Information requirements for customers

Kurt Hüttinger GmbH & Co. KG hereby fulfils its legal obligation to provide information in accordance with the GDPR and informs you of the following:

Who is responsible for the processing at hand?

„Responsible party“ (as defined in Art. 4 No. 7 EU DS-GVO) is:

Kurt Hüttinger GmbH & Co. KG
Managing directors: Jörg Hüttinger, Axel Hüttinger
Mittelbügweg 90
90571 Schwaig bei Nürnberg

If you have any questions regarding data protection, please contact our data protection officer:

TÜV SÜD Sec-IT GmbH
Felicitas Berger
Ridlerstraße 57
80339 München
T: + 49 / (0)89 50084 657
felicitas.berger@tuvsud.com

What personal data is processed?

Kurt Hüttinger GmbH & Co. KG processes the data provided by you within the scope of the business relationship.

The types of data include:

  • Salutation, name, business address of the contact person
  • Contact details such as telephone number and e-mail address

For what purpose and on what basis do we process the data?

Collection and processing in the context of a business relationship:

Kurt Hüttinger GmbH & Co. KG collects and processes the above-mentioned personal data in the context of entering into and fulfilling contractual obligations. Through an existing business relationship (enquiry, offer, order, delivery), Kurt Hüttinger GmbH & Co. KG processes and stores contact data and information on business processes, at least for the duration of the business relationship. (Legal basis: Art. 6 para. 1 lit. b EU DS-GVO)

On the basis of legitimate interest:

Kurt Hüttinger GmbH & Co. KG has a legitimate interest to process personal data. (Legal basis: Art. 6 I lit. f EU DS-GVO)

On the basis of legal requirements:

Legal regulations oblige or entitle Kurt Hüttinger GmbH & Co. KG to process personal data. This can be, among other things, the assertion or defence of legal claims. (Legal basis: Art. 6 I lit. c. EU DS-GVO)

Does a transfer take place?

We only transfer your personal data to other recipients or grant other recipients access to your personal data if this is necessary for the respective purposes of processing this personal data or if we have entrusted other recipients with the fulfilment of individual tasks or services and access to this personal data is necessary or cannot be ruled out as a result. The categories of recipients of personal data are:

  • Internal departments involved in the execution of the respective business processes (e.g. purchasing, bookkeeping, accounting, HR, marketing, IT)
  • External service providers for the direct independent support of the respective business processes (e.g. courier or delivery service providers, tax consultants, auditors)

The transfer of your personal data to the above-mentioned recipients takes place: on the basis of your consent pursuant to Article 6 (1) (a) of the European Data Protection Regulation, insofar as this is necessary for the performance of a contract or the implementation of pre-contractual measures with you pursuant to Article 6 (1) (b) of the European Data Protection Regulation, on the basis of the legitimate interest of the controller pursuant to Article 6 (1) (f) of the European Data Protection Regulation or on the basis of order processing pursuant to Article 28 (1) of the European Data Protection Regulation.

In addition, your personal data will be transferred to state institutions or authorities if we are obliged to provide information within the scope of possible legal obligations to provide information or by official or judicial decision. Furthermore, your personal data will be transferred to state institutions or authorities if this is necessary for the prosecution of criminal offences against us as the injured party or for the assertion, exercise or defence of claims under civil law (legal basis for the processing of your personal data: Legitimate interest of the controller pursuant to Article 6(1)(f) European Data Protection Regulation, processing for other purposes by non-public bodies pursuant to Section 24(1) Federal Data Protection Act).

What is the storage period?

The storage period of personal data is determined by contractual, legal and procedural requirements. Personal data are only stored for as long as their knowledge is required for the fulfilment of the purposes of their respective processing. As a rule, this is the case for as long as it is necessary for the fulfilment of a contract with you. In addition, personal data relevant to tax law is generally stored for a period of 10 years, other personal data according to commercial law is generally stored for a period of 6 years.

Your personal data will be deleted after the corresponding storage period by means of a deletion concept.

What rights do you have as a data subject?

In the following, we would like to inform you about your rights as a data subject. You are entitled to the following rights with regard to the present processing:

a. Right to information

You have the right to request information from us at any time about the personal data we have processed about you within the scope of Art. 15 EU DS-GVO. To do this, you can send a request by post or email to the addresses given above.

b. Right to rectify inaccurate data

You have the right to request that we correct your personal data in question without delay if it is incorrect (Art. 16 EU DS-GVO). To do so, please contact us at the contact addresses given above.

c. Right to deletion

You have the right to the immediate deletion ("right to be forgotten") of your personal data concerned if the legal grounds pursuant to Art. 17 EU Data Protection Regulation exist. These are, for example, if the personal data are no longer necessary for the purposes for which they were originally processed or you have withdrawn your consent and there is no other legal basis for the processing; the data subject objects to the processing (and there are no overriding reasons for processing - this does not apply to objections to direct marketing). To exercise your above right, please contact us at the contact addresses above.

d. Right to restrict processing

You have the right to restrict processing if the conditions are met and in accordance with Article 18 of the EU Data Protection Regulation. Accordingly, the restriction of processing may be necessary in particular if the processing is unlawful and the data subject refuses to erase the personal data and instead requests the restriction of the use of the personal data or the data subject has objected to the processing pursuant to Article 21 (1) EU GDPR, as long as it has not yet been determined whether our legitimate grounds override theirs. To exercise your above right, please contact us at the above contact addresses.

e. Right to data portability

You have the right to data portability according to Art. 20 EU DS-GVO. In this context, you have the right to receive the data relating to you that you have provided to us in a common, structured and machine-readable format and to transfer this data to another controller, such as another service provider. The prerequisite for this is that the processing is based on consent or on a contract and is carried out with the help of automated processes. To exercise your above right, please contact us at the above contact address.

f. Right to object or withdraw

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out, inter alia, on the basis of Article 6 I lit. e or f EU DS-GVO, in accordance with Article 21 EU DS-GVO. We will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. To exercise your above right, please contact us at the above contact addresses. Furthermore, you have the right to revoke your consent at any time, Art.7 III EU DS-GVO.

g. Right to complain to a supervisory authority

If you believe that the processing of personal data concerning you by us is unlawful, you have the right to complain to the supervisory authority responsible for us, which you can contact as follows:

Bayerisches Landesamt für Datenschutzaufsicht
Promenade 27 (Schloss)
91522 Ansbach
Tel.: +49 (0) 981 53 1300
Fax: +49 (0) 981 53 98 1300

Status: February 2021