The protection of your personal data is one of our highest priorities. We therefore process your personal data (for short: data) solely on the basis of the statutory provisions. In this data privacy statement we would like to inform you about how your data are processed in our company and the claims and rights, to which you are entitled including within the meaning of the European General Data Protection Regulation (EU GDPR)
1. Who is responsible for processing the data and whom can the customer contact?
The Controller is BayWa AG, Arabellastr. 4, 81925 Munich, e-mail: firstname.lastname@example.org, Tel: 089/9222-0.
BayWa's company Data Protection Officer can be contacted at the address above or by e-mail on email@example.com.
2. Which data are processed and what are the origins of these data?
We process the data, which we receive in the context of the initial business contact and business relationship with you. In addition, we process, as permissible, data, which we have received from enquiry agencies, creditor protection associations, from publicly accessible sources (e.g. Companies Register, Register of Associations, Land Register, the media) and other companies, with whom we entertain permanent business relations.
Personal data include:
Your master and contact data, such as:
- as a private customer: forename and surname, address, contact data (e-mail address, telephone number, fax), date of birth, data from identity documents submitted (copy of identity card), bank details
- as a corporate customer or supplier: name of your legal representative, company name, Company Register number, VAT number, company number address contact details for contact person (e-mail address, telephone number, fax), bank details
Furthermore, we also process the following other personal data:
- information on the type and content of our business relationship, such as contract data, order data, sales figures and voucher data, customer and supplier history, consultancy documents, vehicle data,
- information on your financial status (e.g. credit rating data),
- advertising and sales data,
- documentation, (e.g. consultation minutes), image data,
- information arising from electronic communication with BayWa (e.g. IP address, log-in data),
- other data, which we have received from you in the context of our business relationship (e.g. in discussions with the customer),
- data, which we ourselves generate from master and contact data, such as by means of customer need and customer potential analyses,
- documentation of your declaration of consent for the receipt of e.g. newsletters,
- photos, taken at public events.
3. For what purposes and on which legal base are the data processed?
We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (FGPA) 2018, as amended:
- for the performance of a contract or in order to take steps prior to entering into a contract (Article 6 (1) (b) GDPR)
Your data are processed for the distribution and sale of our goods and services, for procurement and logistics purposes and for customer and supplier administration and analysis. The data are processed in particular in the case of initial business contacts and for the performance of contracts with you, for example in the following cases:
- setting up and administering a customer or supplier account
- delivery of orders
- participation in competitions
- despatch of information, e.g. catalogue requests
- for compliance with a legal obligation (Article 6 (1) (c) GDPR)
It is necessary to process your data for the purpose of complying with a variety of legal obligations, e.g. arising from the German Commercial Code or Tax Code, money-laundering provisions, product-specific regulations such as, for example the Ordinance on Hazardous Substances.
- for the protection of legitimate interests (Article 6 (1) (f) GDPR)
By virtue of a balancing of interests data may be processed for purposes exceeding those of actual compliance with the contract to protect our legitimate interests or those of third parties. For example, data is processed to protect legitimate interests in the following cases:
- consultation and data exchange with enquiry agencies and creditor protection societies for the investigation of credit rating data and the management of a group-wide credit rating database for the identification of financial credit risks in the case of joint customers;
- advertising or marketing;
- business management measures and further development of services and products;
- administering a customer database to improve customer services;
- measures to protect the BayWa AG sites from conduct contrary to a contract or the law, e.g. access controls, video surveillance;
- in the case of legal proceedings or prosecution.
- in the context of your consent (Article 6 (1) (a) GDPR)
If you have granted us your consent to the processing of your data, we process your data only in accordance with the purposes specified in the declaration of consent and to the extent agreed therein. You may withdraw the consent you have granted us at any time with effect for the future, e.g. for the despatch of the newsletter. For this purpose please contact us at the addresses given in paragraph 1.
4. Processing of personal data for promotional purposes
We also use your data to communicate to you details of your orders, certain products or marketing campaigns and to recommend to you products or services, which might be of interest to you.
You may at any time object to the use in full of your personal data or to their use for individual measures, without incurring transmission costs other than at the basic rates. For this purpose please contact us at the addresses given in paragraph 1.
Product recommendations by e-mail
Under the legal provisions in § 7 (3) Unfair Competition Act BayWa AG is entitled to use the e-mail address, which you have provided in the course of ordering a product or a service, for direct advertising of their own similar goods or services. You receive these product recommendations from us irrespective of whether you have subscribed to a newsletter.
If you do not wish to receive further product recommendations from us by e-mail, you may object to the use of your address for this purpose at any time, without incurring transmission costs other than at the basic rates. For this purpose please contact us at the addresses given in paragraph 1. Of course, there is always a de-registration link included in each e-mail.
To despatch the newsletter we use what is known as the double opt-in procedure, i.e. we shall not send you the newsletter until you have previously and expressly confirmed that we should activate the newsletter service. We will then send you a notification e-mail and request you to confirm by clicking on a link contained in this e-mail, that you wish to receive our newsletter.
If you should subsequently no longer wish to receive a newsletter from us, you may at any time object, without incurring transmission costs other than at the basic rates. A notification in textual form to the BayWa AG contact address referred to in paragraph 1 is sufficient for this purpose. Of course, there is also a de-registration link in every e-mail.
5. Processing for credit rating information
Data transfer to SCHUFA
In the context of this contractual relationship BayWa AG transfers personal data on the application, performance and termination of this business relationship, as well as data on conduct contrary to the contract or on fraudulent behaviour to SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden. The legal bases for these transfers are Article 6 (1) (b) and Article 6 (1) (f) General Data Protection Regulation (GDPR). Data may be transferred on the basis of Article 6 (1) (f) GDPR only if this is necessary to safeguard the legitimate interests of BayWa AG or third parties and this does not override the interests or basic rights and freedoms of the data subject, who requires his or her personal data to be protected. The exchange of data with SCHUFA also serves to comply with legal duties to implement credit-worthiness checks on customers (§§ 505 (a) and 506 German Civil Code). SCHUFA processes the data received and uses it for the purpose of creating a profile (scoring), in order to provide to its contractual partners in the European Economic Area and in Switzerland and in other third countries (insofar as an adequacy decision from the European Commission exists on this country) information inter alia for the assessment of the credit-worthiness of natural persons. Further details on SCHUFA’s activity are available from the SCHUFA information sheet in accordance with Article 14 GDPR or can be inspected online on www.schufa.de/datenschutz.
Data transfer to other enquiry agencies
Furthermore, BayWa AG also uses the following enquiry agencies, in order to obtain credit rating information where there exists a legitimate interest: Bisnode Deutschland GmbH, Robert-Bosch-Straße 11, 64293 Darmstadt, Coface Central Europe Holding AG, Stubenring 24, A-1010 Vienna, CRIF Bürgel GmbH, Radlkoferstraße 2, 81373 Munich, CRIF GmbH, Diefenbachgasse 35, AT-1150 Vienna, Creditreform, Machtlfinger Straße 13, 81302 Munich, EOS Deutschland GmbH, Gottlieb-Daimler-Ring 7-9, 74906 Bad Rappenau.
Administration of a group-wide credit rating database
If, as permitted by law, we have collected credit rating data on you from a credit agency, we store these data in a system, to which both BayWa AG and member companies of the BayWa Credit Management Group have access. The purpose of this is to facilitate work flow management and to identify financial credit risks. The data in the credit rating database are accessed only insofar as there exists a legitimate interest for the respective group member company.
6. Who receives my data?
If we use a service provider within the meaning of commissioned data processing, we nonetheless remain responsible for the protection of your data. All our processors are bound by contract to treat your data in confidence and to process them only in the context of the service to be provided. The processors commissioned by us receive your data, if the latter need the data to perform their respective service. These processors are, for example, IT service providers, whom we need for the operation and security of our IT system, as well as advertising and directory publishers for our own advertising campaigns.
Your data are processed in the BayWa customer database. The BayWa customer database improves the data quality of existing customer data (cleaning-up of doublets, identification of customers who have moved or are deceased, corrections of address) and enables us to enrich the data from public sources. The data are made available to the group member companies of BayWa which participate in the BayWa customer database (participating companies) and may be used for personalised direct marketing campaigns (e.g. newsletters), for targeted online marketing and personalised online shop design.
The BayWa customer database is intended to provide participating companies, which serve the same customers, with information on these customers extending over the entire organisation. The object of this procedure is always to provide the customer with the most up-to-date and relevant information. This processing of customer interests represents profiling within the meaning of Article 4 GDPR; we do not practise automated individual decision-making. Customer data are stored separately and in relation to each company whereby BayWa AG functions as the service provider for the individual participating companies.
A summary of the BayWa AG Group member companies is available on the following link: https://www.baywa.com/konzern/im_profil/konzerngesellschaften/
If a bid is submitted or a sale processed through manufacturer portals, data provided by you are processed directly in the manufacturer's portal.
Where a legal obligation exists and in the event of prosecution, government agencies and the Courts, as well as external auditors may be the recipients of your data.
Moreover, your data may also be transferred to insurance companies, banks, credit agencies and service providers for the purpose of negotiating and performing a contract
7. For how long are my data stored?
We process your data until the termination of the business relationship or until the expiry of the applicable guarantee, warranty, statute of limitations and legal retention periods (for example as provided in the German Commercial Code or Tax Code); moreover, we retain data until the termination of any legal disputes, in which the data are needed as evidence.
8. Communication by e-mail
Please note that the despatch of unencrypted e-mails is regarded as insecure, since unauthorised parties may gain knowledge of the content of the e-mail and where applicable manipulate that content. Therefore, we advise you not to send any sensitive data by e-mail in any communication with us.
9. Which data are collected when I visit your website?
This web site uses analysis tools to collect general information on the user behaviour of visitors. This information includes, for example, the sites accessed, the length of time spent on the site, the pages referred to and general information on your computer system, such as the operating system, screen resolution, browser used, etc. All the data collected is stored in an anonymised form and does not allow any identification of your person. If you not agree with this anonymised collection of your user behaviour, you may prevent this by deactivating cookies in your browser.
Operation of Google Analytics
This Internet site also uses Google Analytics, an Internet analysis service from Google. Google Analytics uses text files, known as cookies, which are stored on your computer and allow the use of the website to be analysed.
The information on your use of this home page (including your IP address) is transferred to a Google server in the USA and stored there. Google shall use this information in order to evaluate your use of the website, to compile reports on website activities for the website operator and to perform other services connected with the use of the website and the use of the Internet. In addition, Google shall forward this information to third parties, insofar as this is required by law or insofar as third parties process these data on behalf of Google. Google shall on no account link your IP address with any other data from Google. You may prevent cookies from being stored by using the appropriate settings in your browser software; nevertheless, we would like to make you aware of the fact that, in this case, you will not be able to use all of the website's functions to their full extent. By using this website you are giving your consent to the processing of your data, collected by Google in the manner described above and for the purpose specified above.
We advise you that this website uses Google Analytics in application of a deactivation add-on, _anonymizeIp(). Your complete IP address is not stored. The visitor to the website cannot be identified.
You can object to the use of Google Analytics by installing the browser add-on for deactivation of Google Analytics (http://tools.google.com/dlpage/gaoptout?hl=de). In this way you notify Google Analytics that no information on your visit to our website should be transferred to Google Analytics. Unless we have your express agreement, we shall not use tracking tools in order surreptitiously
- to collect personal data on you,
- to transfer such data to third party suppliers and marketing platforms,
- to link the data with your personal data (name, address, etc.)
Application of the Google re-marketing function
Use of social plug-ins
We have linked social plug-ins into our site; however, on grounds of data protection these are deactivated. Therefore, when you access our site as a matter of principle no data are transferred to social media services, such as Facebook, Twitter or Google + and thus any creation of profiles by third parties is excluded.
Deactivated social plug-ins can be identified by their grey background.
However, you have the option to activate the social plug-ins by clicking on them and thus granting your consent to communication with the respective social network. If you activate the social plug-in, certain data are transferred to the respective social network, such as your IP address, information on the browser used and the operating system, the website accessed and the date and time. In the course of this communication data are also downloaded from a server to the social media access provider to our website. Through these data the respective access provider of the social plug-ins collects information as to which specific websites you visit, and this is irrespective of whether or not you are actually logged in to the social media plug-in access provider (e.g. Facebook) or whether you have or have not clicked on the plug-in. The access provider may process these data outside the European Union and is able to generate individualised usage profiles. We have no influence on the nature, scope or purpose of the data processing by the social media service access provider.
An activated social plug-in is displayed in colour and from this moment data are transferred, as described, to the social media service. To use the social plug-in, click on it again.
Further information from Facebook on plug-ins and the respective social media service is available on http://developers.facebook.com/plugins. Facebook's data application guidelines are available on: http://www.facebook.com/about/privacy.
Further information from Twitter on plug-ins and the respective social media service is available on https://twitter.com/logo. Twitter's data application guidelines are available on: https://twitter.com/privacy.
Profiling when you visit this website
On our website we operate a profiling system based on your click behaviour. This profiling serves to improve your customer experience when you visit our website. If, for example, you are interested in the main in products and contents with relation to agriculture, the next time you visit the website, you are forwarded directly to the "Agriculture" target group home page.
In addition, individual specialist articles or offers are proposed to you in relation to your surfing behaviour on our website.
We also conduct profiling as part of our customer relations management based on your purchasing behaviour in our affiliated companies.
In none of these cases do we use automated individual decision-making within the meaning of the GDPR.
New Relic (New Relic Inc.)
This site uses the New Relic web analysis service, operated by New Relic, Inc., 188 Spear St, San Francisco, CA 94105, USA. With the help of New Relic and on the basis of our legitimate interest in the statistical analysis of user behaviour for the purposes of marketing and improving our website pursuant to Article 6 (1) (f) GDPR pseudonymised visitor data are collected, analysed and stored. For the same purpose pseudonymised user profiles can be created from these data and stored. For this purpose New Relic uses small text files (cookies), which are stored locally in the temporary store of the Internet browser of the person visiting the site. These cookies serve, inter alia, to recognise your browser again and thus facilitate a more accurate investigation of the statistics. The user's IP address forms part of the information collected, but it is pseudonymised immediately on collection and prior to being stored, in order to exclude any reference to a particular individual.
New Relic Inc. is domiciled in the USA and is certified for the Privacy Shield US-European Data Protection Convention, which guarantees compliance with the level of data protection in force in the EU.
New Relic shall on no account link your IP address with any other data from New Relic. You can adjust your browser settings so that you are notified when cookies are deposited and can decide on an individual basis whether to accept them or exclude acceptance of cookies in determined cases or in general.
Alternatively, by using the deactivation site for consumers from the EU, http://www.youronlinechoices.com/uk/your-ad-choices/, you can check whether advertising cookies have been deposited on your browser by New Relic and deactivate these.
New Relic's Data Privacy Statement can be accessed at the following Internet address: https://www.newrelic.de/cookie-policy
DoubleClick for Publishers (Google LLC.)
DoubleClick for Publishers is an advertising service provided by Google LLC., which allows the proprietor to connect advertising campaigns into external advertising networks. In this process the proprietor does not stand in any direct relationship with the third parties, unless it has been otherwise specified in this document.
This service uses the DoubleClick cookie, in order to monitor how this application is used and how users react to advertisements and to products and services offered.
Users have the option to deactivate all DoubleClick cookies by clicking on the following link:www.google.com/settings/ads/onweb/optout?hl=de
Personal data collected: cookies and usage data.
Processing location: USA
Google AdSense (Google LLC.)
Google AdSense is an advertising service from Google LLC. This service uses the DoubleClick cookie, in order to monitor how this application is used and how users react to advertisements and to products and services offered.
Users have the option to deactivate all DoubleClick cookies by clicking on the following link:google.com/settings/ads/onweb/optout.
Personal data collected: cookies and usage data.
Processing location: USA
10. Are personal data transferred to a third country?
As a matter of principle we do not transfer data to any third country. In individual cases data are transferred only on the basis of an adequacy decision of the European Commission, standard contractual clauses, suitable guarantees or your express agreement.
11. What are my rights under data protection law?
You have at any time a right to access, correction, erasure or restriction of processing of your stored data, a right to object to the processing and a right to data portability and to lodge a complaint pursuant to the provisions of data protection law.
Right of access:
You may request information from us on whether and to what extent we process your data.
Right to rectification:
If we process data from you, which are incomplete or incorrect, you may at any time request from us their correction or completion.
Right to erasure:
You may request us to erase your data, provided that we are processing these unlawfully or the processing interferes disproportionately with your legitimate interests in being protected. Please note that there may be grounds, which conflict with immediate erasure, e.g. in the case of duties of retention regulated by statute.
Irrespective of the safeguarding of your right to erasure, we erase your data promptly and completely, provided that in this regard there exists no conflicting legal or statutory period of retention.
Right to restriction of processing:
You may request us to restrict the processing of your data, if
- you dispute the accuracy of the data and allow us a period to enable us to check the accuracy of the data,
- the processing of the data is unlawful, but you refuse to have the data erased and instead request that the use of the data be restricted,
- we no longer require the data for the intended purpose, but you continue to need these data to establish or defend legal claims, or
- you have lodged a complaint against the processing of the data.
Right to data portability:
You may request us to receive your data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us, provided that
- we process these data based on your consent granted to us and which you are entitled to withdraw or for the performance of a contract between us, and
- the data is processed by automated means.
Where it is technically feasible, you may request us to transmit your data directly to another controller.
Right to register an objection:
If we process your data on grounds of legitimate interests, you may at any time object to this data processing on grounds relating to your personal situation: including profiling based on those provisions. If you object, we shall no longer process your personal data, unless we can prove compelling legitimate grounds for the processing, which override your interests, rights and freedoms or the processing serves the purpose of the assertion, exercise or defence of legal claims. You may object to the processing of your data for the purpose of direct advertising at any time without giving reasons.
Right to lodge a complaint:
If you consider that in processing your data we are in breach of German or European data protection law, we would request you to contact us, in order to clarify the issues. Of course, you also have the right to contact the supervisory authority competent for BayWa AG, the Data Protection Authority of Bavaria for the Private Sector.
If you wish to establish one of the rights referred to, please contact us at the addresses given in paragraph 1. In case of doubt we may require additional information in order to confirm your identity.
12. Am I obliged to provide data?
The processing of your data is necessary for the conclusion and/or performance of any contract, into which you have entered with us. If you do not provide us with these data, we shall, as rule, be obliged to refuse to conclude the contract or to perform the order or shall be unable to continue to implement an existing contract and consequently shall have to terminate it. However, you are not obliged to grant your consent to the processing of data, which is not relevant and/or legally necessary for the fulfilment of the contract.