The protection of your private rights and freedoms is important to us; we only use your data for the purposes intended. Since it is important to us that you know at all times to what extent we collect, use and, if necessary, transfer your data to third parties, we will inform you in detail below about the processing of your personal data collected by us or stored by us. When processing personal data, we strictly adhere to the provisions of the EU General Data Protection Regulation (GDPR) and, if applicable, other data protection-relevant provisions.
Name and address of the controller
Global Equestrian Group ApS
Andreas Helgstrand
Uggerhalnevej 80
DK‐9310 Vodskov
Denmark
E-mail: info@globalequestriangroup.com
Name and address of the data protection officer
Jörg ter Beek
Cortina Consult
Hafenweg 24
48155 Münster
Data protection team for general data protection inquiries:Team e-mail:
dpo.gegroup@cortina-consult.deWebsite:
https://cortina-consult.com/If you have any questions regarding the processing of your personal data, if you wish to exercise your rights as a data subject (such as the right to information, correction, blocking or deletion of data) or if you wish to withdraw your consent, please contact our data protection officer directly.
Rights of data subjects
The EU General Data Protection Regulation (GDPR) provides for extensive rights for data subjects in Chapter III, which we explain to you accordingly below with regard to the processing of your personal data:
- Right to information
This requirement concerns in particular information on the following details of data processing:
- Processing purposes
- Data categories
- Recipients or categories of recipients, if applicable
- If applicable, the planned storage duration or the criteria for determining this duration.
- Note on the respective right of correction, deletion, restriction or objection
- Existence of the right to complain to a supervisory authority
- If applicable, origin of the data (if not collected from you)
- If applicable, existence of automated decision-making including profiling, including meaningful information about the logic involved, the scope and the effects to be expected
- If applicable, (planned) transfer to a third country or international organization
- Right to rectification
We will correct any erroneous data immediately, provided that you inform us of the circumstance accordingly.
- Right to erasure (right to be forgotten)
Provided that the processing is no longer necessary and one of the following conditions is met:
- Discontinuation of the purpose of processing
- Withdrawal of their consent and absence of any other legal basis for processing
- Objection to processing without an important reason to the contrary
- Unlawful processing
- Required to fulfill a legal obligation
- Data collection was carried out in accordance with Art. 8 (1) GDPR
Within the scope of the deletion request, we will, if necessary, pass on your request to those third parties to whom a transfer of your data had previously taken place.
- Right to restriction of processing
Provided that one of the following conditions is met:
- You dispute the accuracy of your data (restriction can be made for the duration of the review on our side)
- In the event of unlawful processing and if the data is not to be deleted, restriction of processing shall take the place of deletion
- If the processing purposes cease to apply, at the same time you need your data for the assertion, exercise or defense of legal claims
- After you have lodged an objection pursuant to Art. 21 (1) GDPR and for the duration of the examination as to whether our legitimate reasons outweigh yours.
- Right to data portability
If it is technically possible and does not affect the rights and freedoms of other persons, we will - at your request - transfer your data to another recipient (responsible party).
- Right to object
If we collect or have collected and process personal data from you (on the basis of Art. 6 (1) e or f or Art. 9 (2) a GDPR), you have the right to object to the data processing (including profiling) at any time (with effect for the future). In exceptional cases, the objection may be ineffective, e.g. if we can demonstrate compelling interests worthy of protection for the processing that outweigh your interests or processing serves the assertion, exercise or defense of legal claims. If we process your personal data for the purpose of direct marketing, you have the right to object to such processing at any time. This also applies to profiling, insofar as it is related to such direct advertising. You also have the right to object to processing of your data concerning you which is carried out by us for scientific or historical research purposes or for statistical purposes pursuant to Article 89 (1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.
- Automated decisions in individual cases including profiling
If we collect or have collected and process personal data from you, you have the right not to be subject to any decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. Exceptions to this requirement apply if the decision is necessary for the conclusion or performance of a contract between you and us or you have expressly consented to the processing. In any case, we will take reasonable steps to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain the intervention of a person on our part, to express our own point of view and to contest the decision.
- Right to revoke consent under data protection law
You have the right to revoke consent to the processing of personal data at any time.
- Right to complain to a supervisory authority
A list of the supervisory authorities responsible in Germany can be found on the website of the Federal Commissioner for Data Protection or at the following link: https://www.bfdi.bund.de/EN/Service/Anschriften/Laender/Laender-node.html.
Data security information
We protect your personal data processed by us against loss, destruction, access, alteration or distribution by unauthorized persons by means of appropriate technical and organizational measures. However, despite regular checks, complete protection against all risks is not possible.
Legal basis of processing
We process personal data in accordance with the requirements of the GDPR, depending on the type and purpose of the processing as follows:
| Permitted use | Specification of the GDPR |
| Informed consent | Art. 6 para. 1 a |
| Performance of a contract | Art. 6 para. 1 b |
| Implementation of pre-contractual measures | Art. 6 para. 1 b |
| Fulfillment of legal obligations | Art. 6 para. 1 c |
| Protection of vital interests | Art. 6 para. 1 d |
| Safeguarding our legitimate interest | Art. 6 para. 1 f |
Our legitimate interest
Our legitimate interest, as defined in Article 6 (1) f GDPR, is based on the performance of our business activities in order to maintain our ability to operate and secure the employment of our employees.
General deadlines for data deletion
After the purpose of storage has ceased, the retention periods are generally at least six or ten years. As a rule, data is deleted immediately in accordance with our deletion concept, provided that this does not conflict with any retention obligation, necessity for contract fulfillment or a legitimate interest.
Depending on the processing, purposes, legal basis and other information may vary; you will find the exact allocation of information in the following chapter.
Acquisition
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| First name, last name, title, address (business), address (private), billing address, e-mail address, telephone number, customer number, type of customer, contact data, contact history, appointment data, bank details, data on purchased goods or services, contract data, sales data, records of the health insurance company, patient data | Acquiring new customers |
|
| Legal basis (according to § 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Informed consent (Art. 6 para. 1 a) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (in case of failure to provide the required data) | none |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Analysis and reporting
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of legal obligations (Art. 6 para. 1 c)Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (in case of failure to provide the required data) | none |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Attorney and court documents
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Depending on the individual case | Protection of legal interests of the company, for professional evaluation of contracts, documents, etc. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | Specialist lawyer, public prosecutor, jurisdiction, EU conciliation body |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The provision is legally or contractually prescribed. |
| Consequences of non-compliance (in case of failure to provide the required data) | There is a legal obligation to provide the personal data. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Contact management
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Personal master data / contact data (first name, last name, date of birth, address, Internet address, e-mail address, telephone number, fax number, position, interests / preferences) Industry, customer number, customer type, contact data, contact history, appointment data, contract data, customer history, payment / billing data, bank details, creditworthiness data, possibly others depending on the content of the communication. | Creation, maintenance and updating, administration of contacts (creditors, debtors, interested parties and their contact persons) and central administration of all addresses for the company and, if necessary, for making them available to employees, ensuring order processing |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of a contract (Art. 6 para. 1 b)Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The data subject is obliged to provide the data. |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the personal data in question, it is not possible to carry out this and any other business processes. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Business information, credit assessment, debt collection
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Personal master data, company data, communication data | Protection against customer insolvency; receipt of outstanding payments |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | Service providers (credit assessment, debt collection) |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The provision is legally or contractually prescribed. |
| Consequences of non-compliance (in case of failure to provide the required data) | Obligation based on general terms and conditions (GTC). |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Candidate Management
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Personal data (name, address, date of birth, telephone number, personal photo, information on marital status / information on children, curriculum vitae, education, qualifications, application data, information about criminal history, and, if applicable, information on severe disability) | Handling and implementation of application procedures, handling of unsolicited applications. Selection of potential employees to fill suitable positions. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Implementation of pre-contractual measures (Art. 6 para. 1 b) |
| Recipient (if applicable) | Several external service providers are used:Linkedin Recruiter Pro - used for search and headhuntingTeamtailor - used for applicant tracking and applicant communicationCFL - used for personality and IQ tests |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The data subject is obliged to provide the data. |
| Consequences of non-compliance (in case of failure to provide the required data) | Non-compliance (i.e. failure to provide the required data) may result in the hiring not being able to take place. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Company website
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Depending on the type of data processing; if applicable, surname, first name, address, contact details, e-mail address, applications, contact requests, technical usage data (IP address, referrer, url of the page accessed, HTTP status, browser type and version, operating system used, computer name of the accessing computer, time of query ). | Secure operation of the website, including for purposes of external presentation. Providing information about the company and products/services offered. Contact possibility for customers, interested parties, applicants. Administration of logins |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of legal obligations (Art. 6 para. 1 c)Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | Hosting service provider (EU), if applicable web agency |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The provision is legally or contractually prescribed. |
| Consequences of non-compliance (in case of failure to provide the required data) | The data to ensure data security (duty of proof e.g. for hacker attacks: IP addresses) are automatically collected when visiting the website |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Complaint management
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Name, first name, address data, contact data | Handling of complaints, improvements in the company |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The data subject is obliged to provide the data. |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the personal data in question, it is not possible to carry out this and any other business processes. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Contact form
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Only personal data is processed to ensure the corresponding processing operation; including contact data (name, e-mail address), possibly others (depending on the content of the communication); possibly other header data; "content data" (contents of e-mails - "body"). | Simplified contact with visitors to the site. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | Occasion-related |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (in case of failure to provide the required data) | none |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
(Online) Banking
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| First name, surname, bank data, payment data, contract data, address, date of birth, if applicable, other | Management and administration of bank accounts, financial management |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of a contract (Art. 6 para. 1 b)Fulfillment of legal obligations (Art. 6 para. 1 c)Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See general deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The provision is legally or contractually prescribed. |
| Consequences of non-compliance (in case of failure to provide the required data) | A violation (i.e. the failure to provide the required data) would possibly result in the non-fulfillment of contractual obligations (e.g. delivery of goods and provision of services). |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | As a rule, the data originates from the data subject him/herself; however, it may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Controlling
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| First name, last name, address, e-mail address, telephone number, customer number, customer type, contact data, contract data, inventory data, usage data, sales data | Planning, management and control of all corporate divisions |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of a contract (Art. 6 para. 1 b)Fulfillment of legal obligations (Art. 6 para. 1 c)Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (in case of failure to provide the required data) | none |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Credit insurance
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Customers, Personal master data, Company data, Communication data agents. | Protection against failure up to a certain limit, company data, communication data |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | Credit insurer |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The data subject is obliged to provide the data. |
| Consequences of non-compliance (in case of failure to provide the required data) | Non-compliance (i.e. failure to provide the required data) may result in the inability to use the selected payment method. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Customer care and CRM
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Name, first name, address data, contact data (telephone, cell phone, fax, e-mail), appointments, product data, contact reports, sales figures, contact history | Support and care of existing customers, acquisition of new customers, execution of statistical evaluations for internal purposes, contact by telephone, letter, e-mail, personal visit for product presentation and service offer, measures for customer loyalty and customer advice |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (in case of failure to provide the required data) | none |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Customer survey (anonymous)
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Only personal data is processed to ensure the relevant processing operation; personal data is anonymized; additional header data, if applicable; "content data" (content of surveys - "body"). | Measurement of customer satisfaction (responses anonymous; participation (whether) insight possible). |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Informed consent (Art. 6 para. 1 a)Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | Survey service provider, if applicable |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (in case of failure to provide the required data) | none |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Customers - Photo and Film
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Photo / film recordings; personal master data, contact data if required | External presentation of the company, online / offline marketing |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Informed consent (Art. 6 para. 1 a) |
| Recipient (if applicable) | Photographer if necessary, marketing agency if necessary |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (in case of failure to provide the required data) | none |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Customs clearance in own company
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Name, address data, contact data. | Compliance with customs regulations for customs clearance for the delivery and shipment of jewellery, horses and seemen. |
|
| Legal basis (according to § 6 / 9 GDPR) | Fulfillment of a contract (Art. 6 para. 1 b)Fulfillment of legal obligations (Art. 6 para. 1 c)Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | Authorities, forwarder, service provider |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The provision is legally or contractually prescribed. |
| Consequences of non-compliance (in case of failure to provide the required data) | There is a legal obligation to provide the personal data in order to comply with customs regulations. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Data access control (authorization concept)
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| IT usage data/log data/log files, name/first name/address/title. | Access restrictions according to areas of responsibility, implementation of the authorization concept and ensuring the access authorizations of administrators and system users |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | Employees, support suppliers, external users |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The provision is legally or contractually prescribed. |
| Consequences of non-compliance (in case of failure to provide the required data) | There is a legal obligation to provide the personal data in order to comply with customs regulations. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Data exchange portal
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Address data, bank data, contact data, payment data, wage and salary data, contract data, time recording data, correspondence; various | Use of online solutions for data storage and exchange with suppliers, customers and third parties |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | If necessary, there are external recipients depending on the occasion |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The provision is legally or contractually prescribed. |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the relevant data, it may not be possible to fulfill the tasks or contracts, in particular across spatial distances. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Data to management consultant
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Name, first name, address data, contact data, salary data, age, sales figures | To fulfill the contractually agreed consulting objective. |
|
| Legal basis (according to § 6 / 9 GDPR) | Implementation of pre-contractual measures (Art. 6 para. 1 b)Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | External management consultants |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The data subject is obliged to provide the data. |
| Consequences of non-compliance (in case of failure to provide the required data) | Not possible to fulfill contract. Potentially legal consequences. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Data to tax advisors, auditors, customs authorities
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Name, first name, address data, contact data, bank data, insurance number, date of birth, ID data | Data transfer regarding economic evaluation, account assignment, tax data / tax closing / customs clearance, etc. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | Management, employees |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The provision is legally or contractually prescribed. |
| Consequences of non-compliance (in case of failure to provide the required data) | There is a legal obligation to provide the personal data. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Dealing with passwords
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Name, first name, user name, password, e-mail, address | Task management for office communication for human resources, employee management, customer management, financial accounting, controlling, marketing. Ensuring administrator access in case of emergency |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | IT service provider (if required) |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The provision is legally or contractually prescribed. |
| Consequences of non-compliance (in case of failure to provide the required data) | The personal data has already been collected and is only managed to ensure IT security processes. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Device Management
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Contact data, master data, EDP data | Manage mobile devices, such as cell phones or laptops |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | Contact data, master data, EDP data |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (in case of failure to provide the required data) | none |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Distribution
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| First name, last name, address, paragraphs, date of sale, order data | Distribution; order fulfillment |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The provision is legally or contractually prescribed. |
| Consequences of non-compliance (in case of failure to provide the required data) | The data already exists and is necessarily processed for the subsequent processes. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
DMS Document Management System
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Address data, bank data, contact data, payment data, wage and salary data, contract data, time recording data, correspondence; various | Operation of the DMS (Sharepoint, M-Files, Local NAS) for revision-proof archiving of business documents |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of legal obligations (Art. 6 para. 1 c)Implementation of pre-contractual measures (Art. 6 para. 1 b)Fulfillment of a contract (Art. 6 para. 1 b) |
| Recipient (if applicable) | IT service provider (if required) |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The provision is legally or contractually prescribed. |
| Consequences of non-compliance (in case of failure to provide the required data) | The personal data has already been collected and is processed to ensure IT security processes and legal requirements. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
E-Learning
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| First name, last name, email address, department, learning outcomes | Web-based learning ( IT environment, foreign languages, etc.) for employee education and training. Information transfer and training for external service providers |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | If applicable and if necessary, service providers involved in the processing |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The provision is legally or contractually prescribed. |
| Consequences of non-compliance (in case of failure to provide the required data) | The personal data are necessarily processed for the implementation of the employment relationship. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Elimination of defects
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Address data, contract data (maintenance contracts), contact data | Elimination of defects in real estate |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of a contract (Art. 6 para. 1 b)Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | Ext. service providerBuilding insurance, provided it is an insurance claim; owner of the property after consultation, especially in the case of major damage. Minor repairs are usually arranged without consultation. |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (in case of failure to provide the required data) | none |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
ERP software
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Personal master data, communication data, customer history, contract billing data, payment data, planning and control data, and other data as required. | Secure and efficient operation of the enterprise resource planning system |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Implementation of pre-contractual measures (Art. 6 para. 1 b)Fulfillment of legal obligations (Art. 6 para. 1 c)Fulfillment of a contract (Art. 6 para. 1 b) |
| Recipient (if applicable) | IT service provider (if required); if necessary, tax advisor, authorities |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The provision is legally or contractually prescribed. |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the data in question, it may not be possible to fulfill the tasks or contracts; this data is also required to ensure security. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Events and functions
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Surname, first name, address data, telephone, e-mail, information on nutrition (choice of meals), bank details | Organization and implementation of events for customer retention, new customer acquisition and information |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Informed consent (Art. 6 para. 1 a)Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | Lettershop (invitation and information dispatch) |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (in case of failure to provide the required data) | none |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
External Qualified Persons
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Personal master data, communication data, feedback | Position of "externally qualified persons" (consultants, interns, etc) as a service. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of legal obligations (Art. 6 para. 1 c)Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The data subject is obliged to provide the data. |
| Consequences of non-compliance (in case of failure to provide the required data) | The external party cannot be employed with the company |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
External sales support
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| First name, last name, title, address (business), e-mail address, telephone number, order data | Customer acquisition |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of a contract (Art. 6 para. 1 b)Fulfillment of legal obligations (Art. 6 para. 1 c)Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (in case of failure to provide the required data) | none |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
External speakers
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Depending on the content of the communication; personal master data, communication data, planning and control data, other data if necessary. | Obtaining outside speakers to conduct training, seminars, and continuing education. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The data subject is obliged to provide the data. |
| Consequences of non-compliance (in case of failure to provide the required data) | Cooperation is not possible. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Facility Management
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| First name, last name, email address, phone number, contact history, appointment data, contract data, photos | Care and maintenance of real estate and buildings used by the company. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of a contract (Art. 6 para. 1 b)Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | Service providers who provide facility management services.Other third parties, if applicable. |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The data subject is obliged to provide the data. |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the data in question, it is not possible to carry out the aforementioned processes. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Fair photos
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Photo / film shooting as portrait or group photo | External presentation of the company; reference projects for communication with customers and suppliers |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Informed consent (Art. 6 para. 1 a)Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | Photographers, customers, suppliers and third parties |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (in case of failure to provide the required data) | none |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
General administration
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| First name, last name, title, address, e-mail address, telephone number, position, contact data, contact history, contract data | General administration (incl. processing incoming mail, etc.) |
|
| Legal basis (according to § 6 / 9 GDPR) | Fulfillment of a contract (Art. 6 para. 1 b)Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The provision is legally or contractually prescribed. |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the data required for management, it is not possible to carry out certain business processes. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
General administration
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| First name, last name, title, address, e-mail address, telephone number, position, contact data, contact history, contract data | General administration (incl. processing incoming mail, etc.) |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of legal obligations (Art. 6 para. 1 c)Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The provision is legally or contractually prescribed. |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the data required for management, it is not possible to carry out certain business processes. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Groupware system
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Name, first name, address data, contact data, e-mail addresses, appointment data | Execution of internal and external correspondence including documentation, office communication, especially team / collaboration across spatial distances (e-mail, contacts, tasks, calendar) |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Implementation of pre-contractual measures (Art. 6 para. 1 b)Fulfillment of a contract (Art. 6 para. 1 b) |
| Recipient (if applicable) | Interested parties, suppliers, craftsmen, authorities, service providers, as well as their contact persons |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The provision is legally or contractually prescribed. |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the relevant data, it may not be possible to fulfill the tasks or contracts, in particular across spatial distances. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Hosting
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| First name, last name, title, address, e-mail address, telephone number, contract data, contact history, IT usage data, traffic data, log data, telecommunications data | Secure online provisioning of IT systems |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of a contract (Art. 6 para. 1 b)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | If applicable, external service providers, if necessary for the processing |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The provision is legally or contractually prescribed. |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the data in question, it may not be possible to fulfill the tasks or contracts; this data is also required to ensure security. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Incoming mail
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| First name, last name, address; depending on the content of the message: date of birth, title, customer number, insurance data, patient data, bank data, industry, position, communication data | Processing and forwarding of incoming mail including digital mail received on E-boks and Virk. |
|
| Legal basis (according to § 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The provision is legally or contractually prescribed. |
| Consequences of non-compliance (in case of failure to provide the required data) | The data already exists and is necessarily processed for the subsequent processes. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Information procedure of the data subject
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Name, first name, address data, contact data, personal data of the data subject, data on recipients | Administration on the information procedure of data subjects, by telephone, e-mail, letter post. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | External DPO |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The provision is legally or contractually prescribed. |
| Consequences of non-compliance (in case of failure to provide the required data) | There is a legal obligation to provide the personal data. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Interest management
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Name, first name, address data, contact data, interest status | Creation, maintenance and updating, management of contacts. Data is managed in the prospect / customer database |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (in case of failure to provide the required data) | none |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Internet and telephone use
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Name, first name, extension, address data, contact data, e-mail addresses, appointment data, traffic data, IP addresses, web addresses, website retrieval data | (Office) communication and task management for human resources, employee management, customer management, financial accounting, controlling, marketing, etc. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of a contract (Art. 6 para. 1 b) |
| Recipient (if applicable) | Applicants, customers, interested parties, suppliers, craftsmen, authorities, service providers, as well as their contacts |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The provision is legally or contractually prescribed. |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the relevant data, the fulfillment of the tasks or contracts may not be possible. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Invoicing, dunning
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| First name, last name, address, contact data Contract data, insurance data, date of birth, data on purchased goods/DL, bank details, identification number, patient data; Invoice data, sales incl. invoice numbers, purposes of use, etc.; data on fixed assets | Preparation and dispatch of invoices; recording of open items and dunning (management and collection of outstanding receivables); recording and documentation of all financial transactions in the company (all sales as well as fixed assets); recording and payment of taxes and levies to the tax authorities and, if applicable, to other public authorities, control and processing of incoming/outgoing invoices, monitoring of payments, processing of account statements |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of legal obligations (Art. 6 para. 1 c)Fulfillment of a contract (Art. 6 para. 1 b) |
| Recipient (if applicable) | to the extent required by law: tax authorities;Tax consultants and auditorsOtherwise, if there is a legal basis for the data transfer |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The provision is legally or contractually prescribed. |
| Consequences of non-compliance (in case of failure to provide the required data) | There are legal obligations for the preparation of invoices and reminders. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
IT support (remote)
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Planned no processing of personal data, however, due to the service, access to personal data cannot be excluded. Access to special categories also cannot be excluded; these include: racial and ethnic origin, religious or philosophical beliefs, health | Maintenance / servicing of software / data by IT service providers, software development |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | ext. Service provider, Internal IT Department |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The provision is legally or contractually prescribed. |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the data in question, it may not be possible to fulfill the tasks or contracts (support and maintenance of the IT systems), especially across spatial distances. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Key management
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Name, first name, address data, contact data, issue date, key ID | Access management to office and to employee appartments |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of a contract (Art. 6 para. 1 b)Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The data subject is obliged to provide the data. |
| Consequences of non-compliance (in case of failure to provide the required data) | The data are necessarily processed to carry out the key management. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Logging in IT systems
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| User names, IP addresses, e-mail addresses, Internet urls, e-mails, web pages | Ensuring legally required and technically necessary logging: guaranteeing the correct functioning of IT systems, error analysis, detection of resource bottlenecks, tracking of hacker attacks |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | IT service provider (if required), authorities if necessary |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The provision is legally or contractually prescribed. |
| Consequences of non-compliance (in case of failure to provide the required data) | The collection of data is done automatically according to the company\'s legal obligation to ensure and maintain the security of the company\'s data |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Mailroom
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| First name, last name, address; depending on the content of the message: date of birth, title, customer number, insurance data, patient data, bank data, industry, position, communication data | Processing incoming mail (opening, scanning, distribution) |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The provision is legally or contractually prescribed. |
| Consequences of non-compliance (in case of failure to provide the required data) | The data already exists and is necessarily processed for the subsequent processes. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Microsoft 365
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Various - Files/Documents, messaging (Teams), Sharepoint, other M365 services with data. | Secure use of the applications and services provided by Microsoft in the MS 365 package |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of legal obligations (Art. 6 para. 1 c)Implementation of pre-contractual measures (Art. 6 para. 1 b)Fulfillment of a contract (Art. 6 para. 1 b) |
| Recipient (if applicable) | Depending on the type of use |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The provision is legally or contractually prescribed. |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the data in question, it may not be possible to fulfill the tasks or contracts; this data is also required to ensure security. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Newsletter
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Name, first name, e-mail address, telephone number, date of birth, technical registration data (date, IP address), newsletter registration data, newsletter unsubscription data, purchase data (product categories). | Management, organization and dispatch of personalized newsletters; provision of information |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Informed consent (Art. 6 para. 1 a) |
| Recipient (if applicable) | Newsletter tool provider if applicable |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (in case of failure to provide the required data) | none |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Offer, order, invoice preparation
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Billing data, address data, bank details (if applicable), personal master data, contact data, contract data, time recording data (if applicable), customer history (if applicable), payment data, communication data, contract master data, other data (if applicable). | Preparation of offers, orders and invoices |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of legal obligations (Art. 6 para. 1 c)Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b) |
| Recipient (if applicable) | Recipient of receipts; Depending on request, public authorities if applicable, tax advisor if applicable, insurer if applicable. |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The provision is legally or contractually prescribed. |
| Consequences of non-compliance (in case of failure to provide the required data) | A violation (i.e. the failure to provide the required data) would possibly result in the non-fulfillment of contractual obligations (e.g. delivery of goods and provision of services). |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Online meetings
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| First name, last name, title, address, e-mail address, username | Secure use of a software for video and telephone conferencing for various corporate purposes. Primarily, the software is used for internal and external communication. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of a contract (Art. 6 para. 1 b)Fulfillment of legal obligations (Art. 6 para. 1 c)Implementation of pre-contractual measures (Art. 6 para. 1 b) |
| Recipient (if applicable) | If applicable, external service providers, if necessary for the processing |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The provision is legally or contractually prescribed. |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the data in question, it may not be possible to fulfill the tasks or contracts; this data is also required to ensure security. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Online marketing
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Depending on the type of processing/interaction; If applicable, personal master data, contact data, photo/film recordings, other | External presentation of the company, online marketing; social media, website |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Informed consent (Art. 6 para. 1 a)Fulfillment of a contract (Art. 6 para. 1 b)Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | Photographer if necessary, marketing agency if necessary |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (in case of failure to provide the required data) | none |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Order management
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| First name, last name, title, address, date of birth, patient data, insurance data, data on purchased goods/DL, contract data, telephone number, customer number, e-mail address | Creation, maintenance and management of orders (employee purchase) |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The provision is legally or contractually prescribed. |
| Consequences of non-compliance (in case of failure to provide the required data) | none |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | Without the data required for management, it is not possible to carry out certain business processes. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Order processing
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Name, first name, address data, communication data (e-mail, telephone), bank details, tax data | Commercial and technical processing of orders |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of a contract (Art. 6 para. 1 b)Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The provision is legally or contractually prescribed. |
| Consequences of non-compliance (in case of failure to provide the required data) | The data already exists and is necessarily processed for the subsequent processes. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Order Report
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Personal master data, communication data, customer history, contract billing and payment data, planning and control data | Preparation of operational interim reports, orders, overview, planning |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of a contract (Art. 6 para. 1 b)Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (in case of failure to provide the required data) | none |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Ordering
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Name, first name, address data, contact data | Purchasing of goods for own purposes and for resale, ensuring material and resource availability via paper - e-mail - telephone - fax, identifying suitable suppliers, conducting price negotiations, handling returns and incorrect deliveries |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of a contract (Art. 6 para. 1 b)Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The data subject is obliged to provide the data. |
| Consequences of non-compliance (in case of failure to provide the required data) | A violation (i.e. the failure to provide the required data) would possibly result in the non-fulfillment of contractual obligations (e.g. receipt of goods or services). |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Paper and document destruction
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Customer data, contact data, billing data, contract data, employee data, payroll data; miscellaneous | Destruction of data carriers and documents no longer required as part of paper and file disposal (e.g. after expiry of the retention period), on which or in which personal data are located during ongoing operations and after expiry of the retention period. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | external disposal service provider |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The provision is legally or contractually prescribed. |
| Consequences of non-compliance (in case of failure to provide the required data) | The personal data have already been collected and are necessarily processed (destroyed) to fulfill legal obligations. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Personnel questionnaire
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Surname, first name, address data, contact data, date of birth, marital status, details of children, bank details, details of previous activities, details of education, social security details. | In the application process for easier comparison of the applicant\'s details. In the case of new hires for registering the employee with the authorities and pension companies |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Implementation of pre-contractual measures (Art. 6 para. 1 b)Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | government agencies, insofar as legal transmission obligations exist (tax office);non-public bodies only if there is a legal basis for doing so (health insurance fund and social insurance carrier). |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The provision is legally or contractually prescribed. |
| Consequences of non-compliance (in case of failure to provide the required data) | The personal data have already been collected and are necessarily processed for the performance of the employment relationship. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Pictures and videos at events
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Images, videos, metadata | On- and offline marketing |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Informed consent (Art. 6 para. 1 a)Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | Photographer, Printer, Social Media |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (in case of failure to provide the required data) | none |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Planning and production control
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Name, first name, address data, contact data | Planning and control of production orders |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (in case of failure to provide the required data) | none |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Press
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Contact details (name, position, phone, email) | Public relations / corporate presentation |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (in case of failure to provide the required data) | none |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Print mailings
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Personal master data, contact data, supplier master data | Dispatch of print documents/infopost/invitations for events, presentation of the product and goods portfolio, customer and supplier contact management, information about new products and discount campaigns, promotional presentation of the company. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Informed consent (Art. 6 para. 1 a)Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | Lettershop, post office, advertising agency, possibly other service providers |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (in case of failure to provide the required data) | none |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Project Management
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| First name, last name, address, e-mail address, telephone number, fax number, industry, position, appointment data, contract data, communication data, sales data | Leading, controlling, coordinating projects of all kinds, such as generating new business, planning complex IT systems or optimizing business processes, managing any projects in the company |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of legal obligations (Art. 6 para. 1 c)Fulfillment of a contract (Art. 6 para. 1 b) |
| Recipient (if applicable) | Customers, interested parties, suppliers, craftsmen, authorities, service providers, as well as their contact persons |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (in case of failure to provide the required data) | none |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Protective and work clothing
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Name, first name, clothing size, glove size, shoe size, body measurements | Ordering protective and work clothing for employees |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of legal obligations (Art. 6 para. 1 c)Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | External occupational health and safety, if applicable |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The provision is legally or contractually prescribed. |
| Consequences of non-compliance (in case of failure to provide the required data) | The personal data are necessarily processed for the implementation of the employment relationship. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Quality assurance
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Last name, first name, address data, contact data | Ensuring product quality |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of legal obligations (Art. 6 para. 1 c)Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | If necessary, external QM representative |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (in case of failure to provide the required data) | none |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Record keeping
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Customer data, contact data, billing data, contract data, employee data, wage and salary data, other data if applicable. | Data protection-compliant retention of records (invoices, business transactions), to the extent and as required by law. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (in case of failure to provide the required data) | none |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Social media marketing
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Depending on the type of processing; first name, last name, contact details, image material. | Management of social media accounts and social media marketing; Company presentation to the outside world; presentation of reference projects; Use of social media for external presentation and communication with customers and suppliers. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Informed consent (Art. 6 para. 1 a) |
| Recipient (if applicable) | If applicable, publication online |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (in case of failure to provide the required data) | none |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Supplier Management
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Surname, first name, address data, contact data, business activity data, ownership and history of the supplier company, management of the supplier companies, bank details, insurance data (public liability, assembly insurance, transport insurance). | Ensuring the processing of orders, ensuring the quality of the selected suppliers |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of legal obligations (Art. 6 para. 1 c)Fulfillment of a contract (Art. 6 para. 1 b) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The data subject is obliged to provide the data. |
| Consequences of non-compliance (in case of failure to provide the required data) | In case of violation, the order processing and the quality of the suppliers cannot be ensured. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Sweepstakes
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Master data | Implementation of raffles |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Informed consent (Art. 6 para. 1 a) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (in case of failure to provide the required data) | none |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Technical equipment
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| First name, last name, date of birth, address, telephone number | Technical equipment to ensure the fulfillment of the tasks of the persons working for the company. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b) |
| Recipient (if applicable) | Service provider, if applicable |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The data subject is obliged to provide the data. |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the personal data in question, it is not possible to carry out this and any other business processes. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Trade fair stand support
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Name, first name, address data, contact data, type of interest | Customer and prospective customer care at trade fairs, and acquisition of new customers at trade fair booths |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of a contract (Art. 6 para. 1 b) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (in case of failure to provide the required data) | none |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
User administration
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Surname, first name, e-mail address, telephone number, department affiliation if applicable | Management of user accounts and administrative groups to provide authentication and support for authorization concepts in various systems |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | IT service provider (if required) |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The provision is legally or contractually prescribed. |
| Consequences of non-compliance (in case of failure to provide the required data) | The personal data has already been collected and is only managed to ensure IT security processes. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Video surveillance- Uggerhalne premises
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Optical video recordings of relevant area, mostly indoor. The footage includes date and time. No audio is recorded. | Protection against unauthorized access to the company premises and living quarters and prevention of crimes (theft, vandalism, arson, etc.). Video recordings are used as evidence for detecting and solving crimes, and as evidence in case of animal abuse or injury to riders or grooms. |
|
| Legal basis (according to § 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | In the event of suspicion of the existence of a criminal offense, disclosure to law enforcement authorities; other disclosure to third parties only if there is a legal basis for the transfer of the data; involvement of the external data protection officer if necessary. |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The data subject is obliged to provide the data. |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the described processing, the above purposes cannot be achieved in any economically meaningful way. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Warehouse management
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| First name, last name, telephone number if applicable, address | Management of warehouse for jewellery, frost seement and fresh seemen |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Fulfillment of legal obligations (Art. 6 para. 1 c)Fulfillment of a contract (Art. 6 para. 1 b) |
| Recipient (if applicable) | Logistics software manufacturer;Shipping service provider / freight forwarding company |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The data subject is obliged to provide the data. |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the personal data in question, it is not possible to carry out this and any other business processes. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Webshop
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Name, first name, address data, contact data, IP address, bank details, payment data, order history, item memo, alternative delivery addresses, contact. | Offer and sale of goods. Ensuring order processing, customer loyalty measures. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f) |
| Recipient (if applicable) | Hosting service provider (EU), payment service provider, if applicable parcel service provider, if applicable service provider for reach analysis, if applicable service provider for technical store support, if applicable web agency |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The data subject is obliged to provide the data. |
| Consequences of non-compliance (in case of failure to provide the required data) | Without the data in question, the efficient and thus economic fulfillment of the tasks or contracts is not adequately possible. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Website evaluation
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| IP address, user names, click behavior, log data, website usage, IT usage | Optimization of the website and the content presented. Increasing visibility and customer visits, minimizing abandonment rates. Analysis of the number of visitors, page views, etc. to optimize the web presence. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Safeguarding legitimate interests (Art. 6 para. 1 f)Informed consent (Art. 6 para. 1 a) |
| Recipient (if applicable) | Analysis service provider |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | none |
| Consequences of non-compliance (in case of failure to provide the required data) | none |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
Whistleblowing
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| All categories of personal data may be affected by whistleblowing. | Reporting incidents related to ethical, moral or criminal violations. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | none |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | Information to whistleblower platform may originate from users world wide. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The provision is legally or contractually prescribed. |
| Consequences of non-compliance (in case of failure to provide the required data) | In case a user does not provide data, a potential mis-coduct is not evaluated |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |
WiFi (guests)
| Purpose of the processing of general data | | Data type | Purpose of the survey |
|---|
| Surname, first name, company name of the visitor, Internet protocol data, login data, MAC addresses of the respective end device. | Provision of WiFi Internet access for guests. Logging and control to protect against misuse and for evidence purposes. |
|
| Legal basis (according to Art. 6 / 9 GDPR) | Fulfillment of legal obligations (Art. 6 para. 1 c) |
| Recipient (if applicable) | IT service provider (if required) |
| If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees) | A data transfer to a third country does not take place and is not planned. |
| If known: Duration of data storage | See General deadlines for data deletion |
| Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity | The provision is legally or contractually prescribed. |
| Consequences of non-compliance (in case of failure to provide the required data) | The processing of the above data is necessary for the provision and maintenance of the guest WiFi. |
| If applicable, existence of an automated decision-making process | In this context, we do not use automatic decision-making. |
| If applicable, origin of the data (if not collected directly from the data subject) | The data usually originates from the data subject, but may also originate from third parties. |
| Where applicable, categories of personal data (if not collected directly from the data subject). | none |
| Change of purpose if necessary | none |