With the following information we would like to give you an overview of the personal data processed by us and inform you about your rights under data protection laws.
SAS Autosystemtechnik GmbH & Co. KG
SAS Autosystemtechnik Verwaltungs GmbH
76187 Karlsruhe, Germany
Phone: +49 721 35055-0
Telefax: +49 721 35055-8000
Data Protection Officer: E-mail to dataprotectionsas-automotive.com or to our postal address with the addition "Data Protection Officer".
We process personal data which we have obtained from business relationships (e.g. customers or suppliers) or inquiries to our company. As a rule, we receive this data directly from a contractual partner or an inquiring person. However, personal data can also come from public sources (e.g. commercial register), provided that the processing of this data is permissible. Data from other companies may also have been transmitted to us in a permissible manner. Depending on the individual case, we also store our own information on this data (e.g. as part of an ongoing business relationship).
Depending on the individual case, this may involve master data (e.g. name, address), contact data (e.g. telephone number, e-mail address), contract and billing data to fulfil our contractual obligations or data required to process an enquiry, including creditworthiness data, advertising and sales data and other data from comparable categories.
We process personal data in compliance with data protection laws, in particular the Data Protection Basic Regulation (GDPR) and the Federal Data Protection Act (BDSG).
a.) In order to fulfil a contract or implement pre-contractual measures (Art. 6(1) sentence 1 (b) GDPR)
b.) In order to fulfil a legal obligation (Art. 6(1) sentence 1 (c) GDPR)
For example, we provide the tax authorities with the personal data they need to calculate taxes in accordance with the relevant legal requirements.
c.) In the context of balancing interests (Art. 6(1) sentence 1 (f) GDPR)
- Processing of general inquiries about our products and services
- Checking creditworthiness via credit bureaus to assess default risk in business relationships
- Advertising or market research
- Assertion of legal claims and defense in legal disputes
- Ensuring IT operations and security
- Measures for building and system security (e.g. access authorizations)
- Measures to improve our internal business processes and product optimization
d.) On the basis of consent (Art. 6(1) sentence 1 (a) GDPR)
This is the case, for example, with
- in some situations of advertising (existence of an advertising consent, if required by law)
In general, our company only grants access to your data to entities which must work with your data ("need-to-know principle"), i.e. access to this data for the fulfilment of a contractual or legal obligation. This can also include service providers and vicarious agents who act on behalf of the company and/or who are obliged to process the data confidentially.
In certain situations, we transfer your data to
- public authorities (e.g. tax authorities) where a legal obligation exists
- other companies within the framework of the execution of the contractual relationship, within the framework of a weighing of interests or on the basis of your consent. In individual cases, depending on the business relationship or order, these may be companies, logistics partners, marketing service providers, credit agencies, banks, tax consultants or lawyers involved in the provision of our services.
We transfer personal data to other locations in countries outside the European Union (third country), insofar as it is necessary to carry out the business relationship, it is required by law or you have given us your consent to do so.
We use or reserve the right to use service providers in certain situations who may either be located in a third country or who may in turn be located in a third country.
According to Art. 45 GDPR, a transfer of data to a third country is permissible if the European Commission has decided that an adequate level of protection exists in a third country. In the absence of such a decision, data may be transferred to a third country if the data controller has provided appropriate safeguards (e.g. standard data protection clauses issued by the European Commission) and enforceable rights and effective remedies are available to the data subject (Art. 46 GDPR).
In principle, we only cooperate with bodies in a third country that fulfil the criteria listed.
We process and store your personal data for as long as it is necessary to fulfil our contractual and legal obligations. If the storage of personal data is no longer necessary for the fulfilment of these obligations, it will be deleted, unless there are legal obligations to retain such data, such as commercial and fiscal obligations under the German Tax Code and the German Commercial Code (6 or 10 years) and for the preservation of evidence within the framework of statutory statute of limitations.
You have the following rights against us with regard to your personal data:
- Right of access
- Right of rectification or deletion
- Right to limitation of processing
- Right to object to the processing
- Right to data transferability.
You also have the right to lodge a complaint with a supervisory authority about the processing of your personal data by us. However, you also have the option of contacting our company data protection officer (also confidentially). If you have given us your consent (Art. 6(1) sentence 1 (a) GDPR), you can revoke it at any time with effect for the future. If we base the processing of your personal data on a weighing of interests (Art. 6(1) sentence 1 (f) GDPR), you may object to the processing. In the event of such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either discontinue or adapt the data processing or point out our compelling reasons worthy of protection on the basis of which we will continue the processing. You can object to the processing of your personal data for advertising purposes at any time.
Within the framework of the execution or initiation of a contract, you must provide the personal data necessary for the performance of the contract or the implementation of pre-contractual measures and the associated obligations. Furthermore, you must provide the personal data that we are legally obliged to collect. We will not be able to conclude or fulfil a contract with you without the provision of this data.
In cases of data collection on the basis of consent, the provision of data by you is voluntary and not mandatory. However, if you do not consent, we will not be able to provide the services based on consent data processing. You can revoke your consent at any time with effect for the future, even after it has been granted.