Welcome to our supplier portal and thank you for your interest in our company. We take the protection of your personal data very seriously. We process your data in accordance with applicable personal data protection legislation, in particular the GDPR (EU General Data Protection Regulation) and our country-specific implementation laws, which provide comprehensive information about the processing of your personal data by SUSPA GmbH and your rights.
Personal data is any information that makes it possible to identify a natural person. This includes, in particular, your name, date of birth, address, telephone number, email address and IP address. Anonymous data is available if no personal reference to the individual/user can be made.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Responsible body and data protection officer
SUSPA GmbH
Mühlweg 33
D-90518 Altdorf
Germany
Telefon: +49 9187 930 0
info(a)de.suspa.com
www.suspa.com
Contact info of the data protection officer: datenschutz(a)de.suspa.com
Your rights as a data subject
We would first like to notify you of your rights as a data subject. These rights are set out in Articles 15 - 22 GDPR, and include:
- The right of access (Art. 15 GDPR),
- The right to rectification (Art. 16 GDPR),
- The right to data portability (Art. 20 GDPR),
- The right to object to data processing (Art. 21 GDPR),
- The right to erasure / right to be forgotten (Art. 17 GDPR),
- The right to restriction of data processing (Art. 18 GDPR).
To exercise these rights, please contact: datenschutz(a)de.suspa.com. The same applies if you have any questions regarding data processing in our company or when you withdraw your consent. You also have a right of appeal to the relevant data protection supervisory authority.
Right to object
Please note the following with respect to your right to object:
When we process your personal data for the purpose of direct marketing, you have the right to object to this data processing at any time without providing the reasons for such objection. This also applies to profiling insofar as it is associated with direct marketing.
If you object to the processing for direct marketing, we will no longer process your personal data for such purposes. The objection is free of charge and can be made informally, where appropriate to: datenschutz(a)de.suspa.com.
Should we process your data to protect legitimate interests, you may object to such processing at any time for reasons that arise from your specific situation; this also applies to profiling based on these provisions.
We will then cease to process your personal information unless we can demonstrate compelling legitimate grounds for processing such information that outweigh your interests, rights and freedoms, or the processing is intended to assert, exercise or defend legal claims.
Purposes and legal bases of data processing
The processing of your personal data complies with the provisions of the GDPR and all other applicable data protection regulations. Legal bases for data processing arise in particular from Art. 6 GDPR.
We use your data for the following purposes:
- To enable you to send us offers and information in the context of a possibly future business relationship,
- to ensure that our website and the content it contains are presented to you in the most effective and interesting way possible,
- to meet our obligations arising from any contracts concluded between you and us,
- to enable you to participate in interactive offers, if you wish,
- to inform you about changes to our services.
The legal basis for the data processing is Art. 6 Para. 1 lit. b GDPR (pre-contractual measures or contract implementation) or Art. 6 Para. 1 lit. a EU GDPR (consent).
If your consent to data processing is the legal basis, we will clarify the purpose of the data processing and your right of withdrawal before you issue it.
In addition, we process certain data based on our legitimate interest in accordance with Art. 6 Para. 1 lit. f GDPR. In this way, the data that we collect when you visit our portal is used to maintain the functionality of the information made generally available, to control functions on the portal and their general technical functioning, and to analyze the functionalities and page control of the portal. Our concern in the sense of the GDPR is to improve our offer and our portal.
If the data processing is based on a legitimate interest, you have the right to object to this data processing for reasons that arise from your particular situation. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for data processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
Data transfers / Disclosure to third parties
We will only transmit your data to third parties within the scope of given statutory provisions or based on consent. In all other cases, information will not be transferred to third parties unless we are obliged to do so owing to mandatory legal regulations (disclosure to external bodies, including the supervisory authorities or law enforcement authorities).
If we check your economic performance, we may pass your data on to credit agencies or other third parties.
Data recipients / categories of recipients
In our organisation, we ensure that only individuals who are required to process the relevant data to fulfil their contractual and legal obligations are authorised to handle personal data.
In order to process your inquiries, it may be necessary to pass on your data to other companies in the SUSPA Group. These are based on the one hand in the European Union and on the other hand in the following third countries: United Kingdom, USA, India, China.
In many cases, service providers assist our specialist departments to fulfil their tasks.
We transmit certain data to the company Allocation Network GmbH, which makes the supplier portal available to us, hosts it on their servers and provides technical support.
The necessary data protection agreements have been concluded with all service providers and the companies of the SUSPA Group.
Transfers of personal data to third countries
A transfer of data to third countries (outside the European Union or the European Economic Area) shall only take place if necessary to fulfil the contract, required by law or if you have provided your consent for such a transfer.
We possibly transfer your personal data to group companies outside the European Economic Area as follows: United Kingdom, USA, India, China. In such cases, compliance with the level of data protection is ensured by: EU standard contractual clauses.
Period of data storage
We store your data for as long as it is required for the relevant processing purposes. Please note that numerous retention statutory periods require that data must be stored for a specific period of time. This relates in particular to retention obligations for commercial or fiscal purposes (e.g. commercial code, tax code, etc.). The data will be routinely deleted after use unless a further period of retention is required.
We may also retain data if you have given us your permission to do so, or in the event of any legal disputes and we use the evidence within the statutory limitation period, which may be up to 30 years; the standard limitation period is 3 years.
The log files collected when you visit the portal are automatically deleted after 6 months.
If you delete your profile, your data will be deleted from our active systems when you unsubscribe. If your data is currently in a backup, it will be deleted after 4 months.
Secure transfer of data
All information that you transmit to us is stored on servers within the European Union. Unfortunately, the transmission of information via the Internet is not completely secure, which is why we cannot guarantee the security of the data transmitted to our portal via the Internet. However, we secure our portal and the other systems by technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons. In particular, your personal data will be encrypted with us. We use the SSL (Secure Socket Layer) coding system.
Obligation to provide data
A range of personal data is required to establish, implement and terminate the obligation and the fulfilment of the relevant contractual and legal obligations. The same applies to the use of our portal and the various functions we provide.
We would like to point out that to carry out pre-contractual measures, such as registration as a supplier, and to fulfill contracts concluded with you, the collection, processing and use on the basis of Art. 6 Para. 1 lit. b) GDPR including the name of your authorized employee, consumer or entrepreneurial status, address, etc. are required. Without providing this personal data, you cannot use the system.
In certain cases, data must also be collected or made available on the basis of legal provisions. Please note that it is not possible to process your request or to implement the underlying obligation without providing this data.
Data categories, sources and origin of data
When you access our portal, we collect and process the following data:
- Name of Internet Service Provider
- Web browser an operating system used
- The IP address assigned by your Internet service provider
- Requested files, amount of data transferred, downloads / file export
- Information about the websites that you access from us, including the date and time
Your IP address will only be saved for the time you use the website and will then be deleted immediately or anonymized by shortening it.
We process the following data within the portal itself:
- Personal master data such as name, job title and industry affiliation
- Contact and address data such as address, email address, telephone and fax numbers
- Bank details
- Tax data such as tax and / or sales tax ID
- Order data such as type and quantity of goods ordered or services used
- Credit information and terms of payment
- Data due to complaints
- Legitimation and authentication data
- Historical data on the business relationship between you and us and companies associated with us
- Advertising and sales data including target group-specific information
- Data in the context of ongoing contact maintenance or business initiation such as data on the communication that took place, including date and time and purpose
- Copies of the correspondence, provided that it is in writing, by email or by fax
- Other data that you provide to us via the portal
Login / registration as a supplier (Art. 6 Para. 1 lit. a, b EU GDPR)
Login on in the supplier portal and subsequent registration as a supplier are required either to fulfill a contract with you or to carry out pre-contractual measures.
Login
When logging in, the principle of data economy and data avoidance is observed, since only the data required for login are marked accordingly as a mandatory field. These are the e-mail address and the password including password repetition.
By logging into our supplier portal, the IP address of the user, the date and time of the logon are also saved (technical background data). By clicking the "Complete registration" button, you give your consent to the processing of your data.
Please note: The password you assign is stored in encrypted form with us. Employees from our company cannot read this password. Therefore, they cannot give you any information if you have forgotten your password.
In this case, use the "Forgot password" function, which will send you an automatically generated new password by email. No employee is authorized to ask for your password by phone or in writing. Therefore, please never give your password if you receive such requests.
With the completion of the login process, your data is stored with us for the use of the protected supplier area.
Registration as a supplier
After successful login into the supplier portal, you can register as a supplier via the portal and use the functions of the portal. This may require additional data from you in order to e.g. to be able to send requests for offers to you. Here too, the principle of data economy and data avoidance is observed, beacuse we only ask you for the data that we need for further communication with you. You are, of course, free to provide further information in a voluntary manner.
Registered suppliers are free to make changes / corrections to the data they have stored themselves.
Of course, you can also cancel or delete the registration or your customer account at any time.
Automated individual decision.making
We use automated processing to make a decision in the following cases:
As part of the initiation of business relationships, we are entitled - within the scope of what is legally permissible - to examine the risk of payment defaults on the supplier side for the purpose of deciding on the establishment, implementation or termination of the contract.
In this respect, probability values for the future behavior of the supplier are collected and processed. Address data from the supplier and creditworthiness data from credit agencies are also used to calculate these probability values.
Services from credit agencies or other third parties may be used for the check, and data may be transmitted to or requested from you for this purpose.
The collection, processing and use of data for this purpose is based on Art. 6 Para. 1 lit. f) GDPR.
We would like to point out that you have the right under Art. 22 GDPR to object to the automated decision and to request a review by a natural person.
Cookies (Art. 6 Para. 1 lit. f or lit. a in the case of consent)
Our supplier portal uses so-called cookies. These are small text files that are stored on your device using the browser. They do no harm.
On the one hand, cookies are used to provide you with our supplier portal and its functionalities (technically required cookies). For example, authentication of the user during and after the login via cookies. This also identifies pop-up blockers and stores any consent to the setting of cookies. The legal basis for this is Art. 6 Para. 1 lit f GDPR.
Some cookies remain on your device until you delete them. They enable us to recognize your browser the next time you visit.
Most web browsers automatically accept cookies. Of course, you can also deactivate, restrict or delete cookies on your device manually via the settings of your browser or with software support.
Please note: If you deactivate the setting of cookies, you may not be able to use all the functions of our supplier portal to their full extent.
Links to other providers
Our supplier portal also contains clearly identifiable links to the Internet sites of other companies. Although we provide links to websites of other providers, we have no influence on their content, and no guarantee or liability can therefore be assumed for such. The content of these pages is always the responsibility of the respective provider or operator of the pages.
The linked pages were checked at the time of linking for potential legal violations and identifiable infringements. No illegal content was identified at the time of linking. However, a permanent content control of the linked pages is not reasonable without concrete evidence of an infringement and, upon notification of a violation of rights, such links will be promptly removed.