Política de privacidade

JRS Petcare would like to thank you for visiting our website and for your interest in our company. Data protection is a top priority for JRS Petcare. The following statement tells you how we implement data protection provisions at JRS Petcare, what information we record when you visit our web pages, and how this information is used. First of all: your data is exclusively used for the following purposes, and will not be used in any other way – e.g. for advertising purposes – without your permission. 

I. Name and address of the Controller 

The Controller in the sense of the General Data Protection Regulation and other national data protection laws of the member states as well as other statutory data protection provisions is: 

JRS Petcare GmbH & Co.KG
Holzmühle 1
73494 Rosenberg
Phone: 07967/152-0
Email: petcare@jrs.de
Website: www.jrspetcare.de 

II. Name and address of the Data Protection Officer 

The Controller’s Data Protection Officer is: 

Heike Feil
Email: Datenschutzbeauftragter@jrs.de

III. General information about data processing  

We fundamentally only collect and utilize our users’ personal data to the extent that this is necessary in order to provide a functional website as well as our content and services. As a rule, our users’ personal data is only collected and utilized with the consent of the user. An exception applies in cases where it is not possible to obtain consent in advance for practical reasons, and where data processing is permitted by the statutory provisions.  

1. Legal basis for processing personal data 

If and to the extent that we obtain consent from the data subjects for personal data processing transactions, Art. 6 Sec. 1 lt. a EU General Data Protection Regulation (GDPR) serves as the legal basis for processing personal data. 

In processing personal data that is necessary in order to fulfill a contract with the data subject, Art. 6 Sec. 1 lt. b GDPR serves as a legal basis. This also applies to processing steps that are necessary in order to perform pre-contractual measures. 

If and to the extent that personal data must be processed in order to fulfill a legal obligation to which our company is subject, Art. 6 Sec. 1 lt. c GDPR serves as a legal basis. 

In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Art. 6 Sec. 1 lt. d GDPR serves as a legal basis. 

If processing is necessary in order to protect a legitimate interest of our company or of a third party, and as long as the interests, basic rights and basic freedoms of the data subject do not outweigh the former interest, Art. 6 Sec. 1 lt. f GDPR serves as a legal basis for the processing.  

2. Data deletion and duration of storage  

The data subject’s personal data will be deleted or blocked as soon as the storage purpose no longer applies. In addition, storage may take place if this is required by European or national legislation through Union ordinances, laws or other regulations to which the Controller is subject. Data will also be blocked or deleted after the end of a storage period established by the abovementioned standards, unless there is a need to continue storing the data in order to conclude or fulfill a contract. 

IV. Provision of the website and creation of log files 

1. Description and scope of data processing 

Each time our web page is accessed, our system automatically records data and information from the computer system on the accessing computer.  The following data is collected: 

  • Information about the browser type and version used
  • The user’s operating system 
  • The user’s internet service provider 
  • The user’s IP address 
  • Date and time of access 
  • Websites from which the user’s system accesses our web page 
  • Websites accessed by the user’s system via our website. 

The log files contain IP addresses and other data that can be associated with a user. This is the case, for instance, if the link to the website from which the user accessed the web page or the link to the next website the user visits contains personal data.  The data is also saved in our system’s log files. This data is not combined with any other personal data regarding the user.  The user data collected in this way is pseudonymized using technical measures, so it is no longer possible to associate the data with the user accessing the website. This data is not combined with any other personal data regarding the user.  

2. Legal basis for data processing  

The legal basis for temporarily storing the data and log files is Art. 6 Sec. 1 lt. f GDPR. 

3. Purpose of data processing 

The system must temporarily store the IP address in order to deliver the website content to the user’s computer. In order to do this, the user’s IP address must be stored for the duration of the session.  Data is stored in log files in order to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information systems. Data is not analyzed for marketing purposes in this context.  These purposes also constitute our legitimate interest in data processing pursuant to Art. 6 Sec. 1 lt. f GDPR. 

4. Duration of storage 

The data will be deleted as soon as it is no longer needed in order to achieve the purpose for which it was collected. If the data was recorded in order to make the website available, this is the case when the respective session ends.  

5. Objection and removal option  

Recording the data in order to make the website available and storing the data in log files is necessary in order to operate the web page. Thus the user does not have the option of objecting to this. 

V. Use of cookies 

1. Description and scope of data processing 

Our website uses cookies. Cookies are text files that are stored in the user’s web browser or on the user’s computer system by the web browser. For data protection reasons, our website fundamentally does not store any cookies on the user’s computer. For PHP sessions, we only use session cookies. The session cookies used by WordPress are only saved in the web browser’s main memory, so they are deleted when the browser is closed. That is why you generally need to log in again after closing the browser. Visit data that needs to be maintained during a session includes form data, for instance, so that it can be displayed again if there is an incorrect entry. This data is also deleted at the latest when the form is submitted. 

2. Legal basis for data processing  

The legal basis for processing personal data using cookies is Art. 6 Sec. 1 lt. F GDPR. 

3. Purpose of data processing 

The purpose of using necessary cookies is to simplify the use of websites for the users and/or to make websites easier to navigate.  These purposes also constitute our legitimate interest in processing personal data pursuant to Art. 6 Sec. 1 lt. f GDPR.  

4. Duration of storage 

Cookies are not stored on the user’s computer. 

5. Analysis by Google Analytics 

This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics also uses cookies, in other words text files that are stored on your computer to analyze your use of the website (see above under IV 1 – 4).  

As a rule, the information generated by the cookie about your use of the website will be transmitted to a Google server in the United States and stored there. However, we have enabled the Google Analytics IP anonymization function on this web page, so Google will first shorten your IP address within member states of the European Union or in other states that are party to the Agreement on the European Economic Area.  

Google will use this information to analyze your use of the website, to compile reports on the website activities and to provide the website operator with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be associated with any other data held by Google.  

You can prevent data generated by the cookies and relating to your use of the website (including your IP address) from being recorded and shared with Google, as well as from being processed by Google, by downloading and installing the browser plugin under the following link: http://tools.google.com/dlpage/gaoptout. This will place an opt-out cookie that prevents your data from being recorded when you visit this website in the future.  

More information about the terms of use and about data protection with Google Analytics can be found under www.google.com/analytics/terms/de.html  and under https://www.google.de/intl/de/policies/

VI. Contact form, online application and email contact 

1. Description and scope of data processing 

a.) Our web page features a contact form / application form that can be used to contact us electronically. If a user takes advantage of this option, the data entered on the input screen will be transmitted to us and saved. This involves the following data: 

  • Title, first and last name 
  • Company 
  • Industry/application area 
  • Street name, house number, postal code, city and country 
  • Phone 
  • Email 
  • Desired salary, if applicable 
  • Application materials 

When you send the message, the following data will also be saved: 

  • The user’s IP address  
  • Date and time of registration  

In order to process your data, we will obtain your consent as part of the submission step and provide a reference to this data privacy policy.  

b.) Alternatively, users can contact us via the provided email address. In this case, the user’s personal data that is transmitted along with the email will be saved.  

c.) Data is not shared with third parties. The data will exclusively be used for conducting the conversation and/or for the application process. 

2. Legal basis for data processing  

a.) The legal basis for processing data with consent from the user is Art. 6 Sec. 1 lt. a GDPR. 

b.) The legal basis for processing data transmitted in the course of sending an email is Art. 6 Sec. 1 lt. f GDPR. If the goal of the email contact is to conclude a contract, an additional legal basis for processing is Art. 6 Sec. 1 lt. b GDPR. 

3. Purpose of data processing 

We exclusively process personal data from the input screen for the purpose of handling the contact request. In the case of an email contact, this also establishes our necessary legitimate interest in processing the data.  The other personal data processed during the submission step serves to prevent any misuse of the contact form and to ensure the security of our information systems. 

4. Duration of storage 

a.) The data will be deleted as soon as it is no longer needed for the purpose for which it was collected. For personal data from the input screen and personal data provided by email, this is the case when the respective conversation with the user has ended. The conversation has ended when the circumstances indicate that the matter in question has been resolved. 

b.) For personal data from the input screen in the online application function and personal data submitted by email as part of an application, this is the case when the relevant application process is complete and there is no risk of a legal objection. 

By submitting the declaration of consent as part of the online application, you agree to our storing of applications for a period of 2 years so that we can also consider you for future job openings.  

Any additional personal data collected during the submission step will be deleted at the latest after seven days. 

5. Objection and removal option 

The user has the option to revoke the consent for processing personal data at any time. If the user contacts us by email, he or she can object to the storage of the personal data at any time. In this case, the conversation cannot be continued and/or the application can no longer be considered.  

Please send your revocation of consent and/or your objection to data storage via email to info@jrs.de or bewerbung@jrs.de, or in writing to our company address given above. In this case, all personal data stored in the context of establishing contact will be deleted. 

VII. Rights of the data subject 

If your personal data is processed, you are considered a data subject in the sense of GDPR and you have the following rights with regard to the Controller: 

1. Right to information 

You can request confirmation from the Controller as to whether your personal data is being processed by us.  If such processing is taking place, you can request information from the Controller about the following matters:  

  1. the purposes for which personal data is being processed; 

  2. the categories of personal data being processed; 

  3. the recipients and/or categories of recipients to whom the relevant personal data has been or will be disclosed;  

  4. the planned duration of storage for your personal data or, if no concrete information is available in this regard, criteria for determining the duration of storage;  

  5. whether you have the right to rectification or deletion of your personal data, the right to restrict processing by the Controller, or the right to object to this processing;  

  6. whether you have the right to lodge a complaint with a supervisory authority;  

  7. all available information about the origin of the data if the personal data was not collected from the data subject; 

  8. whether an automated decision-making process exists, including profiling pursuant to Art. 22 Sec. 1 and 4 GDPR and – at least in these cases – relevant information about the logic involved as well as the scope and desired effects of such processing for the data subject. 

You have the right to request information about whether your personal data is transmitted to a third country or an international organization. In this context, you can request information about the suitable guarantees pursuant to Art. 46 GDPR in conjunction with this transmission.  

2. Right to rectification  

You have the right to have your data rectified and/or completed by the Controller if your processed personal data is incorrect or incomplete. The Controller must rectify this data immediately.  

3. Right to restrict processing 

Under the following conditions, you can request that processing of your personal data be restricted: 

  1. if you dispute the accuracy of your personal data for a period that allows the Controller to check the accuracy of the personal data;  

  2. if the processing is unlawful and you refuse to have the personal data deleted, instead requesting that use of the personal data be restricted;  

  3. if the Controller no longer needs the personal data for the intended processing purposes, but you need it in order to establish, exercise or defend legal claims, or  

  4. if you have lodged an objection to processing pursuant to Art. 21 Sec. 1 GDPR and it has not yet been determined whether the Controller’s legitimate reasons outweigh your reasons. 

If you have restricted the processing of your personal data, this data may only be processed – aside from its storage – with your consent; or in order to establish, exercise or defend legal claims; or in order to protect the rights of another natural or legal person; or in the case of substantial public interest by the Union or a member state.  If processing was restricted according to the above requirements, you will be informed by the Controller before any restriction is lifted.  

4. Right to erasure 

a) Erasure obligation 

You can ask the Controller to delete personal data concerning you immediately and the Controller is obligated to erase this data immediately if one of the following reasons applies: 

  1. Your personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed. 

  2. You withdraw your consent upon which processing was based pursuant to Art. 6 Sec. 1 lt. a or Art. 9 Sec. 2 lt. a GDPR, and there is no other legal basis for the processing.  

  3. You object to the processing pursuant to Art. 21 Sec. 1 GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing pursuant to Art. 21 Sec. 2 GDPR. 

  4. The personal data was unlawfully processed.  

  5. The personal data must be erased in order to comply with a legal obligation under Union law or the law of the member states to which the Controller is subject.  

  6. The personal data was collected for information society services pursuant to Art. 8 Sec. 1 GDPR. 

b) Information for third parties Where the Controller has made your personal data public and is obligated to erase this personal data pursuant to Art. 17 Sec. 1 GDPR, the Controller, with consideration for the available technology and the cost of implementation, will take reasonable steps, including technical measures, to inform Controllers processing the personal data that you as a data subject have requested the erasure by such Controllers of any links to this personal data and any copies or replications of this personal data.  

c) Exceptions The right to erasure does not apply to the extent that processing is necessary  

  1. for exercising the right to freedom of expression and information; 

  2. for compliance with a legal obligation which requires processing under Union law or the law of the member states to which the Controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;  

  3. for reasons of public interest in the area of public health pursuant to Art. 9 Sec. 2 lt. h and i as well as Art. 9 Sec. 3 GDPR; 

  4. for archiving purposes, scientific or historical research purposes and statistical purposes that are in the public interest pursuant to Art. 89 Sec. 1 GDPR, to the extent that the right named in Section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or  

  5. for the establishment, exercise or defense of legal claims. 

5. Right to information 

If you have asserted your right to rectification, erasure or restriction of processing toward the Controller, the Controller must inform all recipients to whom your personal data was disclosed about this rectification or erasure of data or restriction of processing, unless this proves impossible or involves disproportionate effort.  You have the right to obtain information from the Controller about these recipients. 

6. Right to data portability 

You have the right to receive personal data concerning you which you have provided to the Controller, in a structured, commonly used and machine-readable format. In addition, you have the right to transmit this data to another Controller without being prevented from doing so by the Controller that originally received the personal data, where   

  1. the processing is based on consent pursuant to Art. 6 Sec. 1 lt. a GDPR or Art. 9 Sec. 2 lt. a GDPR or on a contract pursuant to Art. 6 Sec. 1 lt. b GDPR and 

  2. the processing is carried out by automated means. 

In exercising this right, you also have the right to have your personal data transmitted directly from one Controller to another, where technically feasible. This may not adversely affect the freedoms or rights of others.  The right to data portability does not apply if processing of personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.  

7. Right to object 

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you pursuant to Art. 6 Sec. 1 lt. e or f GDPR, including profiling based on those provisions.  

The Controller will no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for establishing, exercising or defending legal claims.  

If your personal data is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.  

If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes. 

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.  

8. Right to withdraw consent for data protection  

You have the right to withdraw your consent for data processing at any time. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.  

9. Automated individual decision-making, including profiling  

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision  

  1. is necessary for concluding or fulfilling a contract between you and the Controller, 

  2. is permissible under Union or member state law to which the Controller is subject and which also lays down suitable measures to safeguard your rights and freedoms as well as your legitimate interests; or  

  3. is based on your explicit consent. 

However, such decisions may not be based on special categories of personal data referred to in Art. 9 Sec. 1 GDPR, unless Art. 9 Sec. 2 lt. a or g applies and suitable measures to safeguard your rights and freedoms as well as your legitimate interests are in place. 

In the cases referred to in (1) and (3), the Controller will implement suitable measures to safeguard your rights and freedoms as well as your legitimate interests, at least the right to obtain human intervention on the part of the Controller, to express your point of view and to contest the decision.  

10. Right to lodge a complaint with a supervisory authority 

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.  

The supervisory authority with which the complaint has been lodged will inform the complainant about the progress and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR. 

VIII. Use of social media buttons 

We use “social plugins” (hereinafter referred to as buttons) from social networks such as Facebook and LinkedIn. Where these buttons are displayed on the web page, they have not already established contact with the Facebook or LinkedIn servers. Only by clicking on these buttons do you provide your consent to communicate with Facebook or LinkedIn, and a connection is then created. The button remains enabled until you click on it again or delete your cookies. More information about cookies can be found in our cookie policy. 

Once the button is clicked, it creates a direct connection to the server of the social network in question. The content of the button is then transmitted from the social networks directly to your browser, which integrates it into the web page.  

Once a button is clicked, the social network in question can already collect data, regardless of whether you interact with the button. If you are logged in to a social network, your visit to this website can be associated with your user account.  

If you are a member of a social network and do not want data collected during your visit to our website to be associated with your saved member data, you will need to log out of the social network in question before clicking on the buttons.  

We do not have any influence over the scope of data that social networks collect through their buttons. The purpose and scope of this data collection and the further processing and use of this data by the social networks in question, as well as your rights and setting options to protect your privacy in this regard, can be found in the data privacy policies for the respective social networks.  

IX. Our social media appearances

Data processing through social networks

We maintain publicly available profiles in social networks. The individual social networks we use can be found below.

Social networks such as Facebook, Google+ etc. can generally analyse your user behaviour comprehensively if you visit their website or a website with integrated social media content (e.g. like buttons or banner ads). When you visit our social media pages, numerous data protection-relevant processing operations are triggered.

In detail: If you are logged in to your social media account and visit our social media page, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, your personal data may also be recorded if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies stored on your device or by recording your IP address.

Using the data collected in this way, the operators of the social media portals can create user profiles in which their preferences and interests are stored. This way you can see interest-based advertising inside and outside of your social media presence. If you have an account with the social network, interest-based advertising can be displayed on any device you are logged in to or have logged in to.

Please also note that we cannot retrace all processing operations on the social media portals. Depending on the provider, additional processing operations may therefore be carried out by the operators of the social media portals. Details can be found in the terms of use and privacy policy of the respective social media portals.

Legal basis

Our social media appearances should ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. The analysis processes initiated by the social networks may be based on divergent legal bases to be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 (1) (a) GDPR).

Responsibility and assertion of rights

If you visit one of our social media sites (e.g., Facebook), we, together with the operator of the social media platform, are responsible for the data processing operations triggered during this visit. You can in principle protect your rights (information, correction, deletion, limitation of processing, data portability and complaint) vis-à-vis us as well as vis-à-vis the operator of the respective social media portal (e.g. Facebook).

Please note that despite the shared responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are determined by the company policy of the respective provider.

Storage time

The data collected directly from us via the social media presence will be deleted from our systems as soon as the purpose for their storage lapses, you ask us to delete it, you revoke your consent to the storage or the purpose for the data storage lapses. Stored cookies remain on your device until you delete them. Mandatory statutory provisions – in particular, retention periods – remain unaffected.

We have no control over the storage duration of your data that are stored by the social network operators for their own purposes. For details, please contact the social network operators directly (e.g. in their privacy policy, see below).

Individual social networks


We have a profile on Facebook. The provider is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. Facebook is certified under the EU-US Privacy Shield.

We have signed an agreement with Facebook on shared responsibility for the processing of data (Controller Addendum). This agreement determines which data processing operations we or Facebook are responsible for when you visit our Facebook Fanpage. This agreement can be viewed at the following link: https://www.facebook.com/legal/terms/page_controller_addendum

You can customise your advertising settings independently in your user account. Click on the following link and log in: https://www.facebook.com/settings?tab=ads

Details can be found in the Facebook privacy policy: https://www.facebook.com/about/privacy/


We have a profile at Pinterest. The operator is Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103-490, USA (“Pinterest”). Details on how they handle your personal data can be found in the privacy policy of Pinterest: https://policy.pinterest.com/de/privacy-policy

X. Analytical tools and advertising

Facebook Pixel

To measure our conversion rates, our website uses the visitor activity pixel of Facebook, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”).

This tool allows the tracking of page visitors after they have been linked to the website of the provider after clicking on a Facebook ad. This makes it possible to analyse the effectiveness of Facebook ads for statistical and market research purposes and to optimize future advertising campaigns.

For us as the operators of this website, the collected data is anonymous. We are not in a position to arrive at any conclusions as to the identity of users. However, Facebook archives the information and processes it, so that it is possible to make a connection to the respective user profile and Facebook is in a position to use the data for its own promotional purposes in compliance with the Facebook Data Usage Policy. This enables Facebook to display ads on Facebook pages as well as in locations outside of Facebook. We as the operator of this website have no control over the use of such data.

The use of Facebook Pixel is based on Art. 6 Sect. 1 lit. f GDPR. The operator of the website has a legitimate interest in effective advertising campaigns, which also include social media.

In Facebook’s Data Privacy Policies, you will find additional information about the protection of your privacy at: https://www.facebook.com/about/privacy/.

You also have the option to deactivate the remarketing function “Custom Audiences” in the ad settings section under  https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you first have to log into Facebook.

If you do not have a Facebook account, you can deactivate any user based advertising by Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.

TikTok Pixel

We have integrated the TikTok pixel on this website. The provider is TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (hereinafter referred to as TikTok).

With the help of TikTok Pixel, we can display interest-based advertising on TikTok to website visitors who have viewed our offers (TikTok Ads). At the same time, we can use the TikTok Pixel to determine how effective our advertising on TikTok is. This allows the effectiveness of TikTok ads to be evaluated for statistical and market research purposes and optimized for future advertising measures. Various usage data is processed, such as IP address, page views, length of stay, operating systems used and origin of the user, information about the ad that a person clicked on TikTok or an event that was triggered (timestamp). This data is summarized in a user ID and assigned to the respective end device of the website visitor.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time.

Data transfer to third countries is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.tiktok.com/legal/page/eea/privacy-policy/de-DE and https://ads.tiktok.com/i18n/official/policy/controller-to-controller.

Adform Pixel

In order to place interest-based advertising, cookies from Adform A/S Wildersgade 10B, 1, 1408 Copenhagen K, Denmark are used. For this purpose, information on the operating system, browser version, IP addresses, geographical location and number of clicks or views is stored in pseudonymous user profiles. 

This data is used for the following purposes:

  • Recording the number of visitors to our websites.
  • Determining the order in which a visitor visits the various pages of our website.
  • Assessing which parts of our website need to be adapted.
  • Optimizing the website.

The legal basis for this is Art. 6 para. 1 lit. f) GDPR.

Your opt-out option:

By clicking on this link, you can have an opt-out cookie set that prevents any further data collection. https://site.adform.com/datenschutz-opt-out/ 

You can also prevent cookies from being set in your browser settings or regularly delete cookies that have already been set. In this case, please note that the opt-out cookie will then also be deleted, so that you will have to repeat any objections.

XI. Changes to this data privacy statement 

We occasionally make changes to this data privacy statement to ensure that it corresponds to the current legal requirements and covers all of our offerings.  

Your statutory rights to information, rectification, blocking, deletion and objection remain unaffected by such changes.

Further information for customers and suppliers you will find under: 

Information about customer’s and supplier’s data processing according to article 13 and 14 GDPR