Information about data protection at RSP GmbH for business partners
Last update: September 2018
In this data protection statement, you will find out how companies from the RSP Group (hereinafter referred to as “we”) process your personal data. The companies from the RSP Group fulfill the legal information obligations in accordance with the article 12-14 EU-General Data Protection Regulation (DSGVO).
Furthermore, we inform you in the following about the processing of your personal data in connection with
- the contract relationship of your employer with us or
- our contract relationship should you be one of our direct contract partners as a sole proprietor.
1. Responsible party in terms of the data protection laws
Responsible party in terms of the General Data Protection Regulation (GSGVO) is the RSP GmbH, Zum Silberstollen 10, 07318 Saalfeld/saale, Germany or the companies affiliated with the RSP GmbH that you are in contact with. More contact data can be found under www.rsp-germany.com.
2. What do we process your data for (purpose of the processing) and on which legal basis?
We collect, use and save your personal data for the following purposes.
a. Processing your data on the basis of contractual obligations or pre-contractual measures (art. 6 para. 1 lit. b DSGVO)
We process your data to complete, perform or end a contract with you or your employer. This data includes
- Your name,
- Your business address,
- Your business contact data, for example, your telephone number and e-mail address as well as correspondence and contractual agreement with us,
- Performance metrics: for example, information with which you can evaluate the performance of our vendors, including the personnel from the vendor.
If you are our contract partner, we collect further data about you such as, for example,
If we have not received the previously listed data, then it comes from publicly accessible sources. We will neither sell your personal data nor market it in any other way.
b. Processing your data due to a consideration of interests (art. 6 para. 1 lit. f DSGVO), provided your protected interests do not outweigh our entitled business interests
If you are our contract partner, we will run through a pre-qualification procedure under certain requirements if there is a reason of contract relationships.
Here we determine if we may enter business relationships with you under consideration of the provisions of the money laundering act, the sanction lists from the EU according to the EU ordinances 2580/2001 and 881/2002 in business relationships.
For the consultation of and data exchange with information agencies as well as to determine creditworthiness and failure risks, we will obtain information about creditworthiness characteristics from information services before completion of the contract.
Furthermore, we process your data to protect entitled interests from us or third parties, for
- The protection of our legitimate business interests and legal rights. This includes, but is not limited to, the usage in connection with legal claims, regulatory, inspection-related, investigative purposes (including the disclosure of information in connection with legal proceedings, insurance cases or legal disputes) and compliance reporting obligations,
- Administration of the provision and guaranteeing of the security of our devices, systems and electronic platforms, including measures for data protection and data protection control,
- Prevention and clarification of criminal offenses,
- Video monitoring to protect house law, to collect evidence,
- Building and system security (for example, access controls),
- Business control,
- Greeting in house through our welcome screen,
- Provision of information about our products, services, offers or technical development (direct marketing) that you request as our business partner or from which we believe you could be interested in, provided this is legally permissible,
- if you have specified a preference regarding marketing notifications or also to be able to answer follow-up questions, to improve our service,
- or other correspondence.
For internal administration purposes, the disclosure of personal data also occurs for other companies affiliated with the RSP GmbH provided that this is necessary.
3. Is there an obligation to provide data?
You have to provide personal data that is required for the inclusion and performance of the contract and the fulfillment of the contractual obligations connected with this or for the collection of which we are legally obligated. Without this data, we normally have to reject the contract completion or can no longer perform an existing contract and must end it if applicable.
4. Who do we share your data with?
Within the companies affiliated with the RSP GmbH, the positions receive access to your data who need this to fulfill contractual and legal obligations or to coordinate our services internally, for example, for central purchasing, sales, marketing, customer service.
Service providers and assistants that we assign may receive data for these purposes as well. This includes companies in the categories IT services, logistics, printing services, telecommunication, billing and collections.
In regards to the sharing of data with other recipients, it must be initially considered that we only share the required personal data under observation of the applicable guidelines on data protection. Personal data from or business partners may only be shared if legal regulations require this, the affected person has given their consent or we are otherwise authorized to sharing. Under these requirements, the recipients of personal data may be:
- Public facilities and institutions (for example, financial authorities, prosecution authorities) upon the existence of a legal or regulatory obligation,
- Creditors or insolvency managers who ask for this information during a foreclosure,
- Service providers who we use within the scope of order processing relationships,
- Vendors who we disclose data about vendors or sales partners within the scope of the inspection of standards, sanction lists and certifications.
- other business partners.
In all cases named above, we ensure that the recipients only receive access to your personal data as necessary to provide individual tasks.
5. Data transmission to third-party states
A data transfer to countries outside of the EU (so-called third-party states) occurs
- if our business relationship and in particular the object of contract requires the inclusion of companies affiliated with the RSP GmbH or business partners with their headquarters outside of the EU;
- or provided that this is legally prescribed;
- or if this is required for the assertion, exercising or defense of legal claims;
- or you have given us consent regarding this.
The processing of your data in a third-party country may also occur in connection with the assignment of service providers within the scope of order processing. If there is no resolution from the EU commission about an appropriate data protection level for the affected country, we ensure according to the EU data protection guidelines through corresponding contracts that your rights and freedoms are protected and guaranteed. We can provide you with corresponding details on request. Information about suitable or appropriate guarantees and the possibility to receive a copy can be requested from our data privacy officer.
For cases in which there is no resolution from the EU commission about an appropriate data protection level in a third-party country and the transmission is required to execute a contract completed by us with a third party in your interest, the exceptions from art. 49 para. 1 lit. c DSGVO apply. Provided the transmission serves to initiate or execute the contract with you, the exceptions from art. 49 para. 1 lit. b DSGVO apply.
6. How long do we save your data?
The following applies to employees from our contract partners:
The data provided to us by your employer will be saved as long as and for the purpose of taking other orders from your employer until your employer or we are no longer interested in another business relationship.
Provided that you are the contract partner:
After completion of the contract relationship, we will save data relevant for this contract relationship for the duration of the legal safekeeping obligations and delete them after expiration. This does not include personal data that you have given us that we save and use for the purpose of taking other orders until you or we are not longer interested in a further business relationship. You can inform us if you have no further interest in a business relationship with us.
7. Automated decisions
We process some data in an automated manner with the objective of evaluating certain personal aspects (profiling). We use profiling in the following cases:
- Due to legal and regulatory guidelines, we are obligated to fight the financing of terrorism. Data about your person is analyzed here. These measures are simultaneously there for your protection.
- We use scoring within the scope of the evaluation of the creditworthiness of our contract partners. This is used to determine the probability with which a contract partner will satisfy their obligations in accordance to the contract. The calculation may include, for example, income, expenses, existing liabilities, experiences from the previous business relationship, contractual repayment of earlier credits as well as information from credit agencies. The scoring is based on a mathematically-statistically recognized and proven procedure. The calculated scores support us with the decision-making within the scope of contract completions and are included in the running risk management.
8. What rights are you entitled to?
In regards to the processing of your personal data, you have the right to information according to article 15 DSGVO, the right to a correction according to article 16 DSGVO, the right to deletion according to article 17 DSGVO, the right to the restriction of processing according to article 18 DSGVO, the right to objection due to article 21 DSGVO as well as the right to data transferability from article 20 DSGVO. With regard to the right to information and the right to erase, the restrictions under §§ 34 and 35 FDPA apply. In addition, there is a right of appeal to a data protection supervisory authority pursuant to Article 77 GDPR in the sense of § 19 FDPA.
These rights may be limited, for example, if your request would disclose personal data about another person or if you ask us to delete information that is legally prescribed or we can have legitimate interests.
Information about your right of objection according to article 21 EU General Data Protection Regulation (DSGVO)
1. Case-specific right of objection
You have the right, due to reasons that result from your special situation, to object the processing of your personal data that occurs based on article 6 para. 1 lit. e DSGVO (data processing in public interest) and article 6 para. 1 lit. f DSGVO (data processing on the basis of a consideration of interests); this also applies to profiling based on this determination in terms of article 4 para. 4 DSGVO.
If you object, we will no longer process your personal data unless we can prove that there are protective reasons for processing that outweigh your interests, right and freedoms or the processing serves for the assertion, exercising or defending of legal claims.
2. Right of objection to the processing of data for advertising purposes
In individual cases, we process your personal data to offer direct advertising. You have the right to object to the processing of your personal data for the purpose of such advertising at any time; this also applies to profiling, provided it is in connection with direct advertising.
If you object tot he processing for the purposes of direct advertising, we will no longer process your personal data for these purposes.
You can object this at any time free of charge, also separately for the respective communication channel and with effect directed at the previously listed contact data without there being any accommodation costs other than those according to the basic rates.
If you have any questions about this data protection statement, contact the data protection officers.
You can reach our operational business data protection officers by email under firstname.lastname@example.org