Data protection information for business customers
Below you will find a detailed overview of what data we collect about you and what we do with it. We also inform you about your data protection rights and show you who you can contact with questions about the protection of your data.
About us
Responsible for the processing:
AMEVIDA SE
Kurt-Schumacher-Str.
100
45881 Gelsenkirchen
Phone: +49 209 7070-0
E-mail: dialog@amevida.de
Management Board: Dr. Matthias Eickhoff
AMEVIDA Freiburg GmbH
Kurt-Schumacher-Str.
100
45881 Gelsenkirchen
Phone: +49 209 7070-0
E-mail: dialog@amevida.de
Managing Director: Dr. Matthias Eickhoff
Postal address:
AMEVIDA Freiburg GmbH
Waldkircher Str. 28
79106 Freiburg im Breisgau
Tel.: 0761-5599-0
E-mail: info@amevida-freiburg.de
AMEVIDA Touristik GmbH
Kurt-Schumacher-Str.
100
45881 Gelsenkirchen
Phone: +49 209 7070-0
E-mail: dialog@amevida.de
Managing Director: Dr. Matthias Eickhoff
AMEVIDA Finance GmbH
Kurt-Schumacher-Str.
100
45881 Gelsenkirchen
Phone: +49 209 7070-0
E-mail: dialog@amevida.de
Managing Director: Dr. Matthias Eickhoff
If you have any questions about this data protection information, the processing of your data, your rights or other concerns in the area of data protection, our data protection officer will be happy to help you.
AMEVIDA SE
Data Protection Officer
Kurt-Schumacher-Str.
100
D- 45881 Gelsenkirchen
E-mail: datenschutz@amevida.de
To whom this information is addressed
This data protection information is intended for the employees of our customers or for the customers themselves if they are natural persons.
Definition of key terms
Personal data
There is a lot of talk about personal data, but what does this term actually mean?
The term "personal data" is legally defined in Art. 4 No. 1 GDPR as follows:
"personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person"
Processing
The term "processing" is defined in Art. 4 No. 2 GDPR:
"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Processed data, processing purposes and legal bases
This section describes the cases within the business relationship in which personal data is used, the purposes of processing and the associated legal bases. We also explain the source of the data ("Origin of the data") if we have not obtained the data directly from you.
I. Your role as a contact person
Purposes
We use your data for communication for the purposes stated in the rest of this data protection information. This involves the following data: Title, first name, surname, company, business contact details.
Legal basis
We process your data for the above-mentioned purpose in order to fulfill the following purposes stated in this data protection information (Art. 6 para. 1 lit. f) GDPR).
Origin of the data
If you have not given us your data yourself as part of the business relationship with your employer, we have received it from them.
II Contact and support
Purposes
We process your data for the following purposes:
- To answer your inquiries and fulfill appointment requests that you have sent to us via the various communication channels (e.g. e-mail, telephone, chat, letter, contact forms, professional network such as Xing/LinkedIn or other social media).
- For advertising via the aforementioned communication channels, provided we have previously received your data for this purpose, e.g. at a trade fair or comparable event. This also includes customer satisfaction surveys and the sending of newsletters, invitations, demand surveys, customer magazines or other information material.
- To increase our sales success.
The following personal data is processed: Surname, first name, contact details (telephone, fax, e-mail, profile in a professional network such as Xing or LinkedIn), company incl. Address, position, industry, interest in products and services, subject of the inquiry, notes from the conversation, date of the inquiry.
Legal basis
The processing of your data for answering inquiries and making appointments is carried out to safeguard our legitimate interests (Art. 6 para. 1 lit. f) GDPR) in answering inquiries addressed to our company and in initiating new business relationships. The processing of your data for advertising purposes is carried out to protect our legitimate interests in advertising our products and services in the context of sales promotion (Art. 6 para. 1 lit. f) GDPR). If we contact you by email for this purpose, this is done on the basis of your consent (Art. 6 para. 1 lit. a) GDPR).
We will also contact you by e-mail without your consent if we have received your e-mail address in connection with the commissioning of our service and you have not objected to its use (Art. 6 para. 1 lit. c) GDPR in conjunction with Art. 7 para. 1 lit. f) GDPR). § Section 7 para. 3 UWG).
Origin of the data
We collect your personal data directly from you, for example When you make an inquiry, for example, or as part of the initial contact at trade fairs or other events. We also obtain your contact details from your company's or employer's website and from information provided by your employer.
III. customer installation
Purposes
Personal data is processed in order to create your customer data in our customer base. Furthermore, we use the data you provide for the purpose of customer creation for a credit check, as every business relationship can represent a risk for our company in the event of payment defaults. We also compare your data with our internal customer blacklist. Finally, we process your data to carry out the required checks in accordance with the relevant EU sanctions regulations, in particular 2580/2001, 881/2002 and 753/2011.
If necessary for the services you require, we will forward your request to an affiliated company (see "About us")
Legal basis
- The legal basis for the processing of your data for the purpose of customer creation, credit check and comparison of the customer blacklist is the fulfillment of the contract (Art. 6 para. 1 lit. b) GDPR).
- The implementation of the check in accordance with relevant EU sanctions regulations is carried out to fulfill a legal obligation (Art. 6 para. 1 lit. c) GDPR in conjunction with these EU regulations).
Origin of the data
- In order to decide whether we will accept you as a customer, we check your creditworthiness. For this purpose, we receive information from credit agencies about your creditworthiness and your credit score. In individual cases, information from the commercial register, the Federal Gazette or the press is also evaluated.
- In order to implement the legal obligations arising from the relevant EU sanctions regulations, we use service providers for the corresponding checks, from whom we receive the results of the checks carried out.
IV. Order execution, invoicing and receivables management
Purposes
We process your data as part of the business relationship for the purpose of order processing, invoicing and pursuing claims. This also includes communication with you incl. responding to your concerns, complaint management and the processing of complaints.
Legal basis
The legal basis for the processing of your data for the above-mentioned purposes is the fulfillment of the contract (Art. 6 para. 1 lit. b) GDPR).
V. Sales management
Purposes
In order to manage, optimize and plan our sales activities, we measure sales performance and various key figures. Customer data is also processed to create this statistical data.
Legal basis
The processing of your data for the purpose of sales management is carried out to safeguard our legitimate interest in effective sales management (Art. 6 para. 1 lit. f) GDPR).
VI Other processing purposes
In addition to the purposes described above, the above-mentioned personal data is processed for the following purposes to protect our legitimate interests in the context of balancing of interests (Art. 6 para. 1 lit. f) GDPR). The interests are listed below:
- As it is in our interest to ensure the security of our systems, we regularly carry out security and effectiveness tests in the course of which your above-mentioned data may be processed.
- Should a security incident occur in our company in which your data is affected, we may be obliged to report the case to the data protection supervisory authority responsible for us (Art. 33 GDPR). As it is in our legitimate interest to comply with this statutory reporting obligation as quickly as possible, it is possible that your personal data may be processed as part of the investigation of the relevant security incident. The reports of these security incidents to data protection supervisory authorities do not contain any of your personal data.
- We carry out audits, internal audits and other control measures (e.g. monitoring by the data protection officer), as it is in our legitimate interest to comply with legal regulations, to create transparency about our business processes, to constantly optimize these processes and to prevent and identify actions that are detrimental to our business. This may involve processing documents or files that contain your personal data.
- We carry out internal and external audits to obtain and maintain certifications and to meet customer requirements and quality standards. Furthermore, our customers or sponsors carry out their own audits. Documents and files containing personal data may also be processed in the process.
- We process your data for the purposes of managing our company, identifying and tracking financial risks, bundling sales activities and fulfilling (contractual) obligations to our customers. For this purpose, the processed data is analyzed for reports. The processing is carried out to safeguard our legitimate interests in corporate and sales management and to fulfill our obligations to our customers.
- We use tax consultants to fulfill our obligations under tax law. We also use auditors to fulfill our obligation under commercial law to audit the annual financial statements in accordance with Section 316 para. 1 HGB (German Commercial Code). It is also in our interest to cooperate with auditors from the tax authorities and to provide evidence of proper invoicing and the annual financial statements. The documents considered, such as receipts and invoices, may contain your personal data.
- As it is in our interest to resolve legal disputes, we process your data for a specific purpose in such a case. It is also in our interest to retain evidence in the event of legal disputes until all relevant statutory limitation periods pursuant to Sections 195 et seq. BGB have expired. For this purpose, we retain the relevant data about you in accordance with these limitation periods. The deletion periods cannot be predicted as a general rule, as they depend on the respective subject matter of the dispute and the corresponding statutory limitation period, which can be up to 30 years. The regular limitation period is 3 years.
- In addition, it is in our interest to investigate suspicious cases and to pass on relevant information to law enforcement authorities in the event of concrete criminal suspicion.
- Errors can happen to anyone and occur in any operational process. In order to optimize these processes and reduce our error rate, we process the data available in our company to identify sources of error. This processing is carried out to protect our legitimate interest in improving our processes.
- We process your data to test IT systems and software products and to carry out migrations. The processing is carried out to fulfill our legitimate interest in checking the correctness of new products or the correctness and completeness of migrations.
- We keep a blacklist of former customers or prospective customers with whom we no longer wish to enter into a business relationship. The reasons include, for example, repeated payment defaults and behavior that breaches the contract, is fraudulent or detrimental to business. The processing is carried out to protect our legitimate interest in the context of contractual freedom to protect our company from financial loss or damage to our reputation.
Deletion periods (or storage period)
Once a contract has been concluded, billing-related data will be deleted after 10 years in accordance with the statutory retention periods of the German Fiscal Code (AO) and the German Commercial Code (HGB). The period begins with the annual financial statements of the calendar year to which the respective entry is allocated.
Otherwise, your data will be deleted one year after termination of the contract. The period then begins at the end of the calendar year in which the contract ended, e.g. on 31.12.2022 if the contract ended on 27.07.2022.
If no order is placed, your data will be deleted after one year as soon as sales are no longer expected to be successful.
In order to safeguard our legal positions and the associated preservation of evidence, storage may be necessary until the expiry of the limitation periods pursuant to Sections 195 et seq. BGB, the retention periods contained therein can be up to thirty years. The regular limitation period is three years.
Which bodies receive your data?
The following list shows which organizations ("data recipients") receive your data and in which cases. You can read about the specific data involved in the relevant sections of this declaration. Your data is sometimes passed on due to legal or contractual obligations. In other cases, we use selected vicarious agents and service providers who work for us as processors (in accordance with Art. 28 GDPR) and may be granted access to your data to the extent necessary. Processors are subject to numerous contractual obligations and, in particular, may only process your personal data on our instructions and exclusively for the fulfillment of the orders received from us.
- Auditors
- Credit agencies
- Banks, payment service providers
- Call Center
- Data Protection Officer
- Service provider for the destruction of files and data carriers
- Service provider for printing, lettershops
- Service provider for customer surveys
- Service provider for sanctions list checks
- E-mail provider of the recipient
- Tax authorities
- Courts, lawyers, contractual partners, consultants, business partners, law enforcement authorities, opposing lawyers, state or federal criminal investigation office (in the context of legal disputes or in the event of specific criminal suspicion)
- Debt collection service provider
- IT service provider
- Suppliers
- Tax consultant
- Telecommunications service provider
- Affiliated companies
- Shipping service provider
- Auditor
- Customs authorities
Transfer of your data to a third country outside the EU
Our IT service providers have affiliated companies or subcontractors outside the EU that can access your data. The EU Commission determines which non-EU/EEA countries (third countries) have an adequate level of data protection. Our service provider is responsible for the use of EU standard contractual clauses in accordance with Commission Decision No. (EU) 2021/914. A sample of these EU standard contractual clauses can be found on the website of the EU Commissioner for Justice and in the Official Journal of the EU.
Your rights
You have the legal right to:
- Information about the personal data stored about you (Art. 15 GDPR)
- Correction and completion of your data available to us (Art. 16 GDPR)
- Erasure (Art. 17 GDPR)
- Restriction of processing (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
- Revocation of consent given (Art. 7 GDPR) with effect for the future. The lawfulness of the data processing carried out up to the time of withdrawal remains unaffected.
- You also have the right to express your point of view and to challenge a decision based on automated processing (Art. 22 GDPR).
- You have the right to object to the processing of your data to protect our legitimate interests or the legitimate interests of third parties (Art. 21 GDPR) - You have the right to object to such processing at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions within the meaning of Art. 4 para. 4 GDPR.
- Objection to direct marketing - You have the right to object to the processing of your data for the purpose of direct marketing at any time and without giving reasons.
To exercise these rights, you can contact us using the contact details above.
You also have the statutory right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).