INFORMATION OBLIGATIONS PURSUANT TO ART. 13 GDPR
Protecting your personal data is a special concern for us. We process your personal data (hereinafter referred to as "data") exclusively based on legal regulations. With this privacy policy, we aim to comprehensively inform you about the processing of your data in our company and your rights and claims under data protection law in accordance with Article 13 of the European General Data Protection Regulation (EU GDPR).
1. Who is responsible for data processing, and whom can you contact?
Responsible entity:
HA-BE Gehäusebau GmbH
Ottostraße 6
84051 Altheim
Represented by:
Managing Directors: Karl-Heinz Brunner, Brigitte Brunner, Claus Föckersperger
Contact
Phone: +49 8703 9345-0
Fax: +49 8703 9345-199
Email: info@habe.de
Data Protection Officer
Gerald Lill
Projekt 29 GmbH & Co. KG
Ostengasse 14
93047 Regensburg
Email: anfrage@projekt29.de
Phone: +49 941-2986930
2. What data is processed, and where does it come from?
We process data that we receive from you during contract initiation and execution, based on your consent, during your job application, or during your employment with us.
Personal data includes:
- Basic/contact data: For customers, this includes first and last name, address, contact details (email, phone, fax), and bank details.
- Applicants and employees: First and last name, address, contact details, date of birth, resume details, employment certificates, bank details, religious affiliation.
- Business partners: Information on legal representatives, company name, commercial register number, VAT ID, company number, address, and contact details (email, phone, fax) of responsible persons, bank details.
We also process other personal data, including:
- Contract data, order details, revenue and transaction data, customer and supplier history, and advisory documents.
- Marketing and sales data.
- Information from electronic communication with us (e.g., IP address, login data).
- Other data obtained through business interactions, such as customer needs and potential analyses.
- Documentation of consent to receive newsletters or other information.
3. For what purposes and on what legal basis is the data processed?
We process your data in accordance with the provisions of the GDPR and the German Federal Data Protection Act (BDSG 2018).
Legal bases include:
- To fulfill (pre-)contractual obligations (Art. 6(1)(b) GDPR): Processing is required for contract execution, either online or in one of our branches, as well as for handling your employment in our company.
- To comply with legal obligations (Art. 6(1)(c) GDPR): Processing may be necessary to meet legal requirements, such as those from the Commercial Code or Tax Code.
- To protect legitimate interests (Art. 6(1)(f) GDPR): We may process data beyond contractual obligations based on a balancing of interests, e.g., for marketing, business development, customer service improvement, or legal enforcement.
- Based on your consent (Art. 6(1)(a) GDPR): If you have given us consent for specific processing purposes, such as receiving newsletters.
4. Processing of personal data for advertising purposes
You can object to the use of your personal data for advertising purposes at any time without incurring costs other than transmission costs according to basic tariffs.
Under the legal provisions of § 7(3) UWG (German Unfair Competition Act), we are entitled to use your email address for direct advertising of similar products or services if you provided it during contract conclusion. This applies regardless of whether you subscribed to a newsletter. You can opt out of such communications at any time. Each email contains an unsubscribe link.
5. Who receives my data?
If we use a service provider as a data processor, we remain responsible for protecting your data. Processors are contractually obligated to treat your data confidentially and process it only as required. Recipients may include IT service providers, marketing agencies, or customer service teams.
Data is stored in our customer database to improve data quality and enrich information from public sources. These records may be shared within our corporate group where necessary for contract execution.
Authorities, courts, auditors, banks, insurers, credit agencies, and service providers may also receive your data if required by law or contract.
6. How long is my data stored?
We process your data for as long as necessary for the business relationship or applicable legal retention periods (e.g., from the Commercial Code, Tax Code, or Employment Law). Additionally, data may be stored until the resolution of potential legal disputes.
7. Are personal data transferred to a third country?
Generally, we do not transfer data to third countries. If such a transfer occurs, it will be based on an adequacy decision by the European Commission, standard contractual clauses, appropriate safeguards, or your explicit consent.
8. What are my data protection rights?
You have the right to:
- Access: Request confirmation on whether and to what extent we process your data.
- Rectification: Request correction or completion of inaccurate or incomplete data.
- Erasure: Request deletion of unlawfully processed data unless legal retention obligations prevent this.
- Restriction of processing: Request restriction of processing under certain conditions, e.g., if you contest data accuracy.
- Data portability: Receive your data in a structured, commonly used, machine-readable format or have it transmitted to another controller.
- Objection: Object to data processing based on legitimate interest unless we demonstrate compelling reasons overriding your interests. You can always object to data processing for direct marketing.
- Complaint: If you believe we have violated data protection laws, you can contact us or a relevant supervisory authority.
If you wish to exercise any of these rights, please contact our Data Protection Officer. Additional verification may be required to confirm your identity.
9. Am I obligated to provide data?
Providing data is necessary for concluding or fulfilling a contract. Without this data, we may not be able to establish or continue a contractual relationship. You are not required to consent to processing non-essential data.