Overview of how we process your personal data

Responsible body (acc. to Art. 4 (7) GDPR):

Bihl+Wiedemann GmbH, Flosswoerthstrasse 41, 68199 Mannheim, Germany

Legal representative (= Management):

Jochen Bihl and Bernhard Wiedemann

Data Protection Officer:

Carina Stolz (mein-datenschutzbeauftragter.de)
datenschutz@bihl-wiedemann.de

Designation of the processing activity:

Personal data is processed in order to fulfil pre-contractual and contractual obligations. If necessary, we also process personal data of other third parties (Coface) for the execution of contracts or based on prior consent.

Responsible departments:
In order to fulfil pre-contractual and contractual obligations, data is processed exclusively in crucial departments according to the need-to-know principle.

Type of processing:

ERP system, CRM system, email for correspondence purposes

Place of processing:
All CRM, ERP and email data is stored in our own data centre in Mannheim / Germany. Access control, backup and archiving processes are based on the IT Baseline Protection Catalogue of the Federal Office for Information Security (BSI)

Intended purpose:

Personal data is processed in order to fulfil pre-contractual and contractual obligations.

Change of purpose:

Any change of purpose requires prior consent. It is obligatory to use the data for the intended purpose only.

Lawfulness of processing, Art. 6 GDPR:

• Consent (Art. 6 (1) lit. a, Art. 7)
• Contract or contract initiation (Art. 6 (1) lit. b)
• Purposes of the legitimate interests pursued by the controller or by a third party (Art. 6 (1) lit. f)
  
  

Necessity and proportionality:

The lawfulness is based not only on the principles of "proportionality" (Art. 5 (1) lit. b), "transparency" (Art. 5 (1) lit. a), "data minimisation" (Art. 5 (1) lit. c), "accuracy" (Art. 5 (1) lit. d), "storage limitation" (Art. 5 (1) lit. c) and "integrity and confidentiality" (Art. 5 (1) lit. f), but also, and in particular, on the purpose limitation principle (Art. 5 (1) lit. b).

Is there a high risk to the rights and freedoms of natural persons acc. to Art. 35?:

No particularly sensitive data whatsoever is collected or stored at any time.

Circle of affected groups of people:

Customers, leads, suppliers

Types of data or data categories stored:

• Billing information

• Contact data

• Credit information

• IT usage data/log data/log files

• IP address

• Surname / name / salutation / title

• Contractual data

• Contract master data

• Payment data

• Email address

• Telephone number

Internal recipients (members of the responsible body):

To fulfil pre-contractual and contractual obligations, data is processed in the following departments:

• Internal Sales (to channel general enquiries)
• Sales (to maintain and expand the business relationship)
• Order Processing (for orders)
• Shipping (to process the shipment of products)
• Accounting (for accounts)
• Purchasing (to channel general enquiries, maintain and expand supplier relationships, during order processing)

Storage duration:

The deletion period derives from the German commercial code (HGB).

Frequency of process testing:

annually