DATA PROTECTION INFORMATION

We take the protection of personal data very seriously and observe the rules under data protection law, in particular the General Data Protection Regulation of the EU (GDPR) and the Federal Data Protection Act (Bundesdatenschutzgesetz; BDSG). This in particular means that we only process personal data if a statutory rule permits this or if the data subject has consented to it.

In this data protection information, we explain to you what information (including personal data) is processed by us in connection with the business relationship existing between you and us.

WHO IS RESPONSIBLE FOR THE PROCESSING ACTIVITIES?

The controller under data protection law for processing of personal data is:
RHODIUS Mineralquellen und Getränke GmbH & Co. KG,
Brohltalstraße 2
D-56659
Burgbrohl
Phone: +49 (0) 26 36 - 920 100

Where this data protection information speaks of "we" or "us", this refers to the above company.

Our data protection officer at Proliance GmbH can be contacted by e-mail, addressed to datenschutzbeauftragter@datenschutzexperte.de.

WHAT DATA DO WE PROCESS?

Carrying out of our business relationships requires processing of data from our customers, suppliers and business partners. Where such data permit any conclusions concerning you as a natural person (e.g. if you as an individual merchant enter into any business relationship with us), these are personal data.

Master data

The process general data concerning your person and the business relationship existing with you, which we refer to as "master data" in general.

This in particular includes:

  • a) information that you have disclosed to us when founding the business relationship, or that we have requested from you or via your supplier (e.g. your name, address, email address, date of birth, nationality, VAT ID and other contact data)
  • b) the data that we have collected in connection with founding of the business relationship (such as in particular the details of the contracts concluded with you).

Progress data

We process personal data that arise in the course of the business relationship that may exceed the mere change of your master data and that we call "progress data".

This in particular includes:

  • a) Information concerning the services rendered or purchased by you based on the concluded contracts,
  • b) Information concerning the services rendered or purchased by us based on the concluded contracts, Information that you provide to us in the course of the business relationship - either actively or upon our request,
  • c) Personal data that we obtain from you or third parties in any other manner within the course of our business relationship.

FOR WHAT PURPOSE AND ON WHAT LEGAL BASIS DO WE PROCESS YOUR DATA?

  1. The master and progress data are processed to carry out the contracts existing with you or to carry out pre-contractual measures based on point (b) of Article 6(1), GDPR.
  2. We also may process master and progress data to meet legal obligations imposed on us; this is done on the basis of point (c) of Article 6(1), GDPR. These legal obligations specifically include the notifications required from us to the (tax) authorities.
  3. As far as necessary, we will process your data also to protect our legitimate interests or the interest of third parties, beyond carrying out of the contracts concluded with you and compliance with legal obligations; this is done based on point (f) of Article 6(1), GDPR.

Our legitimate interests include:

  • unique identification of customers and customer support,
  • valuation of creditworthiness and collateral,
  • compilation of settlements/credits,
  • establishment of legal claims and defences in legal disputes,
  • preventing and investigating criminal offence,
  • control and further development of our business activities, including risk control, etc.

As far as we give you the opportunity to give us consent to processing of personal data at the founding or in the course of the business relationship, we process the data covered by the consent for the purposes named in the consent; this is done based on point (c) of Article 6(1) GDP.

Please note that you give your consent towards us freely, and that neither the consent nor its later revocation will influence carrying out of the business relationship, but that refusal of consent or its later revocation may nevertheless lead to consequences that we inform you of before you give your consent, that you may withdraw any consent given to us at any time, effective for the future, e.g. by notifying us by mail, fax or email, via one of the contact methods named on the first page of this data protection information.

AM I OBLIGATED TO PROVIDE DATA?

Provision of the master data and progress data named in item II. is necessary for founding and carrying out of the business relationship between you and us, as far as we have not expressly stated anything to the contrary when collecting such data. If these data are not provided, we cannot found and carry out any business relationship with you.

WHO WILL OBTAIN MY DATA?

Our personal data are generally processed within our company. Depending on the type of personal data, only specific departments/organisation units will have access to your personal data. This in particular includes our field service and the office employees and - in case of data processed via the IT infrastructure - the IT department to a certain extent. We may also transmit your personal data to third parties outside of our company at the legally permitted scale. Such external recipients may in particular include The service providers charged by us who render services for us on a separate contractual basis, which may also comprise processing of personal data, as well as the subcontractors of our service provides that are charged with our consent, non-public and public bodies, as far as we are obligated to transfer your personal data due to legal obligations, as far as you have concluded any rent/lease contract, we may pass on the customer data to the building owner if there is any right to move into the object. This is done for the purpose of supporting and settling claims for a rent/lease.

We transmit personal data collected within the context of a contractual relationship concerning the application, carrying out and termination of a business relationship, as well as data concerning non-contractual or fraudulent behaviour from case to case to our lawyers or the credit insurances and cash collection companies listed in annex 1. The legal basis of such data transfers are point (b) of article 6(1) and point (f) of Article 6(1) of the General Data Protection Regulation (GDPR). Transfers based on point (f) of Article 6(1) GDPR, as far as these are necessary to protect legitimate interests of our company or third parties and the interests or fundamental rights and fundamental freedoms of the data subjects that require protection of personal data are not overriding. Data exchange with the companies named above also serves to comply with statutory obligations to carry out creditworthiness checks for clients (§ 505a and 506 of the German Civil Code). These companies process the data obtained and will also use them for the purpose of profile creation (scoring) in order to provide their contracting partners in the European Economic Area and in Switzerland, as well as any third countries (as far as there is an appropriateness resolution for them from the European Commission) with information, inter alia, to evaluate the creditworthiness of natural persons.

We use Salesforce Sales Cloud to manage customer data. The provider is salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich (hereinafter "Salesforce"). Salesforce Sales Cloud is a CRM system and enables us, among other things, to manage existing and potential customers as well as customer contacts and to organise sales and communication processes. The use of the CRM system also enables us to analyse our customer-related processes. Customer data is stored on Salesforce servers. In the process, personal data may also be transmitted to the parent company of salesforce.com Germany GmbH, salesforce.com inc., Salesforce Tower, 415 Mission Street, San Francisco, CA 94105, USA. Details of the Salesforce Sales Cloud functions can be found here: https://www.salesforce.com/de/products/sales-cloud/overview/. The use of Salesforce Sales Cloud is based on Art. 6 para. 1 lit. f DSGVO or Art. 6 para. 1 lit. b) DSGVO. There is a legitimate interest in the most efficient customer management and customer communication possible, and this is also necessary for the performance of the contract. Salesforce has Binding Corporate Rules (BCR) that have been approved by the French data protection authority. These are binding corporate rules that legitimise corporate data transfers to third countries outside the EU and EEA. Details can be found here: https://www.salesforce.com/de/blog/2020/07/die-binding-corporate-rules-von-salesforce-erfuellen-hoechste-da.html. For details, see Salesforce's privacy policy: https://www.salesforce.com/de/company/privacy/.

IS AUTOMATED DECISION-MAKING USED?

At founding or during the course of the business relationship, we generally do not use any automated decision-making (including profiling) within the meaning of Article 22 GDPR. As far as we use such procedures in individual cases, we will inform you separately about this at the legally intended extent.

HOW LONG ARE MY DATA STORED FOR?

We will generally only store your personal data while we have a legitimate interest in storage and your interests in not continuing storage are not overriding.

Even without a legitimate interest, we may continue to store the data if we are obligated to do so by law (e.g. to meet storage obligations). We shall also erase your personal data without any action from you as soon as their knowledge is no longer necessary for compliance with the purpose of processing or if storage is legally prohibited for any other reasons.

As a rule, the master data and any further personal data arising in the course of the business relationship are stored at least until the end of the business relationship. The data shall be erased at the latest at the time at which their target is achieved. This may also occur after completion of the business relationship. Such personal data that we must store to meet the storage obligations shall be stored until the end of the respective storage obligation. As far as we store personal data only to meet storage obligations, these will be accessed only if access is necessary in light of the purpose of the storage obligation.

WHAT RIGHTS DO I HAVE?

As a data subject, you have the right to:

  • access the personal data stored concerning you, Article 15 GDPR,
  • rectification of inaccurate or incomplete data, Article 16 GDPR,
  • erasure of personal data, Article 17 GDPR,
  • restriction of processing, Article 18 GDPR,
  • data portability, Article 20 GDPR,
  • object to processing of the personal data concerning you, Article 21 GDPR.

You may contact us to exercise these rights at any time - e.g. using one of the contact methods indicated at the beginning of this data protection information.

If there are any questions concerning processing of your data, you may also contact our data protection officer.

You also have the right to lodge a complaint with a competent supervisory authority for data protection, Article 77 GDPR.

ATTACHMENT 1

  • Atradius Kreditversicherung
    Opladener Straße 14
    50679 Köln, Deutschland
  • Euler Hermes Deutschland
    Friedensallee 254
    22763 Hamburg, Deutschland
  • Euler Hermes Aktiengesellschaft
    Postfach 50 03 99
    22746 Hamburg, Deutschland
  • Atradius Kreditprüfung
    Opladener Straße 13
    50678 Köln, Deutschland
  • Bisnode Deutschland GmbH
    Robert-Bosch-Straße 11
    64293 Darmstadt, Deutschland
  • Atradius Collections B.V.
    Opladener Straße 14
    50679 Köln, Deutschland
  • Atradius Collections B.V. SP. ZO.O.
    UL. Prosta 70
    00-838 Warszawa, Polen
  • Atradius Collections B.V.
    Van Reeuwijkstraat 44
    7731 Eh Ommen, Niederlande
  • Atradius Collections SL
    Raimundo Fernández
    Villaverde 57
    28003 Madrid, Spanien
  • Intrum Justicia GmbH
    Pallaswiesenstraße 180 – 182
    64293 Darmstadt, Deutschland
  • Creditreform Bonn Domschke & Rossen KG
    Graurheindorfer Straße 92
    53117 Bonn, Deutschland
  • debkonplus Inkasso GmbH
    Hanns-Martin-Schleyer-Str. 34
    47877 Willich, Deutschland
  • AKZEPTA Inkasso GmbH
    Jahnstraße 31
    83278 Traunstein, Deutschland
  • SCHUFA Holding AG
    Kormoranweg 5
    65210 Wiesbaden, Deutschland