RST in Warnemünde // Source: RST

Data protection

Information for supplier


Privacy policy status: 10.11.2020

Data Protec­tion Infor­ma­tion for Supp­liers accor­ding to Art. 13 and 14 EU-GDPR EN


I. Who is responsible for data processing and who can I contact?

Responsible for data processing:

RST Rostock System-Technik GmbH
Friedrich-Barnewitz-Str. 9
18119 Rostock
Fon: +49 381 56 0
Email: info[at]rst-rostock.de

Contact details of the data protection officer:

RST Rostock System-Technik GmbH
Data protection officer
Friedrich-Barnewitz-Str. 9
18119 Rostock
Fon: +49 381 56 0
Email: datenschutzbeauftragter[at]rst-rostock.de


II. What sources and data do we use?

We may process the following personal data within the scope of our business contact, in particular

  • Basic personal information, such as your name, role, business contact information (address(es), telephone and fax numbers, e-mail adresses) and other contact infor-mation.
  • Other business-relevant information, e.g. your industry, previous business activities, business performance with us
  • Additional personal information that you have provided to us (e.g. your birthday, hobbies)
  • Contract data, such as customer number, bank account details, tax number
  • Photos that you make available to us or that are taken in the context of events of which you are a participant
  • Creditworthiness data
  • Data for payment transactions
  • personal data that we are permitted to process from publicly accessible sources (e.g. commercial register, creditworthiness information of Creditreform)

Usually, we receive the aforementioned data (with the exception of the latter point) directly from you. We may obtain additional data from your employer, colleagues or third parties or from publicly available sources (e.g., your company's website, job-related social networks).

III. What do we process the data for (purpose of processing) and on what legal basis?

We process your personal data for the proper processing and expansion of our business relationship to fulfill the legal obligations to which we are subject and if this is necessary for our legitimate interests, unless your interests or fundamental rights and obligations prevail.

Legal basis for the data processing are in particular Art. 6 Para. 1 lit. b and Art. 6 Para. 1 lit. f GDPR or your consent, if you have given us such.

IV. Who receives my data?

In particular, we may transfer your data to the following recipients:

  • Companies in our group of companies, for the initiation of further business contacts
  • Companies outside our group of companies, insofar as this is necessary for the initiation or processing of an order
  • public entities such as tax or social insurance authorities and other public or private entities to which we must transfer personal data in orer to fulfill our legal obligations.

Within our company, the data is only processed by persons whose area of responsibility makes this necessary.

V. Is data transferred to a third country or to an international organisation?

We do not share your information with third countries or international organizations.

VI. How long will my data be stored?

Your personal data will be stored and preserved by us during the period of our business relationship and also after termination of our business relationship if and to the extent that further storage is necessary to fulfil legal storage obligations or to safeguard our legitimate interests. We may delete or block personal data during or after our business relationship based on applicable data protection laws.

VII. What data protection rights do I have?

Every data subject has the right of access under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR. The restrictions apply to the right to information and the right to erasure. In addition, there is a right of appeal to a data protection supervisory au-thority (Article 77 GDPR).

You can revoke your consent to the processing of personal data at any time by contacting the responsible body. This also applies to the revocation of decla-rations of consent given to us prior to the application of the EU Basic Data Protection Regulation, i.e. before 25 May 2018. Please note that the revocation will only take effect in the future. Processing that took place before the revocation is therefore not affected by a revocation. Please also note that we may pro-cess your personal data in whole or in part on the basis of legal regulations despite revocation of consent under certain circumstances.

VIII.  Is there an obligation for me to provide data?

We need some of the aforementioned personal data for the correct handling of our business relationship.

If you do not provide the necessary personal data, we may not be able to fulfill our legal obligations and may need to consider whether we can continue the busi-ness relationship.

IX. To what extent is there automated decision making (including profiling)

We do not perform automated decision making / profiling.


Information about your right of objection according to Article 21 EU General Data Protection Regulation (GDPR)

You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you on the basis of Article 6(1)(e) of the GDPR (processing of data in the public interest) and Article 6(1)(f) of the GDPR (processing of data on the basis of a balancing of interests); this also applies to profiling based on this provision within the meaning of Article 4(4) of the GDPR.

If you file an objection, we will no longer process your personal data unless we can prove compelling reasons for processing worthy of protection which outweigh your rights, interests and freedoms, or it serves the assertion, exercise or defence of legal claims.

The opposition can be made without any formal requirements.