Privacy Notice for our vendors and service providers
1.1 Your personal data processed by us
KBC processes personal data of vendors and service providers. This is necessary for business operations. The following data is processed:
- Name
- Surname
- Business address
- Company Name
- Bank account
- Your email address
- Your mobile phone number
- Your landline number
- Your fax number
- Titles and academic degrees
- Position in the company
- Any personal data provided to us in the course of communications
KBC collects data from individuals in the following ways:
- Receipt of personal data directly from the data subject through contact by suppliers / service providers
- Receipt of personal data directly from the data subject by KBC contact
- Research in business directories or websites
1.2 Purposes of data processing
We process your data for the following purposes:
- Initiation, implementation and termination of a contractual relationship
- Testing and optimization of demand analysis procedures
- Consultation and exchange of data with credit agencies to determine creditworthiness and default risks
- Assertion, exercise or defence of legal claims
- Measures for business management and further development of our products
1.3 Legal basis for data processing
Processing of your personal data on the basis of consent
Insofar as we obtain your consent for the processing of your personal data, the processing of your personal data is carried out on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR in conjunction with Art. 5, 7 GDPR.
Processing for the purpose of performing the contract with you
Insofar as we process your personal data for the purpose of fulfilling the contract, Art. 6 (1) sentence 1 (b) GDPR serves as our legal basis. This also applies to processing operations that are necessary for the implementation of pre- and post-contractual measures.
Processing to comply with a legal obligation
Insofar as the processing of your personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Art. 6 para. 1 sentence 1 lit. c GDPR serves as our legal basis. Our legal obligation to process data arises, for example, from retention obligations under tax and/or commercial law.
Processing on the basis of legitimate interest
The legal basis for direct marketing purposes may be Art. 6 para. 1 sentence 1 lit. f GDPR if our legitimate interests exist, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data prevail. The legitimate interests pursued by us in this regard – in addition to the purposes listed under b. – include:
- To provide you with the best possible information about our products, offers and services through direct marketing;
- In communicating with you, in particular to be able to respond to your inquiries by email, telephone and/or fax;
- To be able to conduct due diligence with our potential business partner
The legal basis for processing activities in connection with the assertion, exercise or defence of legal claims is also our legitimate interest in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.
2. Recipients or categories of recipients of personal data and transfer to third countries
As part of the processing of your personal data, we may pass on the personal data concerning you to the following recipients. We will only transfer your personal data to external recipients if you have given your consent or if this is permitted by law.
External recipients of your personal data are, in particular:
- Processor
- Tax advisor
- Auditor
- IT-Administrator
- Potential business partners
- Authorities
- External accountant
- Bank / Financial Institution
- Parcel Service Providers
- Postal Service Providers
- Project stakeholders
- Affiliated companies
In addition, your personal data may be transferred to the following service providers located in a country outside the EU/EEA:
Kemény Boehme Consultants, Inc., 615 South College Street, Charlotte, NC 28202, USA
In order to make the third-country transfer as data-friendly as possible, standard contractual clauses in accordance with Art. 46 (2) (c) GDPR have been concluded with providers in unsafe third countries.
3. Duration of storage of personal data
We do not store your personal data for longer than is necessary for the purpose for which it was collected. This means that data in our systems is destroyed or deleted as soon as it is no longer needed. We will take reasonable steps to ensure that your personal data is only processed under the following conditions:
- As required by applicable law, contract or in light of our legal obligations
- Only for as long as is necessary for the purpose for which the data was collected, or longer if required by contract, applicable law, using appropriate safeguards.
A requirement may exist in particular if the data is still needed to fulfil contractual services, to be able to examine and grant or defend warranty and, if applicable, guarantee claims. If the data is no longer required for the fulfilment of contractual or legal obligations, it will be deleted on a regular basis, unless its – temporary – retention is still necessary, in particular for the fulfilment of statutory retention periods of up to ten years (e.g. from the Commercial Code, the Tax Code and the Money Laundering Act). In the case of statutory retention obligations, deletion is only possible after the expiry of the respective retention obligation.
4. Obligation to provide the data
In order to (planned) conclude and execute the contract with you, you must provide the personal data that is necessary for the establishment and performance of the contractual relationship and the fulfilment of the associated contractual obligations or that we are legally obliged to collect (see in particular the standards listed under “III.3.”). Without this data, we will generally not be able to conclude and perform the contract with you.