Privacy information for visitors and contractual partners
(Information on data protection regarding our processing of customer and prospective customer data in accordance with Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR))
Dear customer, dear interested party, dear contractual partner,
In accordance with the provisions of Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR), we hereby inform you about the processing of your personal data and your rights under data protection law in this regard. Which data is processed in detail and how it is used depends largely on the services requested or agreed or the reason for your visit, respectively. In order to ensure that you are fully informed about the processing of your personal data in the context of the performance of a contract or the implementation of pre-contractual measures, or processing your visit, please take note of the following information.
1. RESPONSIBLE BODY WITHIN THE MEANING OF DATA PROTECTION LAW
One Data GmbH
Kapuzinerstraße 2c
94032 Passau
+49 851 225 906 0
dataprotection@onedata.de
www.onedata.ai
2. EXTERNAL DATA PROTECTION OFFICER
PROLIANCE GmbH
Datenschutzbeauftragter
Leopoldstraße 21
80802 München
3. PURPOSES AND LEGAL BASIS OF PROCESSING
We process your personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG), insofar as this is necessary for documenting your visit, for the establishment, execution and fulfillment of a contract and for the implementation of pre-contractual measures. Insofar as personal data is required for the initiation or execution of a contractual relationship or in the context of the implementation of pre-contractual measures, processing is lawful pursuant to Art. 6 para. 1 lit. b GDPR.
If you give us your express consent to process personal data for specific purposes (e.g. disclosure to third parties, evaluation for marketing purposes or advertising by e-mail), the lawfulness of this processing is given on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. Any consent given can be revoked at any time with effect for the future (see section 9 of this data protection information).
If necessary and legally permissible, we process your data beyond the actual contractual purposes to fulfill legal obligations in accordance with Art. 6 para. 1 lit. c GDPR. In addition, processing may be carried out to protect the legitimate interests of us or third parties and to defend and assert legal claims in accordance with Art. 6 para. 1 lit. f GDPR. We have an interest in knowing which persons are in our company, when and for what reason, in order to ensure security in our company and to be able to prosecute any criminal offenses.
4. CATEGORIES OF PERSONAL DATA
We only process data that is related to your visit, to the establishment of the contract or the pre-contractual measures. This may be general data about you or persons in your company (name, address, contact details, etc.) as well as any other data that you provide to us during your visit or in the context of establishing the contract.
5. SOURCES OF THE DATA
We process personal data that we receive from you or that you provide during your visit, via our forms when you contact us or establish a contractual relationship or as part of pre-contractual measures. We also process data that we receive from third parties.
6. RECIPIENTS OF THE DATA
We only pass on your personal data within our company to those areas and persons who need this data to document your visit, to fulfill contractual and legal obligations or to implement our legitimate interest.
Your personal data will be processed on our behalf on the basis of data processing agreements (DPA) in accordance with Art. 28 GDPR. In these cases, we ensure that the processing of personal data is carried out in accordance with the provisions of the GDPR. The categories of recipients in this case are internet service providers and providers of customer management visitor, support, and security systems, for example:
- Hubspot Ireland Limited
- Freshworks Inc.
- Microsoft Ireland Operations, Ltd.
- Hetzner Online GmbH
- Flexopus GmbH
- ForeNova Technologies B. V.
Otherwise, data will only be passed on to recipients outside the company if this is permitted or required by law, if the transfer is necessary for processing and thus for the performance of the contract or, at your request, for the implementation of pre-contractual measures, if we have your consent or if we are authorized to provide information. Under these conditions, recipients of personal data may be, for example:
- Externer Steuerberater
- Öffentliche Stellen und Institutionen (z. B. Staatsanwaltschaft, Polizei, Aufsichtsbehörden, Finanzamt) bei Vorliegen einer gesetzlichen oder behördlichen Verpflichtung,
- Empfänger, an die die Weitergabe zur Vertragsbegründung oder -erfüllung unmittelbar erforderlich ist,
- Empfänger, an die die Weitergabe zur Geltendmachung etwaiger Schäden unmittelbar erforderlich ist (z. B. Rechtsanwälte, Gerichte),
- Weitere Datenempfänger, für die Sie uns Ihre Einwilligung zur Datenübermittlung erteilt haben:
- GoTo Technologies Ireland Unlimited Company
7. TRANSFER TO A THIRD COUNTRY
A transfer of personal data to countries outside the EEA (European Economic Area) or to an international organization will only take place if this is necessary for the processing and thus for the performance of the contract or, at your request, for the implementation of pre-contractual measures, if the transfer is required by law or if you have given us your consent. The legal basis for such transfers is either an adequacy decision pursuant to Art. 45 (1) GDPR or appropriate safeguards pursuant to Art. 46 (1). These can be provided at any time upon request.
8. RETENTION PERIODS
The data stored for the purpose of documenting your visit will be deleted as soon as it is no longer required for the above-mentioned purpose, but at the latest after 14 days. Deletion takes place in particular when we have been able to carry out any necessary investigations for the prosecution of criminal offenses.
Where necessary, we process and store your personal data for the duration of our business relationship. This also includes the initiation and execution of a contract.
In addition, we are subject to various retention and documentation obligations, including those arising from the German Commercial Code (HGB) and the German Fiscal Code (AO). The retention and documentation periods stipulated there are two to ten years.
Finally, the storage period also depends on the statutory limitation periods, which, for example, according to §§ 195 ff. of the German Civil Code (BGB), are generally three years, but in certain cases can be up to thirty years.
9. YOUR RIGHTS
Every data subject has the right of access under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to erasure under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR, the right to notification under Art. 19 GDPR and the right to data portability under Art. 20 GDPR.
In addition, you have the right to lodge a complaint with a data protection supervisory authority in accordance with Art. 77 GDPR if you believe that your personal data is being processed unlawfully. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy.
If the processing of data is based on your consent, you are entitled to withdraw your consent to the use of your personal data at any time in accordance with Art. 7 GDPR. Please note that the revocation only takes effect for the future. Processing that took place before the withdrawal is not affected. Please also note that we may have to retain certain data for a certain period of time in order to comply with legal requirements (see section 8 of this data protection information).
Right to object:
Insofar as your personal data is processed in accordance with Art. 6 para. 1 lit. f GDPR to safeguard legitimate interests, you have the right to object to the processing of this data at any time in accordance with Art. 21 GDPR for reasons arising from your particular situation. We will then no longer process this personal data unless we can demonstrate compelling legitimate grounds for the processing. These must outweigh your interests, rights and freedoms, or the processing must serve the assertion, exercise or defense of legal claims.
In individual cases, we process your personal data for direct marketing purposes. You have the right to object at any time to processing for the purpose of such advertising. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.
To exercise your rights, you can contact us using the contact details provided in section 1.
10. NECESSITY OF THE PROVISION OF PERSONAL DATA
The provision of personal data for the processing of your visit, for the decision on the conclusion of a contract, the fulfillment of a contract or for the implementation of pre-contractual measures is voluntary. However, we can only permit your visit or make a decision in the context of contractual measures, respectively, if you provide such personal data that is necessary for documenting your visit and guaranteeing our security or for the conclusion of the contract, the fulfillment of the contract or pre-contractual measures, respectively.
11. AUTOMATED DECISION-MAKING
In principle, we do not use fully automated decision-making in accordance with Art. 22 GDPR for visitor management neither to fulfill or implement the business relationship or for pre-contractual measures. If we use these procedures in individual cases, we will inform you of this separately or obtain your consent if this is required by law.
Last updated on 15.02.2024