Processing of Business Partner Data

Information according to Art. 13 G DPR

Status: 10 Oct 2024

1. Person responsible

Name / designation	DALIM SOFTWARE GmbH
Street	Strassburger Strasse 6
Postcode / City	77694 KEHL, Germany
Telephone	+49 7851 91960
E-mail address	info@dalim.com
Internet address / URL	www.dalim.com

2. Legal representatives of the responsible person

Management of the responsible body	Dr. Carol Werlé
Person Responsible for data processing	Vincent Demange

3. Data protection officer

Name	Dr. Rainer Harwardt
Telephone	+49 (7851) - 91960
E-Mail address	datenschutz@dalim.com

4. Purpose of data collection, data processing, data use, legal basis

Purpose:

1. The processing of personal data takes place within the framework of the fulfilment of contracts with our customers, suppliers, contractors and interested parties or for the implementation of pre-contractual measures, which take place at their request.

Examples:

Processing of orders
Preparation of offers
Provision of services
Invoicing and delivery of goods
Complaint management

2. We also process your data as far as necessary, beyond the actual fulfilment of the contract, to protect the legitimate interests of us or third parties. (on the basis of a weighing of interests).

Examples:

Mapping the history of business processes in an enterprise resource planning and customer management system
Sales management and sales controlling
Examination and optimisation of procedures for demand analysis and direct customer approach; incl. customer segmentation and calculation of closing probabilities
Advertising for our own products, insofar as you have not objected to the use of your data
Assertion of legal claims and defence in legal disputes
Ensuring IT security and IT operations
For the prevention and investigation of criminal offences
For statistical purposes
Video surveillance to protect the right of access to the premises, to collect evidence in the event of robberies and fraud offences
Measures for building and facility security (e.g. access controls)
Measures to safeguard house rights
Measures for business management and further development of services and products

If we process data on the basis of a balance of interests, you as the data subject have the right to object to the processing of personal data, taking into account the provisions of Art. 21 of the Data Protection Regulation (see also section 10 of this data protection information).

3. In addition, we process your personal data to fulfil legal obligations. These include, for example, retention periods under commercial and tax law, as well as information to authorities, if applicable.

4. If you have given us your consent to process personal data for specific purposes (e.g. sending a newsletter to inform you about new developments or products, training opportunities, etc.; forwarding to third parties; evaluation for marketing purposes or advertising), this processing is lawful on the basis of your consent. If personal data has been processed on the basis of your consent, you have the right to revoke this consent at any time with effect for the future (see also section 9 of this data protection information). Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected by this.

Legal basis / permissibility of data collection:

1. Processing due to legal requirements / pre-contractual measures

(Art. 6 para. 1 lit. b GDPR)

2. Processing on the basis of a balancing of interests.

(Art. 6 para. 1 lit. f GDPR)

3. Processing on the basis of legal requirements (e.g. tax law)

(Article 6 para. 1 lit. c GDPR)

4. Processing based on your consent

(Article 6 para. 1 lit. a GDPR in conjunction with Art. 7 GDPR)

5. Description of the groups of persons concerned and the data or data categories involved

Group of Person

Data / Category of Data

Costumers

Master data: Name, first name, address, telephone number, e-mail address, customer number.

Other data: Data on the fulfilment of our contractual obligations, information on your creditworthiness, payment reliability, correspondence (e.g. correspondence with you), as well as other data comparable with the categories mentioned.

Suppliers

Contact data: title, name, contact data, area of responsibility, department

Other data: Data relating to the fulfilment of our contractual obligations, information about your creditworthiness, payment reliability, correspondence (e.g. correspondence with you), as well as other data comparable to the above categories.

Other business partners

Contact data: title, name, contact data, area of responsibility, department

Other data: Data in connection with the business relationship we have with you. If, for example, you are a visitor to one of our events, we process the necessary data, e.g. date, title of event, etc..

6. Information on the origin of the data

We process personal data that we receive from our customers, suppliers, contractors, business partners and interested parties in the course of our business relationship. Furthermore, we process personal data - if this is necessary for the provision of our services - which we obtain from publicly accessible sources or which are transmitted to us by other companies within the group or by other third parties.

7. Recipients or category of recipients to whom this data may be disclosed.

Recepients

Internally :
Purchasing, Sales, Marketing, Customer Service, Human Resources, Financial Accounting, Management, Operations, IT.
External :

External contractors and service providers (contract processors:
We sometimes use external contractors and service providers to fulfil our tasks and contracts. These may include, for example, document shredders, printing service providers, logistics and IT service providers, external data centres, remote providers.
Other recipients:
In addition, data may be passed on to recipients to whom we are obliged to pass on data due to legal obligations (e.g. law enforcement agencies, courts, tax authorities).

Other / Remarks

Within our group of companies, your data will be transferred to certain companies if they centrally perform data processing tasks for the companies affiliated in the group (e.g. DALIM SOFTWARE UK) and insofar as this is permissible within the framework of the purposes and legal bases set out in section 3 of this data protection information sheet.

Within our company, your data will only be accessed by those departments that need it to fulfil our contractual and legal obligations or to implement our legitimate interests.

We will only pass on information about you outside the company if this is permitted or required by legal or official notification obligations (e.g. law enforcement authorities), if the transfer is necessary to fulfil legal obligations, if we have your consent or if we are authorised to provide information.

8. Duration of data storage

We process and store your personal data as long as it is necessary for the fulfilment of our contractual and legal obligations. Your personal data are regularly deleted or blocked when they are no longer required for the fulfilment of contractual or legal obligations, you have exercised your right to deletion, all mutual claims have been fulfilled and there are no other legal retention obligations or legal justification bases for storage.
In addition, we are subject to various storage and documentation obligations, which result from the German Commercial Code (HGB) and the German Fiscal Code (AO), among others. The periods prescribed there for storage and documentation are two to ten years.
The storage period also depends on the statutory limitation periods, which, for example, according to §§ 195 ff. of the German Civil Code (BGB), generally amount to three years, but in certain cases can also be up to thirty years.

9. Your rights as a data subject

The applicable data protection law grants you comprehensive data subject rights (rights of information and intervention) vis-à-vis the data controller with regard to the processing of your data, which we inform you about below:

Right to information according to Art. 15 GDPR: As a person affected by data processing, you have the right to request information free of charge about the data we have stored about you.
In addition, you have the right to correction (Art. 16 GDPR), deletion (Art. 17 GDPR), restriction of processing (Art. 18 GDPR) and data portability (Art. 20 GDPR) if the legal requirements are met.
If the data processing is based on Art. 6 (1) e) or f) GDPR (data processing on the basis of a balance of interests), you have the right to object according to Art. 21 GDPR. If you object to the processing of your data, it will not be processed in the future, unless the controller can demonstrate compelling legitimate grounds for further processing which override your interests, rights and freedoms, or if the processing serves the purpose of asserting, exercising or defending legal claims.
If the data processing is based on consent pursuant to Art. 6 (1a) or Art. 9 (2) a) GDPR, you may revoke your consent at any time with effect for the future. The lawfulness of the processing of your data until revocation is not affected by the revocation.
If you are of the opinion that the processing of personal data concerning you violates the GDPR, you have the right to lodge a complaint with a competent data protection supervisory authority (Art. 77 GDPR).

10. Supplementary information on processing

Obligation to provide data:

- In the context of a business initiation or business relationship with us, you generally only have to provide the personal data that we require for the corresponding justification, implementation or termination of this relationship or which we are legally obliged to collect. Without the provision of the required data, we may have to refuse to establish a business relationship or may not be able to carry out such a relationship or may even have to terminate such a relationship.
No data is transferred to third countries (outside the EU) or to an international organization.
We do not use any processing based on automated decision-making, including profiling as defined in Article 22 of the GDPR.