Data protection information

Data protection information for customers and other interested parties pursuant to articles 13 and 14 DSGVO.

With the following information we would like to give you an overview of the processing of your personal data and your rights referring to data protection law.

Which data is processed in detail and how it is used depends largely on the underlying purpose. Therefore, not all parts of this information may apply to you.

1.0 Who is responsible for data processing and who can I contact?
Responsible is:

LIZAS GmbH & Co. KG
Lilienthalstr. 9
30179 Hannover
Phone: +49 (0)511 – 2206318-0
E-Mail: info@lizas.eu

You can contact our external data protection officer at:

Thomas Trümper
Data protection officer
Krausenstraße 33
30171 Hannover
Phone: +49 (0)511 – 7602120
E-Mail: info@truemper-datenschutz.de

2.0 Processing frame

2.1 Which sources do we use?
We process personal data that we receive from our customers or other interested parties in the course of our business relationship.

2.2 Which data and categories of personal data do we use?
Relevant personal data are first and last name, company name, address, e-mail address, telephone and fax number, mobile phone, account data.

2.3 For what purposes and on what legal basis will we process personal data?
We process personal data on the basis of the Basic Data Protection Ordinance (DSGVO), the Federal Data Protection Act (BDSG) and other regulations on data protection and data security:

a) to fulfil contractual obligations (Art. 6 para. 1 b DSGVO)
The processing of the data takes place for the provision of business processing within the framework of contract processing with our customers or for the implementation of pre-contractual measures which take place on request.
The purposes of data processing primarily depend on the specific product (e.g. jewellery, accessories, watches, displays).

b) In the context of balancing interests (Art. 6 para. 1 f DSGVO)
If necessary, we process your data beyond the actual performance of the contract to protect the legitimate interests of us or third parties (examples):
Enforcement of legal claims and defence in legal disputes, Consultation with credit agencies (e.g. SCHUFA) including data exchange to determine creditworthiness and default risks, Ensuring IT security and operation of the company, Prevention and investigation of criminal offences, Measures for building and system security as well as for securing house rights, Examination and optimization of procedures for needs analysis for the purpose of direct customer approach, Advertising as well as market and opinion research, as long as you have not objected to the use of your data, Measures for business management and further development of services and products.

c) On the basis of your consent (Art. 6 para. 1 a DSGVO)
If you have given us your consent to process your personal data for certain purposes (e.g. contacting customers), the lawfulness is given on the basis of this consent.
A given consent can be revoked at any time. This also applies to the revocation of declarations of consent issued to us prior to the validity of the DSGVO – i.e. before 25 May 2018. The revocation of a consent is only effective for the future and does not affect the legality of the data processed until revocation.

d) On the basis of legal requirements (Art. 6 para. 1 c DSGVO) or in the public interest (Art. 6 para. 1 e DSGVO)
As a company we are subject to various legal obligations and legal requirements (e.g. tax laws).
The purposes of the processing include identity and age verification, fraud and money laundering prevention, the fulfilment of tax control and reporting obligations in the company.

2.4 Who gets my data?
Within the company, those departments will have access to your data that will need any kind of data to fulfil our contractual and legal obligations.
Service providers and vicarious agents used by us may also receive data for these purposes. These are companies in the categories of IT services, logistics, printing services, debt collection, consulting as well as sales and marketing.
The data is only passed on within the legal requirements (e.g. within the scope of order processing pursuant to Art. 28 and Art. 29 DSGVO).

2.5 How long will my data be stored?
We process and store your personal data as long as this is necessary for the fulfilment of our contractual and legal obligations.
If the data are no longer required for the fulfilment of contractual or legal obligations, they are regularly deleted, unless their temporary further processing is required for the following purposes:
Compliance with commercial and tax retention periods, which may result, for example, from the German Commercial Code (HGB), Fiscal Code (AO), Banking Act (KWG) and the Money Laundering Act (GwG).
The periods for storage and documentation specified there are generally two to 10 years.

Preservation of evidence within the framework of the statutory statute of limitations.
According to §§ 195 ff of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is 3 years.

2.6 Is there an obligation to provide data
Within the framework of our business relationship, you must provide the data required for the establishment, execution and termination of a business relationship and for the fulfilment of the associated contractual obligations or which we are legally obliged to collect. Without this information, we will usually not be able to enter into, execute and terminate a contract with you.

2.7 To what extent is there automated decision making?
In principle, we do not use fully automated decision making in accordance with Article 22 DSGVO for the establishment and implementation of the business relationship. If we use these procedures in individual cases, we will inform you separately about this and about your rights in this regard, insofar as this is prescribed by law.

2.8 Is profiling taking place?
Profiling does not take place.

3.0 Rights of Persons Affected

3.1 Information, correction, deletion and limitation of processing
Any data subject shall have the right of access under Article 15 DSGVO, the right to correction under Article 16 DSGVO, the right to cancellation under Article 17 DSGVO and the right to limitation of processing under Article 18 DSGVO. There are restrictions according to §§ 34 and 35 BDSG regarding the right of information and the right of deletion.

3.2 Data transferability
Everyone concerned has the right to data transferability under Article 20 DSGVO.

3.3 Right of objection
Under Article 21 of the DSGVO, every data subject has a right of objection.

3.4 Revocation of consent
You can revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent issued to us prior to the validity of the DSGVO, i.e. before 25 May 2018. Please note that the revocation will only take effect in the future. Processing that took place before the revocation is not affected by this.

3.5 Right of appeal to a supervisory authority
Each data subject has a right of appeal to the competent data protection supervisory authority in accordance with Article 77 DSGVO in conjunction with § 19 BDSG).

Privacy notice for customers and other affected parties | Version 1.0 | 2018-05-24