Privacy Policy - Supplier (pursuant to Articles 13, 14 and 21 of the General Data Protection Regulation GDPR)

Welcome to Schöler GmbH!

Thank you for your interest in our Internet presence and our company.

We attach great importance to the protection of your data and the safeguarding of your privacy. In order to ensure that you have full knowledge of the collection and use of personal data on our web pages, please refer to the following information.

1. Who is responsible for data processing and who can you contact about it?

Schöler GmbH
Frankfurter Str. 4-6
D-23689 Pansdorf

Telephone: +49 4504 601-0
E-Mail: data_protection@schoeler.de

2. Contact details of the data protection officer

MSO Consulting
Daniel Voigtländer
Zeisigweg 11
D-71397 Nellmersbach

Telephone: +49 7195 9772959
E-Mail: daniel.voigtlaender@mso.de

3. Processing purpose and legal basis

Your personal data will be processed in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act BDSG and other relevant data protection regulations. The processing and use of the individual data depends on the agreed or requested service. In our contract documents, forms, consent statements and other information provided to you (for example, on the website or in the Terms and Conditions), you can find further details and additions to the processing purpose.

3.1 Consent (Article 6 (1) (a) GDPR)

If you have given us consent to the processing of personal data, the respective consent is the legal basis for the processing mentioned therein. You can revoke your consent at any time with effect for the future.

3.2 Performance of contractual obligations (Article 6 (1) (b) GDPR)

We process your personal data to carry out our contracts with you, i.e.  especially for (possibly specify). Furthermore, your personal data will be processed for the implementation of measures and activities in the context of pre-contractual relationships.

3.3 Fulfillment of legal obligations (Article 6 (1) c GDPR)

We process your personal data when necessary to fulfill legal obligations (such as commercial -, tax laws).
Identity and age checks, prevention of fraud and money laundering, the prevention, combating and clarification of terrorist financing and offending criminal offenses, comparison with European and international anti-terrorist lists, the fulfillment of tax control and reporting obligations as well as the archiving of data for data protection and data security purposes and the examination by tax and other authorities. In addition, the disclosure of personal data in the context of administrative/judicial action may be required for the purpose of gathering evidence, prosecuting or enforcing civil claims.

3.4 Legitimate interest of us or third parties (Article 6 (1) f GDPR)

We may also use your personal data on the basis of a balance of interests to protect the legitimate interest of us or third parties. This is done for the following purposes:

- for obtaining information and exchanging information with credit bureaus, if this goes beyond our economic risk.
- for limited storage of your data, if a deletion due to the special nature of the storage is not or only with disproportionate effort possible.
- for comparison with European and international anti-terrorist lists, if this goes beyond the legal obligations.
- for further development of services and products as well as existing systems and processes.
- for enrichment of our data by using or researching publicly available data.
- for statistical analysis or market analysis.
- for benchmarking.
- for assertion of legal claims and defense in legal disputes, which are not directly attributable to the contractual relationship.
- for development of scoring systems or automated decision-making processes.
- for internal and external investigations and or security checks.
- for certifications of private or official matters.
- to ensure and exercise our domestic law through appropriate measures (such as video surveillance).

Furthermore, we process personal data from public sources (such as the Internet, media, press, trade and club registries, registration records, debtor directories, land registers). We process, if necessary for the provision of our service, personal data that we lawfully received from third parties (for example, address publishers, credit bureaus)

4. Categories of personal data processed by us

The following data is processed:

- Personal data (name, date of birth, place of birth, nationality, occupation/industry and comparable data)

- Contact details (address, email address, telephone number and comparable data) 
- Payment/Cover confirmation for bank and credit cards

- Information about your financial situation (credit data including scoring, i.e. data for assessing the economic risk)
- Supplier history
- Furthermore, we process personal data from public sources (such as the Internet, media, press, trade and club registries, registration records, debtor directories, land registers).

- We process, if necessary for the provision of our service, personal data that we lawfully received from third parties (for example address publishers, credit bureaus)

5. Who receives your data?

We disclose your personal data within our company to the areas that need this data to fulfill the contractual and legal obligations or to implement our legitimate interests.
In addition, the following areas can receive your data:
- Commissioned processors (Art. 28 DS-GVO), in particular in the field (e.g. IT services, logistics and printing services, external data centers, support/maintenance of EDP/IT applications, archiving, document processing, call center services , compliance services, controlling, data screening for anti-money laundering purposes, data validation/plausibility check, data destruction, purchasing/procurement, customer management, letter shops, marketing, media technology, research, risk controlling, billing, telephony, website management, auditing services, credit institutions, printers or companies for data disposal, courier services, logistics
- Public bodies and institutions in the presence of a legal or regulatory obligation under which we are obliged to provide information, notification or disclosure of data or the data transfer is in the public interest
- Bodies and institutions based on our legitimate interest or the legitimate interest of the third party in the context of the purposes set out in point 3.5 (e.g. to authorities, credit bureaus, debt collection, lawyers, courts, appraisers, group companies and bodies and supervisory bodies);
- other bodies for which you have given us your consent to the transfer of data

6. Transmission of your data to a third country or to an international organization

A transfer of data to offices in countries outside the European Union (EU) or the European Economic Area EEA, so-called third countries), takes place when it is necessary for the execution of an order/contract by or with you, it is required by law (e.g. tax reporting obligations), it is in the legitimate interest of us or a third party or you have given us consent.
The processing of your data in a third country can also take place in connection with the involvement of service providers in order processing. Unless there is a decision by the EU Commission regarding an appropriate level of data protection for the country in question, we ensure that the rights and freedoms are adequately protected and guaranteed under corresponding EU treaties. Corresponding detailed information is available on request.

7. How long do we save your data?

If necessary, we process your personal data for the duration of our business relationship, including the initiation and execution of a contract.
In addition, we are subject to various storage and documentation obligations, which among others derive from the Commercial Code (HGB) and the Tax Code (AO). The deadlines for storage and documentation specified there are up to ten years beyond the end of the business relationship or the pre-contractual legal relationship.
Ultimately, the storage period is also judged by the statutory limitation periods, which can be, for example, according to §§ 195 ff. of the Civil Code (BGB) usually three years, in some cases, but also up to thirty years.

8. To what extent is there automated decision-making in an individual case (including profiling)?

We do not use purely automated decision-making procedures under Article 22 GDPR. If we use these procedures in individual cases, we will inform you about this separately, if this is required by law.

9. Your privacy rights

You have the right to information under Art. 15 GDPR, the right to correction under Art. 16 GDPR, the right to cancellation under Art. 17 GDPR, the right to restrict processing under Art. 18 GDPR and the right of data transferability from Art. 20 GDPR. In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 GDPR). In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 GDPR). Basically, according to article 21 GDPR, there is the right to object to the processing of personal data by us. However, this right to objection only applies in the case of very special circumstances of your personal situation, whereby rights of our company may conflict with your right of objection. If you want to assert any of these rights, please contact our data protection officer (see point 2).

10. Scope of your obligations to provide us with your data

You only need to provide the information necessary to enter into a business relationship or enter into a pre-contractual relationship with us, or that we are required to collect by law. Without this data we will generally not be able to conclude or execute the contract. This may also apply to data required later in the business relationship. If we request additional data from you, you will be made aware of the voluntary nature of the information separately.

11. Information about your right to object Art 21 GDPR

At any time you have the right to object to the processing of your data, which takes place on the basis of Art. 6 (1) f GDPR (data processing based on a balance of interests) or Art. 6 (1) e GDPR (Data Processing in the Public Interest) if there are reasons for this arising from your particular situation. This also applies to a profiling based on this provision within the meaning of Art. 4 (4) GDPR.
If you file an objection, we will not process your personal information unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, pursuing or defending legal claims.
The objection can be made informally to the address listed under point 1.

12. Your right of appeal to the competent supervisory authority

If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered. A list of data protection officers and their contact details can be found at the following link:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.