Data protection for business partners

With the following explanations, we inform our customers and interested parties in accordance with the applicable General Data Protection Regulation (GDPR) in conjunction with the Federal Data Protection Act (BDSG) on the processing of personal data by us and by associated companies and the rights of the affected people. The legal basis for the provision of the information is derived from articles 13 or 14 of the GDPR.
This data protection declaration shall be updated, as appropriate, and published in appropriate and accessible form. This can be done by letter, mail, Internet and/or post.

1.    Who is responsible for data processing?

Responsible for processing the data is:
KSH GmbH Kleemeier, Schewe & Co. (hereinafter called Company)
Daimler Straße 7, 32051 Herford
Business Phone: 05221-93460
Mail: info(at)


2.    How can the data protection officer be reached?

The company has appointed a data protection officer who can be contacted via the e-mail address datenschutz(at) or via the contact details given above.
Please provide postal messages to the data protection officer in the addition "Privacy - personal / confidential".

3.    What kind of personal data is processed?

The following data of customers and interested parties are processed:

  • Names of contact persons in the company of the customer/prospect
  • Communication data of contact persons in the company of the customer/prospect (e.g. mail, telephone)


4.    Where does the data come from (data source)?

As a rule, we collect the data directly from the person concerned, e.g.:

  • Collection of contact data for the preparation of an offer or other topics related to an order/project
  • Collection of contact data for the purpose of querying suppliers
  • Data that we do not collect directly from the person concerned may include:
  • Transfer of contact information about partner companies on behalf of which the company operates.


5.    What is the data processed and based on what legal basis does this happen?

Personal data may be processed if there is a legal basis for processing. Data from customers/prospects are processed on the basis of the following legal bases:

5.1.    Fulfilment of contractual obligations

Personal data are processed to carry out the contractual agreement, e.g. the provision of services from a contract. This includes pre-contractual measures, such as the preparation of quotations

5.2.    Fulfilment of legal obligations

In conjunction with the provision of services or the initiation of contracts, a large number of legal regulations have to be observed. These include, for example:

  • Statutory retention obligations for the company in accordance with the Commercial Code (HGB) and Tax code (AO)
  • Any liability and warranty claims.

5.3.    Legitimate interest of the person responsible

Processing may be necessary in order to maintain a legitimate interest of the company if it does not outweigh the interests or fundamental rights / -freedoms of the person concerned, which require the protection of personal data. These include, for example, advertising measures of the company.

5.4.    Consent

If consent has been given to the processing of personal data, the respective consent is the legal basis for the processing referred to in the consent. Consent can be revoked at any time with effect for the future. Any revocation shall only be effected for future processing.


6.    Is there a transfer of personal data and if so, to whom?

No data will be passed on to third parties within the framework of the Contract initiation and service delivery.

7.    Is there a transfer of personal data to a third country?

A transfer of personal data to a third country does not take place.

8.    How long will personal data be stored?

The company must comply with the legal requirements when initiating the contract and executing the contract.

The statutory retention period for accounting and tax-relevant documents is usually 10 years. A 6-year retention obligation exists for commercial letters, irrespective of whether they are available in paper form or in digital (e-mail).

Regardless of the retention periods, it is ensured at any time that only authorized employees have access to the data. This applies to paper files and digital data in IT systems.

In the appropriate temporal connection with the expiration of the statutory retention obligation, a data-protection-compliant destruction of the paper-based files as well as a deletion of the data in IT systems takes place.

9.    What are the rights of the persons concerned?

The execution of the contract/service or the initiation of the contract usually requires the processing of personal data.
In this respect, the rights concerned must be ensured under certain conditions from the General Data Protection Regulation (GDPR):

9.1.    Information

9.2.    Correction

9.3.    Deletion / Right to be forgotten

9.4.    Constraint

9.5.    Contradiction

9.6.    Right to Data transferability

9.7.    Revocation of consent

9.8.    Right of appeal to a supervisory authority


10.    Is there a commitment to providing data?

Customers and interested parties must provide the personal data necessary for the establishment, implementation and termination of the contractual relationship or for the collection of which a legal obligation exists. Without the provision of the data, it is not possible to conclude a contract or to execute the tasks existing with the contract.

11.    Is data used for automatic decision-making or profiling?

In the context of the performance of the contract/service or the initiation of the contract, no techniques are used which enable profiling according to article 4 no. 4 GDPR or an automatic decision-making according to article 22 GDPR.