Privacy information 

Note: Please note that the following information is a translation of BABOR's data protection information from the German language. The information therefore includes, in particular, European regulations on data protection. National regulations of your country of residence, in particular within the framework of the fulfillment of legal requirements as well as the safeguarding of legal storage obligations, may therefore deviate in individual cases.
Within the framework of the business relationship between Dr. Babor GmbH & Co. KG, personal data are processed by the contracting party.


1. Who is responsible for data processing?
The Controller for data processing is Dr. BABOR GmbH & Co. KG with its registered office at Neuenhofstraße 180, D- 52078 Aachen, Tel.: + 49 (0) 241 / 5296 - 0, E-Mail: [email protected].
You can contact our data protection officer at: [email protected]


2. What data is processed?

We process the following data initially for the preparation and execution of contracts with you (Art. 6. para. 1 b GDPR - fulfillment of contractual obligations). This includes in particular: 

  • Name, first name of the contracting party (for legal entities, also of contact persons)
  • Billing address
  • Email address(es) for customer communication, invoicing and further information provision within the scope of the contractual relationship
  • Banking account information
  • Information about Trainings and educations or Events you participate in.

BABOR provides its business partners with a "customer portal" through which additional information you disclose to us may be processed (e.g., Birthday).


3. Processing purposes

We use this information for the preparation and implementation of the business relationship. This includes, in particular, the necessary communication about our products, your orders and upcoming innovations, coordination of appointments and information about training courses and events. 
We process personal data (in particular surname, first name and email address) of contact persons in your company on the basis of our legitimate interest in ensuring smooth communication with our business partners and fulfilling our contractual obligations (Art. 6 para. 1 f GDPR).
In special cases (e.g. use of photos or special information), we will ask for your consent to process this personal data. The processing is then based on Art. 6 para. 1 a GDPR - consent). You can revoke your consent at any time with effect for the future.

We also process your personal data if this is necessary to comply with legal obligations (e.g. commercial, tax laws) or to fulfill tax control and reporting obligations, as well as to archive data for data security purposes (e.g. log files when accessing our IT systems such as the customer portal) and for auditing by tax and other authorities. In addition, the disclosure of personal data may become necessary in the context of official/court measures (requests by authorities for the purpose of gathering evidence, criminal prosecution or enforcement of civil claims). The processing is then based on Art. 6 para. 1 c GDPR - fulfillment of legal obligations.

We may also use your personal data on the basis of a balance of interests to protect the legitimate interest (Art. 6 para. 1 f GDPR) of us or of third parties. This is done for the following purposes:

  • for advertising or market research, if you have not objected to the use of your data; e.g. when using our online portal or checkout solutions
  • for the limited storage of your data, if deletion is not possible or only possible with disproportionate effort due to the special type of storage.
  • for the further development of services and products as well as existing systems and processes.
  • for statistical evaluations or for market analyses.
  • for certifications of private law or official matters.
  • for the assertion of legal claims and defense in legal disputes that are not directly attributable to the contractual relationship.
  • for securing and exercising our house rights through appropriate measures (e.g. video surveillance) when you visit us.
  • For customer classification.  

4. who receives your data?

We share your personal data within our company with the divisions and companies that need this data to fulfill contractual and legal obligations or to implement our legitimate interests.
In addition, the following entities/organizations may receive your data:

  • Processors under Art. 28 GDPR, service providers for supporting activities and other responsible parties within the meaning of the GDPR, in particular in the areas of IT services, logistics, courier services, printing services, external data centers, support/maintenance of IT applications, CRM application, archiving, document processing, accounting and controlling, data destruction, purchasing/procurement, customer management, letter stores, marketing, telephony, newsletter tool, website management, tax consulting, auditing service, credit institutions.
  • Public bodies and institutions in the event of a legal or official obligation under which we are obliged to provide information, report or pass on data, or if the passing on of data is in the public interest.
  • Authorities and institutions on the basis of our legitimate interest or the legitimate interest of the third party (e.g. to authorities, credit agencies, debt collection, lawyers, courts, appraisers and control bodies)
  • other entities for which you have given us your consent to transfer data.



5. contact with our service

If you have any questions for us, please feel free to send a message to our Customer Support.
To do this, you can send an e-mail to [email protected] or call us.

In case of access to this services, we will use your data to answer your inquiries and to contact you. The legal basis for the data processing associated with this is Art. 6 para. 1 b GDPR in the case of contract-related inquiries, otherwise Art. 6 para. 1 f GDPR, due to our interest in processing incoming inquiries correctly and quickly and documenting the result of the processing.

We record and manage all inquiries in a ticket system. This system enables us to process the requests systematically and to accelerate the handling internally. The processing of the request is documented by the parties involved in the ticket system.

Based on the legal retention period, the data entered will be deleted after final processing, but at the latest after 6 years.


6. transfer of your data to a third country or to an international organization

Data processing outside the EU or EEA takes place in individual procedures. In these cases, we contractually ensure that a comparable level of protection is provided by the contractor and that appropriate agreements are in place.


7. how long do we store your data?

As far as necessary, we process your personal data for the duration of our business relationship, this also includes the initiation and execution of a contract.
In addition, we are subject to various storage and documentation obligations, which result, among other things, from the German Commercial Code (HGB) and the German Fiscal Code (AO). The retention and documentation periods specified there are up to ten years beyond the end of the business relationship or the pre-contractual legal relationship.
Ultimately, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 ff. of the German Civil Code (BGB), are generally three years, but in certain cases can be up to thirty years. Deviating storage periods are stated under the respective sections of this notice.


8. your data protection rights

You have the right to information under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR and the right to data portability under Article 20 GDPR). If we process your personal data on the basis of a legitimate interest or for direct marketing purposes, you have a fundamental right to object to the processing of personal data by us under Article 21 GDPR. This right to object applies in the event of special circumstances in your personal situation, insofar as compelling interests of our company worthy of protection do not conflict with these. If you wish to exercise one of these rights, please contact us using the contact details provided or [email protected].


9. scope of your obligations to provide us with your data

You only need to provide the data that is required for the establishment and implementation of a business relationship or for a pre-contractual relationship with us, or which we are required to collect by law. Without this data, we will generally not be able to conclude or execute the contract. This may also refer to data required later in the course of the business relationship. If we request additional data from you, you will be informed separately of the voluntary nature of the information.


10. your right to complain to the competent supervisory authority

You have a right of appeal to the data protection supervisory authority (Art. 77 GDPR).
The supervisory authority responsible for us is the State Commissioner for Data Protection and Freedom of Information NRW.