Privacy Policy for Supplier Data Processing

The Käfer Group attaches great importance to the protection of your privacy and complies with the legal data protection regulations.
In the following, we would like to explain to you how we handle your personal data.

1. Responsible Entity
Responsible entity in terms of data protection law is your contractual partner (companies from the Käfer Group).
He is charged with the framework of data processing:

© Käfer Zentraleinkauf und Logistik GmbH
Heimstettener Straße 1
85599 Parsdorf

Tel .: +49 (0) 89 4168-852

represented by:
Managing Director Martin Kolonko
Munich Commercial Register HRB 194127

2. Personal Data
Personal data are individual details about personal or factual circumstances of a specific or identifiable natural person. This includes information such as your name, address, phone number and date of birth.

3. Collection and processing of personal data
The processing of the data is carried out as part of your supplier relationship with the Käfer Group. The purpose of the processing is the maintenance of the supplier relationship and the payment of invoices.
Supplier data is collected, processed and used for the purpose of providing business services. Once a contract has been established (e. g. by accepting a bid), the supplier data will be used to fulfill the obligations of the client ("Responsible Entity") towards the suppliers.
If you provide us with personal data as part of the supplier relationship, these are classified for collection and / or use in the following types of data and data categories:
- Company data (company, address, tax numbers, commercial register number)
- personal data (first and last name of the contact person)
- Communication data (telephone number, mobile phone number, fax number, e-mail address)
- details of commissioning (products, quantity, prices, special agreements)
- Payment data (account details, payment terms, terms of payment)

4. Use, purpose of processing and disclosure of personal data
The data is passed on internally in the company to the departments that are involved in the service provision process, if and to the extent that this is mandatory for operational matters. All employees responsible for data processing are required to protect the confidentiality of your data.
We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG):

a) For the fulfillment of contractual obligations (Article 6 (1) (b) of the GDPR)
The processing of personal data (Art. 4 No. 2 of the GDPR) involves the delivery of goods, in particular for the execution of our contracts with you and the execution of your orders as well as all the activities required for the operation and administration of a company. The purpose of data processing is primarily based on the specific products and services.

b) As part of the balancing of interests (Article 6 (1) (f) of the GDPR)
If necessary, we process your data beyond the actual fulfillment of the contract for the protection of legitimate interests of us or third parties. Examples:
• Review and optimization of needs analysis and direct customer approach procedures;
• advertising or market and opinion research, provided that they have not objected to the use of your data;
• asserting legal claims and defense in legal disputes;
• ensuring IT security and IT operations;
• prevention and investigation of criminal offenses;
• Measures for the business control and further development of services and products.

c) On the basis of your consent (Article 6 (1a) of the GDPR)
Insofar as you have given us consent to the processing of personal data for specific purposes (e. g. disclosure of data to third parties, evaluation of data for marketing purposes), the legality of this processing is based on your consent. A given consent can be revoked at any time.
Please note that the revocation only works for the future. Processing that occurred before the revocation is not affected.

d) Due to legal requirements (Article 6 (1) (c) of the GDPR)
In addition, we are subject to various legal obligations, i. e. legal requirements (e. g. commercial law, tax laws, etc.). As far as data is processed in this regard, this is done exclusively on the basis of these regulations.

We do not share your personal information with third parties, unless you have consented to the data transfer or we are required by law and / or regulatory or court orders to a data transfer.

5. Use of Personal Data for Advertising Purposes
(1) Your address and order data are processed by us for our own marketing purposes. Of course, you can reject to the processing or use of your personal data for advertising purposes at any time by sending an informal message to or via our contact form. After receipt of a revocation we will process your data no longer for purposes other than to process your order.

(2) A transfer of your personal data to third parties for the purpose of advertising or market and opinion research does not take place without your consent.

6. Order Data Processing
Due to a separate agreement on the processing of personal data also by the Käfer AG, the parent company and management of the Käfer Group, Heimstettener Straße 1, 85599 Parsdorf, Germany, may be transferred, e. g. for invoicing, in the context of a commissioned data processing in accordance with Art. 28 GDPR according to the relevant legal requirements commissioned, processed and used.

7. Storage and Deletion of Data
We adhere to the principles of data avoidance and data economy. If necessary, we process and store your personal data for the duration of our business relationship, which includes, for example, the initiation and execution of a contract or for the fulfillment of the contractual purpose.
In addition, we are subject to various storage and documentation obligations, which result, inter alia, from the German Commercial Code (HGB) and the Tax Code (AO). These
specified periods for storage or documentation are two to ten years.
Finally, the storage period is also judged by the statutory limitation periods, which can be, for example, according to §§ 195 ff. Of the Civil Code (BGB) usually three years, in some cases, but also up to thirty years.
After discontinuation of the respective purpose or expiration of these deadlines, the corresponding data will be routinely and in accordance with the statutory provisions blocked or deleted. Excluded from this is the data, if you have explicitly agreed to a longer storage.

8. Safety
All necessary technical and organizational security measures to protect your personal data against unauthorized access, loss and misuse are taken by us. This saves your data in a secure operating environment that is inaccessible to the public. To protect the security of your data during transmission, we use encryption techniques (e.g., SSL) over HTTPS. Our servers are secured by firewall and virus protection. Back-up and recovery procedures as well as role and authorization concepts are routines for us. Our employees are obliged to observe the regulations of the TMG, the BDSG and the GDPR when dealing with data. With regard to access control, care is taken to ensure that only authorized employees are granted access rights.

9. Right to Information and Revocation
Each data subject has the right to information pursuant to Art. 15 of the GDPR, the right to a correction under Art. 16 of the GDPR, the right to cancellation under Art. 17 of the GDPR, the right to limit processing according to Art. 18 of the GDPR and the right to data portability under Art. 20 of the GDPR. And the right to information and the right to delete the restrictions according to §§ 34 and 35 BDSG. In addition, there is a right of appeal to a data protection supervisory authority (article 77 of the GDPR in conjunction with section 19 BDSG).
All enquiries, requests for information or objections to data processing should be directed to us by e-mail.

10. Questions to the Data Protection Officer
If you have any questions about data protection in the Käfer Group, please write us an e-mail or contact our data protection officer directly:

Mr. Nikolaos Mitulidis
Data Protection Officer of the Käfer Group
Käfer AG (administration of the Käfer Group)
Heimstettener Straße 1
85599 Parsdorf
Tel .: +49 (0) 89 4168-451
Fax: +49 (0) 89 4168-216

11. Change of our privacy policy
We reserve the right to occasionally adjust this privacy policy to always comply with the latest legal requirements and operating conditions.