Information for customers and contacts of Gütermann GmbH
Last updated: 20/09/2019
With the following information we would like to give you an overview of how we process your personal data and your rights under data protection law. Which data are processed and how they are used depends largely on whether you or your company are already a customer of ours or whether we have stored your data when you contacted us. Therefore, not all parts of this information will apply to you.
Who is the data controller and who can I contact?
The controller is
79261 Gutach im Breisgau,
Tel.: +49 7681 21 267
Fax: +49 7681 21 5267
You can contact our Data Protection Officer at
Tel.: +49 7681 21 460
Fax: +49 7681 21 5460
What sources and data do we use?
We process personal data that we receive from our customers or other data subjects in the course of our business relationship. To the extent necessary to provide our services and perform our contracts, we also process personal data that we obtain in a reliable way from publicly available sources (e.g. commercial register, Internet, press) or that is legitimately transferred to us by other companies of the A&E Group or by other third parties (e.g. a credit agency).
The personal data concerned are personal details (name, address and other contact details, bank details). In addition, these may include order data (e.g. purchase orders), data from the performance of our contractual obligations (e.g. sales data), information about the financial situation of your company (e.g. creditworthiness data), advertising and marketing data, documentation data (e.g. visit reports) and other data comparable with the categories named.
What do we process your data for (processing purpose) and on what legal basis?
We process personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG).
a. for the performance of contractual obligations (Art. 6 (1) b GDPR)
Data are processed for the provision and procurement of orders within the execution of our contracts with our customers or for the execution of pre-contractual measures, which take place on request. The purposes of data processing are primarily based on the specific product (e.g. display furniture, sewing threads and fabrics) and may include demand analyses, sewing technology advice, advice on the presentation of goods in sales rooms, and services in this area. Further details on data processing purposes can be found in the relevant contractual documents and the terms and conditions.
b. in the context of a weighing of interests (Art. 6 (1) f GDPR)
If necessary, we process your data beyond the actual performance of the contract to protect our legitimate interests or those of third parties. Examples:
- Consultation and data exchange with credit agencies (e.g. Creditreform) to determine credit risks,
- Examination and optimisation of procedures for needs analysis for the purpose of addressing customers directly,
- Advertising, invitations to trade fairs and other events and other communication to maintain the business relationship as well as market and opinion research unless you have objected to the use of your data,
- Invitations to trade fairs and other events,
- To settle commissions with our sales representatives,
- Assertion of legal claims and defence in legal disputes,
- Ensuring IT security and the IT operations of our company,
- Prevention and investigation of criminal offences,
- Measures for building and system security (e.g. access controls),
c. based on your consent (Art. 6 (1) a GDPR)
If you have given us your consent to process personal data for certain purposes (e.g. sending newsletters, advertising, photographs at events), the legality of such processing is on the basis of your consent. Where given, consent can be withdrawn at any time. This also applies to the withdrawal of declarations of consent given to us prior to the GDPR coming into force, i.e. before 25 May 2018. The withdrawal of consent is only effective for the future and does not affect the legality of data processed before the withdrawal.
d. based on legal requirements (Art. 6 (1) c GDPR) or in the public interest (Art. 6 (1) e GDPR)
In addition, we are subject to various legal obligations, i.e. legal requirements (e.g. tax laws, German Civil Code (BGB), German Commercial Code (HGB)). The purposes of processing include the fulfilment of tax obligations, the assessment and management of risks, the fulfilment of storage obligations under commercial law and tax law as well as compliance with export regulations (e.g. consideration of published sanction lists).
Who receives my data?
Within the company, departments that need your data to fulfil our contractual and legal obligations will have access to your data.
Service providers and vicarious agents assigned by us may also have access to these data, if a data processing agreement has been concluded with these to ensure that your data is handled in compliance with the law. These are companies in the fields of accounting, auditing, IT services, logistics, sales representatives, telecommunications, consulting and sales and marketing.
Other companies in the A&E Group, where this is necessary for the purposes named above.
Further data recipients may be entities who you have agreed we may transfer your data to, or to whom we are authorised to transfer personal data based on a weighing of interests.
Are data transferred to a third country or an international organisation?
Data are transferred to entities in countries outside the European Union (“third countries”) if
- it is necessary for the execution of your orders,
- it is required by law, or
- you have given us your consent.
In addition, we intend to transfer data to our parent company in the USA in the following cases:
- Personal data about companies of customers whose legal form is a business partnership (e.g. data about orders, sales, payment terms, company address, delivery and invoice data for your orders, outstanding payments and payment behaviour, data about consignment stock and other accounting data).
- Contact details for contact persons of internationally operating customers for worldwide customer care.
These transfers are subject to the European Union’s standard “Controller to Controller” contractual clauses.
How long will my data be stored for?
We process and store your personal data for as long as this is necessary for the fulfilment of our contractual and legal obligations.
If the data are no longer required for the fulfilment of contractual or legal obligations, they are erased on a regular basis, unless their – time-limited – further processing is necessary for the following purposes:
- Fulfilment of storage obligations under commercial law and tax law, arising from, for example: German Commercial Code (HGB), German Tax Code (AO), German Civil Code (BGB). The periods for storage and documentation specified there are generally two to ten years.
- Preservation of evidence within the statutory periods of limitation pursuant to Sections 195 et seq. of the German Civil Code; these periods can be up to 30 years, the regular period of limitation being three years.
Are special categories of personal data about me processed?
Special categories of personal data as defined by Art. 9 GDPR are not processed.
What data protection rights do I have?
Please be aware that you can withdraw your consent at any time. You also have the right to receive information at any time about the data we have stored about you. If these data are incorrect or, in your opinion, no longer required because the purpose has ceased to exist, you have the right to request rectification or erasure or the restriction of processing. You have the right to object at any time to the processing of your personal data for reasons arising from your particular situation. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims. If you wish to exercise your rights, please write to the above address or e-mail firstname.lastname@example.org.
We would also like to inform you of your right to complain to the data protection supervisory authority responsible for you.
Am I obliged to provide data?
In the context of our business relationship, you must provide personal data which are necessary for the establishment, execution and termination of a business relationship and the fulfilment of the associated contractual obligations or which we are legally obliged to collect. Without these data, we will generally not be able to conclude, execute or terminate a contract with you.
To what extent is automated decision-making or profiling carried out?
We do not use fully automated decision-making, nor do we use profiling.