Information according to Art. 13 EU General Data Protection Regulation (GDPR) about the processing of your personal data in the context of the business relationship between you - or between your company - and Neenah Gessner GmbH.

Responsible body:

Neenah Gessner GmbH
Otto-von-Steinbeis-Str. 14b
83052 Bruckmuehl

Telephone: (08062) 703-0
Fax: (08062) 703-255

Email: gessner@neenah.de

Data protection officer:

Dr. Karsten Kinast
mail (at) kinast.eu + 49 221 222 183 0

KINAST Rechtsanwaltsgesellschaft mbH
Hohenzollernring 54
50672 Cologne

www.kinast.eu

Processing purposes and legal basis:

We process personal data that we receive directly from you in connection with our business relationship, for example in the context of a request for a quotation and the specific placing of an order and the provision of our services. Regularly it is e.g. for contact and address data, records of business transactions and the respective correspondence with you. Depending on the business object, it can also be e.g. are user IDs for protected customer platforms.

The data processing is carried out for the purpose of carrying out and processing all processes that affect the person responsible, customers, interested parties, business partners or other contractual or pre-contractual relationships between the groups mentioned (in the broadest sense) or legal obligations of the person responsible.

The processing of your personal data is based on Art. 6 Para. 1 lit b) EU GDPR, provided that you as a contracting party have a contractual relationship with us or the initiation thereof.

Insofar as it is a business relationship or a initiation of the same between the company for which you work and Neenah Gessner GmbH, the processing of your personal data is based on Art. 6 para. 1 lit f) EU GDPR for preservation our legitimate interests and the interests of your company, each of which is based on the proper execution of the mutual business relationship.

Categories of recipients:

As part of the business relationship, your data will be passed on internally and, if necessary, to our responsible specialist department and to our IT department for technical processing only.

Also service providers we use, e.g. for the provision of IT services, can be processed as part of an order processing. Art. 28 EU GDPR to be the recipient of personal data.

The transfer of personal data to companies in the group and service providers outside the European Economic Area (EEA) only takes place if the third country has confirmed an appropriate level of data protection or other appropriate data protection guarantees (e.g. binding company-internal data protection regulations or EU standard contractual clauses) available. For professional coordination in sales, personal data are transmitted within the group outside the EU.

Duration of storage:

Unless otherwise stated in the remaining provisions of this information, we only store your personal data obtained from us in connection with our business relationship as long as this is necessary for the fulfillment of our contractual and legal obligations. Then we will delete this data.

In addition, we only save your data to the extent and insofar as we do so due to mandatory legal, e.g. retention obligations under commercial or tax law. Insofar as we no longer need your data for the purposes described above, they are only stored temporarily during the respective statutory retention period and are not processed for other purposes.

Rights of persons affected:

If the legal requirements are met, you have the following rights under Articles 15 to 22 EU GDPR: Right to information, correction, deletion and restriction of processing and a right to data portability.

In addition, according to Article 14 paragraph 2 lit. c) in connection with Article 21 EU GDPR, you have a right to object to processing based on Article 6 (1) lit. f) EU GDPR is based.

Right to lodge a complaint with the supervisory authority:

According to Article 77 EU GDPR, you have the right to complain to the supervisory authority if you believe that the processing of your personal data is not lawful.

The address of the supervisory authority responsible for our company is:

Bavarian State Office for Data Protection Supervision, PO Box 606, 91511 Ansbach

Obligation to provide personal data:

If you yourself are in a direct business relationship, you must provide the personal data that is necessary for the establishment and execution of a business relationship and the fulfillment of the associated contractual obligations