Legal notices —

Data protection for business partners

SKNvonGEYSO Rechtsanwälte Steuerberater Wirtschaftsprüfer Partnerschaft mbB

Privacy policy for the processing of personal data of business partners

Information on data processing pursuant to Articles 13 and 14 EU GDPR

1. The purpose of this data protection information is to describe how we process data in our firm.

Controller as defined in data protection law:

Managing partners
Rechtsanwälte Steuerberater Wirtschaftsprüfer Partnerschaft mbB
Veritaskai 3, 21079 Hamburg
Telephone: +49 40 697989-0
Fax: +49 40 697989-110

Contact details of the external data protection officer:

Waterside DS GmbH
Rathausmarkt 5
20095 Hamburg
Represented by Ms Corinna Lovens, LL.M.
Telephone: +49 40 468 99 42-0

2. Statement on legitimate interest according to the EU GDPR

When concluding a contract with suppliers, distributors and other business partners, the firm has a legitimate interest in collecting personal data for the purpose of initiating, concluding and executing the contract as well as in the context of the ongoing business relationship (Article 6 (1) (a) to (c) EU GDPR).

3. Data collected

The following data or categories of data are processed:

  • Company name, last name, first name, title, salutation (gender)
  • Address data (street, house number, postcode, place of residence, address suffix, if applicable)
  • Contact details (including telephone number, e-mail address)
  • Payment data (bank details, IBAN), means of payment (including direct debits)
  • Payment behaviour data (e.g. dunning data)
  • Credit assessment data
  • Personal communications (e.g. correspondence, e-mails)
  • Billing data

4. Recipients

Financial service providers (e.g. credit agencies, payment service providers, collection agencies), service providers, own lawyers and lawyers of claimants, courts, authorities (including tax offices)

Access to your data within the firm is granted to those offices that require it to fulfil our contractual and legal obligations. Service providers and vicarious agents used by us (e.g. technical service providers, shipping companies) may also receive data for these purposes. We restrict the transfer of your personal data to what is necessary, taking into account the requirements of data protection law. In some cases, the recipients receive your personal data as processors.[HD1]  In such cases, we conclude data processing contracts with the external service providers pursuant to Article 28 (3) EU GDPR.

5. Data subjects

Suppliers, distributors and other business partners

6. Duration of storage

Your personal data will be processed and stored for as long as and to the extent necessary for the purposes stated in this policy. After these purposes have been fulfilled, the data is erased at regular intervals. Such data is not erased if further processing is required for a limited period to comply with statutory retention periods or for documentation and evidence purposes subject to the statutes of limitation.

7. Legal bases

The legal bases for data processing in our firm are

  • Article 6 (1) Sentence 1 (b) EU GDPR for performance of the concluded contract
  • Article 6 (1) Sentence 1 (c) EU GDPR for compliance with legal obligations to which we are subject
  • Article 6 (1) Sentence 1 (f) EU GDPR, insofar as the data processing is necessary to protect our legitimate interests or those of a third party; in particular, the ongoing business relationship with our business partners is in our legitimate interest
  • Article 6 (1) Sentence 1 (a) EU GDPR, insofar as you have given us your consent to process  personal data relating to you for specific purposes

8. Third countries

Data is only transferred to third countries (countries outside the European Economic Area - EEA) if this is necessary for the performance of the contract concluded with you or if you have given us your consent or if this is otherwise permitted by law. In this case, we take measures to ensure your data is protected, for example, through contractual arrangements. We only transfer data to recipients who ensure that your data is protected in accordance with the provisions of the EU GDPR for transfers to third countries (Articles 44 to 49 GDPR).

9. Use of video conferencing tools

We often communicate with our business partners via common video conferencing tools (primarily "Teams" and "Zoom"), to whose privacy policies we refer under the links of the aforementioned tools. As a general rule, these video conferences are not recorded.

10. Rights of the data subject

You have the following rights as a data subject whose data we process:

  • Right of access under Article 15 EU GDPR
  • Right to rectification under Article 16 EU GDPR
  • Right to erasure ("right to be forgotten") under Article 17 EU GDPR
  • Right to restriction of processing under Article 18 EU GDPR
  • Right to data portability in a structured, commonly used and machine-readable format under Article 20 EU GDPR

Insofar as we process your personal data for certain purposes on the basis of your consent, you have the right to withdraw your consent at any time under Article 7 (3) EU GDPR. Upon receipt of your withdrawal of consent we will cease processing data for the purposes for which you gave us your consent. The lawfulness of the processing prior to receipt of your withdrawal of consent remains unaffected.

Right to object: if we process your personal data to protect legitimate interests as defined in Article 6 (1) Sentence 1 (f) EU GDPR you have the right under Article 21 (1) GDPR to object to this processing on grounds relating to your particular situation. You may object at any time to processing for direct marketing purposes under Article 21 (2) EU GDPR without stating the reasons. In order to exercise your right to object, it is sufficient to send us an informal message (by e-mail to stating which data processing you object to).

If you believe that the processing of personal data relating to you infringes the General Data Protection Regulation, you have the right to lodge a complaint with a supervisory authority under Article 77 (1) EU GDPR (in Germany, this usually is the Commissioner for Data Protection and Freedom of Information of the respective federal state). In particular, the objection may be lodged with the supervisory authority competent in the place of your habitual residence, your place of work or the place of the alleged infringement.

11. Legal status

This policy reflects the legal status as at 28 November 2022. We reserve the right to amend our privacy policy to incorporate changes in regulations or case law.

Enter your search term
Please wait...
No results

Unfortunately, your search did not return any results. Please try again with a different entry.

Our tip:

Use as few search terms as possible and avoid incorrect spelling.