Data protection notice for business partners (O_IS_DE1)

March 2026

This data protection notice applies to the processing of your personal data as our business partner.

1 Data Controller

The data controller is

Technoform Bautec Kunststoffprodukte GmbH
Hannoversche Straße 2
34134 Kassel

Phone: +49 561 9583-400
Email: privacy [dot] oisde1 [at] technoform [dot] com (privacy[dot]oisde1[at]technoform[dot]com)

For any questions regarding data protection, feel free to contact us at any time using the contact details mentioned above.

2 Purpose and legal basis

We process your data on the basis of the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and all other laws relevant to us in terms of data protection.

2.1 Administration and processing of business, contract, and communication processes

We process the following categories of personal data for the purpose of implementing pre-contractual measures or for fulfilling the contractual relationship and its administration and processing:

master data,
names,
addresses,
contact details,
communication and interaction data,
billing and payment data,
order data,
contract and business relationship data.

The legal basis for this data processing Art. 6 (1) lit. b GDPR. Without the provision of personal data, it is not possible to carry out pre-contractual measures or to fulfill and manage customer, service provider, partner, supplier, and prospect relationships or contracts, or to fulfill contracts. The data is stored for the duration of the respective business relationship. It is deleted at the end of the respective contractual or business relationship and/or after the expiry of the statutory retention periods. In the case of interested parties, deletion generally takes place when it is clear that no further contact or initiation of a business relationship is desired or necessary, but at the latest after the expiry of internal review or documentation periods or statutory retention periods, if applicable.

2.2 IT security

As part of our security measures, we maintain various log protocols in IT systems. These are used for troubleshooting purposes and to provide evidence of data collection, modification, and deletion. The following data is logged here for:

device data,
access data,
user data.

The legal basis for this processing is, on the one hand, our legitimate interest pursuant to Art. 6 (1) (f) GDPR in the secure operation of IT systems and, on the other hand, legal requirements pursuant to Art. 6 (1) (c) GPDR to ensure the integrity, confidentiality, and availability of data (accountability obligation).

Log data for IT security is generally deleted after four weeks at the latest. Log data in connection with accountability evidence is deleted in accordance with the applicable statutory requirements. In cases of reasoned concern, data may also be retained until the matter has been clarified.

In this context, please also refer to our Data protection notice for Falcon Complete from Crowdstrike.

2.3 Access control

As part of our security measures, individual rooms are equipped with an automatic access control system. The following data is logged for this purpose:

Access card data,
names,
arrival and departure times.

The legal basis for this processing is, on the one hand, our legitimate interest pursuant to Art. 6 (1) (f) GDPR in securing our office premises and, on the other hand, legal requirements pursuant to Art. 6 (1) (c) GDPR to ensure the integrity, confidentiality, and availability of data (accountability).

3 Direct advertising and objection
For advertising purposes, we inform customers (on the basis of our legitimate interest for direct advertising pursuant to Art. 6 (1) lit. f GDPR) about innovations and offers via various communication channels (e.g.: e-mail, letter).
You have the right to object to data processing for direct marketing purposes at any time.
The data required for direct advertising will be stored until the objection to direct advertising.

4 Recipients of personal data

We will only pass on your data to third parties if this should become necessary for the fulfilment of the purpose. Furthermore, data may be passed on to authorities on the basis of legal provisions in accordance with Art. 6 (1) (c) and (e) GDPR.

In addition, in various cases we engage processors in accordance with Art. 28 GDPR, who may receive data from us or have access to your data in connection with their service. In this context, data transfers outside the EU may also take place. In doing so, we make sure that there is either an EU adequacy decision for the destination country in question in accordance with Art. 45 GDPR or that we have concluded a contract with the service providers concerned on the basis of the standard data protection clauses in accordance with Art. 46 (2) (c) GDPR (https://commission.europa.eu/publications/standard-contractual-clauses-international-transfers_en).

5 Your rights

You have the following rights against us in relation to personal data concerning you:

Right to information (Art. 15 GDPR).
Right to rectification (Art. 16 GDPR).
Right to erasure (Art. 17 GDPR).
Right to restriction of processing (Art. 18 GDPR).
Right to data portability (Art. 20 GDPR).
Right to object to processing (Art. 21 GDPR).
Right to withdraw consent (Art. 7 para. 3 GDPR).
Right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).

6 Data protection officer

We have appointed an external data protection officer:

Stefan Pietsch

Contact data:

Pietsch IT GmbH
Wilhelmshöher Straße 1
34590 Wabern

Phone: +49 5683-923440
Email: datenschutz [at] pietsch-it [dot] de (datenschutz[at]pietsch-it[dot]de)
Internet: www.pietsch-it.de

7 Validity and modification of this data protection notice

This data protection notice is currently valid (see status in the heading). Due to the further development of our offers or due to changes in legal or official requirements, it may become necessary to change this data protection notice.