Information on the processing of your customer/supplier data in accordance with Art. 13 GDPR

1. Controller and data protection officer:
(1) The controller according with article 4(7) of the EU General Data Protection Regulation (GDPR) is GFH GmbH. (2) Our data protection officer can be contacted at [mailto:datenschutz@gfh-gmbh.de,]datenschutz@gfh-gmbh.de, or through our above-mentioned postal address with the addition “To the Data Protection Officer”.

2. Collection and storage of personal data as well as type and purpose of their use:
We collect the following information in connection with the business relationship with our customers/suppliers: Address, identification and contract content data. We also process names and contact addresses for communication purposes of the contact person at the customer/supplier. Insofar as the customers/suppliers are natural persons, these data are personal data, namely first name, last name, contact details (valid e-mail address, address, telephone number (landline and/or mobile phone)), account details and any other information that are necessary for the conclusion of a contract (see also under 4.). Special categories of personal data may also be collected. This data is collected and processed for contract initiation and contract execution. Partly we instate processors during the processing. Data processing takes place on the basis of Art. 6 Para. 1 S. 1 b), c) and f) GDPR and is for the stated purposes required for contract initiation or contract execution.

3. Duration of storage:
We store the data for the duration of any business relationship with the customer/supplier and until the end of the limitation periods for any resulting claims (statutory limitation period of three or up to 30 years) and as long as we are legally obliged to do so. This results regularly from legal proof and storage obligations, which are regulated, inter alia, in the Commercial Code and the Tax Code. The storage periods are then up to ten years.

4. Disclosure of data to third parties:
Within our company, only the people and bodies (e.g. departments) receive your personal data that require it to fulfil our contractual and legal obligations. Within our group of companies, your data will be transmitted to certain companies if they centrally perform data processing tasks for the companies affiliated with the group. In addition, we sometimes use different service providers and vicarious agents, to whom we may transfer the data, to fulfil our contractual and legal obligations. These are in particular freight forwarders, tax consultants, auditors, lawyers, banks, insurance companies, etc.

5. Your Rights:
If your personal data is processed, you have the right to receive information regarding the stored data concerning yourself (Article 15 GDPR). Should inaccurate personal data be processed you have the right to rectification (Art. 16 GDPR). If the legal requirements are met, you can request erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR) or data portability (Article 20 GDPR) as well as object to processing (Article 21 GDPR). You can revoke the consent you have given at any time without affecting the legality of the processing that has taken place up to the point of revocation. Should you exercise any of your rights set out above, we will check whether the legal requirements for this have been met. Furthermore, there is a right of appeal to the supervisory authority: The Bavarian State Office for Data Protection Supervision

6. Other questions:
If you have any questions about data protection, the data protection officer will be pleased to answer them on the above-mentioned contact details.