We take the data protection seriously and hereby inform you, how we process your data and which claims and rights you are entitled to under the data protection regulations.

1. Responsible body and Data Protection Officer
The body responsible for data processing is:

Georg Springmann Technology GmbH
Wiehagen 7-9,
45472 Mülheim-Ruhr, Germany
Phone: +49 208 -  4 95 66-0
Fax : +49 208 -  4 95 66-66
datenschutz@springmann.de

Contact details of the Data Protection Officer / Coordinator:

AGAD Service GmbH
Waldring 43-47
44789 Bochum, Germany
Phone: +49 234 - 282 533 20
Fax : +49 234 - 282 533 10
datenschutz@agad.de

2. Purposes and legal bases of the processed data
We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other applicable data protection regulations. Which data is processed in detail and how it is used depends largely on the services requested or agreed upon. Further details or additions to the purposes of data processing can be found in the respective contract documents, forms, a declaration of consent and / or other information provided to you (e.g. in the context of using our website or our terms and conditions).

2.1 Purpose for the fulfillment of a contract or pre-contractual measures (Art. 6(1) b GDPR)
The processing of personal data is carried out for the execution of our contracts with you and the fulfillment of your orders as well as for the execution of measures and activities in the context of pre-contractual relationships, e.g. with interested parties. This essentially includes: contract-related communication with you, the corresponding billing and associated payment transactions, the traceability of orders and other agreements as well as quality control through appropriate documentation, goodwill procedures, measures to monitor and optimize business processes and to fulfill general duties of care, control and monitoring by affiliated companies; statistical evaluations for corporate control, cost recording and controlling, reporting, internal and external communication, emergency management, accounting and tax assessment of operational services, risk management, assertion of legal claims and defense in the event of legal disputes; guarantee of IT security (e.g. system or plausibility tests) and general security, securing and exercising the right of admission (e.g. through access controls); guaranteeing the integrity, authenticity and availability of data, prevention and investigation of criminal offenses and monitoring by supervisory bodies or control bodies (e.g. auditors)

2.2 Purposes in the context of a legitimate interest for us or a third party (Art. 6(1) f GDPR)
Beyond the actual fulfillment of the contract or preliminary contract we process your data if necessary to protect a legitimate interest for us or a third party, in particular for purposes of:

• advertising or market and opinion research, unless you have objected to the use of your data;
• the testing and optimization of needs analysis procedures;
• the further development of services and products as well as existing systems and processes;
• the enhancement of our data, including the use or research of publicly accessible data;
• statistical evaluations or market analysis; benchmarking;
• the assertion of legal claims and defense in legal disputes which are not directly attributable to the contractual relationship;
• the limited storage of data, if deletion is not possible or is only possible with a disproportionate amount of effort due to the special nature of the storage;
• the development of scoring systems or automated decision-making processes;
• the prevention and investigation of criminal offenses, if not exclusively for the fulfillment of legal requirements;
• building and system security (e.g. through access controls), if this goes beyond the general duty of care;
• internal and external investigations as well as security checks; the possible monitoring or recording of telephone conversations for quality control and training purposes;
• the preservation and maintenance of certifications of a private-law or official nature;
• securing and exercising the right of admission through appropriate measures (such as video surveillance) and to secure evidence of criminal offenses and to prevent such.

2.3 Purposes in the context of your consent (Art. 6(1) aGDPR)
With your consent, you can subscribe to our newsletter, which will inform you about our current offers. The only requirement for sending the newsletter is your e-mail. We save your e-mail for the purpose of sending the newsletter. The legal basis for this is Art. 6 para. 1 sentence 1 lit. b DS-GMO. You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can revoke your consent to receiving the newsletter and unsubscribe from the newsletter at any time. You can declare the cancellation by clicking on the link provided in each newsletter e-mail or by sending a message to the contact details stated.

2.4 Purposes for the fulfillment of legal requirements (Art. 6(1) c GDPR) or in the public interest (Art. 6(1) e GDPR)
Like everyone who participates in economic activities, we too are subject to a large number of legal obligations. These are primarily statutory requirements (e.g. commercial and tax laws), but also, where applicable, regulatory or other official requirements. The purpose of the processing may include the fulfillment of fiscal control and reporting obligations, the archiving of data for the purpose of data protection and data security, and the examination by fiscal and other authorities. Furthermore, the disclosure of personal data within the framework of official/judicial measures may become necessary for the purpose of collecting evidence, criminal prosecution or enforcement of civil law claims.

3. The categories of data processed by us, as far as we do not receive data directly from you, and their origin
We process other personal information that may have been obtained from other companies or other third parties (e. g. credit enquiry agencies) as far as this is necessary for the provision of our services. We also may legitimately extract, obtain, or acquire and process personal information obtained from publicly available sources (e. g. telephone directories, trade and club registries, registration registers, debtor directories, land registers, press, internet and other media).

Relevant personal data categories may be in particular:

• Personal data (name, date of birth, place of birth, nationality, marital status, occupation / industry and comparable data)
•  Contact details (address, e-mail, telephone number and comparable data)
•  Address data (reporting data and comparable data)
•  Payment / cover note for bank and credit cards
•  Information about your financial situation (credit data including scoring, i.e. data to assess the economic risk)
•  Costumer History
•  Data about your use of the telemedia offered by us (e.g. time of visiting our websites, apps or newsletters, our pages/links clicked on or entries and similar data)

3.1 Recipients of data within the EU
Within our company, the internal departments or organizational units that receive your data are those which require these to fulfill our contractual and legal obligations or within the context of the processing and execution of our legitimate interest.

Your data will only be passed on to external bodies:

• in connection with the execution of the contract;
• for the purpose of fulfilling legal requirements according to which we are obliged to provide information, to report or pass on data, or the passing on of data is in the public interest;
  if external service providers process data on our behalf as processors or function providers (e.g. computer centers, support/maintenance of EDP/IT applications, archiving, document processing, call center services, compliance services, controlling, data validation or plausibility checks, data destruction, purchasing/procurement, customer administration, letter shops, marketing, media technology, research, risk controlling, billing, telephony, website management, auditing services, credit institutes, print shops or companies for data disposal, courier services, logistics);
• on the basis of our legitimate interest or the legitimate interest of the third party for the purposes mentioned (e.g. to authorities, credit agencies, debt collectors, lawyers, courts, experts, subsidiaries and bodies and control bodies);
• if you have given us your consent for transmission to third parties.

3.2 We will not pass on your data to third parties beyond this.
If we commission service providers within the context of order processing, your data are subject to the same security standards there as they are with us. In all other cases, recipients may only use the data for the purposes for which they were provided to them.

3.3 Storage Duration
We process and store your data for the duration of our business relationship. This also includes the initiation of a contract (pre-contractual legal relationship) and the execution of a contract.

In addition, we are subject to various storage and documentation requirements, which u. a. from the German Commercial Code (HGB) and the Tax Code (AO). The deadlines for storage and documentation specified there are up to ten years beyond the end of the business relationship or the pre-contractual relationship.

Furthermore, specific legal regulations may require a longer storage period, such as e.g. the preservation of evidence in accordance with the statutory limitation provisions. According to Section 195 ff. of the German Civil Code (BGB), the regular limitation period is three years, but in certain circumstances periods of up to 30 years may apply.

If the data are no longer required for the fulfilment of contractual or legal obligations and rights, these are regularly deleted, unless their temporary processing is necessary for the fulfilment of the purposes listed in section 2.2 for a predominantly legitimate interest. Such an overriding legitimate interest is e.g. even if deletion due to the special nature of the storage is not possible or only with disproportionately high effort and processing for other purposes is excluded by suitable technical and organizational measures.

3.4 Processing of your data in a third country or by an international organization
A transfer of data to offices in countries outside the European Union (EU) or the European Economic Area (EEA) (so-called third countries) occurs when it is necessary for you to carry out an order / contract that is required by law (e.g. tax reporting obligations ), it is within the legitimate interest of us or a third party or you have given us consent.

The processing of your data in a third country can also take place in connection with the involvement of service providers in order processing. As far as the EU country does not have an EU Commission's decision on an adequate level of data protection, according to the EU data protection regulations we ensure through corresponding contracts that its rights and freedoms are adequately protected and guaranteed.

4. Your data privacy laws
You have the following rights:

• You thus have the right to receive information from us about your data stored by us pursuant to the rules of Art. 15 GDPR (possibly with restrictions pursuant to Section 34 Federal Data Protection Act).
• At your request, we will correct the data stored about you pursuant to Art. 16 GDPR if they are inaccurate or incorrect. 
• If you wish, we will erase your data pursuant to the principles of Art. 17 GDPR, provided that other legal regulations (e.g. legal storage obligations or the restrictions pursuant to Section 35 Federal Data Protection Act) or an overriding interest on our part (e.g. to defend our rights and claims) do not oppose this.
• You may ask us to restrict the processing of your data, taking into account the requirements of Art. 18 GDPR.
• Furthermore, you may object to the processing of your data pursuant to Art. 21 GDPR, which requires us to stop processing your data. However, this right to object only applies in the event of very special circumstances regarding your personal situation, whereby our company’s rights may conflict with your right to object.
• You also have the right to receive your data in a structured, common and machine-readable format under the conditions of Art. 20 GDPR or to transmit them to a third party. 
• You also have a right of appeal to a data protection supervisory authority (Art. 77 GDPR). However, we recommend that you always address a complaint to our Data Protection Officer initially.

Special reference to your right to object pursuant to Art. 21 GDPR

1. You have the right to object at any time to the processing of your data on the basis of Art. 6(1) f GDPR (data processing on the basis of a balance of interests) or Art. 6(1) e GDPR (data processing in the public interest), if reasons for this exist arising from your particular situation.

This also applies to profiling based on this provision as defined by Art. 4 No. 4 GDPR. If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend a legal claim.

2. We may also process your personal data for direct advertising purposes. If you do not wish to receive advertising, you have the right to object to it at any time; this also applies to profiling, if this is associated with such direct advertising. We will take this objection into account in the future. We will no longer process your data for direct advertising purposes if you object to processing for these purposes.

The objection may be lodged informally and should be addressed to: Georg Springmann Technology GmbH, Wiehagen 7-9, 45472 Mülheim-Ruhr, Germany