pursuant to Article 13 GDPR Rübig GmbH & Co KG
Since 25/05/2018, the EU General Data Protection Regulation (‘GDPR’) has been directly applicable and the Austrian Data Protection Act (‘DSG’) has come into force. The entry into force is also associated with extended information obligations. Accordingly, we as Rübig GmbH & Co KG, Schafwiesenstraße 56, A-4600 Wels (therefore the data controller according to the GDPR), would like to inform you about the data processing carried out by us with regard to the data of our business partners.
In the context of our business relationship, it is essential that personal data about business partners (i.e. customers, suppliers, interested parties and other business partners) are processed. These data are used by us in compliance with the EU Data Protection Regulation (GDPR) for the following purposes:
In the context of cooperation with business partners (these are customers, suppliers and other business partners), we process personal data for the following purposes:
The following data are processed by us in this regard:
The processing of personal data is necessary for the above-mentioned purposes, including the fulfilment of a contractual relationship or a pre-contractual activity relating to the business partner. The legal basis for the data processing is Article 6(1)(a) (if consent has been given) or Article 6(1)(b) and (f) GDPR:
Within the scope of the legal permission and insofar as it is necessary for the fulfilment of the contract, personal data will be passed on to other group companies or courts, authorities, law firms or other business partners (such as shipping or logistics partners for the execution and processing of orders) for the above purposes.
In addition, we commission processors (service providers) with the processing of personal data (for example within the framework of an IT support contract). These processors are contractually obliged to comply with the provisions of data protection law.
The recipients described may be located in countries outside the European Union (‘third countries’), in which the applicable law does not guarantee the same level of data protection as within the EU. In this case, data will only be transferred in accordance with the legal requirements if an adequacy decision has been issued by the European Commission for the third country, appropriate guarantees have been agreed with the recipient, the recipient participates in an approved certification system, binding internal data protection regulations exist in accordance with Article 47 of the General Data Protection Regulation or an exception exists in accordance with Article 49 of the General Data Protection Regulation.
As part of our customer care and marketing activities, we use personal data to initiate business with prospective or existing customers regarding our own range of products or services.
Marketing includes customer relationship management, the implementation of customer and prospect letters such as newsletters, the organisation of events and the implementation of other advertising campaigns.
The following data are processed by us in this regard:
Data are not transferred to third parties. In addition, we commission processors (service providers) with the processing of personal data. These processors are contractually obliged to comply with the provisions of data protection law.
The data will be kept until the end of the third year after the last contact with us.
We conduct seminars / training courses on various topics for employees of our customers or interested parties either at our premises or at the premises of the customer / interested party. For the implementation of these continuing education events, lists of participants are kept and certificates and confirmations of participation are issued for the participants.
The following data are processed by us in this regard:
Certificates and training attendance are transmitted directly to the client within the scope of contract fulfilment pursuant to Article 6(1)(b) GDPR.
Participant data are deleted 3 years after the end of a training course. Insofar as data must be retained for the billing of the controller’s services in accordance with tax and/or commercial law requirements, deletion will only take place after the expiry of these periods.
If a judicial or extrajudicial dispute arises in connection with a visit to our website, or if a request is made to the management by a court of law or an authority to disclose personal data of visitors, the personal data required for the appropriate prosecution of legal claims will be passed on to lawyers, courts and authorities and stored in any case for the duration of the appropriate prosecution.
Unless an explicit storage period is specified in the above-mentioned description of the individual processing activities or in the course of the collection of data (e.g. in the context of a declaration of consent), personal data will be deleted insofar as they are no longer required to fulfil the purpose for which they were stored and no legal storage obligations (e.g. storage obligations under commercial and tax law) or the assertion of legal claims stand in the way of deletion.
You have the right
If the processing of your data is based on your consent, you have the right to revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation. To ensure an efficient response to such requests, we ask you to contact us at datenschutz[at]rubig[dot]com , in which case we will always ask you to provide proof of your identity, for example by sending an electronic copy of your ID.
In addition, you have the right to lodge a complaint with the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, dsb[at]dsb.gv[dot]at.