ProVeg Germany e.V.
Our handling of your data and your rights – Information under articles 13, 14 and 21 of the General Data Protection Regulation (GDPR).
we are providing you here with information about how we process your personal data, as well as the claims and the rights you are entitled to, in accordance with the data protection regulations.
Which data are processed in detail and how they are used depends on which services have been requested or agreed.
1. Who is responsible for data processing and whom can I contact?
The responsible body is:
ProVeg Germany e.V.
Genthiner Strasse 48
Tel: +49 30 29 02 82 53-0
Fax: +49 30 29 02 82 53-26
Email: [email protected]
You can contact our company data protection officer at:
Thomas Gutte Datenschutzberatung
Tel: 0611 -71186990
E-mail: [email protected]
2. Which sources and data do we use?
We process personal data that we receive from you within the framework of our business relations (e.g. from application procedures, newsletters, petitions, surveys, member registrations). In addition, to the extent necessary for the provision of our services, we process personal data that we have received from other companies (such as SCHUFA) in a permissible manner (for example, to execute orders, to fulfil contracts or on the basis of your consent). On the other hand, we process personal data that we have legitimately obtained and are able to process from publicly available sources (for example, debt directories, land registers, trade and association registers, press, media).
Relevant personal data are personal details (name, address and other contact details, date and place of birth and nationality) or legitimacy data (e.g. ID data). In addition, this may also include transaction data (e.g. order details), data from the fulfilment of our contractual obligations (e.g. from licence agreements, deliveries), data from your membership relationship, as well as information about your financial situation (e.g. creditworthiness data), documentation data (e.g. call logs), register data, data about your use of our offered telemedia (e.g. time of calling our websites, apps or newsletters, our clicked pages or entries) as well as other data comparable with the categories mentioned.
3. For what reason do we process your data (purpose of the processing) and on what legal basis?
We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG):
3.1 For the fulfilment of contractual obligations (Article 6 (1b) GDPR)
The processing of personal data (Article 4 No. 2 GDPR) is for the provision and delivery of our service, in particular for the execution of our contracts or precontractual actions with you and the execution of your orders, as well as all the activities necessary for the operation and administration of a company.
The purposes of data processing are based primarily on the specific product or order (e.g. to handle the membership relationships in our organisation, to fulfil our statutory, charitable purposes, to fulfil licence agreements on the V label) and can include analysis, advice and conducting transactions, among other needs.
Further details on the purpose of data processing can be found in either the contract documents or the terms and conditions of business.
3.2 In the context of the balance of interests (Article 6 para.1f GDPR)
If necessary, we process your data by actually fulfilling our charitable statutory purposes, in order to process membership relationships in our organisation and to fulfil contracts for the protection of our legitimate interests or those of third parties, such as in the following cases:
• ensuring IT security and IT operations;
• examining and optimising procedures for needs analysis and direct contact with prospects and customers;
• advertising or market and opinion research, as long as you have not objected to the use of your data;
• asserting legal claims and defence in legal disputes;
• measures for building and plant safety (e.g. control of access);
• measures to ensure houserules;
• business management and service development measures.
3.3 On the basis of your consent (Article 6 para. 1a GDPR)
If you have given us your consent to the processing of personal data for specific purposes (such as disclosure of data, evaluation of user data for marketing purposes), the lawfulness of this processing is based on your consent. Given consent can be withdrawn at any time. This also applies to the withdrawal of declarations of consent, before the validity of the GDPR, i.e. before 25 May 2018, have been issued to us. Please note that the withdrawal only works for the future. Processing that occurred before the revocation is not affected.
3.4 Because of legal requirements (Article 6 para.1c GDPR) or in the public interest (Article 6 para.1e GDPR)
In addition, as a tax-privileged, non-profit organisation, we are subject to various legal obligations, namely legal requirements (e.g. association law, tax law / charter law), as well as statutory requirements. The purposes of the processing include the fulfilment of tax control and reporting obligations.
4. Who obtains my data?
Within our organisation, the entities that gain access to your data are the ones that need to do so in order to fulfil our contractual and legal obligations. Our processors (Article 28 GDPR) may also obtain data for these purposes. These are
companies in the categories of IT services, printing services, telecommunications, debt collection, advice and consulting, as well as sales and marketing. With regard to the transfer of data to recipients outside of our company, it should be noted that we only pass on information about you if statutory provisions require it, if you have given your consent, or if we are authorised to provide information.
Under these conditions, recipients of personal data, can be, for example:
• Public bodies and institutions (such as public authorities) in the presence of a legal or regulatory obligation.
• Other entities to which we provide personal information to conduct the business relationship or membership relationship with you, such as: collection agencies or credit bureaus. Other data recipients may be those to whom you have given us your consent to submit your data.
5. For how long will my data be stored?
If necessary, we process and store your personal data for the duration of our business relationship, which includes, for example, the initiation and execution of a contract. In addition, we are subject to various storage and documentation obligations that result, inter alia, from the German Commercial Code (HGB) and the Tax Code (AO). The periods for storage and documentation are two to ten years. Finally, the storage period is also judged by the statutory limitation periods, which can be, for example, in accordance with §§ 195 ff. of the Civil Code (BGB), usually three years in some cases, but can also be up to thirty years.
6. Are data transmitted to a third country or to an international organisation?
A transfer of data to third countries (states outside the European Economic Area – EEA) only takes place if this is necessary for the execution of your orders, if required by law, or if you have given us your consent. Details will be provided to you separately, if required by law.
7. What privacy rights do I have?
Each data subject has the right to information under Article 15 GDPR, the right to correction under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, and the right to data
portability under Article 20 GDPR. With regard to the right to information and the right to erase, the restrictions under §§ 34 and 35 BDSG apply. In addition, there is a right of appeal to a data protection supervisory authority (Article 77 GDPR in conjunction with Section 19 of the Federal Data Protection Act [BDSG]).
8. Is there a duty to provide data?
As part of our business relationship, you only need to provide the personal information that is required to establish, conduct and terminate a business relationship or that we are required to collect by law. Without such data, we will generally have to refuse to conclude the contract or to execute the order or to be unable to complete an existing contract and possibly terminate it.
9. To what extent is there automated decision-making in individual cases?
In principle, we do not use fully automated decision-making, in accordance with Article 22 of the GDPR, to justify and implement a business relationship. If we do use such procedures in individual cases, we will inform you about this separately, if this is required by law.
10. To what extent are my data used for profiling (scoring)?
In principle, we do not use profiling, in accordance with Article 22 GDPR. If we do use this procedure in individual cases, we will inform you about this separately, if this is prescribed by law.
Information about your right to object in accordance with Article 21 General Data Protection Regulation (GDPR):
You have the right to object at any time, for reasons arising from your particular situation, to prevent the processing of personal data relating to you in accordance with Article 6 para. (1e) of the GDPR (data processing in the public interest), and Article 6 para. (1f) GDPR (data processing based on a balance of interests).
If you object, we will no longer process your personal information, unless we can establish compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or if the processing is for the purposes of asserting, exercising or defending legal claims.
The objection can be in any form and should be addressed preferably to:
ProVeg Germany e.V.
Genthiner Strasse 48
Email: [email protected]