Warning about fraudulent Online Sites claiming to offer Faber-Castell products. More information
Information in accordance with Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR)

Our handling of your data and your rights

Dear Client,

Herein we shall inform you about our processing of your personal data and about the entitlements and rights you hold in accordance with data protection regulations. 

1. Who is responsible for data processing and who can I contact?

The responsible office is:

Faber-Castell Aktiengesellschaft
Nürnberger Straße 2 
90546 Stein 
Germany
Tel.: +49 (0) 911 9965-0 
Fax: +49 (0) 911 9965-5856 
E-Mail: info@faber-castell.de 


You can reach our contact partner for data protection at: 

Faber-Castell Aktiengesellschaft
Data protection officer
Nürnberger Straße 2 
90546 Stein 
Germany
Tel.: +49 (0) 911 9965-0 
Fax: +49 (0) 911 9965-5856 
E-Mail: datenschutz@faber-castell.de

2. Which sources and data do we use?

We process personal data that we receive from you within the framework of our business relationship. In addition, we process personal data necessary for the performance of our services which we have permissibly received (e.g. for performance of orders, for satisfaction of contracts or on the basis of consent issued by you). Furthermore, we process personal data which we have permissibly gathered and processed from public sources (e.g. the press and media).

Relevant personal data are personal details (name, address and other contact data). In addition, this can also include data from the performance of our contractual obligations (e.g. order and invoice data), marketing and sales data, documentation data, register data, data on your use of our telemedia (e.g. time of your access of our website or newsletter, pages clicked or entries) as well as other data comparable to the referenced categories.

3. Why do we process your data (purpose of processing) and on what legal basis?

We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR).

3.1 For performance of contractual obligations (Article 6 Paragraph 1b GDPR)

The processing of personal data (Article 4 No. 2 GDPR) is done to implement our contracts or precontractual measures with you and for the performance of your orders.

3.2 Within the framework of a balancing of interests (Article 6 Paragraph 1f GDPR)

To the extent necessary, we process your data beyond the actual performance of the contract to safeguard our legitimate interests or those of third parties, as for example in the following cases: 

Consultation of and data exchange with information agencies in order to determine creditworthiness and default risk;
Examination and optimisation of procedures for needs analyses and direct customer contact;
Advertising or market and opinion research if you have not objected to the use of your data;
Assertion of legal rights and defences in legal disputes;
Assurance of IT security and of IT operations of A.W. Faber-Castell Nordic ApS;
Prevention and investigation of criminal acts;
Video monitoring for safeguarding house rules;
Measures for building and facility security (e. g. access controls);
Measures for securing house rules;
Measures for business management and development of services and products.


3.3 On the basis of your consent (Article 6 Paragraph 1a GDPR)

If you have issued us your consent for the processing of personal data for specific purposes, the lawfulness of this processing is provided on the basis of your consent. Consent already issued can be revoked at any time. 

Please note that a revocation is effective only in the future. Processing done prior to revocation is not affected.

3.4 On the basis of statutory requirements (Article 6 Paragraph 1c GDPR) or public interest (Article 6 Paragraph 1e GDPR)

In addition, we are subject to various legal obligations, meaning statutory requirements. Included in the purposes of processing are, amongst others, the satisfaction of tax control and notification obligations as well as the appraisal and management of risks in order to adhere to compliance guidelines applicable to us.

4. Who receives my data? 

Within our company, those offices receive your data which need them in order to satisfy our contractual and statutory obligations. In addition, processors used by us (Article 28 GDPR) may receive data for the referenced purposes. These can be companies in the categories IT services, logistics, print services, telecommunications, advisory and consulting as well as sales and marketing.

In regard to the disclosure of data to recipients outside our company, it should be noted that we are obliged to maintain confidentiality over all client related facts and assessments of which we have knowledge in accordance with the general terms and conditions concluded between us. We may disclose information about you only if permitted by statutory provisions, you have consented or we are authorised to issue information. 
5. How long will my data be stored?

To the extent necessary, we process and store your personal data for the duration of our business relationship, which includes, for example the initiation and completion of a contract. 

In addition, we are subject to various statutory retention and documentation obligations.


6. Will data be transmitted to a third country or to an international organisation?

Data transmission to third countries (countries outside the European Economic Area – EEA) takes place only to the extent necessary for the performance of your orders, or if it is required by statute or if you have issued your consent to us. To the extent required by statute, we shall inform you separately on the details. 

7. What data protection rights do I have?

Every data subject has the right to information in accordance with Article 15 GDPR, the right to rectification in accordance with Article 16 GDPR, the right to erasure in accordance with Article 17 GDPR, the right to restrict processing in accordance with Article 18 GDPR as well as the right to data portability in accordance with Article 20 GDPR. In addition, there is a right to lodge a complaint with a data protection supervisory authority (Article 77 GDPR). 

8. Is there an obligation to provide data? 

Within the framework of our business relationship, you only need to make those personal data available that are necessary for the establishment, implementation and termination of a business relationship or the collection of which we are obliged by law. As a rule, without these data we will have to decline the conclusion of a contract or the performance of an order or will not be able to perform on an existing contract and, if applicable, will have to terminate it.

9. To what extent is there automated individual decision-making?

As a rule, for the purpose of establishing and implementing a business relationship we do not use fully automated decision-making in accordance with Article 22 GDPR. If we should use this procedure in individual cases, we will separately inform you if required by statute.

10. To what extent will my data be used for profiling (scoring)?

To an extent, we automatically process your data with the objective of assessing specific personal aspects (profiling). For example, we use profiling in the following cases:

In order to effectively inform and advise you on products, we make use of evaluation instruments. They enable needs-based communication and advertising including market and opinion research. 


Information on your right to object
in accordance with Article 21 General Data Protection Regulation (GDPR)


1. You have the right on grounds relating to your particular situation to lodge an objection against the processing of personal data concerning you on the basis of Article 6 Paragraph 1e GDPR (data processing in the public interest) and Article 6 Paragraph 1f GDPR (data processing on the basis of a balancing of interests) at any time; this also applies to profiling based on this provision within the meaning of Article 4 No. 4 GDPR that we use for the purpose of credit rating or for marketing purposes. 

If you lodge an objection, we will no longer process your personal data unless we can establish compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the assertion, exercise or defence of legal claims.

2. In individual cases we process your personal data for purposes of direct marketing. At all times you have the right to lodge an objection to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling if it is connected with such direct marketing.

If you object to processing for purposes of direct marketing, we shall no longer process your personal data for this purpose.

The objection can be made informally and, if possible, should be directed to:

Faber-Castell Aktiengesellschaft
Data protection officer
Nürnberger Straße 2 
90546 Stein 
Germany
Tel.: +49 (0) 911 9965-0 
Fax: +49 (0) 911 9965-5856 
Email: datenschutz@faber-castell.de