1. Subject of this data protection notice
The protection of your personal data is a major and very important concern for us and is taken into account in all our business processes. Personal data means any information relating to an identified or identifiable natural person.
In the following, we would like to inform you with a detailed overview of the processing of your personal data of our Business Partners and their employees.
Furthermore, we would like to inform you about the rights you are entitled to and the technical and organisational protective measures we have taken with regard to the processing of your data.
2. Name and address of the data controller and service provider
Responsible data controller according to Art. 4 (7) General Data Protection Regulation (“GDPR”) in terms of the basic data protection regulation (GDPR) and at the same time service provider in terms of Section 5 the of the German Telemedia Act (“Telemediengesetz” -TMG) is
Moosacher Strasse 84
D-80809 Munich, Germany
See our imprint for further details.
If you have any questions or comments about this protection policy or about data protection in general you can contact our data protection officer as follows:
Data Protection Officer
Moosacher Strasse 84
D-80809 Munich, Germany
3. Collection and use of data
We only process personal data where this is necessary and in accordance with the principles of data minimisation and purpose limitation. Therefore, following personal data categories will be collected:
3.1. General data from the business relationship
- Business and Contact data (e.g. name, business email address, name of the company, business address, phone number, position in your company, other data about your company)
- Data about the business relationship or joint project (e.g. correspondence or other communication between you and IONITY, details about the joint project)
- General and invoice data of the company (e.g. name of the invoiced party, registration number, IBAN, bank name, VAT ID, currency, DUNS number
- Land register data (area, location, dimensions) of site partners
3.2. Data from other sources
As far as it is necessary for the fulfilment of the contract or pre-contractual measures or if you have consented to it, we also process personal data (business and contact data) that we have permissibly received from other third parties.
4. Purpose and legal basis of the data processing
4.1. Fulfilment of contractual obligations and performance
We process personal data in the context of the fulfilment of our contractual obligations and invoicing purposes (Article 6 (1) (b) GDPR). If the fulfilment of contractual obligation requires to process personal data of employees of Business Partners (generally as contact person), this is based on Article 6 (1) (f) GDPR.
Furthermore, we need to process personal data to ensure the performance and management of the contract and business relationship which is to be considered as legitimate interest for IONITY (Art. 6 (1) (f) GDPR):
- For the enforcement of legal claims and defence in legal disputes,
- To ensure IT security and IT operations (e.g. creating partner accounts for access rights),
- For accounting purposes,
- For risk management purposes.
If you provide further information during the onboarding process (e.g. in your partner account), your personal data will be collected and processed pursuant to Art. 6 (1) (a) GDPR. You can withdraw your consent at any time.
4.2. Tender process
Business Partners or their employees need to provide certain data during the tender process. This serves to contact you regarding the status of the tender process and to share and transfer documents during or after the tender process. If you or your company was selected as supplier, sec. 4.1 applies.
If you provide further information during the tender process (e.g. in the tender platform account), your personal data will be collected and processed pursuant to Art. 6 (1) (a) GDPR. You can withdraw your consent at any time.
5. Service providers and data transfer to third parties
In order to fulfil the aforementioned purposes, your personal data may be passed on to service providers supporting us (e.g. IT service provider), which we have carefully selected and commissioned in writing according to the requirements of the GDPR. These service providers are bound by our instructions and are regularly monitored by us.
Categories of recipients:
- Procurement software provider
- IT service provider
- Municipality (only for building permits)
- Construction companies
- Planning office
Your data will otherwise only be passed on to other third parties if this data protection declaration expressly refers to this or if we are legally obliged to transfer personal data.
6. Data transfers to third countries
We also transfer your data to service providers who are located in third countries or have access to your personal data from there. These data transfers have an adequate level of data protection according to Art. 45 (1) or Art. 46 (2) (c) GDPR. Our service providers in third countries are bound by our instructions and are regularly monitored by us.
7. Automated decision-making
No automated decision-making takes place.
8. Deletion of personal data
8.1. Contractual data
If you close a contract with us (e.g. as Site Partner or after the selection in a tender process) we will store personal data in the contract or needed for the business relationship as long as we need them for the fulfilment of contractual or legal obligations. Depending on the document we have to retain some data for up to 10 years due to legal retention periods in commercial and tax law. After this period, we will delete your personal data.
8.2. Tender process
We process your personal data only as long as we need it for the tender process and have to retain it for compliance purposes for 10 years. After this period, we will delete your personal data.
9. Your rights
9.1. Your rights
You have the right to ask us to confirm whether personal data concerning you is being processed; if this is the case, you have the right to obtain information about this personal data and the information specified in Art. 15 of the GDPR.
You have the right to demand that we correct incorrect personal data relating to you without delay and, if necessary, complete incomplete personal data (Art. 16 GDPR).
You have the right to demand from us that personal data concerning you be deleted immediately if one of the reasons listed in Art. 17 GDPR applies in detail, e.g. if the data is no longer required for the purposes pursued (right to deletion).
You have the right to request us to restrict processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you have lodged an objection to processing, for the duration of the examination by us.
You have the right to object at any time to the processing of personal data concerning you for the purposes of direct marketing. You also have the right to object at any time to processing operations carried out pursuant to Art. 6 (1) (e) or (f) GDPR for reasons arising from your particular situation (Art. 21 GDPR). We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
You have the right to withdraw any consent you have given us at any time with effect for the future.
You have the right to receive from us the data concerning you which you have provided us with in a structured, common and machine-readable format. You may also transmit this data to other bodies or have it transmitted by us (right to data portability).
To exercise your rights, please contact: firstname.lastname@example.org.
9.2. Complaint with the data protection authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of personal data concerning you is in breach of the GDPR (Art. 77 DPA).
In Bavaria, the competent supervisory authority is the Bavarian State Office for Data Protection Supervision, Postfach 606, 91511 Ansbach, www.lda.bayern.de.
10. Version and updates of this data protection statement