Data Protection Information for business partners and interested parties

According to the General Data Protection Regulation (GDPR) in conjunction with the Federal Data Protection Act (BDSG) we inform our business partners and interested parties with the following explanations about the processing of personal data by us and by affiliated companies as well as the rights which the parties concerned are entitled to. The legal basis for providing the information is set out in Articles 13 or 14 of the GDPR.

Where necessary, this Data Protection Declaration will be updated and published in an appropriate and accessible form for those concerned. This may be done by letter, mail, internet and/or notice.


1. Who is responsible for data processing?

Responsible for the processing of the data is:

WACHTEL ABT GmbH (hereinafter also referred to as company)

Bischofswerdaer Str. 47

01896 Pulsnitz


Telefon: +49 2103 4181515



2. How can the data protection officer be reached?

The company has declared a Controller for the purposes of the General Data Protection Regulation (GDPR) who can be contacted at or the aforementioned contact details. Postal messages to the data protection officer have to include the headline „Privacy – personal / confidential“.


3. Which personal data are processed?

Following data of business partners and interested parties concerned are processed:

  • names of contact persons
  • communications data of contact persons (e.g. mail, telephone)
  • professional position/field of activity of contact persons


4. Where does the data come from (data source)?

Generally the data is collected directly from the data subject, e.g.:

  • Collecting contact details for the preparation of a tender or other matters concerning an order/project,
  • Collecting contact details for the purpose of enquiries with suppliers.


Data that is not collected directly from the data subject can be, for example, the following:

  • Provision of contact information about partner companies on whose behalf the company is operating.


5. What are the data processed for and on what legal basis?

Personal data may be processed if a legal basis for the processing exists. Data of business partners and interested parties are processed on the basis of the following legal basis:

5.1 Compliance with contractual obligations: Personal data are processed for the implementation of the contractual agreement, e.g. the provision of services from an order. This also includes pre-contractual measures, such as tender preparation.

5.2 Compliance with legal obligations: A large number of legal regulations must be observed in connection with the provision of services or the initiation of contracts. These include for example:

Statuary storage obligations for the company pursuant to the German Commercial Code (HGB) and the General Tax Code (AO)

Possible liability and warranty claims

5.3 Legitimate interest of the person responsible: Processing is necessary for the purposes of the legitimate interests pursued by the company, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

5.4 Consent: Consent is legal basis for data processing provided that the data subject has given consent to the processing of his or her personal data. Consent can be withdrawn at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.


6. To whom is personal data passed on?

Within the framework of contract initiation and service provision, data is regularly passed on to third parties domiciled within the European Union (EU). The processing there takes place on our behalf and according to our instructions.

A data transfer to places in states outside the EU or the European Economic Area (EEA) - so-called third countries - takes place if it is necessary for the execution of an order/contract, if it is required by law (e.g. tax reporting obligations), if it is in the context of a legitimate interest or if consent has been given. The processing of personal data in a third country may also take place in connection with the involvement of service providers in the context of order processing. If the EU Commission has not decided on an appropriate level of data protection for the country in question, appropriate contracts will be concluded in accordance with EU data protection regulations to ensure that the rights and freedoms of business partners and interested parties are adequately protected and guaranteed.


7. How long is personal data stored?

The company must comply with the legal requirements when initiating and executing contracts. The statuary retention period for accounting and tax-relevant documents is generally 10 years. There is a 6-year storage obligation for commercial letters, regardless of whether they are in paper form or digital (e-mail). Regardless of the retention periods, it is ensured at all times that only authorized employees have access to the data. This applies to paper files and digital data in IT systems. The paper-based files are destroyed in accordance with data protection regulations and the data in IT systems is deleted within an appropriate period of time after the expiry of the statutory storage obligation.


8. What are the rights of the persons concerned?

The execution of the contract/service provision or the initiation of the contract generally requires the processing of personal data. In this respect, the rights of data subjects are to be guaranteed under certain conditions laid down in the General Data Protection Regulation (GDPR):

8.1 Access

8.2 Rectification

8.3 Erasure / Right to be forgotten

8.4 Restriction

8.5 Objection

8.6 Right to data portability

8.7 Withdrawal of consent

8.8 Right to lodge a complaint with a supervisory authority


9. Is there an obligation to provide data?

Business partners and interested parties must provide the personal data required for the establishment, execution and termination of the contractual relationship or for the collection of which there is a legal obligation. Without provision of the data, it is not possible to conclude a contract or to carry out the tasks existing with the order/contract.


10. Is data used for automatic decision-making or profiling?

Within the framework of contract performance/service provision or contract initiation, no techniques are used which enable profiling pursuant to Article 4 No. 4 GDPR or automatic decision-making pursuant to Article 22 GDPR.