Change language

Note on data processing for new customers

This information provides you with an overview of the processing of your personal data when you apply to become a KOMSA partner. We will inform you about what data we collect from you and how we use it. We also inform you about your rights under applicable data protection law and tell you who you can contact if you have any questions.

Please note: This data protection notice applies to the processing of data relating to natural persons. This data protection notice does not apply to the processing of data relating to legal entities.

1. Who is responsible for data processing?

KOMSA AG (“KOMSA”) is responsible for processing your personal data when you apply for a KOMSA partnership. The contact details are as follows:

KOMSA AG
KOMSA Allee 1
09232 Hartmannsdorf
Phone Number: Tel. +49 3722 713-8500
e-mail: info@komsa.com

2. Who can you contact if you have questions about data processing?

You can address questions about the processing of your data to the data protection officer at any time. The address of the data protection officer is

datenschutz nord GmbH
Niederlassung Berlin
Kurfürstendamm 212
10719 Berlin
e-mail: office@datenschutz-nord.de

If you wish to exercise your rights as a data subject, e.g. data disclosure, data erasure or objection to advertising, please contact KOMSA directly using the contact details provided.

3. What data of yours do we process, for what purposes do we process your data and on what legal basis do we do so?

3.1 Applying for a KOMSA partnership

If you apply for a KOMSA partnership, we collect this data from you for communication purposes:

  • Salutation

  • Your name

  • E-mail address (business)

  • Telephone number (business)

  • Mobile phone number (business)

We check whether your company is eligible for a partnership with us. In this context, we collect this data about your company:

  • Information about your company (company name, address, date of foundation, legal form, tax number, VAT identification number, URL of the company website, telephone number of the head office, general e-mail address of the company)

  • Company documents (extract from the commercial register, business registration, entrepreneur certificate)

  • Title and name of management personnel (management, board, owner)

If the initiation of a business relationship with KOMSA is out of the question because the business area suitable for you is assigned to another company of the KOMSA Group, we will forward your data to the responsible company of the KOMSA Group. The companies of the KOMSA Group can be found in the list in section 5.

The legal basis for the described data processing is Art. 6 para. 1 lit. b GDPR (pre-contractual measures) and Art. 6 para. 1 lit. f GDPR (balancing of interests, based on the legitimate interests of KOMSA to check the suitability of a potential KOMSA partner, to forward the interested party internally to the responsible company of the KOMSA Group and to be in contact with the contact persons of a potential KOMSA partner).

3.2 Revenue fulfillment

If we accept your application, we will then process your data for the purpose of implementing the KOMSA partnership. The legal basis for the described data processing is Art. 6 para. 1 lit. b GDPR (fulfillment of contract) or Art. 6 para. 1 lit. f GDPR (balancing of interests, based on the legitimate interest of KOMSA to be in contact with the contact persons of a KOMSA partner).

3.3 Credit check

We process your data in order to obtain information about your creditworthiness (solvency) from third parties. For the retrieval of creditworthiness data, we pass this data on to our partner credit agencies: company, owner (in the case of partnerships), address, any documents provided, e.g. business registration.

Information about your creditworthiness helps us to assess the risk of non-payment before concluding a contract. This measure is important as we make advance payments. We check your creditworthiness with these credit agencies:

Automated individual case decision

During the credit check, KOMSA can use an automated process to decide whether to grant you an insecure payment method (invoice, direct debit) or reject your application for a KOMSA partnership. An automated rejection or restriction of the available payment methods takes place in the event of a negative credit report or an insufficient score.

You can contest the automated rejection. In addition, you have the right to inform us of your position regarding your ability to pay. To do so, please contact KOMSA directly at the e-mail address business-controlling@komsa.de. We will then carry out a manual review of the automated decision.

The legal basis for the data processing described is Art. 6 para. 1 lit. f GDPR (balancing of interests, based on KOMSA's interests in checking the creditworthiness of its business partners and preventing fraud).

3.4 Participation in training courses/ events/ certification examinations and use of online learning opportunities

As employees of our contractual partners, you have the opportunity to take part in online training courses and online events. You can also take certification exams. To do this, we first ask you to create a user profile on our training platform. To do this, we require the following mandatory information from you: First name, surname, e-mail address and company name. We use the data to create the user profile, send the confirmation e-mail, check and assign you to the contractual partner, and carry out training courses, events and examinations. We provide you with the certificates on the platform, which you can download yourself. We only use the data marked as voluntary (telephone number, customer number, country and language) in connection with the booked training course and/or event. We also process your data in order to provide you with training content.

We forward your data (name, e-mail address, company) to device manufacturers or external trainers if this is necessary to give you access to the manufacturer's training platform or to send you training documents.

The legal basis for the processing of your data is Art. 6 para. 1 lit. f GDPR (legitimate interest, based on being able to provide access to training and to conduct training courses. Insofar as we use service providers who support us in our activities, we have concluded the necessary contracts with them.

3.5 Internal Group scoring

We continuously check your creditworthiness within the Group (scoring). For this purpose, we retrieve information on your creditworthiness from credit agencies (see section 3.3). We combine this data with the payment experience of the KOMSA Group companies using recognized mathematical-statistical procedures to create a score value. The score value summarizes this information:

  • Information on your creditworthiness retrieved from our partner credit agencies

  • Your payment behavior in all existing and future business relationships that you maintain with the companies of the KOMSA Group

  • Monthly sales

  • Creditworthiness index of rating agencies

  • Outstanding receivables

  • Maturities

  • Payment target deviations

  • Payment duration

  • Dunning levels

  • Return debit notes

  • Average values of these data and trends

We process the score value in order to grant you a credit limit and minimize the risk of non-payment for the KOMSA Group.

The legal basis for the described data processing is Art. 6 para. 1 lit. f GDPR (balancing of interests, based on the interests of KOMSA to check the creditworthiness of its business partners and to minimize payment default risks).

3.6 Advertising

In addition to processing your data to initiate and implement the business partnership, we also use your data for advertising purposes if you have separately consented to the use of your data for advertising purposes.

We use your data (name, address, e-mail address, telephone number) provided in connection with the registration as a new customer for direct advertising by e-mail, letter and telephone for products and services of the companies of the KOMSA Group (KOMSA AG, KOMSA Services GmbH, Revived Products GmbH, w-support.com GmbH, aetka AG). If you do not wish to receive this advertising, you can revoke your consent at any time. An informal notification to KOMSA is sufficient.

The legal basis for the described data processing is Art. 6 para. 1 lit. a GDPR (consent).

4. Is there an obligation to provide the data?

The provision of data for the initiation of the business relationship is not required by law. However, it is necessary for the processing of your application. The provision of data for the rating is not required by law but is necessary for the granting of an appropriate credit line or the granting of a corresponding payment term. The provision of data is voluntary. If you do not provide the data, it will not be possible to process your application to establish a business relationship or delivery will be made using a secure payment method (prepayment or cash on delivery).

5. Who has access to your data and for what reason?

Within KOMSA, access to your data is only granted to persons who need it to perform the tasks assigned to them. Outside KOMSA, service providers who support us in the fulfillment of our tasks may have access to your data. These are service providers in the following categories:

  • Hosting service provider for the operation of our servers

  • IT service provider for maintenance and support of software applications

  • Credit agencies for carrying out credit checks

  • Trade credit insurer

  • Service provider for our CRM system (HubSpot, Inc.) for sending e-mail advertising

Service providers used by us must meet special confidentiality requirements. They will only have access to your data to the extent and for the period of time required to fulfill their tasks.

In addition, other companies in the KOMSA Group (KOMSA Services GmbH, KOMSA Management GmbH, w-support.com GmbH, VerRi Versicherungsoptimierung und Risikomanagement Sachsen GmbH, Saxonum GmbH, Revived Products GmbH and Kapps GmbH) may have access to your data insofar as this is necessary for the processing of your application, advertising and internal credit checks within the Group.

6. Is data processed outside the European Union?

To process your data, we use HubSpot, Inc., based in the United States, as a service provider located in third countries outside the European Union. Countries outside the European Union handle the protection of personal data differently than countries within the European Union. We have therefore taken special measures to ensure that your data is processed just as securely in third countries as it is within the European Union. With service providers in third countries, we conclude the data protection contract provided by the Commission of the European Union for the processing of personal data in third countries (standard data protection clauses). This provides suitable guarantees for the protection of your data with service providers in third countries. You can request a copy of this data protection agreement using the contact details provided above.

7. How long will the data be stored?

We generally store your data for three years, unless we are obliged to store it for longer due to tax and commercial law retention and documentation obligations or you have consented to your data being stored for longer.

In the event that you have given us your consent to process your data for advertising purposes, we will store your data until you withdraw your consent.

8. What rights do you have?

8.1 Information

In accordance with Art. 15 GDPR, you can request information about your personal data processed by us.

8.2 Correction

If your data is not (or is no longer) accurate, you can request the rectification of your data in accordance with Art. 16 GDPR. If your data is incomplete, you can request that it be completed.

8.3 Deletion

In accordance with Art. 17 GDPR, you have the right to request the erasure of your data. Please note that the right to erasure is subject to certain conditions. For example, there must be no regulations that oblige us to retain your data.

8.4 Restriction of processing

In accordance with Art. 18 GDPR, you have the right to request the restriction of the processing of your data.

8.5 Data portability

In accordance with Art. 20 GDPR, you have the right to receive personal data that you have provided to us in an electronic format.

8.6 Revocation of your consent

You have the right to withdraw your consent to the processing of your data, which you have given us, at any time. The easiest way to withdraw your consent is to send an e-mail to the KOMSA contact details given above. The withdrawal of consent does not affect the lawfulness of the processing of your data carried out until the withdrawal.

8.7 Contradiction

In accordance with Art. 21 GDPR, you have the right to object to the processing of your data on grounds relating to your particular situation. In the event of a justified objection, we will no longer process your data.

8.8 Objection to the processing of your data for direct marketing purposes

You have the right to object at any time to the processing of your data for direct marketing purposes. This also applies to profiling in connection with direct advertising. You can address your objection to us informally, preferably to the KOMSA contact details given above, stating the keyword “Objection to the processing of my personal data for advertising purposes”

8.9 Right of appeal

You are entitled to lodge a complaint with a data protection supervisory authority if you do not agree with the processing of your data.