Information on processing customer/vendor data

1. General Information
The CAPRON GmbH takes the protection of your personal data very seriously. Your privacy is important to us. We process your personal data in accordance with the applicable statutory data protection re-quirements for the purposes listed below. Personal data in the sense of this data protection informa-tion is all information that is related to your person.
The company responsible for data processing is

Berghausstraße 1
01844 Neustadt in Sachsen

E-Mail adress:

If you have any questions or comments on data protection (e.g. on information and updating of your personal data), you can also contact our data protection officer.

Contact details of the data protection officer:

Stefan Fischerkeller
Dr.-Klein-Str. 29
88069 Tettnang
Phone: +49 7544 904 96 91
E-Mail adress:

2. Processing frame
2.1. Source of data collection
We process personal data that we have collected directly from you. Insofar as this is necessary for the provision of our services, we process personal data obtained from other companies or other third parties (e.g. credit agencies, address publishers). In addition, we pro-cess personal data that we have taken, received or acquired from publicly accessible sources (such as telephone directories, commercial and association registers, population registers, debtor directories, land registers, press, Internet and other media) and may process.
2.2. Origin and categories of data not collected directly from you
Insofar as this is necessary for the provision of our services, we process personal data permissibly ob-tained from other companies or other third parties. In addition, we process personal data that we have taken, received or acquired from publicly accessible sources (press, Internet and other media) and are permitted to process. Relevant personal data categories can be in particular:
  • Personal data (name, date of birth, place of birth, nationality, marital status, occupation/industry and comparable data)
  • Contact data (address, e-mail address, telephone number and similar data)
  • Confirmation of payment/coverage for bank and credit cards customer history
  • Data about your use of the telemedia offered by us (e.g. time of accessing our websites, apps or newsletters, clicked pages/links from us or entries and comparable data)
  • Video- and image recordings
  • Creditworthiness data
2.3. Purpose and legal bases oft he processed data
We process personal data in accordance with the provisions of the Data Protection Basic Regulation (GDPR), the new version of the Federal Data Protection Act (BDSG-neu) and other applicable data protection regulations (details below). Which data is processed in detail and how it is used depends to a large extent on the services requested or agreed in each case. Further details or additions for the purposes of data processing can be found in the respective contract documents, forms, a declaration of consent and/or other information provided to you (e.g. within the scope of using our website or our terms and conditions).
Purposes for the fulfilment of a contract or pre-contractual measures (Art. 6 para. 1 b GDPR)
The processing of personal data is carried out to execute our contracts with you and the execution of your orders as well as to carry out measures and activities within the framework of pre-contractual relationships, e.g. with interested parties. These essentially include: contract-related communication with you, the corresponding invoicing and associated payment transactions, the traceability of orders and other agreements as well as quality control through appropriate documentation, goodwill proce-dures, measures for the management and optimisation of business processes as well as for the ful-filment of general duties of care, management and control by affiliated companies; statistical evalua-tions for corporate management, cost recording and controlling, reporting, internal and external communication, emergency management, billing and tax evaluation of operational services, risk ma-nagement, assertion of legal claims and defence in legal disputes; ensuring IT security (including sys-tem or plausibility tests) and general security, safeguarding and exercising domestic rights (e.g. through access controls); ensuring the integrity, authenticity and availability of data, prevention and investigation of criminal offences and control by supervisory bodies or supervisory bodies (e.g. audit).
Purposes in the context of a legitimate interest of us or third parties (Art. 6 para. 1 f GDPR)
Beyond the actual fulfillment of the contract or preliminary agreement, we process your data if ne-cessary, if it is necessary to protect legitimate interests of us or third parties, in particular for the following purposes
  • advertising or market and opinion research, insofar as you have not objected to the use of your data;
  • the examination and optimisation of procedures for needs analysis;
  • the further development of services and products as well as existing systems and processes;
  • the enrichment of our data, including through the use or research of publicly accessible data;
  • statistical evaluations or market analysis; benchmarking;
  • der Geltendmachung rechtlicher Ansprüche und Verteidigung bei rechtlichen Streitigkeiten, die nicht
  • unmittelbar dem Vertragsverhältnis zuzuordnen sind;
  • the limited storage of data, if deletion is not possible or only possible with disproportionately high effort due to the special type of storage;
  • the development of scoring systems or automated decision-making processes;
  • the prevention and investigation of criminal offences, insofar as this is not exclusively for the fulfilment of legal requirements;
  • building and plant security (e.g. through access controls), insofar as this goes beyond the ge-neral duty of care;
  • internal and external investigations as well as security reviews; possible listening or
  • recording telephone conversations for quality control and training purposes;
  • the preservation and maintenance of certifications under private law or of an official nature;
  • Securing and exercising domestic rights through appropriate measures (such as video sur-veillance) as well as securing evidence in the event of criminal offences and their prevention.
Purposes within the scope of your consent (Art. 6 para 1a GDPR)
A processing of your personal data for certain purposes (e.g. use of your e-mail address for marketing purposes) can also take place on the basis of your consent. As a rule, you can revoke your consent at any time. This also applies to the revocation of declarations of consent given to us before the GDPR came into force, i.e. before 25 May 2018. You will be informed separately about the purposes and consequences of a revocation or the non-granting of consent in the corresponding text of the consent. As a matter of principle, the revocation of consent will only take effect in the future. Proces-sing that took place before the revocation is not affected and remains lawful.
Purposes to fulfil legal requirements (Art. 6 para. 1 c GDPR) or in the public interest (Art. 6 para. 1 e GDPR)
Like everyone who participates in economic activities, we are also subject to a large number of legal obligations. These are primarily legal requirements (e.g. trade and tax laws) but may also include re-gulatory or other official requirements. The purposes of processing may include the fulfilment of con-trol and reporting obligations under tax law as well as the archiving of data for the purposes of data protection and data security as well as auditing by tax and other authorities. In addition, the disclo-sure of personal data may become necessary in the course of governmental/judicial action for the purpose of gathering evidence, prosecuting crimes or enforcing civil claims.
Scope of your obligations to provide us with data
You only need to provide the information that is necessary to establish and conduct a business relati-onship with us, or for a pre-contractual relationship with us, or that we are required by law to collect. Without this information, we will generally not be able to conclude or execute the contract. This may also refer to data required later within the scope of the business relationship. If we also request data from you, you will be informed of the voluntary nature of the information separately.
Existence of automated decision making in individual cases (including profiling)
We do not use purely automated decision-making procedures pursuant to Article 22 GDPR. Should we use such a procedure in individual cases in the future, we will inform you of this separately if this is required by law. We may process some of your data with the aim of evaluating certain personal aspects (profiling).
In order to provide you with targeted information and advice on products, we may use evaluation tools. These enable us to design products, communicate and advertise according to your needs, in-cluding market and opinion research. Information on nationality and special categories of personal data pursuant to Art. 9 GDPR are not processed here.
2.4. Consequences of non-availability of data
Within the framework of the business relationship, you must provide personal data which is neces-sary for the establishment, execution and termination of the legal transaction and the fulfilment of the associated contractual obligations or which we are legally obliged to collect. Without this data we will not be able to carry out the legal transaction with you.
2.5. Recipients of data within the EU
Within our company, those internal departments or organisational units that need your data to fulfil our contractual and legal obligations or in the context of processing and implementing our legitimate interest will receive it.
A passing on of your data to external places takes place exclusively
  • in connection with the execution of the contract;
  • der Prüfung und Optimierung von Verfahren zur Bedarfsanalyse;
  • for the purposes of fulfilling legal requirements, according to which we are obliged to provide information, report or pass on data or the passing on of data is in the public interest (cf. Section 2.4);
  • insofar as external service providers process data on our behalf as contract processors or func-tion takers (e.g. computer centres, support/maintenance of EDP/IT applications, archiving, document processing, call centre services, compliance services, controlling, data validation or plausibility checks, data destruction, purchasing/procurement, customer administration, let-tershops, marketing, media technology, research, risk controlling, invoicing, telephony, webs-ite management, auditing services, credit institutions, printers or companies for data disposal, courier services, logistics);
  • due to our legitimate interest or the legitimate interest of the third party for the purposes mentioned (e.g. to authorities, credit agencies, collection agencies, lawyers, courts, experts, subsidiaries and committees and supervisory bodies);
  • if you have given us your consent to the transfer to third parties.
Furthermore, we will not pass on your data to third parties. If we commission service providers to process your order, your data will be subject to the same security standards as ours. In other cases, the recipients may only use the data for the purposes for which it was transmitted to them.
2.6. Recipients of data outside the EU
Data is not transferred to locations in countries outside the European Union (EU) or the European Economic Area (EEA) (so-called third countries).
2.7. Storage periods
We process and store your data for the duration of our business relationship. This also includes the initiation of a contract (pre-contractual legal relationship) and the execution of a contract.
In addition, we are subject to various storage and documentation obligations, including those arising from the German Commercial Code (HGB) and the Fiscal Code (AO). The periods for storage or docu-mentation specified therein are up to ten years from the end of the calendar year beyond the end of the business relationship or the pre-contractual legal relationship.
In addition, special statutory provisions may require a longer storage period, such as the preservation of evidence within the framework of the statutory statute of limitations. According to §§ 195 ff. of the German Civil Code (BGB), the regular limitation period is three years; however, limitation periods of up to 30 years may also be applicable.
If the data are no longer necessary for the fulfilment of contractual or legal obligations and rights, they will be deleted regularly, unless their - temporary - further processing is necessary for the ful-filment of the purposes for an overriding legitimate interest. Such an overriding legitimate interest also exists, for example, if deletion is not possible or only possible with disproportionately high effort due to the special type of storage and if processing for other purposes is excluded by suitable techni-cal and organizational measures.
3. Your Rights
Under certain circumstances you can assert your data protection rights against us.
  • Thus you have the right to receive information from us about your data stored with us in ac-cordance with the rules of Art. 15 GDPR (if necessary with restrictions in accordance with § 34 BDSG-Neu).
  • At your request, we will correct the data stored about you in accordance with Art. 16 GDPR if it is inaccurate or erroneous.
  • If you so wish, we will delete your data in accordance with the principles of Art. 17 GDPR, provi-ded that other statutory provisions (e.g. statutory storage obligations or the restrictions under § 35 BDSG-Neu) or an overriding interest on our part (e.g. to defend our rights and claims) do not prevent this.
  • Taking into account the requirements of Art. 18 GDPR, you may request us to restrict the pro-cessing of your data.
  • Furthermore, you may object to the processing of your data in accordance with Art. 21 GDPR, on the basis of which we must terminate the processing of your data. However, this right of objec-tion only applies in very special circumstances of your personal situation, whereby the rights of our company may conflict with your right of objection.
  • You also have the right to receive your data under the conditions of Art. 20 GDPR in a struc-tured, common and machine-readable format or to forward it to a third party.
  • In addition, you have the right to revoke your consent to the processing of personal data at any time with effect for the future (cf. Section 2.3).
  • You also have the right to appeal to a data protection supervisory authority (Art. 77 GDPR). However, we recommend that you always submit a complaint to our data protection officer first.
  • Your requests regarding the exercise of your rights should, if possible, be addressed in writing or by e-mail to the above address or directly in writing or by e-mail to our data protection officer.
Special reference to your right of objection according to Art. 21 GDPR
You have the right at any time to object to the processing of your data, which takes place on the basis of Art. 6 Para. 1 f GDPR (data processing on the basis of a weighing of interests) or Art. 6 Para. 1 e GDPR (data processing in the public interest), if there are reasons for this which result from your particular situation.
This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR. If you file an ob-jection, we will no longer process your personal data unless we can prove compelling reasons worthy of protec-tion for the processing which outweigh your interests, rights and freedoms, or the processing serves the asser-tion, exercise or defence of legal claims.
We may also process your personal data for the purpose of direct advertising. If you do not wish to receive any advertising, you have the right to object at any time; this also applies to profiling, insofar as it is connected with such direct advertising. We will consider this contradiction for the future. We will no longer process your data for purposes of direct marketing if you object to the processing for these purposes.
The objection can be made without form and should be addressed as far as possible to
Berghausstr. 1
01844 Neustadt in Sachsen
E-Mail adress:
You also have the option of contacting the above data protection officer or a data protection supervisory au-thority with a complaint.
The data protection supervisory authority responsible for us is:
Sächsischer Datenschutzbeauftragter
Herr Andreas Schurig
Devrientstr. 1
01067 Dresden
Phone: +49 351/85471 101
E-Mail adress: