Validity: from 2018-09-27
Distribution, sale and brokerage of products and services and all associated ancillary transactions.
Auxiliary purposes are accompanying or supporting functions, such as essentially the personnel, intermediary, supplier, service provider and asset administration.
Execution of the storage and data processing of personal data for own purposes.
The following data / data categories are processed:
Data from customers (address data, including telephone, fax and e-mail data, information, banking and financial services)
Data from suppliers (address data, including telephone, fax and e-mail data, information, banking and financial services)
Data of interested parties (address data, interests, offer data)
Data from applicants (mainly job data, information on the professional career, training and qualifications, possibly criminal records)
Data of employees, former employees and dependent persons (address data, including telephone, fax and e-mail data, information, banking and financial services, employee records)
Assets data may also include the names of users, if the capture has been enabled by the customer to manage user-related licenses (usernames). For the same purpose, the names of users are logged in Terminal Sessions (usernames and date of use). This allows day-to-day logging within the meaning of licensing law without granting deeper insights into the productivity of the users. If an software asset is found in the directories of a user (e.g. in the desktop), the directory of the asset will contain the username (usernames). If necessary, we provide works councils and interested parties with deeper insights into the collected raw data on which our analyzes are based.
Transmission of data to third parties only takes place insofar as this is necessary for the performance of contractual obligations towards the customer or employees. In addition, a transfer of data to third parties may be necessary if there is a legal obligation to transmit data.
Our server hosting and our mail services are realized by the German provider xdot GmbH. The data center in which our physical servers are hosted has access controls and regulated access processes. Only our employees can login to our servers. All processes for data backup are carried out by our employees. The cloud services used by us in external communication are implemented by the German Telekom and their Microsoft Cloud Germany.
Transmission of data to third countries does not take place.
All our servers for this service are located at any time on German territory. This is why our data retention and processing is always subject to German jurisprudence.
There are legal requirements to be observed by the responsible authority. These include, for example, the retention obligations (German Abgabenordnung). In addition, there are other legal obligations (for example from the German Handelsgesetzbuch) which must be complied with. After the expiry of these deadlines, the corresponding data are routinely deleted if they are no longer required for contract fulfillment. For example, the statutory or financial data of a financial year ended will be canceled after a further ten years, provided that no longer periods of retention are prescribed or required for legitimate reasons. Shorter deletion periods are used in particular areas (e.g., in the personnel administration area such as rejected applications or warnings). If data are not affected by this, they will be deleted if the purposes mentioned before cease.
The State Commissioner for Data Protection and Freedom of Information
P.O. Box 20 04 44
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1
-----END PGP PUBLIC KEY BLOCK-----