Home » DATA PROTECTION INFORMATION

DATA PROTECTION INFORMATION FOR SELECTED PROCESSING ACTIVITIES

Welcome to this page with information about selected processing activities carried out by Currenta GmbH & Co. OHG, Kaiser-Wilhelm-Allee 20, 51373 Leverkusen and all its affiliated companies [namely: Currenta GmbH & Co. OHG, Chemion Logistik GmbH, Tectrion GmbH, Netcur GmbH, Ausbildungsinitiative Rheinland GmbH] (hereinafter CUR Group, “us” or “we”).

What you will find here

You may be visiting this information page

because we have invited you to do so in order to provide you with more detailed information about a particular processing activity, because it was not possible for us to provide you with all the necessary information at the time we received your personal data, or
because you are in search of publicly accessible information about how we process personal data not received directly from you. Examples of this are personal data from publicly accessible sources where it proves impossible to inform each person individually or where to do so would involve a disproportionate effort (Article 14 (5) (b) GDPR), or
because you would like to find out about the processing activities that the CUR Group is jointly responsible for processing.

Note: this site is not an exhaustive source of information for all processing activities carried out by us. Where possible, we will provide you with the information requested at the time we receive personal data from you, in privacy statements specific to each processing activity. For example, if you are looking for information about how we process your personal data on this website, please refer to our website’s Privacy Policy

PERSONAL DATA WE PROCESS ABOUT YOU. WHEN ...

... you hand us your business card or you make contact with us via a web form,

we may copy this and enter and process the personal data contained therein into one of our customer relationship management (CRM) systems.

Purpose, legal basis and retention period

We use the personal data contained therein to contact you. The legal basis for the processing of your personal data as well as the respective retention period vary, depending on the respective purpose for which you have handed us your business card or you have contacted us via a web form. However, we generally only store your personal data for as long as it is necessary to stay in contact with you.

….. you communicate with us by email,

we process your email address, the information provided in your emails (e.g. name, other contact details from your signature, the content of your emails or any attachments) and also email metadata (e.g. timestamp, IP address of the sender, email programs as well as servers filtered through during transport, etc.) and it is possible that we may copy these and enter and process the personal data contained therein into one of our customer relationship management (CRM) systems.

Purpose, legal basis and retention period

We use this personal data in order to communicate with you. The legal basis for the processing of your personal data and the respective retention period vary depending on the respective purpose for which we communicate with you. However, our general retention period for incoming emails is 6 months, unless your email has been archived, in which case the general retention period is 4 years. Please ask either the member of staff at our organisation with whom you are in contact or get in touch with the person responsible for data protection named at the end of the text if you would like to know more about the purpose, legal basis or retention period applicable to your personal data in your individual case.

... ... you are one of our suppliers or contractual partners or work for one of our suppliers or contractual partners

We process contact details (such as name, email address, telephone number, position and role in the company) of employees of our suppliers or contractors (such as key account managers, consultants, business partners or legal advisors) or of people acting directly as our suppliers or contractual partners (such as freelancers) in one of our customer relationship management (CRM) systems. With regard to the latter, we may also process payment data (such as bank details).

Purpose, legal basis and retention period

We use this information to communicate with our suppliers or contractual partners and to maintain our relationships with them. It also enables us to select and contact the right supplier for each new request for quotation from our business areas or to settle any invoices due.

The legal basis for processing the personal data described above is Article 6 (1) (f) GDPR. This is because we need to pursue our legitimate interest resulting from the need to communicate with our suppliers or contractual partners as well as to manage the portfolio of our suppliers or contractual partners and thereby ensure the delivery of the products and services that are required for our business. Additionally, Article 6 (1) (b) of the GDPR may be the legal basis for processing the personal data described above of persons acting directly as our suppliers or contractual partners, to the extent that the processing is necessary for the performance of our contract with that person.

We store this type of personal data for as long as it is required to maintain our ongoing relationship, or for the performance of our contract with the relevant supplier or contractual partner. We erase this personal data when it is no longer needed, e.g. when a supplier’s employee no longer works for that supplier or when the supplier or freelancer no longer qualifies as a supplier for us, unless legal archiving obligations require us to store personal data for a longer period of time (personal data in the context of contracts, for example, must be archived for 10 years in accordance with applicable tax laws; personal data in the ISO, GLP, GMP area of analytics, for example, must be retained for up to 33 years due to regulatory requirements).

... you or others have posted your personal data on the internet or elsewhere

For example, we search for information on the internet for various purposes, which are explained in more detail below. This information may contain personal data. We also use what is known as Active Online Listening. Active Online Listening is the process of identifying and assessing what is being said about a company, person, product, brand or business-related topic on the internet. We process personal data that we have collected from publicly accessible areas on the internet and publicly accessible media, e.g. by means of

keyword searches across the internet (e.g. websites, social media platforms, social networking communities, blogs, established news sources, forums or photo and video websites);
searching, filtering and analysing conversation streams; and
retrieving visual analytic representations of conversation trends over a predetermined period of time;
tracking publicly available opinions, statements or other interactions on the internet of certain individuals or entities that are important to us and our business (known as opinion leaders).
recording and processing in our customer relationship management system

Purpose, legal basis and retention period

We use the insights gained for the following purposes:

Customer and stakeholder insights
We aim to identify business opportunities and risks, as well as innovations, and better understand perceptions, intentions, sentiments, and trends in the market and society. We also want to develop an even better understanding of the needs of our customers and stakeholders, as well as their preferences and opinions. This allows us to engage in more effective dialogue, improve our services, products and the way we run our business, and take advantage of business opportunities and mitigate business risks. The legal basis for processing personal data in this context is Article 6 (1) (f) GDPR, as there is a need to pursue our legitimate interest arising from the purposes of our processing described above. We erase personal data when it is no longer needed for the purposes for which it was originally stored. Personal data stored in opinion leader profiles will be erased after 2 years.

... you report or process a ticket with us (e.g. fault reports or service requests),

we may process your contact and subject data in the ticket system.

Purpose, legal basis and retention period

For ticket-related communication, for example, your name, user ID and email address are used. We use this personal data to make contact with you.

The legal basis for the processing of personal data in this context is generally Article 6 (1) (f) GDPR. Our legitimate interest is to process relevant tickets and to contact you in this regard. The legal basis for the processing of your personal data may vary depending on the matter you have contacted us about or the processing about which we are contacting you (e.g. Article 6 (1) (b) GDPR; Article 6 (1) (c) GDPR).

In principle, your personal data is only stored for as long as is necessary.

… you receive “advertising” from us (e.g. information about services or events),

your contact details may be stored and processed in the electronic address book of your contact person and in one of our customer relationship management systems (CRM). Information sent by email is processed via our sales organisation.

Purpose, legal basis and retention period

The purpose of the processing is to be able to send you information about products, services and offers of Currenta that are relevant to you or your company and to inform you or your company about Currenta events.

To the extent permitted, we process the following personal data for personal and advertising purposes:

master data (first name, last name, title, company name, position, etc.)
contact data (email, telephone, address, etc.)
sales-related data (subject, linked accounts and contacts, sales opportunity information, etc.)
marketing-related data (contact origin, campaign data, etc.)
contact information (e.g. contact preferences, information on how we may contact you, etc.)

The legal basis for the processing and storage of the data is Article 6 (1) (f) GDPR. To the extent that an advertising address is made by email, processing will only be carried out if you have given consent in accordance with Article 6 (1) (a) GDPR or in accordance with Article 6 (1) (f) GDPR in conjunction with Section 7 (3) of the Law Against Unfair Competition (UWG). In the event of contact by telephone, processing will only take place if you have given consent in accordance with Article 6 (1) (a) GDPR or if it can be assumed that you have given consent in accordance with Article 6 (1) (f) GDPR in conjunction with Section 7 (2) (2) UWG.

To the extent that a contractual relationship exists between your company and Currenta, the personal data collected by us for advertising purposes will be stored for the duration of the contractual relationship between your company and Currenta and until two years after its termination, after which it will be erased. This shall not apply if we are obliged to store the data for a longer period in accordance with Article 6 (1) (1) (c) GDPR or if you have given consent for data storage beyond this period, in accordance with Article 6 (1) (1) (a) GDPR. If there is no contractual relationship between your company and Currenta, your data will be erased no later than two years after contact has been made. In the event of revocation of consent for advertising, Currenta is entitled to put your contact details on a blocked list to prevent further contact. Any additional data will be erased immediately after receipt of the revocation of consent, unless a statutory retention period applies.

You may revoke your consent to the processing of your personal data or object to its processing at any time.

... your data is processed in the customer relationship management system (CRM) by our group of companies.

We and our affiliate companies (CUR Group: Currenta GmbH & Co. OHG, Chemion Logistik GmbH, Tectrion GmbH, Netcur GmbH, Ausbildungsinitiative Rheinland GmbH) are jointly responsible for processing your personal data. With this information, we are also providing you with the main contents in accordance with Article 26 GDPR.

Purpose, legal basis and retention period

The purpose of joint processing is to maintain a group-wide customer relationship management (CRM) in keeping with the company structure. This includes, in particular, the search for contact persons at business partners, the allocation of business areas and tasks on the customer or supplier side, the identification of persons for the receipt of business-relevant information, the documentation of customer or supplier contacts, the presentation of organisational structures of partner companies, the creation and coordination of offers or processing of customer and supplier feedback, contact planning and maintenance (visits, telephone calls, etc.) as well as the preparation and follow-up, lead management and processing, sales opportunity and offer management, contact documentation or management of GDPR data subject requests. The following personal data are processed in this context:

master data (first name, last name, title, company name, position, etc.)
contact data (email, telephone, address, etc.)
Sales-related data (subject, linked accounts and contacts, sales opportunity information, etc.)
marketing-related data (contact origin, campaign data, etc.)
contact information (e.g. contact preferences, information on how we may contact you, etc.)

The legal basis for the joint processing is Article 6 (1) (1) (f) GDPR. The participating companies also reserve the right to process personal data on the basis of other relevant legal regulations (in particular Article 6 (1) (1) (a), Article 6 (1) (1) (b), Article 6 (1) (1) (c) GDPR). This is based in particular on the processing activities described in this Privacy Policy. You may revoke your consent to the processing of your personal data or to object to its processing at any time. As long as there is an active business relationship or a suitable legal basis for data processing (or a comparable status such as leads), the data will be stored in the CRM. Changes in status or to the data are continuously updated or adjusted. Data of persons with whom there is no longer an active business relationship (or no comparable status as, for example, with leads) is stored for up to two years after its termination and then erased or anonymised. This shall not apply if we are obliged to store the data for a longer period in accordance with Article 6 (1) (c) GDPR or if you have consented to further storage in accordance with Article 6 (1) (1) (a) GDPR. In the event of revocation of consent for advertising, Currenta is entitled to put your contact details on a blocked list to prevent further contact. Any additional data will be erased immediately after receipt of the revocation of consent, unless a statutory retention period applies. Processes (such as the administration of GDPR data subject enquiries), which under certain circumstances, and necessarily, take place on the basis of suitable legal grounds outside the CRM system, may be subject to further retention periods. In order to take into account the legal requirements of Article 26 of the GDPR, you will find below a list of the main contents and subjects of regulation which the participating companies of the CUR Group have defined in an agreement with regard to the jointly operated customer relationship management system (CRM): Basic regulations regarding the joint processing, the areas of responsibility and scope of action, the rights and obligations of the participating companies, the use of subcontractors (esp. processors), the implemented basic and processing-specific protective measures (including technical and organisational measures), essential principles for the processing of personal data (such as data minimisation and data protection-friendly defaults), the measures to protect the rights of data subjects, the information obligations towards data subjects, the list of processing activities, and details of processing (such as type, scope, purpose, duration of processing). Additionally, should you have any questions in connection with data protection, please contact the contact persons named under “CONTACT” (see below).

TRANSFER OF PERSONAL DATA FOR PROCESSING ON OUR BEHALF

We may sometimes use specialised service providers to process your personal data. These service providers are carefully selected by us and are subject to regular monitoring by us. They only process personal data on our behalf and according to our instructions on the basis of corresponding contracts for order processing.

PROCESSING OF PERSONAL DATA OUTSIDE THE EU OR THE EEA

Some personal data may also be processed in countries outside the European Union (“EU”) or European Economic Area (“EEA”). These countries may have fewer data protection requirements than European countries. In such cases, we will ensure that your personal data is adequately protected, e.g. by entering into specific agreements with our contractual partners (copy available on request), or we will ask for your express consent.

Information about your rights

The following rights are available to you under applicable data protection laws:

the right to access information about the data we have stored on you;
the right to rectify, erase or restrict the processing of your personal data;
the right to object to any processing that serves our legitimate interest, a public interest or profiling, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims;
the right to data portability;
and the right to lodge a complaint with a supervisory authority.
You may revoke your consent to the collection, processing and use of your personal data at any time with future effect.

Specification with regard to processing under joint responsibility:

Should you wish to assert your rights under Articles 15 to 22 of the GDPR with regard to the joint processing of your personal data, the Group Data Protection Officer of the CUR Group acts as the main contact person. Notwithstanding the foregoing, you may exercise your rights directly against each and every party. In this case, the respective party will forward your request to the Group Data Protection Officer of the CUR Group for further processing.

Contact

If you would like to exercise your rights as a supplier, customer or business partner in relation to the customer relationship management system (CRM), please use the following link:

https://currentagroup.powerappsportals.com/EN_GDPR/

If you have any questions in connection with data protection or wish to exercise your rights, please contact our data protection officer:

Head of Data Privacy

Datenschutzbeauftragter der CURRENTA-Gruppe

Adaptation of the privacy policy

We reserve the right to update this privacy policy from time to time. Updates to this privacy policy will be posted on our website. Changes will apply from the date of their publication on our website. We therefore recommend that you visit this page regularly to check for any updates.

Last updated: 26 January 2023