Data protection information according to Art. 13, 14 GDPR

Thank you for your interest in our company and our products. As the data controller under data protection law, we want you to feel comfortable interacting with us and our employees with regard to the protection of your personal data. We take the protection of your personal data very seriously. Compliance with German and European data protection regulations is a matter of course for us. The protection of your personal data is therefore a top priority for us. With the following information, we would like to inform you about how we handle your personal data in detail:

General information - valid for all the following descriptions of data processing

1. Name and contact of the controller

Responsible for the processing of your personal data in the context of this contact is
Barnhouse Naturprodukte GmbH
Edisonstraße 3a
84453 Mühldorf am Inn, Germany
Phone: +49 (0) 8631 36 22 0
Fax: +49 (0) 8631 36 22 30
E-mail: info@barnhouse.de
Website: www.barnhouse.de/en

 

2. Contact details of the data protection officer

You can reach our data protection officer as follows
DataCo GmbH
Nymphenburger Str. 86
80636 Munich, Germany
Phone: +49 (0)89 7400 45840
E-mail: info@dataguard.de
Website: www.dataguard.de

Barnhouse Naturprodukte GmbH

Rights of data subjects

1. Right to information (Art. 15 GDPR)

If your personal data is processed, you have the right to obtain information from the controller about the personal data stored about you (Art. 15 GDPR).

2. Right to rectification (Art. 16 GDPR)

You have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you and the right to have incomplete personal data completed (Art. 16 GDPR).

3. Right to erasure (Art. 17 and 18 GDPR)

If the legal requirements are met, you can request the immediate deletion of your personal data or restriction of processing (Art. 17 and 18 GDPR).

4. Right to information (Art. 19 GDPR)

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients by the controller (right to information, Art. 19 GDPR).

5. Right to data portability (Art. 20 GDPR)

If you have consented to the data processing or a contract for data processing exists and the data processing is carried out using automated procedures, you may have a right to data portability (Art. 20 GDPR). In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly from one controller to another controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

6. Right to object to the processing (Art. 21 para. 1 GDPR)

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims (Art. 21 (1) GDPR).

7. Right to object to direct marketing (Art. 21 para. 2 GDPR)

If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising (Art. 21 para. 2 GDPR). If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

8. Right to withdraw consent (Art. 7 para. 3 GDPR)

You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal (Art. 7 (3) GDPR).

9. Automated decisions in individual cases including profiling (Art. 22 GDPR)

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. In this case, if the legal requirements are met, you have the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision (Art. 22 GDPR).

10. Right to lodge a complaint (Art. 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes the GDPR (Art. 77 GDPR). The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

Barnhouse Naturprodukte GmbH

For applicants

1. Processing of your personal data

    • Your address
    • Last name
    • First name
    • e-mail address
    • Mobile phone number
    • Landline number
    • Fax number
    • Curriculum vitae
    • Certificates
    • Your title
    • School education
    • Professional qualifications and further training
    • Other data that you share with us during the application process

Barnhouse collects personal data from applicants in the following ways:

    • Application sent by e-mail or by post directly to a Barnhouse Naturprodukte GmbH employee.
    • Recruitment agencies
    • Recruiting platforms

 

2. Purposes of processing and their legal basis

Your personal data will be processed for the following purposes:

    • Carrying out the application process and deciding on the establishment of the employment relationship
    • Communication (telephone, e-mail, video telephony)
    • Implementation of pre-contractual measures (initiation of the employment relationship)
    • Inclusion of applicant data in an applicant pool
    • Assertion, exercise or defense of legal claims arising from the application process

Processing of special categories of personal data that have been made public - Art. 9 para. 2 lit. e GDPR

Insofar as special categories of personal data are processed that you have obviously made public, your data will be processed in accordance with Art. 9 para. 2 lit. e GDPR.

Processing for the purpose of asserting, exercising or defending legal claims or in court proceedings - Art. 6 para. 1 sentence 1 lit. f GDPR, Art. 9 para. 1 lit. f GDPR

If necessary, your data will be processed for the purpose of asserting, exercising or defending legal claims or in the case of actions of the courts pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, Art. 9 para. 1 lit. f DSG-VO.

Processing on the basis of consent - Art. 6 para. 1 sentence 1 lit. a GDPR in conjunction with Art. 7 GDPR. Art. 7 GDPR, Art. 88 para. 1 GDPR in conjunction with. Art. 26 para. 2 BDSG

If you have given your consent to data processing, your data will be processed in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR in conjunction with Art. Art. 7 DS-GVO, Art. 88 para. 1 DS-GVO in conjunction with. Art. 26 para. 2 BDSG processed.

Decision on the establishment of the employment relationship Art. 6 para. 1 sentence 1 lit. b GDPR, Art. 88 para. 1 GDPR in conjunction with § Section 26 para. 1 BDSG

We process your data in order to make a decision on the establishment of the employment relationship. If you are hired by our company, your data will be processed for the purpose of implementing and terminating the employment relationship. Separate information about the processing of your personal data will be provided for this purpose.

Processing on the basis of legitimate interest - Art. 6 para. 1 sentence 1 lit. f GDPR

Insofar as the processing is carried out to safeguard a legitimate interest of us or a third party and your interests or fundamental rights and freedoms do not outweigh the first-mentioned interest, Art. 6 para. 1 sentence 1 lit. f GDPR serves as the legal basis for data processing. Our legitimate interest arises in particular from the following reasons:

    • The proper execution and optimization of the application process
    • Assertion, exercise or defense of legal claims

Processing of special categories of personal data - Art. 9 para. 2 lit. a GDPR

If you have given your consent to the processing of special categories of personal data, such as health data, religious affiliation or nationality, your data will be processed in accordance with Art. 9 para. 2 lit. a GDPR.

 

3. Recipients or categories of recipients of the personal data

As part of the processing of your personal data, we may pass on your personal data to the following recipients:

    • Human resources department
    • Within our company, exclusively to the departments and persons who need this data to fulfill contractual and legal obligations or to implement our legitimate interest

As part of the application process, your personal data will only be forwarded to those employees of our company who need it to fulfill the purposes mentioned under point 2. Your personal data will not be transferred to third parties as part of the application process.

Otherwise, data will only be passed on to recipients outside the company if this is permitted or required by law, if the transfer is necessary to fulfill legal obligations or if we have your consent.

In addition, your personal data may be transferred to the following processors / service providers based in a country outside the EU/EEA:

    • Microsoft Corporation

Further information on data processing by Microsoft can be found here: https://privacy.microsoft.com/de-de/privacystatement

In the case of processors and service providers outside the EU/EEA, your above-mentioned personal data will only be processed if this is the subject of our standard data protection clauses with these recipients in accordance with Art. 46 para. 2 lit. c GDPR.

 

4. Transfer of personal data to a third country

In principle, the personal data collected and generated during the provision of relevant products and services is stored on our servers in the European Union. As the providers of our software solutions, among others, offer their products and/or services on the basis of available resources and servers worldwide, your personal data may be transferred to other jurisdictions outside the European Union and the European Economic Area or accessed from such a jurisdiction outside the European Union. In particular, personal data is transferred to the third country USA within the meaning of Art. 15 para. 2 GDPR. In order to ensure the continuation of the necessary level of protection when transferring data to a third country, contractual measures are agreed for this purpose. The software provider has its registered office in the United States of America, which has not been recognized as providing an adequate level of data protection. In order to ensure suitable guarantees for the protection of the transfer and processing of personal data outside the EU, data is transferred to and processed by our service providers on the basis of suitable guarantees in accordance with Art. 46 ff GDPR, in particular through the conclusion of so-called standard data protection clauses in accordance with Art. 46 para. 2 lit. c GDPR.

 

5. Duration of the storage of personal data

We will delete your personal data as soon as the purposes for its storage mentioned under point 4 no longer apply, or you object to the use of your personal data (in the case of processing on the basis of legitimate interests) or you revoke your previously given consent. However, your personal data may also be stored beyond this, in particular in the following cases

    • if contractual, legal (in particular from HGB, StGB and AO) or statutory retention periods prevent deletion
    • for the assertion, exercise or defense of legal claims
    • if this is required by European or national law to fulfill a legal obligation to which we are subject.

The following retention periods in particular result for us from statutory provisions

    • After decision on non-appointment: 6 months retention period for application documents (Section 15 (4) General Equal Treatment Act (AGG), Section 224 Code of Civil Procedure (ZPO)).

If the applicant has consented, the application documents will be included in the applicant pool and stored there for a maximum of 2 years from the date of consent. They will be deleted when the purpose no longer applies or when the applicant withdraws their consent.

In the case of employment in our company, your personal data will be deleted when the purpose no longer applies, at the latest after termination of the employment relationship, provided that there are no statutory retention periods to prevent deletion.

Barnhouse Naturprodukte GmbH

For customers and interested parties

1. Processing of your personal data

As part of the existing customer relationship and contract initiation, we process the following personal data about you:

    • Company name
    • Salutation, title and academic degrees of the contact person
    • First name and surname of the contact person
    • Position in the company
    • Billing/delivery/address
    • Telephone number
    • Fax number
    • E-mail address
    • Customer number
    • Sales tax identification number
    • Bank details
    • Purpose of use and other information in connection with financial transactions
    • Type of contract
    • Contract number
    • Invoice number
    • Order number
    • Delivery note number
    • Shipment number
    • Date of conclusion of the contract
    • Due date of the receivables
    • Amount of claim
    • Payment modalities
    • Evaluation content (e.g. stakeholder query, collection of customer feedback)
    • All personal data provided to us in the course of customer communication

Barnhouse collects data from interested persons and customers in the following ways:

    • Inquiries via the contact form on the Barnhouse Naturprodukte GmbH website
    • Enquiries/contact via message to Barnhouse Naturprodukte GmbH employees, e.g. by email, social media, online or other communication channels and telephone.
    • Inquiries at trade fairs or other events at which data is passed on to Barnhouse Naturprodukte GmbH employees with the aim of establishing contact.
    • Own research on potential interested parties in business directories, contact details on websites or professional networks.
    • Requesting personal data from the person themselves or receiving personal data from an employee of the customer company after concluding a contract with Barnhouse Naturprodukte GmbH. This may also involve employees of the customer company's service providers.
    • For company tours: Retrieval of personal data via forms provided (hygiene guidelines and data protection notice)

 

2 Purposes of processing and their legal basis

As part of the existing customer relationship, contract initiation, participation in marketing campaigns and participation in a company tour, your personal data will be processed for the following purposes:

    • To process your inquiry as an interested party. For this purpose, we use your contact data to answer your inquiry.
    • To prepare and carry out pre-contractual measures - this includes, for example, the preparation and sending of an individual offer or individual agreement and transmission of contractual terms with the aim of concluding a contract.
    • To carry out contractual measures, such as processing and sending orders.
    • To add your contact details to our customer and contact database.
    • To make contact (email, telephone, social media and other online channels)
    • To establish, execute and terminate the contractual relationship.
    • Customer administration and customer support - in particular the processing of customer inquiries.
    • To provide you with the best possible information about our products and services. This also includes sending (direct) advertising by email or telephone.
    • To survey your satisfaction with our products and services. (e.g. stakeholder inquiries, collecting customer feedback)
    • Complaint processing
    • To provide you as a customer with the best possible service. This includes, in particular, communicating with you by e-mail, mobile phone, landline or fax.
    • Processing and fulfillment of contracts relating to order-related purchasing.
    • Processing and fulfillment of contracts relating to secondary purchasing.
    • Management of physical stocks in the company's own warehouse to ensure the smooth availability of products.
    • Processing and delivery of products to customers or other destinations by freight forwarders and/or postal service providers
    • To ensure smooth billing of the services provided. For this purpose, your personal data is processed in order to be able to issue invoices.
    • To comply with our legal obligations. This includes, for example, the transmission of your personal data to the tax office.
    • For the purpose of carrying out marketing initiatives such as: Newsletter mailing, product updates, invitations to events, competitions, etc.
    • For the fulfillment of post-contractual measures.
    • For the assertion, exercise or defense of legal claims.

Processing of your personal data on the basis of consent

Insofar as we obtain your consent for the processing of your personal data, your personal data will be processed on the basis of Art. 6 para. 1 lit. a GDPR in conjunction with Art. 5, 7 GDPR. Art. 5, 7 GDPR.

Processing for the purpose of performing the contract with you

Insofar as we process your personal data for the purpose of fulfilling a contract, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre- and post-contractual measures.

Processing for the fulfillment of a legal obligation

Insofar as the processing of your personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis. Our legal obligation to process data arises, for example, from retention obligations under tax and/or commercial law.

Processing on the basis of legitimate interest

The legal basis for the purpose of direct advertising may be Art. 6 para. 1 lit. f GDPR if our legitimate interests exist, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail. The legitimate interests pursued by us in this regard - in addition to the purposes listed under point 2 - include

    • To be able to inform you optimally about our products, offers and services by means of direct marketing.
    • To communicate with you, in particular to be able to respond to your inquiries by email, telephone and/or fax.
    • To obtain customer feedback to improve the customer experience, improve our products and services.
    • To comply with legal obligations and other requirements

The legal basis for processing activities in connection with the assertion, exercise or defense of legal claims is also our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

 

3. Recipients or categories of recipients of the personal data

As part of the processing of your personal data, we may pass on your personal data to the following recipients. We only transfer your personal data to external recipients if you have given your consent or if this is permitted by law. External recipients of your personal data are in particular

    • Processors
    • freelancers
    • public authorities
    • courts
    • Lawyers
    • tax consultants
    • Auditors
    • Bank/financial institutions
    • Parcel service providers
    • Post Office
    • auditors

In order to offer you more payment methods and to simplify payments for you, we use the payment processing service providers:

    • Shopify International Limited, 2nd Floor, 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04XN32, Ireland
    • PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg

In addition, your personal data may be transferred to the following processors/service providers based in a country outside the EU/EEA

    • Microsoft Corporation

Further information on data processing by Microsoft can be found here:

https://privacy.microsoft.com/de-de/privacystatement

In the case of processors and service providers outside the EU/EEA, your above-mentioned personal data will only be processed if this is the subject of our standard data protection clauses with these recipients in accordance with Art. 46 para. 2 lit. c GDPR.

 

4. Transfer of personal data to a third country

In principle, the personal data collected and generated during the provision of relevant products and services is stored on our servers in the European Union. As the providers of our software solutions, among others, offer their products and/or services on the basis of available resources and servers worldwide, your personal data may be transferred to other jurisdictions outside the European Union and the European Economic Area or accessed from such a jurisdiction outside the European Union. In particular, personal data is transferred to the third country USA within the meaning of Art. 15 para. 2 GDPR. In order to ensure the continuation of the necessary level of protection when transferring data to a third country, contractual measures are agreed for this purpose. The software provider has its registered office in the United States of America, which has not been recognized as providing an adequate level of data protection. In order to ensure suitable guarantees for the protection of the transfer and processing of personal data outside the EU, data is transferred to and processed by our service providers on the basis of suitable guarantees in accordance with Art. 46 ff GDPR, in particular through the conclusion of so-called standard data protection clauses in accordance with Art. 46 para. 2 lit. c GDPR.

 

5. Duration of the storage of personal data

We do not store your personal data for longer than is necessary for the purpose for which it was collected. This means that data is destroyed or deleted from our systems as soon as it is no longer required. We take appropriate measures to ensure that your personal data is only processed under the following conditions:

    • Only for as long as necessary for the purpose for which the data was collected, or longer if required by contract, applicable law, using appropriate safeguards.

A requirement may exist in particular if the data is still needed to fulfill contractual services, to check and grant or defend against warranty and guarantee claims. If the data is no longer required for the fulfillment of contractual or legal obligations, it is regularly deleted, unless its - temporary - retention is still necessary, in particular to fulfill legal retention periods of up to ten years (e.g. from the German Commercial Code, the Tax Code and the Money Laundering Act). In the case of statutory retention obligations, deletion will only be considered after the respective retention obligation has expired.

 

6. Obligation to provide the data

For a (planned) conclusion and execution of the contract with you, you must provide the personal data that is necessary for the establishment and execution of the contractual relationship and the fulfillment of the associated contractual obligations or that we are legally obliged to collect. Without this data, we will generally not be able to conclude and execute the contract with you.

Barnhouse Naturprodukte GmbH

For participants in marketing campaigns and participants in company tours

1. Processing of your personal data

When you participate in marketing campaigns and company tours, we process the following or parts of the following data about you:

    • Company name
    • Salutation, title and academic degrees of the contact person
    • First name and surname of the contact person
    • Position in the company
    • Delivery/address
    • Telephone number
    • E-mail address
    • Evaluation content (e.g. stakeholder query, collection of customer feedback)
    • All personal data provided to us in the context of customer communication

Barnhouse collects data from participants in marketing campaigns and participants in company tours in the following ways:

    • Enquiries/contact via message to Barnhouse Naturprodukte GmbH employees, e.g. by email, social media, online or other communication channels and telephone.
    • For company tours additionally: Request of personal data via provided forms (hygiene guidelines and data protection notice)

2. Purposes of processing and their legal basis

Your personal data will be processed for the following purposes in the context of participation in marketing campaigns and participation in a company tour:

    • To process your request as an interested party/participant. For this purpose, we use your contact details to answer your request.
    • Contacting you (email, telephone, social media and other online channels)
    • To provide you with the best possible information about our products and services. This also includes sending (direct) advertising by email or telephone.
    • To survey your satisfaction with our products and services. (e.g. stakeholder survey, collecting customer feedback)
    • To provide you as a customer with optimum support. This includes, in particular, communicating with you by e-mail, mobile phone, landline number or fax.
    • Processing and delivery of products to customers or other destinations by carriers and/or postal service providers
    • For the purpose of carrying out marketing initiatives such as: Newsletter mailing, product updates, invitations to events, competitions etc.
    • For company tours: To ensure food safety, we must document all visitors to our production facility.

Processing of your personal data on the basis of consent

Insofar as we obtain your consent for the processing of your personal data, your personal data will be processed on the basis of Art. 6 para. 1 lit. a GDPR in conjunction with Art. 5, 7 GDPR. Art. 5, 7 GDPR.

Processing for the purpose of performing the contract with you

Insofar as we process your personal data for the purpose of fulfilling the contract, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre- and post-contractual measures.

Processing for the fulfillment of a legal obligation

Insofar as the processing of your personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis. Our legal obligation to process data arises, for example, from retention obligations under tax and/or commercial law.

Processing on the basis of legitimate interest

The legal basis for the purpose of direct advertising may be Art. 6 para. 1 lit. f GDPR if our legitimate interests exist, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail. The legitimate interests pursued by us in this regard - in addition to the purposes listed under point 2 - include

    • To be able to inform you optimally about our products, offers and services by means of direct marketing.
    • To communicate with you, in particular to be able to respond to your inquiries by email, telephone and/or fax.
    • To obtain customer feedback to improve the customer experience, improve our products and services.
    • To comply with legal obligations and other requirements

The legal basis for processing activities in connection with the assertion, exercise or defense of legal claims is also our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

 

3. Recipients or categories of recipients of the personal data

As part of the processing of your personal data, we may pass on your personal data to the following recipients. We only transfer your personal data to external recipients if you have given your consent or if this is permitted by law. External recipients of your personal data are in particular

    • Processors
    • Parcel service providers
    • postal service
    • auditors

In addition, your personal data may be transferred to the following processors/service providers based in a country outside the EU/EEA:

    • Microsoft Corporation

Further information on data processing by Microsoft can be found here:

https://privacy.microsoft.com/de-de/privacystatement

In the case of processors and service providers outside the EU/EEA, your above-mentioned personal data will only be processed if this is the subject of our standard data protection clauses with these recipients in accordance with Art. 46 para. 2 lit. c GDPR.

 

4. Transfer of personal data to a third country

In principle, the personal data collected and generated during the provision of relevant products and services is stored on our servers in the European Union. As the providers of our software solutions, among others, offer their products and/or services on the basis of available resources and servers worldwide, your personal data may be transferred to other jurisdictions outside the European Union and the European Economic Area or accessed from such a jurisdiction outside the European Union. In particular, personal data is transferred to the third country USA within the meaning of Art. 15 para. 2 GDPR. In order to ensure the continuation of the necessary level of protection when transferring data to a third country, contractual measures are agreed for this purpose. The software provider has its registered office in the United States of America, which has not been recognized as providing an adequate level of data protection. In order to ensure suitable guarantees for the protection of the transfer and processing of personal data outside the EU, data is transferred to and processed by our service providers on the basis of suitable guarantees in accordance with Art. 46 ff GDPR, in particular through the conclusion of so-called standard data protection clauses in accordance with Art. 46 para. 2 lit. c GDPR.

 

5. Duration of the storage of personal data

We do not store your personal data for longer than is necessary for the purpose for which it was collected. This means that data is destroyed or deleted from our systems as soon as it is no longer required. We take appropriate measures to ensure that your personal data is only processed under the following conditions:

    • Only for as long as necessary for the purpose for which the data was collected, or longer if required by contract, applicable law, using appropriate safeguards.

A requirement may exist in particular if the data is still needed to fulfill contractual services, to check and grant or defend against warranty and guarantee claims. If the data is no longer required for the fulfillment of contractual or legal obligations, it is regularly deleted, unless its - temporary - retention is still necessary, in particular to fulfill legal retention periods of up to ten years (e.g. from the German Commercial Code, the Tax Code and the Money Laundering Act). In the case of statutory retention obligations, deletion will only be considered after the respective retention obligation has expired.

 

6. Obligation to provide the data

For a (planned) conclusion and execution of the contract with you, you must provide the personal data that is necessary for the establishment and execution of the contractual relationship and the fulfillment of the associated contractual obligations or that we are legally obliged to collect. Without this data, we will generally not be able to conclude and execute the contract with you.

Barnhouse Naturprodukte GmbH

For suppliers and service providers

1. Processing of your personal data

Barnhouse Naturprodukte GmbH processes the personal data of suppliers and service providers. This is necessary for business operations. The following data is processed:

    • Company name
    • Salutation, title and academic degrees of the contact person
    • First name and surname of the contact person
    • Position in the company
    • Billing/delivery/address
    • Telephone number
    • Fax number
    • E-mail address
    • Customer number
    • Sales tax identification number
    • Bank details
    • Purpose of use and other information in connection with financial transactions
    • Type of contract
    • Contract number
    • Invoice number
    • Order number
    • Delivery note number
    • Shipment number
    • Date of conclusion of the contract
    • Due date of the receivables
    • Amount of claim
    • Terms of payment
    • All personal data provided to us in the course of customer communication

Barnhouse collects data from suppliers and service providers in the following ways:

    • Obtaining personal data directly from the data subject by contacting suppliers / service providers
    • Receipt of personal data directly from the data subject by contacting Barnhouse Naturprodukte GmbH
    • Research in business directories or websites
    • Receipt of personal data by third parties (e.g. recommendation)

2. Purposes of processing and their legal basis

We process your data for the following purposes:

    • Initiation, execution and termination of a contractual relationship
    • Execution of inquiries, orders, sample requests
    • Examination and optimization of procedures for needs analysis
    • Market and opinion research, provided you have not objected to the use of this data for these purposes
    • Processing complaints
    • Processing and fulfillment of contracts relating to order-related purchasing
    • Processing and fulfillment of contracts relating to secondary purchasing
    • Management of physical stocks in the company's own warehouse to ensure the smooth availability of products.
    • Processing and delivery of products to customers or other destinations by carriers and/or postal service providers
    • Market and opinion research, provided you have not objected to the use of this data for these purposes
    • Assertion, exercise or defense of legal claims
    • Measures for business management and further development of our products

Processing of your personal data on the basis of consent

Insofar as we obtain your consent for the processing of your personal data, your personal data will be processed on the basis of Art. 6 para. 1 lit. a GDPR in conjunction with Art. 5, 7 GDPR. Art. 5, 7 GDPR.

Processing for the purpose of performing the contract with you

Insofar as we process your personal data for the purpose of fulfilling the contract, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre- and post-contractual measures.

Processing for the fulfillment of a legal obligation

Insofar as the processing of your personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis. Our legal obligation to process data arises, for example, from retention obligations under tax and/or commercial law.

Processing on the basis of legitimate interest

The legal basis for the purpose of direct advertising may be Art. 6 para. 1 lit. f GDPR if our legitimate interests exist, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail. The legitimate interests pursued by us in this regard - in addition to the purposes listed under point 2 - include

    • To be able to inform you optimally about our products, offers and services by means of direct marketing
    • In communicating with you, in particular to be able to answer your inquiries by email, telephone and/or fax

The legal basis for processing activities in connection with the assertion, exercise or defense of legal claims is also our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

 

3. Recipients or categories of recipients of the personal data

As part of the processing of your personal data, we may pass on your personal data to the following recipients. We only transfer your personal data to external recipients if you have given your consent or if this is permitted by law. External recipients of your personal data are in particular

    • Processors
    • freelancers
    • public authorities
    • courts
    • Lawyers
    • tax consultants
    • Auditors
    • Bank/financial institutions
    • Parcel service providers
    • Post Office
    • auditors

In addition, your personal data may be transferred to the following processors / service providers based in a country outside the EU/EEA:

    • Microsoft Corporation

Further information on data processing by Microsoft can be found here:

https://privacy.microsoft.com/de-de/privacystatement

In the case of processors and service providers outside the EU/EEA, your above-mentioned personal data will only be processed if this is the subject of our standard data protection clauses with these recipients in accordance with Art. 46 para. 2 lit. c GDPR.

 

4. Transfer of personal data to a third country

In principle, the personal data collected and generated during the provision of relevant products and services is stored on our servers in the European Union. As the providers of our software solutions, among others, offer their products and/or services on the basis of available resources and servers worldwide, your personal data may be transferred to other jurisdictions outside the European Union and the European Economic Area or accessed from such a jurisdiction outside the European Union. In particular, personal data is transferred to the third country USA within the meaning of Art. 15 para. 2 GDPR. In order to ensure the continuation of the necessary level of protection when transferring data to a third country, contractual measures are agreed for this purpose. The software provider has its registered office in the United States of America, which has not been recognized as providing an adequate level of data protection. In order to ensure suitable guarantees for the protection of the transfer and processing of personal data outside the EU, data is transferred to and processed by our service providers on the basis of suitable guarantees in accordance with Art. 46 ff GDPR, in particular through the conclusion of so-called standard data protection clauses in accordance with Art. 46 para. 2 lit. c GDPR.

 

5. Duration of the storage of personal data

We do not store your personal data for longer than is necessary for the purpose for which it was collected. This means that data is destroyed or deleted from our systems as soon as it is no longer required. We take appropriate measures to ensure that your personal data is only processed under the following conditions:

    • For the duration that the data is used to provide you with a service.
    • As required by applicable law, contract or with regard to our legal obligations
    • Only for as long as necessary for the purpose for which the data was collected or longer if required by contract, applicable law, using appropriate safeguards.

A requirement may exist in particular if the data is still needed to fulfill contractual services, to check and grant or defend against warranty and, if applicable, guarantee claims. If the data is no longer required for the fulfillment of contractual or legal obligations, it is regularly deleted, unless its - temporary - retention is still necessary, in particular to fulfill legal retention periods of up to ten years (e.g. from the German Commercial Code, the German Fiscal Code and the German Money Laundering Act). In the case of statutory retention obligations, deletion will only be considered after the respective retention obligation has expired.

 

6. Obligation to provide the data

For a (planned) conclusion and execution of the contract with you, you must provide the personal data that is necessary for the establishment and execution of the contractual relationship and the fulfillment of the associated contractual obligations or that we are legally obliged to collect. Without this data, we will generally not be able to conclude and execute the contract with you.


Barnhouse Naturprodukte GmbH / Status: 27.8.2024