Responsible for gathering, processing and using your data is Dr. Babor GmbH & Co. KG ("BABOR"). The protection of the information you provide us with as well as the use of your personal data is an important concern for us. We will inform you about the data collection and use of data and your rights in the following text.
- 1. Who is responsible?
- 2. Which data do we process for which purposes and on which legal bases?
- 3. Who receives your data?
- 4. Transmission of your data into a third country or to an international organisation
- 5. How long do we store your data?
- 6. To what extent is there automated decision-making in individual cases?
- 7. Your data protection rights
- 8. Scope of your obligations to provide us with your data
- 9. Information about your right of objection Art. 21 GDPR
- 10. Your right to lodge a complaint with the competent supervisory authority
The controller responsible for gathering, processing and using your data is
Dr. Babor GmbH & Co. KG
Phone: + 49 (0) 241 / 5296 - 0
Fax: + 49 (0) 241 / 5296 - 175
Email: [email protected]
Our data protection officer, who is also available to you in case of information requests, suggestions or complaints you might contact here:
Email: [email protected]
We shall process your personal data in compliance with the EU General Data Protection Regulation (GDPR), the Bundesdatenschutzgesetz (BDSG) [German Federal Data Protection Act] and other relevant legal provisions.
We process your personal data, if necessary, if you
- contact us by phone / email / fax,
- you book a training with us or participate in an event that is organised and hosted by us,
- use our partner portal,
- receive emails via our newsletter tool.
The basis for the processing of personal data is here:
2.1 Consent (point (a) of Art. 6(1) GDPR)
If you have given us permission to process personal data, the respective consent is the legal basis for the processing mentioned there. You may withdraw your consents at any time with effect for the future.
2.2 Fulfilment of contractual obligations (point (b) of Art. 6(1) GDPR)
We process your personal data to execute our contracts and agreements with you. Furthermore, your personal data is processed for the purpose of carrying out measures and activities within the framework of precontractual relations.
2.3 Fulfilment of legal obligations (point (c) of Art. 6(1) GDPR)
We process your personal data if this is necessary to fulfil legal obligations (e. g. commercial and tax laws). Furthermore, if necessary, we process your data for the fulfilment of fiscal control and reporting obligations as well as for the archiving of data for the purposes of data protection and data security as well as for audits by tax and other authorities. In addition, the disclosure of personal data may become necessary in the context of official / judicial measures for the purpose of the taking of evidence, prosecution or enforcement of civil claims.
2.4 Justified interest of us or third parties (point (f) of Art. 6(1) GDPR)
Furthermore, we may use your personal data on the basis of a consideration of interests to protect the legitimate interest of us or third parties. This is done for the following purposes:
- Examination and optimisation of procedures for customer analysis and support
- For the post-processing of trainings and events
- for advertising or market research, if you have not objected to the use of your data
- for the limited storage of your data, if deletion is not possible or only possible with disproportionately high effort due to the special type of storage
- for the further development of services and products as well as existing systems and processes
- for statistical evaluations or for market analyses
- for the assertion of legal claims and defence in legal disputes which are not directly attributable to the contractual relationship
- for securing and exercising our domiciliary rights through corresponding measures (e. g. video surveillance).
- for the provision of our partner portal
- for sending our newsletter.
The following data about you and our contact persons at your company will be processed by us:
- personal data (name, profession / industry and comparable data)
- contact details (address, email address, telephone number and comparable data)
- If necessary, dates of travel and stay.
Within our company, we pass on your personal data to those areas that require this data to fulfil the contractual and legal obligations and / or to implement our legitimate interests.
Furthermore, the following bodies can receive your data:
- contract processors employed by us (Art. 28 GDPR), service providers for supporting activities and other persons responsible within the meaning of the GDPR, in particular in the areas of IT services, logistics, courier services, printing services, external computer centres, support / maintenance of IT applications, archiving, receipt processing, accounting and controlling, data destruction, purchasing / procurement, customer management, letter shops, marketing, telephony, website management, tax consultancy, audit services, credit institutions
- public bodies and institutions if there is a legal or official obligation according to which we are obliged to provide information, report or pass on data, or if the passing on of data is in the public interest
- bodies and institutions based on our legitimate interest or the legitimate interest of the third party (e. g. public authorities, credit agencies, debt collection agencies, lawyers, courts, experts and supervisory bodies)
- other bodies for which you have given us your consent to the transfer of data.
As a rule, data processing outside the EU and / or the EEA does not take place. For some applications, processing is carried out in the USA and / or a transfer of data to a third country or the USA cannot be excluded. These procedures are described below.
The transfer of data to the USA takes place when sending our newsletter via Mailchimp.
The legal basis for the processing of the data in the USA is point (f) of Art. 6(1) GDPR: data processing based on a consideration of interests.
In terms of data protection law, an adequate level of data protection must be ensured when processing data in a non-EU member state such as the USA. In case of Mailchimp this is achieved by the so-called “privacy shield”. Companies which are on the privacy shield list can generally be assumed to have an “adequate level of data protection” when processing personal data in these companies. The Rocket Science Group LLC, which operates Mailchimp, is certified according to the privacy shield. In this respect, the conditions for the processing of personal data by Mailchimp which are permitted under data protection law are met.
If necessary, we will process your personal data for the duration of our business relationship, this also includes the initiation and execution of a contract.
In addition, we are subject to various storage and documentation obligations arising from the Handelsgesetzbuch (HGB) [German Commercial Code] and the Abgabenordnung (AO) [German Fiscal Code], among others. The periods of retention and / or documentation specified there are up to ten years beyond the end of the business relationship and / or the precontractual legal relationship.
Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, pursuant to Sections 195 et seq. of the Bürgerliches Gesetzbuch (BGB) [German Civil Code], can generally be three years, but in certain cases up to thirty years.
We do not use purely automated decision-making procedures pursuant to Article 22 GDPR. Should we use these procedures in individual cases, we will inform you separately, provided this is required by law.
You have the right of access pursuant to Art. 15 GDPR, the right of rectification pursuant to Art. 16 GDPR, the right to erasure pursuant to Art. 17 GDPR, the right to the restriction of processing pursuant to Art. 18 GDPR, as well as the right to data portability pursuant to Art. 20 GDPR. Furthermore, there is a right to lodge a complaint to a data protection supervisory authority (Art. 77 GDPR). In principle, Article 21 GDPR provides for the right to object to the processing of personal data by us. However, this right to object only applies in the event of very special circumstances of your personal situation, whereby rights of our company can conflict with your right of objection, if applicable. If you wish to exercise any of these rights, please contact our data protection officer ([email protected])
You only need to provide us with the data that is necessary for the establishment and execution of a business relationship or for a precontractual relationship with us or that we are legally obliged to collect. Without this data we will usually not be able to conclude or execute the contract. This may also refer to data required later in the course of the business relationship. If we request additional data from you, you will be informed separately about the voluntary nature of the information.
You have the right to object at any time to the processing of your data, which is carried out on the basis of point (f) of Art. 6(1) GDPR (data processing based on a consideration of interests) or point (e) of Art. 6(1) GDPR (data processing in the public interest), if there are reasons for this which arise from your particular situation. This also applies to any profiling as set out in Art. 4 no. 4 GDPR that is based on this provision.
If you do raise objections, we will no longer process your personal data unless we have proof of compelling and legitimate grounds for processing which prevail over your interests, rights and freedoms, or where the processing is necessary for the establishment, exercise or defence of legal claims. We will also process your personal data, if necessary, in order to carry out direct advertising. If you do not wish to receive advertising, you have the right to object to this at any time. We will bear this objection in mind for the future.
We will no longer process your data for direct marketing purposes if you object to the processing for these purposes. The objection may be made informally to the address listed under point 1.
You have a right to lodge a complaint to the data protection supervisory authority (Art. 77 GDPR).
The supervisory authority responsible for us is the State Officer for Data Protection and Freedom of Information of North Rhine-Westphalia.