en

Select your region:

Corporate Website:

DeutschEnglish

Data protection information for the processing of personal data of supplier and customer contacts

On the following pages, we, the DRÄXLMAIER Group (hereinafter referred to as "we"), would like to inform you about how your data is processed and what rights you have in relation to your personal data.

Your personal data may be processed if you are a customer, service provider, or supplier and contact us by telephone, email, or in writing with a request and provide personal data in the process. The same applies if you work for one of our customers, service providers, or suppliers. Your personal data may also be processed if we receive personal data from third parties and process it. Personal data may also need to be processed if you are a supplier, customer, or service provider of ours, or if you work for one of our suppliers, customers, or service providers, when participating in a trade fair or event organized by the DRÄXLMAIER Group, or in the context of other communication with us.

 

I. Controller

The company within the DRÄXLMAIER Group with which you are in contact or have a contractual or quasi-contractual relationship is generally Controller for data processing within the meaning of Art. 4 No. 7 of the European General Data Protection Regulation (hereinafter "GDPR"). You can usually find out which DRÄXLMAIER Group company is responsible for data processing in your contract documents or previous correspondence. In the case of correspondence by email or post, you can usually identify the controlling company from the email signature or letterhead. 

 

II. Data Protection Officer 

You can contact the data protection officer at Lisa Dräxlmaier GmbH as follows:

Data Protection Officer

Lisa Dräxlmaier GmbH

Landshuter Str. 100

84137 Vilsbiburg

privacy(at)draexlmaier.com

If you have concerns about data processing by another company in the DRÄXLMAIER Group, you can usually find the name and contact address of the controlling company in your contract documents or previous correspondence.

In any case, you can also contact the data protection officer at Lisa Dräxlmaier GmbH, who also acts as the central contact person for data protection for the other companies in the DRÄXLMAIER Group, at privacy(at)draexlmaier.com or using the contact details above.

 

III. Collection and processing of personal data

We collect the following categories of personal data, which originate from the following data sources:

 

Category of personal data and data source

Your business contact details and, where applicable, additional data on the managing directors and shareholders of the company you work for. These business contact details include, in particular:

  • Title
  • Title, position
  • Last name, first name
  • Business address
  • Business contact details (email address, telephone number, and fax number, if applicable)

We receive this data from you yourself or from the company you work for. If necessary, we may also obtain your data from publicly available sources (e.g., commercial registers, authorities, the Internet). The principle of data minimization always applies in this context.

 

IV. Purpose of data processing and legal basis

Purpose of processing and legal basis

The purpose of processing is to 

  • initiating, establishing, and processing the business relationship.

If you are an employee of a supplier, service provider, or customer, the legal basis is generally Art. 6 (1) (f) GDPR, because the controller can assert a legitimate interest in processing your personal data in the context of initiating, establishing, and processing business relationships. For legal representatives of suppliers, service providers, or customers, Art. 6 (1) (b) GDPR may also be the legal basis for processing, because processing may be necessary for pre-contractual or contractual measures.  If the personal data is transferred to authorities (e.g., tax authorities), Art. 6 (1) (c) GDPR forms the legal basis for the processing.

 

V. Recipients of the data or category of recipients

We only pass on data to third parties if it is either necessary for the business relationship or permitted under the statutory provisions.

The companies of the DRÄXLMAIER Group work together on a division of labor basis. Your personal data may therefore be transferred to other companies of the DRÄXLMAIER Group, in particular in the context of initiating, establishing, and processing a specific business relationship or order.

If there is a legal obligation to do so, personal data will be transferred to public authorities, such as investigative authorities, courts, tax authorities, customs authorities, local authorities, and supervisory authorities.

In the context of initiating, establishing, and processing the business relationship, personal data may also be transferred to customers, suppliers, subcontractors, processors, lawyers and notaries, authorities, audit companies, collection agencies, IT service providers, financial service providers, tax advisors, auditors, or credit agencies, for example.

 

VI. Transfer to third countries

The DRÄXLMAIER Group is a global group of companies. Within the scope of our business relationships, personal data may be passed on to companies within the DRÄXLMAIER Group, including those outside the EU. In doing so, we ensure that the principles for the processing of personal data and the conditions set out in Art. 44 ff. GDPR are complied with, so that an adequate level of data protection is guaranteed in all cases. 

An adequate level of data protection is ensured by the EU standard contractual clauses. 

For data stored in the EU, access from a country outside the EU is also possible by means of administrative access, as the operability of the systems is often ensured according to the follow-the-sun principle. In these cases, data is only accessed if either an adequacy decision by the Commission exists for the respective country, we have agreed with the service providers on the standard contractual clauses provided by the EU Commission for these cases, or the respective company has established its own internal binding data protection regulations that have been recognized by the data protection supervisory authorities.

The EU Commission's standard contractual clauses can be viewed at the following link.

 

VII. Storage period

We store your personal data for as long as it is necessary for the above-mentioned purposes for which it is collected or otherwise processed, for the fulfillment of a legal obligation to which we are subject, or for the assertion, exercise, or defense of legal claims. 

 

VIII. Your rights as a data subject

You have the following rights with regard to the processing of personal data: 

Your rights / Information

  • According to Art. 15 GDPR, you have the right to obtain information about the personal data processed about you.
  • According to Art. 16 GDPR, you have the right to have inaccurate personal data corrected. Please note the restrictions of § 34 BDSG.
  • According to Art. 17 GDPR, you have the right to erasure of personal data. Please note the restrictions of § 35 BDSG.
  • According to Art. 18 GDPR, you have the right to restrict processing. 
  • According to Art. 20 GDPR, you have the right to data portability.
  • If the data is processed on the basis of legitimate interests (Art. 6 (1) (f) GDPR), you have the right to object to the processing in accordance with Art. 21 (1) GDPR. In this case, the data will no longer be processed for this purpose, unless compelling legitimate grounds for the processing can be demonstrated that outweigh your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims. Further information on your right to object can be found below in Section XIII. 
  • If you believe that the processing of personal data violates applicable law, you can lodge a complaint with the competent data protection supervisory authority at any time in accordance with Art. 77 GDPR. This right applies regardless of other administrative or judicial remedies.

In the interests of orderly processing and to avoid delays in processing, we ask you to use the following contact details: 

privacy(at)draexlmaier.com

 

IX. Provision requirements and obligations

You only provide us with the personal data that is necessary for the initiation, establishment, and execution of the business relationship or that we are required to collect due to legal regulations. You are not obligated to provide us with personal data. However, if you do not provide us with this data, we may not be able to establish and execute the potential business relationship with you.

 

X. Automated decision-making

We would like to point out that we do not carry out automated decision-making. 

 

XI. Website use

If you contact us via the DRÄXLMAIER Group website, please note the general data protection information provided there.

 

XII. Amendment clause

As our data processing is subject to change, this privacy policy will also be updated from time to time. The current version of this privacy policy can also be found at www.draexlmaier.com.

 

XIII. Information about your right to object under Art. 21 GDPR

Right to object in individual cases: 

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 (1) (f) GDPR (data processing based on a balancing of interests).

In the event of an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.

Addressee and form of the objection 

The objection can be made informally. You can make it easier for us to process your objection by sending it to the following email address with the subject line "Objection" and stating your name, company name, and company address: 

privacy(at)draexlmaier.com