+49 2154 81254-10

Privacy Policy for Suppliers

Here you can see or download our private policy as PDF-file:

DOWNLOAD ...

PDF-files may be displayed with the Adobe Acrobat Reader. If you have not installed Adobe Acrobat Reader, please use the following link to download the software:
(Download Adobe Acrobat Reader)


Privacy Policy for Suppliers

What is the purpose of this privacy policy for suppliers?
This Supplier Privacy Policy gives you information about the processing of your personal information in connection with your business relationship with MS POS GmbH and its affiliates. This statement also includes a summary of your rights in relation to your personal information.
Some terms used in this Privacy Policy are explained in the glossary.

Names and contact details of the Data Protection Officer and his/her representative
MS POS GmbH and its affiliates (hereafter "MS POS") are responsible for the processing of all personal data.
Legally represented by the managing director: Konstantin Gergianakis
Contact details: Giesserallee 1, 47877 Willich, E‐Mail: kontakt (AT )mspos.net
Data Protection Officer: Niels Wosnitza
Contact details: Giesserallee 1, 47877 Willich, E‐Mail: datenschutz (AT )mspos.net

1. Data Within the Scope of the Supplier Portal / ERP System

What personal data does MS POS process within the scope of the supplier portal / ERP system?

Within the scope of the supplier portal / ERP system, MS POS processes the following personal data:

  • Employer
  • Surname
  • First name
  • Gender
  • Date of birth
  • Adress
  • E-mail address
  • Phone number
  • Occupation
  • Bank details
  • Credit rating information, including scoring
  • Sanction lists
What is the origin of the data within the supplier portal / ERP system?

Data within the scope of the supplier portal / ERP system is collected from:

  • Suppliers: Suppliers provide information within the scope of establishing a business relationship and update it
    within the duration of the relationship
  • Employees of Suppliers: Employees of Suppliers provide information within the scope of establishing a business
    relationship and update it within the duration of the relationship
  • Public Sources: Information is obtained from publicly available sources (for example, commercial registers,
    population registers, media, internet, directories)
  • Economic information institutions
Does the data - within the scope of the supplier portal / ERP system - include special categories of personal data as laid out by the GDPR?

No.

For what purpose does MS POS process data within the scope of the supplier portal / ERP system?

MS POS processes data within the scope of the supplier portal / ERP system:

  • for the general preservation of supplier relationships
  • to carry out business processes
On which legal basis does MS POS process data within the scope of the supplier portal / ERP system?
As far as MS POS processes personal data based on legitimate interests, what are the legitimate interests of MS POS and third parties?

MS POS processes data within the scope of the supplier portal / ERP system on the following legal basis:

  • The processing is necessary for the possible establishment of a business relationship between the supplier and MS POS (Article 6 (1) (b) GDPR)
  • The processing is necessary in order to safeguard the legitimate interests of MS POS in maintaining business relationships with suppliers (Article 6 (1) (f) GDPR)
Who is the recipient of the data in the supplier portal / ERP system?

Data is transmitted to the following categories of recipients within the scope of the supplier portal:

  • Employees of MS POS
  • Customers of MS POS
Is the data transmitted to a third country within the scope of the supplier portal / ERP system?

Yes, as far as the supplier instructs that payments are to be directed to a third country.

How long will the data be stored within the scope of the supplier portal / ERP system?

MS POS stores data within the scope of the supplier portal for the longest of the following periods:

  • The duration of a continuing business relationship
  • The duration of commercial and taxation record-keeping periods
  • The period during which claims from the business relationship can be asserted by or against MS POS

2. Data Within the Scope of Order Processing

What personal data does MS POS process within the scope of order processing?

Within the scope of order processing, MS POS uses the following personal data:

  • Employer
  • Surname
  • First name
  • Gender
  • Date of birth
  • Adress
  • E-mail address
  • Phone number
  • Occupation
  • Bank details
  • Credit rating information, including scoring
  • Sanction lists
What is the origin of the data within the scope of order processing?

Data within the scope of order processing is collected from:

  • Suppliers: Suppliers provide information within the scope of establishing a business relationship and update it within the duration of the relationship
  • Employees of Suppliers: Employees of Suppliers provide information within the scope of establishing a business relationship and update it within the duration of the relationship
  • Public Sources: Information is obtained from publicly available sources (for example, commercial registers, population registers, media, internet, directories)
  • Economic information institutions
Does the data - within the scope of order processing - include special categories of personal data as laid out by the GDPR?

No.

For what purpose does MS POS use data within the scope of order processing?

MS POS processes data within the scope of order processing:

  • to be able to place orders
On which legal basis does MS POS use data within the scope of order processing?
As far as MS POS processes personal data based on legitimate interests, what are the legitimate interests of MS POS and third parties?

MS POS uses data within the scope of order processing on the following legal basis:

  • The processing is necessary for the placing of orders from MS POS to suppliers (Article 6 (1) (b) GDPR)
  • The processing is necessary in order to safeguard the legitimate interests of MS POS in maintaining business relationships with suppliers (Article 6 (1) (f) GDPR)
Who is the recipient of the data within the scope of order processing?

Data is transmitted to the following categories of recipients as a part of order processing:

  • Employees of MS POS
  • Customers of MS POS
Is the data transmitted to a third country as a part of order processing?

No, unless this is explicitly required for processing the order (export).

How long will the data be stored within the scope of order processing?

MS POS stores data within the scope of order processing for the longest of the following periods:

  • The duration of a continuing business relationship
  • The duration of commercial and taxation record-keeping periods
  • The period during which claims from the business relationship can be asserted by or against MS POS

3. Data Within the Scope of Payment Transactions

What personal data does MS POS process as a part of payment transactions?

Within the scope of payment transactions, MS POS processes the following personal data:

  • Employer
  • Surname
  • First name
  • Gender
  • Date of birth
  • Adress
  • E-mail address
  • Phone number
  • Occupation
  • Bank details
  • Credit rating information, including scoring
  • Sanction lists
What is the origin of the data within the scope of payment transactions?

Data within the scope of payment transactions is collected from:

  • Suppliers: Suppliers provide information within the scope of establishing a business relationship and update it within the duration of the relationship
  • Employees of Suppliers: Employees of Suppliers provide information within the scope of establishing a business relationship and update it within the duration of the relationship
  • Public Sources: Information is obtained from publicly available sources (for example, commercial registers, population registers, media, internet, directories)
  • Economic information institutions
Does the data - within the scope of payment transactions - include special categories of personal data as laid out by the GDPR?

No.

For what purpose does MS POS process data within the scope of payment transactions?

MS POS processes data within the scope of payment transactions:

  • in order to fulfil demands for payment
On which legal basis does MS POS process data within the scope of Invoicing and Accounts Receivable?
As far as MS POS processes personal data based on legitimate interests, what are the legitimate interests of MS POS and third parties?

MS POS processes data within the scope of Invoicing and Accounts Receivable on the following legal basis:

  • The processing is necessary for maintaining a business relationship between the supplier and MS POS (Article 6 (1) (b) GDPR)
  • The processing is necessary in order to safeguard the legitimate interests of MS POS in maintaining business relationships with suppliers (Article 6 (1) (f) GDPR)
Who is the recipient of the data within the scope of payment transactions?

Data is transmitted to the following categories of recipients within the scope of Invoicing and Accounts Receivable:

  • Employees of MS POS
  • Financial institutions
Is the data transmitted to a third country within the scope of payment transactions?

Yes, as far as the supplier instructs that payments are to be directed to a third country.

How long will the data be stored within the scope of payment transactions?

MS POS stores data within the scope of Invoicing and Accounts Receivable for the longest of the following periods:

  • The duration of a continuing business relationship
  • The duration of commercial and taxation record-keeping periods
  • The period during which claims from the business relationship can be asserted by or against MS POS

Your Rights as a Data Subject

As a data subject, you have the following rights with respect to your personal information.

The Right of Access

You have the right to ask MS POS for confirmation of whether your personal information is processed; If this is the case, you have a right to information about such personal data and to detailed information on how the personal data is processed.

The Right to Rectification

You have the right to ask MS POS to rectify any incorrect personal data without delay. Taking into account the
purposes of processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary statement.

The Right to Deletion ("The right to be forgotten")

You have the right to ask MS POS to immediately delete your personal information if certain conditions are met.

The Right to the Restriction of Processing

You have the right to require MS POS to restrict processing if certain conditions are met.

The Right to Object

You have the right, for reasons arising from your own particular situation, at any time, to file an objection to the processing of your personal data according to Article 6 (1) (e) or (f) of the GDPR.

Right to Portable Data

You have, under certain circumstances, the right to receive personal information that you have provided to MS POS, in a structured, mainstream and machine-readable format, and you have the right to pass on that information to another person without any hindrance from MS POS.

Right to Revoke Consent

If the processing is based on your consent, you have the right to revoke your consent at any time.

Right to Appeal

You have the right to complain to a supervisory authority - this is the respective data protection officer in your state.

Glossary

Data Protection Officer

The natural or legal person, public authority, institution or other body that, alone or together with others, decides on the purposes and means of processing personal data.

Data Transfer Agreement

Agreement containing standard data protection clauses adopted by the European Commission within the scope of Art. 46 (2) (c) GDPR.

Data Subject

Identified or identifiable natural person to whom the personal data refers.

GDPR

General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament).

BDSG

German Federal Data Protection Act (Bundesdatenschutzgesetz) of 30.06.2017 (BGBl. I p. 2097).

Legal Basis

Processing is only legal if at least one of the conditions according to the GDPR and / or BDSG is satisfied. The
conditions in question within an employment contract are summarized:

  • the data subject has given their consent to the processing of personal data concerning them
  • processing is for the fulfilment of a contract to which the data subject is a party
  • the processing is necessary to fulfil a legal obligation
  • the processing is necessary to protect the vital interests of the data subject or any other natural person
  • processing is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data prevail (legitimate interest).
Personal Data

Any information relating to an identified or identifiable natural person; a natural person is considered as being
identifiable, directly or indirectly, in particular by means of an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics expressing the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.

Processing

Any process or series of operations related to personal information, performed with or without the aid of automated procedures, such as collection, organization, storage, adaptation or modification, reading, retrieval, use, disclosure by submitting, distributing or otherwise providing, comparing, linking, limiting, erasing or destroying.

Special Categories of Personal Data

Personal data showing racial and ethnic origin, political opinions, religious or spiritual beliefs, membership of a trades union, or the processing of genetic data, biometric data to uniquely identify a natural person, health data or data on sexual behaviour or orientation.