Information for business partner regarding personal data processing

Information for business partners of HCS Group GmbH in Europe regarding the processing of their personal data pursuant to Section 13 of the GDPR

HCS Group GmbH and its affiliates (“HCS”) undertake to protect the privacy of their business partners when processing personal data. The following information is intended to inform you as a customer, business partner, supplier or prospective customer, or as a contact person of a business partner, supplier or prospective customer, about the way we collect, use and transfer personal data.


I. Address and contact details

The controller for your personal data is:

HCS Group GmbH
Schlengendeich 17
21107 Hamburg/Germany

Our data protection officer’s contact details are:

Marienburgstraße 27
64297 Darmstadt /Germany
Tel.: +49 (0)6154-57605111


II. Use of your personal data

  1. Purpose of processing your personal data and the legal basis for processing

Your personal data is processed if this if necessary to initiate or perform a contract (Art. 6 (1) (b) GDPR) or to safeguard the legitimate interests of HCS (Art. 6 (1) (f) GDPR), in particular to conclude or perform contracts and other business relationships (including the processing of purchase orders, deliveries or payments), or to prepare or respond to requests for quotations, to determine the conditions of a contractual relationship, and with regard to product development activities.

The legal basis for obtaining consent is Art. 6 (1) (a) and Art. 7 GDPR, the legal basis for processing for the performance of our services and the implementation of contractual measures as well as responding to inquiries is Art. 6 (1) (b) GDPR, the legal basis for processing to fulfil our legal obligations is Art. 6 (1) (c) GDPR and the legal basis for processing to safeguard our legitimate interests is Art. 6 (1) (f) GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, the legal basis is Art. 6 (1) (d) GDPR.

  1. Categories of data

HCS processes the personal data that we receive from you in the course of our business relationship and in the context of instructions from you, your customers, suppliers or prospective customers. In addition, we process personal data which we legitimately obtain from public directories and official announcements and other generally accessible sources, or sources which are made available to us by contractual partners.

Personal data that is relevant for conducting business relationships comprises, in addition to personal data or master data (name, address, associated company, position and contact details), data relating to current and previous orders, payment and billing data, usage data and logs as well as advertising and sales data and data comparable with the aforementioned categories.


III. Recipient of your personal data

Within our company and affiliates, those positions which require the data to fulfil our contractual and legal obligations have access to it. Processors commissioned by us (Art. 28 GDPR) may also receive data for these purposes. These processors are companies in the categories of IT services, logistics, printing services, telecommunications, marketing, legal and tax advice, collection agencies, auditing and accounting.

We only disclose your data to third parties for their own use if and to the extent that consent has been granted or if contractual and/or statutory regulations make provision for this. Third parties in the above sense are public institutions and authorities, and private enterprises. To the extent permitted by law, we may also transfer your personal information to government agencies (such as social insurance agencies, tax authorities or law enforcement agencies) and domestic and foreign courts to fulfil legal obligations or our corporate interest.

Data is only transferred to institutions in countries outside the European Union (known as third countries) for the purposes of tasks carried out by certain service providers who may have their headquarters or parent company in a third country. HCS has contractually agreed with these service providers that they and their subcontractors must comply with European data protection standards and European data protection law.


IV. Your rights

Under the legal requirements, you have the right to receive information about your personal data and to request the correction or deletion of your personal data or the restriction of processing, as well as the right object to any kind of processing of your personal data as described under Point II and to receive your personal information.

In addition, you have the right to revoke any data protection consent that you have given to our company at any time. If you revoke your consent, the lawfulness of the processing carried out on the basis of your consent until the revocation will not be affected.

You are welcome to contact the e-mail address to exercise your rights.

In addition, you have the right to lodge a complaint with a supervisory authority.


V. Deletion of data

Data processed by HCS is deleted in accordance with Art. 17 and 18 GDPR or its processing restricted. The data stored with us is deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory storage requirements. If data is not deleted because it is required for other and legitimate purposes, its processing will be restricted. In other words, the data is blocked and not processed for other purposes. This applies, for example, to data which must be kept for commercial or tax reasons.

This letter is for your information only. You do not have to take any action. If you have any questions, comments or suggestions about this newsletter or about our privacy practices, please contact our data protection officer.


July 2023