// Privacy Notices pursuant to the EU General Data Protection Regulation for Business Partners and their Contacts

As part of informing about our business development and the initiating and conducting of business relations, we process the following data categories of our business partners and their contacts in particular. We obtain this data directly from these partners or from other parties within the scope permissible (e.g. for the performance of contracts or based on consent granted). Furthermore, data that we have obtained from sources in the public domain (e.g. commercial registers, press, Internet) within the scope permissible is also processed: 

Interested parties, investors, other business partners:

• Personal/contact data (e.g. first name, surname, if applicable, company name, address, (mobile) telephone number, telefax, email)
• Communication data in connection with correspondence (emails, letters)

Customers, suppliers, service providers

• Personal/contact data (e.g. first name, surname, if applicable, company name, (mobile) telephone number, telefax, email)
• Contractual and billing data (e.g. bank details, goods ordered, date of invoice)
• Communication data in connection with correspondence (emails, letters)
• Legitimation data (e.g. identification documents), authentication data (e.g. signature samples), Schufa (credit rating agency) score

Data is processed by AMINO GmbH for the purpose of performing the tasks of the company pursuant to the provisions defined under the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG) as well as all other pertinent laws (e.g. German Commercial Code – HGB), German Fiscal Code (Abgabenordnung – AO) etc.).

a.    For the performance of a contract or for pre-contractual measures (Art. 6 (1b)) GDPR)

Personal data are processed for the purpose of performing contracts with our customers, suppliers and service providers. This also includes the performance of pre-contractual measures upon request by the business partner.

b.    In the context of the balancing of interests (Art. 6 (1 f)) GDPR)

If necessary, we process your data beyond the actual performance of the contract with a view to safeguarding the justifiable interests of ourselves or of third parties. Examples:

• Assertion of legal claims and defense in litigation
• For internal administration purposes
• For ensuring IT security and IT operations
• For the prevention of crime
• For the protection of property, anti-theft system (video)
• For access control
• For the reviewing and optimization of processes for analyzing requirements and for addressing the customer directly
• For advertising purposes and marketing/opinion research provided that you have not objected to the use of your data
• Implementation of events
   

c.    On the basis of consent (Art. 6 (1 a)) GDPR)

If you have given us your consent to the processing of personal data for certain purposes, this processing complies with the requirement of lawfulness. Consent once granted can be revoked at any time with effect for the future. This also applies to the revocation of declarations of consent that we were granted before the GDPR took effect, i.e. before May 25, 2018. Please note that any revocation applies just to the future. Processing that took place before the revocation remains unaffected.

d.    Based on statutory requirements (Art. 6 (1 c)) GDPR) or in the public interest (Art. 6 (1 e)) GDPR)

Moreover, we are subject to various legal obligations, i.e. statutory requirements, e.g. tax regulations.

The departments in our company that require your data for the purpose of fulfilling our contractual and legal obligations and for the aforementioned purposes are provided with your data. Service providers and agents used by us may be given data for this purpose.

Data is only relayed outside the company if this is required by statutory provisions or if you have given your consent.

In turn, all recipients are themselves obligated to comply with data protection.

Assuming these preconditions, recipients of personal data may be the following:

Public bodies and institutions (e.g. tax authorities) on the grounds of a statutory or official obligation

Processors to whom we relay personal data for the purpose of conducting the business relationship with you (e.g. support/maintenance of IT systems, data destruction, payments, bookkeeping)

Units with regard to which you have given us your consent for data transfer

No data is transferred to recipients in countries outside the EU or the EEA (so-called non-Member States). If, in the individual case, data is to be transferred to non-Member States, this is either necessary for performing a contract, takes place in the context of processing a contract, is mandatory under the law or is based on consent that you have granted to us. If service providers in a non-Member State are used, an appropriate level of data protection is guaranteed.

Moreover, we are subject to various legal obligations, i.e. statutory requirements, e.g. tax regulations.

We process and store your personal data only as long as it is required for the fulfillment of the purposes cited under Item 3. It should be noted here that many of our business relationships are long term. If the data is no longer required for the performance of contractual or statutory obligations, it will regularly be erased unless this data is necessary for further temporary processing for the following purposes:

• Compliance with retention periods under commercial and fiscal law, e.g. German Commercial Code or Fiscal Code that define the periods of retention as two to ten years.
• Preservation of proof in the context of the statute of limitations (e.g. Sections 195 et seq. German Civil Code (BGB)).

All persons affected (data subjects) have the right to information pursuant to Art. 15 GDPR, the right to rectification pursuant to Art. 16 GDPR, the right to erasure pursuant to Art. 17 GDPR, the right to restriction on the processing pursuant to Art. 18 GDPR, the right to objection based on Art. 21 GDPR and the right to data portability pursuant to Art. 20 GDPR. The restrictions under Sections 34 and 35 of the German Federal Data Protection Act apply to the right to information and the right to erasure. Moreover, there is a right to lodge a complaint with the competent data protection supervisory authority (Art. 77 GDPR in conjunction with Section 19 of the German Federal Data Protection Act).

You can revoke any consent granted for the processing of personal data at any time. This also applies to the revocation of declarations of consent that we were granted before the GDPR took effect, i.e. before May 25, 2018. Please note that any revocation applies just to the future. Processing that took place before the revocation remains unaffected. 

Within the scope of our business relationship, you must provide personal data required for the initiation and conducting of a business relationship and compliance with the associated contractual obligations, or data which we are required to collect under the law.

No use is made of automatic decision-making or profiling.

• Case-by-case right to object

You have the right to object at any time for reasons arising from your particular situation against the processing of your personal data that is carried out based on Art. 6 (1 e) GDPR (data processing in the public interest) and Art. 6 (1 f) GDPR (data processing on the basis of balancing of interests). If you lodge an objection, we will no longer process your personal data unless we can provide proof of compelling legitimate grounds for processing that override your interests, rights and freedoms, or if the processing serves the purpose of the establishment, exercise or defense of legal claims.

• Right to object against the processing of data for advertising purposes

In specific cases we process your personal data for the purpose of direct marketing. You have the right to object at any time against the processing of your personal data for the purpose of this kind of advertising. If you object to the processing for the purpose of direct advertising we will no longer process your personal data for these purposes. The objection that can be sent via email to datenschutz(at)amino.de does not have to follow any specific form.