Data Protection Declaration on the Use of Your Personal Data

 

Information on the use of your personal data by Out of the blue KG ("Out of the blue")

Version: 22 May 2018

This data protection notice applies to data processing in connection with the initiation and execution of customer orders and all marketing measures of Out of the blue KG, Beim neuen Damm 28, 28865 Lilienthal, Germany.

1.                 What is the legal basis on which personal data is collected and processed by Out of the blue?

We process your personal data exclusively within the framework of the European and German data protection laws, in particular the General data protection Regulation (GDPR) and the provisions of the German Unfair Competition Act (UWG) and the German Federal Data Protection Act (BDSG), i.e. only insofar and as long as

-       it is necessary for the performance of a contract with you or for the implementation of pre-contractual measures that are taken at your request, or

-       you have given your consent to the processing or

-       the processing is necessary to protect the legitimate interests of us or third parties, e.g. in the following cases: Assertion of claims, defence in legal disputes, advertising and market research, detection and elimination of abuse, prevention and investigation of criminal offences, ensuring the secure IT operation of Out of the blue or

-       due to legal requirements, e.g. storage of documents for commercial and tax purposes or in the public interest.

2.                 What rights do you have?

You have the right,

2.1              to request information on categories of data processed, processing methods, possible recipients of the data, the planned storage period (Art. 14, 15 GDPR);

2.2              to request the correction or addition of incorrect or incomplete data (Art. 16 GDPR);

2.3              to change or revoke a given consent at any time with effect for the future (Art. 7 para. 3 GDPR);

2.4              to object to the processing of data on the basis of a legitimate interest for reasons arising from your particular situation (Art. 21 para. 1 GDPR);

2.5              to object to the processing of your personal data for the purposes of advertising and market research;

2.6              in certain cases, within the framework of Art. 17 GDPR, to request the deletion of data - in particular to the extent that the data are no longer required for the intended purpose or are processed unlawfully, or you revoke your consent in accordance with Section 2.3 or an objection in accordance with Section. 2.4 have clarified;

2.7              under certain conditions to demand the restriction of data if deletion is not possible or the obligation to delete is in dispute (Art. 18 DSG-VO);

2.8              to data transferability, i.e. you can receive the data you have provided to us in a common machine-readable format such as CSV and transmit it to others if necessary (Art. 20 GDPR);

2.9              to complain to the competent supervisory authority for data processing (Landesbeauftragter für den Datenschutz Niedersachsen, Germany).

3.                 How can you exercise your rights under paragraph 2?

To exercise your rights under paragraph 2, you can contact us directly. By email to dataprotection@ootb.de or by post to: Out of the blue KG, Data Protection, Beim neuen Damm 28, 28865 Lilienthal, Germany. In addition, you can contact the competent supervisory authority for data processing (Landesbeauftragter für den Datenschutz Niedersachsen, Germany).

4.                 Which personal data are processed by Out of the blue and for what purpose?

4.1              Since we are only active in B2B trade, we process personal data only to a very limited extent. Personal data is collected, for example, if we have a personal contact person at a company and also collect his or her personal data for this purpose. Personal data may include first names, surnames, titles, company names, postal addresses, e-mail addresses, telephone numbers, mobile phone numbers, fax numbers, Internet addresses or contact addresses via so-called social media platforms (e.g. Twitter, LinkedIn, Xing, FaceBook, Skype).

4.2              We use personal data for the following purposes

-       for the offer, the conclusion and the execution of contracts, including the preparation of offers, order confirmations, delivery notes, invoices, reminders;

-       for the delivery of goods and their returns;

-       for storing data;

-       for address matching;

-       for advertising by email or post (including selection, advertising scoring and profile building if necessary), as well as for market research; this use can be contradicted at any time by email to:
dataprotection@ootb.de
or by mail to: Out of the blue KG, Data Protection, Beim neuen Damm 28, 28865 Lilienthal, Germany;

-       for credit assessments (see Note 5.).

5.                 Does Out of the blue carry out credit assessments and work together with credit agencies and other companies to minimise risks?

5.1              Out of the blue reserves the right to carry out credit assessments in case of high value order or orders from abroad. The purpose is to protect us from payment defaults. Since we sell exclusively to commercial customers and the credit assessment relates to the customer company, personal data is rarely required and used for the credit assessment. The use of personal data may be necessary, for example, if the customer is a sole trader.

5.2              For credit assessment purposes, it may also be necessary to transmit the customer's personal data externally to a credit agency or a collection agency, such as data on the initiation, execution and termination of contractual relationships and data on a breach of contract or fraudulent conduct. 

5.3              The credit agencies and debt collection agencies commissioned by us process the data received and also use it for scoring purposes in order to provide their contractual partners in the European Economic Area and in Switzerland and, where applicable, in other third countries (if the European Commission has passed an adequacy resolution on these) with information, inter alia, for assessing the creditworthiness of companies. Further information on this data processing can be found in the data protection information of the business information agencies and debt collection agencies with which we cooperate:

-       Creditsafe Deutschland GmbH, Schreiberhauerstr. 30, 10317 Berlin, Germany, Privacy policy: https://www.creditsafe.com/de/de/rechtliches/datenschutzhinweise/datenschutzhinweise-fuer-auskunfteidaten.html

-       Creditreform Bremen Dahlke KG, Contrescarpe 17, 28203 Bremen, Germany, Privacy policy: https://www.creditreform-bremen.de/eu-dsgvo.html  

-       Euler Hermes Deutschland AG, Friedensallee 254.22763 Hamburg, Germany, Privacy policy: https://www.eulerhermes.de/datenschutz.html  

-       Dun & Bradstreet Limited, Marlow International, Parkway, Marlow, Bucks SL7 1AJ, United Kingdom, Privacy Policy: https://www.dnb.co.uk/utility-pages/privacy-policy.html .

5.4              The legal basis for such data processing is Article 6(1)(b) and Article 6(1)(f) GDPR.

6.                 To whom does Out of the blue transmit your data?

6.1              To so-called data processors. These are companies that we commission to process data within the legally prescribed framework, Art. 28 GDPR (service providers, vicarious agents). These data processors process data only in accordance with the instructions and under the control of Out of the blue and exclusively for the purposes described in this data protection information. We commission companies in the following areas in particular: IT, sales, marketing (e.g. online dispatch or postal dispatch of marketing material), market research, finance, consulting, customer service, human resources, logistics, printing, credit assessment, debt collection. We conclude additional contracts with these data processors that meet the legal requirements (Art. 28 GDPR) and that guarantee the protection of your personal data.

6.2              To cooperation partners who provide services for you or in connection with your contract on their own responsibility (e.g. logistics service providers). This is the case if you commission services of such partners with us or if you agree to the integration of the partner or if we integrate the partner on the basis of a legal permit.

6.3              Due to legal obligation: In certain cases we are legally obliged to transfer certain data to third parties. For example, after submission of a ruling on the provision of information.

7.                 Where is your data processed?

Your data will be processed in Germany and other European countries.

If, in exceptional cases, your data is also processed in countries outside the European Union (i.e. in so-called third countries), this will take place insofar as you have expressly consented to this or it is necessary for our service provision to you or it is provided for by law (Art. 49 GDPR). In addition, your data will only be processed in third countries if certain measures ensure that an appropriate level of data protection exists (e.g. adequacy resolution of the EU Commission or so-called appropriate safeguards, Art. 44 et seqq. GDPR).

8.                 For how long will your data be stored?

We delete your personal data as soon as you revoke your declared consent or exercise your right to deletion, but only after expiry of the legal retention obligations to be observed by us, but at the latest ten (10) years after you last corresponded with us.