ACTEGA Metal Print Transparency
Data protection information pursuant to Articles 13, 14, 21 and 77 GDPR
The aim of this document is to provide you with information on how we process your personal data and to notify you of your statutory rights with regard to data protection.
This information will be updated as required and published on this site, where you will also find data protection information for visitors to our website.
1. Who is responsible for data protection ('Data controller') and whom can you contact?
Our contact details:
ACTEGA Metal Print GmbH
Tel +49 5132 5009-488
The contact details of our data protection officer are as follows:
ACTEGA Terra GmbH / ACTEGA Metal Print GmbH
Data Protection Officer
Tel +49 5132 5009-427
2. What sources do we use?
We process personal data that we receive as part of our business relationships with customers and suppliers.
In addition, we process personal data that we obtain by legitimate means from public sources (e.g. commercial register, press, the Internet) or that is legitimately transmitted to us by other ALTANA companies or other third parties (e.g. credit agencies), to the extent that is necessary for us to provide our services.
3. What data do we process?
We process the following data:
- Master data regarding the business relationship (contact person's name, business address and contact details)
- Correspondence (e.g. letters and e-mails)
- Advertising and sales data
4. On what lawful basis and for what purpose do we process personal data?
We process personal data in compliance with the provisions of the General Data Protection Regulation (GDPR) of the European Union and the German Federal Data Protection Act (DPA):
4.1 In performance of contractual obligations (Article 6 para. 1 (b) GDPR)
Data are processed in order to perform contracted services or to carry out pre-contract measures in the procurement or sales process. The purposes depend primarily on the specific product or service concerned.
4.2 In the context of legitimate interests (Article 6 para. 1 (f) GDPR)
We process personal data where required for the performance of the contract to protect our legitimate interests or those of third parties. Examples:
- Consultation of and exchange of information with credit agencies (e.g. SCHUFA) to determine credit and default risks
- Advertising or market research or opinion polls, unless you have objected to the use of your data
- Assertion of legal claims and defense in the context of legal disputes
- Guaranteeing the IT security and IT operation of the company
- Preventing and enlightenment of criminal acts
- Video surveillance to ensure adherence to site rules and to prevent actual damage and criminal activities
- Measures to enforce the security of buildings and plant (e.g. access controls)
- Transfer within the group of companies taking into account recital 48 of the EU-GDPR
4.3 With your consent (Article 6 para. 1 (a) GDPR)
If you have consented to us processing your per-sonal data for specific purposes (e.g. newsletter), your consent forms the lawful basis for this pro-cessing. Consent may be withdrawn at any time. When consent is withdrawn this does not affect the lawful basis for the processing of data up to the point at which consent is withdrawn.
4.4 For compliance with a legal obligation (Article 6 para. 1 (c) GDPR)
We are subject or various legal obligations (e.g. tax and customs duty legislation). These involve the transmission of personal data to responsible authorities and offices (e.g. tax office, employer’s liability insurance association, financial institutions and trust companies).
The purposes of processing include age and identity verification, screening against anti-terror lists, compliance with tax-law monitoring and reporting obligations and the evaluation and management of risks.
5. Whom do we give your personal data?
Your personal data will only be transmitted where there is a lawful basis for this.
Within the company, only people who require the information to perform our contractual and statutory obligations will be given access to your personal data. In addition, the following may receive your data:
- Procecssors engaged by us (Processors under Article 28 GDPR), in particular in the area of IT services, sales, logistics and printing services, to process your data on our behalf in accordance with our instructions
- Public authorities and institutions (e.g. tax office, customs authorities, employer’s liability insurance association), provided there is a statutory or official obligation
- Other processors for which you have given us your consent (e.g. in the context of research projects)
- Transfer within the group of companies taking into account recital 48 of the EU-GDPR
6. Will data be sent to a third country or an international organisation?
Data will be transferred to processors in third countries (countries outside the European Economic Area) if
- it is necessary to do so to fulfill your orders (e.g. cooperation with our production facilities in third countries),
- it is required by law (e.g. tax reporting obligations),
- you have given us your consent or
- this is permitted by balancing of interests and taking into account consideration reason 48 of the EU GDPR within affiliated companies.
Other than this we will not send any personal data to processors in third countries or international organizations. However, for certain tasks we do use service providers that may be resident, have a parent company or maintain data centers in a third country. Such transfer is permitted when the European Commission has decided that the third country has an adequate level of protection (Article 45 GDPR). If the Commission has not reached such a decision, we may only transfer personal data to a service provider in a third country if suitable contractual guarantees have been agreed and there are enforceable laws and effective legal remedies.
7. How long will we keep personal data?
We process and store your personal data for as long as is required to perform our contractual and statutory obligations.
When data are no longer needed for the perfor-mance of contractual or statutory obligations, these are regularly deleted unless they must be retained for fixed-term further processing for the following purposes:
- Compliance with retention periods under commercial law and tax law, e.g. arising from the German Commercial Code (HGB) or Tax Code (AO). The retention periods specified there range from two to ten years.
- In observance of limitation periods pursuant to Sections 195 et seq. of the German Civil Code (BGB). These limitation periods may be up to 30 years.
8. What are my data protection rights?
You have the right to
- Information (Article 15 GDPR)
- Rectification (Article 16 GDPR)
- Erasure (Article 17 GDPR)
- Restriction of processing (Article 18 GDPR)
- Data portability (Article 20 GDPR)
- Object (Article 21 GDPR)
The restrictions pursuant to Sections 34 and 35 DPA apply to the rights to information and to erasure.
You also have the right to complain to a responsible data protection supervisory authority (Article 77 GDPR).
9. Are you obliged to provide data?
In the context of our business relationship, you must provide the personal data that are required in order to start and carry out the business relationship and to perform the associated contractual obligations, or that we are legally obliged to collect.
10. To what extent is decision-making automated?
We do not use any fully automated decision-making (scoring) processes pursuant to Article 22 GDPR to commence and carry out a business relationship.
11. Are your data used for profiling?
Pursuant to Article 4 (4) GDPR, ‘profiling’ means any form of automated processing of personal data to evaluate, analyze or predict certain personal as-pects relating to a natural person (e.g. performance at work, economic situation, personal preferences or interests, reliability, behavior or movements).
We do not use profiling.
12. Information on your right to object pursuant to Article 21 of the General Data Protection Regulation (GDPR)
12.1 Right to object to processing for the purpose of legitimate interest
For reasons arising from your particular situation, you have the right to object at any time to the pro-cessing of your personal data that is done pursuant to Article 6 para. 1 (f) GDPR (processing necessary for the purposes of legitimate interests). This also applies to profiling pursuant to Article 4 (4) GDPR based on this provision.
If you object, we will cease processing of your per-sonal data unless we are able to demonstrate legitimate reasons for processing that override your interests, rights and freedoms, or unless the processing is for the purpose of enforcing, exercising or defending legal claims.
12.2 Right to object to the processing of data for the purposes of direct advertising
We may also process your data in the context of the statutory provisions for the purpose of direct advertising. You have the right to object at any time to the processing of your personal data for the purposes of such advertising. This also applies to profiling where this is connected to such direct advertising.
If you object to the processing for the purposes of direct advertising we will no longer process your personal data for this purpose.
12.3 Address for lodging objections
You may lodge your objection in any form.
Our contact details can be found in section 1.
13. Coronavirus pandemic
Visitor Privacy Notice as part of the ALTANA Privacy Notice:
- We process your personal data on the basis of voluntary consent in accordance with Art. 6 para. 1 sentence a DSGVO.
- You can object to the processing at any time for the future.
- The processing is carried out for the purpose of protecting the health of our employees and results from our duty of care as an employer.
- A further purpose is to protect the company from the economic impact of an infection of employees by third parties.
- We will delete the personal data collected from you after the end of the coronavirus pandemic, but no later than six months after collection.