Overview of how we process your personal data
Information about the controller
Responsible body (acc. to Art. 4 (7) GDPR):
Bihl+Wiedemann GmbH, Flosswoerthstrasse 41, 68199 Mannheim, Germany
Legal representative (= Management):
Jochen Bihl and Bernhard Wiedemann
Data Protection Officer:
Carina Stolz (mein-datenschutzbeauftragter.de)
Basic information on data processing
Designation of the processing activity:
Personal data is processed in order to fulfil pre-contractual and contractual obligations. If necessary, we also process personal data of other third parties (Coface) for the execution of contracts or based on prior consent.
In order to fulfil pre-contractual and contractual obligations, data is processed exclusively in crucial departments according to the need-to-know principle.
Type of processing:
ERP system, CRM system, email for correspondence purposes
Place of processing:
All CRM, ERP and email data is stored in our own data centre in Mannheim / Germany. Access control, backup and archiving processes are based on the IT Baseline Protection Catalogue of the Federal Office for Information Security (BSI)
General data protection requirements of the GDPR
Personal data is processed in order to fulfil pre-contractual and contractual obligations.
Change of purpose:
Any change of purpose requires prior consent. It is obligatory to use the data for the intended purpose only.
Lawfulness of processing, Art. 6 GDPR:
- Consent (Art. 6 (1) lit. a, Art. 7)
- Contract or contract initiation (Art. 6 (1) lit. b)
- Purposes of the legitimate interests pursued by the controller or by a third party (Art. 6 (1) lit. f)
Necessity and proportionality:
The lawfulness is based not only on the principles of "proportionality" (Art. 5 (1) lit. b), "transparency" (Art. 5 (1) lit. a), "data minimisation" (Art. 5 (1) lit. c), "accuracy" (Art. 5 (1) lit. d), "storage limitation" (Art. 5 (1) lit. c) and "integrity and confidentiality" (Art. 5 (1) lit. f), but also, and in particular, on the purpose limitation principle (Art. 5 (1) lit. b).
Is there a high risk to the rights and freedoms of natural persons acc. to Art. 35?:
No particularly sensitive data whatsoever is collected or stored at any time.
Collection of data
Circle of affected groups of people:
Customers, leads, suppliers
Types of data or data categories stored:
IT usage data/log data/log files
Surname / name / salutation / title
Contract master data
Recipients or categories of recipients with whom the data can be shared
Internal recipients (members of the responsible body):
To fulfil pre-contractual and contractual obligations, data is processed in the following departments:
- Internal Sales (to channel general enquiries)
- Sales (to maintain and expand the business relationship)
- Order Processing (for orders)
- Shipping (to process the shipment of products)
- Accounting (for accounts)
- Purchasing (to channel general enquiries, maintain and expand supplier relationships, during order processing)
Standard terms for data deletion
The deletion period derives from the German commercial code (HGB).