Privacy policy for business partners and third parties


Thank you for visiting our website.

We take the protection of your personal data very seriously and strive to provide you with comprehensive information about the processing of your personal data. The following privacy policy applies to you if you contact us or we contact you, if you enter into contract negotiations with us and/or if there is a contract in place between us and the data of natural persons is processed in that context. The specific legal bases are the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz). Which data is processed in the individual case depends primarily on the agreed services. As a result, not all of this information will be relevant to you.

1. General information

As a rule, the personal data of yours that we collect is obtained directly from you.

However, it may also be necessary to process personal data that we obtain from other companies, authorities, customers, potential claimants or injured parties or opposing parties in the event of legal disputes, etc., or other third parties, such as credit agencies, tax offices and the like. This may include personal data that we obtain through our whistleblower channels about potential compliance violations or in the context of compliance investigations.

If you are the addressee of our public relations work and a related contact, we may also collect your personal data on websites, in contact directories or similar, insofar as your corresponding contact details are published there by you or third parties.<7p>

Relevant personal data may include: personal details (e.g., first name, last name, address and other contact details, date and place of birth and nationality), identification and authentication data (e.g., commercial register excerpts, I.D. data, specimen signature), data within the scope of our business relationship (e.g., payment data, data on orders), creditworthiness data, data on corporate and ownership structure, photos and videos (e.g., with deliveries of goods) and other data comparable to the aforementioned categories.

You may elect to communicate with us by e-mail or mail. For technical reasons, e-mail communications may be unencrypted.

2. "Controller" within the meaning of Article 4(7) GDPR

The controller responsible for data processing within the meaning of Article 4(7) GDPR is the company named in the e-mail signature or in the letterhead or the company with which you are initiating or entertaining a business relationship. Depending on the circumstances, it may be a joint controller with one or more other Schwarz Group companies. Information on the existence and further details of joint controllership can be obtained via the contact details of the data protection officer / coordinator below.

3. Purposes and legal bases of processing

a) Visiting this website

When you visit this website, log files are generated with the following content:

  • The website from which you access our site.
  • The IP address.
  • The date and time of access.
  • The client’s request.
  • The http response code.
  • The amount of data transferred.
  • Information about the browser you are using and the operating system you are using.

Recipients/categories of recipients

The log files are stored exclusively to protect our systems and to prevent abusive or fraudulent behavior each time a user accesses this website and each time a file is accessed by us and sometimes by third parties about this process.

Storage period/criteria for determining the storage period:

The storage period is 7 days.

b) For the performance of contractual obligations (Article 6(1)(b) GDPR)
The purposes of processing follow from the need to take steps prior to entering into a contract, in advance of a contractual business relationship and to perform obligations under an existing contract.

c) For compliance with a legal obligation (Article 6(1)(c) GDPR)
The purposes of processing follow from statutory requirements in the individual case. Such legal obligations include, e.g., complying with retention and identification obligations, e.g., in the context of anti-money laundering requirements, tax monitoring and reporting requirements and data processing in the context of requests from authorities.

d) For the purposes of legitimate interests (Article 6(1)(f) GDPR)
It may be necessary to process your personal data beyond the actual performance of the contract. Legitimate interests in this case include, in particular, selecting suitable business partners, research on potential business partners e.g. to ensure compliance requirements and the like, asserting legal claims, defending against liability claims, avoidance of legal risks and economic disadvantages (also for third parties), protecting our IT infrastructure, managing system access authorizations, physical and data access controls, other internal administrative purposes (such as optimizing processes and workflows, ensuring data quality), if you were previously willing to participate, the sending of the invitation email for giving feedback to your contact person in the Schwarz Group, if necessary, obtaining feedback from our employees on the services provided by you (e.g. training and seminars), conducting and facilitating communication (e.g. web meetings, telephone, etc.) and facilitating communication and contact via our Group-wide user directory, implementation of public relations work, clarifying potential compliance violations, preventing crimes and settling claims arising out of the business relationship.

At the time of contracting, we occasionally obtain data on your credit history from credit agencies to serve the aforementioned legitimate interests. We use the credit history information from the credit agencies to assess your creditworthiness. Credit agencies store data that they receive from banks or companies, for example. Such data includes in particular last name, first name, date of birth, address and information on payment history. Information on the data stored about you can be obtained directly from the credit agencies.

If you accept our offer of contract by means of digital signature (e.g., Adobe Sign), we process your data, such as in particular e-mail address, IP address as well as the time and date of any modifications you make to the respective contract document, for instance when you approved, displayed or digitally signed it. We have a legitimate interest in ensuring that the process for signing contracts digitally is fast and efficient and that the signing process can be logged for verification purposes. Certain contracts may also be signed using a so-called qualified electronic signature. In this case we also process the certificate data associate with your signature in addition to the aforementioned data. We have a legitimate interest in being able to verify whether you are able to provide a valid qualified electronic signature serving to replace any written form prescribed by statute. To use a qualified electronic signature, you must independently register with a trust service provider (e.g., D-TRUST/Bundesdruckerei). When you register, the respective provider will process your data under its own responsibility and not on our behalf, however.

In order to check for marketing purposes whether products from other Schwarz Group companies are also of interest to you, they may be given access to your contact details.

In addition, we occasionally process personal data to document important historical milestones and events in the development of the companies in the Schwarz Group to create a company chronicle.

Furthermore, we process your personal data in the context of legal disputes, insurance claims and similar circumstances in which you are directly or indirectly involved, e.g. as a lawyer, expert, treating doctor or health insurance company of possible claimants or injured parties or opposing parties.

If you are the addressee of our public relations work and a related contact, e.g. due to your activity as a journalist, press representative, politician or similar, we process your personal data as part of the associated communication. The purpose is to contact you for the purpose of sending press articles, information on Schwarz Group companies or similar and, if necessary, to exchange technical information with you on related issues.

4. Who receives the personal data you provide to us?

Within our company, access to the data provided by you will be granted to those departments that require such data for the purposes of performing contractual obligations, complying with legal obligations or serving legitimate interests. In the context of the contractual relationships, to fulfill legal obligations and to protect legitimate interests also processors or service providers may be given access to your personal data. Such as, in particular, service providers who support us in improving our data quality. Their compliance with data protection requirements is ensured by contractual agreement.

In addition, the data may be transferred to Schwarz Group companies for purposes of performing contractual obligations or legitimate interests (e.g. marketing purposes.

In the case of contracts executed by digital signature, your data is also accessible to all persons involved in the approval and signing of the contract, as they receive a log after the contract has been signed indicating all processing steps, including e-mail address, IP address, date and time. Your data may also be accessible to the respective service providers that we use for the relevant digital signature procedure. In the case of Adobe Sign, this would be Adobe Systems Software Ireland Limited, 4-6 Riverwalk, City West, Business Campus, Saggart D24, Dublin, Ireland. If a qualified electronic signature is used to execute digital contracts, your data will also be accessible to D-Trust GmbH, Kommandantenstraße 18, 10969 Berlin, Germany, which is the provider responsible for checking the validity of the signature.

5. For how long will the data be stored?

The personal data will be stored for as long as necessary for fulfilling the above-mentioned purposes. Particularly relevant in this context are the statutory retention obligations under the German Commercial Code (Handelsgesetzbuch – HGB) and the German Fiscal Code (Abgabenordnung – AO), which provide for retention periods of up to 12 years.

Data in the company history is stored permanently insofar as it is still relevant to the company's history.

6. Are you obligated to provide the data?

Within the scope of our business relationship, you must provide us with the personal data needed to commence, execute and terminate a business relationship and to perform the obligations associated therewith, which we are legally obligated to collect or are entitled to collect on the basis of legitimate interests. Without such data, we would generally not be able to enter into a business relationship with you.

7. Is data transferred to third countries?

If we transfer personal data to recipients outside the European Economic Area (EEA), the transfer will only take place if an adequate level of data protection has been confirmed for that third country by the European Commission, if an adequate level of data protection has been agreed with the data recipient (e.g., by means of EU standard contractual clauses) or if we have received your consent.

8. Your rights as the data subject

Under Article 15(1) GDPR, you have the right to obtain information, free of charge, on the personal data stored about you.

If the statutory requirements are met, you also have a right to rectification (Article 16 GDPR), erasure (Article 17 GDPR) and restriction of processing (Article 18 GDPR) of your personal data.

If the basis of processing is Article 6(1)(e) or (f) GDPR, you have a right to object under Article 21 GDPR. If you object to processing, your data will no longer be processed thereafter, unless the controller demonstrates compelling legitimate grounds for the processing which override the interests of the data subject in the objection.

If you have provided the processed data yourself, you have a right to data portability under Article 20 GDPR.

If the data processing is carried out on the basis of consent granted under Article 6(1)(a) or Article 9(2)(a) GDPR, you may revoke that consent at any time with effect for the future without this affecting the lawfulness of the previous processing.

In the above-mentioned cases, or if you have questions or complaints, please write to or e-mail the data protection officer (see no. 9).

You also have a right to lodge a complaint with a data protection supervisory authority. The data protection supervisory authority located in the state in which you live or where the controller is domiciled has jurisdiction.

9. Data protection officer/coordinator

For further questions concerning the processing of your data or the exercise of your rights, please contact the data protection officer/coordinator of the respective controller.

Schwarz Corporate Solutions KG
Data protection officer/coordinator
Stiftsbergstraße 1
74172 Neckarsulm

E-Mail: datenschutz@mail.schwarz

10. Further information

Depending on the specific nature of your relationship with us, additional information on data protection and privacy is available at the links below: