Privacy Policy of the dpa Group for business contacts
With the following information, we would like to provide you with an overview of how companies of the dpa Group process your personal data and inform you of your rights under the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
This Privacy Policy applies to the personal data of, e.g. owners, shareholders, executives, general managers or other employees of our contract or business partners, sole proprietors, teachers, types of flatrate and other freelance employees or other natural persons that we process in connection with existing or incipient contractual, business or other legal relationships.
If you have any questions about this privacy policy, please contact datenschutz@dpa.com. This e-mail address applies to all companies of the dpa Group. You can also find our privacy policy for PDF download here .
1. Controller and data protection officer
The controller of the data that are processed in accordance with this Privacy Policy is the company of the dpa Group with which you or your company maintain or are seeking to establish a contractual, business or other legal relationship. The contact data of the companies of the dpa Group and those of any data protection officer who may have been appointed can be found at the end of this Privacy Policy.
2. Affected data, legal bases and processing purposes
We process information about you as part of an existing or incipient contractual, business or other legal relationship, such as name, employer or organisation, position, profession, business interests, contact data (e.g. physical address, phone number, email address), contract and payment information, and details related to a contractual, business or other legal relationship. Data may be processed on the following legal bases and for the following purposes:
a) We process your data if this is necessary for the fulfilment of a contract with you or your company or to take preparatory steps for a contract (Article 6(1)(b) GDPR). This covers, in particular, processing in connection with the negotiation, conclusion, performance, execution and termination of contracts of any nature (e.g. purchase contracts, contracts to produce a work, service contracts, rental contracts, licence contracts and content-based contracts as well as order-based relationships), irrespective of whether we are the creditor or debtor, and processing for customer service purposes and in connection with participation in awards. Please be aware that we are able to enter into a business relationship with you only if you provide the data necessary for this in each case.
b) We process data on the basis of statutory provisions (Article 6(1)(c) GDPR), for example, for the purposes of satisfying tax or other statutory monitoring and reporting obligations, as well as for the purposes of auditing by tax and other authorities and for the purposes of complying with statutory retention periods.
c) In addition, we process your data to protect our legitimate interests or those of a third party, except where such interests are overridden by your interests (Article 6(1)(f) GDPR). In this regard, processing may take place, in particular, for the following purposes or to protect the following legitimate interests: contact maintenance and promotional measures; invitations to events and trade fairs; optimisation of our business processes, such as by keeping a data base with customers and potential customers; maintenance of security (such as by logging access to our office buildings, video surveillance or in connection with IT security measures); controlling; protection against payment defaults; assertion and defence of legal claims.
d) Your data may also be processed if you consented to this (Article 6(1)(a) GDPR). Pursuant to Article 7(3) GDPR, you may withdraw the consent with prospective effect at any time. Such withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
3. Data sources
In principle, we process personal data that are provided to us by data subjects as part of contractual, business or other legal relationships, or that we receive from the relevant contract or business partners. Where necessary for the purposes described in this Privacy Policy, we receive data from other companies of the dpa Group or collect them from third-party sources, which may also include public sources such as debtors’ lists, commercial and association registers, websites and publications in the press and media. If required by statute, we will notify you about this separately.
4. Data recipients
In order to fulfil the aforementioned purposes, we reserve the ability to disclose your personal data to the following recipients or categories of recipients:
a) We make use of the services of processors to process your personal data on our behalf. These service providers are permitted to process personal data only in accordance with our explicit instructions, and they are obligated by contract to ensure adequate technical and organisational measures for data protection. Our service providers thus work for us as processors within the meaning of Article 28 GDPR. These recipients include, for example, IT service providers, hosting services and document shredders.
b) Furthermore, we transfer personal data to external third parties if this is necessary for the performance of a contractual relationship or to take preparatory steps for concluding a contract. Such third parties include, for example, shipping, communication and logistics service providers, couriers and banks and financial institutions.
c) To the extent necessary for the handling of an enquiry or the conclusion or performance of a contractual or business rela-tionship, as well as in the case of centralised corporate functions, your data may be transferred to other companies of the dpa Group for the fulfilment of the aforementioned purposes.
d) Your data may also be transmitted to our auditors and tax advisors, as well as to statutorily authorised third parties, as part of court or enforcement proceedings.
e) Where necessary for the purposes of investigating or prosecuting unlawful or abusive incidents, or as part of legal disputes or incipient legal disputes, personal data are forwarded to our legal advisors, collection agencies, law enforcement authorities and, where applicable, damaged third parties. However, this takes place only if there are specific indications of unlawful or abusive conduct. Such transfer may also take place if this serves to enforce contractual arrangements or other claims between us and our contract or business partners or third parties or if claims are asserted against us.
f) Moreover, we are obligated by statute to provide information to certain public authorities upon request. This includes law enforcement authorities, authorities that prosecute administrative offences that are subject to a fine, and financial authorities.
g) Where we rely on companies or service providers domiciled outside the EU or EEA for the fulfilment of the purposes described in this Privacy Policy, your data are transferred, as a rule, only if the requirements of Articles 44 et seq. GDPR are met.
h) In connection with the further development of our business, the structure of a company of the dpa Group may change. In such cases, the affected personal data will be transferred in accordance with the change of structure (e.g. transferred together with the part of the relevant company that is being acquired).
5. Storage period
As a rule, we process and store your personal data for as long as this is necessary for the fulfilment of the aforementioned purposes and statutory obligations: On principle, we keep master data and contact data available until the definitive termination of the respective contractual, business or other legal relationship, including the expiry of relevant prescription periods. In addition, we reserve the ability to store and process your personal data for a period of up to one year after termination of a contractual relationship in connection with advertising directed to existing customers, unless you object to such use. If reordering does not take place during this period, your data will not be processed further for this purpose after expiry of the aforementioned period. We erase event-related information (such as with respect to a contractual or order relationship) with expiry of the statutory retention period (such as the six- or ten-year retention pursuant to section 257 of the German Commercial Code (Handelsgesetzbuch)); in such cases, the affected data will be blocked for any further processing.
6. Your rights
As data subject, you have the right to assert your data subject rights. To assert you rights, please contact the dpa company responsible for the data processing, i.e. the dpa company with which you have a contractual, business or other legal relationship or an incipient contractual, business or other legal relationship. In this regard, you have the following rights:
Pursuant to Article 15 GDPR and section 34 BDSG, you have the right to request information as to whether or not your personal data are being processed and, if so, to what extent.
Pursuant to Article 16 GDPR, you have the right to demand the correction of your data.
Pursuant to Article 17 GDPR and section 35 BDSG, you have the right to demand the deletion of your personal data.
Pursuant to Article 18 GDPR, you have the right to have the processing of your personal data restricted.
Pursuant to Article 20 GDPR, you have the right to receive the personal data concerning your person that you have provided to a controller, in a structured, commonly used and machine-readable format and to transmit those data to another controller.
Pursuant to Article 21 GDPR, you have the right to object to any processing based on Article 6(1)(e) or (f) GDPR. Where personal data about you is processed for direct marketing purposes, including profiling, you can object to this processing pursuant to Article 21(2) and (3) GDPR.
7. Data processing in connection with the exercise of your rights
Finally, we point out that in connection with the exercise of your rights, personal data transmitted by you are processed for the purposes of implementing those rights and in order to be able to provide proof of this (Article 6(1)(c) GDPR).
8. Complaint to a supervisory authority
If you consider that the processing of personal data relating to you infringes provisions of data protection law, you have right pursuant to Article 77 GDPR to lodge a complaint with a supervisory authority.
9. dpa distribution and sales channels
Please be aware that when using the dis-tribution and sales channels of dpa (website, portals, apps, etc.), further information about data protection may be relevant. You can view this information directly via the respective channel.
10. Overview of the relevant companies of the dpa Group:
1. dpa Deutsche Presse-Agentur GmbH
Mittelweg 38
20148 Hamburg
Data protection officer contact: datenschutz@dpa.com
2. dpa-infocom GmbH
Mittelweg 38
20148 Hamburg
Data protection officer contact: datenschutz@dpa.com
3. dpa-infografik GmbH
Mittelweg 38
20148 Hamburg
Data protection officer contact: datenschutz@dpa.com
4. dpa English Services GmbH
Mittelweg 38
20148 Hamburg
Data protection officer contact: datenschutz@dpa.com
5. dpa-IT Services GmbH
Mittelweg 38
20148 Hamburg
Data protection officer contact: datenschutz@dpa.com
6. dpa Picture-Alliance GmbH
Gutleutstraße 110
60327 Frankfurt am Main
Data protection officer contact: datenschutz@dpa.com
7. Rufa Rundfunk-Agenturdienste GmbH
Markgrafenstraße 20
10969 Berlin
Data protection officer contact: datenschutz@dpa.com
8. dpa-AFX Wirtschaftsnachrichten GmbH
Gutleutstraße 110
60327 Frankfurt am Main
Data protection officer contact: datenschutz@dpa.com
9. mecom Medien-Communikations- Gesellschaft mbH
Mittelweg 143
20148 Hamburg
Data protection officer contact: datenschutz@dpa.com
10. UseTheNews gGmbH
Mittelweg 38
20148 Hamburg
Data protection officer contact: -