Privacy policy for business partners, customers, and their contact persons

1. Controller

The Con­trol­ler for your per­son­al data is Hirschmann Car Com­mu­nic­a­tion GmbH, Stut­tgarter Str. 45–51, 72654 Neck­ar­ten­z­lin­gen, Germany.

2. Legal basis and purposes for the processing of your personal data

We only process your data if per­mit­ted by law, if we are legally obliged to do so, or if you have vol­un­tar­ily given your express consent to data pro­cessing.

Data processing for the performance of contracts:

The pro­cessing of your per­son­al data may result from the imple­ment­a­tion of pre-con­trac­tu­al meas­ures pre­ced­ing a con­trac­tu­ally reg­u­lated busi­ness rela­tion­ship or from the ful­fill­ment of oblig­a­tions arising from a con­tract con­cluded with you. This may include, for example, the pro­cessing of pur­chase orders, deliv­er­ies, or pay­ments, or the cre­ation of and response to requests for quo­ta­tions from indi­vidu­als, in order to determ­ine the basis or con­di­tions of a con­trac­tu­al rela­tion­ship (Art. 6 (1) (b) GDPR).

Data processing based on legal obligations:

In addi­tion, the Con­trol­ler (see section 1) is subject to various legal oblig­a­tions that may require the pro­cessing of your per­son­al data (Art. 6 (1) © GDPR). These legal oblig­a­tions may arise, for example, from tax, com­mer­cial, foreign trade, or sanc­tions reg­u­la­tions.

Data processing based on a legitimate interest:

In addi­tion, your per­son­al data may be pro­cessed to safe­guard legit­im­ate interests (Art. 6 (1) (f) GDPR). Legit­im­ate interests include, in par­tic­u­lar, the con­clu­sion or per­form­ance of con­tracts and other busi­ness rela­tion­ships with our busi­ness part­ners, sup­pli­ers, or inter­ested parties for whom you may act as a rep­res­ent­at­ive or employ­ee.

Fur­ther­more, legit­im­ate interests include intern­al admin­is­trat­ive pur­poses (e.g., for account­ing and payment pro­cessing) or ensur­ing IT secur­ity and IT oper­a­tions, as well as con­duct­ing com­pli­ance invest­ig­a­tions, ensur­ing build­ing and facil­ity secur­ity, or assert­ing, exer­cising, or defend­ing legal claims, and extern­al com­mu­nic­a­tion (e.g., video con­fer­en­cing systems).

Sanc­tions list checks also ensure that Hirschmann Car Com­mu­nic­a­tion GmbH does not provide any fin­an­cial resources to listed persons (imple­ment­a­tion of denied party screen­ing).

A large number of inter­na­tion­al legal reg­u­la­tions require Hirschmann Car Com­mu­nic­a­tion GmbH as a company to screen current and future busi­ness part­ners (Busi­ness Partner Screen­ing (BPS)). In order to comply with such com­pli­ance reg­u­la­tions, we have imple­men­ted a process that enables in-depth BPS, which works by com­par­ing various sanc­tions lists. In addi­tion, we can use reports from credit agencies/rating agen­cies and ana­lyses from media screening/news alerts. The PBS pro­ced­ure is largely required by law and neces­sary in order to con­clude a con­tract with Hirschmann Car Com­mu­nic­a­tion GmbH, as we must avoid poten­tial risks, damage, and losses.

Data processing based on your consent:

In addi­tion, the pro­cessing of your per­son­al data may be based on your vol­un­tary consent within the meaning of Art. 6 (1) (a) GDPR. Under no cir­cum­stances will we pass on your data to unau­thor­ized third parties. You can revoke your consent at any time with effect for the future in accord­ance with Art. 7 (3) GDPR. If we process your per­son­al data on the basis of your consent, we will inform you of this again in detail.

3. Data categories

The types of per­son­al data pro­cessed from our busi­ness part­ners, which include both sup­pli­ers and cus­tom­ers in the strict sense, include in par­tic­u­lar master data (first name, last name, func­tion, company iden­tity) and contact details (busi­ness address, tele­phone numbers, fax number, and email address) of the contact person respons­ible for us, etc.

In addi­tion, we process the agree­ments made within the frame­work of the con­trac­tu­al rela­tion­ship (com­mu­nic­a­tion history, con­trac­tu­al agree­ments, prices, nego­ti­ated goods, ser­vices, order history, and asso­ci­ated offers and orders).

The per­son­al data of you or your employ­ees is usually col­lec­ted dir­ectly from you per­son­ally during the offer or con­tract con­clu­sion phase or during the ongoing busi­ness rela­tion­ship, or is provided by your employ­er (who has a busi­ness rela­tion­ship with the Con­trol­ler) within the frame­work of the busi­ness rela­tion­ship for the purpose of its imple­ment­a­tion.

The data relat­ing to the history of the busi­ness rela­tion­ship (com­mu­nic­a­tion, con­tract details, contact persons, author­ized rep­res­ent­at­ives, etc.) is col­lec­ted in the course of the joint busi­ness rela­tion­ship and stored in our cus­tom­er man­age­ment system (CRM).

To ensure IT secur­ity, we also collect your usage data (e.g., log data).

In certain cir­cum­stances, this per­son­al data is also col­lec­ted from other sources due to legal require­ments or a legit­im­ate interest. This includes, in par­tic­u­lar, event-related queries from credit agen­cies regard­ing eco­nom­ic reli­ab­il­ity. In most cases, however, this inform­a­tion relates to the company with which a con­trac­tu­al rela­tion­ship exists and not to natural persons, unless you your­self are dir­ectly our busi­ness partner and act and operate under your own name (e.g., as a registered mer­chant or as a natural person on your own account).

4. Recipients of your personal data

Your data will only be passed on to third parties outside the Con­trol­ler if you have expressly con­sen­ted to the trans­fer in advance or if we are obliged to do so by law. The legal basis for this data pro­cessing is Art. 6 (1) (a) GDPR in the case of consent or Art. 6 (1) © GDPR in the case of a legal oblig­a­tion.

In addi­tion, data is pro­cessed on our behalf by service pro­viders. These are care­fully selec­ted and con­trac­tu­ally bound in accord­ance with Art. 28 GDPR.

5. Data transfer to third countries

If we trans­fer per­son­al data to recip­i­ents outside the European Eco­nom­ic Area (EEA), the trans­fer will only take place if the third country has been con­firmed by the EU Com­mis­sion as having an adequate level of data pro­tec­tion, an adequate level of data pro­tec­tion has been agreed with the data recip­i­ent (e.g., by means of EU stand­ard con­trac­tu­al clauses), or you have given us your consent in accord­ance with the pro­vi­sions of Art. 49 GDPR.

6. Retention period

Per­son­al data will be retained for as long as neces­sary to fulfill the above-men­tioned pur­poses or as long as there are legal or con­trac­tu­al reten­tion oblig­a­tions.

7. Your rights as a data subject

As a data subject, you have the right to obtain inform­a­tion about your per­son­al data, to have inac­cur­ate data cor­rec­ted, or to have data deleted if one of the reasons spe­cified in Art. 17 GDPR applies, e.g., if the data is no longer required for the pur­poses pursued. You also have the right to restrict pro­cessing if one of the con­di­tions spe­cified in Art. 18 GDPR applies and, in the cases spe­cified in Art. 20 GDPR, the right to data port­ab­il­ity. If data is col­lec­ted on the basis of Art. 6 (1) (f) GDPR, the data subject has the right to object to the pro­cessing at any time for reasons arising from their par­tic­u­lar situ­ation. We will then no longer process your per­son­al data unless there are demon­strable com­pel­ling reasons for the pro­cessing that out­weigh the interests, rights, and freedoms of the data subject, or the pro­cessing serves to assert, exer­cise, or defend legal claims.

Every data subject has the right to lodge a com­plaint with the super­vis­ory author­ity if they believe that the pro­cessing of data con­cern­ing them viol­ates data pro­tec­tion reg­u­la­tions. The right to lodge a com­plaint can be exer­cised in par­tic­u­lar with a super­vis­ory author­ity in the Member State of your place of res­id­ence, your place of work, or the place of the alleged infringe­ment.

8. Contact details of the data protection officer

Our extern­al data pro­tec­tion officer is avail­able to provide you with inform­a­tion on data pro­tec­tion at the fol­low­ing email address: office@datenschutz-sued.de

When con­tact­ing our data pro­tec­tion officer, please specify Hirschmann Car Com­mu­nic­a­tion GmbH in the subject line.