Data protection information to our customers
We are committed to protect your personal data and comply with applicable data protection law, in particular the EU General Data Protection Directive ("GDPR") and, and we only process your personal data on the basis of a statutory provision or if the data subject has declared consent.
In this data protection information, we explain which information (including personal data) are processed by us in connection with the business relationship between you and us.
I. Who is responsible for the processing of personal data?
The controller responsible for the processing of personal data is URSA UK Ltd, Crest House, 102-104 Church Road, Teddington, TW11 8PY. Any reference to "we" or "us" in this data protection information is a reference to the aforementioned entity.
Our data protection coordinator may be contacted via the aforementioned means or via firstname.lastname@example.org.
II. Which data do we process?
The performance of our business relationships requires the processing of data related to our customers. If this data concern a natural person (e.g. if you are a single trader and enter into a business relationship with us), it is considered as personal data. Regardless of the legal form of our contract partners, we process data concerning the contact persons acting for a customer.
Please make this data protection information available to the persons within your organization that are involved in the business relationship with us ("contact persons")
a) any information provided to us in the course of establishing a business relationship or requested by us from our customers or a contact person (e.g., name, address and other contact details; and
b) any information collected and processed by us in connection with the establishment of the business relationship (e.g., the details of the agreements entered into)
a)Information on the performance of contractual obligations by our customers on the basis of the agreements entered into;
b) Information on the performance of contractual obligations by us on the basis of the agreements entered into;
c) Information provided by a customer or a contact person in the course of our business relationship, be it actively or upon our request; and
d) personal data that are provided to us in the course of our business relationship by our customer, a contact person or by third parties;
III. For which purposes and on which legal basis do we process your personal data?
a) group-wide processes for internal administration of customer data
b) the establishment of or defence against legal claims
c) the prevention and investigation of criminal offences
d) maintenance of security for our information technology systems
e) the maintenance of security of our premises and infrastructure
f) management and further development of our business operations including risk management
If we provide to a natural person the option to declare a consent in the processing of personal data, we process the personal data covered by the consent for the purposes specified in such consent on the basis of Article 6 para 1 a) GDPR.
Please note that
IV. Is there an obligation to provide personal data?
The provision of the basic and performance data specified in section II above is necessary for entering into and maintaining a business relationship with us, unless specified otherwise before or at collection of the data. Without the provision of these data, were are not able to enter into and maintain a business relationship.
If we collect additional data, we will indicate if the provision of such information is based on a legal or contractual obligation or necessary for the performance of an agreement. We usually indicate which information may be provided voluntarily and is neither based on a legal or contractual obligation nor necessary for the purposes of an agreement.
V. Who has access to personal data?
Personal data are generally processed within our company. Depending on the categories of personal data, only dedicated departments / organizational units are granted access to your personal data. Such units include in particular the Sale department and – if data are processed via our IT infrastructure – also our IT department. Based on a role / rights management concept, access to personal data is limited to the functions and the extent necessary for the respective purpose of the processing.
If and to the extent permitted by law, we may transfer your personal data to recipients outside of our company. Such external recipients may include
VI. Do we use automated decision-making?
In the course of the business relationship we generally do not use automated decision-making (including profiling) within the meaning of Article 22 GDPR. If we apply such processes in the future, we will inform data subjects separately in accordance with the applicable statutory provisions.
VII. Are data transferred to countries outside the EU / the EEA?
Personal data is processed only within the European Union or the European Economic Area; we do not intend to transfer personal data to other countries ("third countries").
VIII. How long are your data stored?
We generally store personal data as long as we have a justified interest in the retention of such data and there the interest of the data subject in refraining from the further processing do not prevail.
Even without a justified interest, we may continue to store the data if there is a legal obligation (e.g. to comply with statutory retention obligations). We delete personal data even without an action by the data subject as soon as further retention is no longer necessary for the purposes for which the data were collected or otherwise processed or if further retention is not permitted by law otherwise.
In general, basic data and the additional data collected in the course of the business relationship at least until the end of the respective business relationship. The data are deleted in any case if the purposes for the collection or processing were achieved. This point in time may be after the end of the business relationship with us. If personal data need to be stored to comply with a legal obligation, such data is retained until the end of the respective retention period. If personal data are only processed to comply with a statutory retention obligation, the access to such data is usually restricted so that the data are only accessible if needed for the purpose of the retention obligation.
IX. What are the rights of a data subjects?
A data subject may
The aforementioned rights may be asserted against us, e.g. by providing notice to us via the contact details specified on the first page of this data protection information.
In case of further questions, you may also get in touch with our data protection coordinator.
In addition, the data subject is entitled to lodge a complaint regarding the handling of personal data with the competent supervisory authority, Article 77 GDPR.