3) Purposes and Legal Bases of Processing
a) Visiting this website
When you visit this website, log files are generated containing the following information:
- The website from which you visit our site;
- The IP address;
- The date and time of access;
- The client request;
- The http response code;
- The data volume transmitted;
- The information about the type of browser and operating system you are using.
Recipients/Categories of Recipients
Each time that a user accesses this website and each time a file is accessed, we, and in some cases, third parties save log files documenting this process; this serves exclusively to protect our systems and to prevent improper and/or fraudulent behavior.
Storage Time/Criteria for Determining Storage Time:
Storage time is 7 days.
b) For the Performance of Contractual Obligations (Article 6(1)(b) GDPR)
The purposes of processing follow from the need to take steps prior to entering into a contract, in advance of a contractual business relationship and to perform obligations under an existing contract.
c) For Compliance with a Legal Obligation (Article 6(1)(c) GDPR)
The purposes of processing follow from statutory requirements in the individual case. Such legal obligations include, e.g., complying with retention and identification obligations, e.g., in the context of anti-money laundering requirements, tax monitoring and reporting requirements and data processing in the context of requests from authorities.
d) For the Purposes of Legitimate Interests (Article 6(1)(f) GDPR)
It may be necessary to process your personal data beyond the actual performance of the contract. Legitimate interests in this case include, in particular, selecting suitable business partners, conducting research on prospective business partners, e.g., to ensure that compliance requirements and the like are met, including one-off checks against EU sanctions lists (see EC Regulations No 2580/2001 and No 881/2002) beforehand and in cases of doubt involving the processing in particular of name/company name, registered office and sector as well as ad hoc checks against sanctions lists for other countries, asserting legal claims, defending against liability claims, avoiding legal risks and financial detriment (including for third parties), protecting our IT infrastructure, managing system access authorizations, data access controls, other internal administrative purposes (such as optimizing processes and workflows, ensuring data quality), sending the invitation to provide feedback you previously agreed to provide about your contact at the companies of Schwarz Group, if necessary, obtaining feedback from our employees on the services provided by you (e.g. training and seminars), conducting and facilitating communication (e.g. web meetings, telephone, etc.) and contact via our Group-wide user directory, clarifying potential compliance violations, preventing crimes and settling claims arising out of the business relationship.
If you report potential compliance violations to us, we also process this information on the basis of Article 6(1)(f) GDPR. Our legitimate interest lies in investigating potential compliance violations.
At the time of contracting, we occasionally obtain data on your credit history from credit agencies to serve the aforementioned legitimate interests. We use the credit history information from the credit agencies to assess your creditworthiness. Credit agencies store data that they receive from banks or companies, for example. Such data includes in particular last name, first name, date of birth, address and information on payment history. Information on the data stored about you can be obtained directly from the credit agencies.
If you provide us with your e-mail address in connection with the sale of a product or service, you will receive information about similar PreZero products or services on the basis of legitimate interests pursuant to Art. 6 (1) (f) GDPR, within the boundaries of § 7 (3) UWG (Act against unfair competition). You can object to this use of your e-mail address at any time by replying to one of the e-mails or by contacting the address given in the e-mail as the contact address, without incurring any costs other than the transmission costs according to the basic tariffs. If you accept our offer of contract by means of digital signature (e.g., Adobe Sign), we process your data, such as in particular e-mail address, IP address as well as the time and date of any modifications you make to the respective contract document, for instance when you approved, displayed or digitally signed it. We have a legitimate interest in ensuring that the process for signing contracts digitally is fast and efficient and that the signing process can be logged for verification purposes. Certain contracts may also be signed using a so-called qualified electronic signature. In this case we also process the certificate data associated with your signature in addition to the aforementioned data. We have a legitimate interest in being able to verify whether you are able to provide a valid qualified electronic signature serving to replace any written form prescribed by statute. To use a qualified electronic signature, you must independently register with a trust service provider (e.g., D-TRUST/Bundesdruckerei). When you register, the respective provider will process your data under its own responsibility and not on our behalf, however.
If you, as an employee of a business partner company that provides services for PreZero using the Frontify platform, have a Frontify account, your business contact data provided there as well as the account user data will be processed on the basis of legitimate interests.
If you as a citizen/customer contact PreZero by mail, e-mail, telephone or contact form with a concern, we will use your contact data (in particular name, address, e-mail address, telephone number) and any other substantive information you provide us with, to classify and respond to your request if necessary.
In addition, we occasionally process personal data to document key milestones and events in the development of the companies of Schwarz Group in order to chronicle its corporate history.
Furthermore, we process your personal data in the context of complaints cases, legal disputes, insurance claims and similar circumstances in which you are directly or indirectly involved, e.g. as a lawyer, expert, treating doctor or health insurance company of possible claimants or injured parties or opposing parties.
e) On the Basis of Your Consent (Article 6(1)(a) GDPR; section 25 (1) TDDDG)
If you have consented to receive our newsletter or marketing e-mails, we will use your data (e-mail address and (optionally) your first and last name) for the purposes of sending you offers, marketing materials (e.g., white papers, e-books), information about events and press information from the companies of the PreZero Group (e.g., OutNature GmbH, PreTurn GmbH).
We also use tracking mechanisms to record your usage behavior in e-mails (receipt, opening, clicking on links) (received, opened, link clicked) for the purpose of evaluating and optimizing our marketing e-mails.
The legal basis for such processing is your consent pursuant to Article 6(1)(a) GDPR, section 25 (1) of the German Telecommunications Digital Services Data Protection Act (Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz – "TDDDG").
To ensure that no mistakes are made when entering the e-mail address, we use the "double opt-in" procedure: once you enter your e-mail address in the registration field, we will send you a confirmation link. Your e-mail address will not be added to our distribution list until you click on the confirmation link.
You may withdraw your consent at any time with prospective effect via the link provided at the end of every e-mail and unsubscribe from all communication from PreZero or change your preferences. You will also find the link to unsubscribe or change your preferences at the end of every newsletter.
When you unsubscribe, we consider your consent to an e-mail subscription and the recording of your usage behavior as withdrawn. We will delete your usage data. Any such withdrawal of consent shall not affect the lawfulness of data processing prior to receiving the notice of withdrawal.