+49 2154 81254-10

Privacy Policy for Customers

Here you can see or download our private policy as PDF-file:

DOWNLOAD ...

PDF-files may be displayed with the Adobe Acrobat Reader. If you have not installed Adobe Acrobat Reader, please use the following link to download the software:
(Download Adobe Acrobat Reader)


Privacy Policy for Customers

What is the purpose of this privacy policy for customers?
This Customer Privacy Policy gives you information about the processing of your personal information in connection with your business relationship with MS POS GmbH and its affiliates. This statement also includes a summary of your rights in relation to your personal information.
Some terms used in this Privacy Policy are explained in the glossary.

Names and contact details of the Data Protection Officer and his/her representative
MS POS GmbH and its affiliates (hereafter "MS POS") are responsible for the processing of all personal data.
Legally represented by the managing director: Konstantin Gergianakis
Contact details: Giesserallee 1, 47877 Willich, E‐Mail: kontakt (AT )mspos.net
Data Protection Officer: Niels Wosnitza
Contact details: Giesserallee 1, 47877 Willich, E‐Mail: datenschutz (AT )mspos.net

1. Data within the Scope of Customer Administration in CRM and ERP Systems

What personal data does MS POS process within the scope of customer administration in CRM and ERP systems?

Within the scope of customer administration in CRM and ERP systems, MS POS processes the following personal data:

  • Employer
  • Surname
  • First name
  • Gender
  • Date of birth
  • Adress
  • E-mail address
  • Phone number
  • Occupation
  • Bank details
  • Credit rating information, including scoring
What is the origin of the data within the scope of customer administration in CRM and ERP systems?

Data within the scope of customer administration in CRM and ERP systems is collected from:

  • Customers: Customers provide information as part of establishing a business relationship and update it within
    the duration of the relationship
  • Employees of Customers: Employees of customers provide information as part of establishing a business
    relationship and update it within the duration of the relationship
  • Public Sources: Information is obtained from publicly available sources (for example, commercial registers,
    population registers, media, internet, directories)
  • Economic information institutions
Does the data - within the scope of customer administration in CRM and ERP systems - include special categories of personal data as laid out by the GDPR?

No.

For what purpose does MS POS process data within the scope of customer administration in CRM and ERP systems?

MS POS processes data within the scope of customer administration in CRM and ERP systems:

  • for the general preservation of customer relationships
  • to carry out business processes
  • to fulfil legal obligations
On which legal basis does MS POS process data within the scope of customer administration in CRM and ERP systems?
As far as MS POS processes personal data based on legitimate interests, what are the legitimate interests of MS POS and third parties?

MS POS processes data within the scope of customer administration in CRM and ERP systems on the following legal basis:

  • the processing is necessary for the possible establishment of a business relationship between the customer and MS POS (Article 6 (1) (b) GDPR)
  • the processing is necessary in order to safeguard the legitimate interests of MS POS in maintaining business relationships with customers (Article 6 (1) (f) GDPR)
  • to fulfil the legal obligations that MS POS is subject to (Article 6 (1) (c) GDPR)
Who is the recipient of the data within the scope of customer administration in CRM and ERP systems?

Data is transmitted to the following categories of recipients within the scope of customer administration in CRM and ERP systems:

  • Employees of MS POS
  • Subcontractors, engaged within the framework of the order
Is the data transmitted to a third country within the scope of customer administration in CRM and ERP systems?

No, unless this is explicitly required for customer administration processing (export).

How long will the data be stored within the scope of customer administration in CRM and ERP systems?

MS POS stores data within the scope of customer administration in CRM and ERP systems for the longest of the following periods:

  • The duration of a continuing business relationship
  • The duration of commercial and taxation record-keeping periods
  • The period during which claims from the business relationship can be asserted by or against MS POS

2. Data Within the Scope of Marketing and Sales

What personal data does MS POS use within the scope of marketing and sales?

Within the scope of marketing and sales, MS POS uses the following personal data:

  • Employer
  • Surname
  • First name
  • Gender
  • Date of birth
  • Adress
  • E-mail address
  • Phone number
  • Occupation
  • Interests
  • Inquiry and order data
  • Sanction lists
What is the origin of the data within the scope of marketing and sales?

Data within the scope of marketing and sales is collected from:

  • Customers: Customers provide information as part of establishing a business relationship and update it within the duration of the relationship
  • Employees of Customers: Employees of customers provide information as part of establishing a business relationship and update it within the duration of the relationship
  • Public Sources: Information is obtained from publicly available sources (for example, commercial registers, population registers, media, internet, directories)
Does the data - within the scope of marketing and sales - include special categories of personal data as laid out by the GDPR?

No.

For what purpose does MS POS use data within the scope of marketing and sales?

MS POS processes data within the scope of marketing and sales:

  • to maintain customer relations
  • to carry our business processes
  • to fulfil legal obligations
On which legal basis does MS POS process data within the scope of marketing and sales?
As far as MS POS processes personal data based on legitimate interests, what are the legitimate interests of MS POS and third parties?

MS POS processes data within the scope of marketing on the following legal basis:

  • the processing is necessary for the possible establishment of a business relationship between the customer and MS POS (Article 6 (1) (b) GDPR)
  • the processing is necessary in order to safeguard the legitimate interests of MS POS in maintaining business relationships with customers (Article 6 (1) (f) GDPR)
  • to fulfil the legal obligations that MS POS is subject to (Article 6 (1) (c) GDPR)
Who is the recipient of the data within the scope of marketing and sales?

Data is transmitted to the following categories of recipients within the scope of marketing and sales:

  • Employees of MS POS
  • Subcontractors, engaged within the framework of the order
Is the data transmitted to a third country within the scope of marketing and sales?

No.

How long will the data be stored within the scope of marketing and sales?

MS POS stores data within the scope of marketing and sales for the longest of the following periods:

  • The duration of a continuing business relationship
  • The duration of commercial and taxation record-keeping periods
  • The period during which claims from the business relationship can be asserted by or against MS POS

3. Data Within the Scope of Order Processing

What personal data does MS POS process within the scope of order processing?

Within the scope of order processing, MS POS uses the following personal data:

  • Employer
  • Surname
  • First name
  • Gender
  • Date of birth
  • Adress
  • E-mail address
  • Phone number
  • Occupation
  • Bank details
  • Credit rating information, including scoring
What is the origin of the data within the scope of order processing?

Data within the scope of order processing is collected from:

  • Customers: Customers provide information as part of establishing a business relationship and update it within the duration of the relationship
  • Employees of Customers: Employees of customers provide information as part of establishing a business relationship and update it within the duration of the relationship
  • Public Sources: Information is obtained from publicly available sources (for example, commercial registers, population registers, media)
  • Economic information institutions
  • Sanction lists
Does the data - within the scope of order processing - include special categories of personal data as laid out by the GDPR?

No.

For what purpose does MS POS use data within the scope of order processing?

MS POS processes data within the scope of order processing:

  • to maintain customer relations
  • to carry our business processes
  • to fulfil legal obligations
On which legal basis does MS POS process data within the scope of order processing?
As far as MS POS processes personal data based on legitimate interests, what are the legitimate interests of MS POS and third parties?

MS POS processes data within the scope of order processing in CRM and ERP systems on the following legal basis:

  • the processing is necessary for maintaining a business relationship between the customer and MS POS (Article 6 (1) (b) GDPR)
  • the processing is necessary in order to safeguard the legitimate interests of MS POS in maintaining business relationships with customers (Article 6 (1) (f) GDPR)
  • to fulfil the legal obligations that MS POS is subject to (Article 6 (1) (c) GDPR)
Who is the recipient of the data within the scope of order processing?

Data is transmitted to the following categories of recipients within the scope of order processing:

  • Employees of MS POS
  • Subcontractors, engaged within the framework of the order
Is the data transmitted to a third country within the scope of order processing?

Yes, if the order requires that deliveries are made or services provided in third countries.

How long will the data be stored within the scope of order processing?

MS POS stores data within the scope of order processing for the longest of the following periods:

  • The duration of a continuing business relationship
  • The duration of commercial and taxation record-keeping periods
  • The period during which claims from the business relationship can be asserted by or against MS POS

4. Data Within the Scope of Invoicing and Accounts Receivable

What personal data does MS POS process within the scope of invoicing and accounts receivable?

Within the scope of invoicing and accounts receivable, MS POS processes the following personal data:

  • Employer
  • Surname
  • First name
  • Gender
  • Date of birth
  • Adress
  • E-mail address
  • Phone number
  • Occupation
  • Bank details
  • Credit rating information, including scoring
What is the origin of the data within the scope of invoicing and accounts receivable?

Data within the scope of invoicing and accounts receivable is collected from:

  • Customers: Customers provide information as part of establishing a business relationship and update it within the duration of the relationship
  • Employees of Customers: Employees of customers provide information as part of establishing a business relationship and update it within the duration of the relationship
  • Public Sources: Information is obtained from publicly available sources (for example, commercial registers, population registers, media, internet, directories)
  • Economic information institutions
Does the data - within the scope of invoicing and accounts receivable - include special categories of personal data as laid out by the GDPR?

No.

For what purpose does MS POS use data within the scope of invoicing and accounts receivable?

MS POS processes data within the scope of invoicing and accounts receivable:

  • to maintain customer relations
  • to carry our business processes
On which legal basis does MS POS process data within the scope of invoicing and accounts receivable?
As far as MS POS processes personal data based on legitimate interests, what are the legitimate interests of MS POS and third parties?

MS POS processes data within the scope of order processing in CRM and ERP systems on the following legal basis:

  • the processing is necessary for payment handling within a business relationship between the customer and MS POS (Article 6 (1) (b) GDPR, § 26 (1) BDSG)
  • the processing is necessary in order to safeguard the legitimate interests of MS POS in enforcing claims (Article 6 (1) (f) GDPR)
Who is the recipient of the data within the scope of invoicing and accounts receivable?

Data is transmitted to the following categories of recipients within the scope of invoicing and accounts receivable:

  • Employees of MS POS
  • Financial institutions
  • Debt collection service providers
  • Debt collection service providers
Is the data transmitted to a third country within the scope of invoicing and accounts receivable?

No, unless this is explicitly required for the processing of claims (export / international payment transactions).

How long will the data be stored within the scope of invoicing and accounts receivable?

MS POS stores data within the scope of invoicing and accounts receivable for the longest of the following periods:

  • The duration of a continuing business relationship
  • The duration of commercial and taxation record-keeping periods
  • The period during which claims from the business relationship can be asserted by or against MS POS

Your Rights as a Data Subject

As a data subject, you have the following rights with respect to your personal information.

The Right of Access

You have the right to ask MS POS for confirmation of whether your personal information is processed; If this is the case, you have a right to information about such personal data and to detailed information on how the personal data is processed.

The Right to Rectification

You have the right to ask MS POS to rectify any incorrect personal data without delay. Taking into account the
purposes of processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary statement.

The Right to Deletion ("The right to be forgotten")

You have the right to ask MS POS to immediately delete your personal information if certain conditions are met.

The Right to the Restriction of Processing

You have the right to require MS POS to restrict processing if certain conditions are met.

The Right to Object

You have the right, for reasons arising from your own particular situation, at any time, to file an objection to the processing of your personal data according to Article 6 (1) (e) or (f) of the GDPR.

Right to Portable Data

You have, under certain circumstances, the right to receive personal information that you have provided to MS POS, in a structured, mainstream and machine-readable format, and you have the right to pass on that information to another person without any hindrance from MS POS.

Right to Revoke Consent

If the processing is based on your consent, you have the right to revoke your consent at any time.

Right to Appeal

You have the right to complain to a supervisory authority - this is the respective data protection officer in your state.

Glossary

Data Protection Officer

The natural or legal person, public authority, institution or other body that, alone or together with others, decides on the purposes and means of processing personal data.

Data Transfer Agreement

Agreement containing standard data protection clauses adopted by the European Commission within the scope of Art. 46 (2) (c) GDPR.

Data Subject

Identified or identifiable natural person to whom the personal data refers.

GDPR

General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament).

BDSG

German Federal Data Protection Act (Bundesdatenschutzgesetz) of 30.06.2017 (BGBl. I p. 2097).

Legal Basis

Processing is only legal if at least one of the conditions according to the GDPR and / or BDSG is satisfied. The
conditions in question within an employment contract are summarized:

  • the data subject has given their consent to the processing of personal data concerning them
  • processing is for the fulfilment of a contract to which the data subject is a party
  • the processing is necessary to fulfil a legal obligation
  • the processing is necessary to protect the vital interests of the data subject or any other natural person
  • processing is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data prevail (legitimate interest).
Personal Data

Any information relating to an identified or identifiable natural person; a natural person is considered as being
identifiable, directly or indirectly, in particular by means of an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics expressing the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.

Processing

Any process or series of operations related to personal information, performed with or without the aid of automated procedures, such as collection, organization, storage, adaptation or modification, reading, retrieval, use, disclosure by submitting, distributing or otherwise providing, comparing, linking, limiting, erasing or destroying.

Special Categories of Personal Data

Personal data showing racial and ethnic origin, political opinions, religious or spiritual beliefs, membership of a trades union, or the processing of genetic data, biometric data to uniquely identify a natural person, health data or data on sexual behaviour or orientation.