Data protection notice pursuant to the EU General Data Protection Regulation
Last updated: May 2019
1. Contact data of the person responsible for processing as well as the data protection officer
Controller, Data protection officer:
Barriva Group LTD
Sound & Vision House
2. Information about the categories and sources of personal data that we process
Your data communicated when contacting us via e-mail, fax, post or phone are stored by us in order to answer your questions. The disclosure of a valid e-mail address, fax or phone number or address in this process is necessary so that we know who is making the inquiry and to answer it. Data processing for the purposes of establishing contact and initiating business with us always takes place on the basis of your freely given consent (Art. 6 (1)(a) GDPR). The data produced in this context is deleted after storing it becomes unnecessary or we limit processing if statutory retention obligations exist.
Moreover, we process personal data that we receive from our clients in the course of our business relationship. Furthermore, we process – insofar as is necessary to deliver our services – personal data that we permissibly receive from other third parties (i.e. for the execution of orders, the performance of contracts or due to your given consent). Additionally, we process personal data that we permissibly collected from publicly available sources (i.e. commercial and association register, press, media, internet and record of debtors) and that we are authorised to process.
Relevant personal data in the interested party process, registration with a user account or when concluding a contract may be the following: Practice/name, address/other contact details (phone, e-mail address), gender, date of birth, payment details.
Within the framework of the business initiation phase and during the business relationship, particularly through personal, telephone, electronic or written contact initiated by you or us, further personal data, i.e. information about the contact channel, date, occasion and result; (electronic) copies of the correspondence as well as information about participation in direct marketing measures, arise.
3. Purpose of data processing and information regarding the legal basis
We process the previously mentioned personal data in accordance with the GDPR and the Federal Data Protection Act (BDSG):
a. For the fulfilment of contractual obligations (Article 6 (1)(b) GDPR)The processing of personal data takes place for the provision and sale of products or other contractual services to our clients or for the implementation of pre-contractual measures that are made upon your request. The purposes of data processing are primarily based on the specific service and may include, inter alia, correspondence, order processing, consultation/training and the provision of products and services. Further details regarding the purpose of data processing can be learned from the respective contractual documentation.
b. Within the framework of the balance of interests (Article 6 (1)(f) GDPR)Where required, we process your data beyond the actual fulfilment of the contract to safeguard our and third parties’ legitimate interests unless the interests or fundamental rights and fundamental freedoms of the person affected that require the protection of personal data prevail. Examples:
- Consultation of and data exchange with credit agencies to fulfil credit or default risks
- Assessment and optimisation of requirement analysis and direct customer approach procedures
- Advertisement or market and opinion research insofar as they do not contradict the use of your data
- Assertion of legal claims and defence in case of juridical disputes
- Guarantee of IT security and IT operation of Barriva Group LTD
- Prevention of criminal offences
- Measure to secure buildings and plants (i.e. access control)
- Measures to guarantee domiciliary rights
- Measures for the business management and further development of services and products
- Risk management
c. On the basis of your consent (Article 6 (1)(a) GDPR) Insofar as you have given your consent to the processing of personal data for specific purposes, the legality of this processing shall be given on the basis of your consent. Any consent given can be revoked at all times. This also applies for the revocation of consent given to us prior to the validity of the EU General Data Protection Regulation, in other words prior to 25th May 2018. Please note that revocation is effective for the future only. Processing that took place prior to revocation is not affected by this.
d. On the basis of legal requirements (Article 6 (1)(c) GDPR) or in the public interest (Article 6 (1)(e) GDPR) Furthermore, we as a business are subject to diverse legal obligations, i.e. legal requirements (e.g. Commercial Code, tax laws). The purposes of processing include, inter alia, compliance with taxation provisions as well as the assessment and management of risks to our business.
4. Recipient of data
Within Barriva Group LTD those bodies obtain access to your data that require this for compliance with our contractual and statutory obligations. Service providers and vicarious agents commissioned by us can also receive data for these purposes if they comply with our written data protection directives. These are primarily companies from the following listed categories.
With regard to the transfer of data to third parties, attention should always be paid to the fact that we are only authorised to disclose information about you if (i) statutory provisions allow this (i.e. if transmission of data is necessary pursuant to Art. 6 (1)(b) GDPR for the contractual performance or to guarantee our legitimate interest pursuant to Art. 6 (1)(f) as for the use of agents, web hosts etc.), (ii) a statutory obligation exists, (iii) you have given your consent, (iv) and/or contract workers commissioned by us commonly guarantee compliance with the requirements of the GDPR and the Federal Data Protection Act (Art. 28 GDPR, § 62 BDSG).
Under these conditions, recipients of personal data may be, for example:
- Public bodies and institutions in presence of a statutory or regulatory obligation.
- Other institutions and contract workers to whom we disclose personal data for the implementation of the business relationship. In detail: Support/maintenance of EDP/IT applications, archiving, call centre services, controlling, data destruction, purchase/acquisition, hosting provider, customer management, letter shops, marketing, media technology, expense report, tax consulting services, telephone services, website management, web shop management, logistics, transactions. Other recipients of data may be bodies to whom you have given consent to transfer data.
5. Data transmission to a third country or to an international organisation
Transmission of data to countries outside the EU/the EEA (so-called third countries) or to international organisations takes place only insofar as is necessary to execute your orders, is prescribed by law (i.e. tax-law reporting regulations), you have given us consent or within the scope of order data processing. If service providers of a third country are commissioned, they are obliged – in addition to written instructions – to comply with the data protection level in Europe by means of agreement with EU standard contractual clauses. The current EU standard contractual clauses can be found at www.eur-lex.europa.eu.
6. Duration of data storage
We process and store your personal data for as long and insofar as is necessary for the fulfilment of our contractual and statutory obligations. It must be noted thereby that our business relationship is generally designed to constitute long-term collaboration. The data is regularly deleted if it is no longer necessary for the fulfilment of contractual or statutory obligations unless its – temporary – subsequent processing is necessary for the following purposes:
- Fulfilment of commercial and fiscal retention periods: This includes the Commercial Code and tax code in particular. The stipulated periods for storing or documentation are two to ten years.
- Preservation of evidence within the framework of the statute of limitation. Pursuant to §§ 195 et seq. of the EU Civil Code (BGB), these limitation periods can be up to 30 years whereby the regular limitation period is three years.
7. Data protection laws of persons affected
Every person affected has the right of disclosure pursuant to Article 15 GDPR, the right to correction pursuant to Article 16 GDPR, the right to deletion pursuant to Article 17 GDPR, the right to limitation of processing pursuant to Article 18 GDPR, the right to revoke pursuant to Article 21 GDPR as well as the right to data portability pursuant to Article 20 GDPR. The limitations pursuant to §§ 34 and 35 BDSG apply in regards to the right to disclosure and the right to deletion. Additionally, there is the right to appeal to a data protection authority (Article 77 GDPR in conjunction with § 19 BDSG).
You can revoke your given consent for the processing of personal data at all times. This also applies for the revocation of consent given to us prior to the validity of the EU General Data Protection Regulation, in other words prior to 25th May 2018. Please note that revocation is effective for the future only. Processing that took place prior to revocation is not affected by this. If you want to execute your right to revoke, it is possible to do so without a formal requirement; for instance, it is sufficient to send an e-mail to info(@)barriva.com.
8. Obligation to provide data
Within the framework of our business relationship, those personal data have to be disclosed that are necessary for the initiation and implementation of a business relationship and the fulfilment of the related contractual obligations or that we are legally obliged to collect. Without this data, we generally have to reject completion of the contract or execution of the contract or cannot process an existing contract any longer and have to terminate it if necessary.
9. Existence of automated decision making (including profiling)
We generally do not use fully automated decision making for the justification and execution of the business relationship pursuant to Article 22 GDPR. If we use these procedures in individual cases, you will be notified by us separately where legally required.
We process your data in a partly automated way with the aim of assessing certain personal aspects (profiling). For example, we use profiling in the following cases:
- We use evaluation tools to purposely advise and inform you on products where appropriate. These allow for needs-oriented communication and advertisement including market and opinion research.
- We use scoring of credit agencies within the framework of assessment of your creditworthiness where applicable. In the process, the possibility with which the client is able to meet their payment obligations according to the contract is calculated. Scoring is based on mathematically-statistically recognised and proven procedures. The calculated score values of credit agencies support us in decision making and are incorporated into the regular risk management of our business.
Furthermore, we also use temporary cookies for the optimisation of user friendliness, which are stored on your terminal device for a specified period. When visiting our website again to use our services, it is automatically recognised that you have visited before and what kind of entries and settings you have used so that you do not have to enter them again.
You can configure your browser settings to suit your preferences, such as accepting third party cookies or rejecting all cookies. Please note that you may not be able to use all our website’s functions in these cases.
11. Use of Google Universal Analytics
Google will use this information on our company’s behalf to evaluate your use of the website, to compile reports on website activities and to provide our company with additional services associated with website and Internet usage.
The IP address transmitted by your browser in the context of Google Analytics will not be merged with other Google data. You may refuse the storage of cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use this website’s full functionality. The legal basis for our use is Art. 6(1)(f) GDPR.
You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
You can also prevent collection of data by Google Analytics by clicking the following link. An opt-out cookie is set that prevents the future collection of your data on your visit to the website: deactivate Google Analytics. In principle, your browser must allow the storage of cookies for this. If you regularly delete your cookies, clicking on the link again is necessary for each visit to this website.
12. Google Web Fonts
Our pages use so-called Web Fonts for the uniform presentation of fonts, which are provided by Google. When visiting a page, your browser loads the web fonts required in your browser cache to display texts and fonts correctly.
If your browser does not support Web Fonts, a standard font will be used by your computer.
Further information on Google Web Fonts can be found under https://developers.google.com/fonts/faq/ and in the data protection declaration of Google: https://www.google.com/policies/privacy/.
For the inclusion of videos, our websites use the provider YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA, represented by: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When visiting a page with embedded videos, your IP address is sent to YouTube and cookies are stored on your computer. However, we have integrated our YouTube videos with the expanded data protection mode (in this case YouTube still contacts the Google DoubleClick service, however, personal data is not assessed according to the data protection declaration of Google). Thus, YouTube does not store any information of visitors unless they watch the video. If you click the video, your IP address is transmitted to YouTube and YouTube learns that you have watched the video. If you are logged in on YouTube, this information will also be assigned to your user account (you can prevent this by logging out of YouTube before watching the video). We do not have any information on the possible collection and use of your data through YouTube and we do not have any influence on it. Please find further information on nature, purpose and extent as well as the further processing and usage of your data by YouTube in the data protection notices of YouTube under https://policies.google.com/privacy?hl=de&gl=de. There, you can also find further information regarding your relevant rights and the settings options for the protection of your privacy.
Possibility to object: To prevent YouTube from collecting information about you during a visit on our websites, you can log out of YouTube at the start of a visit to our sites and can delete a possibly present cookie of YouTube in the browser used.
14. Topicality of and changes to the data protection declaration
This data protection declaration is current as of May 2019. Due to the further development of our website, our offers or due to changed statutory or official requirements, it may become necessary to change this data protection declaration. We may always request the respective current data protection declaration.
Information on your right to revoke pursuant to Art. 21 GDPR
1. Right to revoke according to each individual case
Due to reasons arising from your specific situation, you have the right to revoke the processing of your personal data which takes place due to Art. 6 (1)(e) GDPR (data processing in the public interest) and Art. 6 (1)(f) GDPR (data processing on the basis of balance of interests) at any time; this also applies for profiling based on this regulation according to Art. 4 (4) GDPR. If you exercise your right to revoke, your personal data will no longer be processed by us unless we can prove compelling protection-worthy reasons for the processing which prevail with regard to your interests, rights and freedoms, or the processing serves the enforcement, execution or defence of legal claims.
2. Right to revoke processing of data for the purpose of advertisement
In individual cases, we process your personal data to carry out direct advertising. You have the right to revoke the processing of your personal data for the purpose of such advertisement at any time; this also applies to profiling insofar as it is linked to such direct advertising. If you exercise your right to revoke processing for the purpose of direct advertising, your personal data will no longer be processed by us for these purposes.
3. Right to revoke submissions
You can exercise your right to revoke without a formal requirement and should address this to:
Barriva Group LTD
Sound & Vision House