AGREEMENT ON ORDER PROCESSING IN ACCORDANCE WITH THE GENERAL DATA PROTECTION REGULATION (GDPR)

 

The protection of your personal data is of particular concern to us. We therefore process your personal data ("data" for short) exclusively on the basis of the statutory provisions. With this privacy policy, we want to inform you comprehensively about the processing of your data in our company and the data protection claims and rights to which you are entitled.

1. WHO IS RESPONSIBLE FOR DATA PROCESSING AND WHO CAN YOU CONTACT?

Responsible: Management
A. Haberkorn & Co. GmbH
Telephone: +43(0) 7942 77177 0
Werndlstraße 3
A-4240 Freistadt

 

2. WHAT DATA IS PROCESSED AND FROM WHICH SOURCES DOES THIS DATA ORIGINATE?

We process the data that we receive from you as part of the business initiation and relationship. We also process data that we have legitimately received from credit agencies, creditor protection associations and publicly accessible sources (e.g. company register, register of associations, land register, media) with which we have a long-term business relationship.

Personal data, customer and supplier data include:

Master/contact data such as:

- as a private customer: first name and surname, address, contact details (e-mail address, telephone number, fax), date of birth, data from proof of identity provided (copy of ID), bank details

- as a customer and/or supplier: company, company register number, extract from the company register, VAT number, company number, address, contact details (e-mail address, telephone number, fax), bank details, possibly balance sheet.

In addition, we also process the following other personal data:

Information about the nature and content of our business relationship such as contract data, order data, sales and receipt data, customer and supplier history, technical specifications, consultation documents.

- Information about your financial status (e.g. creditworthiness data)
- Advertising and sales data,
- Documentation data (e.g. consultation protocols), image data,
- information from your electronic communication with us (e.g. IP address, log in data),
- other data that we have received from you in the course of our business relationship (e.g. in discussions with customers),
- Data that we generate ourselves from master/contact data and other data, e.g. by means of customer requirement and customer        potential analyses.

Data processing for the "Lisa" system:

  • E-mail address for login and company data/user data are used and stored for use by the "Lisa" system.
  • Data is not passed on to third parties.
  • For the Lisa app, the camera is only used for scanning QR codes. No image material is stored.
  • For the Lisa app, access to NFC is only used for scanning tags. No scan is saved.

 

3. FOR WHAT PURPOSES AND ON WHAT LEGAL BASIS IS THE DATA PROCESSED?

We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Austrian Data Protection Act as amended:

- for the fulfilment of (pre-)contractual obligations (Art 6 para 1lit.b GDPR):

Your data is processed for the sale and distribution of our goods and services, for procurement and logistics purposes and for customer management and analysis. The data is processed in particular when initiating business and when executing contracts with you.

- FOR THE FULFILMENT OF LEGAL OBLIGATIONS (ART. 6 PARA. 1 LIT. C GDPR):

Processing of your data is necessary for the purpose of fulfilling various legal obligations, e.g. from the Austrian Commercial Code (UGB) or the Federal Fiscal Code (BAO), money laundering regulations, product-specific regulations such as the Raw Materials Regulation, Chemicals Act.

- FOR THE PROTECTION OF LEGITIMATE INTERESTS (ART 6 PARA. 1 LIT.F GDPR):

Based on a balancing of interests, data processing may take place beyond the actual fulfilment of the contract in order to safeguard the legitimate interests of us or third parties. In any case, data processing is carried out to protect legitimate interests in the following cases

- Consultation of and data exchange with credit agencies and creditor protection associations to determine creditworthiness data;
- Advertising or marketing
- Measures for business management and further development of services and products
- Measures to protect our company from behaviour in breach of contract or the law, e.g. access controls, video surveillance;
- in the context of legal prosecution.
- External service providers such as: Accounting, legal department, tax office.

WITHIN THE SCOPE OF YOUR CONSENT (ART. 6 PARA. 1 LIT. A GDPR):

If you have given us consent to process your data, it will only be processed in accordance with the purposes and to the extent agreed in the declaration of consent. Any consent given can be revoked at any time with effect for the future, e.g. for sending our newsletter or for transferring data to third parties. This does not affect the lawful processing of your data prior to cancellation. To do so, please contact us at the address given in point 1.

 

4. WHO RECEIVES YOUR DATA?

4.1 If we commission a processor, we nevertheless remain responsible for the protection of your data. All processors are contractually obliged to treat your data confidentially and to process it only in the context of providing the service. The processors commissioned by us will receive your data if they require the data to fulfil their respective service. These are IT service providers that we require for the operation and security of our IT system as well as advertising and address publishers for our own advertising campaigns.

4.2 For the purposes of company-related and individual advertising/customer care in the textile and wholesale sectors.

4.3 If an offer/sale/supplier/service is made, the data you provide will be processed directly in our IT portals.

4.4 For the purpose of creditor protection, we transmit master data and information on your financial status to credit insurers, credit protection organisations and credit agencies.

4.5 In the event of a legal obligation and in the context of legal prosecution, authorities and courts as well as external auditors may be recipients of your data.

4.6 In addition, insurance companies, banks, credit agencies and service providers may be recipients of your data for the purpose of contract initiation and fulfilment.

 

5. HOW LONG WILL YOUR DATA BE STORED?

We process your data until the end of the business relationship or until the expiry of the applicable guarantee, warranty, limitation and statutory retention periods (e.g. from the Austrian Commercial Code (UGB), the Federal Fiscal Code (BAO)), Product Liability Act; in addition, until the end of any legal disputes in which the data is required as evidence.

 

6. WHAT DATA PROTECTION RIGHTS DO YOU HAVE?

You have the right to information, correction, deletion or restriction of the processing of your stored data, a right to object to the processing as well as a right to data portability and to lodge a complaint in accordance with the requirements of data protection law.

6.1 Right to information:
You can request information from us as to whether and to what extent we process your data.

6.2 Right to rectification:
If we process your data that is incomplete or incorrect, you can request that we rectify or complete it at any time.

6.3 Right to erasure:
You can demand that we erase your data if we process it unlawfully or if the processing disproportionately interferes with your legitimate protection interests. Please note that there may be reasons that prevent immediate erasure, e.g. in the case of statutory retention obligations.

6.4 Right to restriction of processing:
You can demand that we restrict the processing of your data if
- you contest the accuracy of the data, for a period enabling us to verify the accuracy of the data

6.5 Right to data portability:

You may request that we provide you with the data you have provided to us in a structured, commonly used and machine-readable format and that you may transmit this data to another controller without hindrance from us, provided that

- we process this data on the basis of your revocable consent or for the fulfilment of a contract between us, and

- this processing is carried out using automated procedures.

6.6 Right to object:

If we process your data on the basis of a legitimate interest, you can object to this data processing at any time for reasons arising from your particular situation. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defence of legal claims. You can object to the processing of your data for the purpose of direct advertising at any time without giving reasons.

6.7 Right to lodge a complaint:

If you are of the opinion that we are violating Austrian or European data protection law when processing your data, we kindly ask you to contact us to clarify any questions you may have.
 Of course, you also have the right to lodge a complaint with the Austrian data protection authority or a supervisory authority within the EU.

 

7. TO WHOM CAN YOU ASSERT THESE RIGHTS?

If you wish to assert any of these rights against us, please contact us at the address given in point 1.