PRIVACY AND DATA SECURITY POLICIES
In the course of carrying out removal orders, Transport Krumpf comes into contact with sensitive data of individuals and companies. The protection of personal data is an important concern for us. Therefore, we process the personal data of our employees, customers as well as business partners in accordance with the applicable legal provisions on the protection of personal data and data security.
This policy governs information processing in compliance with data protection requirements. It deals with secure processing (collection, recording, modification, storage, transmission, destruction of data as well as access to the data) and is in line with the requirements of the GDPR.
The aim of this policy is to protect all data in the company, but in particular sensitive, personal data, from dangers or threats. Our measures are designed to ensure that private and economic damage is avoided and risks for customers are minimized.
This policy applies to all Transport Krumpf employees and processors who come into contact with personal data.
4. confidentiality declaration
In order to meet the requirements with regard to data protection, every employee is obligated to handle personal data confidentially and to maintain data secrecy. The commitment is made in writing. In addition, regular internal briefings and training sessions are held on the subject of data protection.
5. data security management
Transport Krumpf has appointed an external data protection officer to monitor data protection. His duty is to ensure that:
- all employees are continuously instructed and informed about the process
- Violations are reported to management and disciplinary action is taken
- the management is informed about all regulations and changes
- the legal provisions are complied with
The data protection officer acts as a staff unit and reports directly to the management in his function.
6. scope of data protection
The collection, storage, modification or transmission of personal data or its use as a means of fulfilling our business purpose shall be carried out in accordance with the requirements of the GDPR. The purpose of the business is the implementation of removals. These include:
- national and international removals
- Moving personal household goods
- Realization of commercial removals
- Storage of removal goods
6.2. Consent to data use and disclosure
6.2.1. Implied consent
The consent to the order-related use and disclosure of data is implicit. Customers whose data must be used to process the ordered service will be informed in writing about the use of the data in the company.
6.2.2. Explicit consent
The use of personal data outside of the order-relevant processing is excluded. However, should data be further used for other purposes (e.g. publication of quality assessments), the owner of the personal data must expressly consent in writing. In that case, the consent is also valid only for the stated purpose.
6.3 Collection and processing of data
Data of customers and employees are only collected, stored and processed to fulfill our business purpose. The use for any other purpose is excluded.
6.4 Disclosure / transmission of data
Data will only be disclosed to third parties if this is necessary for the processing of transactions or if the owner of the personal data has expressly consented to the disclosure. A transfer to third parties occurs, for example, if a service provider is commissioned with the processing of services relevant to the move. All external service providers who are commissioned with the processing of personal data or individual processing steps are obliged by Transport Krumpf to comply with the GDPR in accordance with the requirements of Art. 28.
6.5 Access to data
Only employees of Transport Krumpf have access to personal data.
The following measures prevent physical and digital access to data by third parties to protect against loss or misuse. These measures include:
- Physical access and access control
- System security and data protection measures
- Internal instructions for data protection and confidentiality
7. data backup and destruction
7.1 Data backup
Transport Krumpf has taken measures to ensure continuous, digital data backup. Data is stored regularly, kept securely off premises, and can be recovered in the event of a potential system failure.
7.2 Destruction of data
Data destruction is the physical and digital destruction of data. The basis for this is §257 of the German Commercial Code (HGB) (retention of documents and time limits). Digitally stored and confidential data not subject to §257 of the German Commercial Code (HGB) such as passport copies, visas or birth certificates are automatically deleted after the purpose has been fulfilled in accordance with the requirements of the deletion concept.
8. monitoring and compliance
The Data Protection Officer is responsible for monitoring, communicating and ensuring compliance with this Policy. He monitors the implementation of the measures on a random basis and checks the service providers involved, the employees and the system requirements. Regular training ensures that Transport Krumpf employees are familiar with the applicable laws, rules and regulations.
- Data protection notices according to Article 13 & 14 DSGVO