Information on data protection for business partners

Dear customers, dear interested parties,

In accordance with the provisions of the EU General Data Protection Regulation (GDPR), we hereby inform you about the processing of personal data collected about you and your rights under data protection law in this regard. Which data is processed in detail and how it is used depends largely on the services requested or agreed. In order to ensure that you are fully informed about the processing of your personal data in the context of the performance of a contract or the implementation of pre-contractual measures, please take note of the following information.

Please note that only the German version of the information duties is legally binding.

1 - Controller responsible for data processing

The controller pursuant to Art. 4 (7) GDPR and the applicable country-specific data protection regulations is:

Eugen-Martin-Straße 14
79106 Freiburg, Germany
Phone: +49 761 20703 - 0 | Email:

Please send general questions about data protection to INTREXX GmbH to

You can contact our data protection officer by post at the above address with the addition - Data Protection Officer - or by e-mail at

2 - What data and sources do we use?

We process personal data that we receive from our customers, suppliers, contractors and interested parties in the course of our business relationship. Furthermore, we process personal data that we legitimately obtain from publicly accessible sources or are legitimately transmitted by other third parties, should this be necessary for the provision of our services.

Relevant personal data, including the prospective customer process, may be: master data (e.g. name, address, telephone number, email address, customer number), order data, data to fulfill our contractual obligations, information about your creditworthiness, payment reliability, correspondence (e.g. correspondence with you), as well as other data comparable to the categories mentioned.

Irrespective of this, there may always be constellations in which we process your personal data that are not mentioned here or whose purposes are not mentioned here. In these cases, we will then provide you with separate information on data protection in relation to the respective occasion, insofar as this is required by law.

3 - What we process your data for (purpose of processing) and on what legal basis

We process your personal data in compliance with the GDPR and the Federal Data Protection Act (BDSG), as well as all other relevant laws, insofar as this is necessary for the decision on the establishment of a business relationship.

Processing is lawful if at least one of the following conditions is met:

3.1 Processing for the fulfillment of contractual obligations

(Art. 6 para. 1 lit. b GDPR)

The processing of personal data takes place in the context of the fulfillment of contracts with our customers, suppliers, contractors and interested parties or to carry out pre-contractual measures and to process your inquiries.

3.2 Processing due to legal requirements

(Article 6(1)(c) GDPR) or in the public interest

(Article 6(1)(e) GDPR)

In addition, we process your personal data to fulfill legal obligations, such as retention obligations under commercial and tax law or our duty to provide advice.

3.3 Processing in the context of the balancing of interests

(Article 6 para. 1 lit. f GDPR)

Where necessary, we also process your data beyond the actual fulfillment of the contract to protect our legitimate interests or those of third parties. Examples:

  • Consultation of and data exchange with credit agencies (e.g. Schufa) in the context of creditworthiness or default risks
  • Examination and optimization of procedures for needs analysis and direct customer contact; incl. customer segmentation and calculation of contract probabilities
  • Advertising for our own products, provided you have not objected to the use of your data
  • Assertion of legal claims and defense in legal disputes
  • Ensuring IT security and IT operations
  • Prevention of criminal offenses
  • Video surveillance to safeguard domiciliary rights and to collect evidence in the event of robberies and fraud
  • Measures for building and system security (e.g. access controls)
  • Measures to safeguard domiciliary rights
  • Measures for business management and further development of services and products

3.4 Processing based on your consent

(Article 6(1)(a) GDPR)

If you have given us your consent to process personal data for specific purposes (e.g. disclosure to third parties, evaluation for marketing purposes or advertising), the lawfulness of this processing is based on your consent. You can withdraw your consent at any time with effect for the future (see also section 7). Processing that took place before the revocation is not affected by this.

4 - Who receives my data?

Within our company, access to your data is granted to those departments that need it to fulfill our contractual and legal obligations or to implement our legitimate interests.

INTREXX GmbH's tax advisor receives all booking data. Direct debit authorizations are processed via our bank.

We will only pass on information about you outside the company if legal or official notification obligations (e.g. social insurance carriers, tax authorities or law enforcement authorities) permit or require this, if the disclosure is necessary for the processing and thus for the fulfillment of the contract or, at your request, for the implementation of pre-contractual measures, if we have your consent or if we are authorized to provide information.

Your personal data is generally processed on our behalf on the basis of order processing contracts in accordance with Art. 28 GDPR. The categories of recipients in this case are:

  • Providers of customer management systems and software
  • Providers of marketing management system
  • Marketing & website agencies
  • IT service providers
  • Data destruction companies

5 - Is data transferred to a third country or to an international organization?

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or disclosure or transfer of data to third parties, this will only take place if it is done to fulfill our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process or have the data processed in a third country if the special requirements of Art. 44 et seq. GDPR are met. This means, for example, that the processing takes place on the basis of special guarantees, such as the officially recognized determination of a level of data protection corresponding to the EU or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").

6 - How long will my data be stored?

We process and store your personal data for as long as is necessary for the fulfillment of our contractual and legal obligations. Your personal data is regularly deleted or blocked if it is no longer required for the fulfillment of contractual or legal obligations, you have exercised your right to deletion, all mutual claims have been fulfilled and there are no other legal retention obligations or legal justification for storage.
In addition, we are subject to various retention and documentation obligations, including those arising from the German Commercial Code (HGB) and the German Fiscal Code (AO). The retention and documentation periods prescribed there are two to ten years.

The storage period is also based on the statutory limitation periods, which, for example, according to §§ 195 ff. of the German Civil Code (BGB), are generally three years, but in certain cases can be up to thirty years.

7 - What data protection rights do I have?

You can request information about the personal data stored about you at the above address (Art. 15 GDPR). In addition, you can request a correction if we have stored incorrect data about you (Art. 16 GDPR). Under certain conditions, you can also request the erasure of your data (Art. 17 GDPR) or exercise your right to object (Art. 21 GDPR). You also have the right to restrict the processing of your personal data (Art. 18 GDPR) and the right to have the data you have provided handed over (Art. 20 GDPR). The restrictions under Sections 34 and 35 BDSG apply to the right to information and the right to erasure.

In addition, you have the right to lodge a complaint with the State Commissioner for Data Protection and Freedom of Information, Königstrasse 10 a, D-70173 Stuttgart (Art. 77 GDPR in conjunction with Section 19 BDSG). The right to lodge a complaint exists without prejudice to any other administrative or judicial remedy.

If the processing of data is based on your consent, you are entitled to withdraw your consent to the use of your personal data at any time in accordance with Art. 7 GDPR. Please note that the revocation only takes effect for the future. Processing that took place before the withdrawal is not affected. Please also note that we may have to retain certain data for a certain period of time in order to comply with legal requirements.

8 - Information about your right to object in accordance with Article 21 GDPR


You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(e) GDPR (data processing in the public interest) and Article 6(1)(f) GDPR (data processing on the basis of a balancing of interests); this also applies to profiling based on this provision within the meaning of Article 4(4) GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.


In individual cases, we process your personal data for the purpose of direct advertising. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes. The objection can be made informally and should preferably be addressed to:

To safeguard your rights, you are welcome to contact us using the contact details provided in section 1.

9 - What happens if I do not provide my data?

The provision of personal data for the establishment, execution or fulfillment of a contract or for the implementation of pre-contractual measures is generally not required by law or contract. You are therefore not obliged to provide personal data. However, please note that this is generally necessary for the decision to conclude a contract, the fulfillment of the contract or for pre-contractual measures. If you do not provide us with any personal data, we may not be able to make a decision within the scope of contractual measures. We recommend that you only ever provide the personal data that is required for the conclusion of the contract, the fulfillment of the contract or pre-contractual measures.

10 - Automated decision-making

In principle, we do not use fully automated decision-making in accordance with Art. 22 GDPR to establish, fulfill or implement the business relationship or for pre-contractual measures. If we use these procedures in individual cases, we will inform you of this separately or obtain your consent if this is required by law. We process your data partly automatically with the aim of evaluating certain personal aspects (so-called "profiling") in accordance with Art. 4 No. 4 GDPR.) We use profiling in the following cases, for example We may evaluate your data in order to determine your potential interest in our products and services. This evaluation is based on statistical methods using current and past customer data. We use the results to address you in a more needs-based and targeted manner.