Data protection information for business partners

Our handling of your data and your rights

Information on the implementation of the European Data Protection Basic Regulation (DSGVO)

1. Who is responsible for data processing and who can I contact?

The accountable department for data processing:

bill-X GmbH
Liebigstraße 29
D-49074 Osnabrück
Telefon: +49 541 71008-0

You can reach our data protection officher as follows:

Markus Kreder
TMD Secure GmbH
Lannertstraße 22
D-41189 Mönchengladbach
Telefon: +49 2166 1359897
Fax: +49 2166 1359899

What sources and data do we use?

We process data which we receive directly from you within the framework of the business relationship. This
includes the following data:

3. For what purposes an on what legal basis will my data be processed?

We process your personal data in accordance to the regulations of the DSGVO, the BDSG (Federal Data Protection Act) and all other relevant laws.

3.1 Based on your consent (Art. 6 para. 1 a DSGVO)

Provided your given consent of processing personal data, the respective consent is the legal basis for the processing mentioned there.

You can revoke your consent at any time with effect for the future. This also applies to declarations of consent which you gave us before the DSGVO came into force, i.e. before 25 May 2018. The revocation will only take effect in the future.

3.2 In order to fulfil pro-contractual obligations (Art. 6 para. 1 b DSGVO)

Wir verarbeiten Ihre Daten zur Durchführung unserer Verträge oder vorvertraglichen Maßnahmen mit Ihnen. Die Zwecke der Datenverarbeitung sind in den jeweiligen Vertragsgrundlagen im Einzelnen definiert und vereinbart.

3.3 Based on legal requirements (Art. 6 para. 1 c DSGVO)

We are subject to various legal obligations, i.e. legal requirements.

3.4 As part of the balancing of interests (Art. 6 para. 1 f DSGVO)

In individual cases, we process your data beyond the actual fulfilment of the contract in order to protect
legitimate interests of us or third parties (e.g. authorities). Examples include the exchange of data for
administrative purposes, ensuring the IT security and IT operation of our company, measures for building and
plant security (e.g. access controls) or the prevention and investigation of criminal offences.

Who receives my data?

Within our company, only those persons and departments receive your personal data that need it to fulfil our contractual and legal obligations. Contract processors employed by us may also receive your data, who process your data for us in accordance with your instructions.

5. How long will my data be stored?

If necessary, we process your personal data for the duration of our business relations, which also includes the initiation and execution of a contract.

In addition, we are subject to various storage and documentation obligations, which result from the German Commercial Code (HGB), the German Civil Code (BGB), the German Fiscal Code (AO), among others. The periods of retention or documentation stipulated there are up to ten years, but in certain cases also up to thirty years.

6. Will my data be transferred to a third country?

A transfer of data to third countries (countries outside the European Economic Area) will only take place if this is necessary or legally required within the framework of the fulfilment of the contract or if you have given us your consent.

7. Is there an obligation for me to provide data?

Within the scope of our business relationship, you only need to provide us with the personal data that is necessary for the establishment, execution and termination of a business relationship and the fulfilment of the associated contractual obligations or that we are legally obliged to collect. Without this data, we will generally have to refuse to conclude the contract or execute the order or will no longer be able to execute an existing contract and may have to terminate it.

8. What data protection rights do I have?

Every data subject has the right of access in accordance with Art. 5 DSGVO, the right of rectification in accordance with Art. 16 DSGVO, the right of deletion in accordance with Art. 17 DSGVO, the right to restrict processing in accordance with Art. 18 DSGVO and the right to data transferability in accordance with Art. 20 DSGVO. In the case of the right of information and the right of deletion, the restrictions pursuant to Sections 34 and 35 of the Federal Data Protection Act apply.

If we process your data to protect legitimate interests, you may object to this processing for reasons arising from your particular situation (right of objection). If you object, we will no longer process your personal data, unless we can prove compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 DSGVO in conjunction with Section 19 BDSG). You also have the possibility to contact us directly or our data protection officer. The data protection authority with jurisdiction over us is:

State comissioner for data protection Lower Saxony
Prinzenstraße 5
D-30159 Hannover