Information on the collection of personal data pursuant to the General Data Protection Regulation

Name and contact information for the person responsible

Responsible is your respective contract partner. The four companies have a shared responsibility over used IT systems. The processing of contractual transactions may be carried out within the scope of order processing by other named companies. There are agreements for processors between the named companies. The joint controllers agreement is available here.

Rüdiger Kleefeld
Internal protection officer
Chemical Check Platz 1-7
32839 Steinheim
Phone: +49 (0) 5233/ 94 17 116
Email: r.kleefeld(at)chemical-check.de

The purposes of the processing activities and its legal bases are

General customer management

• General and order‐specific correspondence
• Accepting orders (telephone, email, website)
• Advice (telephone, email, live‐chat, video conference system)
• Recording master data
• Calculation / revenues / revenue statistics / customer‐specific peculiarities
• Customer management in databases
• Customer management of telephone system
• Use of databases / FTP servers
• Use of service portals
• Invoice data
• Participation certificates (seminars)
• Transport documents
• Designing contracts
• Communication tools
  • Chatmodul Bitrix 24
  • Video conference system GoToMeeting
  • Phone system 3CX

Customer data from external provision to customs workplace safety/transport

• Visit reports
• Usage time lists
• Risk assessments
• Training overviews/certificates
• Hazardous goods protection plan
• Participation certificates (work safety/ hazardous goods / chemical ban regulations / seminars)
• Accident notification
• Training

Other

• Legal advice on contracts
• Provision of 24h emergency number
• Newsletter
• Product registrations
• Advertising

Legal basis for processing

• General data protection regulation, Article 6
  Art. 6 (1) a) Consent
  Art. 6 (1) b) Contract / concrete contract initiation
  Art. 6 (1) c) Fulfillment of compliance and legal obligations
  Art. 6 (1) d) to protect vital interests
  Art. 6 (1) e) Task out of public interest or exercise of official authority (especially for authorities)
  Art. 6 (1) f) legitimate company interest, unless the interest of the data subject outweighs
• Queries by email / regular mail
• Queries from website contact form or live chat
• Workplace Health Act (ArbSchG)
• Order confirmations
• Trade association regulations
• Chemical Act (ChemG)
• Chemical Ban Regulations (ChemVerbotsV)
• EU directives and regulations (e.g. CLP regulation 1272/2008) and associated implementation regulations
• External appointments (e.g. dangerous goods safety adviser)
• Internal processes
• National chemical legislation
• Newsletter orders
• Contracts

Data transfers to third countries only take place whilst complying with statutory or official requirements. As part of the product notifications, such contact data as contact name, email addresses must be stored with the stated departments to receive product notifications, e.g. in Switzerland and Norway. The basis is the national chemical legislation.

For the fulfillment of contracts or orders, it may be necessary to exchange personal data with the United Kingdom (UK). A transitional period applied until 01. July 2021. Since 28. June 2021, the EU has issued an adequacy decision in this regard. The processing is occasional according to Article 27 UK GDPR. There is no extensive processing of special categories of data. Analogous to Article 27 GDPR, no UK representative needs to be appointed.

For the fulfillment of contracts or orders, it may be necessary to exchange personal data with Switzerland. In accordance with Art. 14 and Art. 17 of the Data Protection Act (DSG) as amended on 01 September 2023, data processing is only carried out in connection with a contract. There is no extensive processing of special categories of data. No representative in Switzerland needs to be appointed.

When using the video conference system GoToMeeting, data is processed under standard contractual clauses.

If personal data is processed during a business transaction, it is deleted at the end of the statutory storage period of 10 years if the right to deletion (right to be forgotten) under Article 17 of Regulation (EU) 2016/679 or the right to restrict processing under Article 18 of the Regulation (EU) 2016/679 is not used. There is no access for deletion of data that must be stored with authorities.

Bitrix24 live chat: After the chat is finished and the stored conversations are deleted at the end of each day, all personal data is deleted.

GoToMeeting video conferencing system: The meeting chronicle is automatically deleted after 90 days.

Phone system 3CX: Call and chat logs remain available for a maximum of 30 days as part of a backup.

Information, correction, deletion and restriction as well as objection right

You are permitted under Article 15 GDPR to request at any time the comprehensive issue of information about the data stored about you from the person responsible at any time.
Under Section 17 GDPR you can request at any time the correction, deletion and blocking of individual items of personal data by the person responsible.

In addition, at any time you can use your objection right without stating reasons and modify or completely revoke the declaration of consent given with future effect. You can communicate your revocation to the contractual partner either by post, email or fax. You do not incur any costs except for postal charges or transfer costs.

The affected person may inform the supervisory authority of infringements of the General Data Protection Regulation or Data Protection Act using the following contact

Encrypted email communication with the federal and state officers for data protection and freedom of information is possible using a public PGP key. The public key can be called up on the relevant authority’s website.

All processing activities are based on statutory, official and trade association regulations or requirements that arise from the order or contract.

The processing of personal data is absolutely necessary to handle this order or fulfil the contract contents.

The issue of an order in writing, orally, by email or internet is considered to be agreement to the processing of personal data for the stated processing activities.

Request processor agreement under: info(at)chemical-check.de