Data protection information
In the following we inform you about the processing of your personal data by us in the context of order/contract processing and the claims and rights to which you are entitled under data protection regulations.
Data protection is important to us! This is why we only ever collect and process your personal data in accordance with the statutory provisions. With these explanations, we would like to fulfil our information and transparency obligations with regard to the collection and processing of your personal data. Which personal data we process from you is determined by the respective business relationship.
With regard to the collection of personal data when using our website and the functions provided on it, we refer you to our separate privacy policy, available at: https://www.api.de/datenschutz
1.Name and contact details for the person responsible for processing and for the company's data protection officer.
This data protection information applies to data processing by:
api GmbH
Robert-Koch-Str. 7-17
52499 Baesweiler
(following: api),
Telefon: 0241 / 9170-0
Telefax: 0241 / 9170-600
E-Mail: info@api.de
The data protection officer at api can be contacted at the above address, for the attention of: Data Protection Officer, or at dsb@api.de.
2. Collection and storage of personal data as well as the type and purpose and use
a. We generally collect your data directly from you. As a rule, you provide us with this data with your order and/or as part of the business relationship. We only collect the data necessary for the respective contractual purpose. Any additional information is voluntary. In certain cases, however, we may receive personal data from third parties (e.g. logistics service providers, manufacturers, etc.) if this is necessary for the fulfilment of our business relationship.
Relevant personal data includes personal details (in particular name, postal address, communication data and date of birth). In addition, this may also include order data (e.g. data from a payment order), data from the fulfilment of our contractual obligations (e.g. data for payment transactions), advertising, customer satisfaction survey and sales data, documentation data (e.g. conversation and consultation protocols), data about your use of our digital products (e.g. times of access and use of our websites, apps or newsletters, pages clicked on by us or entries) and other data comparable to the categories mentioned.
In addition, data from the following categories that are collected in the course of the business relationship may also be used:
- customer data such as name, address, home, date of birth
- data for billing (different billing address), change to bank data for payment management
- contract / service data (e.g., order, different delivery address)
- communication data for initiating and maintaining a contractual relationship via electronic means of communication, e.g., email address, telephone and/or mobile phone number, fax number
- voluntary information about specific service requests
- information about consent for advertising, use of your email address or phone number for advertising and for creating profiles
- access data and contact provided when using the customer portal
- anonymous or pseudonymised data for separate statistical analyses and marketing reports
By contrast, if necessary, we also process personal data that we have acquired lawfully from publicly available sources (e.g. company or association register, internet, other media, etc.) and are allowed to process.
b. We collect and process your data in accordance with the statutory provisions, in particular the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) as well as other legal bases (such as the German Telemedia Act (TMG) in the area of electronic communication) for the following purposes:
1) to fulfil contractual obligations (Art. 6 (1) b GDPR)
The processing of personal data (Art. 4 No. 2 GDPR) is performed for the following purposes:
- to process offers and orders, notably in the form of project applications
- settlement of warranty and guarantee cases
- to provide and broker additional offers (e.g. newsletter orders, participation in competitions or the like), notably in order to implement these measures with you and to carry out your orders.
Further details about the purpose of data processing can be found in the respective contract documents and terms and conditions.
2) as part of the balancing of interests (Art. 6 (1) f GDPR)
If necessary, we process your data beyond the actual fulfilment of the contract to protect our legitimate interests or those of third parties. Examples:
- testing and optimisation of procedures for demand analysis and direct customer approach, incl. customer segmentation and calculation of purchase probabilities
- reporting to manufacturers/suppliers for process optimisation, transmission of product sales
- advertising or market and opinion research, insofar as you have not objected to the use of your data
- assertion of legal claims and defence in case of legal disputes
- measures for business management and further development of services and products, including those of the manufacturers
- consultation of and data exchange with credit agencies (e.g. SCHUFA in order to determine creditworthiness or default risks and current addresses)
- guaranteeing IT security
- preventing and investigation of crimes
In addition, we reserve the right to transmit your data to third parties for billing purposes and/or within the framework of the realisation/enforcement of claims, e.g. as part of an assignment of claims, factoring and/or as part of debt collection and/or debtor management. Your data is processed by third parties for the purposes of realisation and implementation of claims. The legal basis for this processing is Art. 6 (1) f GDPR; the legitimate interests consist in the enforcement/realisation of the claims in favour of the responsible person or of the third party.
3) Based on your consent (Art. 6 (1) a GDPR.
If you have given us your consent to process personal data for certain purposes (e.g. forwarding data to cooperation partners), this processing is lawful on the basis of your consent. Granted consent can be revoked at any time.
If you have expressly consented, we also use your data for sales and marketing information about our products that we send you via electronic channels (e.g. email, telephone, fax, SMS, Messenger, etc.) (Art. 6 (1) a GDPR, s. 7 UWG).
Please note that revocation only applies to the future. Processing performed before revocation is therefore not affected by it.
4) Based on statutory requirements (Art. 6 (1) c GDPR) or in the public interest (Art. 6 (1) e GDPR)
As a company, we are also subject to various legal obligations, i.e. statutory requirements (e.g. tax laws, UWG, etc.). Among other things, the purposes of processing may include the prevention of fraud and money laundering, the fulfilment of control and reporting obligations under tax law, the assessment and management of risks and the provision of information to authorities.
3. Forwarding data to third parties
a. Within our company, access to your data is granted to those departments that need it to fulfil the above-mentioned purposes, especially our contractual obligations. In order to provide our contractual services, we may use companies affiliated with api GmbH as defined in s. 15 AktG as well as selected service providers (processors, Art. 28 GDPR) and vicarious agents who may have access to your data to the extent necessary and use it to fulfil the orders we have placed. These are companies, for example, in the categories of suppliers, IT services, logistics, printing services, telecommunications, debt collection, factoring, consulting, sales, marketing, customer satisfaction surveys and manufacturers. The data protection standards of all service companies commissioned by us are checked before the contract is awarded and they are obliged to comply with the statutory data protection requirements. Data is only forwarded to recipients outside the company if statutory provisions require or allow this or if you have granted consent. These recipients have committed to complying with the statutory requirements, notably of the GDPR.
b. Data may be transferred to third countries (countries outside the European Economic Area - EEA) when customer data is collected. We use Salesforce; data is transferred to Salesforce Inc. Furthermore, data may be transferred to third countries when reporting to manufacturers/suppliers for process optimisation, transmission of product sales and the processing of warranty and/or guarantee cases, insofar as the manufacturer/supplier is based outside the EEA. To this extent, the transfer takes place either on the basis of an adequacy decision in accordance with Art. 45 GDPR, your express, separate consent or the EU standard contractual clauses pursuant to Art. 46 GDPR.
c. If the customer transfers personal data of third parties, it shall comply with the applicable statutory provisions, in particular from Art. 5, 12 et seq. GDPR.
4. Duration of storage
We save your data provided by you (name, postal address, email address and password) until you revoke any granted consent.
Ultimately, we are also subject to various duties of retention and documentation that derive, inter alia, from the German Commercial Code (Handelsgesetzbuch - HGB). The retention and documentation periods specified there are up to 10 years.
Additionally, the storage duration is also based on the statutory expiration periods, which according to sections 195 et seq. German Civil Code (Bürgerliches Gesetzbuch - BGB), are typically 3 years, for example, and in some cases can be up to 30 years.
5. Obligation to provide personal data
Within the framework of our business relationship, you only need to provide the personal data that is required to enter into, establish, execute and, if necessary, terminate a business relationship or contract. If you do not provide this personal data, we will unfortunately have to refuse to conclude the contract or execute the order or will no longer be able to fulfil an existing contract and will have to terminate it if necessary.
6. Subject rights
You have the right:
- according to Art. 7 (3) GDPR, at any time to revoke your consent once given to us. This means that we are no longer permitted to continue the data processing that was based on this consent in the future;
- according to Art. 15 GDPR, to demand information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information on its details;
- according to Art. 16 GDPR, to demand the immediate correction of incorrect data or the completion of your personal data stored by us;
- according to Art. 17 GDPR, to demand the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
- according to Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it for the assertion, exercise or defence of legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;
- according to Art. 20 GDPR, to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format or to request the transmission to another controller;
- according to Art. 77 GDPR, to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or at our registered office.
7. Right to object
a. You have the right to object at any time on grounds relating to your particular situation, to the processing of your personal data which is based on Article 6 (1) e GDPR (data processing in the public interest) and Article 6 (1) f GDPR (data processing on the basis of the balancing of interests); this also applies to profiling based on this provision within the meaning of Article 4 (4) GDPR which we use for advertising purposes.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
b. In specific cases, we process your personal data in order to operate direct marketing. You have the right at any time to object to the processing of your personal data for the purposes of this marketing, This also applies to profiling, insofar as this is connected with such direct marketing.
c. If you object to processing for direct marketing, we will no longer process your personal data for these purposes.
d. If you would like to assert your right of revocation , an email to dsb@api.de is sufficient.
8. Currentness of and change to this data protection information
This data protection information is currently valid as from April 2024.
Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection information. The respective current data protection information can be accessed and printed out at any time from the website at https://www.api.de/datenschutz