Controller for data processing
CH-8260 Stein am Rhein
Telephone +41 52 742 75 00
Fax: +41 52 742 75 90
email address: firstname.lastname@example.org
– Data Protection Officer –
CH-8260 Stein am Rhein
2 Scope of processing
2.1 Source used for data collection
As far as this is necessary for the provision of our services, we process personal data legitimately received from other companies or other third parties (e.g. credit agencies, address publishers). In addition, we process personal data which we have lawfully collected, received or acquired from publicly accessible sources (such as telephone directories, trade and association registers, civil registers, debtor registers, land registers, press, Internet and other media) and which we are permitted to process.
2.2 Origin and data categories of data which was not collected directly from you
– Personal data (name, date of birth, place of birth, nationality, marital status, occupation/sector and comparable data)
– Contact data (address, email address, telephone number and comparable data)
– Payment/cover confirmation for bank and credit card customer history
– Data on your use of our offered telemedia (e.g. date and time of access to our web pages, apps or newsletters, clicks on our pages/links or postings and comparable data)
– Creditworthiness data
2.3 Purposes of and legal bases for data processing
If the EU GDPR applies to you, we hereby provide you with all information pursuant to Art. 13 EU GDPR.
The specific data processed in each case and the manner in which it is used depends primarily on the services requested and/or agreed upon. Please refer to the respective contract documents, forms, a declaration of consent and/or other information made available to you (e.g. in conjunction with the use of our website or in our terms and conditions) for further details or additions to the purposes of the data processing.
Purposes of fulfilling a contract or implementing pre-contractual measures (Art. 6 (1) (b) EU GDPR)
Emergency management, billing and fiscal evaluation of operational services, risk management, assertion of legal claims and defence in the event of legal disputes; guaranteeing IT security (including system and/or plausibility tests) and security in general, ensuring and exercising domiciliary rights (for example by means of access controls); ensuring the integrity, authenticity and availability of the data, prevention and investigation of criminal offences as well as monitoring by supervisory bodies or controlling authorities (e.g. audits).
Purposes within the framework of a legitimate interest on our part or of third parties (Art. 6 (1) (f) EU GDPR)
• Advertising or market and opinion research, provided that you have not objected to the use of your data;
• Verifying and optimising procedures for requirement analysis;
• Further developing services and products as well as existing systems and processes;
• Enriching our data, including using or researching publicly accessible data;
• Statistical evaluations or market analysis; benchmarking;
• Asserting legal claims and defence in the event of legal disputes which are not
• directly attributable to the contractual relationship;
• Restricted storage of the data if erasure is not possible due to the special type of storage or is possible only at a disproportionately high expense due to the special type of storage;
• Developing scoring systems or automated decision-making processes;
• Preventing and investigating criminal offences, unless these are exclusively to fulfil legal requirements;
• Building and plant security (for example through access controls) if this exceeds the general duties of care;
• Preserving and maintaining certifications under private law or of official nature;
• Ensuring and exercising domiciliary rights by means of corresponding measures (such as video surveillance) as well as preserving evidence in the event of criminal offences and their prevention.
Purposes on the basis of your consent (Art. 6 (1) (a) EU GDPR)
Purposes for fulfilling legal requirements (Art. 6 (1) (c) of the EU GDPR or in the public interest (Art. 6 (1)(e) of the GDPR)
Extent of your duties to provide us with data
2.4 Consequences of the failure to provide data
2.5 Recipients of the data
The data will only be forwarded to external agencies
• in connection with the execution of the contract;
• for the purpose of fulfilling legal requirements, according to which we are obliged to provide information, notification or the disclosure of data, or pass on data in the public interest (see Section 2.4);
if external service providers process data on our behalf as order data processors or acquirers of functions (e.g. computer centres, support/maintenance of EDP/IT applications, archiving, voucher processing, call-centre services, compliance services, controlling, data validation or plausibility checking, data destruction, purchasing/procurement, customer administration, letter shops, marketing, media technology, research, risk controlling, settlement, telephony, website management, audit services, financial institutions, printing companies or data disposal companies, courier services, logistics);
• on the basis of our legitimate interest or the legitimate interest of the third party in the context of the purposes mentioned (e.g. to authorities, credit bureaus, debt collection agencies, lawyers, courts, experts, subsidiaries, committees and controlling authorities);
• if you have given us your consent for transmission to third parties.
We will not forward your data to third parties other than for these purposes. If we commission service providers as part of order processing, your data will be subject to the same security standards there as those which apply to us. In all other cases, the recipients may use the data only for the purposes for which it was transmitted to them.
2.6 Recipients of the data outside Switzerland
2.7 Retention periods
Furthermore, we are subject to various statutory retention and documentation obligations. The retention and documentation periods specified therein extend up to 15 years. In addition, it may be necessary to retain personal data for the time during which claims can be asserted against us (statutory limitation period).
If data is no longer required for fulfilling contractual or statutory rights and obligations, it will be erased on a regular basis, unless temporary further processing of the data is necessary to fulfil the purposes arising from an overriding legitimate interest. Such an overriding legitimate interest also exists for instance, if erasure is not possible or is possible only at a disproportionately high expense due to the special type of storage and if processing of the data for other purposes is excluded by means of appropriate technical and organisational measures.
2.8 Your rights
• For example, you have the right to receive information from us concerning your data stored by us pursuant to the provisions of Art. 15 EU GDPR.
• At your request, we will correct the stored data relating to you pursuant to Art. 16 EU GDPR if it is inapplicable or incorrect.
• If you wish, we will erase your data in accordance with the principles of Art. 17 EU GDPR, provided that this does not conflict with other statutory regulations or an overriding legitimate interest on our part (e.g. for defending our rights and claims).
• Taking into account the prerequisites of Art. 18 EU GDPR, you can ask us to restrict the processing of your data.
• Furthermore, you can object to the processing of your data pursuant to Art. 21 EU GDPR on the basis of which we must discontinue the processing of your data. However, this right to object only applies in the event of very special circumstances concerning your personal situation, whereby rights of our company may conflict with your right to object.
• You also have the right to obtain your data subject to the prerequisites of Art. 20 EU GDPR in a structured, common and machine-readable format or to transmit it to a third party.
• In addition, you have the right to withdraw the consent granted to us for the processing of personal data at any time with future effect (cf. Section 2.3).
• Furthermore, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 EU GDPR). However, we recommend that you always address a complaint to our Data Protection Officer first.
• If possible, your requests to exercise your rights should be made in writing or by email to the address stated above or sent directly in writing or by email to our Data Protection Officer.
Specific reference to your right to object pursuant to Art. 21 GDPR
You have the right at any time to object to the processing of your data which is carried out on the basis of Art. 6 (1) (f) EU GDPR (data processing on the basis of the balancing of interests) or Art. 6 (1) (e) GDPR (data processing in the public interest), if there are reasons for this which arise from your particular situation.This also applies to profiling based on this provision within the meaning of Art. 4 (4) EU GDPR. If you object, we will no longer process your personal data unless we can prove that there are compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms or the processing serves to establish, exercise or defend legal claims.We may also process your personal data for the purposes of direct advertising. If you do not wish to receive any advertising, you have the right to object to this at any time; this also applies to profiling provided that it is associated with such direct advertising. We will comply with this objection for the future. We will no longer process your data for direct advertising purposes if you object to processing for these purposes.Objections can be made informally and should preferably be addressed to:Phoenix Mecano Komponenten AG
– Data Protection Officer –
CH-8260 Stein am Rhein
D-32457 Porta Westfalica
Postfach 20 04 44
Fax: +49 211/38424-10