Data protection information for our business partners

Compliance with data protection regulations is a high priority for us. In the following, we would like to inform you as a business partner or as the contact person of a corresponding business partner responsible for us about the collection and processing of your personal data.

Person responsible

The controller responsible for data processing is dbh Logistics IT AG, Martinistr. 47-49, 28195 Bremen, phone: +49 421 30902-0, e-mail: info@dbh.de.

Type of data

As part of our business relationship, you must provide the personal data that is necessary for the establishment, execution and termination of a business relationship and for the fulfillment of the associated obligations, which we are legally obliged to collect or which we are entitled to collect on the basis of legitimate interests. Without this data, we will generally not be able to enter into a business relationship with you.
If you as a business partner or your company enter into a business relationship with us, we will therefore generally process the following personal data:

• Title, first name, last name,
• A valid e-mail address,
• Address of the business partner,
• Business telephone number (landline/mobile),
• The necessary offer and contract information (e.g. subject of the business relationship, type of service, price information, execution modalities, time of execution, information on due dates),
• Information relating to the implementation of the business relationship (correspondence data, any warranty issues, duration of the business relationship),
• If applicable, tax number, HRB number and business bank details.

Purpose and legal basis of data processing

For the fulfillment of contractual obligations (Art. 6 para. 1 sentence 1 b) GDPR)

The processing of your personal data may be necessary for the performance of pre-contractual measures that precede a contractually regulated business relationship or for the fulfillment of obligations arising from a contract concluded with you. This may include, for example, the processing of purchase orders, deliveries or payments or the preparation and response to requests for quotations from individuals to determine the establishment or terms of a contractual relationship.

For the fulfillment of a legal obligation (Art. 6 para. 1 sentence 1 c) GDPR)

The purposes of data processing arise in individual cases from legal requirements. These legal obligations include, for example, the fulfillment of retention and identification obligations, e.g. in the context of requirements for the prevention of money laundering, tax control and reporting obligations, commercial and foreign trade law or sanction law regulations and data processing in the context of inquiries from authorities.

For the fulfillment of legitimate interests (Art. 6 para. 1 sentence 1 f) GDPR)

It may also be necessary to process your personal data in order to protect legitimate interests. The legitimate interests are in particular the conclusion or execution of contracts and other business relationships with our business partners for whom you may be working as a representative or employee. Furthermore, legitimate interests are internal administrative purposes (e.g. for accounting or process and workflow optimization) or the selection of suitable business partners, securing the IT infrastructure of our company and conducting compliance investigations, asserting legal claims, defending against liability claims, ensuring building and plant security or preventing criminal offences and settling claims resulting from the business relationship.

Log data is read out in the system to ensure optimum digitally controlled support. Log data is telemetry data that is used to transmit measured values from a point to a remote receiving station, which collects and, if necessary, evaluates the data. This log data does not allow any conclusions to be drawn about personal data. This ensures a stable system, early problem detection and rectification.

When a contract is concluded, we collect data on your creditworthiness via credit agencies in order to fulfill the above-mentioned legitimate interests. We use the credit rating data from the credit agencies to check your creditworthiness. The credit agencies store data that you receive from banks or companies, for example. This data includes, in particular, your surname, first name, date of birth, address and information on your payment history. You can obtain information about the data stored about you directly from the credit agencies.

If you participate in the conclusion of a contract offered by us by means of a digital signature (e.g. Adobe Sign), we process your data, in particular your email address, IP address and the times at which you have processed the respective contract document, e.g. approved, displayed or digitally signed, in each case with the time and date. Our legitimate interest lies in the efficient and fast digital processing of contract signatures and the corresponding logging of the signature process for verification purposes. It is also possible to sign certain contracts with a so-called qualified electronic signature. In this case, we also process the certificate data of your signature in addition to the aforementioned data. Our legitimate interest here is to check whether you have a valid, qualified electronic signature that can be used to replace a possible legal requirement for the written form. A prerequisite for the use of a qualified electronic signature is registration with a trust service provider (e.g. D-Trust / Bundesdruckerei), which you must carry out yourself. However, the respective provider processes the data you provide during registration under its own responsibility and not on our behalf.

On the basis of consent (Article 6(1)(1)(a) GDPR)

In addition, the processing of your personal data may be based on voluntary consent within the meaning of Art. 6 para. 1 sentence 1 a) GDPR.

Obligation to provide your personal data

As part of our business relationship, you must provide the personal data that is necessary for the establishment, execution and termination of a business relationship and for the fulfillment of the associated obligations, which we are legally obliged to collect or which we are entitled to collect on the basis of legitimate interests. Without this data, we will generally not be able to enter into a business relationship with you.

Storage period/criteria for determining the storage period

The personal data will be stored for as long as is necessary to fulfill the above-mentioned purposes or as long as there are legal or contractual retention obligations (relevant here are in particular the legal retention obligations from the German Commercial Code (HGB) and the German Fiscal Code (AO), which provide for storage for up to twelve years) or you have consented to storage beyond this in accordance with Art. 6 Para. 1 S. 1 a) GDPR.

Recipients/categories of recipients of your data

Within the scope of contractual relationships, to fulfill legal obligations and to protect legitimate interests, processors, authorities or service providers also receive access to your personal data.

In the case of contracts concluded using a digital signature, your data is also accessible to all persons involved in approving and signing the contract, as they receive a log after the contract has been signed showing all processing steps, including e-mail address, IP address, date and time. Furthermore, your data may be accessible to the respective service providers that we use for the corresponding digital signature process. In the case of Docu Sign, this is DocuSign Inc, 221 Main Street Suite 1000 San Francisco, CA 94105.

If we transfer personal data to recipients outside the European Economic Area (EEA), the transfer will only take place if the third country has been confirmed by the EU Commission as having an adequate level of data protection, an adequate level of data protection has been agreed with the data recipient (e.g. by means of EU standard contractual clauses), or you have given us your consent to do so.

Your data protection rights

You have the right to receive information about the personal data stored about you free of charge upon request (Art. 15 para. 1 GDPR). In addition, if the legal requirements are met, you have the right to rectification (Art. 16 GDPR), erasure (Art. 17 GDPR) and restriction of processing (Art. 18 GDPR) of your personal data and to data portability (Art. 20 GDPR).
You have the right to revoke your consent at any time with effect for the future if the data is processed on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR. Please send your revocation to: office@datenschutz-nord.de.

You have the right to object to data processing in accordance with Art. 21 GDPR if the data is processed on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR. Please send your objection to: office@datenschutz-nord.de.
In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a data protection supervisory authority. The right to lodge a complaint may be exercised in particular with a supervisory authority in the Member State of the data subject’s habitual residence or place of the alleged infringement.

Contact details of the data protection officer

You can contact our data protection officer (datenschutz nord GmbH) at office@datenschutz-nord.de. When contacting our data protection officer, please quote the controller named above.