DATA PROTECTION NOTICE
customers / interested parties / business partners / suppliers

A. General information

I. Person responsibler

With this data protection notice, the
TPS-Technitube Röhrenwerke GmbH
Julius-Saxler-Straße 7
54550 Daun
Telefon: +49 (0)6592 / 712 -0
E-Mail: datenschutz@tpsd.de
 

(hereinafter also referred to as "TPS") fulfils its existing legal obligation to provide information in accordance with Art. 13 of the General Data Protection Regulation ("GDPR") with regard to the processing of personal data of customers, interested parties, business partners and suppliers. In the following we therefore explain which of your personal data we process and how.

II. Personal data

Personal data within the meaning of Art. 4 No. 1 GDPR includes information such as your name, your address, your telephone number, your e-mail address, your bank details or your date of birth.

III. Processing of personal data

Processing of personal data in according to with Art. 4 No. 2 GDPR is any procedure or procedure series which is performed on personal data, whether or not by automated means.

We process personal data within the meaning of Art. 4 No. 2 GDPR in accordance with the specifications and conditions set out below within the framework of automated processing based on a relevant legal authorisation basis.

The corresponding legal bases for our data processing are presented below.

Automated decisionmaking in individual cases, including profiling in accordance with Art. 22 GDPR, does not take place.

B. General processing operations

I. Purpose of processing personal data of interested parties, business partners and suppliers

We process your data, which we collect from you or which you provide to us, in particular in order to establish a contractual relationship with you and to be able to fulfil the existing contractual relationship with you, Art. 6 para. 1 sentence 1 lit. b GDPR.

The aforementioned also includes the implementation of precontractual measures, which are carried out at your request.

Personal data collected by us directly from you upon conclusion of the contract is required for the conclusion of the respective contract.

In order to be able to prepare an offer for you as an interested party, you are contractually obliged to provide the necessary data. Failure to provide the required personal data may mean that the contract cannot be fulfilled.

In this context, we process in particular corresponding contact data, financial data, especially payment data, as well as data in connection with the respective contract concluded, insofar as they are necessary to fulfil the respective purpose. If you order a product and/or service, we also process your contact data for communication purposes and to provide the ordered products and services.

In the event that you are not a natural person, we process the personal data of your contact person.

In addition, we process your data in order to submit or analyse corresponding offers, manage an order or provide support services.

The same applies if we purchase products or services from you as a business partner or supplier.

With regard to the fulfilment of legal obligations, Art. 6 para. 1 sentence 1 lit. c GDPR is the corresponding legal basis. We process your personal data depending on the respective legal obligation, e.g. with regard to the requirements of the Money Laundering Act.

In addition, Art. 6 para. 1 sentence 1 lit. f GDPR, "legitimate interest", is our basis for authorisation if we have a legal, economic or idealistic interest in data processing and the rights, interests or fundamental rights of the data subjects worthy of protection do not outweigh this interest.

Personal data will also be processed by us if you give your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. However, failure to give this consent or its revocation does not affect the possibility of recourse to statutory authorisation bases, in particular Art. 6 para. 1 sentence 1 lit. b GDPR, "necessity for the performance of the contract", Art. 6 para. 1 sentence 1 lit. c GDPR, "legal obligation", and Art. 6 para. 1 sentence 1 lit. f GDPR, "legitimate interest", with regard to data processing. Your declaration of consent is voluntary. There are no disadvantages for you if you do not give your consent. You can revoke your consent at any time by sending us an e-mail or by post. The revocation of consent does not affect the permissibility of the processing carried out until the revocation.

C. Making contact

I. General information

When you contact us by e-mail, via chat/chatbot, by telephone or via a contact form on our website, the data you provide will be processed by us. Mandatory information is only required in the respective contact option. This information is required so that we can answer your enquiry accordingly. You can provide further personal data on a voluntary basis if you wish, e.g. if you want us to send you information material by post, we need your address. Your personal data will be stored by us in order to answer your questions. We delete the data arising in this context after storage is no longer necessary, or restrict processing if there are statutory retention obligations.

The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR, "consent", alternatively Art. 6 para. 1 sentence 1 lit. f GDPR, "legitimate interest".

II. Supplementary information for communication via Microsoft Teams

We use Microsoft Teams to hold online meetings.

We hereby inform you about the processing of your personal data in the context of our online meetings using the Microsoft Teams video conferencing solution.

If you do not wish to communicate with us via Microsoft Teams, you can reach us via all our other communication channels. You can also invite us to an online meeting via your own meeting tool instead.

If you cannot or do not want to use the Microsoft Teams app, it is possible to use Microsoft Teams via your browser. The service is then provided via the Microsoft Teams website.

We process the following personal data as part of our online meetings using Microsoft Teams:

However, the scope of data processing also depends on the information you provide before or during participation in an online meeting. For example, a profile picture is optional. You may also have the option of using the chat function in an online meeting. If you make use of this, your text entries will be processed in order to display them in the online meeting. If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content.

You can switch off or mute the camera and / or microphone yourself at any time via the Microsoft Teams application. You can also stop using the chat function at any time.

The legal basis for this is Art. 6 para. 1 sentence 1 lit. f GDPR, "legitimate interest".

Meetings are generally not recorded. Recordings may only be made in exceptional cases if the participants have been expressly and transparently informed of the planned recording in advance and have given their consent where necessary, and have received additional data protection information, including on the specific purpose of the recording and the recipients to whom the recording is to be made available. If necessary, the legal basis is the consent of the data subject, Art. 6 para. 1 sentence 1 lit. a GDPR. You can withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Personal data processed in connection with participation in online meetings will not be passed on to third parties.

Microsoft Teams is part of the Office 365 cloud application. Microsoft Office 365 is a software from Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland.

Data processing with Office 365 takes place on servers in data centres in the EU. We have concluded an data processing contract with Microsoft within the meaning of Art. 28 GDPR. This also includes extensive technical and organisational measures, such as the encryption of data.

In exceptional cases, Microsoft may request access for the purpose of remote maintenance. This access will then be checked by us and granted if authorised. Access may be granted to affiliated Microsoft companies outside the EU. In this case, we have taken measures to ensure an appropriate level of data protection.

We cannot rule out the possibility that data is routed via servers located outside the EU.

Data is transferred to companies in the USA on the basis of an adequacy decision by the European Commission within the meaning of Art. 45 (3) GDPR, which stipulates that an adequate level of protection exists in the USA.

Microsoft reserves the right to process customer data for its own business purposes. We have no influence on this data processing by Microsoft. Microsoft is independently responsible for these data processing activities, so you can contact Microsoft for further information.

Further information: privacy.microsoft.com/en/privacystatement and docs.microsoft.com/en/microsoftteams/teams-privacy

D. Advertising

We also intend to process the data provided by you or collected by us for advertising purposes in the case of an existing customer relationship and other contractual relationships for consideration. In this case, the legal basis under data protection law is Art. 6 para. 1 sentence 1 lit. f GDPR, "legitimate interest". According to the recitals to the GDPR, such a legitimate interest is given in particular with regard to socalled direct advertising, see recital 47 p. 7. The term "direct marketing" refers to the direct approach of a customer by a provider with the aim of promoting the sale of products or services in return for payment. Customer satisfaction surveys or participation in surveys can also fall under the legal concept of advertising. The other legal requirements, in particular § 7 UWG, are of course observed.

Without an existing customer relationship or without any other paid contractual relationship, we will only process your personal data for advertising purposes, if you have given us your voluntary consent to do so, Art. 6 para. 1 sentence 1 lit. a GDPR.

Advertising is carried out by post, by electronic means, including e-mail, social media, or by telephone, insofar as this is legally permissible.

The advertising measures relate in particular to all products and all services, customer satisfaction surveys and polls as well as invitations to trade fairs and events.

You can object to the processing of your personal data for advertising purposes at any time. The relevant contact details are listed in the data protection notice. In this case, your personal data will no longer be processed for advertising purposes and will be deleted from the relevant advertising mailing lists.

If we use processors in this context, we have concluded an order processing contract with them in accordance with the provisions of Art. 28 GDPR, so that the processor is subject in particular to our instructions as the client.

E. Duration of data processing

The maximum duration of storage depends on the purpose of the data processing. The duration of storage generally depends on the period for which processing is required to fulfil the purpose.

Deletion periods under data protection law do not apply if and insofar as statutory retention obligations, such as those under social security law, commercial law or tax law require longer deletion periods.

F. Recipients of the personal data

We transfer data within the specialist departments insofar as this is necessary to achieve the purpose.

We may transfer data within the Techniropa Holding Group. The primary authorisation basis for data transfer within the group of companies is Art. 6 para. 1 sentence 1 lit. f GDPR. This states that data processing is lawful if processing is necessary for the purposes of the legitimate interests pursued, except where such interests are overridden by the interests or fundamental rights of the data subject. Recital 48 of the recitals to the GDPR, which are to be regarded as interpretation aids to the GDPR, specifies the legitimate interest for a transfer within a group of companies. Accordingly, such a transfer within the group for internal administrative purposes with regard to the processing of customer data is to be qualified as a legitimate interest within the meaning of Art. 6 para. 1 sentence 1 lit. f GDPR. Internal administrative purposes relating to customer data in this sense may include centralised customer management, internal group reporting or, in the case of access to data within matrix structures in a group of companies.

Based on the intercompany agreements concluded with individual companies in the Techniropa Group, TechniSat acts as a processor for individual Group companies in the areas of IT, human resources, financial accounting, organisational services, marketing and purchasing, among others. A corresponding order processing contract in accordance with Art. 28 GDPR has been concluded in each case; we will be happy to provide you with the individual contracts if required.

We also use Microsoft Office 365 as a cloud application, software from Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland. Reference may be made to the aspects described under C., II. in this context.

Furthermore, transfers may be made to external third parties insofar as the aforementioned is necessary and legally permissible to achieve the purpose, for example to: Auditing companies, tax consulting companies, law firms, financing companies, banks, factoring companies, other assignees, advertising agencies, lettershops, printers, postal service providers, freight forwarders, public authorities, including tax offices, customs, insurance companies, companies that check creditworthiness, IT service providers, debt collection companies, data carrier disposal companies, creditor protection associations and other business information services. The authorisation basis for data transmission is Art. 6 para. 1 sentence 1 lit. f GDPR.

Processors used are contractually bound to the requirements of Art. 28 GDPR. Processors will only process your data in accordance with the legal requirements, in accordance with our instructions and only in the context of the fulfilment of the contract.

G. Place of data processing operations

All processing of personal data generally takes place in Germany or in member states of the European Union. We do not transfer personal data to countries outside the member states of the European Union, socalled third countries, or to other international organisations, unless otherwise stated in the data protection notice.

If we should transfer personal data to companies in third countries, the aforementioned will only take place if the third country has been confirmed by the EU Commission as having an adequate level of data protection in accordance with Art. 45 para. 3 GDPR, which is the case with regard to both the USA and the UK, or if other appropriate data protection guarantees, e.g. binding internal company data protection regulations or an agreement of the standard contractual clauses of the EU Commission or the consent of the data subject is available, Art. 44 et seq. GDPR.

H. Security / Technical and organisational measures

We take all necessary technical and organisational measures, taking into account the requirements of Art. 24, 25 and 32 GDPR, to protect personal data from loss, destruction, access, modification or dissemination by unauthorised persons and misuse. For example, we comply with the legal requirements for the pseudonymisation and encryption of personal data, the confidentiality, integrity, availability and resilience of systems and services in connection with processing, the availability of personal data and the ability to restore it quickly in the event of a physical or technical incident, and the establishment of procedures to regularly review, assess and evaluate the effectiveness of technical and organisational measures to ensure the security of processing. Furthermore, we also comply with the requirements of Art. 25 GDPR with regard to the principles of "privacy by design" and "privacy by default", i.e. data protection through data protectionfriendly default settings.

I. Your rights pursuant to Art. 15 et seq. GDPR / contact details of the data protection officer

You have the right to

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes the GDPR, see Art. 77 GDPR. You can assert this right with a supervisory authority in the Member State of your place of residence, your place of work or the place of the alleged infringement. The competent supervisory authority in Rhineland-Palatinate is „Der Landesbeauftragter für den Datenschutz und die Informationsfreiheit Rhein-land-Pfalz“, Hintere Bleiche 34, 55116 Mainz.

If you have any questions about the processing of your personal data, questions relating to the aforementioned rights and their assertion, or suggestions, please contact the contact details above or the data protection officer:

Telefon: 0049 (0) 6592 712 1351
E-Mail: datenschutzbeauftragter@tpsd.de

Version: 3, valid from 29.08.2024
Our latest version of this data protection notice applies in each case.

The interested party / business partner / supplier is obliged to view the data protection notice at regular intervals and to make it available to his employees if he himself is not a natural person and if personal data is processed by his employees through us.

In the event of any discrepancies between the German and English versions of this Data Protection Notice, only the German version shall be valid.