfulness of processing operations in the past remains unaffected.
c) Data processing based on legal obligations
In addition, like any commercially active company, we are subject to a large number of legal obligations, in particular legal requirements (e.g. commercial and tax laws), but also, where applicable, regulatory or other official requirements. The purposes of processing may include identity and age verification, fraud and money laundering prevention, the prevention, combating and clarification of terrorist financing and property-endangering crimes, comparisons with European and international anti-terrorist lists, the fulfilment of tax law control and reporting obligations, the fulfilment of obligations under the Foreign Trade and Payments Act within the framework of export controls and audits by tax and other authorities. In addition, the disclosure of personal data may become necessary within the scope of official/judicial measures for the purpose of gathering evidence, criminal prosecution or the enforcement of civil law claims.
The legal basis for the processing is Art. 6 (1) lit. c DS-GVO.
d) Processing on the basis of an interest pursuant to Article 6 (1) (f) of the DS-GVO
Finally, we may process data to protect legitimate interests of us or third parties. We do this for the following purposes:
– the further development of services and products as well as existing systems and processes;
– advertising or market and opinion research, unless you have objected to the use of your data.
– the enrichment of our data, including the use or research of publicly available data;
– statistical evaluations or market analysis;
– the prevention and clarification of criminal offences, insofar as not exclusively for the fulfilment of legal requirements;
– the personal greeting on site for customer retention
If your personal data are processed on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f DSGVO, you have the right to object to the processing of your personal data pursuant to Art. 21 DSGVO, provided that there are reasons for doing so arising from your particular situation.
If you wish to exercise your right of objection, simply send an e-mail to email@example.com
Are data processed that we do not receive directly from you?
If this is necessary for the execution of the contract concluded with you in accordance with Art. 6 Para. 1 lit. b DS-GVO or if there is a justified interest in individual cases in the sense of Art. 6 Para. 1 lit. f DS-GVO, we obtain an assessment of the credit risk on the basis of mathematical-statistical procedures from the credit reporting agency
Association Creditreform Wiesbaden, Adolfsallee 34, 65185 Wiesbaden
(scoring). For this purpose, the personal data required for the credit assessment, such as name, date of birth, address, bank data, is transferred to the credit agency, whereby your address data is also taken into account. The collection, storage and transfer is therefore carried out for the purpose of credit assessment to avoid a default in payment and on the basis of Art. 6 para. 1 lit. b or Art. 6 para. 1 lit. f. DS-GVO. On the basis of this information, a statistical probability of a credit default and thus your solvency is calculated. If the credit assessment is positive, an order on account is possible. If the credit check is negative, we cannot offer you payment on account.
Recipients or categories of recipients of your data
Within our company, those internal offices or organisational units receive your data which require them to fulfil our contractual and legal obligations or within the scope of processing and implementing our legitimate interests. The data will be passed on to external parties exclusively in connection with the execution of the contract or for the purpose of fulfilling legal requirements according to which we are obliged to provide information, reports or pass on data.
We also work with external service providers who act as processors on our behalf, such as the external computer centre or service providers who are commissioned to maintain our IT systems or to destroy data.
We have concluded contracts with these service providers for order processing, which ensure that the service providers also maintain an appropriate level of security for your data.
As already explained above, it is also possible that we may transfer the necessary data to the Creditreform association for the purpose of a credit assessment.
In addition, we may transfer data to third parties if you have given us your consent to do so.
What consequences can there be if you do not provide us with your data?
You only need to provide us with the data that is necessary for the establishment and execution of a business relationship or for a pre-contractual relationship with us or that we are legally obliged to collect. Without this data we cannot conclude a contract with you, as this would not be feasible. This may also refer to data required later within the scope of the business relationship. If we request additional data from you, you will be informed separately about the voluntary nature of the information and the respective purposes of the data processing.
How long do we store your data?
We process and store your data for the duration of our business relationship. This also includes the initiation of a contract (pre-contractual legal relationship) and the execution of a contract.
Furthermore, we are subject to various storage and documentation obligations, which result from the German Commercial Code (HGB) and the German Fiscal Code (AO), among others. The periods of retention or documentation stipulated there can be up to ten years beyond the end of the business relationship or the pre-contractual legal relationship.
Furthermore, special legal regulations may require a longer retention period, such as the preservation of evidence within the framework of the statutory limitation regulations. According to §§ 195 et seq. of the German Civil Code (BGB), the regular limitation period is three years; however, under certain circumstances limitation periods of up to 30 years may also be applicable.
We will delete your data if there is no longer a legal basis for further storage, in particular if the data is no longer required for the execution of a contractual relationship with you or if you have revoked a consent once given. If the storage of your data is only for the purpose of fulfilling legal storage obligations, for example according to HGB or AO, the processing will be restricted in such a way that access to the data is only possible for the fulfilment of this purpose. Our data protection officer will inform you about the details of our deletion concept.
Is your data processed in a third country?
Data is transferred to bodies in countries outside the European Economic Area (EEA) (so-called third countries) if it is necessary to carry out an order/contract from or with you, if it is required by law (e.g. tax reporting obligations) or if you have given us your consent.
The processing of your data in a third country may also be carried out in connection with the involvement of service providers within the scope of order processing. Unless the EU Commission has decided on an adequate level of data protection in the country in question, we will ensure that your rights and freedoms are adequately protected and guaranteed in accordance with EU data protection regulations by means of appropriate agreements. We will be pleased to provide you with information on appropriate guarantees for the third country in question. Please contact our data protection officer for this purpose.
What rights do you have?
In accordance with Art. 15 DS-GVO, you have the right to request information about the personal data stored by us concerning you and to demand the correction of incorrect data concerning you (Art. 16 DS-GVO). You also have the right, pursuant to Art. 17 of the DS-GVO, to request the deletion of your data if the processing of your personal data is no longer necessary for the purposes for which it was collected or otherwise processed, if the data was processed unlawfully or if the deletion is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.
In addition, you can request the restriction of the processing (Art. 18 DS-GVO) of these data if the legal requirements are met. This is the case, for example, if the data is no longer needed for the actual processing purposes but you need it for the assertion, defence or exercise of legal claims. In addition, according to Art. 20 DS-GVO, there is a right to data transfer if the data processing is based on a consent or a contract, you have provided us with the data and the processing is carried out in an automated procedure.
If you wish to exercise any of the above rights, please contact our data protection officer.
If you believe that the processing of your personal data is unlawful, you have the right, in accordance with Art. 77 DS-GVO, to contact the supervisory authorities, e.g.
The Hessian Commissioner for Data Protection and Freedom of Information
PO box 3163
Phone: +49 611 1408 – 0
Fax: +49 611 1408 – 611
Do we use automated decision making or profiling?
We do not use automated decision-making procedures within the meaning of Art. 22 DS-GVO, including profiling.