Mandatory Information

1 Compulsory information according to Art. 12 et seq. General Data Protection Regulation (GDPR)

We hereby inform you in the following about the processing of your data, in accordance with Art. 12 et seq. GDPR.

Name and contact details of the processing controller:
Bahnhofsallee 18
58507 Lüdenscheid Deutschland
Tel. +49 (0) 2351 5674 0
Fax +49 (0) 2351 5674 410
E-mail dialog(at)

You can contact our data protection officer at:
progressorg GmbH Höveler Weg 2
D-58553 Halver
Tel. + 49 (0) 2353 9096 31
Fax + 49 (0) 2353 9096 49
E-mail datenschutz(at)

2 Where do we obtain your personal data from?

As a rule, you provide the data yourself. The processing of the personal data provided by you is necessary to fulfil the contractual obligations arising from the contract concluded with us. Owing to your duty to cooperate, it is necessary that you provide us with the personal data we request, otherwise we will not be able to fulfil our contractual obligations. Within the framework of pre-contractual measures, it is necessary that you provide us with your personal data. If the requested data is not provided by you, then a contract cannot be concluded. In order to fulfil our contractual obligations, it may be necessary to process personal data that we have received from other companies or other third parties, e.g. tax offices, your business partners or similar, as permitted and for the respective purpose. Furthermore, we may process personal data from publicly accessible sources, e.g. websites, which we use legitimately and only for the respective contractual purpose. 

3 Purposes and legal bases of processing

The personal data provided by you will be processed in accordance with the provisions of the (GDPR) and the Federal Data Protection Act (BDSG):

3.1. On the basis of consent (as per Art. 6(1)(a) GDPR)
The purposes of the processing of personal data result from the granting of a consent You can revoke a granted consent at any time with effect for the future. Consents granted before the validity of the GDPR (25 May 2018) can also be revoked. Processing that took place before the revocation remains unaffected by the revocation.

3.2. For the performance of contractual obligations (as per Art. 6(1)(b) GDPR)
On the one hand, the purposes of data processing result from the introduction of pre-contractual measures which precede a contractually governed business relationship, and on the other hand to fulfil the obligations arising from the contract concluded with you, as is the case, for example, with processing operations necessary for the delivery of goods or the provision of another service or consideration.

3.3. On the basis of legal requirements (as per Art. 6(1)(c) GDPR) or in the public interest (as per Art. 6(1)(e) GDPR)
The purposes of data processing result from legal requirements or are in the public interest (e.g. compliance with retention obligations, proof of compliance with the notification and information obligations of the tax advisor).

3.4. For the purposes of balancing interests (as per Art. 6(1)(f) GDPR)
The purposes of this processing result from the protection of our legitimate interests. It may be necessary to process the data provided by you beyond the actual performance of the contract. Our legitimate interest may be invoked to justify the continued processing of the data you have provided, insofar as your interests or fundamental rights and freedoms do not override this. Our legitimate interest in any given case may be: Enforcement of legal claims, defence against liability claims, prevention of criminal offences.

4 Data categories

We process the following data categories: Master data (title, first name, surname), communication data (address, telephone number, email address), contract data and order data.

5 Period of storage

The data provided by you will be processed for as long as it is necessary to achieve the contractually agreed purpose, in principle as long as the contractual relationship with you is in force. After termination of the contractual relationship, the data provided by you will be processed to comply with legal storage obligations or on the basis of our legitimate interests. After expiry of the legal retention periods and/or the cessation of our legitimate interests, the data provided by you will be deleted. Anticipated deadlines for the storage obligations applicable to us and our legitimate interests:
› Fulfilment of commercial, tax and professional conduct-related retention periods. The deadlines specified for storage and documentation range between two to ten years.
› Preservation of evidence within the framework of the statute of limitations. Pursuant to Section 195 et seq. of the German Civil Code (BGB), these limitation periods may be up to 30 years, whereby the normal limitation period is three years.

6 Transfer of data to third parties

Within our company, only those departments that require the personal data provided by you to fulfill contractual and legal obligations, and that are authorised to process this data, receive access to it. In fulfillment of the contract concluded with you, only those parties that require the data you have provided for legal reasons, e.g. tax authorities, social security agencies, competent authorities and courts, will receive it. Within the scope of our provision of services, we commission contractors who contribute to the fulfilment of the contractual obligations, e.g. computer centre service providers, EDP partners, document shredders, etc. These data processing companies are contractually bound by us to comply with the requirements of the GDPR and the German Federal Data Protection Act (BDSG).

7 Will the data you provide be transferred to third countries or international organisations?

All companies and subsidiaries belonging to our Group (hereinafter referred to as "group companies") and having their registered office or place of business in a third country may receive personal data. The addresses of our group companies are available on our website. Furthermore, a list of all group companies can be requested from our data protection officer. As per Article 46 I GDPR, the data controller or a data processing company may only transfer personal data to a third country if the responsible person or the data processing company has provided appropriate guarantees, and if the data subjects have enforceable rights and effective legal remedies at their disposal. Suitable safeguards may be provided for by standard data protection clauses, without requiring specific authorisation from a supervisory authority, Art. 46(2)(c) GDPR. The EU standard data protection clauses are agreed with all recipients from third countries before the initial transfer of personal data. As a result, appropriate safeguards, enforceable rights and effective legal remedies resulting from the EU standard data protection clauses are guaranteed for all processing of personal data. All data subjects may obtain a copy of the standard data protection clauses from our data protection officer. The standard data protection clauses are also available in the Official Journal of the European Union (OJ 2010 / L 39, p. 5-18).

8 Does automated decision-making, including profiling, take place?

No fully automated decision-making (including profiling) as per Art. 22 GDPR is used to process the data you provide.

9 Rights of the data subject

You can revoke your consent once granted to us at any time in accordance with Art. 7 (3) GDPR, which means that we may no longer continue in the future with data processing that was based on this consent. If the legal requirements are met, you have the following rights under Articles 15-22 GDPR: right of access (Article 15 GDPR), right to rectification (Article 16 GDPR), right to erasure (Article 17 GDPR), right to restriction of processing (Article 18 GDPR), and the to data portability (Article 20 GDPR).

10 Right to object

Insofar as your personal data are processed on the basis of legitimate interests in accordance with Art. 6(1)(1)(f) GDPR, you have the right to object to the processing of your personal data as per Art. 21 GDPR, provided that there are reasons for this arising from your particular situation. If you wish to exercise your right to object, simply send an email to

11 Right to lodge complaint with a supervisory authority

In accordance with Art. 77 GDPR, you have the right to lodge a complaint with the supervisory authority if you believe that the processing of your personal data is not lawful. The address of the supervisory authority responsible for our company is: Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (North Rhine-Westphalia state official for data privacy and information security), Kavalleriestr. 2-4, 40213 Düsseldorf, Germany, email: Furthermore, you have the option of contacting the supervisory authority at your usual place of residence.