Data Protection

For Business Partner

1. General information

a) Information regarding data protection

When processing your personal data, the protection of your personal privacy rights is of the utmost concern to TB Digital Services GmbH (TBDS). TBDS is a subsidiary of TRATON SE. We process personal data collected during visits to our website in accordance with the legal provisions of the country in which the entity responsible for data processing is based. In addition, TB Digital Services GmbH has undertaken to ensure comprehensive and uniform protection of personal data by means of a binding policy. This ensures a level of protection within TB Digital Services GmbH worldwide that is comparable to that in Germany and the European Union.

Moreover, our employees are obliged to keep confidential and also to safeguard any personal data made available to them.

b) Responsible party and contact person

The responsible party for your data pursuant to data protection legislation is TBDS.
Should you have any general questions, or questions related to data protection, please get in touch with the applicable contact person by e-mail: datenschutz@rio.cloud

Or get in touch by post:

TB Digital Services GmbH
Datenschutzbeauftragter/Data Protection Officer
Oskar-Schlemmer-Str. 19-21
80807 Munich, Germany

2. Collection and processing of personal data

a) Purpose limitation and legal basis
TB Digital Services GmbH (TBDS) processes your personal data in order to execute and manage an existing or incipient contractual relationship with you. In this context, your personal data is processed for various purposes as part of a range of processing activities.

b) Data sources
As a rule, your personal data is collected directly from you as part of an existing or incipient contract relationship.

c) Obligation to provide data
You must provide the controller with the personal data required to execute the contractual relationship. If this data is not provided, TB Digital Services GmbH (TBDS) cannot fulfil its legal obligations or enter into the contractual relationship.

d) Intended purpose of processing activities
An overview of the intended purpose of our processing activities is provided below:

e) Putting services and materials out to tender
Sending requests, calling in outstanding quotes, commercial review and completeness checking on quotes, and performing negotiations.

f) Order processing (materials and services)
Writing, submitting, sending, and tracking orders in the system.

g) Supplier support
Communication regarding products or services, responding to inquiries and requests, and bottleneck and risk management.

h) Procurement controlling and service provider management
Figures regarding suppliers.

i) Compliance with legal obligations
Compliance with retention obligations, ensuring that compliance requirements are met through checks (e.g. sanctions list check, money laundering, tip-offs regarding legal violations, operation of an internal control system (ICS) and other monitoring systems to ensure that business processes are in order)

The processed data must be classified into the following data categories:

  • Professional contact and (work) organisational data
  • IT usage data
  • Data on personal/professional circumstances & characteristics
  • Creditworthiness and bank data
  • Contractual data

The aforementioned processing activities are justified by the following legal bases:

  • Consent to one or more specified purposes (Art. 6(1)(a) GDPR)
  • Fulfilment of the contract or contract initiation (Art. 6(1)(b) GDPR)
  • Fulfilment of legal obligations (Art. 6(1)(c) GDPR)
  • Balancing of interests (Art. 6(1)(f) GDPR)
    • The existence of a relevant and appropriate relationship between the controller and the data subject
    • Prevention of fraud
    • Direct marketing
    • Transfer of data within a corporate group for internal management purposes (including customer and employee data)

3. Transfer of personal data

In certain cases, your personal data may also be disclosed to other bodies: If the disclosure of your personal data is necessary in order to execute or initiate the contractual relationship. We will also disclose your personal data to service providers commissioned by us in the framework of order processing. Your master data and contact details are disclosed in order to ensure an up-to-date database and to check your creditworthiness. Other companies affiliated with TB Digital Services GmbH (TBDS) can also access this database. If we are obliged to disclose your personal data in order to comply with national legislation, e.g. transmission to tax authorities, courts, or auditors, we will fulfil this obligation.

4. Data storage and erasure

We erase your personal data as soon as it is no longer required for the purposes stated above. Your personal data is stored for as long as we are required to do so by law, or for as long as statutory limitation periods apply. This regularly results from legal obligations to provide evidence and to keep records, which are regulated, among other things, in the German Civil Code (BGB), the German Commercial Code (HGB) or in the German Tax Code (AO). In addition, the data is stored if there are further legal or contractual obligations to retain data.

5. Your rights

You have the right to be informed about the data that relates to you, and the right to rectify your data. Provided that there are no statutory regulations to the contrary, you also have the right to erase your data and to object to the processing of your data, and the right to restrict the processing of your data. Furthermore, you have the right to data portability. If we collect and process your personal data on the basis of your consent, you also have the right to revoke the consent you granted with immediate effect. The legality of the data processing carried out with your consent until you withdraw it remains unaffected by your withdrawal of consent. If necessary, we need to verify your identity before we can process your requests. If, in spite of our efforts to maintain accurate and up-to-date data, incorrect information has been saved, we will correct such information when requested to do so. In the event of complaints, users may also contact a data protection supervisory authority.

6. Automated decision-making

In accordance with Art. 22 (1) & (4) of the GDPR, no automated decision-making will take place.

7. Security

TB Digital Services GmbH (TBDS) uses technical and organisational security measures to protect your data against accidental or premeditated tampering, loss, destruction, or access by unauthorised persons.

Our security measures, such as data encryption, are regularly improved in accordance with technological development.

Last updated: June 2021.