In general, we collect your data directly from you.

However, it may also be necessary at times to process personal data that we receive from other companies, authorities or other third parties, such as credit agencies and fiscal authorities etc. This may include personal data that we receive through our established whistle-blower channels in relation to possible compliance violations or as part of compliance investigations.

Relevant personal data may include: personal details (e.g. first name / surname, address and other contact data, date and place of birth as well as nationality), verification and authentication data (e.g. companies house register excerpts, ID data, signature sample), data in the context of our business relationship (e.g. payment data, order information), credit data, data on company structures and ownership relationships, photo and video recordings (e.g. in the case of goods deliveries) and other data comparable with the aforementioned categories.

You always have the choice whether you want to communicate with us by e-mail or by post. For technical reasons, communication via e-mail may be unencrypted.

To fulfil contractual obligations (Art. 6 (1) (b) GDPR)
The purposes of the data processing result from the implementation of pre-contractual measures, which precede a contractually regulated business relationship and in the fulfilment of the obligations under contract.

To comply with a legal obligation (Art. 6(1)(c) GDPR)
The purposes of data processing arise in individual cases from legal requirements. These legal obligations include, for example, the fulfilment of record keeping and the identification of obligations, e.g. in the framework of money laundering regulations, tax control and reporting obligations and data processing in the case of enquiries from authorities.

To fulfil legitimate interests (Art. 6 (1)(f) GDPR)
It may be necessary to process your personal data beyond the actual performance of the contract. Our legitimate interests include: the selection of suitable business partners, assertion of legal claims, defence against liability claims, access controls, information on possible compliance violations, prevention of offences and the regulation of damages resulting from the business relationship.

When concluding a contract, we occasionally collect creditor data about your creditworthiness in order to fulfil the aforementioned legitimate interests. We use the data of credit agencies to verify creditworthiness. The credit agencies store data that you receive, for example, from banks or companies. This data includes: surname, first name, date of birth, address and information on payment behaviour. You can obtain information about the data that credit agencies have available about you directly from the respective credit agencies.

Within our company, different business areas are given access to the data provided as necessary to fulfil contractual or legal obligations or to fulfil legitimate interests. Within the framework of contractual relations, we also instruct contractors or service providers, who can obtain access to your personal data. Compliance with data protection regulations is guaranteed by relevant contractual obligations.

The data may also be sent to companies within the Schwarz Group, in order to fulfil contractual obligations.

The personal data will be kept for as long as is necessary to fulfil the above-mentioned purposes. Relevant are in particular the statutory retention obligations from the German Commercial Code (HGB), the Companies Act 2006, the Tax Management Act 1970, the VAT Act 1994 and the Limitations Act 1980. The maximum the data will be kept for is 12 years following the expiry of a business relationship.

In the context of our business relationship, you must provide the personal data necessary for entering, executing and terminating a business relationship and for fulfilling related legal obligations, or it is justified by legitimate interests for us to collect. Without this data, we will usually not be able to enter into a business relationship.

If we transmit personal data to recipients outside the European Economic Area (EEA), the transfer will only take place if the EU Commission has confirmed the third country to have an adequate level of data protection, an adequate level of data protection has been agreed with the data recipient (e.g. by means of EU standard contractual clauses), or if we have obtained your consent.

Upon request, you have the right to receive information about your personal data stored by us free of charge. In addition, you have the right of rectification and/or deletion of this personal data, a right to data transferability and a right to limitation of processing, in accordance with legal provisions. If our processing of your personal data takes place on the basis of your consent, you have the right at any time to revoke this consent. This revocation has prospective but not retrospective effect. If you wish to revoke your consent, please contact our Data Protection Officer in writing or by e-mail. In addition, if you do not agree to the processing of your personal data, you may complain to the relevant data protection supervisory authority.

The responsible controller is the respective company with which you are initiating or conducting a business relationship.