3) Purposes and Legal Bases of Processing
a) Visiting this website
When you visit this website, log files are generated containing the following information:
- The website from which you visit our site;
- The IP address;
- The date and time of access;
- The client request;
- The http response code;
- The data volume transmitted;
- The information about the type of browser and operating system you are using.
Recipients/Categories of Recipients
Each time that a user accesses this website and each time a file is accessed, we, and in some cases, third parties save log files documenting this process; this serves exclusively to protect our systems and to prevent improper and/or fraudulent behavior.
Storage Time/Criteria for Determining Storage Time:
Storage time is 7 days.
b) For the Performance of Contractual Obligations (Article 6(1)(b) GDPR)
The purposes of processing follow from the need to take steps prior to entering into a contract, in advance of a contractual business relationship and to perform obligations under an existing contract.
c) For Compliance with a Legal Obligation (Article 6(1)(c) GDPR)
The purposes of processing follow from statutory requirements in the individual case. Such legal obligations include, e.g., complying with retention and identification obligations, e.g., in the context of anti-money laundering requirements, tax monitoring and reporting requirements and data processing in the context of requests from authorities.
d) For the Purposes of Legitimate Interests (Article 6(1)(f) GDPR)
It may be necessary to process the personal data you provide for purposes beyond the actual performance of the contract. Legitimate interests in this case include, in particular, selecting suitable business partners, conducting research on prospective business partners, e.g., to ensure that compliance requirements and the like are met, including one-off checks against EU sanctions lists (see EC Regulations No 2580/2001 and No 881/2002) beforehand and in cases of doubt involving the processing in particular of name/company name, registered office and sector as well as ad hoc checks against sanctions lists for other countries, asserting legal claims, defending against liability claims, avoiding legal risks and financial detriment (including for third parties), protecting our IT infrastructure, managing system access authorizations, data access controls, other internal administrative purposes (such as optimizing processes and workflows, ensuring data quality), sending the invitation to provide feedback you previously agreed to provide about your contact at the companies of Schwarz Group, facilitating communication and contact via our Group-wide user directory, clarifying potential compliance violations, preventing crimes and settling claims arising out of the business relationship.
If you report potential compliance violations to us, we also process this information on the basis of Article 6(1)(f) GDPR. Our legitimate interest lies in investigating potential compliance violations.
At the time of contracting, we occasionally obtain data on your credit history from credit agencies to serve the aforementioned legitimate interests. We use the credit history information from the credit agencies to assess your creditworthiness. Credit agencies store data that they receive from banks or companies, for example. Such data includes in particular last name, first name, date of birth, address and information on payment history. Information on the data stored about you can be obtained directly from the credit agencies.
If you provide us with your e-mail address in connection with the sale of a product or service, you will receive information about similar PreZero products or services on the basis of legitimate interests pursuant to Art. 6 (1) (f) GDPR, within the boundaries of § 7 (3) UWG (Act against unfair competition). You can object to this use of your e-mail address at any time by replying to one of the e-mails or by contacting the address given in the e-mail as the contact address, without incurring any costs other than the transmission costs according to the basic tariffs. If you accept our offer of contract by means of digital signature (e.g., Adobe Sign), we process your data, such as in particular e-mail address, IP address as well as the time and date of any modifications you make to the respective contract document, for instance when you approved, displayed or digitally signed it. We have a legitimate interest in ensuring that the process for signing contracts digitally is fast and efficient and that the signing process can be logged for verification purposes. Certain contracts may also be signed using a so-called qualified electronic signature. In this case we also process the certificate data associated with your signature in addition to the aforementioned data. We have a legitimate interest in being able to verify whether you are able to provide a valid qualified electronic signature serving to replace any written form prescribed by statute. To use a qualified electronic signature, you must independently register with a trust service provider (e.g., D-TRUST/Bundesdruckerei). When you register, the respective provider will process your data under its own responsibility and not on our behalf, however.
If you, as an employee of a business partner company that provides services for PreZero using the Frontify platform, have a Frontify account, your business contact data provided there as well as the account user data will be processed on the basis of legitimate interests. If you as a citizen/customer contact PreZero by mail, e-mail, telephone or contact form with a concern, we will use your contact data (in particular name, address, e-mail address, telephone number) and any other substantive information you provide us with, to classify and respond to your request if necessary.
In addition, we occasionally process personal data to document key milestones and events in the development of the companies of Schwarz Group in order to chronicle its corporate history.