Privacy policy
for business partners and prospective business partners:

With this privacy notice, we inform you about the processing of your personal data in connection with a contractual relationship or the initiation of a contractual relationship.


A. Controller responsible for data processing

CRONIMET CREMETAL GmbH
Rheinhafenstr. 12
76189 Karlsruhe
Telephone +49 721 16131-0
[info@cronimet-cremetal.de](mailto:info@cronimet-cremetal.de)

 

B. Categories of data, purposes and legal basis for processing


We process your personal data which we receive from you or from third parties in the context of prospective and existing business relationships. As a rule, these are contact details (name, address, telephone number and e-mail address) and – insofar as required for the handling of business transactions – bank and payment data (bank, account details, reference, where applicable credit card information), information from publicly accessible sources, information databases and credit reference agencies (e.g. Internet, commercial register, business credit agencies), as well as other data which you voluntarily provide to us in the course of handling a project or a contractual relationship, or in the course of initiating a contract or business relationship (e.g. business card details). We may also store a copy or scan of your identity card or passport, as under the currently applicable anti-money laundering legislation we are obliged both to identify our contractual partners and to record the identification data. We process your personal data exclusively within the scope of the statutory provisions, in particular in compliance with the provisions of the General Data Protection Regulation (“GDPR”) and the German Federal Data Protection Act (“BDSG”). We process your personal data on the basis of the legal grounds described below and for the following purposes:

  • for the initiation, performance and termination of contractual relationships (Art. 6(1)(b) GDPR), for example performance of a contract (such as delivery or provision of a service and payment processing), general communication with business partners, for example responding to enquiries about products and services, contract negotiations, etc.
  • on the basis of consent given (Art. 6(1)(a) GDPR), for example sending newsletters or information letters, participation in marketing campaigns or surveys, etc.;
  • on the basis of legal requirements (Art. 6(1)(c) GDPR), for example to comply with retention obligations under commercial or tax law, to fulfil reporting or information obligations towards authorities, etc.;
  • on the basis of a legitimate interest (Art. 6(1)(f) GDPR); for example measures relating to IT security or measures to ensure proper business operations, to safeguard domiciliary rights, to protect property and investigate criminal offences, to assert legal claims or defend legal disputes, to ensure compliance requirements, etc.

As we also use the contact details of the persons designated by you as contact persons, we kindly ask you to pass this information on to the relevant employees within your company.


C. Recipients or categories of recipients of personal data


We transfer your personal data to authorities/public bodies insofar as overriding legal provisions require this. Where appropriate, we transfer your personal data to companies within our corporate group if this is necessary to fulfil the purposes set out above in section B.
We use external service providers as processors within the meaning of Art. 28 GDPR for various business operations. Data processing agreements have been concluded with these service providers in order to ensure the protection of your personal data. The recipients described above may also be located in countries outside the European Economic Area (“third countries”). In third countries, the same level of data protection as within the European Economic Area may not be guaranteed in all circumstances. If data is transferred to a third country, we ensure that such transfer takes place only in accordance with the statutory provisions (Chapter V GDPR).

 

D. Storage period


As a rule, personal data is deleted after expiry of the statutory retention periods (primarily under commercial and tax law). Insofar as the personal data is not affected by statutory retention obligations, it is deleted when it is no longer required for the purposes described above in section B. A different storage period may apply if you have consented to this when the data was collected.

E. Rights of data subjects


You have the right to obtain information about your personal data stored by us, to have inaccurate personal data corrected or – where applicable – to amend or withdraw your consent to data processing at any time with effect for the future and without stating reasons, to obtain restriction of the processing of your personal data with effect for the future, to object to the processing of your personal data with effect for the future, or to request the deletion of your personal data. Subject to the conditions set out in Art. 20 GDPR, you are entitled to receive the personal data concerning you that has been stored in a structured, commonly used and machine-readable format and to transmit this data to another controller without hindrance from us.
To exercise your rights, you may contact the controller named in section A. In order to avoid possible cases of misuse, we may require that requests bear a handwritten signature or that the requesting party otherwise proves their identity.
Furthermore, every data subject has the right, without prejudice to any other administrative or judicial remedy, to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or the place of the alleged infringement, if the data subject considers that the processing of personal data relating to them infringes the GDPR.