Transparency and information obligations for customers, clients, contractual partners and interested parties of va-Q-tec AG
according to the EU General Data Protection Regulation (GDPR)
With this document, we would like to inform you about the processing of your personal data by va-Q-tec AG and the rights to which you are entitled under data protection law.
Responsible body (controller) and data protection officer
Adresse: va-Q-tec AG Alfred-Nobel-Straße 33 97080 Würzburg
Contact information of the data protection officer: [email protected]
Categories of data / data sources
We process the following personal data within the framework of the contractual relationship and for the initiation of a business relationship:
For business customers:
Contact data (e.g. first/surname of current and previous contact persons, if applicable, name affixes, company name and address (employer), telephone number including extensions, business e-mail address, salutation, gender)
Occupational data (e.g. department including position)
Social media links
For private customers:
Master data (e.g. first/surname, if applicable name affixes)
Contact details (e.g. private address: street, postal code, city; e-mail address)
Deviating delivery/invoice address (e.g. address, if applicable: name, e-mail address
Purchase order history
As a matter of principle, we collect your personal data directly from you within the framework of current contractual transactions and the underlying relationship or in the framework of the initiation of a business relationship.
In certain constellations, your personal data may exceptionally also be collected from other sources. This includes event-related queries on relevant information from credit agencies, in particular with regard to credit risk assessments and former credit behaviour.
Data processing in software
Purposes and lawfulness of data processing
When processing your personal data, the provisions of the GDPR, local data protection laws and other relevant legal provisions are always observed.
Your personal data is exclusively processed for the execution of pre-contractual measures (e.g. for the preparation of offers for products or services) and/or for the fulfilment of contractual obligations (e.g. for the execution of our services or for sales/order/payment processing), (Art. 6 para. 1 lit. b GDPR) or if there is a legal obligation for processing (e.g. due to tax regulations) (Art. 6 para. 1 lit. c GDPR). Personal data was originally collected for these purposes.
Of course, your consent may also constitute a legal basis for the processing of your personal data (Art. 6 para. 1 lit. a GDPR). Before you grant such consent, we will inform you about the purpose of the data processing and about your right of revocation according to Art. 7 para. 3 GDPR. Should the consent also refer to the processing of special categories of personal data in accordance with Art. 9 GDPR, we will explicitly point this out to you in advance.
We would like to maintain a relationship to its customers and send information and offers on products and services. Art. 6 Para. 1 S.1(f) EU GDPR. We therefore use your data to email you relevant information and offers.
Your personal data will only be processed for the detection of criminal offences if the requirements of Art. 10 GDPR are met.
Duration of data storage
We will delete data as soon as your data is no longer needed for the above-mentioned purposes or in the event that you revoked your consent. Data will only be stored beyond the existence of the contractual relationship only in cases in which we are either obliged or entitled to do so.
Regulations, which oblige us to keep data, can for example be found in commercial or tax laws. This may result in a storage period of up to ten years. In addition, statutory limitation periods must be observed.
Data recipients / categories of recipients
In our company, we make sure that only those departments and individuals receive your data that need them to fulfil contractual and legal obligations.
In many cases, service providers support our specialist departments in fulfilling their tasks. In this case, the necessary data protection agreements have been concluded with all service providers. Briefly describe procedures with service providers (e.g. shipping, suppliers, payment services, credit checks, etc.).
Intention to transfer data to a third country
A transfer of data to third countries (outside the European Union or the European Economic Area) only takes place if this is necessary for the execution of the underlying relationship or required by law or if you have given us your consent.
We transfer your personal data to cloud service providers with head quarters at US and UK.
Compliance with the level of data protection is ensured by the conclusion of the EU standard contractual clauses and the agreement of additional guarantees for the protection of the data subjects.
Rights of data subjects
Your rights as a data subject are set out in Articles 15 – 22 GDPR, and include:
The right to access (Art. 15 GDPR),
The right to erasure (Art. 17 GDPR),
The right to rectification (Art. 16 GDPR),
The right to data portability (Art. 20 GDPR),
The right to object to processing (Art. 21 GDPR),
The right to restriction of processing (Art. 18 GDPR).
To exercise these rights, please contact: an: [email protected]. You have the right to lodge a complaint with a supervisory authority.
In the event that we process your data to protect legitimate interests, you may object to such processing at any time for reasons that arise from your specific situation; this also applies to profiling based on these provisions.
We will then cease to process your personal information unless we can demonstrate compelling legitimate grounds for processing such information that outweigh your interests, rights and freedoms, or the processing is intended to assert, exercise or defend legal claims.
If we process your personal data for the purpose of direct marketing, you have the right to object to this data processing at any time without providing the reasons for such objection. This also applies to profiling insofar as it is associated with direct marketing. If you object to the processing for direct marketing, we will no longer process your personal data for such purposes.
Obligation to provide data
Certain personal data needs to be provided in the framework of our contractual/business relationship as such data are necessary for the establishment, execution and termination of the contractual relationship and the fulfilment of the associated contractual and legal obligations. Without the provision of such data, an execution of the above tasks and duties is not possible.
Automated individual decision-making
We do not use any automated decision-making.