Our handling of your data and your rights – information according to articles 13, 14 and 21 of the EU data protection basic regulation (DSGVO)
With the following information we would like to give you as our customer or interested party an overview of the processing of your personal data by us. The establishment of good, successful, and long-term business relationships depends largely on trust. We would like to show you that we treat your data with respect by explaining clearly and comprehensibly why we collect, use, and protect your personal data.
This data protection information is updated from time to time.
Who is responsible for data processing?
Responsible according of the DSGVO is our company:
You can reach our external data protection officer:
Type of personal data collected
We process the following personal data, received from customers and interested parties within the scope of our business relationship:
- Company name with legal form and address
- Title and name, position, or field of activity
- Telephone and fax numbers, e-mail addresses
- Billing information, transaction history and financial information
We process personal data in accordance with the provisions of the European Data Protection Basic Regulation (DSGVO) and the Federal Data Protection Act (BDSG).
For the fulfilment of contractual obligations (Art. 6 para. 1 letter b DSGVO)
The processing of data is carried out for execution of:
- Sales contracts for the products developed by us including the associated services (e.g. calibration)
- Our other contractual relationships
Due to legal requirements (Art. 6 para. 1 letter c DSGVO)
We are subject to various legal obligations that entail data processing. These include, for example
- the fulfilment of fiscal and financial control and reporting obligations
- compliance with trade regulations, including export controls
- the fulfillment of requests and requirements of authorities (e.g. supervisory authorities)
In the context of the balancing of interests (Art. 6 para. 1 f DSGVO)
As far as necessary, we process your data beyond the actual fulfilment of the contract to protect legitimate interests of us or third parties, for example
- to have a conversation with you
- to send you advertising or updates tailored to your needs or to draw your attention to special occasions
- to process your order effectively in our Customer Relationship Management (CRM) and in our Enterprise-Resource-Planning ERP systems of SHF
- securely process your payment transactions in financial accounting and banking programs
Who gets my data?
Within our company
- Sales department employees for the execution of the sales contract
- Staff of the financial department for financial management
- If necessary, further employees in the development or production department for contact with you on the respective contractual basis
Within the scope of order processing
Your data may be passed on to service providers who work for us as order processors in the main areas:
- Execution of imports and exports (e.g. customs authorities and export management service provider)
- Accounting and data destruction
All service providers are bound by contract and in particular are obliged to treat your data confidentially.
Other third parties
SHF will not lend or sell your personal data to third parties. Data will only be passed on to recipients outside SHF in compliance with the applicable data protection regulations. Recipients of personal data may be, for example:
- Carriers and transport companies
- Public bodies and institutions, such as the IHK (Chamber of Industry and Commerce) for obtaining certificates, financial and customs authorities due to legal or official obligations
- Credit and financial service providers (processing of payment transactions)
- Tax consultant or economic and wage tax and tax auditor (statutory audit mandate)
Is data transferred outside the European Economic Area?
A transfer can be considered if
- it is necessary for the implementation of the contractual relations,
- it is required by law (e.g. tax reporting obligations),
- you have given us your consent or
- this is authorized by the legitimate interest in data protection law and there are no higher interests of the data subject worthy of protection in conflict.
How long will my data be stored?
We process and store your personal data as long as this is necessary to fulfil our contractual and legal obligations. If the data is no longer necessary for the fulfilment of contractual or legal obligations, it is regularly deleted.
Exceptions are made where statutory storage obligations must be fulfilled, e.g. the German Commercial Code (HGB) and the German Fiscal Code (AO). The periods of retention or documentation specified there are usually six to ten years.
If the data processing is carried out in the legitimate interest of us or a third party, the personal data will be deleted as soon as this interest no longer exists. The exceptions mentioned above apply.
What data protection rights do I have?
You have the right to be informed under Article 15 DSGVO, the right to correction under Article 16 DSGVO, the right to deletion under Article 17 DSGVO, the right to restriction of processing under Article 18 DSGVO, the right to object under Article 21 DSGVO and the right to data transferability under Article 20 DSGVO.
In addition, there is a right of appeal to our data protection officer or the data protection supervisory authority (Article 77 DSGVO in conjunction with Article 19 BDSG). The supervisory authority responsible for us is
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Information on your right of objection under Article 21 of the Basic Data Protection Regulation (DSGVO)
Right of objection in individual cases
You have the right to object to the processing of your personal data on the basis of a balancing of interests (Article 6 paragraph 1 letter f DSGVO).
If you file an objection, we will carefully examine your request and not process the personal data further, unless we can prove compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
Recipient of an objection
The objection can be made in any form with the subject “Objection”, stating your name, address and date of birth, and should be addressed to:
or to our data protection officer: