Privacy policy for business customers and suppliers

The controller within the meaning of the GDPR for the data processing described in this privacy policy is

codecentric AG
Hochstraße 11, 42697 Solingen
Phone: 0212/23 36 28 0
Email: datenschutz@codecentric.de
You can reach our data protection officer at
datenschutz@codecentric.de

We primarily process personal data that the data subjects provide to us themselves in the context of contractual and business relationships or their initiation or that we receive from the respective contractual and business partners (e.g. from your colleagues with whom we are already in contact), for example in the context of processing an inquiry or an order. We also process personal data that we collect from publicly accessible sources (e.g. commercial register, press, internet) or receive from third parties (e.g. credit agencies, business partners). We will make separate reference to the collection of personal data from third-party sources.

Relevant personal data includes in particular personal details (e.g. surname, first name, address, title, bank details, invoice address, tax number/USt ID) and other contact details (e.g. telephone number, email address). In addition, this may also include contract or order data (e.g. sales data, volumes, planned quantities), data from the fulfillment of our contractual duties, information about your financial situation (e.g. creditworthiness data), personal data (e.g. business interests, profession, industry, position, tasks and powers) and other data comparable to the categories mentioned.

The scope of the data processed about a person varies depending on the function in which the person appears to us, such as the position they hold with the respective business partner.

3.1

We process personal data for the following purposes or to pursue the following legitimate interests, in each case on the basis of the following legal bases:

3.2

In addition, we process your data to protect our legitimate interests (Art. 6 para. 1 lit. f GDPR) in the assertion and defense of legal claims and the conduct of market research.

3.3

Further data processing is carried out on the basis of legal requirements (Art. 6 para. 1 lit. c GDPR): for example, to fulfill tax and other legal control and reporting duties, as well as audits by tax or other authorities and to comply with legal withholding periods.

Under certain circumstances (in addition to the cases already mentioned above), your personal data may be passed on for the above purposes

4.1

If it is necessary for the investigation or prosecution of unlawful or abusive incidents, personal data will be forwarded to our legal advisors, the law enforcement authorities and, if necessary, to injured third parties. However, this only happens if there are concrete indications of unlawful or abusive behavior. Disclosure may also take place if this serves to enforce contractual provisions between us and our contractual and business partners.

4.2

We are also legally required to provide information to certain public bodies on request. These are primarily law enforcement authorities, authorities that prosecute administrative offenses subject to fines and the tax authorities.

4.3

If it is necessary for the processing of your request or the conclusion or implementation of a contractual or business relationship with you, as well as in the case of centralized or outsourced corporate functions, your data may be passed on to companies affiliated with us for the fulfillment of the above purposes.

4.4

In order to fulfill the purposes described in this Privacy Policy or to provide our services, we occasionally rely on contractually affiliated third-party companies or other cooperation partners and external service providers, such as brokers, logistics companies, IT service providers, business consultants and financial institutions, which may be based outside the EU or the EEA. In such cases, information is passed on to these companies or individuals to enable them to process the data further. To the extent that these are bodies outside the EU or the EEA, we ensure an appropriate level of data protection, for example by concluding corresponding contracts with the data recipient.

4.5

As part of the further development of our business, the structure of our company may change by changing its legal form or by founding, buying or selling subsidiaries, parts of companies or components. In such transactions, the Customer information is passed on together with the part of the company to be transferred. Whenever personal data is passed on to third parties to the extent described above, we ensure that this is done in accordance with this privacy policy and the relevant data protection laws.

We process your personal data for the duration of your employment with one of our business partners, but no longer than until the final termination of the respective business relationship between us and your employing company. We delete transaction-related information (e.g. relating to a specific contractual or order relationship) after completion of the respective transaction, e.g. fulfillment of a delivery contract, with a period of three years after the end of the respective calendar year, unless it is subject to longer statutory withholding duties (such as the six or ten-year withholding period pursuant to Article 257 of the Commercial Code)

6.1

You have the right to receive information about the personal data stored about you at any time. If the respective requirements are met, you are also entitled to the following rights:

Right to rectification: You have the right to have incorrect personal data concerning you rectified.

Right to erasure: You can also request the erasure of your personal data, for example if your data is no longer required for the purposes for which it was collected or otherwise processed.

Right to restriction of processing: You also have the right to request that the processing of your personal data be restricted; in such cases, the data will be blocked from any processing. This right exists in particular if the accuracy of the personal data is disputed between you and us.

Right to data portability: If we process your personal data to fulfill a contract with you or on the basis of your consent, you also have the right to receive your personal data in a structured, commonly used and machine-readable format, if and to the extent that you have provided us with the data.

Right to withdraw consent: If you have given us your consent to process your personal data, you can withdraw this at any time. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

Right to object: In addition, you can object to data processing on grounds relating to your particular situation. However, this only applies in cases where we process data to fulfill a legitimate interest. If you can present such a reason and we cannot assert a compelling interest worthy of protection in further processing, we will no longer process this data for the respective purpose.

6.2

If you would like information about the personal data stored about you, wish to assert your other rights or have questions about data protection with us, you can contact us using the above contact details.

6.3

You also have the right to lodge a complaint with a supervisory authority at any time, in particular with a supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes data protection regulations.

This privacy policy is valid as of May 2024.

The further development of our company may also have an impact on the handling of personal data. We accordingly reserve the right to change this data protection declaration in the future within the framework of the applicable data protection laws and, if necessary, to adapt it to changed data processing realities. We will inform you separately of any significant changes in content.