Data protection information for customers, interested parties and suppliers

Information according to Art. 13, 14 and 21 of the EU Data Protection Basic Regulation (GDPR)

With the following information we would like to give you an overview of the processing of your personal data by us and your rights resulting from it. Which data is processed in detail and in which way it is used depends largely on the services requested or agreed upon in each case. Therefore, not all statements contained here may apply to you.

Furthermore, this data protection information may be updated from time to time. You can find the latest version at any time on our website at:

1. Who is responsible for data processing and whom can I contact?

The authority responsible is

Giesdorf Digital GmbH & Co. KG
Detmolder Str. 108a
33604 Bielefeld

Telefon: +49 (0) 5261 2889190
E-Mail: info[at]

You will find further information about our company, details of the persons authorised to represent us and also further contact details in the imprint of our website:

2. Type of personal data collected

Among other things, we process the following personal data that we receive from you within the scope of our business relationship:

  • Company name with legal form and address
  • Title and names
  • Phone numbers
  • Fax numbers
  • E-mail addresses
  • Field of activity or position
  • Information necessary for the fulfilment of the order (names of end customers, delivery addresses, bank details, etc.)

3. We process your data for the following purposes and on the following legal basis

We process personal data in accordance with the provisions of the European Data Protection Basic Regulation (DSGVO) and the Federal Data Protection Act (BDSG).

If we have received data from you, we will only process it for the purposes for which we received or collected it.

a) For the fulfilment of contractual obligations (Art. 6 para. 1 letter b DSGVO)

The processing of data is carried out for execution:

  • of a contract or contract-like relationship (e.g. offer)

b) Based on legal requirements (Art. 6 para. 1 letter c DSGVO)

We are subject to various legal obligations that entail data processing. These include, for example

  • Tax laws as well as the legal bookkeeping
  • meeting requests and requirements of supervisory or law enforcement authorities
  • the fulfilment of fiscal control and reporting obligations

In addition, the disclosure of personal data may become necessary in the context of official/judicial measures for the purpose of gathering evidence, prosecution or enforcement of civil claims. Data processing for other purposes can only be considered if the necessary legal requirements pursuant to Art. 6 para. 4 DSGVO are met.

c) Within the framework of the balancing of interests (Art. 6 para. 1 f DSGVO)

As far as necessary, we process your data beyond the actual fulfilment of the contract in order to protect legitimate interests of us or third parties. Examples of such cases are:

  • Assertion of legal claims and defence in legal disputes
  • Processing in the CRM system

If we process data on the basis of a balancing of interests, you as the data subject have the right to object to the processing of personal data, taking into account the provisions of Art. 21 DSGVO.

d) On the basis of consent (Art. 6 para. 1 a DSGVO)

If personal data are processed on the basis of your consent, you have the right to revoke this consent at any time with effect for the future.

4. Who gets my data?

Data from you can be transmitted to:

  • Employees within our company, e.g. sales, purchasing, support, accounting
  • Service providers who work for us as processors.

Your personal data will only be otherwise transferred to third parties if this is necessary for the execution of the contract with you, if the transfer is permitted on the basis of a weighing of interests within the meaning of Art. 6 para. 1 lit. f) DSGVO, if we are legally obliged to transfer the data or if you have given your consent.

Data will only be passed on to recipients outside our company in compliance with the applicable data protection regulations. Recipients of personal data may be, for example

  • Public bodies and institutions (e.g. financial or criminal prosecution authorities) in the case of
  • legal or regulatory requirement
  • Credit and financial service providers (processing of payment transactions)
  • Tax consultant or economic and wage tax and tax auditor (statutory audit mandate)

5. Is data transferred to a third country or to an international organisation?

In principle we do not plan to do so. Exceptions to this would be conceivable if you were to initiate this or if it were necessary for the fulfilment of the contract. Legal basis: Article 6 paragraph 1 sentence 1 lit. b DSGVO, Article 49 paragraph 1 lit. b DSGVO.

6. How long will my data be stored?

We process and store your personal data for as long as this is necessary to fulfil our contractual and legal obligations. If the data is no longer necessary for the fulfilment of contractual or legal obligations, it will be deleted regularly.

There are exceptions,

  • insofar as statutory storage obligations must be fulfilled, e.g. the German Commercial Code (HGB) and the German Fiscal Code (AO). The periods of retention or documentation specified there are usually six to ten years.
  • for the preservation of evidence within the framework of the legal statute of limitations. According to §§ 195 ff of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is 3 years.

If the data processing is carried out in the legitimate interest of us or a third party, the personal data will be deleted as soon as this interest no longer exists. The exceptions mentioned above shall apply.

7. What data protection rights do I have?

According to the DSGVO you have the right to:

  • Information according to Article 15 DSGVO,
  • Correction pursuant to Article 16 DSGVO,
  • Deletion in accordance with Article 17 DSGVO,
  • Restriction of processing under Article 18 DSGVO,
  • Opposition from Article 21 DSGVO and the right to data transferability from Article 20 DSGVO.

Restrictions may apply to the right of information and the right of deletion under Sections 34 and 35 of the Federal Data Protection Act.

To exercise your rights, please contact Giesdorf Digital GmbH & Co. KG directly (see point 1) or our data protection officer (see point 10).

If there is any doubt about your identity, we will request additional information from you for identification purposes.

In addition, you have the right to complain to a competent data protection supervisory authority (Article 77 DSGVO in conjunction with § 19 BDSG). The supervisory authority responsible for us is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Kavalleriestr. 2-4
40213 Düsseldorf
Telefon: 0211/38424-0
Fax: 0211/38424-10
E-Mail: poststelle[at]

8. Is there an obligation to provide data?

Within the scope of the contractual relationship, you must provide those personal data which are necessary for the commencement, implementation and termination of the contractual relationship and for the fulfilment of the associated contractual obligations or which we are legally obliged to collect. Without this data, we will generally not be able to conclude or execute the contract with you.

9. Information about your right of objection in accordance with Article 21 of the Basic Data Protection Regulation (DSGVO)

Right of objection in individual cases

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data relating to you on the basis of Article 6 paragraph 1 letter f) DPA (data processing based on a balancing of interests), including profiling within the meaning of Article 4 No. 4 DPA, based on this provision.

If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.

Recipient of an objection

The objection can be made in any form with the subject “Objection”, stating your name, address and date of birth, and should be addressed to our data protection officer.

10. Our data protection officer

We have appointed a data protection officer in our company. You can reach him or her at the following contact details:

Giesdorf Digital GmbH & Co. KG
– Datenschutzbeauftragter –
Detmolder Str. 108a
33604 Bielefeld
Telefon: +49 (0) 5261 2889190
E-Mail: datenschutz[at]