This data protection information serves to inform you about the processing of your personal data in accordance with the EU General Data Protection Regulation (hereinafter referred to as “GDPR”) by Inserco Industrie Service GmbH, Kränkelsweg 25, 41748 Viersen, phone 02162-933910, e-mail: service@inserco.de

1. Scope

This data protection information applies to the collection of your personal data by us for the purpose of
• processing contractual services between you as a customer and us and for further regular exchange of information in connection with our contractual services

2. The data controller responsible for the processing of your personal data

Unless otherwise specified in this privacy policy, the following entity is responsible for the processing of your personal data:

Inserco Industrie Service GmbH, Kränkelsweg 25, 41748 Viersen, phone 02162-933910, e-mail: service@inserco.de

3. Contact details of the data protection officer

For all matters concerning data protection, please contact:

SystemDatenschutzConsulting
Rebenlaube 12
45133 Essen

E-Mail: r.schroeder@systemdatenschutzconsulting.de
Web: www.systemdatenschutzconsulting.de

4. Definitions

This data protection information uses the following data protection terms which we have defined here to aid your understanding:

The GDPR is the EU’s General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC).

“Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing. Depending on the selected payment method, recipients of your personal data may be banks or other service providers

that we use for our services.

As part of the contractual relationship, it may be necessary to forward your personal data to a sub-processor (processor). For this purpose, we have complied with our obligations under Article 28 GDPR and have concluded supplementary contracts with the respective processors and satisfied ourselves that they treat your personal data in accordance with the legal requirements.

“Personal data” means any information relating to an identified or identifiable natural person. Within the meaning of the GDPR, such persons are also
referred to as the “data subject”. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal data can include information such as the person’s name, contact details and bank details.

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. For the data processing described in this privacy policy, the controller is (see Item 2 above).

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

5. What data do we collect from you?

We collect personal data directly from you in order to fulfil our contractual services:
Personal identification data: First and last name, company name, address, date of birth, e-mail address, telephone number, fax.
Other data in connection with the contractual processing Bank details, data for your employees if applicable.

6. Purposes and legal bases for processing your personal data

Contractual performance and further regular exchange of information in connection with our contractual services
We need your data so that we are able to fulfil our contractual services. In the scope of these service, we access your personal data (see Item 5).
The legal basis for data collection is the fulfilment of the contractual relationship on the basis of Article 6(1)(1)(b) GDPR.

7. Retention and deletion of your personal data

We initially store your personal data for as long as necessary, and to the extent necessary, for the purposes stated in this data protection declaration (see Item 6 above).
As soon as the data is no longer required for the purposes stated in Item 6 of this data protection information, we will retain your personal data for the period during which you can assert claims against us or we can assert claims against you (statutory limitation periods).
Furthermore, we store your personal data for as long as and to the extent that we are legally obliged to do so. Corresponding documentation and retention obligations arise, among other things, from the German Commercial Code (HGB), the German Fiscal Code (AO) and the German Money Laundering Act (GwG). According to these, the retention obligations are up to ten years, starting at the end of the calendar year in which the relevant transaction ends.

8. Categories of recipients of personal data

When providing, implementing and managing our services (see Item 1 above), we also transfer your personal data to companies within Inserco Industrie Service GmbH as part of an internal company process in order to spread out the workload. The transfer takes place on the basis of our legitimate interest in carrying out internal administrative activities efficiently and across different departments and improving our products and services on the basis of Article 6(1)(b) and (f) GDPR and on the basis of the conclusion of order processing contracts in accordance with Article 28 GDPR.

For the processing of payments and, if applicable, refunds, we transfer your personal data to banks, payment service providers, financial service providers and credit card companies on the basis of Article 6(1)(1)(b) GDPR, depending on the payment method selected.

In the event of any legal disputes, we will transfer your data to the competent court and, if you have commissioned a lawyer, to the lawyer in order to conduct the legal dispute. We process your personal data due to a legal obligation on the basis of Article 6(1)(1)(c) GDPR and due to our legitimate

interest in safeguarding, enforcing and/or defending our legal interests on the basis of Article 6(1)(1)(f) GDPR.
In addition, we only transfer your personal data if and to the extent that we are legally obliged to do so. The transfer takes place on the basis of Article 6(1)(1)(c) GDPR (e.g. to the police and regulatory authorities in the context of investigations into administrative offences and/or criminal offences or to the data protection supervisory authorities).
Customer surveys and other advertising and marketing campaigns may be carried out by us and also by service providers commissioned by us as part of our contractual relationship.
We process your personal data on the basis of our legitimate interest in improving our products and services on the basis of Article 6(1)(1)(f) GDPR.

9. Transferring data to third countries

Within the meaning of the GDPR, a third country is a country that does not belong to the EU.
Your data may be transferred to a third country for the purpose of providing the contractual service. You can obtain further information on this from:
Inserco Industrie Service GmbH, Kränkelsweg 25, 41748 Viersen, phone 02162-933910, e-mail: service@inserco.de

10. Your right to object if we have legitimate interests the processing of your data

We process your personal identification data in order to safeguard, enforce and defend our legal interests (including in court if necessary) and to carry out internal administration efficiently and across different departments.
Insofar as we process your personal data on the basis of these legitimate interests (Article 6(1)(1)(f) GDPR), you can object to the data processing at any time for reasons arising from your particular situation. Please send your enquiry to

Inserco Industrie Service GmbH, Kränkelsweg 25, 41748 Viersen, phone 02162-933910, e-mail: service@inserco.de

If you object to the data processing, we will process your personal data collected in this context to respond to your enquiry. The processing of your personal data is carried out to fulfil a legal obligation on the basis of Article 6(1)(1)(c) GDPR. In the event of an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing of this data which
outweigh your interests, rights and freedoms or if your personal data serves the establishment, exercise or defence of legal claims.

11. Your other rights

You can exercise the following rights at any time in line with the GDPR:

• Right of access, Article 15 GDPR
  You have the right to receive information about the personal data stored about you.
• Right to rectification, Article 16 GDPR
  If you discover that incorrect personal data relating to you is being processed, you can request that it be rectified. Incomplete data must be completed, taking into account the purpose of the processing.
• Right to erasure, Article 17 GDPR
  You have the right to request the erasure of your data if certain grounds for erasure apply. In particular, this is the case if it is no longer required for the purpose for which it was originally collected or processed.
• Right to restriction of processing, Article 17 GDPR
  You have the right to restrict the processing of your data. This means that although your data will not be deleted, it will be labelled in order to restrict its further processing or use.
• Data portability (Article 20 GDPR)
  You have the right to data portability of personal data concerning you that you have provided to us. This enables you to request that we transfer this data either to you or, where technically feasible, to another organisation.
• Right to object to illegitimate data processing, Article 21 GDPR
  In principle, you have a general right to object to the processing of your data, including lawful data processing that is carried out in the public interest, in the exercise of official authority or on the basis of the legitimate interest of a body.

Please send your enquiry to:

Inserco Industrie Service GmbH, Kränkelsweg 25, 41748 Viersen, phone 02162-933910, e-mail: service@inserco.de

If you assert your rights against us, we will process your personal data collected in this context in order to respond to your enquiry. The processing of your personal data is carried out to fulfil a

fulfilment of a legal obligation on the basis of Article 6(1)(1)(c) GDPR.

• Right to lodge a complaint, Article 77 GDPR
  Without prejudice to your rights, you can lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data by us violates the GDPR (Article 77 GDPR).

The supervisory authority responsible for the controller is:

LDI NRW, Kavalleriestr. 2–4, 40213 Düsseldorf
Phone 0211-38424-0, e-mail: dsb-meldung@ldi.nrw.de