Privacy policy for customers, suppliers, service providers and prospective customers

Data protection notice for customers, suppliers, service providers and prospective customers

How we handle your data and your rights

Information according to Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR)

GSP Sprachtechnologie GmbH places great importance on the protection and security of your personal data. When processing personal data we undertake to comply with the applicable legal regulations on data protection and data security.

The information below is intended to give you an overview of the processing of your personal data by GSP Sprachtechnologie GmbH and your rights under data protection law.

1. Who is responsible for data processing and who is the data protection officer?

The controller for the processing of your data is

GSP Sprachtechnologie GmbH
Teltowkanalstr. 1
12247 Berlin
Tel.: +49 (0)30 76 99 29 - 0
Telefax: +49 (0)30 76 99 29 - 312
Email address: This email address is being protected from spambots. You need JavaScript enabled to view it.

Our data protection officer can be contacted at

This email address is being protected from spambots. You need JavaScript enabled to view it.

or by post at our address plus “Operational data protection officer”.

Contact details are also available online at www.gsp-berlin.de/en/contact

2. Which categories of personal data do we use and where do they come from?

The categories of personal data which we process include your master data (such as first name, surname, name supplements), your job description and your professional contact details (such as work address, (mobile) phone number, email address).

This may also include order data, data from the fulfilment of our contractual obligations (e.g. sales data in payment transactions), information on your financial situation (e.g. creditworthiness data), documentation data (e.g. commercial register excerpt) as well as other similar categories of data.

Your personal data are generally collected directly from you in the course of establishing contact (e.g. business card). We also process personal data which we receive from you in the course of the business relationship.

We may also process personal data which we have legitimately acquired from publicly accessible sources (e.g. the internet, professional networks, commercial register) and are entitled to process.

3. For what purposes and on what legal basis is data processed?

We process your personal data for the following purposes:

  • To fulfil contractual obligations (Article 6(1)(b) GDPR)The primary legal basis for this is Article 6(1)(b) GDPR. Your separate consent according to Article 6(1)(a) GDPR may also be used as permission.
  • Data is generally processed as part of establishing, executing and terminating business relationships, especially in the course of fulfilling our obligations arising from contracts, orders and requests. It allows us to correctly process technical and financial business transactions and all company activities associated with the business relationship.
  • On the basis of legal regulations (Article 6(1)(c) GDPR) We are also obliged by the European anti-terror regulations 2580/2001 and 881/2002 to compare your data with the so-called “EU terror lists” in order to ensure that no funds or other financial resources are being provided for terrorist purposes.
  • We also process your data in order to fulfil our legal obligations, especially as regards tax law. We do this on the basis of Article 6(1)(c).
  • On the basis of your consent (Article 6(1)(a) GDPR)
  • If you have given us your consent to process personal data for particular purposes (e.g. giving your reference on our company website), the legality of this processing is based on your consent.
  • Within the scope of balancing interests (Article 6(1)(f) GDPR)
    • Implementation of pre-contractual measures
    • Safeguarding IT security and operations
    • Safeguarding and protecting domiciliary rights (e.g. video surveillance at GSP in the entrance areas and at escape doors to prevent crimes and if necessary to obtain evidence)
    • Assertion of legal claims and defence in the event of legal disputes
    • Consultation and exchange of data with credit agencies (e.g. Creditreform) to determine creditworthiness and default risk and manage receivables
  • Where necessary, we process your data beyond the actual fulfilment of the contract on the basis of Article 6(1)(f) GDPR, in order to safeguard our legitimate interests or those of third parties (e.g. authorities). Examples:

4. Who receives your data?

Within our company persons and offices only receive your personal data if they require it in order to fulfil our contractual and legal obligations or within the scope of the processing and assertion of our legitimate interests.

We only forward your data to external bodies

  • for purposes where we are obliged or entitled to provide information on, report or disclose data (e.g. to financial authorities) in order to fulfil legal regulations, or if the disclosure of data is in the public interest;
  • for purposes where we are obliged to provide information on, report or disclose data in order to fulfil contractual obligations, e.g. in order to process payments;
  • where external service providers process data on our behalf as processors or subcontractors (e.g. credit institutes, external computer centres, data disposal companies, courier services, postal and logistical service providers);
  • on the basis of our legitimate interests or those of third parties (e.g. to authorities, lawyers, courts, experts, auditors);
  • if you have given us your consent to the transmission of your data to third parties.

Recipients of your data may only use it for the purposes for which it was transmitted to them.

If we entrust service providers with our contractual and legal obligations within the framework of order processing, these service providers are contractually obliged to fulfil our data protection instructions.

5. How long will your data be stored?

If your data is no longer required for the fulfilment of contractual or legal obligations it will be regularly deleted, unless further processing - for a limited time - is necessary for the following purposes:

  • The fulfilment of retention obligations under commercial and tax law, which may arise e.g. from the Handelsgesetzbuch (HGB [German Commercial Code]) or the Abgabenordnung (AO [Tax Code]). The periods prescribed there for retention and/or documentation are generally between two and ten years.
  • Retention of evidence within the scope of legal statutes of limitation. According to Sections 195 et seq. of the Bürgerliches Gesetzbuch (BGB [German Commercial Code]), these terms of limitation may be up to thirty years, whereby the standard term of limitation is three years.

6. Will your data be transferred to a third country?

Your data will only be transferred to states outside the European Union (so-called third countries) if and insofar as

  • this is necessary for the execution of the contractual relationship,
  • it is legally mandated (e.g. by reporting obligations under tax law) or
  • you have given us your consent.

We will only transfer data to third countries if the EU Commission has confirmed that it possesses an appropriate level of data protection or other appropriate data protection guarantees (e.g. binding internal data protection regulations or EU standard contractual clauses) are in place.

7. Scope of your obligation to provide data

Within the scope of our business relationship you must provide the personal data which is necessary for the establishment, execution and termination of a business relationship and the fulfilment of the associated contractual obligation, or which we are legally obliged to collect. Without this data we will generally be unable to conclude a contract with you, or to execute or terminate it.

Refusal to provide this data or your complete countermanding of all processing of this data may render it impossible for you to maintain business relationships or other kinds of relationships with our company.

8. Automated decision-making/profiling

We generally do not use any fully automated decision-making in the sense of Article 22 GDPR to establish and carry out the business relationship. If we deploy these processes in individual cases (e.g. when assessing suppliers), we will inform you of this and separately of your associated rights, where this is prescribed by law.

9. Which data protection rights can you assert as a data subject?

Article 15 GDPR gives you the right to demand information on the personal data stored on you by contacting us at the above address. You may also under particular conditions demand that your data be rectified according to Article 16 GDPR or erased according to Article 17 GDPR. The limitations of Section 34 and 35 GDPR apply to your rights of information and erasure.

Article 18 GDPR may also give you the right to restriction of processing of your data and Article 20 GDPR (data portability) may also give you the right to publication of the data you provided in a structured, commonly-used and machine-readable format.

If you have given your consent to the processing of your personal data, you may withdraw this at any time. This also applies to the withdrawal of declarations of consent which was given to us before the GDPR entered into force, that is before 25 May 2018. The withdrawal of consent only has effect for the future and does not affect the legality of data processing prior to the withdrawal.

Your applications regarding the assertion of the above rights should where possible be made in writing to the above address or addressed directly to our data protection officer; feel free to do this by email to This email address is being protected from spambots. You need JavaScript enabled to view it.

Please also contact our data protection officer for any further data protection queries.

You also have a right to complain to a data protection supervisory authority (Article 77 GDPR in connection with Section 19 GDPR). The data protection supervisory authority responsible for us is:

Berlin officer for data protection and freedom of information
Friedrichstr. 219
10969 Berlin

10. Right to object

If we are processing your data in order to safeguard legitimate interests (Article 6(1)(f) GDPR), you may object to this processing for reasons arising from your particular situation. We will then cease to process your personal data, unless we can prove that there are urgent reasons for the processing which merit protection and which outweigh your interests, rights and freedoms or the data is being processed in order to assert, exercise or defend from legal claims.

The objection may be made formlessly and should if possible be addressed to the above address or directly to our data protection officer; feel free to do this by email to This email address is being protected from spambots. You need JavaScript enabled to view it.

11. Amendments

GSP reserves the right to change this data protection notice at any time. We will publicise amendments by publishing a link in our email signature and on our homepage, among other things. Unless otherwise specified, such amendments shall be effective immediately.

Last updated: 20/07/2018