Privacy notice for business partners

How we handle your data and your rights 
Information in accordance with Art. 13, 14 and 21 of the General Data Protection Regulation (GDPR)

With this privacy notice we inform you, our business partners, about our processing of your personal data and about your rights in accordance with the EU General Data Protection Regulation (GDPR) in force from 25 May 2018. This information will be updated as required and published at www.wedi.de/en. You can also find our privacy notice for visitors to our website there.

1. Who controls data processing and who can I contact?

The controller is

wedi GmbH
Hollefeldstr. 51
48282 Emsdetten

Telephone +49 (0)2572 156-0
Email: info(at)wedi(dot)de

represented by the managing directors Mr Fabian Rechlin and Andreas Fürer

Associated companies
- wedi-Logistik GmbH (Germany)
- wedi SARL (France)
- wedi Systems (Great Britain)
- wedi Italia S.R.L. (Italy)
- wedi Corporation (USA)
- Thumag AG (Switzerland)

Contact details for the Data Protection Officer:
Address as above: “c/o Datenschutzbeauftragter”, Email: datenschutz(at)wedi(dot)de

2. What sources and data are used?

wedi GmbH processes data which it receives from the business relationship with you, e.g. during the course of the execution of customer contracts and personnel management, delivery management, sales representative support and support for interested persons.

Specifically, the following data in particular is processed:

- Identification data (e.g. name, address and contact details for business partners, bank details)

- Information regarding the risk profile for the business partner, including credit rating and solvency, and information in accordance with the declaration of suitability

- Data in connection with the execution of the specific contract

- Tax-related data

- Contract data on other correspondence (e.g. written communication with you)
- Advertising and sales data (e.g. regarding products and services which are potentially of interest to you)

3. For what purposes is my data processed (purpose of processing) and on what legal basis?
wedi GmbH processes your data on the basis of the following legal framework and for the purposes set out below:

3.1. For the fulfilment of contractual obligations (Art. 6(1) point (b) of the GDPR) 

Your data is processed for the execution of our contracts with you, i.e. for the handling of the commissioned service, for example.
The purpose of the data processing is specifically based on the concrete service and the contractual documents.

3.2. Within the context of the balancing of interests (Art. 6(1) point (f) of the GDPR)

Your data may also be used on the basis of a balancing of interests for the purposes of the legitimate interests pursued by the controller or by a third party.

This is done for the following purposes:

- General business management and further development of services, systems and products

- Fulfilment of internal requirements and the requirements of our affiliates, for insurance, for audit or administrative purposes

- Ensuring IT security and IT operations

- Advertising, market research and opinion polling

- Establishment of legal claims and defence in the event of legal disputes

- Prevention and solving of crimes, as well as risk management and fraud prevention

wedi GmbH’s interests in the particular processing result from the respective purposes and are moreoverof an economic nature (efficient task fulfilment, sales, avoidance of legal risks).
Provided that the particular purpose allows for it, wedi GmbH processes your data with pseudonymisation or anonymisation.

3.3. On the basis of your consent (Art. 6(1) point (a) of the GDPR)

Where you have given consent for the processing of personal data, the respective consent forms the legal basis for the processing specified there.

In addition, you may have consented to contact via email or telephone for advertising purposes.

You can withdraw your consent at any time, with effect for the future. This also applies to declarations of consent which you have given to wedi GmbH before the GDPR came into force, i.e. before 25 May 2018.
Withdrawal only takes effect for future processing.

3.4. On the basis of legal stipulations (Art. 6(1) point (c) of the GDPR)

wedi GmbH is subject to various legal obligations, i.e. legal requirements (e.g. the technical inspection directive, industrial safety regulation, anti-money laundering legislation, tax laws).

The purposes of processing include identity and age verification, fraud and money laundering prevention, accounting, risk assessment and management (including the generation of a risk profile for the business partner, and credit checking), and the
fulfilment of monitoring and reporting obligations under tax law.

4. Who receives my data?

wedi GmbH only passes on your data in compliance with the GDPR and the German Federal Data Protection Act (BDSG).

Within wedi GmbH, those departments which require your data in order to fulfil contractual and legal obligations or to perform their respective tasks receive it (e.g. material planning, commercial service, sales and marketing, accounting).
In addition, the following positions may receive your data:

- Processors used by us (Art. 28 of the GDPR), particularly in the field of IT services, logistics, disposal and print services which process your data for us subject to instructions

- Public bodies and institutions in the event of a legal or regulatory obligation

- Our respective employees, consultants, representatives, agents, auditors, service providers

- Other positions for which you have given us consent to transfer your data

5. How long will my data be stored?

Where necessary, your personal data will be processed for the duration of the business relationship, which also includes the initiation and execution of a contract.

Furthermore, wedi GmbH is subject to various retention and documentation obligations which result, among others, from the German Commercial Code and from anti-money laundering legislation. The stipulated periods for retention and/or documentation are between five and ten years.

Ultimately, the retention period is also determined in accordance with the statutory limitation period which, for example, is three years in accordance with the German Civil Code but may also be up to thirty years in some cases.

The various retention and documentation obligations for additional controllers result from the German Commercial Code (HGB), the German Fiscal Code (AO), the German Banking Act (KWG), the German Money Laundering Act (GwG) and the German Securities Trading Act (WpHG), among others. The stipulated periods for retention and/or documentation are between two and ten years.

Ultimately, the retention period is also determined in accordance with the statutory limitation period which, for example, is generally three years in accordance with secs. 195 ff of the German Civil Code (BGB) but may also be up to thirty years in some cases.

6. Is data transferred to a third country or to an international organisation?

Your data is only transferred to countries outside the European Economic Area – EEA (third countries) where this is required for the completion of your order or is prescribed by law, or if you have given your consent.

7. What other data protection rights do I have?

Under the respective legal provisions, you have the right of access (Art. 15 of the GDPR), rectification (Art. 16 of the GDPR), erasure (Art. 17 of the GDPR), restriction of processing (Art. 18 of the GDPR) and data portability (Art. 20 of the GDPR).

In addition, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 of the GDPR). 

You can assert these rights against wedi GmbH centrally.

Competent supervisory authority:
Landesbeauftragte für Datenschutz und Informationsfreiheit
Nordrhein-Westfalen
Postfach 20 04 44
40102 Düsseldorf
Tel.: 0211/38424-0
Fax: 0211/38424-10
Email: poststelle(at)ldi.nrw(dot)de

8. Do I have an obligation to provide data?

Within the framework of our business relationship, you are only required to provide such personal data as is required to establish, execute and conclude the business relationship or which we are legally obligated to collect