Data protection information in accordance with the EU General Data Protection Regulation (DSGVO)
(Stand: 12/2023)
The following information provides you with an overview of how we process your personal data and your rights under data protection law. Which data is processed in detail and how it is used depends largely on the respective underlying business relationships.
1. person responsible for data processing
Person responsible is:
Train4you Vertriebs GmbH
Kolumbastraße 5
50667 Köln
Tel: +49 221 800 20 820
Fax: +49 221 800 20 829
Email: info@train4you.de
2. data type and data origin
We process personal data that we receive from our customers in the course of our business relationship. In addition, we process – to the extent necessary for the provision of our service – personal data that we have received from other third parties (e.g. business information services) in a permissible manner (e.g. for the execution of orders, for the fulfilment of contracts or on the basis of consent given by you).
On the other hand, we process personal data that we have permissibly obtained from publicly accessible sources (e.g. trade and association registers, press, media, internet) and are allowed to process.
Relevant personal data can be, for example: Name, address, telephone, e-mail address, vehicle registration number and type.
3. purpose of the processing and legal basis
We process the aforementioned personal data in accordance with the provisions of the EU General Data Protection Regulation (DSGVO) and the Federal Data Protection Act (BDSG) for the following purposes:
3.1 To fulfil contractual obligations
(Artikel 6 Abs.1 b DSGVO)
The processing of personal data is carried out in the context of the implementation of our contracts with our customers or for the implementation of pre-contractual measures, which are carried out at your request.
3.2 Within the framework of the balancing of interests
(Artikel 6 Abs. 1 f DSGVO)
Where necessary, we process your data beyond the actual performance of the contract to protect legitimate interests of us or third parties such as:
– Advertising, insofar as you do not object to the use of your data
– Assertion of legal claims and defence in legal disputes
– Ensuring IT security and IT operations
– Prevention of criminal offences
– Video surveillance for the preservation of domiciliary rights
– Measures for building and facility security (e.g. access controls)
– Measures to ensure the right of domicile
– Risk management in the Group
3.3 Based on your consent
(Artikel 6 Abs. 1 a DSGVO)
If you have given us consent to process personal data for certain purposes (e.g. consent to the use of cookies on our homepage), the lawfulness of this processing is based on your consent. Consent given can be revoked at any time. This also applies to the revocation of declarations of consent given to us before the EU General Data Protection Regulation came into force, i.e. before 25 May 2018. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected by this.
3.4 Due to legal requirements (Article 6 (1) c DSGVO) or in the public interest
(Artikel 6 Abs.1 e DSGVO)
To fulfil legal obligations, i.e. legal requirements such as the documentation obligations according to the German Commercial Code (HGB).
4. authorised persons and data recipients
Within our company, access to your data is granted to those departments that need it to fulfil our contractual and legal obligations. Service providers and vicarious agents employed by us may also receive data for these purposes if they comply with our written instructions under data protection law. These are essentially companies from the categories listed below:
– Public bodies and institutions (e.g. tax authorities, Federal Central Tax Office, Federal Railway Authority) in the event of a legal or official obligation.
– Processors to whom we transfer personal data in order to carry out the business relationship with you are, for example:
– Financial accounting service provider
– IT service provider for the support/maintenance of EDP/IT applications
– data destruction service provider
— Lettershops
– website company
– accounting firms
– Service provider in the field, catering, logistics, administration
– Communication and marketing service provider
5. Processing of your data in a third country
Data is transferred to bodies in third countries (countries outside the European Union (EU) or the European Economic Area (EEA)) if it is necessary for the execution of an order/contract from or with you, if it is required by law (e.g. tax reporting obligations), if there is an appropriate level of data protection or if you have given us your consent.
Your data may also be processed in a third country in connection with the involvement of service providers as part of order processing. If there is no decision by the EU Commission on an adequate level of data protection in the country in question, we will ensure that your rights and freedoms are adequately protected and guaranteed by means of appropriate contracts. Corresponding detailed information can be found in the individual descriptions of the processing under section B. Information on the suitable or appropriate safeguards and the possibility of obtaining a copy of these can be obtained on request.
6. retention periods
We process and store your personal data as long as it is necessary for the fulfilment of our contractual and legal obligations. If the data is no longer required for the fulfilment of contractual or legal obligations, it is regularly deleted. With regard to the retention periods, reference should be made here, for example, to the Commercial Code and the Fiscal Code. The time limits for storage and documentation specified there are two to ten years. In addition, data is retained in order to preserve evidence within the framework of the limitation periods pursuant to §§ 195 ff BGB. The limitation periods can be up to 30 years, with the regular limitation period being three years.
7. data protection rights
Every data subject has the right of access under Article 15 of the GDPR, the right of rectification under Article 16 of the GDPR, the right of erasure under Article 17 of the GDPR, the right to restrict processing under Article 18 of the GDPR, the right to object under Article 21 of the GDPR and the right to data portability under Article 20 of the GDPR. With regard to the right to information and the right of deletion, the restrictions according to §§ 34 and 35 BDSG apply. In addition, there is a right of appeal to a data protection supervisory authority (Article 77 DSGVO in conjunction with Section 19 BDSG). You can revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent given to us before the EU Data Protection Regulation came into force, i.e. before 25 May 2018. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected by this.
8. obligation to provide data
Within the scope of our business relationship, you must provide those personal data that are necessary for the establishment and implementation of a business relationship and the fulfilment of the associated contractual obligations or which we are legally obliged to collect. Without this data, we will usually have to refuse to conclude the contract or carry out the order, or we will no longer be able to carry out an existing contract and may have to terminate it. If you do not provide us with the necessary information and documents, we may not enter into or continue the business relationship requested by you.
9. automated decision making and profiling
As a matter of principle, we do not use fully automated decision-making pursuant to Article 22 DSGVO to establish and implement the business relationship. We do not process your data with the aim of evaluating certain personal aspects (profiling).
10. Cookies
Right of objection pursuant to Article 21 of the EU General Data Protection Regulation (GDPR)
1. right to object on a case-by-case basis
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(2) of the Data Protection Act. 1 e DSGVO (data processing in the public interest) and Article 6 para. 1 f DSGVO (data processing based on a balance of interests). If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
2. right to object to the processing of data for advertising purposes
In individual cases, we process your personal data in order to send you advertising directly. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes. The objection can be made without formalities and should be addressed to:
Train4you Vertriebs GmbH
Kolumbastraße 5
50667 Köln
Tel: +49 (0) 221- 800 20 820
Fax: +49 (0) 221 – 800 20 829
info@train4you.de