Privacy Policy for Business Partners

How we use your data and your rights as a data subject

Information on the implementation of the European General Data Protection Regulation (GDPR)

1. Who is responsible for the processing of data and what is the contact information of the data protection officer?

The responsible party is the respective employer of the group's companies. (GfE Metalle und Materialien GmbH, GfE Fremat GmbH):

GfE Gesellschaft für Elektrometallurgie mbH

Höfener Str. 45
90431 Nürnberg, Germany
Phone: +49 (911) 9315-91
Fax: +49 (911) 9315-489

Data protection officer – contact information:

Martin Kühnlein
Kammerbauer Kühnlein Kraus Orth Rechtsanwälte PartmbB

Bucher Str. 79a, 90419 Nürnberg

Tel.: +49 911 13 13 49 0
Fax: +49 911 13 13 49 90


2. Which source and data do we use?

We process only the data we obtain in the course of our business relations with you. The data are provided directly by you. We process the following data:  

  • Master data on your contract (e.g., name, address)
  • data relevant for tax purposes 
  • bank information (BIC/IBAN)
  • data necessary for the implementation of contractual relationships (powers of attorney)

3. For what purpose and on what legal basis will my data be processed?

We process your personal data in compliance with the relevant data protection provisions of the European General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), and any other applicable laws (e.g., BetrVG, AGG). a. To fulfill contractual obligations (Art. 6 para. 1 lit. b GDPR) We process your data to implement our contracts with you. The purposes of the data processing depend on the contractual bases. b. In the context of a balancing of interests (Art. 6 para. 1 lit. f GDPR) In individual cases, we process your data to protect our legitimate interests or those of third parties (e.g., authorities). This applies in particular to the investigation of criminal offenses (legal basis Art. 6 para. 1 lit. f GDPR in conjunction with § 26 para. 1 sentence 2 BDSG) or the exchange of data within the company group for administrative purposes. c. On the basis of your consent (Art. 6 para. 1 lit. a GDPR) If you have given us your consent to the processing of personal data, such consent is the legal basis for the processing specified therein. You can revoke your consent at any time with effect for the future. This also applies to declarations of consent that you gave us before the GDPR came into force, i.e., before May 25, 2018. The revocation shall only be effective for the future. d. Due to legal requirements (Art. 6 para. 1 lit. c GDPR) We are subject to various legal obligations, i.e., statutory requirements. Insofar as special categories of personal data pursuant to Art. 9 para. 1 GDPR are processed, this serves to exercise rights or fulfill legal obligations, social security law, and social protection. 

4. Who receives my data?

Within our company, only persons and departments who need your personal data for the fulfillment of our contractual and legal obligations will receive it.  Your data will be transferred within our company group, your data will be transferred when a company of the group performs data processing tasks centrally for the companies affiliated in the group. In addition, the following parties may receive your data: Processors appointed by us in accordance with Art. 28 GDPR, in particular in the area of IT services, credit checks, logistics, and printing services, who process your data on our behalf and in accordance with our instructions.

5. How long will my data be stored?

We will destroy your personal data as soon as they are no longer required for the fulfillment of our contractual relationship. If necessary, we process your personal data for the duration of our business relations, which also includes the initiation and execution of a contract. In addition, we are subject to various storage and documentation obligations (e.g., HBG (Commercial Code), BGB (German Civil Code)). The terms specified therein for storage and documentation are up to ten years, but in some cases also up to thirty years.

6. Are you obligated to provide your data?

As part of our business relationship, you must provide the personal information we are legally required to collect or which is necessary to establish and conduct a business relationship and to fulfill the contractual obligations associated therewith. Without this data, we may have to refuse the conclusion of the contract or the execution of the order or will no longer be able to perform an existing contract and may have to terminate it. 

7. Would you like to lodge a complaint about the way your data is handled? 

In that case, you have the option of contacting our data protection officer or a data protection supervisory authority. The competent data protection supervisory authority is: Bavarian Commissioner for Data Protection and Freedom of Information (Landesbeauftragte für Datenschutz und Informationsfreiheit Bayern), Wagmüllerstr. 18, 80538 Munich, Germany

8. What data protection rights do I have?

Under the respective legal requirements of the GDPR, valid as of 5/25/2018, you have the right to rectification, erasure, restriction of processing, and data portability of your personal data. You also have the right to lodge a complaint with a data protection supervisory authority. You have the right to object to the processing of your personal data for purposes of direct advertising at any time without stating reasons (right to object).  You have the right to request information from us at any time about the data stored about your person (right of access).   If we process your data to protect legitimate interests, you may object to this processing for reasons arising from your particular situation.  We will then no longer process your personal data unless we can prove that there are compelling reasons worthy of protection for the processing that outweigh your interests, rights, and freedoms, or that the processing serves the assertion, exercise, or defense of legal claims.