Ensuring the information obligations for data protection (Art. 12-23 GDPR)

K2 Systems GmbH is accountable for compliance with all the data protection measures as the responsible body in terms of the European Data Protection Regulation. Ensuring data protection includes information concerning the processing of personal data in accordance with Art. 12-23 of the GDPR.

Responsible body

Name and contact details of those responsible

K2 Systems GmbH

Industriestraße 18
71272 Renningen
Germany

Tel.: +49 (0) 71 59 42 059-0
Fax: +49 (0) 71 59 42 059-177
E-Mail: datenschutz@k2-systems.de
www.k2-systems.com

…represented by Managing Director Katharina David

Purpose of the data processing of personal data

Customer and supplier data for the fulfilment of orders

  • Data processing for the initiation and handling of commercial transactions in the B2B relationship
  • Customer relationship management, sales and after sales management, complaints management
  • Processing of address data, identification data, contract data, control data, if necessary other data if this is necessary for the proper and fair handling of the business relationship, for example, invoice data, risk and quality assessment data
  • Communication data (IP addresses, login data, social media data, E-mail addresses, cookie identifiers)

Legal basis for the data processing

  • Consent when registering for portals and contact forms (Art. 6, section 1 lit a of the GDPR)
  • Ensuring the fulfilment of a contract (Art. 6, section 1 lit b of the GDPR)
  • Order initiation and order processing, ensuring proper accounting, incl. risk and quality management in accordance with the Commercial Code, Tax Code, principle of proper accounting, tax and customs legislation etc.
  • Permissible processing for advertising purposes on the basis of Art. 6, section 1 f of the GDPR under due consideration of the interests

Employee data for ensuring employment and training relationships

The permissibility of data processing in an employee context is derived from

  • Ensuring the duties of care and protection as an employer in accordance with employment and contract law
  • Application data, contract/master and account data for time, payroll and wage accounting, for income tax and social insurance, contract data, bank account data
  • Communication data (IP addresses, login data, social media data, E-mail addresses, cookie identifiers

Legal basis for the data processing

Data processing in an employee context (Art. 6, section 1 b, c, 88 of the GDPR)

Recipients of data

For the fulfilment of orders

  • Internal departments that are involved in the execution of the respective business processes (personnel management, accounting, bookkeeping, purchasing, marketing, sales, telecommunications and IT).
  • External bodies (contractual partners) if these are necessary for the fulfilment of the contract.
  • External contractors (service providers) in accordance with Art 28 of the GDPR for the handling of data processing on our behalf.
  • External bodies, such as credit institutions for payment transactions affiliated companies or other external bodies for the fulfilment of the purposes outlined above where the person concerned has given their written consent that this is required for the fulfilment of the contract or the transfer of data is permitted for another overriding legitimate interest.
  • There is no disclosure to third parties without the consent of the person concerned.
  • There is no transfer of personal data to third countries (outside the European Union).

In an employment context

  • Public bodies that receive data in accordance with statutory regulations (e.g. social security and financial authorities)
  • Tax and financial authorities, health insurance agencies, social service providers, banks

Rights of the persons concerned

  • Every customer is entitled to inspect their personal data and the accuracy of the information provided.
  • Every employee is entitled to inspect their personal data and the accuracy of the information provided.

Deletion

  • The deletion periods are based on the statutory requirements, in particular the Commercial Code, Tax Code and the regulations regarding the obligations to retain data from the area of tax law (usually 10 years)
  • The data is deleted at the end of the retention periods. If the data is not affected by this, it is deleted if it is no longer required.
  • Personal data about employees is kept in accordance with the requirements of the principles for proper accounting and is deleted at the end of the retention periods (usually 10 years after termination of the employment relationship)
  • The right to delete and restrict the data processing may exist unless statutory retention periods preclude this.

Right of appeal

Individuals have the right to appeal to the responsible body, to the designated Data Protection Officer on matters related to data protection or to the responsible supervisory authority:

State Commissioner for Data Protection and Freedom of Information in Baden-Württemberg
(German name Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg)
Königstr. 10a
70173 Stuttgart

E-Mail: poststelle@lfdi.bwl.de

Data Protection Officer

Mr. Gerfried Riekewolt is the designated Data Protection Officer and can be contacted by E-mail at datenschutz@k2-systems.de or by telephone on +49 7164 130118.

20.05.2018

Gerfried Riekewolt
Company Data Protection Officer