Privacy policy for the processing of personal data of business partners
Information on data processing pursuant to Articles 13 and 14 EU GDPR
1. The purpose of this data protection information is to describe how we process data in our firm.
Controller as defined in data protection law:
Managing partners
SKNvonGEYSO
Rechtsanwälte Steuerberater Wirtschaftsprüfer Partnerschaft mbB
Veritaskai 3, 21079 Hamburg
info@skn.partners
Telephone: +49 40 697989-0
Fax: +49 40 697989-110
Contact details of the external data protection officer:
Waterside DS GmbH
Rathausmarkt 5
20095 Hamburg
Represented by Ms Corinna Lovens, LL.M.
Telephone: +49 40 468 99 42-0
E-Mail: lovens@waterside-ds.de
2. Statement on legitimate interest according to the EU GDPR
When concluding a contract with suppliers, distributors and other business partners, the firm has a legitimate interest in collecting personal data for the purpose of initiating, concluding and executing the contract as well as in the context of the ongoing business relationship (Article 6 (1) (a) to (c) EU GDPR).
3. Data collected
The following data or categories of data are processed:
- Company name, last name, first name, title, salutation (gender)
- Address data (street, house number, postcode, place of residence, address suffix, if applicable)
- Contact details (including telephone number, e-mail address)
- Payment data (bank details, IBAN), means of payment (including direct debits)
- Payment behaviour data (e.g. dunning data)
- Credit assessment data
- Personal communications (e.g. correspondence, e-mails)
- Billing data
4. Recipients
Financial service providers (e.g. credit agencies, payment service providers, collection agencies), service providers, own lawyers and lawyers of claimants, courts, authorities (including tax offices)
Access to your data within the firm is granted to those offices that require it to fulfil our contractual and legal obligations. Service providers and vicarious agents used by us (e.g. technical service providers, shipping companies) may also receive data for these purposes. We restrict the transfer of your personal data to what is necessary, taking into account the requirements of data protection law. In some cases, the recipients receive your personal data as processors.[HD1] In such cases, we conclude data processing contracts with the external service providers pursuant to Article 28 (3) EU GDPR.
5. Data subjects
Suppliers, distributors and other business partners
6. Duration of storage
Your personal data will be processed and stored for as long as and to the extent necessary for the purposes stated in this policy. After these purposes have been fulfilled, the data is erased at regular intervals. Such data is not erased if further processing is required for a limited period to comply with statutory retention periods or for documentation and evidence purposes subject to the statutes of limitation.
7. Legal bases
The legal bases for data processing in our firm are
- Article 6 (1) Sentence 1 (b) EU GDPR for performance of the concluded contract
- Article 6 (1) Sentence 1 (c) EU GDPR for compliance with legal obligations to which we are subject
- Article 6 (1) Sentence 1 (f) EU GDPR, insofar as the data processing is necessary to protect our legitimate interests or those of a third party; in particular, the ongoing business relationship with our business partners is in our legitimate interest
- Article 6 (1) Sentence 1 (a) EU GDPR, insofar as you have given us your consent to process personal data relating to you for specific purposes
8. Third countries
Data is only transferred to third countries (countries outside the European Economic Area - EEA) if this is necessary for the performance of the contract concluded with you or if you have given us your consent or if this is otherwise permitted by law. In this case, we take measures to ensure your data is protected, for example, through contractual arrangements. We only transfer data to recipients who ensure that your data is protected in accordance with the provisions of the EU GDPR for transfers to third countries (Articles 44 to 49 GDPR).
9. Use of video conferencing tools
We often communicate with our business partners via common video conferencing tools (primarily "Teams" and "Zoom"), to whose privacy policies we refer under the links of the aforementioned tools. As a general rule, these video conferences are not recorded.
10. Rights of the data subject
You have the following rights as a data subject whose data we process:
- Right of access under Article 15 EU GDPR
- Right to rectification under Article 16 EU GDPR
- Right to erasure ("right to be forgotten") under Article 17 EU GDPR
- Right to restriction of processing under Article 18 EU GDPR
- Right to data portability in a structured, commonly used and machine-readable format under Article 20 EU GDPR
Insofar as we process your personal data for certain purposes on the basis of your consent, you have the right to withdraw your consent at any time under Article 7 (3) EU GDPR. Upon receipt of your withdrawal of consent we will cease processing data for the purposes for which you gave us your consent. The lawfulness of the processing prior to receipt of your withdrawal of consent remains unaffected.
Right to object: if we process your personal data to protect legitimate interests as defined in Article 6 (1) Sentence 1 (f) EU GDPR you have the right under Article 21 (1) GDPR to object to this processing on grounds relating to your particular situation. You may object at any time to processing for direct marketing purposes under Article 21 (2) EU GDPR without stating the reasons. In order to exercise your right to object, it is sufficient to send us an informal message (by e-mail to datenschutz@skn.partners stating which data processing you object to).
If you believe that the processing of personal data relating to you infringes the General Data Protection Regulation, you have the right to lodge a complaint with a supervisory authority under Article 77 (1) EU GDPR (in Germany, this usually is the Commissioner for Data Protection and Freedom of Information of the respective federal state). In particular, the objection may be lodged with the supervisory authority competent in the place of your habitual residence, your place of work or the place of the alleged infringement.
11. Legal status
This policy reflects the legal status as at 28 November 2022. We reserve the right to amend our privacy policy to incorporate changes in regulations or case law.