We take data protection seriously and will now provide information on how we process your data and what claims and rights you have under the provisions of data protection law. Valid as from 25 May 2018.
Contact data for our data protection officer:
Auf dem Mutzer 11
Responsible entity in terms of data protection law:
Auf dem Mutzer 11
Tel.: +49 (0)2163 947-754
We process personal data in compliance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other applicable data protection rules (details below). What particular data are processed and what use is made thereof is crucially dependent on the services requested or agreed in each particular case. Further details of, or supplements to, the purposes of the data processing can be found in the relevant contractual documents, forms, a declaration of consent and/or other information supplied to you (e.g. in the course of using our website, or in our general terms & conditions). Furthermore, this data protection statement may be updated from time to time, as can be seen from our website at www.kamps.de.
Personal data are processed for the performance of our contracts with you, for the execution of your orders and for the implementation of measures and activities in the context of pre-contractual negotiations, e.g. with prospective customers. In particular the processing thus serves the purpose of rendering services in accordance with your orders and requests, and comprehend the services, measures and activities necessary in this regard. The principal items include contract-related communication with you, the verifiability of transactions, orders/commissions and other agreements, also of quality assurance by way of the relevant documentation, ex gratia procedures, measures for directing and optimising business processes and for the fulfilment of general obligations of due care, direction and controls provided by affiliates (e.g. parent company); statistical analyses of corporate management, cost accounting and controlling, reporting system, internal and external communications, emergency management, invoicing and valuation of operational performance for tax purposes, risk management, assertion of claims at law and defence in legal disputes; ensuring IT security (including system or plausibility tests) and general security, including safety of buildings and plant, securing and exercising right of admission (e.g. by way of access controls); ensuring the integrity, authenticity and availability of data, prevention and successful investigation of criminal acts; controls by supervisory bodies or authorities (e.g. auditing).
In addition to the actual performance of the contract or pre-contractual requirements, we process your data in certain cases, when necessary, in order to pursue our or a third party's legitimate interests, in particular for the purpose of:
Your personal data may also be processed for specific purposes (e.g. using your email address for marketing purposes) if you have given your consent. Normally you may revoke such consent at any time. This also applies to the revocation of declarations of consent which were issued to us before the GDPR came into force, that is, before 25 May 2018. You will be informed expressly at the appropriate point in the consent text about the purpose and about the consequences of a revocation or a failure to give consent.
The basic rule is that a revocation of consent will only be effective for the future. Processing done before the revocation will not be affected and will continue to be lawful.
Like everyone involved in economic activity, we too are subject to a number of legal obligations. Primarily, these are statutory requirements (e.g. under commercial and tax law), but there may also be obligations imposed by supervisory and other public authorities. The purposes of processing may include, in certain cases, checks on identity and age, the prevention of fraud and money laundering, the prevention, combating and investigation of the financing of terrorism and criminal acts endangering assets, comparisons with European and international anti-terror lists, the fulfilment of control and notification obligations under tax law, the archiving of data for the purposes of data protection data security, and auditing by tax and other authorities. Furthermore, it may become necessary to disclose personal data in the context of measures taken by courts or public authorities for the purpose of furnishing evidence, criminal prosecution or the enforcement of claims under civil law.
In cases where this is necessary for the performance of our services, we lawfully process personal data received from other companies or other third parties (e.g. enquiry agencies, address providers). We also process and are allowed to process personal data which we lawfully obtain, receive or have acquired from sources accessible to the public (e.g. telephone directories, commercial and club registers, population registers, debtor registers, land registers, the press, the internet and other media).
Relevant categories of personal data may in particular be:
Inside our company, your data are received by those persons, offices or organisational units that need the data to fulfil our contractual and statutory obligations or within the framework of pursuing and implementing our legitimate interests. Your data are passed on to external persons or entities exclusively
We will not pass on your data to any further or additional third parties. If we engage service providers to carry out contracted processing on our behalf, your data will be protected there by the same safety standards as ours. In other cases the recipients may only use the data for the purposes for which the data were transferred to them.
We process and store your data for the duration of our business relationship. This includes the period leading up to a contract (pre-contractual legal relationship) and the performance of a contract.
We are in addition subject to various data retention and documentation obligations, which are stated inter alia in the German Commercial Code (HGB) and the German Fiscal Code (AO). The periods prescribed therein for retention or documentation are up to ten years after the end of the business relationship or alternatively the pre-contractual legal relationship).
Furthermore, specific statutory provisions may require a longer period of data retention, e.g. for the preservation of evidence in the context of the statute of limitations. According to sections 195 ff. of the German Civil Code (BGB), the usual limitation period is three years; it is however possible for limitation periods of up to 30 years to be applicable.
If and when the data are no longer necessary for the fulfilment of contractual and statutory obligations, they are normally deleted, unless their continued processing – with time limit - is necessary for the fulfilment of the purposes specified in section 2.2 on grounds of an overriding legitimate interest. Such an overriding legitimate interest is for example also present if deletion is not possible, or only possible at disproportionately great expense, because of the special method of storage, and processing for other purpose, using appropriate technical and organisational measures, is ruled out.
Data are transferred to points in states outside the European Union (EU) or the European Economic Area (EEA) if this should be necessary for the execution of an order or contract from or with you, or if it is required by law (e.g. notification obligations under tax law), or if it is in pursuit of our or a third party's legitimate interest, or if you have given your consent.
In this context, your data can also be processed in a third country in connection with the use of service providers for the performance of contracted processing. If the EU Commission has not adopted a decision on an adequate level of data protection in the country in question, we will ensure, under the relevant EU data protection requirements and by means of the relevant written agreements, that your rights and freedoms are appropriately protected and guaranteed. On request we will provide you with the relevant detailed information.
Information on the suitable and appropriate guarantees and the possibility of obtaining a copy thereof can be requested from the company data protection officer.
Subject to certain conditions you can assert your data protection rights against us
Your requests regarding the exercise of your rights should wherever possible be directed, in writing, to the address given above or direct to our data protection officer.
You need only provide the data which are necessary for the commencement and operation of a business relationship or for a pre-contractual relationship with us or which we are under a legal obligation to collect. Without these data we will normally not be in a position to conclude or execute the contract. This may also apply to data which become necessary subsequently in the context of the business relationship. If we request data from you in excess thereof, we will inform you expressly of the voluntary nature of your compliance.
We do not make use of a purely automated decision-making process as referred to in article 22 GDPR. If we should however in future use such a process in individual cases, well will inform you separately provided this is required by law.
We will possibly process some of your data with a view to analysing specific personal aspects (profiling).
In order to be able to inform and advise you about products in a targeted manner, we may, where appropriate, use evaluation tools. These make it possible for product design, communication, advertising and market and opinion research to be tailored to specific needs.
Such methods can also be used to evaluate your credit rating and creditworthiness and to combat money laundering and fraud. So-called "score values" are used in order to assess your credit rating and creditworthiness. The scoring system uses mathematical techniques to calculate the probability with which a customer firm will meet its payment obligations in accordance with the contract. Such score values thus support us in assessing creditworthiness and in decision-making in relation to product deals, and they also play a part in our risk management. The calculation is based on recognised and trusted mathematical and statistical techniques, and is carried out on the basis of your data, in particular on revenue situation, expenditure, existing liabilities, profession, employer, period of service, experience derived from the business relationship to date, contractually correct redemption of previous loans and information from credit enquiry agencies.
Data related to nationality are not processed in this instance, nor are the special categories of personal data specified in article 9 GDPR.
1. You have the right to object at any time to the processing of your data on the basis of article 6 (1) f) GDPR (data processing on the basis of a weighing up of interests) or article 6 (1) e) GDPR (data processing in the public interest) if there are reasons present which are inherent in your particular situation. This also applies to profiling, within the meaning of article 4 no. 4 GDPR, that is based on the present provision.
If you lodge an objection we will cease to process your personal data, unless we can demonstrate that there are compelling and legitimate reasons for the processing which override your interests, rights and freedoms, or unless the processing serves the assertion, exercise and defence of legal claims.
2. We also process your data, where appropriate, in order to run direct advertising. If you do not wish to have any advertising, you have the right at any time to object to it; this also applies to profiling when it is connected with such direct advertising. We will respect and observe this objection for the future.
We will cease to process your data for the purpose of direct advertising if you object to processing for that purpose.
The objection need not be in a specific form and should if possible be sent to:
Auf dem Mutzer 11
Tel.: +49 (0)2163 947-754
Our data protection statement and the data protection information on our data processing under articles 13, 14 and 31 GDPR may be amended from time to time. All changes will be published on this page. Superseded versions will be available for inspection in an archive.
Date protection information effective Thursday 2nd April, 2019