Privacy policy for customers and prospects

Information obligations according to Art. 13 GDPR for customers and interested parties

Data protection and the protection of your personal data is our top priority. We will inform you below about the processing of your personal data in the company. Personal data is processed in accordance with the provisions of the General Data Protection Regulation (GDPR) and the new Federal Data Protection Act (BDSG-neu).


Name and address of the person responsible

Albert Tebbe GmbH
Teichhausweg 1
49143 Bissendorf
Represented by the management:
Frank Tebbe

Telephone: (0 54 02) 99 22-0


Contact details of the data protection officer

Matthias Wöstemeyer, c/o C&S Consulting, Overbergstrasse 45, 49124 Georgsmarienhütte


Processing of personal data in the company

We process personal data that we receive from you as part of an inquiry, business initiation or our business relationship. We continue to process personal data that we have legitimately received from other companies or other third parties (e.g. for the execution of orders, for the fulfillment of contracts or on the basis of your consent) to the extent necessary for the performance of the contract. On the other hand, we process personal data that we have legitimately obtained from publicly accessible sources and that we are allowed to process.
Relevant personal data are personal details (name, address and other contact details, date and place of birth and nationality). In addition, this can also be order data, data from the fulfillment of our contractual obligations, information about your financial situation (creditworthiness data), advertising and sales data, documentation data and other data comparable to the categories mentioned.


1. Purposes and legal bases of the processing

The purposes of the processing are primarily based on the service you have commissioned or requested.


1.1. The processing is necessary for the fulfillment of a contract or for the implementation of pre-contractual measures (Article 6 (1) (b) GDPR).

  • The processing of personal data takes place for the provision and brokerage of commercial transactions, in particular for the implementation of our contracts or pre-contractual measures with you and the execution of your orders. Furthermore, for the execution of contracts in the employment relationship.


1.2. The processing takes place as part of the balancing of interests (Article 6 (1) (f) GDPR). If necessary, we process your data beyond the actual fulfillment of the contract to protect our legitimate interests or those of third parties.

  • Data exchange with credit agencies (SCHUFA, Creditreform) to determine creditworthiness or default risks
  • Advertising or market and opinion research, unless you have objected to the use of your data
  • Assertion of legal claims and defense in legal disputes
  • Ensuring IT security
  • Prevention and investigation of criminal offenses
  • Measures for building and system security
  • Measures for business management and further development of services and products.


1.3. You have given your consent to the processing of your personal data for one or more specific purposes (Article 6 (1) (a) GDPR).

  • If you give us your consent to process personal data for specific purposes (e.g. advertising, sending newsletters, publishing photos or personal data), the legality of this processing is given on the basis of your consent.
  • A given consent can be revoked at any time. This also applies to the Revocation of declarations of consent that were given to us before the GDPR came into force, i.e. before May 25, 2018.
  • The revocation only applies with effect for the future. Processing that took place before the revocation is not affected.


1.4. The processing is necessary to fulfill a legal obligation to which we are subject (Article 6 (1) (c) GDPR).

  • As a company, we are subject to various legal obligations within the framework of tax and social security law control and reporting obligations. Further requirements may arise from the Severely Disabled Persons Act, professional associations, fraud and money laundering prevention, compliance with the requirements of the EU anti-terror regulation, etc.


2. Recipients or categories of recipients of the data (if data transmission takes place)


2.1. Within the company, those departments receive your data that they need to fulfill our contractual and legal obligations. Processors used by us (Art. 28 DS-GVO) can also receive data for these purposes. These are companies in the categories of credit services, IT services, printing services, telecommunications, advice and consulting, as well as sales and marketing.


2.2. Outside the company, companies may receive your data that they need to fulfill our contractual obligations. Under these conditions, recipients of personal data e.g. B. be:

  • Accountants, auditors, consultants
  • Lawyers (disputes, debt collection, etc.)
  • technicians/craftsmen (maintenance, repair work)
  • Transport and logistics companies
  • Debt collection company
  • Banks/savings banks
  • Credit agencies (SCHUFA, Creditreform)


3. Storage duration or criteria for determining the duration

If necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation and execution of a contract. In addition, we are subject to various storage and documentation obligations, which essentially result from the German Commercial Code (HGB) and the Tax Code (AO). The storage and documentation periods stipulated there are six to ten years.

Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to Sections 195 et seq (BGB) in the presence of a court title up to 30 years.

After termination of the contractual relationship, the deletion takes place after expiry of the statutory retention requirements.


4. Information on the rights of those affected

Every data subject has the following data protection rights under the GDPR:

  • Right to information according to Art. 15 GDPR
  • Right to correct incorrect data according to Art. 16 GDPR
  • Right to erasure according to Art. 17 GDPR
  • Right to restriction of processing according to Art. 18 GDPR
  • Right to data portability according to Art. 20 GDPR
  • Right to object according to Art. 21 GDPR

To exercise your above-mentioned rights and to revoke a given consent, please contact the above-mentioned responsible body.

You have the right to lodge a complaint with a supervisory authority. You can assert this right with a supervisory authority in the member state of your place of residence, your place of work or the place of the alleged infringement.
Before you contact the competent supervisory authority with a complaint, we would like to ask you to clarify this matter with our data protection officer.


5. Planned data transfer to third countries

There is currently no data transfer to third countries and there are no plans for the future.


6. Voluntariness and obligation to provide personal data

As part of our business relationship, we must provide the personal data that is required to establish and conduct a business relationship and to fulfill the associated contractual obligations or that we are legally obliged to collect. Without this data we are not able to conclude or execute a contract.


7. Automated decision-making including profiling

In principle, we do not use exclusively automated decision-making within the meaning of Art. 22 GDPR to establish and implement the business relationship.