We, MAN Financial Services GmbH, Oskar-Schlemmer Str. 19-21, D-80807 Munich (hereinafter‘MFS-D’), are hereby informing you about how we process personal data. In addition to the option of contacting us by post, you can contact us at any time via the e-mail address firstname.lastname@example.org.
You can reach MFS-D’s data protection officer at: email@example.com.
We have compiled the most important information on typical data processing into separate data subject groups below. For certain data processing that only affects specific groups, the information requirements are fulfilled separately. If the term ‘data’ is used in the text, this shall refer exclusively to personal data in the meaning of the General Data Protection Regulation (‘GDPR’).
1. MFS-D’s customers and their employees, as well as third parties, who come into contact with the performance of the contract
1.1 We process your data for the purpose of implementing the contract with you or the respective customer, including responding to queries and providing and invoicing for our services. Likewise, we process your data to ensure that our contractual relationship with you is profitable. Another purpose of the processing of your data may be the implementation and optimisation of company processes. In addition, your data must be sometimes processed to be able to fulfil extensive legal requirements with respect to banking, stock corporation and data protection law. In individual cases, the purpose of the processing is also to inform you about our company or to use your company as an illustrative example in the context of a university course.
1.2 For contracts with natural persons, the legal bases for the processing are Article 6(1)(b) GDPR (customer contract) and for contracts with legal persons and all third parties who come into contact with the performance of the contract, Article 6(1)(f) GDPR (legitimate interest, in particular, communication with contacts pertinent to the contract and implementation of the respective contract), as well as always Article 6(1)(c) GDPR (statutory requirements, in particular tax and commercial provisions, and provisions concerning banking and data protection law). For checking, implementing or dismissing claims, the legal basis is Article 6(1)(f) GDPR (legitimate interest, in particular implementing claims or defending against claims). For the implementation and optimisation of company processes, the legal basis is also the legitimate interest (Article 6(1)(f) GDPR, in particular organising the operation in a cost-effective and practicable way). For ensuring the profitability of our contractual relationship, the legal basis is also the legitimate interest (Article 6(1)(f) GDPR, in particular safeguarding against risks which may exist in the establishment or performance of the contractual relationship). In the context of information provided or conducting university courses, we process your data on the basis of a declaration of consent (Article 6(1)(a) GDPR).
1.3 Data relating to customers and their employees may be passed on to other service providers, business partners, as well as administrative bodies and authorities if this is necessary for the conclusion or performance of the customer contract. Companies within the VW Group may also be recipients of your data. Authorities and administrative bodies may also be recipients in the context of their duties if we are required or entitled to pass on data. In individual cases, data may also be passed on to collection service providers, lawyers, other service providers and courts. We also employ service providers to provide order processing services, in particular for supplying, maintaining and supporting IT systems, as well as for implementing internal procurement processes and for looking after our customer contacts.
1.4 We store your data for as long as it is required for the respective purpose or if a retention requirement exists for the data concerned.
1.5 It is both legally and contractually required to provide data. The contractual relationship cannot be established and implemented without data being provided. Deviating from this, providing data for information or to conduct university courses is voluntary. However, you cannot be considered without providing it.
1.6 If data is not collected from the data subject in question, in principle, the source is a third party that is connected to the processing of the underlying purpose. This may affect the following data categories: Master data, contact details, payment details, photographs and account data.
2. General information and data subject rights
2.1 You have the right to request access at any time to all of your personal data that we process.
2.2 Should your personal data be incorrect or incomplete, you have a right to rectification and completion.
2.3 You may request that your personal data is erased at any time if we are not legally required or entitled to continue to process your data.
2.4 If the legal prerequisites exist, you may request a restriction of the processing of your personal data.
2.5 You have the right to object to the processing if the data processing is carried out for the purposes of direct marketing or profiling. If the processing is carried out based on the balancing of interests, you may object to the processing on grounds which relate to your particular situation.
2.6 If the data processing is carried out based on your consent or in the context of a contract, you have a right to portability of the data you have provided as long as this does not affect the rights and freedoms of other people.
2.7 If we process your data based on a declaration of consent, you have the right to withdraw this consent at any time and with future effect. The processing carried out before a withdrawal shall remain unaffected by the withdrawal.
2.8 You also have the right to lodge a complaint with a supervisory authority at any time if you consider data processing to be in breach of the applicable laws.