a) Purpose limitation and legal basis
TB Digital Services GmbH (TBDS) processes your personal data in order to execute and manage an existing or incipient contractual relationship with you. In this context, your personal data is processed for various purposes as part of a range of processing activities.
b) Data sources
As a rule, your personal data is collected directly from you as part of an existing or incipient contract relationship.
c) Obligation to provide data
You must provide the controller with the personal data required to execute the contractual relationship. If this data is not provided, TB Digital Services GmbH (TBDS) cannot fulfil its legal obligations or enter into the contractual relationship.
d) Intended purpose of processing activities
An overview of the intended purpose of our processing activities is provided below:
e) Putting services and materials out to tender
Sending requests, calling in outstanding quotes, commercial review and completeness checking on quotes, and performing negotiations.
f) Order processing (materials and services)
Writing, submitting, sending, and tracking orders in the system.
g) Supplier support
Communication regarding products or services, responding to inquiries and requests, and bottleneck and risk management.
h) Procurement controlling and service provider management
Figures regarding suppliers.
i) Compliance with legal obligations
Compliance with retention obligations, ensuring that compliance requirements are met through checks (e.g. sanctions list check, money laundering, tip-offs regarding legal violations, operation of an internal control system (ICS) and other monitoring systems to ensure that business processes are in order)
The processed data must be classified into the following data categories:
- Professional contact and (work) organisational data
- IT usage data
- Data on personal/professional circumstances & characteristics
- Creditworthiness and bank data
- Contractual data
The aforementioned processing activities are justified by the following legal bases:
- Consent to one or more specified purposes (Art. 6(1)(a) GDPR)
- Fulfilment of the contract or contract initiation (Art. 6(1)(b) GDPR)
- Fulfilment of legal obligations (Art. 6(1)(c) GDPR)
- Balancing of interests (Art. 6(1)(f) GDPR)
- The existence of a relevant and appropriate relationship between the controller and the data subject
- Prevention of fraud
- Direct marketing
- Transfer of data within a corporate group for internal management purposes (including customer and employee data)