Transparency customers

Transparency and information obligations for customers, suppliers, contractual partners, interested parties of VALEO IT GmbH

according to the EU General Data Protection Regulation (EU GDPR)


With this document, we inform you about the processing of your personal data by VALEO IT GmbH and the rights you have under data protection law.



Responsible body / data protection


3, In der Scheibe
92706 Luhe-Wildenau

Phone: +49 (9607) 82 19 4 0
Telefax: +49 (9607) 82 19 4 199

Web page:

Data protection contact::



Categories / origin of the data

As part of the contractual relationship and for the initiation of contracts, we process the following personal data:


For business customers:

  • Contact details (e.g. first / last name of current and, if applicable, previous contact persons as well as name additions, company name and address of the customer (employer), telephone number with direct dialing, business email address)
  • Job-related data (e.g. title in the company, department)
    Occupational data (for ex. title in the company, department)  


For private customers:

  • Reference data (title, first / last name, name additions, date of birth, if necessary)
  • Contact details (e.g. name and private address (if applicable, floor, district, state), mobile or landline phone number, email address, fax number)
  • Different delivery / invoice address (e.g. name and address (if applicable, floor, district, state), if necessary, telephone number, if applicable e-mail address)
  • Order history
  • If necessary bank details (within the scope of a SEPA direct debit mandate, first and last name of the account holder)
  • If necessary preferred payment system, information on creditworthiness and credit behavior

We generally receive your personal data from you as part of the contract initiation or during the current contractual relationship. In exceptional constellations, your personal data will also be collected from other locations. This includes event-related queries on relevant information from credit agencies, in particular on creditworthiness and credit behavior.



Purposes and legal basis for data processing

When processing your personal data, the provisions of the EU GDPR, the BDSG (new) (new) and other relevant legal provisions are always complied with.

Your personal data will only be used to carry out pre-contractual measures (e.g. to create offers for products or services) and to fulfill contractual obligations (e.g. to carry out our service, the supplier contract or for order / order / payment processing ), (Art. 6 Para. 1 letter b EU GDPR) or if there is a legal obligation to process it (e.g. due to tax regulations) (Art. 6 Para. 1 letter c EU GDPR). The personal data was originally collected for these purposes.

A data protection law permission regulation can also represent your consent to data processing (Art. 6 Para. 1 lit. a EU GDPR). But before, we will clarify the purpose of the data processing and your right of withdrawal in accordance with Article 7 paragraph 3 EU GDPR. If the consent also relates to the processing of special categories of personal data in accordance with Art. 9 EU GDPR, we will expressly point this out to you in advance.

VALEO IT GmbH is also interested in cultivating customer relationships with you and providing you with information and offers about our products / services, such as: B. to be sent by email. We therefore process your data in order to send you the relevant information and offers (Art. 6 Para. 1 letter f EU GDPR).
To detect criminal offenses, your personal data will only be processed under the conditions of Art. 10 EU GDPR.



Data storage period

As soon as your data is no longer required for the above-mentioned purposes or you have revoked your consent, we will delete it. Data will only be retained beyond the existence of the contractual relationship in cases in which we are obliged or entitled to do so. Regulations that oblige us to keep them can be found, for example, in the Commercial Code or the Tax Code. This can result in a storage period of up to ten years. In addition, statutory limitation periods must be observed.



Recipients of the data / categories of recipients

Within our company, we ensure that only those departments and people receive your data who need it to fulfill our contractual and legal obligations.

With your consent, your data will also be transmitted to other related business units.

In certain cases, service providers support our specialist departments in fulfilling their tasks. The necessary data protection contracts have been concluded with all service providers (e.g. advertising agency, IT distributors).

In addition, in legally prescribed cases, we are obliged to transmit certain information to public bodies such as: financial authorities, law enforcement agencies and customs authorities.



Third country transfer / third-country transfer intent

Data is only transferred to third countries (outside the European Union or the European Economic Area) if this is necessary for the implementation of the contractual or supplier relationship or if it is required by law or if you have given us your consent.

We do not (currently) transfer your personal data to any service provider or to group companies outside the European Economic Area.



Rights of data subjects

Your rights as a data subject are standardized in Art. 15 - 22 EU GDPR.

This includes:

  • The right to information (Art. 15 EU GDPR),
  • The right to rectification (Art. 16 EU GDPR),
  • The right to erasure (Art. 17 EU GDPR),
  • The right to restrict data processing (Art. 18 EU GDPR),
  • The right to object to data processing (Art. 21 EU GDPR).
  • The right to data portability (Art. 20 EU GDPR),

To exercise these rights, please contact: The same applies if you have any questions about data processing in our company or would like to withdraw your consent. You can also file a complaint against data processing with a data protection supervisory authority. 

If we process your data to protect legitimate interests, you can object to this processing at any time for reasons that arise from your particular situation; this also applies to profiling based on these provisions.

We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that demonstrate your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims. 

If we process your personal data for direct marketing purposes, you have the right to object without giving reasons; this also applies to profiling insofar as it is connected with such direct advertising. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.



Obligation to provide the data

For the establishment or execution of a contractual relationship, you are obliged to provide certain personal data. This is necessary for the establishment, implementation and termination of the contractual relationship and the fulfillment of the associated contractual and legal obligations. The execution of the contract is not possible without providing this data.



Automated individual decisions

We do not use purely automated processes to make a decision.