This is how you can contact us:

Phone: +49 (0) 52 33 / 94 17 - 0
Email: info(at)chemical-check.de

contact form
Videos Icon Downloads Icon search Icon Notruf Icon

Information on the collection of personal data pursuant to the General Data Protection Regulation

Name and contact information for the person responsible

Chemical Check GmbH
Chemical Check Platz 1-7
32839 Steinheim

REACH  Registration of Chemicals GmbH
Chemical Check Platz 1-7
32839 Steinheim

Gefahrstoffberatung Schnurbusch GmbH & Co. KG
Chemical Check Platz 1-7
32839 Steinheim

Karen Schnurbusch-Beteiligungs GmbH
Chemical Check Platz 1-7
32839 Steinheim

Responsible is your respective contract partner. The four companies have a shared responsibility over used IT systems. The processing of contractual transactions may be carried out within the scope of order processing by other named companies. There are agreements for processors between the named companies. The joint controllers agreement is available here.

Data protection officer Chemical Check GmbH Gefahrstoffberatung

Rüdiger Kleefeld
Internal protection officer
Chemical Check Platz 1-7
32839 Steinheim
Phone: +49 (0) 5233/ 94 17 116
Email: r.kleefeld(at)chemical-check.de

Purposes for which the personal data is processed

The purposes of the processing activities and its legal bases are

General customer management

  • General and order‐specific correspondence
  • Accepting orders (telephone, email, website)
  • Advice (telephone, email, live‐chat, video conference system)
  • Recording master data
  • Calculation / revenues / revenue statistics / customer‐specific peculiarities
  • Customer management in databases
  • Customer management of telephone system
  • Use of databases / FTP servers
  • Use of service portals
  • Invoice data
  • Participation certificates (seminars)
  • Transport documents
  • Designing contracts
  • Communication tools
    • Chatmodul Bitrix 24
    • Video conference system GoToMeeting
    • Phone system 3CX


Customer data from external provision to customs workplace safety/transport

  • Visit reports
  • Usage time lists
  • Risk assessments
  • Training overviews/certificates
  • Hazardous goods protection plan
  • Participation certificates (work safety/ hazardous goods / chemical ban regulations / seminars)
  • Accident notification
  • Training



  • Legal advice on contracts
  • Provision of 24h emergency number
  • Newsletter
  • Product registrations
  • Advertising


Legal basis for processing

  • General data protection regulation, Article 6
    Art. 6 (1) a) Consent
    Art. 6 (1) b) Contract / concrete contract initiation
    Art. 6 (1) c) Fulfillment of compliance and legal obligations
    Art. 6 (1) d) to protect vital interests
    Art. 6 (1) e) Task out of public interest or exercise of official authority (especially for authorities)
    Art. 6 (1) f) legitimate company interest, unless the interest of the data subject outweighs
  • Queries by email / regular mail
  • Queries from website contact form or live chat
  • Workplace Health Act (ArbSchG)
  • Order confirmations
  • Trade association regulations
  • Chemical Act (ChemG)
  • Chemical Ban Regulations (ChemVerbotsV)
  • EU directives and regulations (e.g. CLP regulation 1272/2008) and associated implementation regulations
  • External appointments (e.g. dangerous goods safety adviser)
  • Internal processes
  • National chemical legislation
  • Newsletter orders
  • Contracts

Categories of personal data collected/processed

Affected people groups:Categories of personal data:
All customers and suppliers 
  • Address
  • Bank details
  • Company name
  • Confidentiality agreements
  • Email address
  • First and last name of contact person
  • Image and sound track in the context of video conferences
  • Image and sound track in the context of trainings and seminars
  • Log‐in (service portals, databases etc.) incl. passwords and certificates
  • Log‐in live chat and video conferences
  • Master customer / supplier data
  • Phone number
  • Revenue
  • Terms of payment
Customers with external provision to customs
chemical ban regulation
  • Date of birth
Customer accident reports 
  • First and last name of person suffering accident
  • Date of birth of person suffering accident
  • Address of person suffering accident

Categories of recipients of personal data

CC group internal 
  • Management
  • Internally authorised data recipients
  • Departmental superiors
  • Auditors (z.B. DIN EN ISO 9001:2015, Gemeinwohl, Familienfreundliches Unternehmen)
  • Banks
  • Authorities, e.g. stated departments to receive product notifications
  • Service provider for 24hr emergency number
  • Newsletter service provider
  • Safety data sheet / product notification service providers
  • IT service providers (hardware, software, portals, live‐chat, video conferences)
  • Lawyers
  • Tax offices

Transfer of personal data to a third country or international organisation

Data transfers to third countries only take place whilst complying with statutory or official requirements. As part of the product notifications, such contact data as contact name, email addresses must be stored with the stated departments to receive product notifications, e.g. in Switzerland and Norway. The basis is the national chemical legislation.

For the fulfillment of contracts or orders, it may be necessary to exchange personal data with the United Kingdom (UK). A transitional period applied until 01. July 2021. Since 28. June 2021, the EU has issued an adequacy decision in this regard. The processing is occasional according to Article 27 UK GDPR. There is no extensive processing of special categories of data. Analogous to Article 27 GDPR, no UK representative needs to be appointed.

For the fulfillment of contracts or orders, it may be necessary to exchange personal data with Switzerland. In accordance with Art. 14 and Art. 17 of the Data Protection Act (DSG) as amended on 01 September 2023, data processing is only carried out in connection with a contract. There is no extensive processing of special categories of data. No representative in Switzerland needs to be appointed.

When using the video conference system GoToMeeting, data is processed under standard contractual clauses.

Duration for which the personal data is stored

If personal data is processed during a business transaction, it is deleted at the end of the statutory storage period of 10 years if the right to deletion (right to be forgotten) under Article 17 of Regulation (EU) 2016/679 or the right to restrict processing under Article 18 of the Regulation (EU) 2016/679 is not used. There is no access for deletion of data that must be stored with authorities.

Bitrix24 live chat: After the chat is finished and the stored conversations are deleted at the end of each day, all personal data is deleted.

GoToMeeting video conferencing system: The meeting chronicle is automatically deleted after 90 days.

Phone system 3CX: Call and chat logs remain available for a maximum of 30 days as part of a backup.

Rights of those affected:

Information, correction, deletion and restriction as well as objection right

You are permitted under Article 15 GDPR to request at any time the comprehensive issue of information about the data stored about you from the person responsible at any time.
Under Section 17 GDPR you can request at any time the correction, deletion and blocking of individual items of personal data by the person responsible.

In addition, at any time you can use your objection right without stating reasons and modify or completely revoke the declaration of consent given with future effect. You can communicate your revocation to the contractual partner either by post, email or fax. You do not incur any costs except for postal charges or transfer costs.

Information on the complaint right to a supervisory authority

The affected person may inform the supervisory authority of infringements of the General Data Protection Regulation or Data Protection Act using the following contact

Bundesbeauftragte(r) für den Datenschutz und die Informationsfreiheit
Graurheindorfer Str. 153
53117 Bonn

Phone: +49 (0)228-997799-0
Email: poststelle(at)bfdi.bund.de
De-Mail: poststelle(at)bfdi.de-mail.de

Landesbeauftragte(r) für Datenschutz und Informationsfreiheit Nordrhein‐Westfalen
Postbox 20 04 44
40102 Düsseldorf

Phone: 0211/38424-0
Email: poststelle(at)ldi.nrw.de

Encrypted email communication with the federal and state officers for data protection and freedom of information is possible using a public PGP key. The public key can be called up on the relevant authority’s website.

Basis for the provision of personal data / consequences of non‐provision

All processing activities are based on statutory, official and trade association regulations or requirements that arise from the order or contract.

The processing of personal data is absolutely necessary to handle this order or fulfil the contract contents.

The issue of an order in writing, orally, by email or internet is considered to be agreement to the processing of personal data for the stated processing activities.

Request processor agreement under: info(at)chemical-check.de