The European General Data Protection Regulation (GDPR), which entered into force on May 25, 2018, applies not only in Germany, but throughout the European Union (EU).
It contains regulations regarding the handling of your data within the European Union. We have compiled the data privacy notices for our customers and other data subjects at Münze Deutschland.
Last revised May 25, 2018
Data privacy notices for customers and other data subjects
With the following information, we would like to provide you with an overview of how we process your personal data and your rights in accordance with data protection law. The specific data that is processed and the way in which it is used is essentially based on the products ordered and the communication channels chosen. Therefore, not all parts of this information will apply to you.
Who is responsible for data processing and who can I contact?What sources and data do we use?Why do we process your data (processing purpose) and on what legal basis?Who receives my data?Is data sent to a third country or to an international organization?For how long is my data stored?What are my data privacy rights?Am I obligated to provide data?To what extent is automated decision-making used?INFORMATION ABOUT YOUR RIGHT OF CANCELLATION IN ACCORDANCE WITH ARTICLE 21 GDPRWe will explain below which information Münze Deutschland collects during your visit to our website and how this information is used.
Personal data Collection and processing of personal data Use and transfer of personal data Use of cookies SecurityWho is responsible for data processing and who can I contact?
Responsible:
Münze Deutschland
in the Federal Office of Administration
Barbarastr. 1
50728 Cologne, Germany
You can reach our company data protection officer at:
Federal Office of Administration
Data Protection Officer
DGZ-Ring 12
13086 Berlin, Germany
Datenschutzbeauftragter@bva.bund.de
Telephone: +49 (0) 22899-358-681234
Which sources and data do we use?
We process personal data that we obtain from our customers or other data subjects in the context of our business relationship. In addition – to the extent required for provision of our service – we process personal data that we are permitted to obtain and process from publicly accessible sources (e.g. phone book, registry office, commercial register and register of associations, press, internet).
Relevant personal data is personalia (name, address and other contact details [telephone, e-mail address], date of birth and place of birth), legitimation data (e.g. ID data) and authentication data (e.g. specimen signature). It can also be order data (e.g. order information), data from the performance of our contractual obligations (e.g. sales data from payment transactions) as well as other data similar to the above-mentioned categories.
Customer contact information: In the context of the business initiation phase and during the business relationship, in particular through personal, telephone or written contacts, initiated by you or by us, further personal data, such as information about contact channel, date, occasion and result, (electronic) copies of written correspondence as well as information about participation in direct marketing campaigns, is also generated.
Why do we process your data (purpose of processing) and on what legal basis?
We process personal data in agreement with the provisions of the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (Bundesdatenschutzgesetz [BDSG])
a) to fulfill contractual obligations (Art. 6(1) b GDPR).
Personal data is processed for the provision of services in the context of the performance of our contracts with our customers or for the implementation of pre-contractual measures that are performed at their request. The purposes of data processing are primarily based on the specific product and can include requirements analyses, consultation, as well as the implementation of transactions. You can find further details of the data processing purposes in the General Terms and Conditions.
b) in the context of consideration of interests (Art. 6(1) f GDPR).
If necessary, we process your data beyond the actual performance of the contract in order to safeguard our legitimate interests or those of third parties.
Examples:
Checking and optimization of procedures for requirements analysis for the purpose of direct customer contact, advertising or marketing and opinion research, to the extent that you have not objected to the use of your data, assertion of legal claims and defense in the event of legal disputes, guaranteeing IT security and the IT operations of Münze Deutschland and the Federal Office of Administration,
preventing and solving crimes,
measures for building and plant safety (e.g. access controls),
measures to ensure domiciliary rights, measures for business control and further development of services and products.
c) based on your consent (Art. 6(1) a GDPR).
To the extent that you have granted consent to the processing of personal data for certain purposes (e.g. transferring data to third parties [e.g. delivery services], evaluation of payment transaction data for marketing purposes, newsletter shipping), the legitimacy of this processing is given based on your consent. This consent can be withdrawn at any time. This also applies to the withdrawal of declarations of consent granted before the entry into force of GDPR, i.e. before May 25, 2018. Withdrawal of consent is effective for the future only and does not affect the legitimacy of the data processed until the time of withdrawal.
d) based on legal obligations (Art. 6(1) c GDPR) or in the public interest (Art. 6(1) e GDPR).
In addition, we are also subject to various legal obligations or legal requirements (e.g. German Money Laundering Act, tax laws).
Who receives my data?
Within Münze Deutschland and the Federal Office of Administration, the offices that need your data for fulfillment of our contractual and legal obligations are given access to your data. Service providers and vicarious agents used by us may also receive data for these purposes, if they are, in particular, obligated to maintain secrecy. These include, e.g. companies in the categories of IT services, logistics, print services, consultation as well as sales and marketing.
In principle, we may only transfer information about our customers if legal provisions demand this, the customer has granted consent, or we are authorized to issue information. Under these conditions, the recipients of personal data may be, e.g.:
Public offices and institutions (e.g. German Central Bank, financial authorities, law enforcement authorities, family courts), if there is a legal or official obligation,
Creditors or liquidators, requesting information in the context of foreclosure,
Service providers used by us in the context of order processing relationships.
Other data recipients may be any offices to which you have granted us your consent to transfer data or to which we are authorized to send personal data based on a consideration of interests.
Is data sent to a third country or to an international organization?
Data shall only be sent to offices in countries outside the European Union (so-called third countries) to the extent that
- it is required for the execution of your orders,
- it is legally prescribed (e.g. tax notification obligations) or
- you have granted your consent.
In addition, sending to offices in third countries is provided for in the following cases:
With the data subject’s consent or based on legal regulations on the combating of money laundering, terrorist financing and other criminal actions as well as in the context of a consideration of interests, personal data may be transferred in individual cases, in compliance with the data protection level of the European Union.
For how long will my data be stored?
We process and store your personal data for as long as this is required for the fulfillment of our contractual and legal obligations.
If the data is no longer required for the fulfillment of contractual or legal obligations, it will be deleted regularly, unless its – temporary – further processing is required for the following purposes:
Fulfillment of commercial and tax law retention obligations, which can result from e.g.: German Commercial Code (Handelsgesetzbuch, HGB), German Fiscal Code (Abgabenordnung, AO), German Money Laundering Act (Geldwäschegesetz, GwG). The periods specified there for data retention or documentation are generally two to ten years.
Retention of evidence in the context of statutory limitation periods. In accordance with Section 195 et seq. of the German Civil Code (Bürgerliches Gesetzbuch, BGB), these limitation periods can be up to 30 years, although the standard limitation period is three years.
What are my data protection rights?
Every data subject has a right of access in accordance with Article 15 GDPR, a right to rectification in accordance with Article 16 GDPR, a right to erasure in accordance with Article 17 GDPR, a right to restriction of processing in accordance with Article 18 GDPR, a right to object in accordance with Article 21 GDPR as well as a right to data portability in accordance with Article 20 GDPR. The restrictions according to Sections 34 and 35 of the Federal Data Protection Act apply to the right of access and the right to erasure. In addition, there is a right to lodge a complaint with a supervisory authority (Article 77 GDPR in conjunction with Section 19 of the Federal Data Protection Act).
You can withdraw your consent to the processing of personal data at any time. This also applies to the withdrawal of declarations of consent granted before the entry into force of GDPR, i.e. before May 25, 2018. Please note that the withdrawal is effective for the future only. Processing that occurred before the withdrawal shall remain unaffected.
Am I obligated to provide data?
In the context of our business relationship, you must only provide the personal data that is required for the initiation, implementation and termination of a business relationship and for fulfillment of the associated contractual obligations or that we are legally obligated to collect. Without this data, we will generally be unable to complete, execute and terminate a contract with you.
To what extent is automated decision-making implemented?
In principle, we do not use any fully automated decision-making in accordance with Article 22 GDPR to justify and implement the business relationship. Should we use this procedure in individual cases (e.g. for the allocation of coins), we will inform you of this and your associated rights separately, to the extent that this is legally prescribed.
INFORMATION ABOUT YOUR RIGHT TO OBJECT IN ACCORDANCE WITH ARTICLE 21 GDPR
Case-by-case right to object
You have the right, for reasons that result from your particular situation, to submit, at any time, an objection to the processing of your personal data based on Article 6(1) e GDPR (Data processing in the public interest) and Article 6(1) f GDPR (Data processing for the purposes of legitimate interests).
If you submit an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate reasons for processing, which override your interests, rights and freedoms, or the processing serves the purpose of the assertion, exercising or defense of legal claims.
Right to object to the processing of data for direct marketing purposes
In individual cases, we process your personal data in order to provide direct marketing. You have the right, at any time, to object to the processing of your personal data for the purpose of such marketing.
If you object to processing for the purpose of direct marketing, we will no longer process your personal data for this purpose.
Recipient of an objection
The objection can be submitted without any formal requirements with the subject “Objection”, specifying your name, address and date of birth, and should be sent to:
Münze Deutschland
Franz-Zebisch-Straße 15
92626 Weiden, Germany
Telephone: +49 (0) 961 3818 4400
info@muenze-deutschland.de
Personal data
Personal data denotes any information concerning the personal or material circumstances of an identified or identifiable natural person. This includes information such as your real name, address, telephone number and date of birth. Information that cannot be directly linked to your real identity – such as favorite websites or the number of users of a site – is not considered personal data.
Collection and processing of personal data
When you visit our websites, our web servers temporarily store the following information as standard for the purpose of system security: the connection data of the requesting computer system, which of our websites you visit, the date and length of your visit, the data identifying the type of browser and operating system used and the website from which you visit us. Additional personal information such as your name, address, telephone number or e-mail address is not collected unless you provide this data voluntarily, e.g. as part of a registration, survey, competition, fulfillment of a contract or an information request.
Use and disclosure of personal data
We use the personal data provided by you exclusively for the purpose of technical administration of our websites and to fulfill your wishes and requirements, i.e. generally to perform the contract concluded with you or to respond to your inquiry.
We only use such data for product-related surveys and marketing purposes if you have given us your prior consent and if you have not filed an objection, insofar as this is permitted by law.
Use of cookies
As a general rule, we do not use cookies on our websites. Only in exceptional cases are so-called session cookies deposited in your browser's memory in order to store data needed for technical control of the session. This data is not personal and is deleted at the latest when you close your browser.
If we should need to save personal data on a cookie in exceptional cases, we will request your express permission to do so in advance. Please also note that browsers usually have functions for the management of cookies.
Security
Münze Deutschland takes all necessary technical and organizational security measures to protect your personal data from being lost or misused. For instance, your data is saved in a secure operating environment that is not accessible to the public. In certain cases, your personal data is encrypted by Secure Socket Layer (SSL) technology during transmission. This means that communication between your computer and the Münze Deutschland servers is implemented using a recognized encryption procedure, if your browser supports SSL.
Should you wish to contact Münze Deutschland by e-mail, please note that the confidentiality of the information sent is not guaranteed. The contents of e-mail messages can be read by third parties. We therefore advise you to send us confidential information solely by mail.
EU General Data Protection Regulation as PDF for download