1. DATA CONTROLLER
The Data Controller is:
Moderna GmbH & Co. KG
Zum Walde 21
Hereinafter referred to as “Moderna”, “we” or “us”.
Moderna GmbH & Co. KG is represented by Moderna Verwaltungs GmbH, which is represented by the managing director Guido Schulte.
You can reach our data protection officer by contacting:
Moderna GmbH & Co. KG
Mr Nicolas Amen
Data Protection Officer
Zum Walde 21
+49 (0) 2952 / 816-1512
2. SOURCE OF PERSONAL DATA
We process personal data that we obtain or generate in the course of our business relationships with our customers and interested parties. In addition, where necessary to provide our services, we process personal data that is transmitted to us in an authorised manner from other companies within our corporate group or from other third parties. In addition, we receive some personal data from direct customers concerning their end customers (our indirect customers), provided that these persons have consented or there is a legitimate interest in sending it to us.
3. CATEGORIES OF PERSONAL DATA PROCESSED
We process the following categories of personal data:
Master data, order data, data required to fulfil our contractual obligations, information about your creditworthiness, correspondence as well as all data comparable with the categories stated.
4. PURPOSES OF THE PROCESSING OF PERSONAL DATA
We process your personal data for the following purposes:
Obtaining and processing orders, planning and controlling production, storage and delivery, advertising and marketing, procurement, complaints handling, invoicing, contract management, checking sanction lists
5. LEGAL BASES OF PROCESSING
We process personal data in line with applicable, statutory data protection requirements. Such processing is only lawful if at least one of the following conditions is met:
a. Consent (point (a) of Art. 6(1) GDPR)
The legality of the processing of personal data is based on consent granted to processing for defined purposes (e.g. forwarding of data within the corporate group, use of data for marketing purposes). Consent that has been granted can be revoked at any time with future effect.
b. To comply with contractual obligations or in order to take steps at the request of the data subject prior to entering in to a contract (point (b) of Art. 6(1) GDPR)
We process data in order to meet our contractual obligations to provide services to our customers or in order to take steps at the request of the data subject prior to entering in to a contract. The purposes of data processing primarily depend upon the specific business transaction.
c. Due to statutory requirements (point (c) of Art. 6(1) GDPR) or in the public interest (point (e) of Art. 6(1) GDPR)
We are subject to various legal obligations, i.e. statutory requirements (e.g. commercial and tax-related retention obligations in accordance with the German Commercial Code or the General Tax Code). The purposes of processing include the fulfilment of monitoring and reporting obligations under tax law.
d. If there is a legitimate interest (point (f) of Art. 6(1) GDPR)
Where required, we will process your personal data beyond the actual fulfilment of contracts in order to protect either our own legitimate interests or those of third parties, provided that these are not outweighed by your interests as data subject.
Our legitimate interests include in particular:
| Revision and improvement of general business management processes and the further development of products and services
| Direct marketing, where you have not objected to the use of your data
| Assertion of legal claims and defence in the case of legal disputes
| Prevention, resolution or aversion of criminal activity
| Ensuring the security of IT operations
| Consultation from and data exchange with credit agencies to determine credit or default risks
6. CATEGORIES OF RECIPIENTS OF PERSONAL DATA
Within MeisterWerke corporate group, employees shall have access to personal data if they are required to do so for the data processing purposes pursued by Moderna and to satisfy our contractual and legal obligations. Moderna also outsources some of the aforementioned processes and services to service providers based in the EU, who have been carefully selected in line with data protection requirements. These may include companies in the categories of printing service providers, IT service providers, freight forwarders and service providers involved in sales and marketing.
When it comes to transmitting data to third parties, we may only pass on information about data subjects where we are authorised to do so. In these cases, the recipients of personal data may include:
| Public bodies and institutions (e.g. tax authorities) in the case of a legal or official obligation
| Other companies or comparable institutions to which we transmit personal data in order to carry out business with you (e.g. credit agencies)
| Other companies within our corporate group
In addition, other bodies may also be data recipients, provided that you have given us your agreement to data transmission.
7. TRANSMISSION TO COUNTRIES OUTSIDE OF THE EU / EEA
Transmission of personal data to a third country or to an international organisation shall, in principle, not take place. At most, there is the possibility that data will be transmitted abroad to our own employees and commercial agencies bound by contract, or in the context of support services provided by external service providers for order processing. Moderna will comply with the legally prescribed regulations in this regard.
8. CRITERIA FOR DEFINING THE LENGTH OF STORAGE OF PERSONAL DATA
The criteria for defining the length of storage apply after the end of the purpose of use and the subsequent statutory storage period.
If the data is no longer required to fulfil contractual or statutory obligations, it will be deleted at the request of the data subject, unless its further processing (for a limited duration and potentially with restrictions) is required for the following purposes:
| To satisfy commercial and tax retention obligations such as the Commercial Code (HGB) and the General Tax Code (AO). Afterwards, retention or documentation periods of up to ten years are stipulated.
| Conserving evidence in the context of statutes of limitations: In accordance with Section 195 et seq. of the German Civil Code (BGB), the usual limitation period is three years, but under special circumstances may extend to up to 30 years.
9. OBLIGATION TO PROVIDE AND POTENTIAL CONSEQUENCES OF THE NON-PROVISION OF DATA
As part of our business relationship, you must provide us with the personal data that is required for entering into and executing a business relationship and for the fulfilment of associated contractual obligations or which we are legally obliged to collect. Without this data, we will usually not be able to conclude or execute a contract with you.
10. AUTOMATED DECISION-MAKING, INCLUDING PROFILING
In principle, we do not utilise any automated decision-making – including profiling – in accordance with Article 22 GDPR to enter into and execute the business relationship. Should we apply these procedures in individual cases, we will inform you separately, where prescribed by law.
11. RIGHTS OF NATURAL DATA SUBJECTS
Each natural data subject has the right to information in accordance with Article 15 GDPR, the right to rectification in accordance with Article 16 GDPR, the right to erasure in accordance with Article 17 GDPR, the right to restriction of processing in accordance with Article 18 GDPR, the right to object in accordance with Article 21 GDPR (see also the “Right to object” section below for more information) and the right to data portability arising from Article 20 GDPR. The restrictions in accordance with Sections 34 and 35 Federal Data Protection Act (BDSG) apply to the right to information and erasure. Furthermore, you have a right to lodge a complaint with the competent data protection supervisory authority. Consent that has been granted to the processing of personal data can be revoked at any time with future effect. This also applies to the revocation of consent granted to us prior to the entry into force of the General Data Protection Regulation, i.e. before 25 May 2018.
To assert any of these rights, please contact:
Moderna GmbH & Co. KG
Zum Walde 21
RIGHT TO OBJECT
Information about your right to object in accordance with Article 21 of the General Data Protection Regulation (GDPR)
1. INDIVUDUALISED RIGHT TO OBJECT
As a natural data subject, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) of Article 6(1) GDPR (data processing in the public interest) and point (f) of Article 6(1) GDPR (data processing for the purpose of legitimate interests); this also applies to profiling based on those provisions in accordance with Article 4(4) GDPR. If you file an objection, we will no longer process your personal data for these purposes unless we can prove the existence of compelling legitimate grounds for processing that override your interests, rights and freedom or if the processing is for the purpose of asserting, exercising or defending legal claims.
2. RIGHT TO OBJECT TO THE PROCESSING OF DATA FOR DIRECT MARKETING PURPOSES
In specific cases, we will process your data to carry out direct marketing. As a natural data subject, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes.