Data security statement according to the EU General Data Protection Regulation (GDPR)
Valid for customers, interested parties, suppliers and sales and cooperation partners of Asapio GmbH & Co. KG (hereinafter referred to as “Asapio”).
The following information provides you with an overview of the processing of your personal data by us and your rights under the EU General Data Protection Regulation (DSGVO) and the Federal Data Protection Act (BDSG). Which data is processed in detail and how it is used depends largely on the products or services requested or commissioned.
1. Responsible for data processing
2. Data protection officer of the person responsible
Landsberger Str. 400
Telephone +49 (0) 89 / 4520744-0
We process personal data that we receive from you as part of our business relationship. In addition, we process (as far as necessary for the provision of our products and the provision of our services) personal data that we have received from other third parties in a permissible manner (eg for the performance of orders, for the fulfillment of contracts or on the basis of your consent). On the other hand, we process personal data that we have legitimately gained and are able to process from publicly available sources (eg trade and association registers, press, media, Internet).
b) categories of personal data
When initiating a business relationship or when creating master data, the following personal data can be collected, processed and stored: address and communication data (name, address, telephone, e-mail address, other contact data), personal master data (date of birth / place of birth, gender , Nationality, marital status, business ability, occupational group key, legitimacy data (eg ID data), authentication data (eg signature sample), tax ID).
When using products and services within the framework of the contracts concluded with us, in addition to the aforementioned data, the following additional personal data may be collected, processed and stored: Contract master data (order data, data from the fulfillment of our contractual obligations, information on any third-party beneficiaries ), Billing, service, and payment data (direct debit data, tax information, other personal data (profession, employer), documentation data (eg logs), product data (eg requested or booked services and products) and the following business credit documentation : Income / surplus accounts, balance sheets, business evaluation, type and duration of self-employment.
c) customer contact information
As part of the business start-up phase and during the business relationship, in particular through personal, telephone or written contacts, initiated by you or by Asapio, further personal data is generated. These include z. B. information about the contact channel, date, cause and outcome, (electronic) copy of the correspondence and information on participation in direct marketing measures.
d) Information Society services
When processing data in the context of Information Society Services, you will receive more information on privacy related to the service.
4. Purpose and legal basis of the processing
We process the personal data mentioned under 3. in accordance with the provisions of the EU General Data Protection Regulation (DSGVO) and the Federal Data Protection Act (BDSG):
a) For the fulfillment of contractual obligations (Article 6 (1) (b) GDPR)
The processing of personal data takes place for the creation, implementation and termination of a contract for the provision of products or the provision of services, as well as for the execution of pre-contractual measures for the preparation of offers, contracts or other requests for conclusion of the contract, which are made at your request.
The purpose of data processing is primarily based on the specific products and services and may include, but is not limited to, needs analysis, consulting and support. Further details on the purpose of data processing can be found in the respective (also pre-contractual) contractual documents of our cooperation. Interested parties may be contacted, taking into account any restrictions expressed during the initiation of the contract, and customers, suppliers and distribution and cooperation partners during the business relationship using the data they have provided.
b) On the basis of your consent (Article 6 (1) (a) GDPR)
If you have given us consent to the processing of personal data for specific purposes (eg disclosure of data in the company), the legality of this processing is based on your consent. A given consent can be revoked at any time. This also applies to the revocation of declarations of consent prior to the validity of the EU data protection
Basic Regulation, ie before 25 May 2018, have been issued to us. Please note that the revocation only works for the future. Processing that occurred before the revocation is not affected. You can request an overview of the status of the consents you have given us at any time.
c) Due to legal requirements (Article 6 (1) (c) GDPR) or in the public interest (Article 6 (1) (e) GDPR)
We are subject to various legal obligations and legal requirements and process data for the following purposes, among others: Identity and age checks, the fulfillment of tax control and reporting obligations as well as the evaluation and management of risks within the company.
d) In the context of balancing of interests (Article 6 (1) (f) GDPR)
If necessary, we process your data in addition to the actual fulfillment of the contract for the protection of legitimate interests of us or third parties. Examples:
- Review and optimization of needs analysis and direct customer approach procedures; Including segmentation and calculation of completion probabilities
- Advertising or market and opinion research, provided that you have not objected to the use of your data
- Asserting legal claims and defense in legal disputes
- Ensuring IT security and IT operations
- Consultation and data exchange with credit bureaus for the determination of credit risks
- Prevention of crime
- Video surveillance to safeguard the rights of the house, to collect evidence of crime
- Measures for building and office security (eg access control)
- Measures to ensure home ownership
- Measures for business management and further development of services and products
- Risk management in the company
5. Receiver of the data
Within Asapio, those entities gain access to your data, which they need to fulfill our contractual and legal obligations. Our service providers may also receive data for these purposes if they comply with our written data protection directives. With regard to the data transfer to recipients outside of Asapio, it must first be noted that we are bound to secrecy about all customer-related information from which we obtain knowledge. We may only disclose information about you if statutory provisions so dictate, if you have given your consent and / or if you have commissioned by us and have the same rights as the EU Data Protection Regulation and the Federal Data Protection Act. Under these conditions, recipients of personal data may, for. For example:
- Public bodies and institutions in the presence of a legal or regulatory obligation.
- Processor to whom we provide personal information to conduct the business relationship with you. Specifically: support / maintenance of EDP / IT applications, archiving, document processing, call center services, compliance services, controlling, data destruction, purchasing / procurement, space management, recovery, customer administration, letter shops, marketing, media technology, regulatory reporting, Research, risk controlling, expense reporting, telephony, video legitimation, website management, auditing services, payments.
Other data recipients may be those for whom you have given your consent to submit the data.
6. Transfer of data to third countries or to international organizations
A transfer of data to countries outside the EU or the EEA (so-called third countries) only takes place, as far as this is necessary for the execution of your orders, legally prescribed (eg tax reporting obligations), you have given us consent or as part of a processing order , If service providers are deployed in the third country, they are required to comply with the level of data protection in Europe in addition to written instructions by agreeing on EU standard contractual clauses.
7. Duration of data storage
We process and store your personal information as long as it is necessary for the fulfillment of our contractual and legal obligations. If the data is no longer required for the fulfillment of contractual or legal obligations, these data are deleted on a regular basis, unless their (temporary) further processing is required for the following purposes:
- Fulfillment of commercial and tax retention periods acc. §257 Commercial Code (HGB) and tax code with the deadlines specified there for storage or documentation of two to ten years.
- Preservation of evidence under the statute of limitations. According to §§195 ff. Of the Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is three years.
8. Data protection rights of the data subject
Each data subject has the right to information under Article 15 of the GDPR, the right of correction under Article 16 GDPR, the right to cancellation under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR. With regard to the right to information and the right to erase, the restrictions under §§ 34 and 35 BDSG apply. In addition, there is a right of appeal to a data protection supervisory authority (Article 77 DSGVO in conjunction with Section 19 BDSG). You may revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent that were given to us before the validity of the EU General Data Protection Regulation, ie before 25 May 2018. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
9. Duty to provide data
As part of our business relationship, you must provide the personal information necessary to enter into a business relationship and perform its contractual obligations, or that we are required to collect by law. Without this data, we will generally have to refuse to conclude the contract, provide products and provide services, or be unable to complete an existing contract and possibly terminate it.
10. Automated decision (including profiling)
In principle, we do not use fully automated decision-making (including profiling) to establish and conduct the business relationship in accordance with Article 22 GDPR. If we use these procedures in individual cases, we will inform you about this separately, if this is required by law.
We sometimes process your data automatically with the aim of evaluating certain personal aspects (profiling). For example, we use profiling to purposefully inform and advise you about products with the help of evaluation tools. These enable needs-based communication and advertising, including market and opinion research.
Information about your right of objection under Article 21 of the EU General Data Protection Regulation (GDPR)
1. Case-specific right of objection
You have the right at any time, for reasons arising from your particular situation, to prevent the processing of personal data relating to you pursuant to Article 6 (1) (d) of the GDPR (Data Processing in the Public Interest) and Article 6 (1) of the GDPR ( Data processing on the basis of a balance of interests) takes place, objecting; this also applies to a profiling based on this provision within the meaning of Article 4 (4) GDPR. If you object, we will no longer process your personal information unless we can establish compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purposes of asserting, exercising or defending legal claims.
2. Right to object to the processing of data for advertising purposes
In individual cases, we process your personal data in order to operate direct mail. You have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling insofar as it is associated with such direct mail. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes. The objection can be addressed form-free to the person responsible.
As of May 2018