Data Protection Information Letter
FREUDENBERG CO. KOMMANDITGESELLSCHAFT
FREUDENBERG SE
FREUDENBERG BUSINESS SERVICES KG
FREUDENBERG REAL ESTATE GMBH
FREUDENBERG VERSICHERUNGSSERVICE GMBH
FREUDENBERG RÜCKVERSICHERUNGS AG
FREUDENBERG SERVICE KG
FREUDENBERG VERPFLEGUNGSDIENSTE KG
FREUDENBERG TECHNOLOGY INNOVATION SE & CO. KG
With the following information, we would like to give you an overview of the processing of your personal data by us and your rights under data protection law. The specific data processed and how it is used largely depend on the services requested or agreed upon in each individual case. Therefore, not all sections of this information will apply to you.
In addition, this data protection information may be updated from time to time. You can always find the latest version on this page.
Currently valid: Version April 2025.
1. Controller
The controller within the meaning of the GDPR is your contractual partner. Information can be found in the main contract.
In many areas, data is processed jointly by the companies of the Freudenberg Group. This document is also intended to provide an overview here.
You can reach our external data protection officer at
c/o activeMind Legal Rechtsanwaltsgesellschaft mbH
Potsdamer Strasse 3
80802 Munich
Telephone: (089) 91 92 94-900
e-mail: dataprotection-support[at]freudenberg.com
Joint controllership is governed by an agreement between the companies. As part of their activities, the companies use the same database solution in some cases and access a shared database where necessary. Both companies are independently responsible for the lawful processing of personal data and the granting of data subject rights, including the provision of mandatory information. Where necessary, the companies support each other in this.
2. We process your data for the following purposes and on the following legal basis:
We process personal data in accordance with the provisions of the GDPR and the German Federal Data Protection Act (BDSG):
For the fulfilment of contractual obligations (Art. 6 (1) (b) GDPR)
The processing is necessary for the fulfilment of a contract with you. If you enquire about an offer, the data processing is carried out in response to your enquiry and is necessary for the implementation of pre-contractual measures.
Due to legal requirements (Art. 6 para. (1) (c) GDPR)
We are subject to various legal obligations that require the processing of personal data. These obligations include, for example, compliance with tax laws and statutory accounting regulations, responding to requests and requirements from supervisory or law enforcement authorities, and fulfilling tax control and reporting duties.
Additionally, the disclosure of personal data may be necessary in the course of official or judicial proceedings, such as for the collection of evidence, criminal prosecution, or the enforcement of civil law claims.
Based on a balancing of interests (Art. 6 (1) (f) GDPR)
Where necessary, we process your data beyond the actual fulfilment of the contract to protect our legitimate interests or those of third parties. Examples of such cases are:
- If you contact us by e-mail or telephone, the data you enter will be stored for the purpose of personalised communication with you,
- Assertion of legal claims and defence in legal disputes,
- Storage of additional contact persons in the CRM system for communication.
- Conducting surveys to improve our services.
Credit assessment
We receive information about your creditworthiness from credit agencies such as Creditreform, Crif, Dun & Bradstreet and Coface. This is done for the purpose of assessing credit risk. We have a legitimate interest in finding out whether there is a credit risk with regard to the contract to be concluded with you. The data is forwarded to the credit agencies in order to obtain creditworthiness information. Further information on the activities of these credit agencies can be found on the website of the respective credit agency.
| Provider | Address | |
|---|---|---|
| Allianz Trade | Gasstraße 29, 22761 Hamburg, Deutschland | info.de@allianz-trade.com |
| Coface | Isaac-Fulda-Allee 1, 55124 Mainz, Deutschland | info-germany@coface.com |
| Creditreform | Hammfelddamm 13, 41460 Neuss, Deutschland | kontakt@creditreform.de |
| Creditsafe | Sonnenallee 221 F, 12059 Berlin. Deutschland | info@creditsafede.com |
| Crif GmbH | Victor-Gollancz-Straße 5, 76137 Karlsruhe, Deutschland | info.de@crif.com |
| Dun & Bradstreet | Brüsseler Straße 1-3, 60327 Frankfurt am Main, Deutschland | info.de@dnb.com |
| Schufa | Kormoranweg 5, 65201 Wiesbaden, Deutschland | impressum@schufa.de |
3. Who receives your data?
Within our company, employees receive your data for contact with you and for contractual cooperation (including the fulfilment of pre-contractual measures).
Your data will only be shared with service providers (processors) when necessary for the fulfillment of our contractual obligations, for example, for the support and maintenance of IT systems, accounting, or secure data disposal. All service providers are contractually bound to maintain the confidentiality of your data through a data processing agreement.
With regard to the transfer of data to recipients outside our company, it should first be noted that we only pass on necessary personal data in compliance with the applicable data protection regulations.
Under these conditions, recipients of personal data may be, for example:
- public bodies and institutions (e.g. tax authorities, law enforcement authorities) in the event of a legal or official obligation,
- Credit and financial services institutions (processing of payment transactions)
- Tax consultant, business and payroll tax/company auditor (statutory audit mandate)
- Lawyers (enforcement of claims);
- Credit agencies.
4. Is data transferred to a third country or an international organisation?
We use service providers for certain tasks who may, in turn, engage subcontractors that are based in third countries or have parent companies or data centers located there. A data transfer is permitted if the European Commission has determined that the third country ensures an adequate level of data protection (Art. 45 GDPR).
If no such decision has been made by the Commission, we or our service providers may only transfer personal data to providers in a third country if appropriate safeguards are in place (such as standard data protection clauses adopted by the Commission or a supervisory authority through a specific procedure) and enforceable rights and effective legal remedies are available.
Additionally, we have contractually agreed with our service providers that any of their subcontractors must also adhere to data protection standards that comply with the level of protection required under European data protection law.
5. How long will your data be stored?
We process and store your personal data for as long as this is necessary for the fulfilment of our contractual and legal obligations. If the data is no longer required for the fulfilment of contractual or legal obligations, it is regularly deleted.
There are exceptions to the above-mentioned deletion criteria for data,
- required for the fulfilment of statutory retention obligations, e.g. German Commercial Code (HGB) and German Fiscal Code (AO). The retention and documentation periods specified there are generally six to ten years,
- for the preservation of evidence within the framework of the statutory limitation periods. According to Sections 195 et seq. of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is three years.
If the data processing is carried out in our legitimate interest or that of a third party, the personal data will be deleted as soon as this interest no longer exists. The aforementioned exceptions apply.
6. What data protection rights do you have?
Every data subject has the right of access (Art. 15 GDPR), the right to rectification (Art. 16 GDPR), the right to erasure (Art. 17 GDPR), the right to restriction of processing (Art. 18 GDPR), the right to object (Art. 21 GDPR), and the right to data portability (Art. 20 GDPR). Please note that the rights of access and erasure are subject to the limitations set out in Sections 34 and 35 of the German Federal Data Protection Act (BDSG).
Furthermore, you have the right to lodge a complaint with a competent data protection supervisory authority in accordance with Art. 77 GDPR.
A list of supervisory authorities for the non-public sector, including their contact details, can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
7. Do I have an obligation to provide data?
As part of the contractual relationship, you may provide the personal data that is necessary for initiating, executing, and terminating the contract, as well as for fulfilling the associated contractual obligations or for which we are legally required to collect. Without this data, we will not be able to contact you, conclude the contract with you, or carry it out.
Information about your right to object in accordance with Art. 21 of the General Data Protection Regulation (GDPR)
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (f) of Article 6(1) GDPR (data processing on the basis of a balancing of interests).
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
Recipient of an objection
The objection can be made informally with the subject "Objection", stating your name and address. Please contact your contact person directly.
