PRIVACY STATEMENT FOR BUSINESS PARTNERS OF SCHAEBENS
Controller
This privacy notice for business partners informs you about the processing of your personal data by A. Moras & Comp. GmbH & Co. KG, Europaallee 42, 50226 Frechen. According to Article 4 (1) of the GDPR, your personal data includes any information that is or can be related to you, in particular by reference to an identifier such as a name or to an organisational or customer number by which you can be identified. We provide this privacy notice for business partners in our role as the data controller to explain the data processing activities concerning our customers, business partners, and suppliers, and, where applicable, their employees who are associated with A. Moras & Comp. GmbH & Co. KG.
This notice applies if you are an independent business partner of A. Moras & Comp. GmbH & Co. KG, or if you are an employee of a business partner acting on behalf of that partner in dealings with A. Moras & Comp. GmbH & Co. KG.
The controller within the meaning of the General Data Protection Regulation (GDPR) is
- Moras & Comp. GmbH & Co. KG
Europaallee 42
50226 Frechen
Email: info@schaebens.de
You can contact our Data Protection Officer, Mr. Bernd Fuhlert, via email at: datenschutz@schaebens.de
Purpose and legal bases of the data processing
We process personal data of our business partners, their employees, and other involved parties for the purpose of initiating, executing, and terminating contractual relationships, as well as for complying with legal obligations. In addition, we use data for the purposes of communication, customer relationship management (CRM), and the protection of legitimate interests.
In this respect, the following categories of data are processed:
- a) In the case of independent business partners:
- name, business contact details
- services offered
- contractual information
- communication content (e.g., emails, letters)
- payment and invoicing information
- history of the business relationship
- b) In the case of employees of business partners:
- name, business contact details
- name of the employer
- title / position
- communication content (e.g., emails, letters)
The processing of your personal data will be carried out on the basis of various legal grounds in accordance with the General Data Protection Regulation (GDPR):
Consent (Article 6 (1) (a) GDPR): Where you have given us explicit consent to the processing of your personal data, such processing will take place solely for the purposes specified in that consent. Any consent granted may be revoked at any time with effect for the future.
Performance of a contract and pre-contractual measures (Art. 6 (1) (b) GDPR): The processing of your data is necessary for the conclusion or performance of a contract with you or your company. This includes, in particular, the initiation, execution, and handling of business relationships, as well as communication within the scope of the contractual relationship.
Legal obligations (Article 6 (1) (c) GDPR): In certain cases, we are legally obliged to process personal data—for example, to comply with retention requirements under tax or commercial law or to fulfil documentation and reporting obligations in relation to public authorities.
Legitimate interests (Article 6 (1) (f) GDPR): Where necessary, we shall also process your personal data to safeguard our legitimate interests or those of third parties. Our legitimate interests include, in particular:
- maintaining efficient and targeted customer communication, including the use of a customer relationship management (CRM) system,
- conducting direct marketing in accordance with the legal requirements of Section 7 of the German Act Against Unfair Competition (UWG),
- fraud prevention, and ensuring IT and network security, as well as protecting our systems against unauthorised access,
- and safeguarding and enforcing legal claims, including the defence of such claims in legal disputes.
Sources of data
Generally, we shall process data that we receive directly from you. In addition, where necessary, we may process data from public sources (e.g. commercial registers) or from third parties (e.g. credit agencies).
Recipients of data
We disclose personal data only to the extent that this is legally permissible. Recipients may include:
- service providers within the scope of commissioned processing activities (e.g. IT hosting, maintenance, CRM systems)
- public authorities, courts, or supervisory bodies where legally required
- tax advisers, auditors, and solicitors, as necessary
- group companies of A. Moras & Comp. GmbH & Co. KG, where permissible
All processors are contractually obligated to protect your data in accordance with the GDPR.
Data transfers to third countries including the USA
Your personal data will only be transferred to entities in countries outside the European Union (EU) or European Economic Area (EEA) if:
- this is necessary for the performance of a contract,
- you have granted us your consent,
- or a legal obligation requires such transfer.
Where we use service providers in the USA (e.g. cloud services, CRM systems, video conferencing tools), your personal data will, as a rule, only be transferred if the respective recipient is certified under the EU-U.S. Data Privacy Framework (DPF). In such cases, the European Commission determines, in accordance with Art. 45 GDPR, that an adequate level of data protection exists in the USA for these certified companies. If the recipient is not certified under the DPF, we rely on other appropriate safeguards, such as the Standard Contractual Clauses adopted by the European Commission (Art. 46 GDPR). Where necessary, additional technical and organisational measures will be taken to ensure the protection of your data. You can find an up-to-date list of companies certified under the DPF at: https://www.dataprivacyframework.gov/s/participant-search
Retention period
We shall retain your personal data only for as long as necessary for fulfilling the respective purposes. As a rule, the data will be retained as follows:
- Contract-related data: until the end of the business relationship
- Commercial and tax law retention obligations: generally 6 to 10 years
- Limitation periods for legal claims: generally 3 years
After these periods expire, the data will be deleted or anonymised.
Your rights
In accordance with applicable data protection laws, you have the following rights:
Right of access (Art. 15 GDPR): You have the right to access the stored personal data concerning you.
Right to rectification (Article 16 GDPR): If you discover that inaccurate data concerning you is being processed, you may obtain rectification. Incomplete data must be completed, with due regard being given to the purpose of the processing.
Right to erasure (Art. 17 GDPR): You have the right to obtain the erasure of your data if specific grounds for erasure apply. This is particularly the case when this data is no longer necessary for the purpose for which it was originally collected or processed.
Right to restriction of processing (Art. 18 GDPR): You have the right to obtain restriction of the processing of your data. This means that your data will not be deleted but will be marked to restrict further processing or use.
Right to data portability (Art. 20 GDPR): You have the right to receive in a structured, commonly used, and machine-readable format the personal data you provided to A. Moras & Comp. GmbH & Co. KG. You also have the right to transfer this data to another controller without hindrance from A. Moras & Comp. GmbH & Co. KG.
Right to object to unreasonable data processing (Art. 21 GDPR): The data subject has the right, on grounds relating to their particular situation, to object at any time to the processing of their personal data where such processing is based on Article 6 (1) (e) or (f) GDPR.
If you have given your consent to specific processing activities, you may withdraw that consent at any time with effect for the future. Such withdrawal will not affect the lawfulness of the processing carried out prior to withdrawal.
Right to lodge a complaint with a supervisory authority
In accordance with Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority. The competent authority in North Rhine-Westphalia is: State Commissioner for Data Protection and Freedom of Information NRW, P.O. Box 20 04 44, 40102 Düsseldorf.
Website: https://www.ldi.nrw.de
Automated decision-making
No automated decision-making or profiling takes place.
Objecting to marketing emails
We hereby expressly object to contact details that have been published in accordance with legal notice obligations being used for the purpose of sending unsolicited marketing or informational materials, or for marketing calls. Unsolicited marketing calls, marketing emails, or similar forms of contact constitute a violation of competition law and may be subject to legal action.
If you have any questions regarding the processing of your data, please contact:
- Moras & Comp. GmbH & Co. KG
Europaallee 42
50226 Frechen
Email: datenschutz@schaebens.de
Right to amend
We reserve the right to amend this Privacy Statement as necessary to reflect legal changes or modifications to our data processing. The respective current version is available on this website. Last updated: September 2025