Privacy policy in accordance with the EU General Data Protection Regulation (GDPR)

Valid for customers, interested parties, suppliers, distribution and cooperation partners of the "Fischer Group" (defined as (i) Fischer; (ii) the companies associated with Fischer within the meaning of §§ 15 ff. AktG; (iii) Helmut Fischer Foundation with registered office in Baar, Switzerland, registered in the commercial register of the canton of Zug under the company number CHE-114.282.578 (the "Helmut Fischer Foundation") and (iv) with the Helmut Fischer Foundation within the meaning of §§ 15 ff. AktG affiliated companies), hereinafter referred to as the "Fischer Group". 
With the following information acc. Art. 12 ff. GDPR, we give you an overview of the processing of your personal data by us and your rights under the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). Which data is processed in detail and how it is used depends largely on the products or services requested or commissioned.

1. Responsible for the data processing
HELMUT FISCHER GMBH Institut für Elektronik und Messtechnik 
Industriestraße 21 
71069 Sindelfingen 
Germany 
Phone +49 (0) 70 31/3 03-0 
Fax +49 (0) 70 31/3 03-710 
E-Mail: mail@Helmut-fischer.com 
Internet www.helmut-fischer.com

2. Data Protection officer as mandated by law
Christian Schwinge 
Schwinge GmbH 
Am Kochenhof 12 
70192 Stuttgart 
Germany 
Phone +49 (0) 711 / 258560-0 
E-Mail: christian.schwinge@helmut-fischer.com 

3. Data and data sources 

a) Sources
We process personal data that we collect from you as part of our business relationship. In addition, we process (as far as necessary for the provision of our products and the provision of our services) personal data that we obtain from other companies of the "Fischer Group" (defined as (i) Fischer; (ii) those with Fischer within the meaning of §§ 15 (iii) the Helmut Fischer Foundation, domiciled in Baar, Switzerland, registered in the commercial register of the canton of Zug under the company number CHE-114.282.578 (the "Helmut Fischer Foundation") and (iv) with the Helmut Fischer Foundation within the meaning of Sections 15 et seq. AktG) or by other third parties (e.g. to execute orders or to fulfill contracts or on the basis of your given consent).

b) Categories of personal data
When initiating a business relationship or when creating master data, the following personal data can be collected, processed and stored: 
Address and communication data (name, address, telephone, e-mail address, other contact data), personal master data ( Date / place of birth, gender, nationality, family status, ability to work, occupation), credentials (e.g. ID data), authentication data (e.g. signature sample), tax ID.

When using products and services within the framework of contracts concluded with us, in addition to the aforementioned data, the following additional personal data may be collected, processed and stored:
Contract master data (order data, data from the fulfillment of our contractual obligations, information on any third-party beneficiaries), billing, service and payment data (debit data, tax information, other personal data (profession, employer), documentation data (e.g. logs), product data (e.g. requested or booked services and products), as well as the following business creditworthiness documents: Income / surplus invoices, balance sheets, business evaluation, type, and duration of the self-employment.

c) Customer contact information
As part of the business start-up phase and during the business relationship, in particular through personal, telephone or written contacts, initiated by you or by the Fischer Group, further personal data is generated. These include Information about the contact channel, date, cause and outcome, (electronic) copies of correspondence and information on participation in direct marketing activities.

d) Information Society Services
When processing data in the context of Information Society Services, you will receive further information on data protection related to the service.

4. The purpose and legal basis of the processing
We process the personal data referred to in part 3 in accordance with the provisions of the EU Data Protection Regulation (GDPR) and the Federal Data Protection Act (Act): 

a) To comply with contractual obligations (Article 6 paragraph 1 lit. b GDPR)
The processing of personal data takes place for the establishment, implementation and termination of a contract for the provision of products or services, as well as for the implementation of pre-contractual measures for the preparation of offers, contracts or other on the conclusion of the contract wishes, based on your request.
The purpose of data processing is primarily based on the specific products and services and may include, but is not limited to, needs analysis, consulting and support. Further details on the purpose of data processing can be found in the respective (also pre-contractual) contractual documents of our cooperation. 
Interested parties may be contacted, taking into account any restrictions expressed during the initiation of the agreement, and customers, suppliers and distribution and cooperation partners during the business relationship, using the data they have provided.

b) On the basis of your consent (Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR) 
Insofar as you have given us consent to the processing of personal data for specific purposes (e.g. disclosure of data within the group of companies), the lawfulness of this processing is based on your consent. A given consent can be revoked at any time. This also applies to the revocation of declarations of consent that were given to us prior to the validity of the EU General Data Protection Regulation, i.e. before 25 May 2018. Please note that the revocation only works for the future. Processing that occurred before the revocation is not affected. You can request an overview of the status of the consents you have given us at any time.

c) Due to legal requirements (Article 6 (1) (c) GDPR) or in the public interest (Article 6 (1) (e) GDPR)
We are subject to various legal obligations and legal requirements and process data for the following purposes: Identity and age checks, the fulfillment of tax control and reporting obligations as well as the assessment and management of risks within the Group.

d) In the context of weighing interests (Article 6 (1) (f) GDPR)
In order to safeguard the legitimate interests of us or third parties, further processing of the data provided by you may be necessary for the following purposes:

  • Review and optimization of needs analysis and direct customer approach procedures; including segmentation and calculation of completion probabilities
  • Advertising or market and opinion research, provided that you have not objected to the use of your data
  • Assertion of legal claims, defense in legal disputes, defense against liability claims
  • Ensuring IT security and IT operations
  • Consultation and exchange of data with credit bureaus for the identification of credit risks
  • Prevention of crime
  • Video surveillance for the protection of domestic rights, for the collection of evidence of crime
  • Measures for building and office security
  • Measures to ensure home ownership
  • Measures for business management and further development of services and products
  • Risk management in the corporate group

5. Recipients of the data
Within the Fischer Group, those entities that have access to your data to fulfill our contractual and legal obligations will have access to them. Our service providers may also receive data for these purposes if they comply with our written data protection directives.

With regard to the transfer of data to recipients outside of the Fischer Group, it should first be noted that we are bound to secrecy about all customer-related information from which we obtain knowledge. We may only disclose information about you if statutory provisions so dictate, if you have given your consent and / or if you have instructed our commissioned processors in a manner consistent with the provisions of the EU General Data Protection Regulation and the Federal Data Protection Act. 
Under these conditions, recipients of personal data may for example:

  • Public authorities and institutions in the presence of a legal or regulatory obligation.
  • Processor to whom we provide personal information to conduct the business relationship with you. Specifically: support / maintenance of EDP / IT applications, archiving, document processing, call center services, compliance services, controlling, data destruction, purchasing / procurement, space management, recovery, customer administration, letter shops, marketing, media technology, regulatory reporting, research, risk controlling, expense reporting, telephony, video legitimation, website management, auditing services, payments.

Other data recipients may be those for whom you have given your consent to submit the data.

6. Data transfer to third countries or international organization
The transmission of data to countries outside the EU or EEA (so-called third countries) will only take place if this is necessary for your orders execution as required by law (e.g. as tax reporting requirements), if you have given consent or as part of a processing order. If service providers are deployed in the third country, they are required to comply with the level of data protection in Europe in addition to written instructions by agreeing on EU standard contractual clauses.

7. Duration of data storage
We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations. If the data is no longer required for the fulfillment of contractual or legal obligations, these are regularly deleted, unless their (temporary) further processing is necessary for the following purposes:

  • Fulfillment of commercial and tax retention periods acc. §257 Commercial Code (HGB) and tax code with the deadlines specified there for storage or documentation of 2 to 10 years.
  • Preservation of evidence under the statute of limitations. According to §§ 195 ff. of the Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is 3 years.


8. Privacy rights of the person concerned
All data is subject to the right to information under Article 15 GDPR, the right to correct under Article 16 GDPR, the right to delete ( "Right to be Forgotten") pursuant to Article 17 GDPR, the right to restrict the processing according to Article 18 of the GDPR, the right of data transferability under Article 20 GDPR and the right of opposition under Article 21 GDPR. With the right to cancellation and right to information, the restrictions according to §§ 34 and 35 BDSG apply. In addition, there is a right of appeal to a supervisory authority under Art. 13 para. 2 lit. GDPR and Article 77 GDPR i. V. m § 19 BDSG.
You may revoke your consent to the processing of personal data pursuant to Art. 7 para. 3 GDPR at any time. This also applies to the revocation of declarations of consent issued to us prior to the validity of the EU General Data Protection Regulation, i.e. before 25 May 2018. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent, until the revocation.

9. Duty to provide Data
In the course of our business relationship, you must provide the personal information necessary to enter into a business relationship and perform its contractual obligations, that we are required to collect by law. Without this data, we will generally able to refuse to conclude the contract, to provide products and to provide services or to be unable to complete an existing contract and possibly terminate it.

10. Automated decision (including profiling)
In principle, we do not use fully automated decision-making (including profiling) to establish and conduct the business relationship in accordance with Article 22 GDPR. If we use these procedures in individual cases, we will inform you about this separately, if this is required by law.

11. Profiling
We process your data in a partially automated manner with the aim of evaluating certain personal aspects (profiling). For example, we use profiling to purposefully inform and advise you about products with the help of evaluation tools. These enable needs-based communication and advertising, including market and opinion research.

Information about your right of objection under Article 21 of the EU General Data Protection Regulation (GDPR)

1. Individual case-related right of objection
You have the right at any time, for reasons arising from your particular situation, against the processing of personal data relating to you which, on the basis of Article 6 paragraph 1 lit. e GDPR (Data Processing in the Public Interest) and Article 6 (1) lit. f GDPR (data processing on the basis of a balance of interests) takes place, object; this also applies to profiling based on this provision within the meaning of Article 4 (4) GDPR.
If you object, we will no longer process your personal information unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedom, or the processing is for the purpose of enforcing, pursuing or defending legal claims.

2. Right to object to the processing of data for advertising purposes
In individual cases, we process your personal data in order to operate direct mail. You have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling insofar as it is associated with such direct mail. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes. The objection can be addressed form-free to the responsible person.

As of: June 2018