We use the services of the Dutch company Trengo B.V., Burgemeester Reigerstraat 89, 3581 KP Utrecht (hereinafter referred to as »Trengo«) for technical support in communicating with and responding to inquiries sent to us via our website contact form or via our pages on Facebook and Instagram. The following Trengo products are used by us: https://trengo.com/en/products/website-chat
The legal basis for commissioned data processing by Trengo is Art. 6 (1) p. 1 lit f) DSGVO, as we have a legitimate interest in making our communication technically and organizationally efficient. Trengo undertakes to handle the personal data with which Trengo comes into contact in accordance with Art. 28 DSGVO: https://trengo.com/en/terms-and-conditions#gdpr. Trengo has its headquarters and server location in the Netherlands and performs its own data processing activities exclusively there. As in all EU member states, the GDPR also applies there.
If you contact us via our corporate presence on the Facebook or Instagram platforms, we have commissioned Trengo as a service provider to retrieve your message or comment from our account and to send the response(s) from our employees back to our account. The data processing operations involved in the retrieval and storage by Trengo itself take place within the EU. The data controller with respect to messages that you send to us is solely Vicentina GmbH & Co. KG, insofar as we ourselves and/or Trengo on our behalf process the data transmitted to us via the communication channels Facebook and Instagram. However, if you use the communication channels of the Facebook or Instagram platforms to transmit data, this data will also be processed by Facebook. In these cases, in accordance with the case law of the ECJ, we are joint controllers with Facebook or Instagram within the meaning of Section 26 DSGVO, The data processing is carried out on the basis of an agreement between us and Facebook as joint controllers pursuant to Art. 26 DSGVO, which you can view here: https://de-de.facebook.com/legal/controller_addendum
You can contact Facebook's data protection officer via the online contact form provided by Facebook at: https://www.facebook.com/help/contact/540977946302970.
Furthermore, for the use of certain Facebook products, such as the so-called »Facebook Business Tools«, and for data processing carried out as a result, a supplementary agreement between us and Facebook Ireland Ltd. as joint controller pursuant to Art. 26 DSGVO applies, which can be viewed here: https://www.facebook.com/legal/controller_addendum.
Legal basis for the processing
Art. 6(1) lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on Article 6(1) lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services. Is our company subject to a legal obligation by which processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6(1) lit. d GDPR. Finally, processing operations could be based on Article 6(1) lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the abovementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47 Sentence 2 GDPR).
The legitimate interests pursued by the controller or by a third party
Where the processing of personal data is based on Article 6(1) lit. f GDPR our legitimate interest is to carry out our business in favor of the well-being of all our employees and the shareholders.
Period for which the personal data will be stored
The criteria used to determine the period of storage of personal data is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of the contract or the initiation of a contract.
Provision of personal data as statutory or contractual requirement; Requirement necessary to enter into a contract; Obligation of the data subject to provide the personal data; possible consequences of failure to provide such data
We clarify that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary to conclude a contract that the data subject provides us with personal data, which must subsequently be processed by us. The data subject is, for example, obliged to provide us with personal data when our company signs a contract with him or her. The non-provision of the personal data would have the consequence that the contract with the data subject could not be concluded. Before personal data is provided by the data subject, the data subject must contact our Data Protection Officer. Our Data Protection Officer clarifies to the data subject whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of non-provision of the personal data.
Existence of automated decision-making
As a responsible company, we do not use automatic decision-making or profiling.