(Information on data protection Art. 13,14 GDPR)
We take the protection of your personal data very seriously and treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.
1. Person in charge
Gurtec GmbH
Represented by the Managing Director
Gurtecstraße 3
38170 Schöppenstedt
+49 5332 9309-0
E-Mail:info@gurtec.com
2. Data security engineer
Dr. Hufenbach & Partner GmbH & Co. KG
Düstere-Eichen-Weg 50
37073 Göttingen
Phone: 0551-383310
E-mail: datenschutz@gurtec.com
3. Processing:
3.1 Data protection in the context of the implementation of pre-contractual measures or for the performance of a contract
3.1.1. Type of data
Relevant personal data that we process are:
- Personal master data (name, address and other contact details)
- Communication data (e.g. telephone, e-mail)
- Contract master data (contractual relationship, product or contract interest)
- Customer history
- Contract billing and payment data
- Planning and control data
- Information (from third parties, e.g. credit agencies, or from public directories)
- Log data, to ensure security or IT systems
3.1.2. Purposes and legal basis of the processing
We process your data for the purpose of processing an enquiry or a contractual relationship (provision of supplies and services)
The processing of your personal data is carried out:
- on the basis of consent (Art. 6 para. 1a GDPR)
- for the performance of a contract or for the implementation of pre-contractual measures taken at the request of the data subject (Art. 6 para. 1b GDPR)
- to comply with a legal obligation to which the controller is subject (Art. 6 para. 1c GDPR),
- vital interests of the person concerned or of any other natural (Art. 6 para. d GDPR)
- for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (Art. 6 para. 1e GDPR)
- to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject prevail, in particular if the data subject is a child (Art. 6 para. 1f GDPR), these
- legitimate interests are competitiveness / market economy.
3.1.3. Sources
We only process personal data that we receive directly from you or another person (e.g. a colleague/family member) in the context of your enquiry or a contractual relationship. In the case of the processing of personal data originating from a third party, we will identify the source accordingly.
In addition, if necessary, we process personal data that we lawfully receive from third parties (e.g. courts, authorities, offices or insurance companies).
3.1.4. Recipients of personal data
As part of the processing, your data will be transmitted to:
| Scope of the GDPR | Third country (which one?) | |
| Within the company to the relevant specialist departments within the framework of the business relationship (e.g. your inquiry/order) | ☒ | ☒ EMENA |
| Within the Group | ☐ | ☒ Australia |
| Positions outside the company: | ||
| to customers | ☒ | ☐ |
| To distributors | ☒ | ☒ Africa & Middle East |
| to suppliers | ☒ | ☐ |
| to authorities | ☒ | ☐ |
| to banks | ☒ | ☐ |
| to service providers, e.g. service data centre, remote maintenance, call centre, help desk | ☒ | ☐ |
| to marketing agencies | ☒ | ☐ |
| to collection agency | ☒ | ☐ |
| to social security institutions | ☒ | ☐ |
| to health insurance company | ☒ | ☐ |
| to tax advisors | ☒ | ☐ |
| to Attorney at Law | ☒ | ☐ |
If data is transferred outside the scope of the GDPR, the transfer is permissible under a condition of the (Art. 49 para. 1 and para. 2 EU GDPR):
– Informed consent available
– Contract/pre-contractual order by the data subject
– In the interest of the person concerned
– Public interest exists
– for making money, exercising, defending legal claims
3.2 Data protection in the context of marketing incl. newsletter
3.2.1 Type of data
Relevant personal data that we process are:
- Personal master data (name, address and other contact details)
- Communication data (e.g. telephone, e-mail)
- Contract master data (contractual relationship, product or contract interest)
- Customer history
- Contract billing and payment data
- Planning and control data
- Information (from third parties, e.g. credit agencies, or from public directories)
- Log data, to ensure security or IT systems
3.2.2 Purposes and legal basis of the processing
We process your data in the context of existing customer relationships if we want to inform you about similar goods or services or if we have obtained your consent to do so.
The processing of your personal data is carried out:
– On the basis of § 7 para. 3 UWG
– on the basis of consent (Art. 6 para. 1a EU GDPR)
– for the performance of a contract or for the implementation of pre-contractual measures that are taken at the request of the data subject (Art. 6 para. 1b EU GDPR)
– to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject prevail, in particular if the data subject is a child (Art. 6 para. 1f EU GDPR), these legitimate interests are
3.2.2) Sources
We only process personal data that we receive directly from you in the context of marketing purposes, your inquiry or a contractual relationship. In the case of the processing of personal data originating from a third party, we will identify the source accordingly.
3.2.3 Recipients of personal data
As part of the processing, your data will be transmitted to:
| Scope of the GDPR | Third country (which one?) | |
| Within the company to the relevant specialist departments within the framework of the business relationship (e.g. your inquiry/order) | ☒ | ☒ EMENA |
| Within the Group | ☐ | ☒ Australia |
| Positions outside the company: | ||
| to service providers, e.g. service data centre, remote maintenance, call centre, help desk | ☒ | ☐ |
| to marketing agencies | ☒ | ☐ |
| To distributors | ☒ | ☒ Africa & Middle East |
If data is transferred outside the scope of the GDPR, the transfer is permissible under a condition of the (Art. 49 para. 1 and para. 2 EU GDPR):
- Informed consent available
- Contract/pre-contractual order by the data subject
- In the interest of the person concerned
- Public interest exists
- for making money, exercising, defending legal claims
- vital interests of the person concerned
- Register for public information
3.2.4 Storage
The data is stored for at least the duration of the business relationship (e.g. Your request / for the duration of the contractual relationship). In most cases, we are bound by the legally prescribed retention periods. After this maximum storage period has expired, your data will be deleted unless there is another important reason to the contrary.
3.3 Data protection in the context of correspondence
We would like to point out that data transmission can have security gaps when communicating by e-mail and that transmission is usually unencrypted. If you do not wish this, appropriate encryption methods must be used.
3.3.1 Type of data
Relevant personal data that we process are:
- Personal master data (name, address and other contact details)
- Communication data (e.g. telephone, e-mail)
- Contract master data (contractual relationship, product or contract interest)
- Customer history
- Contract billing and payment data
- Planning and control data
- Information (from third parties, e.g. credit agencies, or from public directories)
- Log data, to ensure security or IT systems
3.3.2) Purposes and legal basis of the processing
We process your data within the framework of the legal basis resulting from the correspondence. This can be, for example, an inquiry, an order, a project reference, an application or similar.
The processing of your personal data is carried out:
- on the basis of consent (Art. 6 para. 1a EU GDPR)
- for the performance of a contract or for the implementation of pre-contractual measures that are taken at the request of the data subject (Art. 6 para. 1b EU GDPR)
- to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject prevail, in particular if the data subject is a child (Art. 6 para. 1f EU GDPR), these legitimate interests are
3.3.3) Sources
We only process personal data that we receive in the course of correspondence.
3.3.4) Recipients of personal data
As part of the processing, your data will be transmitted to:
| Scope of the GDPR | Third country (which one?) | |
| Within the company to the relevant specialist departments within the framework of the business relationship (e.g. your inquiry/order) | ☒ | ☒ EMENA |
| Within the Group | ☐ | ☒ Australia |
| Positions outside the company: | ||
| to service providers, e.g. service data centre, remote maintenance, call centre, help desk | ☒ | ☐ |
| to marketing agencies | ☒ | ☐ |
| To distributors | ☒ | ☒ Africa & Middle East |
If data is transferred outside the scope of the GDPR, the transfer is permissible under a condition of the (Art. 49 para. 1 and para. 2 EU GDPR):
- Informed consent available
- Contract/pre-contractual order by the data subject
- In the interest of the person concerned
3.3.5) Storage
The storage is at least for the processing time (e.g. Your request / for the duration of the contractual relationship). In most cases, we are bound by the legally prescribed retention periods. After this maximum storage period has expired, your data will be deleted unless there is another important reason to the contrary.
We store application data exclusively as part of the application process and do not use it for any purpose other than to process your application. If your application is successful, the data will become part of the personnel file from the time of hiring, otherwise we will keep it for reasons of the AGG (§ 15 para. 2) and then destroy or delete it.
1) Rights of Data Subjects
You have the right to information about the personal data concerning you as well as to correct, delete or restrict processing. Furthermore, you have the right to object to the processing and the right to data portability.
If you object, we will no longer process your personal data unless we can demonstrate compelling grounds for the processing that outweigh your interests, rights and freedoms or if the processing serves to assert, exercise or defend legal claims.
The objection must be sent in writing to the above address of the Data Controller.
2) Withdrawal of consent
If you have given us consent to the processing of personal data for certain purposes, the lawfulness of this processing is given on the basis of your consent. You have the right to withdraw your consent at any time, without affecting the lawfulness of the processing carried out on the basis of your consent before its withdrawal.
3) Right of appeal
You have the right to lodge a complaint with the competent supervisory authority. The supervisory authority responsible for us is the State Commissioner for Data Protection of Lower Saxony, Prinzenstraße 5, 30159 Hannover, phone 0511/120-4500
4) Reasons for deployment
As part of our business relationship, you only need to provide us with the personal data that is necessary for the processing of the legal transaction. In the event of non-provision, a business relationship is not possible.
5) Other
There is no automated decision-making. Likewise, we do not process your data with the aim of evaluating certain personal aspects (profiling).
Last update: 27.09.2024
