Information for customers, business and communication partners of Schuster Kunststofftechnik GmbH regarding the processing of their personal data

Schuster Kunststofftechnik GmbH and its affiliates of the Nissha Group (“SKT” or “company”) undertake to protect the privacy of their current, former and future customers and business and communication partners in the processing of personal data. Since 25 May 2018, the EU General Data Protection Regulation (“GDPR”) and the new Federal Data Protection Act (“FDPA”) have set new standards for data protection within the Federal Republic of Germany and the European Union.

The purpose of this letter is to inform future and current business and communications partners in Germany about the processing of their personal data by the company. The company is obligated to provide this information under Art. 13 f. GDPR.

“Business partner” or “communication partner” means any natural person with whom the company is in a business or communication relationship (in particular via an e-mail or message distributor or by post), e.g. representatives and employees of customers of the company, service providers, cooperation partners, media or other third parties.

1. Responsible controller and contact details

The responsible controller for your personal data under Art. 4 l (7) GDPR is:

Schuster Kunststofftechnik GmbH
Managing Director: Roland Beil
Lauchaer Höhe 13
99880 Waltershausen
Phone: +49 3622 4010-0
Fax: +49 3622 4010-150
E-mail: zentrale@schuster-kunststofftechnik.de

The contact details of our data protection officer are:

Schuster Kunststofftechnik GmbH
Kathleen Eichholz
Lauchaer Höhe 13
99880 Waltershausen
E-mail: datenschutz@schuster-kunststofftechnik.de

2. Categories of personal data

We process personal data that we receive from you or from third parties (e.g. your colleagues, supervisors or other persons through whom our contact with you has come about). In particular, this data includes:

  • Personal data such as first and last name, home and/or business address, telephone number, e-mail address, marital status, date of birth, gender, any photos, etc.;
  • Contract data, such as information contained in contracts or other business records, as well as bank details, tax ID, etc.;
  • Data from your legal relationships with third parties;
  • Communication data, such as information that is typically exchanged as part of a business correspondence using established communication channels (letter, e-mail, etc.).

3. Use of your personal data

The processing of your personal data takes place, insofar as this is necessary for the protection of the legitimate interests of the company (Art. 6 (1) (f) GDPR)), inter alia,

  • To conclude or execute contracts and other business relationships (including the conclusion, execution and settlement of purchase orders, deliveries or payments) or to prepare or respond to requests for quotations and to determine the terms of the contractual relationship with, among others, our clients and business and communication partners for whom you may act as a representative or employee;
  • To transmit your personal data within the company for internal administrative purposes (including centralised and consolidated customer management tasks);
  • For the publication of press releases and for general communication and contact purposes;
  • For invitations to trade fairs and other events organised by the company;
  • For the sending of product information and other advertising material;
  • For the use of service providers, in particular internal and external IT service providers who support our business processes, as well as other service providers and suppliers;
  • To ensure IT security and IT operations;
  • To conduct compliance investigations;
  • To ensure building and plant safety.

In the processing of your personal data from the above-mentioned interests, we ensure by weighing each case that it is neither disproportionate nor is it to be expected that your interests or fundamental rights and fundamental freedoms will prevail.

The processing of personal data is also carried out for the purpose of fulfilling contracts with individuals (natural persons) with whom the company has direct business relations, for example to process purchase orders, deliveries or payments, or to prepare and respond to requests for quotations from individuals or to establish conditions of the contractual relationship (Art. 6 (1) (b) GDPR).

Further processing of your personal data takes place on the basis of a separately granted consent (Art. 6 (1) (a) GDPR).

In addition, the company is subject to various legal obligations that may require the processing of your personal data (Art. 6 (1) (c) GDPR). These legal obligations may arise, for example, from tax, foreign trade or sanction regulations.

4. Recipients of your personal data

Within the Nissha Group, only authorised employees responsible for the task area have access to your personal information.

We have the authority to engage third parties (including other Nissha Group companies) to provide certain services, such as billing, accounting, IT, education, training and other ancillary services. We also use legal advisers, management consultants and other advisers. They provide the services to us under our supervision and in accordance with our instructions and may have access to your personal data as necessary for the provision of their services.

In accordance with the statutory provisions, in particular in compliance with Art. 5 and Art. 6 GDPR, we are also authorised to transfer your personal data to companies of the Nissha Group and to other third parties within and outside the EEA for the purposes named in point III.

In addition, we may, as far as legally permissible, transfer your personal data for the fulfilment of legal obligations or in the interests of the company to authorities (e.g. tax authorities or law enforcement authorities) and courts in Germany and abroad.

5. Data transmission outside the EEA

Your personal data may be transmitted to third parties (including other companies of the Nissha Group) and their service providers within and outside the European Economic Area (EEA) (see point IV.) for the purposes named under point III.

In countries outside the EEA, different data protection rules may apply than in the EU. In the case of a transfer of your personal data to other countries as described above, we will take reasonable precautions to ensure the protection of your personal data in these countries, e.g. the conclusion of so-called EU standard contracts with the respective recipient of the data, insofar as there is not relevant corresponding adequacy decision[1] according to Art. 45 GDPR or no exemption according to Art. 49 (1) GDPR, in particular the transfer is not necessary for the fulfilment of the contract.

If you need more information or if you would like to see existing contracts, you can contact us under the contact details listed in point I.

6. Your rights

Under the relevant conditions, the existence of which must be examined on a case by case basis, you have the right to obtain information about your personal data and to request the correction or deletion of your personal data or the restriction of the processing or your personal data, and to receive your personal data in a structured, standard and machine-readable format (data portability).

Under the legal prerequisites, the existence of which must be examined in individual cases, you also have the right to object to the processing of your personal data.

If you disagree with the processing of your personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing.

In cases where data processing is based on the basis of your consent, you have the right to revoke your consent at any time with future effect.

You can make use of the rights mentioned above by contacting us under the contact details listed in point I.

In addition, you have the right to lodge a complaint with a regulatory agency.

7. Confidentiality/ Security

Each of our employees and all employees of our external service providers who have access to and/or process personal data are required to keep this information confidential.

The company also uses appropriate technical and organisational security measures to protect stored personal information against manipulation, partial or total loss and against unauthorised access by third parties. The security measures of the company are constantly being improved in line with technological developments.

8. Deletion

We will delete your personal data immediately if the storage is no longer required to fulfil our contractual obligations or the legitimate interests mentioned in this privacy policy and there are no statutory storage requirements. If statutory storage requirements exist, we restrict the processing of the data.

9. Contact

This letter is for your information only. You do not have to take action. If you have any questions, comments or suggestions regarding this letter or our privacy practices, please contact the data protection officer mentioned in point I.

[1] Through a decision of the European Commission (“Adequacy Decision”), a third country can sometimes be judged to provide an adequate level of protection, that is, data can be transmitted to another company in that third country without the data exporter being required to provide further guarantees or to fulfil additional conditions. In other words, transfers to an “appropriate” third country are adapted to the transfer data within the EU. See more information at: https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/obligations/what-rules-apply-if-my- organization-transfers-data-outside-eu_de