Privacy Note for Customers/Suppliers/Service Providers pursuant to the European General Data Protection Regulation (GDPR)

The information hereinafter set forth provides you with an overview of the processing of your personal data by our company and the rights arising for you from the GDPR.

1. Data processing controller and data protection officer

Data processing controller is (“Company”, “we”):

ELG Haniel GmbH
Kremerskamp 16, 47138 Duisburg, Germany
Phone. +49 203 - 4501-0
Fax +49 203 - 4501-251

The controller’s data protection officer is:

2B Advice GmbH
Joseph-Schumpeter-Allee 25, 53227 Bonn

Tel.: +49 228-926165-120
Telefax: +49 228-926165-109


2. Data sources and nature of the use of personal data

We process personal data which we receive from you within the scope of our business relationship in your capacity as representative/authorised representative of the legal entity, as interested party and/or as customer/supplier/service provider. Personal data will be generated by ourselves and yourself during the stage of initial business contact and during the business relationship. Such data mainly relate to the responsible contact partner at your company and, if applicable, the company management (managing directors, board of management). Personal data generated regularly are:

name, first name, address, function, telephone number, fax number, mobile number, email address, account data.

Furthermore, we process personal data which we have been permitted to collect from publicly accessible sources (e.g. land registers, commercial registers, the press, media, internet) and may process.

3. Purpose and legal basis of data processing

Your personal data will be processed pursuant to applicable data protection provisions, especially the GDPR and the Bundesdatenschutzgesetz (BDSG) [German Federal Data Protection Act].
Specifically, this is for the following purposes and according to the following legal bases:

a) Based on your consent pursuant to Art. 6 (1) sentence 1 a) GDPR

If you have given us your consent to processing for specific purposes, the lawfulness of this
processing exists based on your consent. The scope and purpose of data processing is described in the corresponding declaration of consent provided to you.

b) To comply with contractual obligations pursuant to Art. 6 (1) sentence 1 b) GDPR

Personal data are processed for reasons of handling contracts and orders, especially for transport management, for mediation of freight to logistics companies and for administration of customs and foreign trade matters. Please refer to the respective contract documents and our general terms and conditions for further information on personal data processing.

c) To comply with legal requirements pursuant to Art. 6 (1) sentence 1 c) GDPR

We are subject as a company to diverse legal requirements regarding compliance with control and notification obligations under tax law. To ensure compliance with such requirements, personal data within the scope of initial business contact and handling are processed in accordance with legal requirements.

d) Within the framework of the balancing of interests pursuant to Art. 6 (1) sentence 1 f) GDPR

We process your data beyond the actual fulfilment of the contract to safeguard legitimate interests of ourselves or third parties:
- ensuring IT security and IT operations in the company
- preventing criminal offences
- safeguarding claims and for defence in the case of legal disputes
- using credit agencies to determine credit-worthiness or to minimise the default risk

4. Who receives my data?

Bodies requiring access to your personal data to comply with contractual and legal obligations will have access to them. If service providers and vicarious agents are also involved in the data processing, this will only be possible if we mandatorily comply with the legal obligations prescribed for this in the GDPR and BDSG and the requirements for the handling of personal data.

5. Are my personal data transmitted to a “third country”?

Your personal data will be transmitted to countries outside the EU resp. EEA in principle only if you have given your consent for this to us or this is a necessary condition for the implementation of a contract. Service providers from third countries can be used within the scope of commissioned data processing if they bind themselves in writing to the EU model clauses in compliance with the EU level of data protection.

6. How long will my data be stored?

Your personal data will be processed and stored for as long as necessary to fulfil our contractual and statutory obligations. After fulfilment of the contractual and statutory obligations, the personal data will always be erased. Exceptions to this are:
- Compliance with retention periods under commercial and tax law. Periods for this are between two and ten years.
- Preservation of evidence within the scope of the statute of limitations. Pursuant to Sections 195 et seq. of the Bürgerliches Gesetzbuch [German Civil Code], these limitation periods can be up to thirty years. The regular limitation period here is three years to the end of the year.

7. Which data protection rights can I exercise as customer/supplier/service provider?

You have the following rights vis-à-vis ourselves with regard to personal data concerning yourself
(Art. 15 et seq. GDPR):
- right to access
- right to rectification or erasure
- right to restriction of processing
- right to object to processing
- right to data portability

The restrictions of Sections 34 and 35 BDSG apply to the right to access and right to erasure.

There is furthermore a right to lodge a complaint with a supervisory authority on data protection pursuant to Article 77 GDPR.

You can revoke consent given by you to the processing of personal data at any time vis-à-vis ourselves. This also applies to consent which has been given prior to the 25 May 2018 (validity of the European General Data Protection Regulation). Revocation will only have effect in the future. This will not affect the processing of personal data before revocation is pronounced.

8. Obligation to provide data

Data requested by us within the scope of the business relationship and to comply with contractual obligations must be provided. Data which we have to collect based on statutory provisions must also be provided. If such data are not provided, we must refuse you as contracting partner resp. cancel any existing contractual relationship.

Last updated: May 2018