Notes on data processing
1. Name and contact details of the controller and the company data protection officer
This data protection information applies to data processing by
Controller
mdi Europa GmbH, represented by the managing director Werner Sander, Langenhagener Str. 71, D-30855 Langenhagen, phone: +49 511 39089530, e-mail: info@mdi-europa.com.
We are currently not obliged to appoint a data protection officer.
2. Collection and storage of personal data as well as type and purpose and their use
When you conclude a contract with us, we collect the following information from you:
- Title, first name, surname,
- valid e-mail address(es),
- address(es),
- telephone number(s) (landline and/or mobile),
- other information necessary for processing your order.
This data is collected to process our contractual relationship, in particular
- to be able to identify you as our customer,
- for correspondence with you,
- for invoicing purposes.
The data processing is carried out at your request and is required in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR for the purposes mentioned for the appropriate execution of the contractual relationship and for the mutual fulfilment of obligations arising from the contractual relationship.
The personal data collected by us for order processing will be stored until the expiry of the applicable statutory periods (including limitation periods) and then deleted, unless we are obliged to store it for a longer period of time in accordance with Article 6 (1) sentence 1 lit. c GDPR due to tax and commercial law or other statutory storage and documentation obligations or you have consented to further storage in accordance with Article 6 (1) sentence 1 lit. a GDPR.
3. Disclosure of data to third parties
Your data will not be passed on to third parties unless we expressly state this in this information sheet.
Your data will be passed on to third parties for the fulfilment of the contract to which you are a party. This is therefore lawful under Art. 6 para. 1 sentence 1 lit. b GDPR.
In addition, our system administrator and the developer of our database have access to your data. We have a legitimate interest in maintaining your data in our database and ensuring the security and confidentiality of your data with the help of our system administrator and IT developer. Therefore, the transfer is justified in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. We have also concluded order processing agreements.
Otherwise, your personal data will not be transferred to third parties.
4. rights of data subjects
You have the right to
- request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information on its details;
- in accordance with Art. 16 GDPR to immediately request the correction of incorrect or incomplete personal data stored by us;
- to demand the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
- in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful but you refuse to delete it and we no longer need the data, but you need it for the assertion, exercise or defence of legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;
- in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller;
- in accordance with Art. 7 para. 3 GDPR, to revoke your consent once given to us at any time. The consequence of this is that we may no longer continue the data processing that was based on this consent in the future, and
- to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.
5. Right of objection
If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation.
If you wish to exercise your right of cancellation or objection, simply send an e-mail to info@mdi-europa.com.
By signing the service agreement, you confirm that you have read and accepted this privacy policy.
