Data protection information for our customers
1. Controller
We — the ARVIT Services Ltd (MULTIPOR-CYPRUS) — take the protection of your personal data and the legal obligations that serve to protect them very seriously. The legal provisions require full transparency in the processing of personal data. Only when you as the data subject feel that the data processing is transparent and plausible for you, you can be deemed sufficiently informed about the intention, purpose and scope of the processing.
The body responsible for the data processing, i.e. the "controller" in terms of the General Data Protection Regulation (GDPR), is
ARVIT Services Ltd
9th of July 1, Shop3
6018 Larnaca, Cyprus
+357 24 030 677
info@multipor-cyprus.com
— Referred to hereinafter as "controller" or "we" -
ARVIT Services Ltd
9th of July 1, Shop3
6018 Larnaca, Cyprus
+357 24 030 677
info@multipor-cyprus.com
2. Definitions
2.1. According to the GDPR
We use the terms of the legal wording of the GDPR for the purposes of this Privacy Policy. The definitions (Art. 4 GDPR) can be found for instance at https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32016R0679 .
2.2. Data categories
Where we make reference to the data categories we process, these are deemed to include but are not limited to the following data: Master data (e.g. name, address, date of birth), contact data (e.g. email address, telephone numbers, messenger services), content data (e.g. text entries, photographs, videos, contents of documents/files), contract data (e.g. subject matter, terms, customer categories), payment data (e.g. bank details, payment history, use of other payment service providers), usage data (e.g. details about the course of your visit to our website, use of certain contents, times of access) as well as connection data (e.g. device data, IP addresses, URL referrer).
3. Information on data processing
We only process personal data if and to the extent this is permitted by law. We only transfer personal data to third parties in the cases described below. The personal data are protected by appropriate technical and organizational measures (e.g. pseudonymisation, encryption).
Except where we are obliged by law to store or transfer personal data to third parties (especially to prosecuting authorities), we will decide by the specific circumstances of every single case which personal data we process and for how long and to which extent we may from time to time disclose them to others.
Purpose of the processing: The data are processed primarily for the purpose of taking steps prior to entering into a contract with you or for performing an existing contract between you and us. If we did not conclude the contract with you but with your employer or principal, we process your data (e.g. as our contact person) for the purpose of taking steps prior to entering into a contract with our customer or for performing an existing contract between our customer and us. In addition, we process your personal data for complying with our legal obligations resulting, for instance, from the Handelsgesetzbuch (German Commercial Code — "HGB") or the Abgabenordnung (German Fiscal Code — "AO") and for safeguarding our legitimate interests such as the investigation of financial risks (bad debts) or for pursuing the legal claims we may have against you or our customer.
Legal basis: Art. 6 subs. 1 b), c), f) GDPR
Data categories: Master data, contact data, contract data, payment data
Origin of the data if not obtained from you: Our customer
Recipient of the data: Your data may from time to time be transferred to affiliated companies within the Xella group, subcontractors, service providers (e.g. shipping companies, payment service providers)
Intended transfer to third countries: We do not intend to transfer your data to third countries.
4. Storage duration
The personal data will be deleted as soon as the purpose of the processing has been fulfilled or has expired otherwise or as soon as any required storage period has expired unless it is necessary to continue the data storage for the purpose of entering into or performing a contract.
5. Automated individual decision-making including profiling
Automated individual decision-making including profiling according to Art. 22 subs. 1, 4 GDPR for bringing about such a decision does not take place.
6. Rights of the data subject
You as the data subject have the right of access/ right to information according to Art. 15 GDPR, the right to rectification according to Art. 16 GDPR, the right to erasure according to Art. 17 GDPR, the right to restriction of processing according to Art. 18 GDPR and the right to data portability according to Art. 20 GDPR. The right of access/ right to information and the right to erasure are subject to the restrictions under §§ 34, 35 BDSG (German Federal Data Protection Act). You have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR in combination with § 19 BDSG).
7. Controller’s notification obligations
We communicate any rectification or erasure of your personal data or restriction of processing carried out in accordance with Art. 16, Art. 17 subs. 1 and Art. 18 GDPR to each recipient to whom your personal data have been disclosed, unless this proves impossible or involves disproportionate effort. We will inform you about those recipients if you request us to do so.
8. No obligation to provide personal data
You are not obliged to provide us with personal data. However, we need to process the data of our customers for performing our business relationships. These data may include data relating to individuals (e.g. purchase orders from sole traders, master data and contact data of contact persons in your company, delivery addresses of individuals). We are unable to perform our business relationships if you do not provide us with the required data.
9. Right to object and withdrawal of consent
You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data which is based on Art. 6 subs. 1 e) or f) GDPR. Where personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing purposes.
Pursuant to Art. 7 subs. 3 sentence 1 GDPR, you have the right to withdraw any consent you have given to us at any time. The withdrawal of consent does not affect the lawfulness of the processing based on your consent before its withdrawal. This means that the withdrawal only has effect for any processing intended for the time after the withdrawal. You may withdraw your consent by informal notice sent by mail or email. If you object to the processing, we will no longer process your personal data unless we are otherwise permitted (by law) to do so. If you withdraw your consent and there is no other legal ground justifying the processing of your personal data, we are obliged under Art. 17 subs. 1 b) GDPR to delete your personal data at your request without undue delay ("unverzüglich").
You may object to the processing and/or withdraw your consent by an informal notice which should be sent to:
ARVIT Services Ltd
9th of July 1, Shop 2
6018 Larnaca, Cyprus
+357 24 030 677
info@multipor-cyprus.com
We — the ARVIT Services Ltd (MULTIPOR-CYPRUS) — take the protection of your personal data and the legal obligations that serve to protect them very seriously. The legal provisions require full transparency in the processing of personal data. Only when you as the data subject feel that the data processing is transparent and plausible for you, you can be deemed sufficiently informed about the intention, purpose and scope of the processing.
The body responsible for the data processing, i.e. the "controller" in terms of the General Data Protection Regulation (GDPR), is
ARVIT Services Ltd
9th of July 1, Shop3
6018 Larnaca, Cyprus
+357 24 030 677
info@multipor-cyprus.com
— Referred to hereinafter as "controller" or "we" -
ARVIT Services Ltd
9th of July 1, Shop3
6018 Larnaca, Cyprus
+357 24 030 677
info@multipor-cyprus.com
2. Definitions
2.1. According to the GDPR
We use the terms of the legal wording of the GDPR for the purposes of this Privacy Policy. The definitions (Art. 4 GDPR) can be found for instance at https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32016R0679 .
2.2. Data categories
Where we make reference to the data categories we process, these are deemed to include but are not limited to the following data: Master data (e.g. name, address, date of birth), contact data (e.g. email address, telephone numbers, messenger services), content data (e.g. text entries, photographs, videos, contents of documents/files), contract data (e.g. subject matter, terms, customer categories), payment data (e.g. bank details, payment history, use of other payment service providers), usage data (e.g. details about the course of your visit to our website, use of certain contents, times of access) as well as connection data (e.g. device data, IP addresses, URL referrer).
3. Information on data processing
We only process personal data if and to the extent this is permitted by law. We only transfer personal data to third parties in the cases described below. The personal data are protected by appropriate technical and organizational measures (e.g. pseudonymisation, encryption).
Except where we are obliged by law to store or transfer personal data to third parties (especially to prosecuting authorities), we will decide by the specific circumstances of every single case which personal data we process and for how long and to which extent we may from time to time disclose them to others.
Purpose of the processing: The data are processed primarily for the purpose of taking steps prior to entering into a contract with you or for performing an existing contract between you and us. If we did not conclude the contract with you but with your employer or principal, we process your data (e.g. as our contact person) for the purpose of taking steps prior to entering into a contract with our customer or for performing an existing contract between our customer and us. In addition, we process your personal data for complying with our legal obligations resulting, for instance, from the Handelsgesetzbuch (German Commercial Code — "HGB") or the Abgabenordnung (German Fiscal Code — "AO") and for safeguarding our legitimate interests such as the investigation of financial risks (bad debts) or for pursuing the legal claims we may have against you or our customer.
Legal basis: Art. 6 subs. 1 b), c), f) GDPR
Data categories: Master data, contact data, contract data, payment data
Origin of the data if not obtained from you: Our customer
Recipient of the data: Your data may from time to time be transferred to affiliated companies within the Xella group, subcontractors, service providers (e.g. shipping companies, payment service providers)
Intended transfer to third countries: We do not intend to transfer your data to third countries.
4. Storage duration
The personal data will be deleted as soon as the purpose of the processing has been fulfilled or has expired otherwise or as soon as any required storage period has expired unless it is necessary to continue the data storage for the purpose of entering into or performing a contract.
5. Automated individual decision-making including profiling
Automated individual decision-making including profiling according to Art. 22 subs. 1, 4 GDPR for bringing about such a decision does not take place.
6. Rights of the data subject
You as the data subject have the right of access/ right to information according to Art. 15 GDPR, the right to rectification according to Art. 16 GDPR, the right to erasure according to Art. 17 GDPR, the right to restriction of processing according to Art. 18 GDPR and the right to data portability according to Art. 20 GDPR. The right of access/ right to information and the right to erasure are subject to the restrictions under §§ 34, 35 BDSG (German Federal Data Protection Act). You have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR in combination with § 19 BDSG).
7. Controller’s notification obligations
We communicate any rectification or erasure of your personal data or restriction of processing carried out in accordance with Art. 16, Art. 17 subs. 1 and Art. 18 GDPR to each recipient to whom your personal data have been disclosed, unless this proves impossible or involves disproportionate effort. We will inform you about those recipients if you request us to do so.
8. No obligation to provide personal data
You are not obliged to provide us with personal data. However, we need to process the data of our customers for performing our business relationships. These data may include data relating to individuals (e.g. purchase orders from sole traders, master data and contact data of contact persons in your company, delivery addresses of individuals). We are unable to perform our business relationships if you do not provide us with the required data.
9. Right to object and withdrawal of consent
You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data which is based on Art. 6 subs. 1 e) or f) GDPR. Where personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing purposes.
Pursuant to Art. 7 subs. 3 sentence 1 GDPR, you have the right to withdraw any consent you have given to us at any time. The withdrawal of consent does not affect the lawfulness of the processing based on your consent before its withdrawal. This means that the withdrawal only has effect for any processing intended for the time after the withdrawal. You may withdraw your consent by informal notice sent by mail or email. If you object to the processing, we will no longer process your personal data unless we are otherwise permitted (by law) to do so. If you withdraw your consent and there is no other legal ground justifying the processing of your personal data, we are obliged under Art. 17 subs. 1 b) GDPR to delete your personal data at your request without undue delay ("unverzüglich").
You may object to the processing and/or withdraw your consent by an informal notice which should be sent to:
ARVIT Services Ltd
9th of July 1, Shop 2
6018 Larnaca, Cyprus
+357 24 030 677
info@multipor-cyprus.com