data protection agreement
Data protection information for business partners, customers & interested parties
Information on data protection regarding our processing of business partner, customer and prospective customer data in accordance with Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR)
MITOcare GmbH & Co.KG
Dear business partner, dear customer, dear prospective customer,
In accordance with the requirements of Articles 13, 14 and 21 of the European General Data Protection Regulation (GDPR), we hereby inform you about the processing of personal data collected about you and your data protection rights in this regard. Which data is processed in detail and in what manner is used depends largely on the services requested or agreed. To ensure that you are fully informed about the processing of your personal data in the context of the fulfillment of a contract or the implementation of pre-contractual measures, please take note of the information below.
1. Responsible body within the meaning of data protection law
MITOcare GmbH & Co. KG
represented by the managing director Christian Burghardt
Thalkirchner Str. 210 / Building 1
81371 Munich
Phone: +49 89 24 88 163-0
Fax: +49 89 24 88 163-99
E-Mail: info@mitocare.de
2. Contact details of our data protection officer
heyData GmbH
Schützenstraße 5
10117 Berlin,
www.heydata.eu
Email: datenschutz@heydata.eu
3. Purposes and legal basis of processing
We process your personal data in accordance with the provisions of the GDPR and the Federal Data Protection Act (BDSG), insofar as this is necessary for the establishment, implementation and fulfillment of a contract as well as for the implementation of pre-contractual measures. Insofar as the provision of personal data is necessary for the initiation or implementation of a contractual relationship or in the context of the implementation of pre-contractual measures, processing is lawful in accordance with Art. 6 Para. 1 lit. b GDPR.
If you give us your express consent to process personal data for certain purposes (e.g. transfer to third parties, evaluation for marketing purposes or advertising), the legality of this processing is based on your consent in accordance with Art. 6 (1) (a) GDPR. Consent given can be revoked at any time, with effect for the future (see section 9 of this data protection information).
If necessary and legally permissible, we will process your data beyond the actual contractual purposes to fulfill legal obligations in accordance with Art. 6 (1) (c) GDPR. In addition, processing may take place to protect legitimate interests of us or third parties in accordance with Art. 6 (1) (f) GDPR. If necessary, we will inform you separately, stating the legitimate interest, insofar as this is required by law.
4. Categories of personal data
We only process data that is related to the establishment of the contract or the pre-contractual measures. This may be general data about you or people in your company (name, address, contact details, etc.) as well as other data that you send to us as part of the establishment of the contract.
5. Sources of the data
We process personal data that we receive from you when contacting us or establishing a contractual relationship or as part of pre-contractual measures or that you provide via our website or by email.
6. Recipient of the data
We only pass on your personal data within our company to those departments and persons who need this data to fulfil contractual and legal obligations or to implement our legitimate interests.
We may transfer your personal data to companies affiliated with us, insofar as this is permitted within the scope of the purposes and legal bases set out in section 3 of this data protection information sheet.
Your personal data will be processed on our behalf on the basis of order processing agreements in accordance with Art. 28 GDPR. In these cases, we ensure that the processing of personal data is carried out in accordance with the provisions of the GDPR. The categories of recipients in this case are providers of Internet service providers and providers of customer management systems and software.
Otherwise, data will only be passed on to recipients outside the company if legal provisions permit or require this, if the transfer is necessary for the processing and thus for the fulfillment of the contract or, at your request, for the implementation of pre-contractual measures, if we have your consent or if we are authorized to provide information. Under these conditions, recipients of personal data can be, for example:
Public bodies and institutions (e.g. public prosecutor's office, police, supervisory authorities, tax office) if there is a legal or official obligation,
Recipients to whom the transfer is immediately necessary for the establishment or fulfilment of the contract, such as transport service providers, financial service providers (e.g. banks)
Recipients to whom the transfer is immediately necessary to fulfil legal obligations (e.g. accounting, tax advisors),
Other recipients to whom data is transmitted on the basis of a legitimate interest, for example to prevent misuse or to ensure IT and data security.
Other data recipients for whom you have given us your consent to transfer data.
7. Transfer to a third country
Should it become necessary to transfer personal data to countries outside the EEA (European Economic Area) or to an international organization, this will only be done in compliance with the legal requirements and using suitable transfer mechanisms. These mechanisms include in particular:
- Adequacy decision: The European Commission has determined that the third country in question provides an adequate level of data protection.
- Standard contractual clauses: The transfer is based on standard contractual clauses approved by the European Commission to ensure an adequate level of data protection.
- You have expressly consented to the transmission after being informed of the possible risks.
- The transmission is necessary to fulfill a contract or to carry out pre-contractual measures that are carried out at your request.
- The transmission is necessary for the assertion, exercise or defense of legal claims.
- The transfer is necessary due to legal regulations or official orders.
8. Duration of data storage
If necessary, we process and store your personal data for the duration of our business relationship or to fulfil contractual purposes. This includes, among other things, the initiation and execution of a contract.
In addition, we are subject to various retention and documentation obligations, which arise from the German Commercial Code (HGB) and the German Tax Code (AO), among others. The retention and documentation periods stipulated therein are two to ten years.
Finally, the storage period also depends on the statutory limitation periods, which, for example, according to Sections 195 et seq. of the German Civil Code (BGB), are usually three years, but in certain cases can be up to thirty years.
9. Your rights
Every data subject has the right to information pursuant to Art. 15 GDPR, the right to rectification pursuant to Art. 16 GDPR, the right to erasure pursuant to Art. 17 GDPR, the right to restriction of processing pursuant to Art. 18 GDPR, the right to notification pursuant to Art. 19 GDPR and the right to data portability pursuant to Art. 20 GDPR.
In addition, you have the right to lodge a complaint with a data protection supervisory authority in accordance with Art. 77 GDPR if you believe that the processing of your personal data is not lawful. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy.
If the processing of data is based on your consent, you are entitled to revoke your consent to the use of your personal data at any time in accordance with Art. 7 GDPR. Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected. Please also note that we may have to retain certain data for a certain period of time in order to fulfill legal requirements (see section 8 of this data protection information).
Right of objection
Insofar as the processing of your personal data is carried out in accordance with Art. 6 (1) (f) GDPR to protect legitimate interests, you have the right to object to the processing of this data at any time for reasons arising from your particular situation in accordance with Art. 21 GDPR. We will then no longer process this personal data unless we can demonstrate compelling legitimate grounds for the processing. These must outweigh your interests, rights and freedoms, or the processing must serve to assert, exercise or defend legal claims.
You have the right to object at any time to processing for the purposes of such advertising. This also applies to profiling insofar as it is associated with this direct marketing. If you object to processing for the purposes of direct marketing, we will no longer process your personal data for these purposes.
Please feel free to contact us to protect your rights.
10. Necessity of providing personal data
The provision of personal data for the establishment, implementation or fulfilment of a contract or for the implementation of pre-contractual measures is generally neither legally nor contractually required. You are therefore not obliged to provide personal data. Please note, however, that this is usually required for the decision on whether to conclude a contract, to fulfil a contract or for pre-contractual measures. If you do not provide us with personal data, we may not be able to make a decision within the framework of contractual measures. We recommend that you only provide personal data that is required for the conclusion, fulfilment or pre-contractual measures.
11. Automated decision-making
As a general rule, we do not use fully automated decision-making in accordance with Art. 22 GDPR to establish, fulfill or carry out the business relationship or for pre-contractual measures. Should we use these procedures in individual cases, we will inform you separately or obtain your consent if this is required by law.