Information on data processing
In accordance with the requirements of Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR), we would like to inform you about the processing of your personal data and your rights under the GDPR
Who is responsible for the data processing?
The controller in accordance with data protection is:
THEVA Dünnschichttechnik GmbH
You can find further information concerning our company, the persons with power of representation, and our contact options on our website: www.theva.de
What data relating to you is processed by us? And for what purposes?
We process your personal data insofar as this is necessary for establishing and fulfilling a contract with you. This includes general data about you or persons in your company (name, address, contact details, etc.) as well as, if applicable, further data that you provide to us in the context of the contract. In addition, communication data is processed in case you contact us via telephone or e-mail. The data we process depends on your requested or the agreed upon services.
Where is the data processed?
The data is generally processed on IT systems on our premises.
The processing of your data takes place in Germany or within the European Union or the states of the European Economic Area. Processing in other countries is only permitted insofar as an adequacy decision of the EU Commission pursuant to Art. 45 (3) GDPR is available or an adequate level of data protection is ensured by other suitable guarantees within the meaning of Art. 46 (2) GDPR.
What is the legal basis for this?
The legal basis for the processing of personal data is generally Art. 6 GDPR, unless more specific legal regulations are applicable. In such a case, the following options are present:
When personal data is required for establishing or fulfilling contractual obligation, the processing is based on Art. 6 (1) lit. b GDPR.
In addition to that, data processing can also take place based on Art. 6 (1) lit. f GDPR. In these cases, processing is necessary for the purposes of the legitimate interests pursued by us or by a third party.
Processing may also be necessary for compliance with a legal obligation to which we are subject. The legal basis in this case is Art. 6 (1) lit. c GDPR.
If you give us consent to process personal data for specific purposes, the data processing is based on Art. 6 (1) lit. a GDPR.
How long will your data be processed and stored?
We process your personal data as long as this is necessary for our business relationship or for the fulfilment of contractual obligations. In addition, we are subject to various legal obligations, for example the German Commercial Code and the German Fiscal Code.
Finally, the storage period also depends on the limitation periods according to Division 5 of the German Civil Code.
Due to internal and organizational considerations data in backups may still be available for a longer period of time.
To which recipients is the data passed on?
We only pass on your personal data within our company to those areas and persons who need this data to fulfil contractual and legal obligations or for purposes of our legitimate interest.
Your personal data is also processed on our behalf by service providers based on Art. 28 GDPR. In these cases, we ensure that the processing of personal data is carried out in accordance with the provisions of the General Data Protection Regulation.
Under these conditions, recipients of personal data may include:
• Internet providers, hosting and telephone services
• Providers of accounting/billing software
• IT service providers and service providers tasked with facility management
• Service providers and software in the field of web design and marketing
• Providers of office applications, server/operating systems and cloud storage
• Providers of monitoring systems
• Providers of EPR und CRM systems.
Where does the data originate from?
We process personal data that we have received from you.
Your rights as a „data subject“
You have the right pursuant to Art. 15 GDPR to obtain information about your personal data processed by us. According to Art. 16 GDPR you have the right to obtain the rectification of inaccurate personal data without undue delay or the completion of your personal data stored with us. You have the right pursuant to Art. 17 GDPR to obtain the erasure of your personal data stored with us and pursuant to Art. 18 GDPR you have the right to obtain the restriction of the processing of your personal data.
Pursuant to Art. 20 GDPR you have the right to receive your personal data that you have provided to us, in a structured, commonly used and machine-readable format or to obtain the transmission to another data controller.
When your data is processed based on Art. 6 (1) lit. f GDPR, you have the right to objected to processing pursuant to Art. 21 GDPR.
According to Art. 7 (3) GDPR you have the right to withdraw the consent given to us at any time. This means that in future we may no longer continue to process the data as based on this consent.
To exercise your rights, please contact our data protection officer. He is listed below.
You also have the right pursuant to Art. 77 GDPR to lodge a complaint with a supervisory authority. The address of the data protection supervisory authority which has jurisdiction over us is:
Data Protection Authority of Bavaria:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Our data protection officer
We have appointed a data protection officer at our company. You can contact him or her via the following address: