Data protection information on the use of the self-service portal (partnerportal)

General Data Protection Information for the Use of the Website

1. Who is responsible for data processing and who can I contact?

SARIA A/S GmbH & Co. KG
Norbert-Rethmann-Platz 1
59379 Selm

You can contact our data protection officer at:
Data Protection Officer
Norbert-Rethmann-Platz 1
59379 Selm
Email: saria.datenschutz@saria.de

2. For what purpose do we process your data and on what legal basis is the processing based?

We process personal data in compliance with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and all other relevant laws. Your personal data will be processed in accordance with the following legal bases:
Fulfilment of a contract (Art. 6 para. 1 lit. b GDPR)We process your personal data within the scope of the business relationship primarily for the purpose of fulfilling the contract concluded with you. We therefore enable you to manage all business-related documents centrally and without time restrictions via the partner portal. Protection of our legitimate interests (Art. 6 para. 1 lit. f GDPR)Where necessary, we also process your data on the basis of Art. 6 para. 1 lit. f GDPR in order to pursue our legitimate interest in making our service for you as an business partner and for us as the controller as secure and efficient as possible by means of the partner portal. In the context of ever-increasing digitalisation, it is important to us as a company to be able to offer as many processes as possible to our business partners in digital form and thus at any time. In addition, we pursue the goal of enabling the rapid processing of enquiries and thus improving customer satisfaction and partner loyalty.

3. What data do we process about you?

The data stored about you within the self-service portal includes the following: • Personal master data (surname, first name)• Contact and communication data (email address, company address, telephone number)• Customer and supplier data (order and purchase history, contractual information, communication history in the context of service requests)• IT system-specific data (user profiles, any content, usage, function and service-generated data)• Customer history (order history, enquiries) • Billing and payment data (invoice information, reminder data)• Login data (user name, password)

4. Who receives your personal data?

Your personal data is protected from unauthorised access by extensive technical and organisational measures. Authorisation concepts ensure that only the responsible departments have access to your data, which they require to provide the portal and process your enquiries. We use various external providers for the technical implementation and operation of the portal and for processing service requests in connection with the technical function of the portal. These providers act as service providers on our behalf and may also gain knowledge of your personal data in connection with the maintenance and servicing of the systems. We have concluded a corresponding data processing agreement with these providers to ensure that data processing is carried out in a permissible manner. Beyond this, your data will not be passed on to third parties.

5. How long will your data be stored?

We delete the personal data processed in connection with your account as soon as it is no longer required for the purposes for which it was processed and provided that there are no legal retention periods to the contrary. As a rule, your personal data will be stored for as long as you use the portal and until the business relationship has ended. In addition, you have the option of continuing to access the portal and the data it contains for one year. After 24 months, your account, including the data it contains, will be completely deleted. You also have the option of deleting your user account at any time. You can submit your deletion request at any time via the enquiry section.

6. Is there an obligation to provide your data?

There is generally no obligation to provide your data. If you do not wish to use the portal, you can continue to follow the usual process.

7. Does profiling or automated decision-making take place?

Your data will not be processed for the purpose of automatically evaluating certain personal aspects. Should we wish to use these procedures in individual cases, you will be informed separately about this process and your rights in this regard, provided that this is required by law.

8. Your rights as a data subject

In addition to the above-mentioned aspects, data protection law grants further far-reaching rights to data subject.
These include in particular:

• Right to transparent and understandable information:
Regardless of whether your personal data is obtained directly from you or from a third party, you have the extensive right to be informed about the modalities of the data processing concerning you before the processing takes place (Articles 12-14 GDPR).

• Right to information:
Upon request, we will inform you in writing or electronically whether and which data relating to you is stored by us (Art. 15 GDPR).

• Right to rectification:
You have the right to obtain from the controller rectification and/or completion of your personal data if the personal data processed concerning you is inaccurate or incomplete (Art. 16 GDPR).

• Right to erasure:
You may request that the controller delete your personal data immediately (Art. 17 GDPR).

• Right to restriction of processing:
You have the right to request the restriction of processing (Art. 18 GDPR).

• Right to data portability:
You have the right to receive the personal data concerning you in a machine-readable format (Art. 20 GDPR).