Transparency and information obligations for suppliers, contractual partners and interested parties

of the german Leadec-companies: Holding BV & Co. KG, Leadec BV & Co. KG, Leadec FM BV & Co. KG, Leadec Management Central Europe BV & Co. KG, Leadec Personal BV & Co KG, Leadec Beteiligungen GmbH according to the General Data Protection Regulation, (EU-GDPR).

With this document, we would like to inform you about the processing of your personal data by Leadec and the rights to which you are entitled under data protection law.

To claim these rights, please contact your purchasing contact. The same applies if you have questions about data processing in the purchase of our company, or want to revoke a granted consent. If you do not know your contact person, send an e-mail to: dataprivacy.DE@leadec-services.com

Responsible body (controller) and data protection officer

Leadec Holding BV & Co. KG
Meitnerstr. 11, Building STEP 7.1
70563 Stuttgart, Germany
dataprivacy.DE@leadec-services.com

Categories of data / data sources

We process the following personal data within the framework of the contractual relationship and for the initiation of a business relationship:

Suppliers:

  • Contact data (e.g. first/surname of current and previous contact persons, if applicable, name affixes, company name and address (employer), telephone number including extensions, business e-mail address)
  • Occupational data (e.g. department including position)
  • Financial data (e.g. payment deadline, bank account data, purchasing volume, if necessary economic information, tax data (USTID)
  • Orderprocessing data (e.g. order number, bill number, invoice amount, due date)

In case of temporary employment:

  • Personal data of agency workers (e.g. first/surname, date of birth, qualifications, if necessary nationality, work permit, personal documents (copy), address, telefone number, mobile number, e-mail address)

As a matter of principle, we collect your personal data directly from you within the framework of current contractual transactions and the underlying relationship or in the framework of the initiation of a business relationship. In certain constellations, your personal data may exceptionally also be collected from other sources. This includes event-related queries on relevant information from credit agencies, in particular with regard to credit risk assessments and former credit behavior.

Purposes and lawfulness of data processing

When processing your personal data, the provisions of the GDPR, local data protection laws and other relevant legal provisions are always observed.

Your personal data is exclusively processed for the execution of pre-contractual measures (e.g. for the preparation of offers for products or services, comparison of prices) and/or for the fulfilment of contractual obligations (e.g. for the execution of our services or for sales/order/payment processing), (Art. 6 para. 1 lit. b GDPR) or if there is a legal obligation for processing (e.g. due to tax regulations) (Art. 6 para. 1 lit. c GDPR). Personal data was originally collected for these purposes.

Of course, your consent may also constitute a legal basis for the processing of your personal data (Art. 6 para. 1 lit. a GDPR). Before you grant such consent, we will inform you about the purpose of the data processing and about your right of revocation according to Art. 7 para. 3 GDPR. Should the consent also refer to the processing of special categories of personal data in accordance with Art. 9 GDPR, we will explicitly point this out to you in advance.

Your personal data will only be processed for the detection of criminal offences if the requirements of Art. 10 GDPR are met.

Duration of data storage

We will delete data as soon as your data is no longer needed for the above-mentioned purposes or in the event that you revoked your consent. Data will only be stored beyond the existence of the contractual relationship only in cases in which we are either obliged or entitled to do so. Regulations which oblige us to keep data can for example be found in commercial or tax laws. This may result in a storage period of up to ten years. For example, we may be entitled to keep data in accordance with our contractual agreement or under Article 18 of the GDPR. In addition, statutory limitation periods must be observed.

Data recipients / categories of recipients

In our company, we make sure that only those departments and individuals receive your data that need them to fulfil contractual and legal obligations.

In many cases, service providers support our specialist departments in fulfilling their tasks. In this case, the necessary data protection agreements have been concluded with all service providers.

Pay services / financial services provider:

We work with financial service providers to process supplier claims. These collect and store data on creditworthiness, account details and business data such as company, contact person, contractual terms of payment within the framework of the corresponding contracts. The enclosed list provides information about the individual fields that are processed here.

In the case of recruiting third-party employees / temporary workers, we sometimes work together with HR service providers. These record business data of the co-vendors as well as data of the corresponding temporary workers, about which the enclosed list gives detailed information. The data is collected for the initiation, administration, billing and processing of individual temporary employment contracts and legal deadline tracking and stored in a Vendor Management System (VMS).

Before a supplier is created in our purchasing systems, it will be reconciled with the US embargo / terrorist list. Only hits are reported here. Search queries are not saved. In the event of a hit, your Leadec purchasing representative would contact you to review the finding.

If necessary, we check the economic stability of our suppliers by means of economic information.

If necessary transmission to certain public authorities, e.g. tax authorities, possibly also law enforcement or customs authorities, etc. in cases provided by law.

The individual data fields that are collected and stored in the systems (ERP-System, E-Procurementsystem (eCatalogue), E-Sourcingsystem, contract database, SupplierRelationshipManagementTool) are listed in detail in the attached list.

Rights of data subjects

Your rights as a data subject are set out in Articles 15 - 22 GDPR, and include:

  • The right to access (Art. 15 GDPR),
  • The right to erasure (Art. 17 GDPR),
  • The right to rectification (Art. 16 GDPR),
  • The right to data portability (Art. 20 GDPR),
  • The right to object to processing (Art. 21 GDPR),
  • The right to restriction of processing (Art. 18 GDPR).

To exercise these rights, please contact: supplier@leadec-services.com 

In the event that we process your data to protect legitimate interests, you may object to such processing at any time for reasons that arise from your specific situation; this also applies to profiling based on these provisions.

We will then cease to process your personal information unless we can demonstrate compelling legitimate grounds for processing such information that outweigh your interests, rights and freedoms, or the processing is intended to assert, exercise or defend legal claims.

If we process your personal data for the purpose of direct marketing, you have the right to object to this data processing at any time without providing the reasons for such objection. This also applies to profiling insofar as it is associated with direct marketing. If you object to the processing for direct marketing, we will no longer process your personal data for such purposes.

Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority.

Intention to transfer data to a third country

A transfer of data to third countries (outside the European Union or the European Economic Area) only takes place if this is necessary for the execution of the underlying relationship or required by law or if you have given us your consent.

We do not (currently) transfer your personal data to any service provider or to affiliates outside the European Economic Area.

Obligation to provide data

Certain personal data needs to be provided in the framework of our contractual/business relationship as such data are necessary for the establishment, execution and termination of the contractual relationship and the fulfilment of the associated contractual and legal obligations. Without the provision of such data, an execution of the above tasks and duties is not possible.

Automated individual decision-making

We do not use any automated decision-making.