1. Who is responsible for data processing and who can I contact in this regard?
The responsible party is VISTA Geowissenschaftliche Fernerkundung GmbH, Gabelsbergerstr. 51, D – 80333 Munich, E-Mail: email@example.com, Tel: +49 89 45 21 614 0.
The external Data Protection Officer at VISTA GmbH can be reached at the above address or by email at firstname.lastname@example.org.
2. What type of data is processed and from which sources does this data come?
We process data that we receive from you during our initial business contact and business relationship. In addition, we duly process data that we receive from credit agencies, creditor protection associations, publicly accessible sources (e.g. company register, register of associations, land register, media), and other companies with which we maintain long-standing business relations.
Personal data includes:
Your master/contact data such as:
- as a private customer: first and last name, address, contact details (email address, telephone number, fax), date of birth, details from proof of identity provided (copy of ID), bank details;
- as a corporate client or supplier: name of legal representative, company, commercial register number, VAT ID number, company number, address, contact details for point of contact (email address, telephone number, fax), bank details.
Furthermore, we also process the following additional personal data:
- information about the nature and content of our business relationship such as contractual data, order data, sales and document data, customer and supplier history, consultation documents, vehicle data,
- information about your financial status (e.g. credit rating data),
- advertising and sales data,
- documentation data (e.g. code of conduct), image data,
- information from your electronic communications with VISTA (e.g. IP address, login data),
- other data that we receive from you as part of our business relationship (e.g. in customer talks),
- data that we generate ourselves from master/contact data and other data, e.g. through customer requirement and customer potential analyses,
- documentation of your declaration of consent for the receipt of e.g. newsletters,
- photos taken at public events.
3. For which purposes and on what legal basis is the data processed?
We process your data in accordance with the latest provisions contained in the General Data Protection Regulation (GDPR) and the Federal Data Protection Act of 2018 (BDSG 2018):
- to fulfil (pre-)contractual obligations (Art. 6 Sec. 1 letter b of the GDPR):
Your data are processed for the sale and distribution of our goods and services, for procurement and logistics purposes, and for supplier and customer management and analysis. In particular, the data are processed when initiating business contact and when executing contracts with you, for example, in the following cases:
- creation and management of customer accounts or supplier accounts,
- delivery of orders,
- participation in competitions,
- sending of information, e.g. catalogue request.
- to fulfil legal obligations (Art. 6 Sec. 1 letter c of the GDPR):
Your data must be processed in order to fulfil various legal obligations, e.g. from the commercial code or tax code, anti-money laundering legislation, product-specific regulations such as the Ordinance on Hazardous Substances.
- to safeguard legitimate interests (Art. 6 Sec. 1 letter f of the GDPR):
With respect to a balancing of interests, we can process data beyond the actual fulfilment of the contract in order to safeguard legitimate interests of ourselves or of third parties. Data are processed for the safeguarding of legitimate interests in the following cases, for example:
- consultation of and exchange of data with credit agencies and creditor protection associations so as to determine credit rating data and manage a group-wide credit rating database in order to identify financial default risks in common customers;
- advertising or marketing;
- measures to control business processes and develop services and products;
- management of a customer database to improve customer service;
- measures to protect VISTA locations from conduct that is unlawful or in breach of contract, e.g. access controls, video monitoring;
- in the pursuit of legal prosecution.
- in terms of your consent (Art. 6 Sec. 1 letter a of the GDPR):
If you grant us your consent to the processing of your data, this shall only be done according to the purposes specified in the declaration of consent and to the extent agreed therein. Informed consent can be revoked at any time with future effect, e.g. newsletter subscription.
4. Processing personal data for promotional purposes
We also use your personal data in order to communicate with you about your orders, specific products, or marketing campaigns, and to recommend products or services that might be of interest to you.
You can object to the use of your personal data for promotional purposes at any time, either entirely or in certain cases, without any costs arising beyond the basic costs of transmission. Please refer to the contact opportunity of VISTA listed under point 1 in this regard.
Product recommendations by email
VISTA is authorised, under the legal requirements of Section 7 Par. 3 of the Unfair Competition Act (UWG), to use the email address provided to us by you when ordering a product or service for direct marketing of its own similar products or services. You shall receive these product recommendations irrespective of whether you have subscribed to the newsletter.
If you no longer wish to receive product recommendations from us by email, you can object to the use of your email for this purpose at any time, without any costs arising beyond the basic costs of transmission. Please refer to the contact opportunity of VISTA listed under point 1 in this regard. An unsubscription link is of course always included in every email.
We use the so-called double opt-in procedure for sending the newsletter, i.e. we will only send you a newsletter by email if you have expressly confirmed to us beforehand that we should activate the newsletter service. We will then send you an email notification and ask you to confirm that you would like to receive our newsletter by clicking a link contained in this email.
If you no longer wish to receive the newsletter from us, you can object to this at any time, without any costs arising beyond the basic costs of transmission. Notification in written text to the contact opportunity of VISTA listed under point 1 is sufficient here. An unsubscription link is of course included in every newsletter.
5. Processing credit rating information
Managing a group-wide credit rating database
If we, within the scope of legal admissibility, collect credit rating data about you from a credit agency, we shall save this information in a system to which affiliates participating in BayWa credit management have access. The objective here is to facilitate processing and identify financial default risks in common customers. The credit rating database may only be accessed if there is a legitimate interest on the part of the respective affiliate.
6. Who receives my data?
If we use a service provider to process data on our behalf, we shall still be responsible for protecting your data. All such data processors are contractually obligated to treat your data as confidential and only process it to the extent necessary to provide the service. The data processors commissioned by us shall receive your data provided that they require these data to render their respective service. These include IT service providers, which we require for the operation and security of our IT system, and commercial and directory publishers for our own advertising campaigns.
Your data shall be processed in the VISTA customer database. The VISTA customer database helps to increase the quality of existing customer data (clean-up of duplicate entries, moved out/died indicator, correction of addresses) and enrich it with information from public sources.
If an offer is submitted or a sale takes place via manufacturer portals, data provided by you shall be processed directly in the manufacturer’s portal.
If there is a legal obligation and legal prosecution is pursued, authorities, courts, and external auditors can all become recipients of your data.
On top of this, for the purpose of initiating or fulfilling the contract, insurance companies, banks, credit agencies, and service providers can also become recipients of your data.
7. For how long are my data stored?
We process your data up until the business relationship ends or until the applicable warranty periods, guarantee terms, periods of limitation, and statutory retention periods have lapsed (for example, from the commercial code or tax code); additionally, until any disputes where this data are required as proof have concluded.
8. Processing of applicant data
If you submit your application to us via the applicant portal, we shall save your personal data in a secure operating environment to protect them from loss or misuse. Your applicant data shall only be made accessible to authorised persons involved in the application process at VISTA, e.g. in the event that you might be offered an alternative position. After the application process has concluded (i.e. after you have received confirmation of acceptance or rejection from us), we shall save your data for a maximum of nine months. You can request an earlier deletion of your data, but not before five months have elapsed after the conclusion of the application process, because we need to save your data for this period in order to satisfy the legal requirements pertaining to the proper processing of an application and to be able to answer any questions relating to your application and/or its rejection that might arise. If you wish to have your data deleted after this five-month period has expired, please send an email to email@example.com.
9. Communication by email
Please note that sending unencrypted emails is regarded as unsafe because unauthorised parties may gain access to the email’s contents and possibly manipulate it. We therefore recommend that you do not send any sensitive information when communicating with us by email.
10. What data are collected when visiting this website?
Analysis tools are used on our website to collect general information about visitors’ usage behaviour. Such information includes, for example, pages accessed, length of visit, referring sites, and general information on your computer system, such as operating system, screen resolution, browser used, etc. All data collected are saved with anonymisation and cannot be assigned to you personally. If you wish to revoke your consent to this anonymised collection of your usage behaviour, you can do so by disabling cookies in your browser.
Profiling when visiting this website
In all of these cases, automated decision-making does not take place within the meaning of the GDPR.
11. Are personal data transmitted to non-member states?
In principle, we do not transmit data to non-member states. In individual cases, data are transmitted only as a result of an adequacy decision from the European Commission, standard contractual clauses, appropriate guarantees, or your express consent.
12. What are my data protection rights?
You have the right to information, rectification, erasure, or restriction of the processing of your stored data, the right to object to the processing of your data, the right to data portability, and the right of complaint in accordance with the provisions of Data Protection Law, at any time.
Right to information:
You may demand confirmation from us as to whether and to what extent we process your data.
Right to rectification:
If we process your personal data, and if it is incomplete or incorrect, you may demand, at any time, that we correct or supplement it.
Right to erasure:
You may demand that we delete your personal data if we process it illegally or if such processing disproportionately interferes with your justified interest of protection. Please note that there may be reasons that prevent an immediate deletion, e.g. statutory retention obligations.
Irrespective of your right to erasure, we will delete your data immediately and completely unless such action is prevented by an applicable contractual or legal retention period.
Right to restriction of processing:
You may demand that we limit the processing of your data if
- you dispute the accuracy of the data, that is for such a period of time that we can verify its correctness;
- processing the data is illegal, but you are opposed to its deletion and demand limitation of its use instead;
- we no longer need the data for the intended purpose, but you still need them to assert or defend any claims; or
- you have filed an objection against the processing of the data.
Right to data portability:
You have the right to receive the data, which you have provided to us, in a structured, commonly used, and machine-readable format, and have the right to transmit these data to another responsible party without hindrance from us, provided that:
- we process these data on the basis of a revocable declaration of consent provided by you or to perform a contract concluded between us; and
- the processing is carried out by automated means.
If technically feasible, you have the right to have your data transmitted directly to another responsible party by us.
Right to object:
If we process your data on the basis of legitimate interests, you have the right to object to this processing, on grounds relating to your particular situation, at any time; this also applies to profiling based on these provisions. We shall then no longer process your data unless we can demonstrate compelling, legitimate grounds for its processing, which override your interests, rights, and freedoms or for the establishment, exercise, or defence of legal claims. You have the right to object to the processing of your data for direct marketing purposes at any time, without stating a reason.
Right of complaint:
If you believe that we are processing your data in violation of German or European data protection law, please contact us to clear up any questions. You are of course entitled to file a complaint with the supervisory authority responsible for VISTA and BayWa AG, the Bavarian Data Protection Authority (BayLDA).
If you want to assert any of the above-mentioned rights vis-à-vis our company, please refer to the contact opportunity of VISTA listed under point 1. In cases of doubt, we may request additional information to confirm your identity.
13. Am I obligated to provide data?
The processing of your data is required in order to conclude or fulfil the contract that you have entered into with us. If you do not provide us with these data, generally speaking, we cannot conclude the contract or execute the order; similarly, we cannot continue to implement an existing contract and this may result in its termination. However, with regard to data not relevant or not legally required for the fulfilment of the contract, you are not obligated to give your consent to data processing.