elevait GmbH & Co. KG
Hauptstraße 60
78098 Triberg im Schwarzwald
info@elevait.de
Phone: +49 (0) 7722/91 79 057

Contact details of the data protection officer
You can contact our data protection officer at: TÜV SÜD Akademie GmbH
‍
Westendstraße 160
80339 Munich
Frank.Hillmer@partner.tuvsud.com
Phone: +49 341 308246780

We primarily process personal data that the data subjects themselves provide to us as part of contractual and business relationships or that we receive from the respective contractual and business partners (e.g. from your colleagues with whom we are already in contact), for example as part of processing an enquiry or an order. We also process personal data that we collect from publicly available sources (such as commercial registers, press, Internet) or receive from third parties (e.g. business partners). We will separately point out the collection of personal data from third-party sources. Relevant personal data includes in particular personal data (such as surname, first name, address, bank details, billing address, tax number/VAT ID.) and other contact details (such as telephone number, email address). In addition, this may also include contract or order data (e.g. sales data, volumes, planned quantities), data from the fulfilment of our contractual obligations, data about you (e.g. business interests, profession, industry, position, tasks and powers) and other data comparable to the above categories. The scope of data processed about a person varies depending on the function in which the person acts with us, such as what position they hold with the respective business partner.

We process personal data for the following purposes on the basis of the following legal bases.

3.1. In individual cases, we process data because you have expressly consented to this (Art. 6 para. 1 lit. a GDPR), for example to receive One Pager by electronic mail and/or telephone;

3.2. Data processing is carried out to execute contracts concluded with you or your employment company or to carry out pre-contractual measures (Art. 6 para. 1 lit. b GDPR); this includes, for example, authentication of contract partners, preparation and signing of contract documents, billing and processing of purchase price payments; service and work contracts and other contract relationships

3.3. Further data processing is carried out on the basis of legal requirements (Art. 6 para. 1 lit. c GDPR): for example to fulfill tax and other legal control and reporting obligations, as well as to be audited by tax or other authorities and to comply with legal retention periods;

3.4. In addition, we process your data to protect our legitimate interests (Art. 6 para. 1 lit. f GDPR); in particular for the following purposes: optimal contact care/relationship, including with regard to the employees of our business partners; optimization of our business processes, such as by maintaining a database of interested parties, including as part of “customer relationship management”; asserting and defending legal claims.

Under certain circumstances (in addition to the cases already mentioned above), your personal data may be shared for the purposes set out above; in detail:

4.1. If it is necessary to investigate or prosecute illegal or abusive incidents, personal data will be forwarded to our legal advisors, law enforcement authorities and, where appropriate, to injured third parties. However, this only happens if there is concrete evidence of illegal or abusive conduct. A transfer may also take place if this serves to enforce contractual provisions between us and our contractual and business partners.

4.2. We are also required by law to provide information to certain public authorities upon request. These include in particular law enforcement agencies, authorities that prosecute administrative offenses proven by fines, and the tax authorities.

4.3. If it is necessary to process your request or to conclude or execute a contractual or business relationship with you, as well as in the case of centralized or outsourced corporate functions, your data may be passed on to companies affiliated with us to fulfill the above purposes. In order to fulfill the purposes described in this data protection information or to provide our services, we may rely on contracted third-party companies based outside the EU or the EEA or other cooperation partners and external service providers, such as partners, IT service providers. In such cases, information is shared with these companies or individuals to enable them to continue processing. Insofar as these involve jobs outside the EU or the EEA, we ensure an appropriate level of data protection, for example by concluding appropriate contracts with the data recipient.

4.4. As part of the development of our business, the structure of our company may change by changing the legal form, establishing, buying or selling subsidiaries, parts of companies or components. In such transactions, customer information is shared together with the part of the company to be transferred. Whenever personal data is passed on to third parties to the extent described above, we ensure that this is done in accordance with this data protection notice and the relevant data protection laws.

We process your personal data for the duration of the business relationship, but no longer than until the respective business relationship between us and your employment company is finally terminated. We delete transaction-related information (e.g. relating to a specific contractual or order relationship) after completion of the respective process, e.g. fulfilment of a delivery contract, with a period of three years after the end of the respective calendar year, unless this is subject to longer legal storage obligations (such as six or ten-year storage in accordance with Section 257 of the Commercial Code); in such a case, the data concerned will be blocked from any further processing.

If personal data is collected from you by us, you generally have the following rights as a data subject:

6.1. Right to information
a. You can request information about your personal data that we process in accordance with Article 15 of the GDPR.

6.2. Right to rectification
b. If the information relating to you is no longer correct, you can request a correction in accordance with Article 16 of the GDPR. If your data is incomplete, you can request that it be completed.

6.3. Right to delete
c. You can request the deletion of your personal data under the conditions of Article 17 of the GDPR.

6.4. Right to restrict processing
d. In cases under Article 18 GDPR, you have the right to request that the processing of your personal data be restricted (“blocking”).

6.5. Right to lodge a complaint
e.  If you believe that the processing of your personal data violates data protection law, you have the right to complain to a data protection supervisory authority of your choice in accordance with Article 77 (1) of the GDPR.

6.6. Right to object
f. You have the right to object for the specific reasons of Article 21 (1) GDPR. We will inform you about this under section 7.

6.7. Right to data portability
g. If you have provided us with personal data in accordance with Article 20 (1) GDPR, you have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to yourself or to third parties in a structured, common and machine-readable format.

Art. 21 GDPR obliges us to draw particular attention to a particular right of the data subject. The particular emphasis concerns the following passages, which are italicized.

‍a. Individual right of objection when balancing interests
‍b) Data subjects have the right to object to the processing of their personal data for reasons arising from their particular situation. The prerequisite for this is that data processing is carried out on the basis of our balancing of interests in accordance with Article 6 (1) (f) GDPR.
‍c) The 1.1 cases have been described in general terms in this data protection information.
‍d) In the event of an objection, we will no longer process the personal data unless we can demonstrate compelling legitimate reasons for processing this data that outweigh the interests, rights and freedoms of the data subject. This is also the case if the personal data is used to assert, exercise or defend legal claims.

If the processing of personal data by us is based on the consent of the data subject, the data subject has the right to withdraw their consent at any time by making a statement to us. Withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of consent up to the withdrawal. We will inform the data subject before giving consent.

The provision of data is not required by law, but is necessary to fulfill pre-contractual or contractual obligations or to process your request.

This data protection information does not require the consent of the person concerned and is subject to regular review with regard to the need for changes. In the event of replacement by a new version, the previous version will be archived by us. The development of our company may also have an impact on the handling of personal data. We therefore reserve the right to amend this data protection information in the future within the framework of applicable data protection laws and, if necessary, to adapt it to changing data processing realities. We will inform you separately of any significant changes to the content.

Rev. 1.0/14.02.2022