Contact details for all affected groups

Obligation to Inform under Art. 13 GDPR [DS-GVO]


Name and contact details for data controller (Art. 13 para 1 a GDPR)

E.A. Mattes GmbH
Birkenweg 2
78570 Mühlheim an der Donau

Email: info@e-a-mattes.com

Name and contact details for data processor (Art. 13 para 1 b GDPR)

ENSECUR GmbH
Amalienstr. 24
76133 Karlsruhe

Person responsible: Thorsten Jordan
Email: dsb-mattes@ensecur.de


Contents

Information Obligation for Interested Parties and Customers

Information Obligation for Suppliers and Service Providers

Information Obligation for Applicants


Information Obligation for Interested Parties and Customers

Purpose and legal basis for data processing (Art. 13 para 1 c GDPR)

  • Handling and processing of enquiries from data subjects (Art. 6 para 1 f GDPR)*
  • Sanction list checks (Article 6 para. 1 c GDPR in conjunction with Regulation (EC) No 2580/2001 against other persons and organisations suspected of terrorism and Regulation (EC) No 881/2002 against Osama bin Laden, Al-Qaida and the Taliban)
  • Creation of quotations for data subjects (Art. 6 para 1 f GDPR)*
  • Conclusion of purchase agreements (Art. 6 para 1 f GDPR*)
  • Fulfilment of legal obligations (Art. 6 para 1 c GDPR)
  • Supporting business processes via service providers (Art. 28 GDPR)
  • Order processing and delivery (Art. 6 para 1 c GDPR)
  • Implementation of marketing measures (Art. 6 para 1 a GDPR)
  • Handling of complaints (Art. 6 para 1 c GDPR)

*Data controller’s interests when balancing interests (Art. 13 para 1 d GDPR)

  • Assertion of legal claims and defence of legal disputes
  • Guarantee of IT security and the company’s IT operations
  • Crime prevention
  • Measures for business management and development of services and products

Recipients or categories of recipients of personal data (Art. 13 para 1 e GDPR)

Authorities, banks, auditors, software manufacturers, associated companies, waste disposal service providers, advertising agencies, IT service providers, suppliers / service providers

Transmission to third party countries (Art. 13 para 1 f GDPR)

The transmission of data to third party countries may take place in accordance with the legal admissibility provisions in accordance with Art. 45 GDPR in conjunction with Art. 46 (5) S. 2 GDPR). The GDPR allows for adequacy decisions already made to remain valid. The Commission has determined the adequacy of the data protection level of the EU-US Privacy Shield (C(2016) 4176 final).

Retention period according to statutory retention obligations (Art. 13 para 2 a GDPR)

Personal data is generally deleted within ten years after the end of the contractual relationship, or earlier if a data subject does not become a customer.

Right to information, rectification, deletion, restriction, data transferability and cancellation (Art. 13 para 2 b GDPR)

As the data subject, you have the right to information, rectification and deletion of your data and to restrict its processing at any time, together with a right to data transferability. To exercise this right, please contact the data controller using the contact details provided.


Right of Objection (Art 21 para 1 GDPR)

Where data is processed to protect justified interests, you have the right to object to this processing at any time via our published contact details if your specific situation provides grounds against this data processing. We will then stop processing your data, unless there are overriding interests on our part which are worthy of protection.


Right of Cancellation (Art 13 para 2 c GDPR)

If you have given your consent to the processing of your data, you have the right to revoke this for the future at any time. The legitimacy of processing until such cancellation of consent is unaffected. To exercise this right, please contact the data controller using the contact details provided.


Right of Appeal (Art. 13 para 2 D GDPR)

As the data subject, in the event of a complaint you may contact the State Data Protection and Freedom of Information Officer for Baden-Württemberg at any time.

Existence of a requirement to provide personal data (Art. 13 para 2 e GDPR)

The data collected is necessary for processing enquiries from data subjects, creating quotations, concluding purchase agreements and carrying out our business operations.

 

Information Obligation for Suppliers and Service Providers

Purpose and legal basis for data processing (Art. 13 para 1 c GDPR)

  • Purchase and processing of support services for business purposes (Art. 6 para 1 f GDPR)*
  • Fulfilment of legal obligations (Art. 6 para 1 c GDPR)
  • Sending further information materials (Art. 6 para 1 b GDPR)

*Data controller’s interests when balancing interests (Art. 13 para 1 d GDPR)

  • Assertion of legal claims and defence of legal disputes
  • Guarantee of IT security and the company’s IT operations
  • Crime prevention
  • Measures for business management and development of services and products

Recipients or categories of recipients of personal data (Art. 13 para 1 e GDPR)

Authorities, banks, auditors, waste disposal service providers.

Transmission to third party countries (Art. 13 para 1 f GDPR)

The transmission of data to third party countries may take place in accordance with the legal admissibility provisions in accordance with Art. 45 GDPR in conjunction with Art. 46 (5) S. 2 GDPR). The GDPR allows for adequacy decisions already made to remain valid. The Commission has determined the adequacy of the data protection level of the EU-US Privacy Shield (C(2016) 4176 final).

Retention period according to statutory retention obligations (Art. 13 para 2 a GDPR)

Personal data is generally deleted within ten years after the end of the contractual relationship, unless a longer statutory retention period exists in individual cases, or in the event of an objection by the data subject.

Right to information, rectification, deletion, restriction, data transferability and cancellation (Art. 13 para 2 b GDPR)

As the data subject, you have the right to information, rectification and deletion of your data and to restrict its processing at any time, together with a right to data transferability. To exercise this right, please contact the data controller using the contact details provided.


Right of Objection (Art 21 para 1 GDPR)

Where data is processed to protect justified interests, you have the right to object to this processing at any time via our published contact details if your specific situation provides grounds against this data processing. We will then stop processing your data, unless there are overriding interests on our part which are worthy of protection.


Right of Cancellation (Art 13 para 2 c GDPR)

If you have given your consent to the processing of your data, you have the right to revoke this for the future at any time. The legitimacy of processing until such cancellation of consent is unaffected. To exercise this right, please contact the data controller using the contact details provided.


Right of Appeal (Art. 13 para 2 D GDPR)

As the data subject, in the event of a complaint you may contact the State Data Protection and Freedom of Information Officer for Baden-Württemberg at any time.

Existence of a requirement to provide personal data (Art. 13 para 2 e GDPR)

The data collected is necessary for establishing, maintaining and ending business relationships.

 

Information Obligation for Applicants

Purpose and legal basis for data processing (Art. 13 para 1 c GDPR)

  • Handling Applications / eRecruiting (§ 26 para. 1 Federal Data Protection Act (new)).
  • Addition to a pool of applicants to be contacted later (Art. 6 para 1 a GDPR)

Data controller’s interests when balancing interests (Art. 13 para 1 d GDPR)

Not applicable.

Recipients or categories of recipients of personal data (Art. 13 para 1 e GDPR)

E.g.: HR service provider, payroll office, software-supported applicant portal provider, waste disposal service provider.

Transmission to third party countries (Art. 13 para 1 f GDPR)

Data will not be transmitted to third party countries.

Retention period according to statutory retention obligations (Art. 13 para 2 a GDPR

Personal data will be deleted six months after the end of the recruitment process, in accordance with § 61b para 1 ArbGG [German labour court legislation] in conjunction with § 15 AGG [German equalities act]. In the event of addition to the pool of applicants, deletion will take place after 2 years if a suitable position cannot be offered.

If an appointment is made, the necessary data will be transferred to the HR file. Information on the deletion of data can be found in the Obligation to Provide Information on Employee Data Processing.


Right of Objection (Art 21 para 1 GDPR)

Where data is processed to protect justified interests, you have the right to object to this processing at any time via our published contact details if your specific situation provides grounds against this data processing. We will then stop processing your data, unless there are overriding interests on our part which are worthy of protection.


Right of Cancellation (Art 13 para 2 c GDPR)

If you have given your consent to the processing of your data, you have the right to revoke this for the future at any time. The legitimacy of processing until such cancellation of consent is unaffected. To exercise this right, please contact the data controller using the contact details provided.


Right to information, rectification, deletion, restriction, data transferability and cancellation (Art. 13 para 2 b GDPR)

As the data subject, you have the right to information, rectification and deletion of your data and to restrict its processing at any time, together with a right to data transferability. To exercise this right, please contact the data controller using the contact details provided.

Right of Appeal (Art. 13 para 2 D GDPR)

As the data subject, in the event of a complaint you may contact the State Data Protection and Freedom of Information Officer for Baden-Württemberg at any time.

Existence of a requirement to provide personal data (Art. 13 para 2 e GDPR)

The data collected is necessary for the completion of the application process. If the data is not provided, it is not possible for us to carry out the application process.