Privacy policy for business partners

Information on data protection of RSP GmbH & Co. KG for business partners

Last update: August 2023

This privacy policy explains how companies of the RSP Group (hereinafter also referred to as “we”) process your personal data. The companies of the RSP Group thus comply with the statutory information obligations pursuant to Articles 12-14 of the EU General Data Protection Regulation (GDPR).

In addition, we inform you below about the processing of your personal data in connection with

  • with your employer’s contractual relationship with us or
  • with our contractual relationship, should you, e.g. as a sole trader, be our contractual partner directly.

1. person responsible within the meaning of the data protection laws

The controller within the meaning of the General Data Protection Regulation (GDPR) is RSP GmbH & Co KG, Zum Silberstollen 10, 07318 Saalfeld/Saale, Germany or the company affiliated with RSP GmbH & Co KG with which you are in contact. Further contact details can be found at www.rsp-germany.com.

2. what do we process your data for (purpose of processing) and on what legal basis?

We collect, use and store your personal data for the following purposes.

a. Processing of your data due to contractual obligations or pre-contractual measures (Art. 6 para. 1 lit. b GDPR)
We process your data in order to conclude, execute or terminate a contract with you or your employer. These data are in particular

  • Your name,
  • Your business address,
  • Your business contact details such as telephone number and e-mail address as well as correspondence and contractual agreements with us,
  • Performance metrics: e.g. information that allows us to assess the performance of the supplier, including the supplier’s personnel.

If you yourself are our contractual partner, we collect further data from you, such as

  • Your bank details.

If we have not received the aforementioned data from you, it comes from publicly accessible sources. We will neither sell your personal data to third parties nor market it in any other way.

b. Processing of your data on the basis of a balancing of interests (Art. 6 para. 1 lit. f GDPR), insofar as your interests worthy of protection do not outweigh our legitimate business interests

If you yourself are our contractual partner, we will carry out a prequalification procedure under certain conditions when establishing contractual relationships.

In doing so, we determine whether we are permitted to enter into business relationships with you in accordance with the provisions of the Money Laundering Act and the EU sanctions lists pursuant to EU Regulations 2580/2001 and 881/2002.

In order to consult and exchange data with credit agencies and to determine creditworthiness and default risks, we obtain information on creditworthiness-relevant characteristics from credit agencies before concluding the contract.

In addition, we process your data for the protection of our legitimate interests or those of third parties, for or in order to

  • Protecting our legitimate business interests and legal rights. This includes, but is not limited to, use in connection with legal claims, regulatory, auditing, investigative purposes (including disclosure of such information in connection with litigation, insurance claims, or legal disputes) and compliance reporting obligations,
  • Managing the performance and ensuring the security of our equipment, facilities and electronic platforms, including data security and privacy control measures,
  • Prevention and investigation of criminal offenses,
  • Video surveillance to safeguard domiciliary rights, to collect evidence,
  • Building and plant security (e.g. access control),
  • Business management,
  • Welcome to the house via our welcome screen,
  • Providing you with information about our products, services, offers or technical developments (direct marketing) that you request from us as our business partner or that we believe may be of interest to you, to the extent permitted by law,
  • if you have indicated a preference in relation to marketing communications, or to process follow-up requests to improve our service,
  • or other correspondence.

For internal administrative purposes, personal data is also disclosed to other companies affiliated with RSP GmbH & Co. KG insofar as this is necessary.

3. is there an obligation for me to provide data?

You must provide the personal data that is necessary for the conclusion and performance of the contract and the fulfillment of the associated contractual obligations or that we are legally obliged to collect. Without this data, we will generally have to refuse to conclude the contract or will no longer be able to perform an existing contract and may have to terminate it.

4. to whom is your data transmitted?

Within the companies affiliated with RSP GmbH & Co KG, those departments that require your data to fulfill contractual and legal obligations or to coordinate our services internally, e.g. central purchasing, sales, marketing, customer service, will have access to your data.

Service providers and vicarious agents employed by us may also receive data for these purposes. These include companies in the categories of IT services, logistics, printing services, telecommunications, billing and debt collection.

With regard to the transfer of data to other recipients, it should first be noted that we only pass on necessary personal data in compliance with the applicable data protection regulations. We may only pass on personal data of our business partners if this is required by law, if the data subject has consented or if we are otherwise authorized to pass on the data. Under these conditions, recipients of personal data may be, for example

  • Public bodies and institutions (e.g. tax authorities, law enforcement authorities) if there is a legal or official obligation,
  • Creditors or insolvency administrators who make inquiries in the course of enforcement proceedings,
  • Auditor,
  • Service providers that we use in the context of order processing relationships,
  • Suppliers to whom we disclose data on suppliers or sales partners as part of the review of standards, sanctions list reviews and certifications.
  • other business partners.

In all of the above cases, we ensure that the recipients only have access to your personal data to the extent necessary for the performance of individual tasks.

5. data transfers to third countries

Data is transferred to countries outside the EU (so-called third countries).

  • if our business relationship and in particular the subject matter of the contract requires the involvement of a company affiliated with RSP GmbH & Co. KG or of business partners whose registered office is outside the EU;
  • or insofar as this is required by law;
  • or if this is necessary for the assertion, exercise or defense of legal claims;
  • or you have given us your consent to do so.

The processing of your data in a third country may also take place in connection with the involvement of service providers as part of order processing. If there is no decision by the EU Commission on an appropriate level of data protection in the country in question, we ensure that your rights and freedoms are protected and guaranteed in accordance with EU data protection regulations by means of appropriate contracts. We will provide you with the relevant detailed information on request. Information on the suitable or appropriate guarantees and on the possibility of obtaining a copy from you can be obtained from our data protection officer on request.

In cases in which there is no decision by the EU Commission on an adequate level of data protection in a third country and the transfer there is necessary for the performance of a contract concluded by us with a third party in your interest, the exemption provisions of Art. 49 para. 1 lit. c GDPR apply. Insofar as the transfer serves to initiate or execute a contract with you, the exemption provisions of Art. 49 para. 1 lit. b GDPR apply.

6 How long do we store your data?

The following applies to employees of our contractual partners:
The personal data provided to us by your employer will be stored by us and used for the purpose of placing possible further orders with your employer until your employer or we are no longer interested in a further business relationship.

If you become a contractual partner yourself, the following applies:
After termination of the contractual relationship, we will store the data relevant to this contractual relationship for the duration of statutory retention obligations and delete it after these have expired. This does not apply to the personal data provided by you, which we will store and use for the purpose of placing possible further orders with you until you or we are no longer interested in a further business relationship. You will inform us if you are no longer interested in a further business relationship with us.

7 Automated decisions

We sometimes process personal data automatically with the aim of evaluating certain personal aspects (profiling). We use profiling in the following cases, for example:

  • Due to legal and regulatory requirements, we are obliged to combat the financing of terrorism. This also involves evaluating your personal data. These measures also serve to protect you.
  • We use scoring to assess the creditworthiness of our contractual partners. This involves calculating the probability that a contractual partner will meet their contractual obligations. The calculation may include, for example, income, expenditure, existing liabilities, experience from the previous business relationship, contractual repayment of previous loans and information from credit agencies. Scoring is based on a mathematically and statistically recognized and proven procedure. The calculated score values help us to make decisions when concluding contracts and are included in ongoing risk management.

8. what rights are you entitled to?

With regard to the processing of your personal data by us, you have the right to information under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR. The restrictions under Sections 34 and 35 BDSG apply to the right of access and the right to erasure. In addition, there is a right of appeal to a data protection supervisory authority in accordance with Article 77 GDPR in conjunction with Section 19 BDSG.
These rights may be restricted, for example, if your request would reveal personal data about another person or if you ask us to delete information that is required by law or if we can demonstrate compelling legitimate interests.

Information about your right to object in accordance with Article 21 of the EU General Data Protection Regulation (GDPR)

1. individual right of objection

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(e) GDPR (data processing in the public interest) and Article 6(1)(f) GDPR (data processing on the basis of a balancing of interests); this also applies to profiling based on this provision within the meaning of Article 4(4) GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

2. right to object to the processing of data for advertising purposes

In individual cases, we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.

If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

You can send a revocation in this regard at any time free of charge, also for the respective communication channel separately and with effect to the aforementioned contact details, without incurring any costs other than the transmission costs according to the basic rates.

9. contact

If you have any questions about this privacy policy, please contact the data protection officer.

You can contact our Group Data Protection Officer by e-mail at datenschutz@rsp-germany.com

RSP Logo weiß

Innovate work

About RSP

Legal matters

Social