Data protection notice

Below we inform you about the processing of your personal data by us in the context of order/contract processing and the claims and rights to which you are entitled under data protection regulations.

Data protection is important to us! That is why we only ever collect and process your personal data in accordance with the statutory provisions. With these explanations, we would like to fulfill our information and transparency obligations with regard to the collection and processing of your personal data. The specific personal data we process from you is determined by the respective business relationship.

With regard to the collection of personal data when using our website and the functions provided on it, we refer you to our separate privacy policy, available at: Data protection

1. Name and contact details of the controller and the company data protection officer

This data protection information applies to data processing by

api GmbH
Robert-Koch-Straße 7-17
52499 Baesweiler

(hereinafter: api),

Telephone: 0241 / 9170-0
Fax: 0241 / 9170-600
Email: info@api.de

api's company data protection officer can be contacted at the above address, for the attention of the data protection officer, or at dsb@api.de.

2. Collection and storage of personal data as well as type and purpose and their use

a. We generally collect your data directly from you. As a rule, you provide us with this data with your order and/or as part of the business relationship. We only collect the data that is necessary for the respective contractual purpose. Any additional information is voluntary. In certain cases, however, we may receive personal data from third parties (e.g. logistics service providers, manufacturers, etc.) if this is necessary for the performance of our business relationship.

Relevant personal data are personal details (in particular name, postal address, communication data and date of birth). In addition, this may also include order data (e.g. data from a payment order), data from the fulfillment of our contractual obligations (e.g. data for payment transactions), advertising, customer satisfaction survey and sales data, documentation data (e.g. conversation and consultation protocols), data about your use of our digital products (e.g. times of access and use of our websites, apps or newsletters, pages clicked on by us or entries) and other data comparable to the categories mentioned.

In addition, data from the following categories, which are collected in the course of the business relationship, may also be used:

  • - Customer master data such as name, address, place of residence, date of birth
  • - Billing data (different billing address), change of bank details for payment processing
  • - Contract / service data (e.g. order, different delivery address)
  • - Communication data for establishing and maintaining a contractual relationship via electronic communication channels, e.g. e-mail address, telephone and/or mobile phone number, fax number
  • - Voluntary information on special service requests
  • - information on consent to advertising, use of your e-mail address or telephone number for advertising and to create profiles
  • - Access data and content provided when using the customer portal
  • - anonymous or pseudonymized data for our own statistical analyses and marketing reports
  • On the other hand, we may also process personal data that we have legitimately obtained from publicly accessible sources (e.g. commercial and association registers, Internet, other media, etc.) and are permitted to process.

b. We collect and process your data in accordance with the statutory provisions, in particular the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) as well as other legal bases (such as the German Telemedia Act (TMG) in the area of electronic communication) for the following purposes:

1) for the fulfillment of contractual obligations (Art. 6 para. 1 b GDPR)

The processing of personal data (Art. 4 No. 2 GDPR) is carried out for the following purposes - to process offers and orders, in particular in the form of project applications - Processing of guarantee and warranty cases - to provide and arrange additional offers (e.g. newsletter orders, participation in competitions, etc.), in particular to carry out these measures with you and to execute your orders.

Further details on the purpose of data processing can be found in the respective contract documents and terms and conditions.

2) as part of the balancing of interests (Art. 6 para. 1 f GDPR)

If necessary, we process your data beyond the actual fulfillment of the contract to protect our legitimate interests or those of third parties. Examples

  • - Testing and optimization of procedures for needs analysis and direct customer approach, including customer segmentation and calculation of purchase probabilities
  • - Reporting to manufacturers/suppliers for process optimization, transmission of product sales
  • - Advertising or market and opinion research, provided you have not objected to the use of your data
  • - Assertion of legal claims and defense in legal disputes
  •  
  • - Measures for business management and further development of services and products, including those of manufacturers
  • - Consultation of and data exchange with credit agencies (e.g. SCHUFA to determine creditworthiness or default risks and current addresses)
  • - Ensuring IT security
  • - Prevention and investigation of criminal offenses

 

In addition, we reserve the right to transfer your data to third parties for billing purposes and/or in the context of the realization/enforcement of claims, e.g. in the context of an assignment of claims, factoring and/or in the context of debt collection and/or debtor management. Your data will be processed by the third parties for the purpose of realizing or enforcing claims. The legal basis for such processing is Art. 6 para. 1 f GDPR; the legitimate interest consists in the enforcement/realization of the claims in favor of the controller or the third party.

3) on the basis of your consent (Art. 6 para. 1 a GDPR)

If you have given us your consent to process personal data for specific purposes (e.g. forwarding data to cooperation partners), this processing is lawful on the basis of your consent. Any consent you have given can be revoked at any time. If you have expressly consented, we will also use your data for sales and marketing information about our products that we send to you via electronic channels (e.g. email, telephone, fax, SMS, messenger, etc.) (Art. 6 para. 1 a GDPR, Section 7 UWG). Please note that a revocation is only effective for the future. Processing that took place before the revocation is not affected.

4) due to legal requirements (Art. 6 para. 1 c GDPR) or in the public interest (Art. 6 para. 1 e GDPR)

As a company, we are also subject to various legal obligations, i.e. legal requirements (e.g. tax laws, UWG, etc.). The purposes of processing may include the prevention of fraud and money laundering, as well as the fulfillment of tax control and reporting obligations, the assessment and management of risks and the provision of information to authorities.

3. Disclosure of data to third parties

a. Within our company, access to your data is granted to those departments that need it to fulfill the above-mentioned purposes, in particular our contractual obligations. In order to provide our contractual services, we may use companies affiliated with api GmbH within the meaning of Section 15 AktG and selected service providers (processors, Art. 28 GDPR) and vicarious agents who may have access to your data to the extent necessary and use it to fulfill the orders placed by us. These are companies in the categories of suppliers, IT services, logistics, printing services, telecommunications, debt collection, factoring, consulting, sales, marketing, customer satisfaction surveys and manufacturers, for example. All service companies commissioned by us are checked for their data protection standards before the contract is awarded and are obliged to comply with the statutory data protection requirements. Data is only passed on to recipients outside the company if this is required or permitted by law or if you have given your consent. These recipients have undertaken to comply with the legal requirements, in particular the GDPR.

b. Data may be transferred to third countries (countries outside the European Economic Area - EEA) when customer data is collected. We use Salesforce, data is transferred to Salesforce Inc. Furthermore, data may be transferred to third countries when reporting to manufacturers/suppliers for process optimization, transmission of product sales and the processing of warranty and/or guarantee cases, provided that the manufacturer/supplier is based outside the EEA. In this respect, the transfer takes place either on the basis of an adequacy decision pursuant to Art. 45 GDPR, your express, separate consent or the EU standard contractual clauses pursuant to Art. 46 GDPR.

c. If the customer transfers personal data of third parties, he undertakes to comply with the applicable legal provisions, in particular from Art. 5, 12 et seq. GDPR.

4. Duration of storage

We store the data you provide (name, postal address, e-mail address and password) for as long as you revoke any consent you may have given.

Finally, we are also subject to various storage and documentation obligations, including those arising from the German Commercial Code (HGB). The retention and documentation periods specified there are up to 10 years.

In addition, the storage period is also based on the statutory limitation periods, which, for example, according to §§ 195 ff. of the German Civil Code (BGB), are generally 3 years, but in certain ases can also be up to 30 years.

5. Obligation to provide personal data

As part of our business relationship, you only have to provide the personal data that is required for the initiation, establishment, execution and, if applicable, termination of a business relationship or contract. If this personal data is not provided, we will unfortunately have to refuse to conclude the contract or execute the order or will no longer be able to perform an existing contract and will have to terminate it if necessary.

6. Rights of data subjects

You have the right:

  • - in accordance with Art. 7 para. 3 GDPR, to withdraw your consent once given to us at any time. As a result, we may no longer continue the data processing based on this consent in the future;
  • - to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
  • - in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us
  • - in accordance with Art. 17 GDPR, to demand the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims
  • - in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR
  • - in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request its transmission to another controller; and
  • - to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our registered office.

7. Right of objection

a. You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(e) GDPR (data processing in the public interest) and Article 6(1)(f) GDPR (data processing on the basis of a balancing of interests); this also applies to profiling based on this provision within the meaning of Article 4(4) GDPR which we use for advertising purposes.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

b. In individual cases, we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising. This also applies to profiling insofar as it is associated with such direct advertising.

c. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

d. If you wish to exercise your right to object, simply send an email to dsb@api.de

8. Topicality and amendment of this data protection information

This data protection information is currently valid and was last updated in April 2024.

Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection information. You can access and print out the current version of the data protection information at any time on the website at: Data protection notice