Data Protection Information for the Use of Microsoft 365 Applications
In the following, we inform you about the processing of your personal data as an interested party, customer, supplier or other business partner ("Business Partner") of fka GmbH. This also includes employees of our Business Partners in their role as contact persons and representatives in connection with business relationships. Additional information on data protection can be found at www.fka.de/en/privacy.
1. Name and contact details of the data controller
The controller within the meaning of data protection law ("we") is:
Name and address:
fka GmbH
Steinbachstraße 7
52074 Aachen
Deutschland
Contact:
Telefon: +49 241 8861 0
Fax: +49 241 8861 110
E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.
Website: www.fka.de
Further information about the company as well as details of the authorized representatives can be found at: fka.de/en/imprint.html.
2. Contact details of the data protection officer
Our data protection officer can be contacted for inquiries and other data protection concerns using the following contact details:
fka GmbH
- Data protection officer -
Steinbachstraße 7, 52074 Aachen
E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.
3. Categories of personal data, purposes, and legal bases for data processing
As part of the business relationship, we may process the following personal data for a number of business purposes as set out below:
- General identifying information/master data and contact details (e.g. name, address, landline and mobile phone number, nationality, country of residence, date of birth, gender and languages spoken);
- Job-related data (e.g. job title, work e-mail address, telephone number, activity/responsibility);
- Financial data (e.g. account number, credit card number, bank details and VAT number);
- Visitor data when you visit an fka site (e.g. name, contact details, date/period of your visit);
- Data relating to procurement and contracting, including contract information (e.g. project allocation, duration);
- Survey results (e.g. responses to questionnaires);
- Proof of identity (e.g. a copy of your identity card or other proof of identity (e.g. driving licence) if you submit a data protection request to fka);
- Communication and other voluntarily provided data (e.g. message content or documents as part of a contact).
The personal data processed is limited to the data required to fulfil the business purpose for which this personal data is collected. We generally collect personal data directly from the data subjects. However, data may also be collected from third parties in compliance with the statutory provisions, for example if contact details are provided by third parties as part of projects.
Personal data of Business Partners may be processed for the following purposes:
- Building and maintaining relationships with Business Partners;
- Internal administrative purposes (including accounting for receivables and liabilities and controlling);
- Customer service;
- Contract management;
- Administration of products, warranties and claims;
- Order processing and fulfilment;
- Demand planning;
- Dispute resolution and litigation procedures;
- Training and certifications;
- Procurement and purchasing;
- Company/business segment development;
- Compliance with labour, tax and social security laws as well as other legal or regulatory requirements (e.g. to fulfil official reporting and retention obligations);
- Research, development and improvement of fka products and services (including sales and market research, for example through surveys);
- IT support;
- Public relations;
- Direct marketing;
- Operating facilities, safety and emergency planning;
- Optimizing the use of networks and end devices and related security controls;
- Prevention, detection and investigation of fraud;
- To monitor and enforce compliance with fka's policies and procedures;
- To monitor and enforce compliance with legal or contractual obligations applicable to fka (including the obligations set out in your contract with fka);
- For the organisation of events and functions;
- For conducting internal and external audits;
- To carry out corporate transactions (including mergers, acquisitions and divestments);
- For product research, product development ("R&D"), product support and maintenance, fault diagnostics and the detection of fault patterns.
The personal data is collected and processed on the following legal basis:
- Art. 6 para. 1 lit. b) GDPR, if necessary for the fulfilment of a contract concluded by you with fka (e.g. bank details are required for payment if you sell a product to fka) or for the implementation of pre-contractual measures at your request (e.g. we need an e-mail address in order to be able to send you a contract offer);
- Art. 6 para. 1 lit c) GDPR, if required to fulfil a legal provision applicable to fka (e.g. we may need to collect your VAT number in order to fulfil tax obligations);
- Art. 6 para. 1 lit. f) GDPR, if necessary to safeguard the legitimate interests of fka, unless the interests or fundamental rights and freedoms of the data subject prevail (e.g. if we need certain personal data for internal administrative purposes, to ensure network and information security and to improve products and services);
- Art. 6 para. 1 lit. a) GDPR, if you have given your consent (e.g. if you have consented to receive a newsletter from fka).
4. Duration of storage
We only store your data for as long as it is required for the respective purposes, in particular in the context of the business relationship with you or our Business Partner.
In principle, the data collected will be deleted as soon as there is no longer a business relationship with the Business Partner or for a period of three years after inactive communication. In other cases, personal data may be stored and retained until the statutory exclusion or limitation periods with regard to legal claims against fka have expired.
5. Recipients/Categories of recipients
Personal information is only disclosed to employees or departments on a need-to-know basis in order to fulfil their tasks within the scope of the processing purposes.
If and insofar as this is necessary for the specific processing purposes and legal provisions permit or require this, the data may be passed on or disclosed, in particular to the recipients or categories of recipients named below:
- IT service provider and Software-as-a-Service ("SaaS") provider;
- Banks, insurers;
- Provider of sales, marketing and communication services;
- Provider of research services;
- Provider of training services;
- Lawyers, auditors, tax consultants and other professional advisors;
- Law enforcement authorities (including police, public prosecutor's office and judiciary);
- other public authorities (including social security and tax authorities.
If your personal data is disclosed to third parties who process your data on behalf of fka ("processors"), the personal data will only be transferred to carefully selected processors who act on the basis of fka's instructions to comply with the applicable legal and contractual obligations.
6. Third country transfer/international data traffic
The data is processed exclusively in data centres within the European Union. As a rule, data is not transferred to a country outside the European Union or the European Economic Area. If, in exceptional cases, it is necessary to transfer personal data to organisations in countries outside the European Union or the European Economic Area, this is done exclusively in accordance with the legal requirements of Art. 44 et seq. GDPR.
7. Rights of the Data Subject
Any person affected by the processing has the right
- in accordance with Art. 7 para. 3 GDPR, to withdraw consent given to us at any time. As a result, we may no longer continue the data processing that was based on this consent in the future. However, this does not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal. Please note that we may have to continue to store certain data for the fulfillment of legal requirements or in the context of legal prosecution (see section 4);
- in accordance with Art. 21 GDPR, to object to the processing of personal data if the personal data is processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR, provided that there are reasons for this arising from the particular situation of the data subject;
- to request information about the personal data processed by us in accordance with Art. 15 GDPR;
- in accordance with Art. 16 GDPR, to request the rectification of inaccurate personal data or the completion of incomplete personal data stored by us without undue delay;
- in accordance with Art. 17 para. 1 GDPR, to demand the deletion of the personal data stored by us in the cases mentioned therein, unless the processing is necessary for one of the cases mentioned in Art. 17 para. 3 GDPR;
- in accordance with Art. 18 GDPR, to demand the restriction of the processing of personal data in the cases specified therein, in particular if the data subject has objected to the processing in accordance with Art. 21 GDPR, as long as it has not yet been determined whether our legitimate reasons outweigh those of the data subject;
- where the processing is based on consent or on a contract and the processing is carried out by automated means, in accordance with Art. 20 GDPR, to receive the personal data that the data subject has provided to us in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from us; and
- to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR. As a rule, the data subject can contact the supervisory authority of their usual place of residence or workplace or our company headquarters.
Last update: 04/2024