Information letter TSL GmbH
about the collection of personal data pursuant to Articles 13 and 14 GDPR
Dear customers, business partners and stakeholders,
The purpose of this notice is to inform you as customer, business partner or stakeholder that we,
TSL GmbH
Köthener Straße 11
06369 Südliches Anhalt OT Weißandt-Gölzau
as the responsible body (controller), will process your personal data (hereinafter referred to as “data”) in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the new Federal Data Protection Act (BDSG amended version). You or your employees are the person concerned (also referred to as “data subject”) within the meaning of Article 4 (1) GDPR.
The controller has the following duties to provide information to the customer, business partner or stakeholders:
1. At the time of data collection, the controller must notify the data subject of the following pursuant to Article 13 (1) and Article 14 (1) GDPR, unless the data subject has already been provided with this information:
a) Name and contact details of the controller and, if applicable, of their representative
The controller and thus the management are responsible for compliance with data protection regulations. The controller within our company is:
Thomas Schlüter
Gregor Gorys
b) contact details of the (external) Data Protection Officer
Our external Data Protection Officer is:
POLIFILM Data Protection GmbH
Mr Michael Koll
Bonner Str. 484
50968 Köln
Phone: +49 221 8014460
E-Mail: dsb@polifilm.com
Our internal data protection coordinator is
Melanie Cuno
TSL GmbH
Köthener Straße 11
06369 Südliches Anhalt OT Weißandt-Gölzau
melanie.cuno@tsl-spedition.de
c) Purpose and legal basis of the data processing
Data processing (in particular collection, use, storage, transfer) is carried out for the purpose of fulfilling a contract (contract execution, payment processing, customer and invoice management, reporting), for the purpose of carrying out pre-contractual measures (in particular at the request of a data subject, in other words offers), for the purpose of compliance with a legal obligation or for the purpose of a legitimate interest (customer acquisition).
Legal bases for the processing of customer, business partner and stakeholder data are in particular Article 6 (1) paragraph b GDPR (data processing for the performance of a contract), Article 6 (1) paragraph f GDPR (data processing for the purpose of a legitimate interest), Art. 6 para. 1 lit. c DS-GVO (compliance with a legal obligation).
A further legal basis may be the consent of the customer, the business partner or the stakeholder within the meaning of Article 6 (1) paragraph a GDPR.
d) Legitimate interests of the controller or a third party
If processing is carried out on the basis of Article 6 (1) paragraph f GDPR for the purpose of the legitimate interests of the controller or a third party, this is to be communicated to the customer, the business partner or the stakeholder. A legitimate interest may, for example, be a legal, economic or non-material interest, the legitimacy of which must be decided on a case-by-case basis when making a comparative examination of the interests of the employee.
In the present case, processing is also carried out on the basis of an economic interest, which is to establish or maintain a business relationship.
e) Recipients or categories of recipients
Pursuant to Article 4 (9) GDPR, recipients of your data may be natural or legal persons, public authorities or agencies.
This means that your data can be forwarded to the responsible internal bodies and external departments of our company.
In addition, your data can be forwarded to external service providers (e.g. IT service providers, consulting, disposal and data destruction or billing service providers). The service providers (processors) mandated by us were carefully selected and assessed by us. In addition, we conclude a data processing agreement with each processor in accordance with Article 28 GDPR.
f) Data transfer to third countries or to international organisations
Your data will be processed exclusively within the EU and stored on protected servers in Germany in compliance with GDPR requirements. There is currently no data transfer to third countries or international organisations.
If, during processing, your data are transferred to countries outside the EU or EEA or to service providers based in countries outside the EU or EEA (so-called third countries), we will assess whether an adequacy decision by the European Commission is present or we will conclude the necessary data protection agreements, in particular the data processing agreement and the EU standard agreement.
g) Categories of personal data
In the context of cooperation, we process the following data:
- Identification data (name, first name, photo, gender, date of birth, personnel number);
- Contact details (e.g. address, (private) telephone numbers and e-mail address)
- Job-related data (e.g. title/position, degree, status, supervisor, workstation/place(s) of work
- Professional qualifications (e.g. certificates, driver’s licence)
- ID documents (e.g. identity card, passport, social security number)
- Payment/financial information (e.g. account information, tax information)
- Information regarding your use of our systems, devices and property (e.g. your computer and/or mobile phone or other device ID, mobile and landline telephone numbers, user IDs, IP addresses, log files)
- Other voluntary data
2. At the time of data collection, the controller must also notify the data subject of the following pursuant to Article 13 (2) and Article 14 (2) GDPR, unless the data subject has already been provided with this information:
a) Sources of personal data
Generally, you are the source of the data provision. In this case, it is important that these data are accurate and that you help us keep it up to date.
Other sources are:
- Contact by you
- Financial situation (via credit reporting agencies)
- Business partners/suppliers
- Marketing activities (e.g. advertising)
- Specific publicly available information from public sources (including the internet)
b) Storage duration
We store your data only until the pre-contractual or contractual purpose is fulfilled and no other statutory retention requirements exist (e.g. commercial or fiscal retention requirements).
If you have given us your consent, we will store your data until you withdraw your consent, unless there is an alternative legal basis for the processing of your data.
c) Your rights as data subject
You can request information about your data processed by us at any time pursuant to Article 15 GDPR. More particularly, you may request information about the purposes of the processing, the categories of data processed, categories of possible recipients and the planned storage duration.
In addition, you are entitled to obtain rectification in case of inaccurate data pursuant to Article 16 GDPR.
In addition, pursuant to Article 17 GDPR, you can request the erasure of the data if the storage of the data is no longer necessary; you have withdrawn your consent to data processing and there is no other legal ground for the processing; you object to the processing and there are no overriding legitimate grounds for further processing your data; your data have been unlawfully processed or if there is a legal obligation to erase the data under EU or national law.
Furthermore, if you contest the accuracy of the data for a period enabling the controller to verify the accuracy of the data, you have a right to restriction of processing pursuant to Article 18 GDPR; the processing is unlawful, but you oppose the erasure of the data; the purpose of the processing has been fulfilled, but the data is necessary to assert your legal claims or if you have objected pursuant to Article 21 GDPR and it has yet to be established whether the legitimate reasons of the controller override your interests.
If you wish to withdraw your consent or assert the aforementioned data subject rights, then please write to us:
TSL GmbH
Köthener Straße 11
06369 Südliches Anhalt OT Weißandt-Gölzau
or send an e-mail
info@polifilm.de
d) The right to lodge a complaint with a supervisory authority
You can lodge a complaint with a supervisory authority at any time (Article 77 GDPR).
This is a list of the supervisory authorities in Germany (for the non-public sector)
e) Provision of data
If the provision of the data is required by law or contract or to conclude a contract, this must be communicated to the customer, the business partner or the stakeholder.
Data (e.g. name, address, e-mail address) are required in particular for establishing a contractual relationship, additional data are required for invoicing or handling payments (e.g. invoice recipient, account information, billing address).
If you do not provide us with your data, it is not possible for us to establish or maintain a business relationship and the proper performance of contractual or legal obligations cannot be guaranteed.
f) Automated decision-making including profiling
There is no automated decision-making including profiling (pursuant to Article 22 GDPR).
3. Information about an envisaged change in purpose of the data processing
We will process your data only for the above purposes.
In the event of a change in the purpose of data processing, we will inform you in due time before further processing about this other purpose.