Data Protection Disclaimer

Data protection information for customers and interested parties

Information on data protection about our data processing in accordance with Articles (Art.) 13, 14 and 21 of the General Data Protection Regulation (GDPR).

Hereby we inform you how we process your data and the rights you are entitled according to the data protection regulations.

1. Contact details of our Data Protection Officer:

Data Protection Officer
PIB Group Limited
1 Minster Court
Mincing Lane
London, EC3R 7AA
[email protected]
0330 058 9700

2. Purpose and legal basis

We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR). The specific data that is processed in detail and the way it is used will depend on the services agreed in each case. You will be able to find the data protection information on our website:

2.1. Purposes within the scope of your consent (Art. 6 Section a GDPR)

A processing of your personal data for certain purposes (e.g. use of your e-mail address in our address file) can also be carried out on the basis of your consent.  At your request, we will stop using your personal data where legally possible.

2.2. Purpose for the performance measures (Art. 6 Section b GDPR)

The processing of personal data is carried out to execute our contracts with you. This includes communication with you, the traceability of transactions, orders and other agreements, measures for the management and optimisation of business processes and for the fulfilment of general duties of care, cost recording and controlling, reporting, internal and external communication, emergency management, invoicing and tax assessment of operational services, risk management, assertion of legal claims and defence in the event of legal disputes; ensuring IT security (and guaranteeing IT security including system and plausibility tests) and general security, including building and plant security, securing and exercising building rights (e.g. through access controls); guaranteeing the integrity, authenticity and availability of data, preventing and investigating criminal offences; control by control bodies (e.g. auditing).

2.3. Purposes to meet legal obligations (Art. 6 Section 1 c GDPR) or in the public interest or in the exercise of official authority (Art. 6 Section 1 e GDPR)

We are subject to a multitude of legal obligations. These are primarily legal requirements (e.g. commercial and tax laws), but also regulatory or other official requirements. The purposes of processing may include identity and age verification, fraud and money laundering prevention, the prevention, combating and clarification of the financing of terrorism and asset-endangering criminal offences, comparisons with European and international anti-terrorist lists, the fulfilment of tax law control and reporting obligations, and the archiving of data for data protection and data security purposes, as well as audits by tax and other authorities. In addition, the disclosure of personal data may become necessary within the scope of official/judicial measures for the purpose of gathering evidence, criminal prosecution or the enforcement of civil law claims.

2.4. Purposes of the legitimate interests pursued by us or by a third party (Art. 6 Section f GDPR)

Beyond the contract’s fulfilment, we may process your data if necessary to protect the legitimate interests of us or third parties, in particular for purposes:

  • market research, provided you have not objected to the use of your data.
  • the obtaining of information and data exchange with credit agencies, insofar as this exceeds our economic risk.
  • the testing and optimisation of procedures for the analysis of requirements.
  • the further development of services and products as well as existing systems and processes.
  • for comparison with European and international anti-terrorism lists, insofar as this goes beyond the legal obligations.
  • the enrichment of our data, including the use or research of publicly available data; statistical evaluations or market analysis; benchmarking.
  • the assertion of legal claims and defence in legal disputes which are not directly attributable to the contractual relationship.
  • the limited storage of data, if deletion is not possible or only possible with disproportionately high effort due to the special type of storage.
  • the receipt and maintenance of certifications of a private or official nature.

3. The categories of data processed by us and their origin

We process personal data that we have permissibly taken, received or acquired from publicly accessible sources (such as telephone directories, commercial and association registers, registration registers, land registers, press, Internet and other media) and may process them.

Relevant categories of personal data may be in particular:

  • Personal data (name, date of birth, place of birth, nationality, marital status, profession/industry and comparable data)
  • Contact details (address, e-mail address, telephone number and similar data)
  • Address data (reporting data and comparable data)
  • Customer history

4. Recipients or categories of recipients of your data

In our company, those internal departments receive your data which require them to fulfil our contractual and legal obligations or within the scope of processing and implementing our legitimate interests.Your data will only be passed on to external parties

  • in connection with the execution of the contract.
  • for the purposes of fulfilling legal requirements according to which we are obliged to provide information, report or pass on data or if the passing on of data is in the public interest (see section 2.3).
  • insofar as external service providers process data on our behalf as contract processors or function takeovers (e.g. external computer centres, support/maintenance of EDP/IT applications, archiving, document processing, compliance services, controlling, data validation or data plausibility checks, data destruction, purchasing/procurement, customer management, marketing, media technology, research, risk controlling, accounting, telephony, website management, auditing services, credit institutions, printing works or companies for data disposal, courier services, logistics).
  • on the basis of our legitimate interest or the legitimate interest of the third party forpurposes within the scope of the purposes mentioned under item 2.4 (e.g. to authorities, debt collection, lawyers, courts, experts).
  • if you have given us your consent to transfer the data to third parties.

5. Storage timeline of your data in our system

We process and store your data for the duration of our business relationship. We are subject to various storage and documentation obligations, which result from the German Commercial Code (HGB) and the German Fiscal Code (AO). The periods of retention and documentation stipulated there are up to ten years beyond the end of the business relationship.

Furthermore, special legal regulations may require a longer retention period, such as the preservation of evidence within the framework of the statutory limitation regulations. According to §§ 195 et seq. of the German Civil Code (BGB), the regular limitation period is three years. However, limitation periods of up to 30 years may also be applicable. If the data is no longer necessary for the fulfilment of contractual or legal obligations and rights, it is regularly deleted, unless there is temporary further processing  necessary for the fulfilment of the purposes listed under item 2.4 out of an overriding legitimate interest. Such an overriding legitimate interest exists, for example, if deletion is not possible or only possible at disproportionately high expense due to the special type of storage and processing for other purposes is excluded by suitable technical and organisational measures.

6. Processing of your data in a third country or by an international organisation

Data is then transferred to bodies in countries outside the European Union (EU) or the European Economic Area (EEA) (so-called third countries), if it should be necessary to execute an order/contract from or with you, if it is required by law (e.g. tax reporting obligations), if it is in the scope of a legitimate interest of us or a third party or if you have given us your consent.

The processing of your data in a third country may also be carried out in connection with the involvement of service providers in the context of order processing. Unless the EU Commission has decided on an adequate level of data protection in the country concerned, we will ensure that your rights and freedoms are adequately protected and guaranteed by means of appropriate agreements in accordance with EU data protection regulations. We will provide you with detailed information on request.

Information on suitable or appropriate guarantees and on the possibility of obtaining a copy from you can be obtained on request from the company data protection officer.

7. Privacy rights

  • You have the right to receive information from us about your data stored with us according to the rules of Art. 15 GDPR.
  • At your request, we will correct the data stored about you in accordance with Art. 16 GDPR if it is incorrect or inaccurate.
  • If you wish, we will delete your data in accordance with the principles of Art. 17 GDPR.
  • Taking into account the requirements of Art. 18 GDPR, you can request that we restrict the processing of your data.
  • Furthermore, you may object to the processing of your data in accordance with Art. 21 GDPR, on the basis of which we must stop processing your data. However, this right of objection only applies if there are very special circumstances of your personal situation, whereby our company’s rights may conflict with your right of objection. You also have the right to receive your data in a structured, common and machine-readable format under the conditions of Art. 20 GDPR or to transfer it to a third party.
  • In addition, you have the right to revoke your consent to the processing of personal data at any time with effect for the future (see item 2.1).
  • Furthermore, you have the right of appeal to a data protection supervisory authority (Art. 77 GDPR). However, we recommend that you always address a complaint to our Data Protection Officer first.

The supervisory authority details are as follows:

Information Commissioner’s Office

Wycliffe House
Water Lane
Cheshire SK9 5AF
Tel: 0303 123 1113

Data Protection Authority of Bavaria for the Private Sector (Bayerisches Landesamt für Datenschutzaufsicht

Promenade 18
91522 Ansbach
Tel: +49 (0)981/180093-0

8. Your obligations to provide us with your data

You only need to provide us with the data that is necessary for the establishment and execution of a business relationship with us or that we are legally obliged to collect. Without this data we will generally not be able to conclude or execute the contract. This may also refer to data required later within the scope of the business relationship. If we request additional data from you, you will be informed separately of the nature of the information.

9. Existence of automated decision making in individual cases

We do not use purely automated decision-making procedures pursuant to Article 22 GDPR. If we do use such a procedure in individual cases in the future, we will inform you separately, provided this is required by law.

Information about your right of objection Art. 21 GDPR

You have the right to object at any time to the processing of your data, which is carried out on the basis of Art. 6 Section 1 f GDPR (data processing based on a balancing of interests) or Art. 6 Section 1 e GDPR (data processing in the public interest), if there are reasons for doing so that arise from your particular situation. This also applies to profiling based on this provision within the meaning of Art. 4 Section 4 GDPR. If you object, we will no longer process your personal data, unless we can prove compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

The objection can be made without formality and should be addressed to:

PIB Group Limited
1 Minster Court
Mincing Lane
London, EC3R 7AA
[email protected]
0330 058 9700

Our privacy notice and the information on data protection about our data processing in accordance with articles (Art.) 13, 14 and 21 of the GDPR may change from time to time.