Transparency and information obligations for customers, suppliers, contractual partners and interested parties of VALEO IT Services International GmbH

in accordance with the General Data Protection Regulation (GDPR)

This document informs you about the processing of your personal data by VALEO IT Services International GmbH and the rights to which you are entitled under data protection law.

Responsible body/data protection

Address
In der Scheibe 3
92706 Luhe-Wildenau

Contact information
Phone: +49 9607 2389-90
E-mail: info@valeo-it.com
Internet: www.valeo-it.com

Contact Data protection
datenschutz@valeo-it.com

Categories/origin of the data

We process the following personal data as part of the contractual relationship and for the initiation of the contract:

For business customers:

  • Contact details (e.g. first and last names of the current and, if applicable, previous contact persons as well as name affixes, company name and address of the customer (employer), telephone number with extension, business e-mail address)
  • Job-related data (e.g. function in the company, department)

For private customers:

  • Master data (title, first/last name, name affixes, date of birth if applicable)
  • Contact details (e.g. name and private address (if applicable, floor, district, federal state), mobile and landline telephone number, e-mail address, fax number)
  • Different delivery/billing address (e.g. name and address (if applicable floor, district, federal state), if applicable telephone number, if applicable e-mail address)
  • Order history
  • If applicable, bank details (within the scope of a SEPA direct debit mandate also first name/surname of the account holder)
  • If applicable, preferred payment system, information on creditworthiness and credit behavior

We generally receive your personal data from you as part of the contract initiation process or during the ongoing contractual relationship. Exceptionally, your personal data may also be collected from other sources in certain constellations. This includes occasion-related queries regarding relevant information from credit agencies, in particular regarding creditworthiness and credit behavior.

VALEO IT Services International GmbH relies on products from Microsoft Corporation, among others, in the IT environment. The following categories of data may be processed in the course of using the IT systems:

  • Functional data (data absolutely necessary for the provision of services)
  • Content data (content data that is processed as part of the services)
  • Diagnostic & log data (technically logged data required for maintenance, troubleshooting and, in some cases, further development)

These data categories are collected directly from you. We will be happy to provide you with further information on data processing in specific IT systems on request.

We process the following personal data as part of our online meetings using Microsoft Teams:

  • Communication data (e.g. your e-mail address, if you provide it personally)
  • Log files, log data
  • Metadata (e.g. IP address, time of participation, etc.)
  • Profile data (e.g. your user name, if you provide this yourself)

We would like to point out that we are not responsible for further data processing, for example in connection with accessing the MS Teams website and/or installing the MS Teams app.

Microsoft reserves the right to process customer data for its own business purposes. We have no influence on this data processing by Microsoft. To the extent that Microsoft Teams processes personal data in connection with its business purposes, Microsoft is an independent controller for these data processing activities and as such is responsible for compliance with all applicable data protection regulations. If you require information about the processing by Microsoft, please refer to the relevant Microsoft statement.

Purposes and legal bases of data processing

When processing your personal data, the provisions of the GDPR, the BDSG and other relevant legal provisions are always complied with.

Your personal data will be processed exclusively for the implementation of pre-contractual measures (e.g. for the preparation of offers for products or services) and for the fulfillment of contractual obligations (e.g. for the implementation of our service, the supplier contract or for order/order/payment processing) (Art. 6 para. 1 lit. b GDPR) or if there is a legal obligation to process (e.g. due to tax law requirements) (Art. 6 para. 1 lit. c GDPR). The personal data was originally collected for these purposes.

Your consent to data processing can, of course, also constitute a data protection authorization provision (Art. 6 para. 1 lit. a GDPR). Before granting consent, we will inform you about the purpose of the data processing and about your right of withdrawal in accordance with Art. 7 (3) GDPR. If the consent also relates to the processing of special categories of personal data in accordance with Art. 9 GDPR, we will expressly inform you of this in advance.

Your personal data will only be processed for the detection of criminal offenses under the conditions of Art. 10 GDPR.

Storage duration of the data

As soon as your data is no longer required for the above-mentioned purposes or you have withdrawn your consent, it will be deleted by us. Data will only be stored beyond the end of the contractual relationship in cases where we are obliged or entitled to do so. Regulations that oblige us to retain data can be found, for example, in the German Commercial Code or the German Fiscal Code. This may result in a retention period of up to ten years. Statutory limitation periods must also be observed.

Recipients of the data/categories of recipients

In our company, we ensure that only those departments and persons receive your data who need it to fulfill our contractual and legal obligations.

In certain cases, service providers support our specialist departments in the performance of their tasks. The necessary data protection contracts have been concluded with all service providers. In the following categories: Credit assessment, factoring and IT service providers.

In addition, in cases prescribed by law, we are obliged to transmit certain information to public authorities, such as: Financial authorities, law enforcement authorities and customs authorities.

Third country transfer/intention to transfer to a third country

Data will only be transferred to third countries (outside the European Union or the European Economic Area) if this is necessary or legally required for the execution of the contractual or supplier relationship, or if you have given us your consent to do so.

We do not (currently) transfer your personal data to any service providers or group companies outside the European Economic Area.

When selecting service providers, an attempt is made to use European service providers (service providers within the European Economic Area). However, this is not always possible - for example in the case of Microsoft. If service providers from third countries are used, care is taken to ensure that the configuration is as restrictive as possible.

(In the case of Microsoft, for example, data processing in Europe is agreed. In addition, the configuration is restricted by IT experts and individual processing operations are coordinated with the data protection officer).  

Rights of the data subjects

Your rights as a data subject are standardized in Art. 15 - 22 GDPR.

This includes:

  • The right to information (Art. 15 GDPR)
  • The right to rectification (Art. 16 GDPR)
  • The right to erasure (Art. 17 GDPR)
  • The right to restriction of processing (Art. 18 GDPR)
  • The right to object to processing (Art. 21 GDPR)
  • The right to data portability (Art. 20 GDPR)

To assert these rights, please contact: datenschutz@valeo-it.com. The same applies if you have any questions about data processing in our company or wish to withdraw your consent. You can also lodge a complaint against data processing with a data protection supervisory authority.

If we process your data to protect legitimate interests, you can object to this processing at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions.

We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defense of legal claims.

If we process your personal data for the purpose of direct marketing, you have the right to object without giving reasons; this also applies to profiling insofar as it is associated with such direct marketing. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

Obligation to provide the data

You are obliged to provide certain personal data in order to enter into or process a contractual relationship. This is necessary for the establishment, execution and termination of the contractual relationship and the fulfillment of the associated contractual and legal obligations. It is not possible to execute the contract without providing this data.

Automatisierte Einzelfallentscheidungen

Wir nutzen keine rein automatisierten Verarbeitungsprozesse zur Herbeiführung einer Entscheidung.

Status: 29.09.2025