Data protection notice for business partners / suppliers
The EU General Data Protection Regulation obliges us to provide you with comprehensive information on the processing of your personal data. In accordance with this obligation, we inform you of the following:
I. Data processors
I.1. Data protection officers
Hotel Fischerwiege GmbH & Co. KG
Schifferberg 9a, 18347 Ostseebad Ahrenshoop
Tel .: 038220 / 606-0
Fax: 038220 / 606-301
Email: info [at] hotel-fischerwiege.de
I.2. External data protection officer
Attorney Axel Keller / Attorney Susann Harder
At campus 1 – 11, 18182 Rostock-Bentwisch
Tel .: 0381 – 649 210
Email: dsb-nord [at] ecovis.com
web: www.ecovis.com/datenschutzberater
II. Processing framework
II.1 Categories of personal data that are processed
As part of our business relationship and depending on the specific purpose for which we collect your data, we regularly process personal data even if you are a legal person. This is the case, for example, if we collect data from people from the management, personal contacts of your company such as sales employees, key account managers or other people in departments of your company that are responsible for our business relationship.
We collect the following data or categories of data:
General:
- Function in the company
- Professional Activities
- Complaints / incidents
- Identification data
- Address data
- Contact details
II.2. Source of personal data
We generally collect your data in direct contact with the person concerned. However, it is also conceivable that you provide us with data from people who are responsible for us in your company.
II.3. Duration of data storage
The personal data we collect will be stored in accordance with our deletion concept until the statutory retention period expires and then deleted, unless, in accordance with Article 6 (1) sentence 1 lit. c GDPR due to tax and commercial law retention and documentation obligations (from HGB, StGB or AO) there is an obligation to store the data for a longer period of time or you are required to store it in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR.
Subject to such retention requirements, data will be deleted if the purpose for which it was collected no longer applies.
To the extent permitted by law, data will also be saved if this is necessary to assert or defend against legal claims.
II.4. Purposes of processing
Purposes of processing your data
- the handling of a business relationship between us, including communication between us, in particular for handling payment transactions, accounting and the fulfillment of the contractual obligations between us.
II.5. Legal basis for processing
We only process your data if there is a legal basis for this. According to Art. 6 Para. 1 GDPR, this is the case if at least one of the following conditions is met
- processing is necessary for the performance of a contract to which you are a party or for the implementation of pre-contractual measures that are carried out at your request;
- processing is necessary to fulfill a legal obligation to which we are subject;
- processing is necessary to safeguard our legitimate interests, unless your interests or fundamental rights and freedoms that require the protection of personal data outweigh them.
II.6. Legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR
Our legitimate interests – or those of a third party – come, for example
- the existence of a legal relationship between us;
- fraud prevention;
- Measures to ensure and improve the security of IT systems;
- Measures to protect our company against illegal acts and
- internal administrative purposes, in particular the exchange of data within our group of companies into consideration.
II.7. Legal or contractual obligation to provide the data
There may be an obligation to provide data
- in the cases of para. 2.5 lit. b. result from a contract that you have concluded with us and for the fulfillment of which the data collection is used;
- in the cases of para. 2.5 lit. c. result from the legal regulations that affect us, or – according to Art. 6 Para. 2 and 3 GDPR – the law of the European Union or the law of the member states of the European Union;
- in the cases of para. 2.5 lit. d. and e. result from general assistance or contractual ancillary obligations that are not specifically tailored to data collection, such as the regulations on failure to provide assistance in Section 323c of the Criminal Code.
II.8. Necessity of providing the data for a contract
The data we collect is generally mandatory for the establishment and processing of a business relationship, including the fulfillment of the resulting obligations.
II.9. Other obligation to provide the data
There is generally no other obligation to provide the data.
II.10. Possible consequences of not providing
The non-provision of personal data by persons working for your company usually only means that communication between us is made considerably more difficult or – for example in the area of communication via email – would be impossible.
II.11. Existence of automated decision making (including profiling)
We do not use automated monitoring or evaluation systems.
III. Passing on and foreign reference
III.1. Recipients or categories of recipients of the personal data
The data we collect will be passed on to other recipients and third parties in compliance with the legal regulations. These are in particular:
Internal recipient:
- Managing directors
- Accounting / bookkeeping
- Purchasing / procurement
- Head of department
External recipient:
- Tax consultant
- Financial management
- Lawyer
- External data processors (so-called contract processors)
External data processors can be, for example, those in the areas of archiving, maintenance and care of the IT systems or the company website or marketing. These are generally processors within the meaning of Art. 4 No. 10 GDPR, so that the processing of the data by them does not constitute a transmission within the meaning of Art. 4 No. 2 GDPR.
III.2. The controller’s intention to transmit personal data to a third country or an international organization
No such transmission is intended.
III.3. Presence or absence of an adequacy decision by the Commission
Does not apply.
III.4. Reference to suitable or appropriate guarantees
Does not apply
IV. Your rights
IV.1. As a data subject, you have various rights under the General Data Protection Regulation.
These are:
- the right to information about the data we have stored about you (Art. 15 GDPR)
- the right to correct incorrect data (Art. 16 GDPR)
- the right to delete the data if there is no legal basis for further storage (Art. 17 GDPR)
- the right to restrict the processing of data to specific purposes (Art. 18 GDPR)
- the right to data portability (Art. 20 GDPR) and
- the right to object to the processing of your data (Art. 21 GDPR).
If the processing of your data is based on consent (see Section 2.5 lit. a), you have the right to withdraw the consent you have given at any time. The legality of the processing carried out on the basis of the consent given until the revocation is not affected by the revocation.
Separate information about the right to object according to Article 21 GDPR
According to Art. 21 Para. 1 GDPR, you have the right, for reasons that arise from your particular situation, at any time against the processing of personal data concerning you, which is based on Art. 6 Para. 1 letter f of the GDPR (processing to protect the legitimate interests of the responsible body or a third party) to object.
If you file an objection, we will no longer process your personal data, unless we can demonstrate compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If processing is carried out in order to carry out direct advertising, you have the right under Article 21 (2) GDPR to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is connected to such direct advertising.
In addition, according to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your data violates data protection regulations.
The supervisory authority responsible for us is:
The State Commissioner for Data Protection and Freedom of Information Mecklenburg-Vorpommern
Schwerin Castle, Lennéstraße 1,
19053 Schwerin
Telephone: +49 385 59494 0
Fax: +49 385 59494 58
eMail: info [at] datenschutz-mv.de
web: www.datenschutz-mv.de; www.informations Freiheit-mv.de
https://www.datenschutz-mv.de/kontakt/kontaktformular/
IV.2. Finally, you have the right to contact our data protection officer at any time.
This is obliged to maintain confidentiality with regard to your request, as far as the processing of your data is concerned.
You can reach our data protection officer using the contact details given in section 1.3.
As of May 24, 2018