Information on data handling in accordance with Art. 13 or 14 GDPR

Information on the handling of personal data

The protection of your private rights and freedoms is important to us; we only use your data for the purposes intended. Since it is important to us that you know at all times to what extent we collect, use and, if necessary, transfer your data to third parties, we will inform you in detail below about the processing of your personal data collected by us or stored by us. When processing personal data, we strictly adhere to the provisions of the EU General Data Protection Regulation (GDPR) and, if applicable, other data protection-relevant provisions.

Name and address of the controller

QuestionPro GmbH
Vivek Bhaskharan
Friedrichstraße 171
10117 Berlin
Germany

Phone: +49 30 91607401
E-mail: service@questionpro.de

Name and address of the data protection officer

We protect your personal data processed by us against loss, destruction, access, alteration or distribution by unauthorized persons by means of appropriate technical and organizational measures. However, despite regular checks, complete protection against all risks is not possible.

We protect your personal data processed by us against loss, destruction, access, alteration or distribution by unauthorized persons by means of appropriate technical and organizational measures. However, despite regular checks, complete protection against all risks is not possible.

We protect your personal data processed by us against loss, destruction, access, alteration or distribution by unauthorized persons by means of appropriate technical and organizational measures. However, despite regular checks, complete protection against all risks is not possible.

Jörg ter Beek
Cortina Consult GmbH
Hafenweg 24
48155 Münster


Data protection team for general data protection inquiries:
Team e-mail: dsb.questionpro@cortina-consult.de
Website: https://cortina-consult.com/

Individual information by type of processing

Depending on the processing, purposes, legal basis and other information may vary; you will find the exact allocation of information in the following chapter.

General network protection
Purpose of processingProtection against unauthorized access and attacks as well as protection against electronic bulk mail and unwanted data inflow and outflow (DLP). Firewall / Antivirus / Spam Filter / Endpoint Security
Legal basis (according to Art. 6 / 9 GDPR)
  • Protection of legitimate interests (Art. 6 para. 1 f)
  • Fulfillment of legal obligations (Art. 6 para. 1 c)
  • Recipient (if applicable)IT service provider (if required)
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityThe data already exists and is required to ensure security. The data must be processed for authentication of authorized access to the network.
    Consequences of non-compliance (in case of failure to provide the required data)The data already exists and is required to ensure security. The data must be processed for authentication of authorized access to the network.
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)As a rule, the data originates from the data subject him/herself; however, it may also originate from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).Username, IP addresses, timestamps, email addresses
    Change of purpose if necessarynone
    Backup
    Purpose of processingData backup of company data to prevent data loss (encryption Trojans, etc.) Ensuring recovery of company processes in the event of system failures, system errors and emergencies
    Legal basis (according to Art. 6 / 9 GDPR)
  • Fulfillment of legal obligations (Art. 6 para. 1 c)
  • Recipient (if applicable)IT service provider (if required)
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityThe personal data has already been collected and is processed to ensure IT security processes.
    Consequences of non-compliance (in case of failure to provide the required data)The personal data has already been collected and is processed to ensure IT security processes.
    If applicable, existence of an automated decision-making processIn this context, we do not use purely automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data usually originates from the data subject, but may also come from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).All company data (billing data, address data, bank account/credit card data, credit rating data, date of birth, IT usage data/log data/log files, IP address, interests/preferences, contact data, resume, name/first name/address/title, social security data, contract and contract master data, payment data, timekeeping data, wage/salary data, correspondence; miscellaneous).
    Change of purpose if necessarynone
    User management
    Purpose of processingManagement of user accounts and administrative groups to provide authentication and support for authorization concepts in various systems
    Legal basis (according to Art. 6 / 9 GDPR)
  • Protection of legitimate interests (Art. 6 para. 1 f)
  • Fulfillment of legal obligations (Art. 6 para. 1 c)
  • Recipient (if applicable)IT service provider (if required)
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityThe personal data has already been collected and is only managed to ensure IT security processes.
    Consequences of non-compliance (in case of failure to provide the required data)The personal data has already been collected and is only managed to ensure IT security processes.
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data comes from the data subject himself.
    Where applicable, categories of personal data (if not collected directly from the data subject).Surname, first name, e-mail address, telephone number, department affiliation if applicable
    Change of purpose if necessarynone
    CRM
    Purpose of processingMaintaining customer data and customer relationships; qualifying customers
    Legal basis (according to Art. 6 / 9 GDPR)
  • Implementation of pre-contractual measures (Art. 6 para. 1 b)
  • Fulfillment of a contract (Art. 6 para. 1 b)
  • Safeguarding legitimate interests (Art. 6 para. 1 f)
  • Recipient (if applicable)IT service provider (if required)
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityWithout the relevant data, the fulfillment of the tasks or contracts may not be possible.
    Consequences of non-compliance (in case of failure to provide the required data)Without the relevant data, the fulfillment of the tasks or contracts may not be possible.
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)As a rule, the data originates from the data subject him/herself; however, it may also originate from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).Personal master data, communication data, contract master data, customer history, other data if applicable.
    Change of purpose if necessarynone
    Data carrier disposal
    Purpose of processingDestruction of data carriers that are no longer required (e.g. after expiry of the retention period), on which or in which personal data are located (hard disks, SSD, CD/DVD, USB stick, ...).
    Legal basis (according to Art. 6 / 9 GDPR)
  • Fulfillment of legal obligations (Art. 6 para. 1 c)
  • Fulfillment of a contract (Art. 6 para. 1 b)
  • Implementation of pre-contractual measures (Art. 6 para. 1 b)
  • Safeguarding legitimate interests (Art. 6 para. 1 f)
  • Recipient (if applicable)If necessary, external disposal service provider
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityNo personal data is collected. The data is already available.
    Consequences of non-compliance (in case of failure to provide the required data)No personal data is collected. The data is already available.
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)As a rule, the data originates from the data subject him/herself; however, it may also originate from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).All company data (billing data, address data, bank account/credit card data, credit rating data, date of birth, IT usage data/log data/log files, IP address, interests/preferences, contact data, curriculum vitae, name/first name/address/title, social security data, contract data, contract master data, payment data, time recording data).
    Change of purpose if necessarynone
    DMS - Document Management System
    Purpose of processingOperation of the DMS for audit-proof archiving of business documents
    Legal basis (according to Art. 6 / 9 GDPR)
  • Fulfillment of legal obligations (Art. 6 para. 1 c)
  • Fulfillment of a contract (Art. 6 para. 1 b)
  • Implementation of pre-contractual measures (Art. 6 para. 1 b)
  • Protection of legitimate interests (Art. 6 para. 1 f)
  • Recipient (if applicable)IT service provider (if required) Tax advisor, authorities, if applicable
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityThe personal data has already been collected and is processed to ensure IT security processes and legal requirements.
    Consequences of non-compliance (in case of failure to provide the required data)The personal data has already been collected and is processed to ensure IT security processes and legal requirements.
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)As a rule, the data originates from the data subject him/herself; however, it may also originate from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).Address data, bank data, contact data, payment data, wage and salary data, contract data, time recording data, correspondence; various
    Change of purpose if necessarynone
    E-mail archiving
    Purpose of processingAudit-proof archiving of business communication as well as accounting-relevant documents
    Legal basis (according to Art. 6 / 9 GDPR)
  • Fulfillment of legal obligations (Art. 6 para. 1 c)
  • Recipient (if applicable)IT service provider (if required)
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityThe personal data has already been collected and is processed to ensure IT security processes and legal requirements.
    Consequences of non-compliance (in case of failure to provide the required data)The personal data has already been collected and is processed to ensure IT security processes and legal requirements.
    If applicable, existence of an automated decision-making processIn this context, we do not use purely automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data usually originates from the data subject, but may also come from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).All company data (billing data, address data, bank account/credit card data, credit rating data, date of birth, IT usage data/log data/log files, IP address, interests/preferences, contact data, resume, name/first name/address/title, social security data, contract and contract master data, payment data, timekeeping data, wage/salary data, correspondence; miscellaneous).
    Change of purpose if necessarynone
    ERP
    Purpose of processingOperation of the enterprise resource planning
    Legal basis (according to Art. 6 / 9 GDPR)
  • Fulfillment of legal obligations (Art. 6 para. 1 c)
  • Implementation of pre-contractual measures (Art. 6 para. 1 b)
  • Safeguarding legitimate interests (Art. 6 para. 1 f)
  • Fulfillment of a contract (Art. 6 para. 1 b)
  • Recipient (if applicable)IT service provider (if required) Tax advisor, authorities, if applicable
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityWithout the relevant data, the fulfillment of the tasks or contracts may not be possible.
    Consequences of non-compliance (in case of failure to provide the required data)Without the relevant data, the fulfillment of the tasks or contracts may not be possible.
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)As a rule, the data originates from the data subject him/herself; however, it may also originate from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).Personal master data, communication data, customer history, contract billing data, payment data, planning and control data, and other data as required.
    Change of purpose if necessarynone
    Groupware system
    Purpose of processingExecution of internal and external correspondence including documentation, office communication, especially team / collaboration across spatial distances (e-mail, contacts, tasks, calendar)
    Legal basis (according to Art. 6 / 9 GDPR)
  • Implementation of pre-contractual measures (Art. 6 para. 1 b)
  • Fulfillment of a contract (Art. 6 para. 1 b)
  • Protection of legitimate interests (Art. 6 para. 1 f)
  • Recipient (if applicable)If applicable: interested parties, suppliers, craftsmen, authorities, service providers, as well as their contact persons, management, employees, trainees, applicants
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityWithout the relevant data, it may not be possible to fulfill the tasks or contracts, in particular across spatial distances.
    Consequences of non-compliance (in case of failure to provide the required data)Without the relevant data, it may not be possible to fulfill the tasks or contracts, in particular across spatial distances.
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)As a rule, the data originates from the data subject him/herself; however, it may also originate from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).Name, first name, address data, contact data, e-mail addresses, appointment data
    Change of purpose if necessarynone
    Hosting
    Purpose of processingProvision of IT systems
    Legal basis (according to Art. 6 / 9 GDPR)
  • Protection of legitimate interests (Art. 6 para. 1 f)
  • Implementation of pre-contractual measures (Art. 6 para. 1 b)
  • Fulfillment of a contract (Art. 6 para. 1 b)
  • Fulfillment of legal obligations (Art. 6 para. 1 c)
  • Recipient (if applicable)If applicable, external service providers, if necessary for the processing
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityWithout the relevant data, it may not be possible to fulfill the tasks or contracts; this data is also required to ensure security.
    Consequences of non-compliance (in case of failure to provide the required data)Without the relevant data, it may not be possible to fulfill the tasks or contracts; this data is also required to ensure security.
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)As a rule, the data originates from the data subject him/herself; however, it may also originate from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).First name, last name, title, address, e-mail address, telephone number, contract data, contact history, IT usage data, traffic data, log data, telecommunications data
    Change of purpose if necessarynone
    Internet and telephone use
    Purpose of processing(Office) communication and task management for human resources, employee management, customer management, financial accounting, controlling, marketing, etc.
    Legal basis (according to Art. 6 / 9 GDPR)
  • Protection of legitimate interests (Art. 6 para. 1 f)
  • Fulfillment of a contract (Art. 6 para. 1 b)
  • Recipient (if applicable)Applicants, customers, interested parties, suppliers, craftsmen, authorities, service providers, as well as their contact persons, management and employees
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityWithout the relevant data, the fulfillment of the tasks or contracts may not be possible.
    Consequences of non-compliance (in case of failure to provide the required data)Without the relevant data, the fulfillment of the tasks or contracts may not be possible.
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)As a rule, the data originates from the data subject him/herself; however, it may also originate from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).Name, first name, extension, address data, contact data, e-mail addresses, appointment data, traffic data (as defined by §96 TKG), IP addresses, web addresses, website retrieval data
    Change of purpose if necessarynone
    IT support (remote)
    Purpose of processingMaintenance / servicing of software / data by IT service providers, software development
    Legal basis (according to Art. 6 / 9 GDPR)
  • Protection of legitimate interests (Art. 6 para. 1 f)
  • Recipient (if applicable)external service providers
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityWithout the data in question, it may not be possible to fulfill the tasks or contracts (support and maintenance of the IT systems), especially across spatial distances.
    Consequences of non-compliance (in case of failure to provide the required data)Without the data in question, it may not be possible to fulfill the tasks or contracts (support and maintenance of the IT systems), especially across spatial distances.
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)As a rule, the data originates from the data subject him/herself; however, it may also originate from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).planned no processing of pb data, however, due to the service, access to pb data cannot be excluded Also access to special categories cannot be excluded; these include: racial and ethnic origin, religious or philosophical beliefs, health
    Change of purpose if necessarynone
    Communication systems (such as telephone system)
    Purpose of processingProvision and performance of telecommunications services for own (internal) purposes (corporate communications internally and externally) Ensuring proper telecommunications operations within the company and for customers. Provision of log files, evaluations and statistics.
    Legal basis (according to Art. 6 / 9 GDPR)
  • Protection of legitimate interests (Art. 6 para. 1 f)
  • Recipient (if applicable)Traffic data is not passed on as a matter of principle, but is only used on an ad hoc basis to rectify faults or for billing audits
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageTraffic data is stored for a maximum of 6 months. Aggregated data may be stored and used beyond this period, provided that it is ensured that no personal reference can be derived from the data. See General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityWithout the data required for communication, the implementation and management of telecommunications is not possible.
    Consequences of non-compliance (in case of failure to provide the required data)Without the data required for communication, the implementation and management of telecommunications is not possible.
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data usually originates from the data subject, but may also come from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).Extension, telephone number, surname, first name, telephone number of the communication partner, duration of the call, date, time; traffic data (as defined in § 96 TKG), contact data
    Change of purpose if necessarynone
    Internet usage control
    Purpose of processingRandom monitoring of Internet use to check for compliance with the rules on private use.
    Legal basis (according to Art. 6 / 9 GDPR)
  • Protection of legitimate interests (Art. 6 para. 1 f)
  • Fulfillment of legal obligations (Art. 6 para. 1 c)
  • Recipient (if applicable)IT service provider (if required), authorities if necessary
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityThe collection of data is done automatically in accordance with the company\'s legal obligation to ensure and maintain the security of the company\'s data.
    Consequences of non-compliance (in case of failure to provide the required data)The collection of data is done automatically in accordance with the company\'s legal obligation to ensure and maintain the security of the company\'s data.
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data comes from the data subject himself.
    Where applicable, categories of personal data (if not collected directly from the data subject).User names, IP addresses, Internet URLs, e-mails, web pages, timestamps
    Change of purpose if necessarynone
    Emergency concept
    Purpose of processingEnsuring a functional corporate structure, providing a disaster recovery process.
    Legal basis (according to Art. 6 / 9 GDPR)
  • Fulfillment of legal obligations (Art. 6 para. 1 c)
  • Recipient (if applicable)IT service provider (if required)
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityThe personal data has already been collected and is processed to ensure IT security processes.
    Consequences of non-compliance (in case of failure to provide the required data)The personal data has already been collected and is processed to ensure IT security processes.
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)As a rule, the data originates from the data subject him/herself; however, it may also originate from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).Name, first name, address data, contact data
    Change of purpose if necessarynone
    Logging in IT systems
    Purpose of processingEnsuring legally required and technically necessary logging: ensuring correct functioning of IT systems, error analysis, detection of resource bottlenecks, tracking of hacker attacks.
    Legal basis (according to Art. 6 / 9 GDPR)
  • Protection of legitimate interests (Art. 6 para. 1 f)
  • Fulfillment of legal obligations (Art. 6 para. 1 c)
  • Recipient (if applicable)IT service provider (if required), authorities if necessary
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityThe collection of data is done automatically in accordance with the company\'s legal obligation to ensure and maintain the security of the company\'s data.
    Consequences of non-compliance (in case of failure to provide the required data)The collection of data is done automatically in accordance with the company\'s legal obligation to ensure and maintain the security of the company\'s data.
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data comes from the data subject himself.
    Where applicable, categories of personal data (if not collected directly from the data subject).User names, IP addresses, e-mail addresses, Internet urls, e-mails, web pages
    Change of purpose if necessarynone
    Ticket system
    Purpose of processingEnsuring IT support in own company and for customer systems. Recording of malfunctions, errors and requests, systematic processing of error messages by users.
    Legal basis (according to Art. 6 / 9 GDPR)
  • Protection of legitimate interests (Art. 6 para. 1 f)
  • Recipient (if applicable)IT service provider (if required)
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityWithout the data in question, it may not be possible to fulfill the tasks or contracts (internal and external support and maintenance), especially across spatial distances.
    Consequences of non-compliance (in case of failure to provide the required data)Without the data in question, it may not be possible to fulfill the tasks or contracts (internal and external support and maintenance), especially across spatial distances.
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)As a rule, the data originates from the data subject him/herself; however, it may also originate from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).Details of the processor (surname, first name, contact details), details of the requester (surname, first name, address details, contact details), error description
    Change of purpose if necessarynone
    Dealing with passwords
    Purpose of processingTask management for office communication for human resources, employee management, customer management, financial accounting, controlling, marketing. Ensuring administrator access in case of emergency.
    Legal basis (according to Art. 6 / 9 GDPR)
  • Fulfillment of legal obligations (Art. 6 para. 1 c)
  • Protection of legitimate interests (Art. 6 para. 1 f)
  • Recipient (if applicable)none
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityThe personal data has already been collected and is only managed to ensure IT security processes.
    Consequences of non-compliance (in case of failure to provide the required data)The personal data has already been collected and is only managed to ensure IT security processes.
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data comes from the data subject himself.
    Where applicable, categories of personal data (if not collected directly from the data subject).Name, first name, user name, password
    Change of purpose if necessarynone
    WLAN (guests)
    Purpose of processingProvision of WLAN Internet access for guests Logging and control to protect against misuse and for evidence purposes.
    Legal basis (according to Art. 6 / 9 GDPR)
  • Protection of legitimate interests (Art. 6 para. 1 f)
  • Recipient (if applicable)IT service provider (if required)
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityThe processing of the above data is necessary for the provision and maintenance of the guest WLAN.
    Consequences of non-compliance (in case of failure to provide the required data)The processing of the above data is necessary for the provision and maintenance of the guest WLAN.
    If applicable, existence of an automated decision-making processThere is no automated decision making.
    If applicable, origin of the data (if not collected directly from the data subject)The data usually originates from the data subject, but may also come from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).Surname, first name, company name of the visitor, Internet protocol data, login data, MAC addresses of the respective end device, surfing behavior
    Change of purpose if necessarynone
    Applications and application procedure
    Purpose of processingHandling and implementation of application procedures, processing of unsolicited applications; selection of potential employees to fill suitable positions.
    Legal basis (according to Art. 6 / 9 GDPR)
  • Implementation of pre-contractual measures (Art. 6 para. 1 b)
  • Protection of legitimate interests (Art. 6 para. 1 f)
  • Recipient (if applicable)If necessary, external service providers (recruitment tests)
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageApplications will only be stored for other positions with your consent, otherwise they will be deleted, returned or destroyed after 6 months if employment does not materialize See also General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityFor a smooth application process, it is necessary that the requested information is provided truthfully.
    Consequences of non-compliance (in case of failure to provide the required data)Non-compliance (i.e. failure to provide the required data) may result in the inability to conclude an employment contract.
    If applicable, existence of an automated decision-making processIn this context, we do not use purely automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)As a rule, the data originates from the data subject him/herself; however, it may also originate from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).Personal data (name, address, date of birth, telephone number, information on religious affiliation, information on marital status / information on children, curriculum vitae, education, qualifications, application data, if applicable, information on severe disability)
    Change of purpose if necessaryIf we take you on as an employee after completion of the application process, the purpose for processing the relevant data changes: in this case, it will be used in the future to implement and maintain the employment relationship.
    E-Learning
    Purpose of processingWeb-based learning (IT environment, foreign languages, etc.) for employee training and development. Information transfer and training for external service providers
    Legal basis (according to Art. 6 / 9 GDPR)
  • Protection of legitimate interests (Art. 6 para. 1 f)
  • Fulfillment of legal obligations (Art. 6 para. 1 c)
  • Recipient (if applicable)If applicable and if necessary, service providers involved in the processing
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityThe personal data are necessarily processed for the implementation of the employment relationship.
    Consequences of non-compliance (in case of failure to provide the required data)The personal data are necessarily processed for the implementation of the employment relationship.
    If applicable, existence of an automated decision-making processIn this context, we do not use purely automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)As a rule, the data originates from the data subject him/herself; however, it may also originate from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).First name, last name, email address, department, learning outcomes
    Change of purpose if necessarynone
    Personnel questionnaire
    Purpose of processingIn the application process for easier comparison of the applicant\'s details, in the case of new hires for registering the employee with the authorities, insurance companies and social security institutions.
    Legal basis (according to Art. 6 / 9 GDPR)
  • Fulfillment of legal obligations (Art. 6 para. 1 c)
  • Implementation of pre-contractual measures (Art. 6 para. 1 b)
  • Protection of legitimate interests (Art. 6 para. 1 f)
  • Recipient (if applicable)Government agencies, insofar as there are legal obligations to transmit data (tax office); non-public agencies only if there is a legal basis for doing so (health insurance fund and social insurance carrier).
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityThe personal data have already been collected and are necessarily processed for the performance of the employment relationship.
    Consequences of non-compliance (in case of failure to provide the required data)The personal data have already been collected and are necessarily processed for the performance of the employment relationship.
    If applicable, existence of an automated decision-making processIn this context, we do not use purely automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)As a rule, the data originates from the data subject him/herself; however, it may also originate from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).Surname, first name, address data, contact data, date of birth, religious affiliation (if tax-relevant), marital status, details of children, bank details, details of previous activities, details of education, social security details.
    Change of purpose if necessarynone
    Invoicing, dunning
    Purpose of processingPreparation and dispatch of invoices; recording of open items and dunning (management and collection of outstanding receivables); recording and documentation of all financial transactions in the company (all sales as well as fixed assets); recording and payment of taxes and levies to the tax authorities and, if applicable, to other public authorities, control and processing of incoming/outgoing invoices, monitoring of payments, processing of account statements
    Legal basis (according to Art. 6 / 9 GDPR)
  • Fulfillment of a contract (Art. 6 para. 1 b)
  • Protection of legitimate interests (Art. 6 para. 1 f)
  • Fulfillment of legal obligations (Art. 6 para. 1 c)
  • Recipient (if applicable)As far as required by law: tax authorities; tax advisors and auditors Otherwise, if there is a legal basis for the data transfer
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityThere are legal obligations for the preparation of invoices and reminders.
    Consequences of non-compliance (in case of failure to provide the required data)Resulting from the respective legal regulation, if applicable
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data usually originates from the data subject, but may also come from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).First name, last name, address, contact data Contract data, insurance data, date of birth, data on purchased goods/DL, bank details, VAT identification number, patient data; invoice data, sales including invoice numbers, purposes of use, etc.; information on fixed assets
    Change of purpose if necessarynone
    Transfer business
    Purpose of processingDelivery to wholesale
    Legal basis (according to Art. 6 / 9 GDPR)
  • Fulfillment of a contract (Art. 6 para. 1 b)
  • Protection of legitimate interests (Art. 6 para. 1 f)
  • Recipient (if applicable)Wholesale
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityWithout the data required for shipping, delivery of goods is not possible.
    Consequences of non-compliance (in case of failure to provide the required data)Without the data required for shipping, delivery of goods is not possible.
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data comes from the data subject himself.
    Where applicable, categories of personal data (if not collected directly from the data subject).none
    Office Communication
    Purpose of processingTask management for office communication for e.g.: Human resources, employee management, customer management, financial accounting, controlling, marketing.
    Legal basis (according to Art. 6 / 9 GDPR)
  • Protection of legitimate interests (Art. 6 para. 1 f)
  • Fulfillment of a contract (Art. 6 para. 1 b)
  • Fulfillment of legal obligations (Art. 6 para. 1 c)
  • Recipient (if applicable)If applicable, applicants, customers, interested parties, suppliers, craftsmen, authorities, service providers, as well as their contacts
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityWithout the data required for communication, it is not possible to carry out certain business processes.
    Consequences of non-compliance (in case of failure to provide the required data)Without the data required for communication, it is not possible to carry out certain business processes.
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data usually originates from the data subject, but may also come from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).Only personal data is processed to ensure the corresponding processing operation.
    Change of purpose if necessarynone
    Paper and document destruction
    Purpose of processingDestruction of data carriers and documents no longer required as part of paper and file disposal (e.g. after expiry of the retention period), on which or in which personal data are located during ongoing operations and after expiry of the retention period.
    Legal basis (according to Art. 6 / 9 GDPR)
  • Protection of legitimate interests (Art. 6 para. 1 f)
  • Fulfillment of legal obligations (Art. 6 para. 1 c)
  • Recipient (if applicable)Ext disposal service provider
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityThe personal data have already been collected and are necessarily processed (destroyed) to fulfill legal obligations.
    Consequences of non-compliance (in case of failure to provide the required data)The personal data have already been collected and are necessarily processed (destroyed) to fulfill legal obligations.
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data usually originates from the data subject, but may also come from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).Customer data, contact data, billing data, contract data, employee data, payroll data; miscellaneous
    Change of purpose if necessarynone
    Appointment management
    Purpose of processingScheduling and management of appointments
    Legal basis (according to Art. 6 / 9 GDPR)
  • Safeguarding legitimate interests (Art. 6 para. 1 f)
  • Informed consent (Art. 6 para. 1 a)
  • Recipient (if applicable)If necessary, customers, suppliers / service providers or other third parties for coordination of appointments
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityWithout the data required for appointment management, the planning, management and coordination of appointments is not possible.
    Consequences of non-compliance (in case of failure to provide the required data)none
    If applicable, existence of an automated decision-making processIn this context, we do not use automatic decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data originates from the data subject himself; however, it may also originate from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).First name, last name, address if applicable, e-mail address, telephone number, position, contact data, appointment data
    Change of purpose if necessarynone
    Contract management
    Purpose of processingAdministration for contracts with customers, affiliated companies, employees, interns, suppliers, service providers (electronic and paper)
    Legal basis (according to Art. 6 / 9 GDPR)
  • Protection of legitimate interests (Art. 6 para. 1 f)
  • Informed consent (Art. 6 para. 1 a)
  • Recipient (if applicable)If necessary, external legal advisors
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityObligation to provide the data due to the contractual relationship between the responsible party and the data subject.Without the data, the performance of the agreed contractual service may not be possible.
    Consequences of non-compliance (in case of failure to provide the required data)none
    If applicable, existence of an automated decision-making processIn this context, we do not use automatic decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data originates from the data subject himself; however, it may also originate from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).First name, last name, title, address, e-mail address, telephone number, date of birth, contract data
    Change of purpose if necessarynone
    Address purchase
    Purpose of processingAcquiring new customers through e-mail marketing
    Legal basis (according to Art. 6 / 9 GDPR)
  • Protection of legitimate interests (Art. 6 para. 1 f)
  • Recipient (if applicable)none
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityThere is no obligation to provide personal data.
    Consequences of non-compliance (in case of failure to provide the required data)There is no obligation to provide personal data.
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data usually originates from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).Address data, contact data
    Change of purpose if necessarynone
    Order processing
    Purpose of processingCommercial and technical processing of orders
    Legal basis (according to Art. 6 / 9 GDPR)
  • Fulfillment of a contract (Art. 6 para. 1 b)
  • Protection of legitimate interests (Art. 6 para. 1 f)
  • Recipient (if applicable)none
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityThe data already exists and is necessarily processed for the subsequent processes.
    Consequences of non-compliance (in case of failure to provide the required data)The data already exists and is necessarily processed for the subsequent processes.
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data usually originates from the data subject, but may also come from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).Name, first name, address data, communication data (e-mail, telephone), bank details, tax data (UST-ID)
    Change of purpose if necessarynone
    Distribution
    Purpose of processingDistribution; order fulfillment
    Legal basis (according to Art. 6 / 9 GDPR)
  • Fulfillment of a contract (Art. 6 para. 1 b)
  • Protection of legitimate interests (Art. 6 para. 1 f)
  • Recipient (if applicable)none
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityThe data already exists and is necessarily processed for the subsequent processes.
    Consequences of non-compliance (in case of failure to provide the required data)The data already exists and is necessarily processed for the subsequent processes.
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data usually originates from the data subject, but may also come from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).First name, last name, address, paragraphs, date of sale, order data
    Change of purpose if necessarynone
    Interest management
    Purpose of processingCreation, maintenance and updating, management of contacts Data is managed in the prospect / customer database
    Legal basis (according to Art. 6 / 9 GDPR)
  • Protection of legitimate interests (Art. 6 para. 1 f)
  • Recipient (if applicable)none
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityThere is no obligation to provide personal data.
    Consequences of non-compliance (in case of failure to provide the required data)Without the data in question, adequate contact management and maintenance is not possible.
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data usually originates from the data subject, but may also come from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).Name, first name, address data, contact data, interest status
    Change of purpose if necessarynone
    Customer care and CRM
    Purpose of processingSupport and care of existing customers, acquisition of new customers, execution of statistical evaluations for internal purposes, contact by telephone, letter, e-mail, personal visit for product presentation and service offer, measures for customer loyalty and customer advice
    Legal basis (according to Art. 6 / 9 GDPR)
  • Safeguarding legitimate interests (Art. 6 para. 1 f)
  • Recipient (if applicable)none
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityThere is no obligation to provide personal data.
    Consequences of non-compliance (in case of failure to provide the required data)Without the data in question, adequate contact management and maintenance is not possible.
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data usually originates from the data subject, but may also come from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).Name, first name, address data, contact data (telephone, cell phone, fax, e-mail), appointments, product data, contact reports, sales figures, contact history
    Change of purpose if necessarynone
    Pictures and videos at events
    Purpose of processingOn- and offline marketing
    Legal basis (according to Art. 6 / 9 GDPR)
  • Informed consent (Art. 6 para. 1 a)
  • Safeguarding legitimate interests (Art. 6 para. 1 f)
  • Recipient (if applicable)Photographer, Printer, Social Media
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageThere is no obligation to provide personal data.
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityThere is no obligation to provide personal data.
    Consequences of non-compliance (in case of failure to provide the required data)The data originates from the data subject himself; however, it may also originate from third parties.
    If applicable, existence of an automated decision-making processIn this context, we do not use automatic decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data originates from the data subject himself; however, it may also originate from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).Images, videos, metadata
    Change of purpose if necessarynone
    Customers - Photo and Film
    Purpose of processingExternal presentation of the company, online / offline marketing
    Legal basis (according to Art. 6 / 9 GDPR)
  • Protection of legitimate interests (Art. 6 para. 1 f)
  • Recipient (if applicable)Photographer if necessary, marketing agency if necessary
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityThere is no obligation to provide personal data.
    Consequences of non-compliance (in case of failure to provide the required data)There is no obligation to provide personal data.
    If applicable, existence of an automated decision-making processThere is no automated decision making.
    If applicable, origin of the data (if not collected directly from the data subject)The data comes from the data subject himself.
    Where applicable, categories of personal data (if not collected directly from the data subject).Photo / film recordings; personal master data, contact data if required
    Change of purpose if necessarynone
    Customer survey
    Purpose of processingMeasurement of customer satisfaction (responses anonymous; participation (whether) insight possible).
    Legal basis (according to Art. 6 / 9 GDPR)
  • Protection of legitimate interests (Art. 6 para. 1 f)
  • Recipient (if applicable)Survey service provider, if applicable
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityThere is no obligation to provide personal data.
    Consequences of non-compliance (in case of failure to provide the required data)There is no obligation to provide personal data.
    If applicable, existence of an automated decision-making processNo automated decision making takes place.
    If applicable, origin of the data (if not collected directly from the data subject)The data comes from the data subject himself.
    Where applicable, categories of personal data (if not collected directly from the data subject).Only personal data is processed to ensure the relevant processing operation; personal data is anonymized; additional header data, if applicable; "content data" (content of surveys - "body").
    Change of purpose if necessarynone
    Fair photos
    Purpose of processingCompany presentation to the outside world; reference projects for communication with customers and suppliers
    Legal basis (according to Art. 6 / 9 GDPR)
  • Safeguarding legitimate interests (Art. 6 para. 1 f)
  • Recipient (if applicable)Photographers, customers, suppliers and third parties
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityThere is no obligation to provide personal data.
    Consequences of non-compliance (in case of failure to provide the required data)There is no obligation to provide personal data.
    If applicable, existence of an automated decision-making processThere is no automated decision making.
    If applicable, origin of the data (if not collected directly from the data subject)The data comes from the data subject himself.
    Where applicable, categories of personal data (if not collected directly from the data subject).Photo / film shooting as portrait or group photo
    Change of purpose if necessarynone
    Trade fair stand support
    Purpose of processingCustomer and prospective customer care at trade fairs, and acquisition of new customers at trade fair booths
    Legal basis (according to Art. 6 / 9 GDPR)
  • Protection of legitimate interests (Art. 6 para. 1 f)
  • Implementation of pre-contractual measures (Art. 6 para. 1 b)
  • Recipient (if applicable)none
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityThere is no obligation to provide personal data.
    Consequences of non-compliance (in case of failure to provide the required data)There is no obligation to provide personal data.
    If applicable, existence of an automated decision-making processNo automated decision making takes place.
    If applicable, origin of the data (if not collected directly from the data subject)The data comes from the data subject himself.
    Where applicable, categories of personal data (if not collected directly from the data subject).Name, first name, address data, contact data, type of interest
    Change of purpose if necessarynone
    Online marketing
    Purpose of processingExternal presentation of the company, online marketing; social media, website
    Legal basis (according to Art. 6 / 9 GDPR)
  • Fulfillment of a contract (Art. 6 para. 1 b)
  • Protection of legitimate interests (Art. 6 para. 1 f)
  • Recipient (if applicable)Photographer if necessary, marketing agency if necessary
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityThere is no obligation to provide personal data. If applicable, obligation to provide the data due to the contractual relationship between the person responsible and the data subject.
    Consequences of non-compliance (in case of failure to provide the required data)There is no obligation to provide personal data. If applicable, obligation to provide the data due to the contractual relationship between the person responsible and the data subject.
    If applicable, existence of an automated decision-making processNo automated decision making takes place.
    If applicable, origin of the data (if not collected directly from the data subject)As a rule, the data originates from the data subject him/herself; however, it may also originate from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).Depending on the type of processing / interaction; If applicable, personal master data, contact data, photo / film recordings, other
    Change of purpose if necessarynone
    Press
    Purpose of processingPublic relations / corporate presentation
    Legal basis (according to Art. 6 / 9 GDPR)
  • Safeguarding legitimate interests (Art. 6 para. 1 f)
  • Recipient (if applicable)none
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityThere is no obligation to provide personal data.
    Consequences of non-compliance (in case of failure to provide the required data)There is no obligation to provide personal data.
    If applicable, existence of an automated decision-making processThere is no automated decision making.
    If applicable, origin of the data (if not collected directly from the data subject)The data comes from the data subject himself.
    Where applicable, categories of personal data (if not collected directly from the data subject).Contact details (name, position, phone, email)
    Change of purpose if necessarynone
    Social Media Marketing
    Purpose of processingManagement of social media accounts and social media marketing; external presentation of the company; presentation of reference projects; use of social media for external presentation and communication with customers and suppliers
    Legal basis (according to Art. 6 / 9 GDPR)
  • Protection of legitimate interests (Art. 6 para. 1 f)
  • Recipient (if applicable)If applicable, publication online
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityThere is no obligation to provide personal data.
    Consequences of non-compliance (in case of failure to provide the required data)In case of violation, the use of social media for the external presentation of the company and for communication cannot be used.
    If applicable, existence of an automated decision-making processNo automated decision making takes place.
    If applicable, origin of the data (if not collected directly from the data subject)The data comes from the data subject himself.
    Where applicable, categories of personal data (if not collected directly from the data subject).Depending on the type of processing; first name, last name, contact details, image material.
    Change of purpose if necessarynone
    Events and functions
    Purpose of processingOrganization and implementation of events for customer retention, new customer acquisition and information
    Legal basis (according to Art. 6 / 9 GDPR)
  • Protection of legitimate interests (Art. 6 para. 1 f)
  • Recipient (if applicable)Lettershop (invitation and information dispatch)
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityThere is no obligation to provide personal data.
    Consequences of non-compliance (in case of failure to provide the required data)There is no obligation to provide personal data.
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data comes from the data subject himself.
    Where applicable, categories of personal data (if not collected directly from the data subject).Surname, first name, address data, telephone, e-mail, information on nutrition (choice of meals), bank details
    Change of purpose if necessarynone
    Website evaluation
    Purpose of processingOptimization of the website and the content presented. Increasing visibility and customer visits, minimizing abandonment rates. Analysis of the number of visitors, page views, etc. to optimize the web presence.
    Legal basis (according to Art. 6 / 9 GDPR)
  • Protection of legitimate interests (Art. 6 para. 1 f)
  • Informed consent (Art. 6 para. 1 a)
  • Recipient (if applicable)none
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)Analysis service provider
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessitynone
    Consequences of non-compliance (in case of failure to provide the required data)none
    If applicable, existence of an automated decision-making processIn this context, we do not use automatic decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data usually originates from the data subject, but may also come from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).IP address, user names, click behavior, log data, website usage, IT usage
    Change of purpose if necessarynone
    Analysis and reporting
    Purpose of processingReporting of company data to reveal hidden costs, market analysis, preparation of business reports
    Legal basis (according to Art. 6 / 9 GDPR)
  • Fulfillment of a contract (Art. 6 para. 1 b)
  • Fulfillment of legal obligations (Art. 6 para. 1 c)
  • Protection of legitimate interests (Art. 6 para. 1 f)
  • Recipient (if applicable)none
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityWithout the personal data in question, it is not possible to carry out this and any other business processes.
    Consequences of non-compliance (in case of failure to provide the required data)Without the personal data in question, it is not possible to carry out this and any other business processes.
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)As a rule, the data originates from the data subject him/herself; however, it may also originate from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).Financial data, personnel data, production data
    Change of purpose if necessarynone
    Controlling
    Purpose of processingPlanning, management and control of all corporate divisions
    Legal basis (according to Art. 6 / 9 GDPR)
  • Fulfillment of a contract (Art. 6 para. 1 b)
  • Protection of legitimate interests (Art. 6 para. 1 f)
  • Fulfillment of legal obligations (Art. 6 para. 1 c)
  • Recipient (if applicable)none
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityWithout the personal data in question, it is not possible to carry out this and any other business processes.
    Consequences of non-compliance (in case of failure to provide the required data)Without the personal data in question, it is not possible to carry out this and any other business processes.
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)As a rule, the data originates from the data subject him/herself; however, it may also originate from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).First name, last name, address, e-mail address, telephone number, customer number, customer type, contact data, contract data, inventory data, usage data, sales data
    Change of purpose if necessarynone
    Data to management consultant
    Purpose of processingTo fulfill the contractually agreed consulting objective.
    Legal basis (according to Art. 6 / 9 GDPR)
  • Protection of legitimate interests (Art. 6 para. 1 f)
  • Fulfillment of a contract (Art. 6 para. 1 b)
  • Recipient (if applicable)External management consultants
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityWithout the personal data in question, it is not possible to carry out this and any other business processes.
    Consequences of non-compliance (in case of failure to provide the required data)Without the personal data in question, it is not possible to carry out this and any other business processes.
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data usually originates from the data subject, but may also come from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).Name, first name, address data, contact data, salary data, age, sales figures
    Change of purpose if necessarynone
    Audit, Compliance
    Purpose of processingVerification of the legal conformity of business processes in the company
    Legal basis (according to Art. 6 / 9 GDPR)
  • Protection of legitimate interests (Art. 6 para. 1 f)
  • Fulfillment of legal obligations (Art. 6 para. 1 c)
  • Recipient (if applicable)Auditor, if applicable
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityWithout the personal data in question, it is not possible to carry out this and any other business processes.
    Consequences of non-compliance (in case of failure to provide the required data)Without the personal data in question, it is not possible to carry out this and any other business processes.
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data usually originates from the data subject, but may also come from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).Depending on the case: first name, last name, e-mail address, telephone number, date of birth, marital status, position, contact data, contact history, appointment data, bank details, VAT registration number, contract data, inventory data, usage data, content data, communication data, social security data, working hours, wage/salary data, tax classes.
    Change of purpose if necessarynone
    Quality assurance
    Purpose of processingEnsuring product quality
    Legal basis (according to Art. 6 / 9 GDPR)
  • Protection of legitimate interests (Art. 6 para. 1 f)
  • Fulfillment of legal obligations (Art. 6 para. 1 c)
  • Recipient (if applicable)If necessary, external QM representative
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee also General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityWithout the personal data in question, it is not possible to carry out this and any other business processes.
    Consequences of non-compliance (in case of failure to provide the required data)Without the personal data in question, it is not possible to carry out this and any other business processes.
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)As a rule, the data originates from the data subject him/herself; however, it may also originate from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).Last name, first name, address data, contact data
    Change of purpose if necessarynone
    Call processing
    Purpose of processingTroubleshooting of customer systems, compilation of statistics for quality control purposes
    Legal basis (according to Art. 6 / 9 GDPR)
  • Safeguarding legitimate interests (Art. 6 para. 1 f)
  • Fulfillment of a contract (Art. 6 para. 1 b)
  • Recipient (if applicable)none
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityWithout the personal data in question, it is not possible to carry out this and any other business processes.
    Consequences of non-compliance (in case of failure to provide the required data)Without the personal data in question, it is not possible to carry out this and any other business processes.
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data usually originates from the data subject, but may also come from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).Name, first name, user name, telecommunication data
    Change of purpose if necessarynone
    Service
    Purpose of processingProviding versch. DL
    Legal basis (according to Art. 6 / 9 GDPR)
  • Protection of legitimate interests (Art. 6 para. 1 f)
  • Fulfillment of a contract (Art. 6 para. 1 b)
  • Recipient (if applicable)Subcontractor if necessary
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityObligation to provide the data due to the contractual relationship between the person responsible and the data subject.
    Consequences of non-compliance (in case of failure to provide the required data)Without the data in question, the provision of various services is not possible.
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data usually originates from the data subject, but may also come from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).Personal master data, address data, bank data, contact data, payment data, wage and salary data, contract data, time recording data, correspondence; various
    Change of purpose if necessarynone
    Customer support
    Purpose of processingSupport for customers via remote desktop software
    Legal basis (according to Art. 6 / 9 GDPR)
  • Fulfillment of a contract (Art. 6 para. 1 b)
  • Safeguarding legitimate interests (Art. 6 para. 1 f)
  • Recipient (if applicable)none
    If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)A data transfer to a third country does not take place and is not planned.
    If known: Duration of data storageSee General deadlines for data deletion
    Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessityplanned no processing of pb data, but due to the service access to pb data cannot be excluded
    Consequences of non-compliance (in case of failure to provide the required data)planned no processing of pb data, but due to the service access to pb data cannot be excluded
    If applicable, existence of an automated decision-making processIn this context, we do not use automated decision-making.
    If applicable, origin of the data (if not collected directly from the data subject)The data usually originates from the data subject, but may also come from third parties.
    Where applicable, categories of personal data (if not collected directly from the data subject).planned no processing of pb data, however, due to the service, access to pb data cannot be excluded Also access to special categories cannot be excluded; these include: racial and ethnic origin, religious or philosophical beliefs, health
    Change of purpose if necessarynone