Privacy notices for customers and suppliers
Information on processing your data
OMNILAB is committed to protecting the personal rights of any individual whose personal data it processes. Therefore, we would like to meet our obligations to provide information on the processing of your personal data as follows.
The data controller within the meaning of the EU General Data Protection Regulation (GDPR) is:
OMNILAB-LABORZENTRUM GmbH & Co. KG
Contact details of the data protection officer
Please address any queries you may have concerning the processing of your personal data and applications for the rectification, erasure, restriction of processing and data transfer to our data protection officer:
OMNILAB-LABORZENTRUM GmbH & Co. KG
Data Protection Officer
Processing purposes and legal basis
We process your personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) as well as all other relevant legislation.
The collection and processing of data primarily serves the establishment, implementation and termination of the contractual relationship. The overriding legal basis therefor is Art. 6 (1) (b) GDPR. The processing of your data is necessary for the fulfilment of a contract that includes the delivery of the goods and the payment obligation.
We also process your data on the basis of Art. 6 (1) (f) GDPR to safeguard our legitimate interests or those of third parties (e.g. of public authorities). Data processing may, for example, be necessary:
- To ensure IT security and IT operations
- For direct advertising for identical or similar products and services of Omnilab and of companies affiliated to OMNILAB through, for example, e-shops, newsletters or customer satisfaction surveys. We are highly interested in finding out whether you were satisfied with the service we provided or what we can change in the future. Therefore, at the end of the interaction in the context of implementing the contract we contact a randomly selected group of customers using the contact details provided by you or by your company.
- For preventing and investigating crime
- For the purposes of corporate management, internal communication and other management purposes. We also process your data individually based on your consent given to us separately in accordance with Art. 6 (1) (a), Art. 7 GDPR and to fulfil legal obligations, such as regulatory requirements, commercial and tax law retention requirements or documentation obligations. The legal basis therefor is Art. 6 (1) (c) GDPR in conjunction with the respective legal principles.
Should we process your personal data for a purpose not specified above, we shall inform you in advance.
Data categories and data origin
We process the following categories of data: master and address data (such as first name, last name, name additions, address), contact and communication data (such as telephone numbers and email address), contract data and data from the contractual relationship (such as product interest, type of contract), claim data, payment information (bank details). As a rule, the data is collected directly from us within the framework of the pre-contractual relationship or during the business relationship, but may also have been transmitted to us by your company in individual cases. We also process personal data that we have legitimately gained from publicly available sources (such as professional networks).
Within our company and the Omnilab Group, only those persons who need them to fulfil our contractual and legal obligations receive your personal data. We may also pass the information you have provided to our retailers. However, this only happens if it is necessary to process your data for the intended purpose. In addition, we sometimes rely on different service providers to fulfil our contractual and legal obligations. In addition, we may transfer your personal data to other recipients outside the company to the extent necessary to fulfil the contractual and legal obligations. This can be, for example:
- Authorities (e.g. financial and customs authorities, courts)
- Bank of the contracting party (SEPA payment medium)
- Assignees and credit bureaus
- Commercial credit insurers
- Insolvency administrators and debt collection agencies
In order to process your data technically, Omnilab sometimes uses external service providers. We may transfer and process your information outside your country of residence. These countries can also be located outside the European Economic Area. If we transfer personal data to service providers outside the European Economic Area (EEA), the transfer will only take place if the third country has been confirmed by the EU Commission to have an adequate level of data protection or other appropriate data protection safeguards (e.g. binding corporate privacy rules or EU standard contractual clauses) are available.
Duration of the data storage
OMNILAB will store your personal data only for as long as necessary for the above purposes. After termination of employment, your personal data will be stored as long as we are legally obliged to do so. This is normally the result of legal proof and retention obligations, which are regulated inter alia in the German Commercial Code (HGB) and the German Tax Code (AO). The storage periods are thereafter up to ten years. In addition, personal data may be stored for the period in which claims can be asserted against us (statutory limitation period of three or up to thirty years).
Rights and obligations of the persons concerned
If the legal prerequisites are met, you are entitled to the following rights under Art. 14 (2) (c), 15 to 22 GDPR: Right to information, rectification, erasure, restriction of processing and data portability.
Right to object
You have the right to object to the processing of your personal data for direct marketing purposes without giving reasons. If we process your data in order to safeguard legitimate interests, you can object to this processing for reasons that arise from your particular situation. We will then no longer process your personal information unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is intended to assert, exercise or defend legal claims.
Lodging a complaint with a supervisory authority
You have the option of complaining to the above-mentioned data protection officer or to a data protection supervisory authority.