We at SIM GmbH take the protection of personal data seriously. This means in particular that we only process personal data if a legal regulation allows us to do so or if the person concerned has given his or her consent.
Here, we explain to you which information (including your personal data) is processed by us and how it is used.
Our handling of your data and your rights - information according to Art. 13, 14 and 21 of the EU-GDPR
With the following information we would like to give you an overview of the processing of your personal data by us and your rights resulting from it. Which data is processed in detail and in which way it is used depends largely on the services requested or agreed upon in each case. Therefore not all statements contained here may apply to you.
In addition, this privacy information may be updated from time to time. You can always find the latest version on our website.
1. Who is responsible for data processing and whom can I contact?
The person responsible within the meaning of the GDPR is:
Managing Director: Rolf Eichelberg
You can reach our company data protection officer at:
Dr. Lina Such, , 0208/9410780
2. Nature of the personal data collected
We process the following personal data that we receive from you in the course of our business relationship:
Company name with legal form and address
Title and names
Field of activity or position
3. We process your data for the following purposes and on the following legal basis
We process personal data in accordance with the provisions of the European Data Protection Basic Regulation (EU- GDPR) and the Federal Data Protection Act (BDSG):
3.1 For the fulfilment of contractual obligations (Art. 6 para. 1 letter b GDPR)
The processing of data is carried out for execution:
- of our contract
- ancillary contractual services (e.g. preparation of offers, warranty notifications, etc.)
3.2 Due to legal requirements (Art. 6 para. 1 letter c GDPR)
We are subject to various legal obligations that entail data processing. These include, for example
- Tax laws and the legal bookkeeping
- the fulfilment of fiscal control and reporting obligations
In addition, the disclosure of personal data may become necessary in the context of administrative/judicial measures for the purpose of gathering evidence, prosecution or enforcement of civil claims.
4. Who gets my data?
4.1. Within our company
Employees for the contact with you and the contractual cooperation (including the fulfilment of pre-contractual measures)
4.2 In the context of contract processing
Your data may be passed on to service providers who work for us as order processors:
- Support or maintenance of EDP or IT applications
All service providers are bound by contract and in particular are obliged to treat your data confidentially.
4.3 Other third parties
Data will only be passed on to recipients outside our company in compliance with the applicable data protection regulations. Recipients of personal data can be, for example
- Tax consultants or economic and wage tax and tax auditors (statutory audit mandate)
- Partner companies, from whom we take over the distribution, installation and maintenance of products
5. Is data transferred to a third country or to an international organisation?
Your data will only be processed within the European Union and states within the European Economic Area (EEA).
However, we work together with partner companies, which may have their headquarters, parent company or data centres in a third country. A transfer is permitted if the European Commission has decided that an adequate level of protection exists in a third country (Art. 45 GDPR). If the Commission has not taken such a decision, the companies or the service provider may only transfer personal data to service providers in a third country if appropriate safeguards are in place (standard data protection clauses adopted by the European Commission or the supervisory authority in a given procedure) and enforceable rights and effective remedies are available.
6. How long will my data be stored?
We process and store your personal data for as long as this is necessary to fulfil our contractual and legal obligations. If the data is no longer necessary for the fulfilment of contractual or legal obligations, it will be regularly deleted.
There are exceptions,
- to the extent that statutory storage obligations must be fulfilled, e.g. German Commercial Code (HGB) and German Tax Code (AO), are required. The periods of retention or documentation specified there are usually six to ten years;
- for the preservation of evidence within the scope of the statutory limitation regulations. According to §§ 195 ff of the German Civil Code (BGB), these periods of limitation can be up to 30 years, whereby the regular period of limitation is 3 years.
- If necessary further ones.
If the data processing is carried out in the legitimate interest of us or a third party, the personal data will be deleted as soon as this interest no longer exists. The exceptions mentioned above apply.
7. What data protection rights do I have?
You have the right to information (Article 15 GDPR), the right of correction (Article 16 GDPR), the right of deletion (Article 17 GDPR), the right to restrict processing (Article 18 GDPR), the right of objection (Article 21 GDPR) and the right to data transferability (Article 20 GDPR).
With regard to the right to information and the right of deletion, restrictions may apply under Sections 34 and 35 of the Federal Data Protection Act.
In addition, there is a right of appeal to a competent data protection supervisory authority (Article 77 GDPR in conjunction with Article 19 BDSG). The supervisory authority responsible for us is:
LDI NRW - State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
8. Is there an obligation to provide data?
Within the scope of the contractual relationship, you must provide those personal data which are necessary for the commencement, implementation and termination of the contractual relationship and for the fulfilment of the associated contractual obligations or which we are legally obliged to collect. Without this data, we will generally not be able to conclude or execute the contract with you.
9. Information about your right of objection in accordance with Article 21 of the Basic Data Protection Regulation (GDPR)
9.1 Right of objection based on individual cases
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6 paragraph 1 letter f) GDPR (data processing based on a balancing of interests), including profiling based on this provision within the meaning of Article 4 No. 4 GDPR.
If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.
9.2 Recipient of an objection
The objection can be made in any form with the subject "Objection", stating your name, address and date of birth, and should be addressed to
Dr. Lina Such, , 0208/9410780