Privacy Policy for Customers and Suppliers

in accordance with Art. 13 and 14 of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

Data protection is an important matter to us. In the following we would like to inform you about how we process your data and what your rights are.
Contact is generally the result of a business card being presented or by means of inquiries and offers via post, Email or telephone.  If the initial contact attempt was accepted by you, we equate that as consent in accordance with Art. 6 (1)(a) of the GDPR.


1. Who is responsible for the processing of your personal information (responsible in the context of the GDPR)?  

Amaro GmbH
Rodendamm 33 · 28816 Stuhr-Brinkum
Germany
T +49 421/6967800
logistics@remove-this.amaro-bremen.de

hereinafter referred to as "we", is the responsible entity in the context of the General Data Protection Regulation "GDPR".


2. Data Protection Officer

In regards to all questions connected with the processing of your personal information as well as the exercise of your rights in accordance with the GDPR, you can contact our Data Protection Officer (DPO).

Thorsten Wenzel
c/o Wenzel Marine GmbH & CO. KG
Rodendamm 25 · 28816 Stuhr-Brinkum
Germany
T +49 421/95925-0
privacy@remove-this.amaro-bremen.de


3. For what purposes and according to which legal basis do we process personal information?

Your personal information is processed in accordance with the legal provisions of the General Data Protection Regulation (GDPR, the German Federal Data Protection Act (BDSG) and other relevant data protection regulations. The processing and usage of individual pieces of information depends on the agreed or requested supplier service or service provision. For further details, supplements and amendments concerning the purposes of the processing, you can refer to our contractual agreements, forms, declarations of consent and other information that has been made available to you (e.g. on the website or in the General Business Terms and Conditions).

3.1 Consent (Art. 6(1)(a) GDPR)
If you have given us your consent to process your personal information, then this serves as the respective legal basis for the processing therein described. You can withdraw this consent at any time with effect for all future actions.

3.2 Fulfilment of contractual obligations (Art. 6 Abs. 1 lit b GDPR))
We process your personal information in order to carry out our agreements with you particularly in the framework of processing our orders and quotations/bids and/or the use of services. Moreover, your personal information is processed for implementation of measures and activities within the framework of precontractual relationships.

3.3 Fulfilment of legal obligations (Art. 6(1)(c) GDPR)
We process your personal information if this is necessary for fulfilment of legal obligations (e.g. trade and tax legislation). Furthermore, we process your data, if needed, for fulfilment of tax-related monitoring and reporting requirements. Moreover, it may be required to disclose personal information in the framework of regulatory/judicial measures for purposes of evidence collection, law enforcement or execution of civil law claims.

3.4 Justified interest by us or third parties (Art. 6(1)(F) GDPR)
We may also use your personal information on the basis of balancing of interests in order to safeguard the our legitimate interests or those of third parties. This takes place for the following purposes:

  • • For advertising or market research, insofar that you do not object to such usage of your data.
  • • For the obtainment of information and the data exchange with credit bureaus for assessment of our financial risk.
  • • For the satisfaction of legal claims and dispute-related defence.
     

4. Which categories of personal information do we process and where does the data come from?

The following data types are processed:

  • • Personal data (name, company and similar data) • Contact data (address, Email address, telephone number and similar data)
  • • Supplier and customer history 
     

5. What categories of recipients are there?

We forward your personal information within our company to the departments which require this data for fulfilment of contractual and legal obligations and/or for implementation of our legitimate interests.
In addition, the following agencies may receive your data:

  • Service providers utilised by us to process orders (Art. 28 of GDPR), particularly IT services, support/maintenance of EDP/IT applications, archiving, document processing, purchasing/procurement, customer management, marketing, billing, auditing services, logistics.
  • Public authorities and institutions to which we are obligated to submit information reports or forward data due to the existence of legal or regulatory obligations or the dissemination of data lies in the public interest •
  • Bodies and institutions in connection with our legitimate interests or the legitimate interests of third parties for purposes named in the context of Clause 3.4 (e.g. to government authorities, credit bureaus, collection agencies, lawyers, courts, appraisers); •
  • Other agencies for which you have given us your consent for data transferal


6. Is the transmission to a third country envisioned?

No transfer to third countries will occur.


7. How long will your data be stored?

Insofar as required, we process your personal information for the duration of our business relationship; this also includes the initiation and settlement of a contract.
Moreover, we are subject to various retention and documentation obligations, which are due to , among others, the German Commercial Code (HGB). The periods therein prescribed for retention or documentation are up to ten years after the end of the business relationship or the precontractual legal relationship.

The storage duration is also ultimately gauged according to the legal period of limitation, for example, according to the German Civil Code (BGB) §§ 195 et seq. which is generally three years, but which in certain cases can also be up to thirty years.


8. What are your rights?

Depending on the situation of the individual case, you have the following data privacy rights as our customer or supplier, the exercise of which you can contact us or our Data Protection Officer at any time and which relate to the data named in Clause 1 and 2:

a. Information
You have the right to receive information about personal data processed by us as well as access to your personal data and/or to request copies of this data. This includes information about the purpose of usage, the category of the used data, the recipients and access-authorised parties, as well as, if possible, the planned duration of data storage or, if this is not possible, the criteria applied to determine the duration.

b. Reporting
You have the right to request us to immediately correct incorrect personal information pertaining to you. Taking into consideration the purpose of the processing, you have the right to request the supplementation of incomplete personal information – even by means of a supplementary explanation.

c. Right of objection
Insofar that the processing of personal information pertaining to you occurs on the basis of Art. 6(1)(f) of the GDPR, you have the right, due to reasons resulting from your particular situation, to lodge an objection at any time against the processing of this information. We will cease to process this personal information unless we can provide compelling legitimate reasons for the processing which outweigh your interests, rights and liberties, or the processing is used for the satisfaction, exercise of or defence of legal claims.

d. Right of revocation
If the processing is based on consent, then you have the right at any time to revoke the consent without affecting the legality of the processing that occurred up to the point of revocation and which took place due to the consent. In regards to this, you can contact us or our Data Protection Officer at any time under the aforementioned contact information.

e. Right of deletion
You have the right to request us to immediately delete personal information pertaining to you and we are obligated to delete such personal information without undue delay insofar as one of the following reasons applies:

  • The personal information is no longer necessary for the purposes for which it was collected or handled in some other way.
  • You lodge an objection against the processing as per the aforementioned Number 8.c and none of the overriding reasons justifying processing exists.
  • The personal information was illegally processed.

 This does not apply if the processing is necessary:

  • For fulfilling a legal obligation whose processing is required according to the legislation of the Union or the Member State to which we are subject.
  • For satisfaction, exercise of or defence of legal claims.

f. Right to restriction of processing
You have the right to request restrictions concerning the processing, if one of the following conditions exists:

  • The accuracy of the personal data is contested by you, and namely for a period that enables us to verify the correctness of the personal information,
  • The processing is unlawful and you reject the deletion of personal information and request rather that the usage of the personal information be restricted;
  • We no longer need the personal information for the purpose of the processing, however, you require such for the establishment, exercise of or defence of legal claims, or
  • You have lodged an objection against the processing as per the aforementioned Number 8.c and it is still uncertain whether our justifying reasons outweigh yours.

If you have enacted a restriction of processing, then we will inform you before the restriction is lifted.

g. Right of appeal
Regardless of any ulterior regulatory or judicial remedy, you have the right to file a complaint with a supervisory body, particularly in the Member State of your domicile, your workplace or the place of the alleged infringement, if you are of the opinion that the processing of the personal information pertaining to you violates the GDPR.

The competent supervisory body for us is:

The Office for Data Protection for the State of Lower Saxony
Prinzenstr. 5 · 30159 Hannover
T +49 (0511) 120 45 00
F +49 (0511) 120 45 99
poststelle@remove-this.lfd.niedersachsen.de
 

9. No automated decision-making  

No automated decision-making takes place in the context of Art. 22 of the GDPR.
 

10. General notes on data protection

Please also observe our general notes on data protection in regards to usage of our web presence under the following link: www.amaro-bremen.de/en/data-protection/