Heritage Origins Brand Story Enduring Legacy
Vision Makers Methods Materials
Craft Yachts Architecture Custom Furniture
Service Process Installation Aftercare
EN DE
3

Privacy Notice

Scroll

Privacy Notice for Business Partners

1. Introduction

This privacy policy explains how metrica GmbH & Co. KG (“we”, “us”, “our”) processes personal data within the context of business activities and related processes with clients, suppliers and business partners.  We are committed to protecting your privacy and handling personal data responsibly and in accordance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR).

This privacy policy applies to personal data of (i) persons with whom we enter into contractual or business relationships, as well as (ii) e.g. shareholders, executive bodies, managing directors, key account managers, or other employees of our contractual or business partners, which we process within the scope of existing or emerging contractual and business relationships. This includes in particular:

  • Clients, buyers and sellers (including prospective clients, buyers and sellers);
  • Existing or potential suppliers, service providers, or consultants;
  • Existing or potential cooperation partners or other partner companies;
  • Existing or potential investors and financiers;
  • Members of the press etc.
     

2. Controller

The metrica entity you are corresponding with is the controller in terms of GDPR.

Senden
metrica GmbH & Co. KG
Bahnhofstraße 73
48308 Senden
Germany

Email: info@metrica.de

Data Protection Officer:
Our Data Protection Officer can be contacted at the above address or via email at
datenschutzbeauftragter@metrica.de

Holtwick
metrica GmbH & Co. KG
Schulweg 23
48720 Rosendahl-Holtwick
Germany

Schweinfurt
metrica Project GmbH
Amsterdamstr. 6a
97424 Schweinfurt
Germany

Amlach
metrica Austria GmbH
Amlach 6a
9761 Greifenburg
Austria

Greenwich
metrica Inc.
57 Old Post Road 2 – Suite 204
Greenwich, CT 06830
USA

Massachusetts
metrica Interior Inc.
209 Earle Street Northampton,
MA 01060 USA

3. Categories of data

The following categories of personal data may be processed in the context of any such business relationship and may vary depending on the type of business relationship:

  • Names
  • Affiliated company the data subject works for
  • Contact details, such as postal address
  • Contract-related data
  • Communication-related data, such as phone numbers or email addresses
  • Banking and other financial information, such as IBAN
  • Credit-scoring information

We primarily process personal data that the data subjects themselves provide to us in the context of contractual and business relationships (e.g., prospective clients or buyers) or that we receive from the respective contractual and business partners, for example in the context of processing an inquiry. We may also receive your data from one of our affiliated companies. In addition, we process personal data that we collect from publicly accessible sources (such as commercial and association registers, the press, the Internet) or receive from third parties (such as credit agencies, brokers, and other intermediaries). 

4. Purposes of processing / legal bases

  • Initiating, managing and fulfilling contractual relationships and/or obligations, answering of inquiries, including the evaluation and processing of enquiries, the preparation and negotiation of offers and contracts, the execution of agreed services, as well as the administration and maintenance of ongoing business relationships. This includes, in particular, purchase agreements (purchase and sale of materials and/or products) and service or work agreements (in particular for the manufacture of products and similar items).

    Such processing is carried out on the basis of Art. 6 (1) (b) GDPR as it may be necessary for the for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. Further, such processing may be carried out in accordance with Art. 6 (1) (f) GDPR based on our legitimate interests in establishing, conducting, and processing business relationships (this in particular applies in business relationships in which the data subject is not the contractual party, but rather e.g. the company the data subject works for).

     

  • Project coordination, including the planning, organisation and management of joint projects, the allocation of tasks and responsibilities, the scheduling of meetings and deadlines, as well as the exchange of project-related information between the parties involved.

    Such processing is carried out on the basis of Art. 6 (1) (b) and (f) GDPR (cf. above).

     

  • Invoicing and payment processing, including the preparation, dispatch and management of invoices, the monitoring of incoming and outgoing payments, as well as the handling of any payment-related queries or disputes.

    Such processing is carried out on the basis of Art. 6 (1) (b) and (f) GDPR (cf. above).

     

  • Compliance with legal obligations, including obligations arising from tax law, commercial law and other applicable statutory provisions, such as statutory control and reporting obligations, the facilitation of audits by tax or other competent authorities, the observance of statutory retention periods, as well as the fulfilment of any other regulatory requirements applicable to our business operations.

    Such processing is carried out on the basis of Art. 6 (1) (c) GDPR.

     

  • Centralization or outsourcing of corporate functions; restructuring or transaction of the company or its entities, including the execution of such transactions or restructurings and, where applicable, upstream due diligence reviews

    Such processing is carried out on the basis of Art. 6 (1) (b) and (f) GDPR (cf. above). Additionally, we have a legitimate interest in developing our business and organisation as well as restructuring or selling the company in order to pursue economic goals, to restructure it, or to increase its effectiveness.

     

  • Reduction of default risks in our business processes, including consulting credit agencies and determining score values (profiling), which help us to assess the probability of contractual partners meeting their payment obligations in accordance with the contract on the basis of a recognized mathematical-statistical method.

    Such processing is carried out on basis of Art. 6 (1) (f) GDPR and our legitimate interest in assessing the solvency or performance capability of business partners prior to concluding a contract in order to avoid economic losses due to defaults.

     

  • Cooperation with press companies

    Such processing is carried out on basis of Art. 6 (1) (f) GDPR and our legitimate interest in publicly presenting our company and our products, thereby creating the conditions for positive economic development.

     

  • Customer relationship management / market research 

    Such processing is carried out on basis of Art. 6 (1) (f) GDPR and our legitimate interest in gaining market insights and optimizing our sales efforts.

     

  • Investigation or prosecution of illegal or abusive incidents / establishment, exercise or defence of legal claims, including personal data being forwarded to legal advisors, law enforcement authorities, and, if applicable, to injured third parties. Data may also be disclosed if this serves to enforce contractual provisions or other claims between us and our contractual and business partners, or to defend against any asserted claims.

    Such processing is lawful in accordance with Art. 6 (1) (f) GDPR, as we have an overriding legitimate interest in enforcing or defending legal claims.
     

5. Disclosure of Data

Personal data may be disclosed to the following recipients:

  • Affiliated companies:

If necessary for processing your request or concluding or executing a contract or business relationship with you, as well as in the case of centralized or outsourced company functions, your data may be passed on to companies affiliated with us for the fulfilment of the above-mentioned purposes. 

  • Professional advisors:

In order to conduct our business as sensibly and economically as possible, we sometimes engage external professional consultants. In this context, personal data may be disclosed in relation to specific transactions. All recipients are bound by appropriate confidentiality and data protection obligations.

  • Service providers / third country transfers: 

In order to provide our services and conduct our business relationships, we may engage service-providers (e.g. CRM and other SaaS providers.) which therefore may also process your personal data. 

Most of these service providers are contractually bound to only process such personal data on behalf of us and are located (i) within the EU/EEA, (ii) in countries for which the EU Commission has officially recognised the existence of an adequate level of data protection, including the US insofar as the data recipients participate in the EU-U.S. Data Privacy Framework.

Where this is not the case or if service-providers themselves engage sub-contractors your personal data may potentially be transferred to third countries (i.e. countries outside of the EU/EEA without an adequate level of data protection). 

All of our service-providers are, however, obligated to solely process in or transfer any of your personal data to third countries in case the additional requirements for international data transfers enshrined in Art. 44 et. seqq. of the GDPR are complied with, pre-dominantly by concluding EU Standard Contractual Clauses and, if required, implement additional measures in order to establish an adequate level of data protection. The EU Standard Contractual Clauses are model contracts provided by the EU Commission which – if required – together with additional measures are intended to ensure that your personal data are processed in accordance with European data protection standards even if the processing takes place outside the EU/EEA.

  • Restructuring, sale of the company, or due diligence

As part of the further development of our business, the structure of our company may change as a result of changes to its legal form, or the establishment, purchase, or sale of subsidiaries, parts of the company, or components thereof. In such transactions, customer information will be transferred along with the part of the company being transferred. This can also take place in the case of upstream due diligence. Whenever personal data is transferred to third parties to the extent described above, we ensure that this is done in accordance with this privacy policy and the relevant data protection laws.

  • Further recipients/disclosures:

Further disclosures will only be made in the following exceptional cases:

  • You have given explicit consent
  • Disclosure is necessary for contractual or legal obligations, e.g. to law enforcement agencies, authorities that prosecute administrative offenses punishable by fines, and tax authorities.
  • Disclosure is required to protect our legitimate interests, e.g. If it is necessary to investigate illegal or abusive use of the service or for legal prosecution, personal data will be forwarded to law enforcement authorities and, if necessary, to injured third parties.

No personal data is sold.

6. Data Retention

We process and store your personal data for as long as this is necessary to fulfil the above-mentioned purposes and legal obligations: We generally store master data and contact details indefinitely or until the respective business relationship has ceased. We delete transaction-related information (e.g., relating to a specific contract or order) after the respective transaction has been completed and any warranty claims have become time-barred, thus mostly with a period of three years after the end of the respective calendar year, unless it is subject to statutory retention.

7. Your Rights (EU / EEA)

You have the right to:

  • Access your personal data: You have the right to obtain confirmation as to whether your personal data are being processed by us.
  • Rectify inaccurate data: You have the right to have false personal data concerning you corrected.
  • Request erasure: You may also request the deletion of your personal data, for example if your data are no longer required for the purposes for which they were collected or otherwise processed.
  • Restrict processing: You also have the right to request the processing of your personal data to be restricted; in such a case, the data will be blocked for any processing. This right exists in particular if the accuracy of the personal data between you and us is debated
  • Object to processing: In case of processing activities involving your personal data that are carried out on basis of a legitimate interest of us or a third party, you have the right to object against such processing of your personal data at any time for reasons resulting from your specific situation. We will stop that processing unless we can prove important reasons for the processing which deserve protection which outweigh your interests, rights and freedoms or if the processing serves to assert, exercise or defend against legal claims.
  • In addition, you have the right to object at any time to the processing of personal data concerning you for the purpose of direct marketing in accordance with Art. 21 para. 2 GDPR.
  • Data portability: If we process your personal data to fulfil a contract with you or on the basis of your consent, you also have the right to receive your personal data in a structured, commonly used and machine-readable format, provided and to the extent that you have made the data available to us.
  • Withdrawal of consent: If you have provided consent to us to process your personal data, you have the right to withdraw any such consent with effect for the future at any time. The withdrawal of consent shall not affect the lawfulness of processing based on con-sent before its withdrawal. 

If you want to assert any of these rights or if you have any other questions (e.g., on agreements on data processing under joint controllership with other companies) or wishes in connection with regard to your personal data, please send an email or a letter using the contact details provided above.

After answering of your inquiry, we delete your inquiry with a period of three years after the end of the respective calendar year.

You also have the right to file a complaint at any time with a supervisory authority, in particular a supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement, if you believe that the processing of personal data concerning you is in violation of applicable data protection laws
 

8. Changes of this policy

This Privacy Policy may be updated from time to time.

Last updated: March/2026