DATA PROTECTION INFORMATION FOR SELECTED PROCESSING ACTIVITIES
What you will find here
You may be visiting this information page
- because we have invited you to do so in order to provide you with more detailed information about a particular processing activity, because it was not possible for us to provide you with all the necessary information at the time we received your personal data, or
- because you are in search of publicly accessible information about how we process personal data not received directly from you. Examples of this are personal data from publicly accessible sources where it proves impossible to inform each person individually or where to do so would involve a disproportionate effort (Article 14 (5) (b) GDPR), or
- because you would like to find out about the processing activities that the CUR Group is jointly responsible for processing.
PERSONAL DATA WE PROCESS ABOUT YOU. WHEN ...
We use this information to communicate with our suppliers or contractual partners and to maintain our relationships with them. It also enables us to select and contact the right supplier for each new request for quotation from our business areas or to settle any invoices due.
The legal basis for processing the personal data described above is Article 6 (1) (f) GDPR. This is because we need to pursue our legitimate interest resulting from the need to communicate with our suppliers or contractual partners as well as to manage the portfolio of our suppliers or contractual partners and thereby ensure the delivery of the products and services that are required for our business. Additionally, Article 6 (1) (b) of the GDPR may be the legal basis for processing the personal data described above of persons acting directly as our suppliers or contractual partners, to the extent that the processing is necessary for the performance of our contract with that person.
We store this type of personal data for as long as it is required to maintain our ongoing relationship, or for the performance of our contract with the relevant supplier or contractual partner. We erase this personal data when it is no longer needed, e.g. when a supplier’s employee no longer works for that supplier or when the supplier or freelancer no longer qualifies as a supplier for us, unless legal archiving obligations require us to store personal data for a longer period of time (personal data in the context of contracts, for example, must be archived for 10 years in accordance with applicable tax laws; personal data in the ISO, GLP, GMP area of analytics, for example, must be retained for up to 33 years due to regulatory requirements).
For example, we search for information on the internet for various purposes, which are explained in more detail below. This information may contain personal data. We also use what is known as Active Online Listening. Active Online Listening is the process of identifying and assessing what is being said about a company, person, product, brand or business-related topic on the internet. We process personal data that we have collected from publicly accessible areas on the internet and publicly accessible media, e.g. by means of
- keyword searches across the internet (e.g. websites, social media platforms, social networking communities, blogs, established news sources, forums or photo and video websites);
- searching, filtering and analysing conversation streams; and
- retrieving visual analytic representations of conversation trends over a predetermined period of time;
- tracking publicly available opinions, statements or other interactions on the internet of certain individuals or entities that are important to us and our business (known as opinion leaders).
- recording and processing in our customer relationship management system
TRANSFER OF PERSONAL DATA FOR PROCESSING ON OUR BEHALF
We may sometimes use specialised service providers to process your personal data. These service providers are carefully selected by us and are subject to regular monitoring by us. They only process personal data on our behalf and according to our instructions on the basis of corresponding contracts for order processing.
PROCESSING OF PERSONAL DATA OUTSIDE THE EU OR THE EEA
Some personal data may also be processed in countries outside the European Union (“EU”) or European Economic Area (“EEA”). These countries may have fewer data protection requirements than European countries. In such cases, we will ensure that your personal data is adequately protected, e.g. by entering into specific agreements with our contractual partners (copy available on request), or we will ask for your express consent.
Information about your rights
The following rights are available to you under applicable data protection laws:
- the right to access information about the data we have stored on you;
- the right to rectify, erase or restrict the processing of your personal data;
- the right to object to any processing that serves our legitimate interest, a public interest or profiling, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims;
- the right to data portability;
- and the right to lodge a complaint with a supervisory authority.
- You may revoke your consent to the collection, processing and use of your personal data at any time with future effect.
Specification with regard to processing under joint responsibility:
Should you wish to assert your rights under Articles 15 to 22 of the GDPR with regard to the joint processing of your personal data, the Group Data Protection Officer of the CUR Group acts as the main contact person. Notwithstanding the foregoing, you may exercise your rights directly against each and every party. In this case, the respective party will forward your request to the Group Data Protection Officer of the CUR Group for further processing.
If you would like to exercise your rights as a supplier, customer or business partner in relation to the customer relationship management system (CRM), please use the following link:
If you have any questions in connection with data protection or wish to exercise your rights, please contact our data protection officer:
Head of Data Privacy
Datenschutzbeauftragter der CURRENTA-Gruppe
Last updated: 26 January 2023