We have talent.

Our obligation to inform as per Articles 13 and 14 of the GDPR

In the context of this document, we inform you about the processing of your personally identifiable data within our organisation, which we have received either directly from you (Article 13 of the GDPR) or through third parties (Article 14 of the GDPR). These particulars apply to customers and companies.

Controller

GECO Deutschland GmbH
Schellerdamm 16, D-21079 Hamburg
HRB 74004 Hamburg
T 040 764 007 0
F 040 764 007 20
E-mail datenschutz@geco-group.com

Data Protection Officer

a.s.k. Datenschutz e.K.
Schulstrasse 16a
91245 Simmelsdorf
Germany
Tel: 09155-263 99 70
E-mail: extdsb@ask-datenschutz.de
Website: www.ask-datenschutz.de

The data protection supervisory authority responsible for us is the "Hamburg Commissioner for Data Protection and Freedom of Information":https://www.datenschutz-hamburg.de/.

Use of data

We typically use the following data from you:

  • First name / Last name
  • Address of the company
  • Telephone numbers: Office / Mobile / Fax
  • E-mail address
  • Division / Department
  • Title / Position / Function in the company
  • Reason and content of your request
  • Interests / Needs

We use the data for the following purposes:

  • Initiation of contract / performance of contract in accordance with Article 6 (1) (b) of the GDPR.
  • Compliance with statutory obligations under Article 6 (1) (c) of the GDPR
  • Information/advertising exclusively for internal purposes in accordance with Article 6 (1) (f) of the GDPR.
  • Protection of legitimate interests pursuant to Article 6 (1) (f) of the GDPR.

Specifically, these include:

  • Response to enquiries
  • Quotation preparation
  • Dispatch of customer information
  • Contract preparation
  • Newsletter dispatch
  • Purchasing / Management / Administration
  • Partnerships
  • Maintenance of business relationships

We pass on your data only as needed to the following recipients or categories of recipients (within the framework of a checked and agreed upon data processing agreement pursuant to Articles 28 and 32 of the GDPR, if required by law): External service providers who provide services on our behalf (including external consultants, business partners and professional advisors such as lawyers, auditors and tax consultants, technical support professionals and IT consultants who perform development and testing work on our company's technological systems).

The planned storage period of your data is as follows:

Immediate deletion as soon as the intended purpose no longer applies, insofar as we do are not required to take into account compliance with statutory retention periods. In the case of statutory archiving obligations, the deletion is carried out after these expire (6 years, according to Article 257 (1) of the German Commercial Code (HGB), 10 years, according to Article 147 (1) of the German Tax Code (AO). In the case of data that has been disclosed to us by the client within the scope of an order, we delete the data in accordance with the specifications of the order, generally upon completion of the order, provided that no statutory retention period applies.
Furthermore, we store information on suppliers, event organisers and other business partners on the basis of our business interests, e.g. for the purpose of contacting them at a later date. We store this data, most of which is company-related, permanently.

How do we collect your personally identifiable data?

We usually receive your data directly from you. We also actively seek or receive personally identifiable data of (potential) customers or their contact persons/employees from other generally accessible sources. This allows us to find information about you when searching for potential customers in external sources (usually via an Internet search, but also via business portals such as LinkedIn or XING and other job networks).
In the case of pre-contractual contacts for the initiation of business or subsequent cooperation, separate consent for the processing of data is not required, since the processing of your data, if personally identifiable data is involved, is based on the legal authorisation criterion of Article 6 (1) (f) of the GDPR. If there no cooperation ensues, or if we cannot reach you, we will delete this minimum data record within the period of time provided by law.

Your rights as a data subject

According to the basic data protection regulation you are entitled to the following rights:

If your personally identifiable data is processed, you have the right to receive information about the data stored about you (Article 15 of the GDPR).

If incorrect personally identifiable data are processed, you have the right to have them corrected (Article 15 of the GDPR).

If the legal requirements are met, you can request the deletion or restriction of the processing and lodge an objection to the processing (Articles 17, 18 and 21 of the GDPR).

If you have consented to the processing of your data or a data processing contract exists and the data processing is carried out using automated procedures, you may have a right to data transferability (Article 20 of the GDPR).

Should you make use of your above mentioned rights, we will check whether the legal requirements for this are fulfilled.

Furthermore, there is a right of appeal to the "Hamburg Commissioner for Data Protection and Freedom of Information". Website https://www.datenschutz-hamburg.de/

* The GDPR refers to the General Data Protection Regulation (OJ EU v. 4.05.2016, L 119/1), available at http://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32016R067

Stay up to date with our newsupdate

To the newsupdate registration