Within the scope of our business relationship, personal data of you will be processed by us as the responsible controller and stored for the time necessary to fulfil the defined purposes and legal obligations. In the following we will inform you about what data is involved, how it is processed and what rights you have in this respect.
According to Art. 4 No. 1 of the General Data Protection Regulation (hereinafter referred to as “GDPR”), personal data is any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject or customer”).
1. Name and contact details of the controller
HELLA Aglaia Mobile Vision GmbH
12109 Berlin, Germany
(hereinafter “HELLA Aglaia“)
Tel: +49 (0) 30 2000 429-0
You can contact the local data protection coordinator of HELLA Aglaia at the address mentioned above, att. LDPC or by e-mail to email@example.com.
2. Processing of your personal data within the scope of our business relationship
Within the scope of our business relationship, we will process your customer data in our Enterprise Resource Planning-Tool and our Customer Relationship Management tool (“ERP-Tool” and “CRM Tool” / see section 3.a)) on. At the first contact, you have to fill in our questionnaire, in which we ask for information about the company and relevant contact persons. Among others, the following information is collected:
- Department (purchasing/accounting/logistics/technology),
- First name,
- Last name,
- Phone and
- Responsibility (recipient for: order confirmation / delivery note / invoice / reminder / tracking info).
The processing of your aforementioned personal data serves the following purposes:
- to create a new customers in the ERP- and CRM-Tool and for customer care,
- to check the entered data for plausibility for internal release,
- to be able to identify you as our contractual partner,
- for the processing of binding orders and
- to be able to address business concerns personally to the right contact person, both by e-mail and by phone.
The data will be processed at your request in accordance with Art. 6 Para. 1 S. 1 lit. b GDPR for the aforementioned purposes and are necessary for the fulfilment of a contract or for the implementation of pre-contractual measures.
In accordance with the data protection principles, the purpose and storage limitation, your data will only be stored as long as it is necessary for the purposes of the business relationship or due to legal obligations in accordance with Art. 6 Para. 1 S. 1 lit. c GDPR. In this context, particular reference is to be made to the tax and commercial law obligations to store and document (from HGB, StGB or AO).
3. Transfer of Personal Data
a) ERP- Tool and CRM-Tool
For the administration and maintenance of our customer data and for order processing, we used throughout the Group a ERP-Tool by SAP SE, Dietmar-Hopp-Allee 16, 69190 Walldorf, Germany (hereinafter “SAP”) and a CRM-Tool by salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany (hereinafter “Salesforce”).
The parent company of HELLA Aglaia, HELLA GmbH & Co. KGaA, Rixbecker Straße 75, 59552 Lippstadt, Germany (hereinafter referred to as “HELLA”), has concluded a contract processing agreement with SAP and Salesforce. By virtue of this contract, the service providers process the data exclusively on the instructions of HELLA and assure that they process the data in accordance with the DSGVO and guarantee the protection of the rights of the data subjects.
The transmission of your data within the HELLA group of companies takes place for internal administrative purposes on the basis of our legitimate interests in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR.
In addition, we only pass on your personal data to third parties if:
- you have given your express consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR;
- in the event that there is a legal obligation for disclosure under Art. 6 Para. 1 S. 1 lit. GDPR.
4. Data Subject Rights
You have the following rights:
- in accordance with Art. 15 DSGVO, to request information from us about the personal data stored about you;
- in accordance with Art. 16 DSGVO, to demand the immediate correction of incorrect or incomplete details of your personal data stored with us;
- in accordance with Art. 17 DSGVO to request the deletion of your personal data stored by us;
- pursuant to Art. 18 DSGVO, to demand that the processing of your personal data be restricted;
- in accordance with Art. 20 DSGVO, to receive your personal data made available to us in a structured, generally used and machine-readable format or to request that it be transferred to another responsible party;
- lodge a complaint with a supervisory authority pursuant to Art. 77 DSGVO. You can contact the supervisory authority at our headquarters (https://www.datenschutz-berlin.de).
5. Right of objection under Art. 21 GDPR
In accordance with Art. 21 GDPR, you have the right to object to the processing of your data at any time. In the event of an objection, we will no longer process your data. An exception is made if there are compelling reasons worthy of protection that outweigh your interests.
If you wish to exercise your right of objection, simply send an e-mail to firstname.lastname@example.org.
6. Data security
All data that you personally transmit is encrypted using the common and secure TLS (Transport Layer Security) standard. TLS is a secure and proven standard that is also used, for example, in online banking. You can recognize a secure TLS connection by the attached s at http (i.e. https://..) in the address bar of your browser or by the lock symbol in the lower area of your browser.
We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.