The personal data referred to according to article 4 lit. 1 DS-GVO is all data that refer to you as a person or could be referred to you especially by means of names or organisational and customer code which allows an individual to be identified.
We provide this privacy statement to business partners (“Notice”) to act as the controller of the data processing processes related to our suppliers, customers and business partners (collectively “Business Partners”) and their employees associated with Craemer.
Scope: This Notice applies to you if you are a Business Partner of Craemer as an individual (e.g., a consultant or sole entrepreneur) or if you are an employee of a Business Partner who interacts with Craemer on such Business Partner's behalf.
Craemer processes the following categories of personal data about you from you or from authorized third parties (e.g., your supervisor, public authorities or public resources):
Your personal data is processed for purposes of performing the contractual relationship with the Business Partner (including fulfilling the contractual obligations, invoice processing, communication, and legal and compliance activities), for purposes of marketing and CRM activities, and for security and fraud prevention activities.
Craemer relies on the following legal grounds for such processing activities:
The provision of personal data is necessary for the conclusion and/or performance of the Business Partner contract, and is voluntary. However, if you do not provide personal data, the affected Business Partner management and administration processes might be delayed or impossible.
Craemer may engage service providers, acting as processors, in order to provide IT and other administrative support (e.g., service providers who provide account payable support or IT hosting and maintenance support). Those service providers may have access to your personal data to the extent necessary to provide such services.
Furthermore, Craemer may transfer your personal data to its parent entity, in the US for purposes of assisting its affiliates as a processor with the operation of information systems for management and analysis of customer relationships and interactions and related general IT support.
By way of entering into appropriate data transfer agreements based on Standard Contractual Clauses, which are accessible at www.craemer.com or taking other measures to provide an adequate level of data protection, we have established that will provide an adequate level of data protection.
Any access to your personal data is restricted to those individuals that have a need to know in order to fulfill their job responsibilities.
Craemer will store the personal data of our prospective customers for up to 12 months, subject to your prior objection. Further contacts or events may extend this retention period accordingly, e.g. contract or business initiations. As soon as Craemer no longer needs the data to fulfil its contractual or legal obligations, it will be removed from our systems and records and/or measures will be taken to make your personal data anonymous in a proper manner so that it can no longer be identified, unless we need to use your personal data to comply with legal or regulatory obligations to which Craemer is subject, e.g. For example, we may be required by law to retain your personal data for a period of between 6 and 10 years, including, but not limited to, the commercial or tax law, or we may be required to retain evidence within the limitation period, which is normally 3 years, but may last up to 30 years.
If you have declared your consent regarding certain types of processing activities, you can withdraw this consent at any time with future effect. Such a withdrawal will not affect the lawfulness of the processing prior to the consent withdrawal.
Pursuant to applicable data protection law you may have the right to: 1) request access to your personal data; 2) request rectification of your personal data; 3) request erasure of your personal data; 4) request restriction of processing of your personal data; 5) request data portability; 6) object to the processing of your personal data. Please note that these aforementioned rights might be limited under the applicable national data protection law.
To exercise your rights please contact us as stated in the "Questions" section below.
You also have the right to lodge a complaint with the competent data protection supervisory authority.
You have the right to object on grounds relating to your particular situation, at any time to the processing of your personal data concerning you, which is based on Art. 6 (1) lit. e and f GDPR and we can be required to no longer process your personal data.
As Craemer processes and uses your personal data primarily for purposes of carrying out the contractual relationship with the Business Partner, Craemer will in principle have a legitimate interest for the processing which will override your objection request, unless the restriction request relates to marketing activities.
Company does not engage in automated decision-making.
If you have any questions about this Notice or your rights, please contact datenschutz(at)craemer.com
Craemer's data protection officer can be contacted at