Data privacy information for suppliers
Care, openness and transparency constitute the basis for a trusting cooperation with our freelancers, agents and suppliers. We therefore inform you about how we process your data and how you can exercise the rights to which you are entitled under the General Data Protection Regulation. The type of personal data we process and the purpose for which it is processed depend on the respective contractual relationship.
Information about the processing of your personal data
Who is responsible for data processing?
Responsible party is:
Materna Information & Communications SE
Represented by its executive board: Martin Wibbe (CEO)
How do you reach the data protection officer?
You can reach our data protection officer:
Materna Information & Communications SE
Personal/ Confidential to the Data Protection Officer
Which of your personal data do we use?
We will process your personal data if you have an enquiry, if we receive an offer from you or if you conclude a contract with us. In addition, we process your personal data to fulfil legal obligations, to safeguard a legitimate interest or based on your consent.
Depending on the legal basis, the following categories of personal data are covered:
- First name and Surname
- Communication data (telephone, e-mail address)
- Contract master data, in particular contract number, term, period of notice, conditions and type of contract
- Billing data/turnover data/time sheets
- Creditworthiness data
- Payment data/Account information
- Video or image recording
In the course of initiating the contract, we also make use of data provided to us by third parties. Depending on the type of contract, the following categories of personal data are covered:
- Information on creditworthiness (via credit agencies)
- Information on bogus self-employment
- Information from sanctions lists (e.g. UN list)
From which sources does the data originate?
We process personal data that we receive from our customers, service providers (incl. freelancers) and suppliers.
We also receive personal data from the following sources:
- Credit agencies
- Publicly available sources: Commercial or association registers, debtor registers, land registers, sanction lists (of the EU, the UN, states like the USA)
- Other Group companies
For what purposes do we process your data and on what legal basis?
We process your personal data in particular in compliance with the General Data Protection Regulation (GDPR) (German: Datenschutz-Grundverordnung (DSGVO)) and the Federal Data Protection Act (FDPA) (German: Bundesdatenschutzgesetz (BDSG)) as well as all other relevant laws.
For the fulfilment of a contract (Art. 6 para. 1 b DSGVO)
We use your personal data for requests for information and requests for proposal, as well as for the execution of customer orders. Within this contractual relationship, we will process your data in particular for the purpose of carrying out the following activities:
- Contract-related contact
- Profile-related contact for follow-up orders or new orders
- Contract management
- Ongoing contract management
- Exercising of warranty and liability claims
- Receivables management
- Contract termination management
Further information on the purposes of data processing can be found in the respective contract documents and general terms and conditions.
For the fulfilment of legal obligations (Art. 6 para. 1 c DSGVO)
As a company we are subject to various legal obligations. For the fulfilment of these obligations, the processing of personal data may be necessary.
- Control and reporting obligations
- Creditworthiness, age and identity checks
- Prevention/Defense of criminal offences
Due to a legitimate interest (Art. 6 para. 1 f DSGVO)
In some cases, we process your data to protect a legitimate interest of us or third parties.
- Direct advertising or market and opinion research
- Central supplier and customer data management within the group
- Measures for building and plant safety
- Video surveillance for the protection of domiciliary rights
- Consultation and data exchange with credit agencies to determine creditworthiness and default risks
- Safeguarding IT security and IT operations
To whom will your data be passed on?
In order to fulfil our contractual and legal obligations, your personal data will be disclosed to various public or internal bodies as well as to external service providers.
6.1 Companies within the Group
The Materna group maintains a central supplier and customer data management. The companies of the Materna Group can be viewed at https://www.materna.com/EN/About-us/Locations/locations_node.html.
6.2 External service providers
We work with carefully selected external service providers to meet our contractual and legal obligations:
- IT service providers (e.g. maintenance service providers, hosting service providers)
- Service provider for document and data destruction
- Printing services
- Payment service providers
- Service providers for marketing or sales
- Credit agencies
- Authorized dealers
- Service providers for telephone support (Call Center)
- Web hosting service providers
- Chartered accountants
6.3 Public authorities
In addition, we may be obliged to transfer your personal data to other recipients, such as authorities to fulfill statutory notification obligations.
- Tax authorities
- Customs authorities
- Social security agencies
Is your data transferred to countries outside the European Union (so-called third countries)?
Countries outside the European Union (and the European Economic Area "EEA") have a different approach to the protection of personal data than countries within the European Union. There is currently no decision by the EU Commission that these third countries generally offer an adequate level of protection.
We have therefore taken special measures to ensure that personal data is processed as securely in third countries as within the European Union. We have concluded the standard data protection clauses provided by the Commission of the European Union with service providers in third countries. These clauses provide appropriate safeguards for the protection of your data by third-country service providers.
Our service providers in the USA are generally bound by the standard data protection clauses.
For any further questions, please contact us at firstname.lastname@example.org.
How long will my data be stored?
We store your personal data as long as it is necessary to fulfill our legal and contractual obligations or for a partnership cooperation.
If the data storage is no longer necessary for the fulfilment of contractual or legal obligations or for a partnership cooperation, your data will be deleted, unless its further processing is necessary for the following purposes:
- Consideration for upcoming tenders that match your expertise & qualifications
- Compliance with commercial and tax retention obligations. These include retention periods from the German Commercial Code (German: Handelsgesetzbuch (HGB)) or the German Fiscal Code (German: Abgabenordnung (AO)). The retention periods are up to 10 years.
- Preservation of evidence subject to the rules of limitation stipulated by law. According to the statutes of limitations of the German Civil Code (German: Bürgerliches Gesetzbuch (BGB)), these statutes of limitations can extend up to 30 years in some cases; the regular statute of limitations amounts however to three years.
What are your rights in connection with the processing of your data?
Every affected person has the right to information pursuant to Art. 15 DSGVO, the right to rectification pursuant to Art. 16 DSGVO, the right to erasure pursuant to Art. 17 DSGVO, the right to limitation of processing pursuant to Art. 18 DSGVO, the right to objection pursuant to Art. 21 DSGVO and the right to data portability pursuant to Art. 20 DSGVO. The restrictions under §§ 34 and 35 BDSG apply to the right to information and the right to erasure.
Right of objection
You can object to the use of your data for advertising purposes using electronic mail at any time without incurring any costs other than the transmission costs according to the basic tariffs.
What right do you have in the case of data processing based on your legitimate or public interest?
Pursuant to Art. 21 (1) DSGVO, you have the right to object at any time to the processing of your personal data on the basis of Art. 6 (1) e DSGVO (data processing in the public interest) or Art. 6 (1) f DSGVO (data processing to safeguard a legitimate interest) for reasons arising from your particular situation; this shall also apply to profiling based on this provision.
In the event of your objection, we will no longer process your personal data unless we can prove compelling reasons for processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims.
What right do you have in the case of data processing for the purpose of direct advertising?
If we process your personal data for the purpose of direct advertising, you have the right, pursuant to Art. 21 (2) DSGVO, to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this shall also apply to profiling insofar as it is connected with such direct advertising.
In the event of your objection to the processing for the purpose of direct marketing, we will no longer process your personal data for these purposes.
Revocation of consent
You can revoke your consent to the processing of personal data at any time. Please note that the revocation is effective only for the future.
Accessing personal data
You can request information on whether we have stored personal data about you. If you wish, we can tell you which data it is, for what purposes the data is processed, to whom this data is disclosed, how long the data is stored and what other rights you have with regard to this data.
In addition, you have the right to rectify incorrect data or to delete your data. If there is no reason for continuing storage, we will delete your data. Otherwise, we will restrict processing. You may also request that we provide any personal information you have provided to us in a structured, common and machine-readable format either to you or to a person or company of your choice.
Furthermore, a right of appeal to a data protection supervisory authority exists (Art. 77 DSGVO in connection with § 19 BDSG).
Exercise of your rights
To exercise your rights, you can contact the person responsible or the data protection officer using the contact details provided. We will process your enquiries immediately and in accordance with the legal requirements and inform you of the measures we have taken.
Is there an obligation to provide your personal data?
To establish a business relationship, you must provide us with the personal data that is required for the execution of this contractual relationship or that we are required to collect by compulsory legal provisions. If you do not provide us with this data, we will not be able to fulfil and process the contractual relationship.
Changes to this information
Should the purpose or method of processing your personal data change significantly, we will update this information in good time and inform you of the changes immediately.