Privacy Notice for Suppliers and Business Partners

Information about the handling of personal data

With the following information, we would like to give you an overview of how we process your personal data and your rights arising from this. Which data is processed in detail and how it is used depends largely on the services ordered. Therefore, not all statements contained herein apply to you.

The Controller within the meaning of the GDPR is:

Neil D’Souza

Makersite GmbH

Königstraße 43 b

70173 Stuttgart

Germany

E-mail : [email protected]

You can contact the Data Protection Officer of the Controller at:

Jörg ter Beek

Cortina Consult GmbH

Hafenweg 24

48155 Münster

Germany

E-mail : [email protected]

Type of personal data collected

We process your data that we receive from you or third parties in the context of business relationships. This is usually contact data (name, address, telephone number and email address) and – if necessary in the context of business transactions – bank and payment (traffic) data (bank, account details, intended use, information from publicly available sources, information databases and information services (e.g. Internet, commercial register, credit agency) as well as other data that you voluntarily provide to us in the context of the processing of a project or a contractual relationship or in the context of the initiation of a contract.

We process your personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG):

We process your data for the following purposes and on the following legal basis

To fulfill contractual obligations (Article 6, Paragraph 1, Sentence 1 , Letter b of GDPR)

The processing of data takes place:

• for contract initiation, contract execution and termination of contractual relationships, e.g. preparation of offers, order processing, fulfillment of a contract (such as delivery or provision of a service) and payment processing
• for general communication with business partners, e.g. answering inquiries about products and services, contract negotiations, etc.

Due to legal requirements (Article 6, Paragraph 1, Sentence 1 , Letter c of GDPR)

We are subject to various legal obligations that entail data processing. These include, for example:

• to fulfill reporting or information obligations to authorities
• commercial or tax retention obligations
• Requests and requirements from regulatory or law enforcement authorities.

In addition, the disclosure of personal data may be necessary in the context of official/judicial measures for the purposes of gathering evidence, criminal prosecution or in the context of legal disputes.

Based on consent given (Article 6, Paragraph 1, Sentence 1 , Letter a of GDPR)

For example, to send newsletters or information letters.

Based on a legitimate interest (Article 6, Paragraph 1, Sentence 1, Letter f of GDPR)

If necessary, we will process your data beyond the actual fulfillment of the contract

• To maintain business relationships with existing customers, suppliers and business partners, including (direct) marketing, newsletters for product information
• Managing business contacts in our contact database
• to protect the legitimate interests of us or third parties, e.g. to assert legal claims and defend ourselves in legal disputes
• to implement IT security measures or measures to ensure proper business operations.
• to ensure compliance requirements
• as part of internal auditing, if this is necessary for the regular or ad hoc internal audit and consulting activities that we carry out to evaluate and improve our effectiveness
• to enforce or defend civil law claims.

Recipients or categories of recipients of personal data?

Inside our organisation

Employees within Makersite will process your data for contact with you and contractual cooperation (including the fulfillment of pre-contractual measures)

In the context of order processing

Your data may be passed on to service providers who act as data processors for us. Data processing agreements have been concluded with these service providers to ensure the protection of your personal data.

Other third parties

Data will only be passed on to recipients outside of our company in compliance with the applicable data protection regulations. Recipients of personal data may be, for example:

• Public bodies and institutions (e.g. financial or law enforcement authorities) if there is a legal or official obligation
• credit and financial service providers (processing payment transactions)
• Tax consultants or business and wage tax and business auditors (legal audit mandate), etc.

Transfer of data to a third country or to an international organization

As a general rule, your data will only be processed within the European Union and countries within the European Economic Area (EEA). If necessary, we will transfer your personal data to our companies within our group of companies if this is required to fulfil the purposes stated above.

Duration of storage

We process and store your personal data as long as this is necessary to fulfill our contractual and legal obligations. If the data is no longer required to fulfill contractual or legal obligations, it is regularly deleted. A different storage period may apply if you consented to this when the data was collected.

Exceptions arise,

• if statutory retention periods are to be fulfilled, e.g. the German Commercial Code (HGB) and the German Fiscal Code (AO). The retention and documentation periods specified there are usually six to ten years;
• to preserve evidence within the framework of the statutory limitation periods. According to §§ 195 ff of the German Civil Code (BGB), these limitation periods can be up to 30 years, with the regular limitation period being 3 years.

If the data processing is carried out in the legitimate interest of us or a third party, the personal data will be deleted as soon as this interest no longer exists. The exceptions mentioned above apply here.

Rights of the data subject

You have the right of access according to Article 15 GDPR, the right to rectification according to Article 16 GDPR, the right to erasure (right to be forgotten) according to Article 17 GDPR, the right to restriction of processing according to Article 18 GDPR, the right to object to the processing of your personal data according to Article 21 GDPR with effect for the future and the right to data portability according to Article 20 GDPR.

In addition, you have the right to lodge a complaint with the responsible data protection supervisory authority (Article 77 GDPR in conjunction with Section 19 BDSG).

The supervisory authority responsible for us is:

The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg

Lautenschlagerstraße 20

70173 Stuttgart

Email: [email protected]