var privacyHub = {};
privacyHub.cmpWait = 0;
privacyHub.initFired = false;
privacyHub.generateDSE = function() {
var node = document.createElement('div');
node.id = 'content-dse';
node.innerHTML = privacyHub.htmlContent;
var scriptTag = privacyHub.currentScript;
var parentTag = scriptTag.parentNode;
// load PP inside custom div
if (privacyHub.customId && privacyHub.customId.length > 0) {
document.getElementById(privacyHub.customId).innerHTML = privacyHub.htmlContent;
} else {
// load PP inside body
if (document.body == parentTag || document.head == parentTag) {
document.body.appendChild(node);
} else {
parentTag.appendChild(node);
}
}
}
privacyHub.initCMP = function() {
if (typeof usercentrics != 'undefined') {
if (usercentrics.initInterface) {
usercentrics.initInterface();
} else {
setTimeout(function () {
privacyHub.initCMP();
}, 100)
}
} else if (typeof UC_UI != 'undefined') {
if (UC_UI.isInitialized && UC_UI.isInitialized()) {
UC_UI.restartCMP();
} else {
setTimeout(function () {
privacyHub.initCMP();
}, 100)
}
} else if (typeof OneTrust != 'undefined') {
if (OneTrust.initializeCookiePolicyHtml) {
OneTrust.initializeCookiePolicyHtml();
} else {
setTimeout(function () {
privacyHub.initCMP();
}, 100)
}
} else {
if (privacyHub.cmpWait <= 3) {
setTimeout(function () {
privacyHub.cmpWait = privacyHub.cmpWait + 1;
privacyHub.initCMP();
}, 500)
}
}
}
privacyHub.scrollToAnchor = function() {
let normalize = function (inputStr) {
if (inputStr === undefined || inputStr === null) {
return inputStr;
}
// to lowercase
inputStr.toLowerCase();
// replace umlaute
inputStr = inputStr.replace(/ä/g, "ae").replace(/ö/g, "oe").replace(/ü/g, "ue")
.replace(/ß/g, "ss");
// replace spaces with - and remove non alphanumeric
inputStr = inputStr.replace(/ /g, "-").replace(/[^a-zA-Z0-9_-]/g, "");
return inputStr;
}
// get anchor
let currentUrl = document.URL,
urlParts = currentUrl.split('#');
let name = (urlParts.length > 1) ? urlParts[1] : null;
// normalize anchor
name = normalize(name);
if (name === undefined || !name) {
return;
}
//try to get by id
let accordion = document.getElementById(name);
if (accordion !== undefined && accordion !== null) {
if (accordion.tagName === 'DETAILS') {
accordion.open = true;
}
accordion.scrollIntoView({ behavior: 'smooth' });
return;
}
// fallback search via summary name
Array.from(document.getElementsByTagName('summary')).map((element) => {
if (normalize(element.innerText) === name) {
parent = element.parentElement;
if (parent.tagName === 'DETAILS') {
parent.open = true;
}
parent.scrollIntoView({ behavior: 'smooth' });
}
});
}
privacyHub.initDSE = function() {
if (privacyHub.noLoad == null) {
if (document.readyState === 'complete') {
if (!privacyHub.initFired) {
privacyHub.initFired = true;
privacyHub.generateDSE();
privacyHub.scrollToAnchor();
}
} else {
window.addEventListener ?
window.addEventListener("load",function() {
if (!privacyHub.initFired) {
privacyHub.initFired = true;
privacyHub.generateDSE();
privacyHub.scrollToAnchor();
}
},false) :
window.attachEvent && window.attachEvent("onload",function() {
if (!privacyHub.initFired) {
privacyHub.initFired = true;
privacyHub.generateDSE();
privacyHub.scrollToAnchor();
}
});
}
}
}
privacyHub.htmlContent = '
The protection of your private rights and freedoms is important to us; we only use your data for the purposes intended. Since it is important to us that you know at all times to what extent we collect, use and, if necessary, transfer your data to third parties, we will inform you in detail below about the processing of your personal data collected by us or stored by us. When processing personal data, we strictly adhere to the provisions of the EU General Data Protection Regulation (GDPR) and, if applicable, other data protection-relevant provisions.
Name and address of the controller
Greenplan GmbH
Dr. Clemens Beckmann
Rabinstraße 1
53111 Bonn
Germany
Phone: +49 67 42 87 27 80
E-mail: contact@greenplan.de
If you have any questions regarding the processing of your personal data, if you wish to exercise your rights as a data subject (such as the right to information, correction, blocking or deletion of data) or if you wish to withdraw your consent, please contact our data protection officer directly.
General deadlines for data deletion
After the purpose of storage has ceased, the retention periods are generally at least six or ten years. As a rule, data is deleted immediately in accordance with our deletion concept, provided that this does not conflict with any retention obligation, necessity for contract fulfillment or a legitimate interest.
Data security information
We protect your personal data processed by us against loss, destruction, access, alteration or distribution by unauthorized persons by means of appropriate technical and organizational measures. However, despite regular checks, complete protection against all risks is not possible.
Rights of data subjects
The EU General Data Protection Regulation (GDPR) provides for extensive rights for data subjects in Chapter III, which we explain to you accordingly below with regard to the processing of your personal data:
- Right to information
This requirement concerns in particular information on the following details of data processing:
- Processing purposes
- Data categories
- Recipients or categories of recipients, if applicable
- If applicable, the planned storage duration or the criteria for determining this duration.
- Note on the respective right of correction, deletion, restriction or objection
- Existence of the right to complain to a supervisory authority
- If applicable, origin of the data (if not collected from you)
- If applicable, existence of automated decision-making including profiling, including meaningful information about the logic involved, the scope and the effects to be expected
- If applicable, (planned) transfer to a third country or international organization
- Right to rectification
We will correct any erroneous data immediately, provided that you inform us of the circumstance accordingly.
- Right to erasure (right to be forgotten)
Provided that the processing is no longer necessary and one of the following conditions is met:
- Discontinuation of the purpose of processing
- Withdrawal of their consent and absence of any other legal basis for processing
- Objection to processing without an important reason to the contrary
- Unlawful processing
- Required to fulfill a legal obligation
- Data collection was carried out in accordance with Art. 8 (1) GDPR
Within the scope of the deletion request, we will, if necessary, pass on your request to those third parties to whom a transfer of your data had previously taken place.
- Right to restriction of processing
Provided that one of the following conditions is met:
- You dispute the accuracy of your data (restriction can be made for the duration of the review on our side)
- In the event of unlawful processing and if the data is not to be deleted, restriction of processing shall take the place of deletion
- If the processing purposes cease to apply, at the same time you need your data for the assertion, exercise or defense of legal claims
- After you have lodged an objection pursuant to Art. 21 (1) GDPR and for the duration of the examination as to whether our legitimate reasons outweigh yours.
- Right to data portability
If it is technically possible and does not affect the rights and freedoms of other persons, we will - at your request - transfer your data to another recipient (responsible party).
- Right to object
If we collect or have collected and process personal data from you (on the basis of Art. 6 (1) e or f or Art. 9 (2) a GDPR), you have the right to object to the data processing (including profiling) at any time (with effect for the future). In exceptional cases, the objection may be ineffective, e.g. if we can demonstrate compelling interests worthy of protection for the processing that outweigh your interests or processing serves the assertion, exercise or defense of legal claims. If we process your personal data for the purpose of direct marketing, you have the right to object to such processing at any time. This also applies to profiling, insofar as it is related to such direct advertising. You also have the right to object to processing of your data concerning you which is carried out by us for scientific or historical research purposes or for statistical purposes pursuant to Article 89 (1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.
- Automated decisions in individual cases including profiling
If we collect or have collected and process personal data from you, you have the right not to be subject to any decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. Exceptions to this requirement apply if the decision is necessary for the conclusion or performance of a contract between you and us or you have expressly consented to the processing. In any case, we will take reasonable steps to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain the intervention of a person on our part, to express our own point of view and to contest the decision.
- Right to revoke consent under data protection law
You have the right to revoke consent to the processing of personal data at any time.
- Right to complain to a supervisory authority
A list of the supervisory authorities responsible in Germany can be found on the website of the Federal Commissioner for Data Protection or at the following link: https://www.bfdi.bund.de/EN/Service/Anschriften/Laender/Laender-node.html.
Legal basis of processing
We process personal data in accordance with the requirements of the GDPR, depending on the type and purpose of the processing as follows:
Permitted use | Specification of the GDPR |
Informed consent | Art. 6 para. 1 a |
Performance of a contract | Art. 6 para. 1 b |
Implementation of pre-contractual measures | Art. 6 para. 1 b |
Fulfillment of legal obligations | Art. 6 para. 1 c |
Protection of vital interests | Art. 6 para. 1 d |
Safeguarding our legitimate interest | Art. 6 para. 1 f |
Our legitimate interest
Our legitimate interest, as defined in Article 6 (1) f GDPR, is based on the performance of our business activities in order to maintain our ability to operate and secure the employment of our employees.
Depending on the processing, purposes, legal basis and other information may vary; you will find the exact allocation of information in the following chapter.
General management
Purpose of the processing of general data | Data type | Purpose of the survey |
---|
1) All company data (details: billing data, address data, bank account data/credit card data, credit rating data, date of birth, IT usage data/log data/log files, IP address, interests/preferences, contact data, resume, name/first name/address/title, social security data, contract and agreement master data, payment data, timekeeping data, payroll data, correspondence, miscellaneous). | - File management - General administration - Order management - Visitor management - Office communication - Incoming mail - External consultants - Paper and file destruction - Parking space allocation - Mailroom - Key management - Appointment management - Contract management
|
|
Legal basis (according to Art. 6 / 9 GDPR) | The processing is necessary for the fulfillment of a legal obligation pursuant to Art. 6 para. 1 lit. c DSGVO. The processing is necessary for the fulfillment of a contract or a pre-contractual measure according to Art. 6 para. 1 lit. b DSGVO. |
Recipient (if applicable) | To 1) Processor (Details: Processor in the sense of Art. 4 No. 8 DSGVO in conjunction with Art. 28 DSGVO) To 1) External (Details: Service providers, other organizations, other third parties) To 1) Internal (Details: Internal department) To 1) Public body (Details: Public body: Authority, body of the administration of justice, public-law institution of the Federation, federally indirect corporations, institutions, foundations and their associations in accordance with § 2 para. 1-3 BDSG.). |
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned |
If known: Duration of data storage | See General deadlines for data deletion |
Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
Consequences of non-compliance (in case of failure to provide the required data) | If the data is not provided, the described processing cannot be carried out. |
If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
If applicable, origin of the data (if not collected directly from the data subject) | Re 1) Direct collection (details: the data was collected directly from the data subject through: e.g. questionnaire, contract, contact form, online store, conversation). |
General administration (internal)
Purpose of the processing of general data | Data type | Purpose of the survey |
---|
1) All company data (details: billing data, address data, bank account data/credit card data, credit rating data, date of birth, IT usage data/log data/log files, IP address, interests/preferences, contact data, resume, name/first name/address/title, social security data, contract and agreement master data, payment data, timekeeping data, payroll data, correspondence, miscellaneous). | - Internal list management with social or corporate reference
|
|
Legal basis (according to Art. 6 / 9 GDPR) | The processing is necessary for the fulfillment of a legal obligation pursuant to Art. 6 para. 1 lit. c DSGVO. The processing is necessary to protect the legitimate interests of the controller or a third party pursuant to Art. 6 (1) f DSGVO and no interests or fundamental rights and freedoms of the data subject are overridden. The processing is necessary for the fulfillment of a contract or a pre-contractual measure according to Art. 6 para. 1 lit. b DSGVO. |
Recipient (if applicable) | Re 1) Internal (Details: Internal department) |
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned |
If known: Duration of data storage | See General deadlines for data deletion |
Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
Consequences of non-compliance (in case of failure to provide the required data) | If the data is not provided, the described processing cannot be carried out. |
If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
If applicable, origin of the data (if not collected directly from the data subject) | Re 1) Direct collection (details: the data was collected directly from the data subject through: e.g. questionnaire, contract, contact form, online store, conversation). |
Purchasing tasks
Purpose of the processing of general data | Data type | Purpose of the survey |
---|
1) All company data (details: billing data, address data, bank account data/credit card data, credit rating data, date of birth, IT usage data/log data/log files, IP address, interests/preferences, contact data, resume, name/first name/address/title, social security data, contract and agreement master data, payment data, timekeeping data, payroll data, correspondence, miscellaneous). | - Ordering - Service provider management
|
|
Legal basis (according to Art. 6 / 9 GDPR) | The processing is necessary for the fulfillment of a legal obligation pursuant to Art. 6 para. 1 lit. c DSGVO. The processing is necessary for the fulfillment of a contract or a pre-contractual measure according to Art. 6 para. 1 lit. b DSGVO. The processing is necessary to protect the legitimate interests of the controller or a third party pursuant to Art. 6 (1) f DSGVO and no interests or fundamental rights and freedoms of the data subject are overridden. |
Recipient (if applicable) | Re 1) Internal (Details: Internal department) |
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned |
If known: Duration of data storage | See General deadlines for data deletion |
Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
Consequences of non-compliance (in case of failure to provide the required data) | If the data is not provided, the described processing cannot be carried out within the scope of purchasing tasks. |
If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
If applicable, origin of the data (if not collected directly from the data subject) | Re 1) Direct collection (details: the data was collected directly from the data subject through: e.g. questionnaire, contract, contact form, online store, conversation). |
Customer support
Purpose of the processing of general data | Data type | Purpose of the survey |
---|
1) All company data (details: billing data, address data, bank account data/credit card data, credit rating data, date of birth, IT usage data/log data/log files, IP address, interests/preferences, contact data, resume, name/first name/address/title, social security data, contract and agreement master data, payment data, timekeeping data, payroll data, correspondence, miscellaneous). | - Call processing - Service - Customer support
|
|
Legal basis (according to Art. 6 / 9 GDPR) | The processing is necessary for the fulfillment of a contract or a pre-contractual measure according to Art. 6 para. 1 lit. b DSGVO. The processing is necessary to protect the legitimate interests of the controller or a third party pursuant to Art. 6 (1) f DSGVO and no interests or fundamental rights and freedoms of the data subject are overridden. |
Recipient (if applicable) | Re 1) Internal (Details: Internal department) |
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned |
If known: Duration of data storage | See General deadlines for data deletion |
Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
Consequences of non-compliance (in case of failure to provide the required data) | If the data is not provided, the described processing cannot be carried out within the scope of customer support. |
If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
If applicable, origin of the data (if not collected directly from the data subject) | Re 1) Direct collection (details: the data was collected directly from the data subject through: e.g. questionnaire, contract, contact form, online store, conversation). |
Marketing Management
Purpose of the processing of general data | Data type | Purpose of the survey |
---|
1) All company data (details: billing data, address data, bank account data/credit card data, credit rating data, date of birth, IT usage data/log data/log files, IP address, interests/preferences, contact data, resume, name/first name/address/title, social security data, contract and agreement master data, payment data, timekeeping data, payroll data, correspondence, miscellaneous). | - Acquisition - Pictures and videos at events - Competitions - Contact form - Customers - Photo and film - Marketing measures - Trade fair photos - Trade fair stand support - Newsletter - Online marketing - Press - Print mailings - Social media marketing - Events and functions - Website evaluation
|
|
Legal basis (according to Art. 6 / 9 GDPR) | Consent pursuant to Art. 6 Para. 1 lit. a DSGVO is given. The requirements for consent according to Art. 7 para. 1-4 DSGVO are met. The processing is necessary to protect the legitimate interests of the controller or a third party pursuant to Art. 6 (1) f DSGVO and no interests or fundamental rights and freedoms of the data subject are overridden. |
Recipient (if applicable) | Re 1) Internal (Details: Internal department) |
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned |
If known: Duration of data storage | See General deadlines for data deletion |
Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | No |
Consequences of non-compliance (in case of failure to provide the required data) | There is no obligation to provide personal data. |
If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
If applicable, origin of the data (if not collected directly from the data subject) | Re 1) Direct collection (details: the data was collected directly from the data subject through: e.g. questionnaire, contract, contact form, online store, conversation). |
Accounting
Purpose of the processing of general data | Data type | Purpose of the survey |
---|
1) All company data (details: billing data, address data, bank account data/credit card data, credit rating data, date of birth, IT usage data/log data/log files, IP address, interests/preferences, contact data, resume, name/first name/address/title, social security data, contract and agreement master data, payment data, timekeeping data, payroll data, correspondence, miscellaneous). | - (Online) Banking - Direct Debit Accounting - Quotation, Order, Invoice Creation - Invoicing, Reminders |
|
Legal basis (according to Art. 6 / 9 GDPR) | The processing is necessary for the fulfillment of a contract or a pre-contractual measure according to Art. 6 para. 1 lit. b DSGVO. The processing is necessary for the fulfillment of a legal obligation pursuant to Art. 6 para. 1 lit. c DSGVO. |
Recipient (if applicable) | Re 1) External (details: service providers, other organizations, other third parties) Re 1) Internal (details: internal department) |
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned |
If known: Duration of data storage | See General deadlines for data deletion |
Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
Consequences of non-compliance (in case of failure to provide the required data) | If the data is not provided, the described processing cannot be carried out within the framework of the accounting system. |
If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
If applicable, origin of the data (if not collected directly from the data subject) | Re 1) Direct collection (details: the data was collected directly from the data subject through: e.g. questionnaire, contract, contact form, online store, conversation). |
Technical data security measures
Purpose of the processing of general data | Data type | Purpose of the survey |
---|
1) All company data (details: billing data, address data, bank account data/credit card data, credit rating data, date of birth, IT usage data/log data/log files, IP address, interests/preferences, contact data, resume, name/first name/address/title, social security data, contract and agreement master data, payment data, timekeeping data, payroll data, correspondence, miscellaneous). | - General network protection - Backup - User administration - Data media disposal - Logging in IT systems - Handling passwords - Access control (authorization concept) - Access control
|
|
Legal basis (according to Art. 6 / 9 GDPR) | The processing is necessary for the fulfillment of a legal obligation pursuant to Art. 6 para. 1 lit. c DSGVO. |
Recipient (if applicable) | Re 1) Processor (details: IT service provider) Re 1) Public body (details: law enforcement authorities, if applicable) |
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned |
If known: Duration of data storage | See General deadlines for data deletion |
Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
Consequences of non-compliance (in case of failure to provide the required data) | If the data is not provided, the described processing in the area of IT security cannot be carried out. |
If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
If applicable, origin of the data (if not collected directly from the data subject) | Re 1) Direct collection (Details: The data was collected directly from the data subject). |
Corporate Management
Purpose of the processing of general data | Data type | Purpose of the survey |
---|
1) All company data (details: billing data, address data, bank account data/credit card data, credit rating data, date of birth, IT usage data/log data/log files, IP address, interests/preferences, contact data, resume, name/first name/address/title, social security data, contract and agreement master data, payment data, timekeeping data, payroll data, correspondence, miscellaneous). | - Analysis and reporting - Inquiries from third parties - Lawyer and court documents - Information procedures for affected parties - Tenders - Controlling - Data to auditors, accountants, customs authorities - Data to management consultants - Project management - Auditing, compliance - Technical equipment - Improvement process
|
|
Legal basis (according to Art. 6 / 9 GDPR) | The processing is necessary for the fulfillment of a contract or a pre-contractual measure according to Art. 6 para. 1 lit. b DSGVO. |
Recipient (if applicable) | To 1) Processor (Details: Processor in the sense of Art. 4 No. 8 DSGVO in conjunction with Art. 28 DSGVO) To 1) External (Details: Service providers, other organizations, other third parties) To 1) Internal (Details: Internal department) To 1) Public body (Details: Public body: Authority, body of the administration of justice, public-law institution of the Federation, federally indirect corporations, institutions, foundations and their associations in accordance with § 2 para. 1-3 BDSG.). |
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned |
If known: Duration of data storage | See General deadlines for data deletion |
Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
Consequences of non-compliance (in case of failure to provide the required data) | If the data is not provided, the described processing in the area of enterprise management cannot be carried out. |
If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
If applicable, origin of the data (if not collected directly from the data subject) | Re 1) Direct collection (details: the data was collected directly from the data subject through: e.g. questionnaire, contract, contact form, online store, conversation). |
Sales tasks
Purpose of the processing of general data | Data type | Purpose of the survey |
---|
1) All company data (details: billing data, address data, bank account data/credit card data, credit rating data, date of birth, IT usage data/log data/log files, IP address, interests/preferences, contact data, resume, name/first name/address/title, social security data, contract and agreement master data, payment data, timekeeping data, payroll data, correspondence, miscellaneous). | - Address purchase - Order processing - Order entry (customers) - Distribution - External sales support - Prospect management - Contact management - Customer care and CRM
|
|
Legal basis (according to Art. 6 / 9 GDPR) | The processing is necessary for the fulfillment of a contract or a pre-contractual measure according to Art. 6 para. 1 lit. b DSGVO. The processing is necessary for the fulfillment of a legal obligation pursuant to Art. 6 para. 1 lit. c DSGVO. The processing is necessary to protect the legitimate interests of the controller or a third party pursuant to Art. 6 (1) f DSGVO and no interests or fundamental rights and freedoms of the data subject are overridden. Consent pursuant to Art. 6 Para. 1 lit. a DSGVO is given. The requirements for consent according to Art. 7 para. 1-4 DSGVO are met. |
Recipient (if applicable) | To 1) Processor (Details: Processor in the sense of Art. 4 No. 8 DSGVO in conjunction with Art. 28 DSGVO) To 1) External (Details: Service providers, other organizations, other third parties) To 1) Internal (Details: Internal department) |
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned |
If known: Duration of data storage | See General deadlines for data deletion |
Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | No |
Consequences of non-compliance (in case of failure to provide the required data) | There is no obligation to provide personal data. |
If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
If applicable, origin of the data (if not collected directly from the data subject) | Re 1) Direct collection (Details: Data was collected directly from the data subject through: e.g. questionnaire, contract, contact form, online store, conversation) Re 1) Publicly available (Details: Data collected from publicly available sources (e.g. telephone directory)). |
Central IT systems and services
Purpose of the processing of general data | Data type | Purpose of the survey |
---|
1) All company data (details: billing data, address data, bank account data/credit card data, credit rating data, date of birth, IT usage data/log data/log files, IP address, interests/preferences, contact data, resume, name/first name/address/title, social security data, contract and agreement master data, payment data, timekeeping data, payroll data, correspondence, miscellaneous). | - Application development - CRM system (Customer Relationship Management) - Data exchange portal - DMS document management system - Print and copy jobs - E-mail archiving - Electronic processing by e-mail - Groupware system - Hosting - Internet and telephone use - Intranet use - IT support (remote) - Communication systems (such ase.g. telephone system) - Microsoft 365 - Mobile, cell phone, smartphone use - Online meetings - Data centers - Ticket system - Company website - WLAN (guests)
|
|
Legal basis (according to Art. 6 / 9 GDPR) | The processing is necessary for the fulfillment of a contract or a pre-contractual measure according to Art. 6 para. 1 lit. b DSGVO. The processing is necessary for the fulfillment of a legal obligation pursuant to Art. 6 para. 1 lit. c DSGVO. The processing is necessary to protect the legitimate interests of the controller or a third party pursuant to Art. 6 (1) f DSGVO and no interests or fundamental rights and freedoms of the data subject are overridden. |
Recipient (if applicable) | To 1) Processor (Details: Processor in the sense of Art. 4 No. 8 DSGVO in conjunction with Art. 28 DSGVO) To 1) External (Details: Service providers, other organizations, other third parties) To 1) Internal (Details: Internal department) |
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned |
If known: Duration of data storage | See General deadlines for data deletion |
Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
Consequences of non-compliance (in case of failure to provide the required data) | If the data is not provided, the described processing cannot be carried out. |
If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
If applicable, origin of the data (if not collected directly from the data subject) | Re 1) Direct collection (details: the data was collected directly from the data subject through: e.g. questionnaire, contract, contact form, online store, conversation). |
Central IT systems and services (internal)
Purpose of the processing of general data | Data type | Purpose of the survey |
---|
1) All company data (details: billing data, address data, bank account data/credit card data, credit rating data, date of birth, IT usage data/log data/log files, IP address, interests/preferences, contact data, resume, name/first name/address/title, social security data, contract and agreement master data, payment data, timekeeping data, payroll data, correspondence, miscellaneous). | - Data protection documentation (audatis MANAGER) - Device Management - Home Office - WLAN - Access Control - Access Control
|
|
Legal basis (according to Art. 6 / 9 GDPR) | The processing is necessary for the fulfillment of a contract or a pre-contractual measure according to Art. 6 para. 1 lit. b DSGVO. The processing is necessary for the fulfillment of a legal obligation pursuant to Art. 6 para. 1 lit. c DSGVO. The processing is necessary to protect the legitimate interests of the controller or a third party pursuant to Art. 6 (1) f DSGVO and no interests or fundamental rights and freedoms of the data subject are overridden. The processing is required for purposes of the employment relationship pursuant to Section 26 (1) sentence 1 BDSG. |
Recipient (if applicable) | To 1) Processor (Details: Processor in the sense of Art. 4 No. 8 DSGVO in conjunction with Art. 28 DSGVO) To 1) External (Details: Service providers, other organizations, other third parties) To 1) Internal (Details: Internal department) |
If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned |
If known: Duration of data storage | See General deadlines for data deletion |
Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | Yes |
Consequences of non-compliance (in case of failure to provide the required data) | If the data is not provided, the described processing cannot be carried out. |
If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
If applicable, origin of the data (if not collected directly from the data subject) | Re 1) Direct collection (details: the data was collected directly from the data subject through: e.g. questionnaire, contract, contact form, online store, conversation). |
';
privacyHub.currentScript = document.currentScript || (function () {
var scripts = document.getElementsByTagName('script');
return scripts[scripts.length - 1];
})();
privacyHub.customId = privacyHub.currentScript.getAttribute('data-id');
privacyHub.noLoad = privacyHub.currentScript.getAttribute('data-noload');
privacyHub.closeAccordion = privacyHub.currentScript.getAttribute('data-close');
privacyHub.initDSE();