Privacy Policy of the dpa Group for business contacts
With the following information, we would like to provide you with an overview of how com-panies of the dpa Group process your per-sonal data and inform you of your rights un-der the EU General Data Protection Regula-tion (GDPR) and the German Federal Data Protection Act (BDSG).
This Privacy Policy applies to the personal data of, e.g. owners, shareholders, execu-tives, general managers or other employees of our contract or business partners, sole proprietors, teachers, types of flat-rate and other freelance employees or other natural persons that we process in connection with existing or incipient contractual, business or other legal relationships.
1. Controller and data protection officer
The controller of the data that are pro-cessed in accordance with this Privacy Policy is the company of the dpa Group with which you or your company maintain or are seeking to establish a contractual, business or other legal relationship. The contact data of the companies of the dpa Group and those of any data protection officer who may have been appointed can be found at the end of this Privacy Policy.
2. Affected data, legal bases and pro-cessing purposes
We process information about you as part of an existing or incipient contractual, business or other legal relationship, such as name, employer or organisation, posi-tion, profession, business interests, con-tact data (e.g. physical address, phone number, email address), contract and payment information, and details related to a contractual, business or other legal rela-tionship. Data may be processed on the following legal bases and for the following purposes:
a) We process your data if this is necessary for the fulfilment of a contract with you or your company or to take preparatory steps for a contract (Article 6(1)(b) GDPR). This covers, in particular, processing in con-nection with the negotiation, conclusion, performance, execution and termination of contracts of any nature (e.g. purchase contracts, contracts to produce a work, service contracts, rental contracts, licence contracts and content-based contracts as well as order-based relationships), irre-spective of whether we are the creditor or debtor, and processing for customer ser-vice purposes and in connection with par-ticipation in awards. Please be aware that we are able to enter into a business rela-tionship with you only if you provide the data necessary for this in each case.
b) We process data on the basis of statutory provisions (Article 6(1)(c) GDPR), for ex-ample, for the purposes of satisfying tax or other statutory monitoring and reporting obligations, as well as for the purposes of auditing by tax and other authorities and for the purposes of complying with statu-tory retention periods.
c) In addition, we process your data to pro-tect our legitimate interests or those of a third party, except where such interests are overridden by your interests (Article 6(1)(f) GDPR). In this regard, processing may take place, in particular, for the fol-lowing purposes or to protect the follow-ing legitimate interests: contact mainte-nance and promotional measures; invita-tions to events and trade fairs; optimisa-tion of our business processes, such as by keeping a data base with customers and potential customers; maintenance of security (such as by logging access to our office buildings, video surveillance or in connection with IT security measures); controlling; protection against payment de-faults; assertion and defence of legal claims.
d) Your data may also be processed if you consented to this (Article 6(1)(a) GDPR). Pursuant to Article 7(3) GDPR, you may withdraw the consent with prospective ef-fect at any time. Such withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
3. Data sources
In principle, we process personal data that are provided to us by data subjects as part of contractual, business or other legal re-lationships, or that we receive from the relevant contract or business partners. Where necessary for the purposes de-scribed in this Privacy Policy, we receive data from other companies of the dpa Group or collect them from third-party sources, which may also include public sources such as debtors’ lists, commercial and association registers, websites and publications in the press and media. If re-quired by statute, we will notify you about this separately.
4. Data recipients
In order to fulfil the aforementioned pur-poses, we reserve the ability to disclose your personal data to the following recipi-ents or categories of recipients:
a) We make use of the services of proces-sors to process your personal data on our behalf. These service providers are per-mitted to process personal data only in ac-cordance with our explicit instructions, and they are obligated by contract to ensure adequate technical and organisational measures for data protection. Our service providers thus work for us as processors within the meaning of Article 28 GDPR. These recipients include, for example, IT service providers, hosting services and document shredders.
b) Furthermore, we transfer personal data to external third parties if this is necessary for the performance of a contractual rela-tionship or to take preparatory steps for concluding a contract. Such third parties include, for example, shipping, communi-cation and logistics service providers, cou-riers and banks and financial institutions.
c) To the extent necessary for the handling of an enquiry or the conclusion or perfor-mance of a contractual or business rela-tionship, as well as in the case of central-ised corporate functions, your data may be transferred to other companies of the dpa Group for the fulfilment of the afore-mentioned purposes.
d) Your data may also be transmitted to our auditors and tax advisors, as well as to statutorily authorised third parties, as part of court or enforcement proceedings.
e) Where necessary for the purposes of investigating or prosecuting unlawful or abusive incidents, or as part of legal dis-putes or incipient legal disputes, personal data are forwarded to our legal advisors, collection agencies, law enforcement au-thorities and, where applicable, damaged third parties. However, this takes place only if there are specific indications of un-lawful or abusive conduct. Such transfer may also take place if this serves to en-force contractual arrangements or other claims between us and our contract or business partners or third parties or if claims are asserted against us.
f) Moreover, we are obligated by statute to provide information to certain public au-thorities upon request. This includes law enforcement authorities, authorities that prosecute administrative offences that are subject to a fine, and financial authorities.
g) Where we rely on companies or service providers domiciled outside the EU or EEA for the fulfilment of the purposes de-scribed in this Privacy Policy, your data are transferred, as a rule, only if the re-quirements of Articles 44 et seq. GDPR are met.
h) In connection with the further develop-ment of our business, the structure of a company of the dpa Group may change. In such cases, the affected personal data will be transferred in accordance with the change of structure (e.g. transferred to-gether with the part of the relevant com-pany that is being acquired).
5. Storage period
As a rule, we process and store your per-sonal data for as long as this is necessary for the fulfilment of the aforementioned purposes and statutory obligations: On principle, we keep master data and contact data available until the definitive termina-tion of the respective contractual, busi-ness or other legal relationship, including the expiry of relevant prescription periods. In addition, we reserve the ability to store and process your personal data for a peri-od of up to one year after termination of a contractual relationship in connection with advertising directed to existing customers, unless you object to such use. If reorder-ing does not take place during this period, your data will not be processed further for this purpose after expiry of the aforemen-tioned period. We erase event-related in-formation (such as with respect to a con-tractual or order relationship) with expiry of the statutory retention period (such as the six- or ten-year retention pursuant to section 257 of the German Commercial Code (Handelsgesetzbuch)); in such cas-es, the affected data will be blocked for any further processing.
6. Your rights
As data subject, you have the right to as-sert your data subject rights. To assert you rights, please contact the dpa compa-ny responsible for the data processing, i.e. the dpa company with which you have a contractual, business or other legal rela-tionship or an incipient contractual, busi-ness or other legal relationship. In this re-gard, you have the following rights:
Pursuant to Article 15 GDPR and sec-tion 34 BDSG, you have the right to request information as to whether or not your personal data are being pro-cessed and, if so, to what extent.
Pursuant to Article 16 GDPR, you have the right to demand the correction of your data.
Pursuant to Article 17 GDPR and sec-tion 35 BDSG, you have the right to demand the deletion of your personal data.
Pursuant to Article 18 GDPR, you have the right to have the processing of your personal data restricted.
Pursuant to Article 20 GDPR, you have the right to receive the personal data concerning your person that you have provided to a controller, in a structured, commonly used and machine-readable format and to transmit those data to another controller.
Pursuant to Article 21 GDPR, you have the right to object to any processing based on Article 6(1)(e) or (f) GDPR. Where personal data about you is pro-cessed for direct marketing purposes, including profiling, you can object to this processing pursuant to Article 21(2) and (3) GDPR.
7. Data processing in connection with the exercise of your rights
Finally, we point out that in connection with the exercise of your rights, personal data transmitted by you are processed for the purposes of implementing those rights and in order to be able to provide proof of this (Article 6(1)(c) GDPR).
8. Complaint to a supervisory authority
If you consider that the processing of personal data relating to you infringes provisions of data protection law, you have right pursuant to Article 77 GDPR to lodge a complaint with a supervisory au-thority.
9. dpa distribution and sales channels
Please be aware that when using the dis-tribution and sales channels of dpa (web-site, portals, apps, etc.), further infor-mation about data protection may be rele-vant. You can view this information directly via the respective channel.
10. Overview of the relevant companies of the dpa Group:
dpa Deutsche Presse-Agentur GmbH
Mittelweg 38
20148 Hamburg
Data protection officer contact: datenschutz@dpa.com
dpa-infocom GmbH
Mittelweg 38
20148 Hamburg
Data protection officer contact: datenschutz@dpa.com
dpa-infografik GmbH
Mittelweg 38
20148 Hamburg
Data protection officer contact: datenschutz@dpa.com
dpa English Services GmbH
Mittelweg 38
20148 Hamburg
Data protection officer contact: datenschutz@dpa.com
dpa-IT Services GmbH
Mittelweg 38
20148 Hamburg
Data protection officer contact: datenschutz@dpa.com
dpa Picture-Alliance GmbH
Gutleutstraße 110
60327 Frankfurt am Main
Data protection officer contact: datenschutz@dpa.com
Rufa Rundfunk-Agenturdienste GmbH
Markgrafenstraße 20
10969 Berlin
Data protection officer contact: datenschutz@dpa.com
dpa-AFX Wirtschaftsnachrichten GmbH
Gutleutstraße 110
60327 Frankfurt am Main
Data protection officer contact: datenschutz@dpa.com
mecom Medien-Communikations- Gesellschaft mbH
Mittelweg 143
20148 Hamburg
Data protection officer contact: datenschutz@dpa.com
UseTheNews gGmbH
Mittelweg 38
20148 Hamburg
Data protection officer contact: -