Data protection information
according to Art. 13, 14 and 21 DSGVO

In accordance with the provisions of Articles 13, 14 and 21 of the Data Protection Basis Regulation (Datenschutzgrundverordung = DSGVO), we hereby inform you about the processing of the personal data collected about you and your rights with regards to data protection. Which data is processed in detail and in which way it is used depends largely on the services requested or agreed upon.
The extensive information on the processing of your personal data within the framework of the establishment, execution or fulfilment of a contract or the implementation of pre-contractual measures you will find in this document.

1 Responsible body in terms of the DSGVO

PROTAKT - Projekte & Business Software AG (hereinafter: PROTAKT)
Frankfurter Strasse 26
61231 Bad Nauheim
represented by the board of directors Kerstin Miotke, Nicole Gebhard, Lothar Kinnschewski and Dr. Sven Odermatt

2 Contact details of our data protection officer

The contact details of our data protection officer can be found at http://xdsb.eu
Alternatively, you can reach the data protection officer at our postal address with the addition "the data protection officer".

3 Purposes and legal basis of the processing

We process your personal data exclusively in accordance with the provisions of the European Data Protection Basic Regulation (DSGVO) and the Federal Data Protection Act (BDSG) and only if the processing is necessary for the establishment, execution and fulfilment of a contract as well as for pre-contractual measures. The legal basis for this processing is Art. 6 para. 1 lit. b DSGVO.

If you give us your express consent to process personal data for specific purposes (e.g. transfer to third parties, evaluation for marketing purposes or advertising), this processing is carried out on the basis of Art. 6 para. 1 lit. a DSGVO. Any consent granted can be revoked at any time with effect for the future (see also item 9 of this document).

If necessary and as far as legally permissible, we will process your data beyond the actual contractual purposes in order to fulfil legal obligations in accordance with Art. 6 para. 1 lit. c DSGVO. In addition, processing may also be carried out to protect our legitimate interests or the legitimate interests of third parties in accordance with Art. 6 para. 1 lit. f DSGVO. If necessary and required by law, we will actively inform you by stating the specific legitimate interest.

4 Categories of personal data

We only process personal data of general categories which are necessary for the establishment, execution and fulfilment of the contract or which are connected with the execution of pre-contractual measures. This can be general data about your person or persons in your company (name, address, contact data, etc.) as well as any other data that you provide us with in the course of establishing the contract.
The processing of special categories of personal data according to Art. 9 DSGVO is not intended.

5 Origin of the data

We process personal data that you provide us with in the course of contacting us or establishing, implementing or fulfilling a contractual relationship or in the course of pre-contractual measures.
Should personal data be collected by third parties, we will actively inform you about the collection of this data.

6 Recipient of the data

Within our company, we will only pass on your personal data to those departments and persons who require this data to fulfil contractual and legal obligations or to implement our legitimate interests in accordance with Art. 6 Para. 1 letter f DSGVO.

As far as this is permissible for the purposes and legal bases described in section 2 of this document, we may transfer your personal data to companies affiliated with us.

Your personal data will also be processed by contract processors according to the enclosed list for the purpose of establishing, executing and fulfilling contracts and for the implementation of pre-contractual measures. The processing of personal data by contract processors is generally carried out on the basis of contract processing contracts in accordance with Art. 28 DSGVO. The categories of recipients in this case are providers of IT services and software products, e-mail services and online platforms for data processing as well as messenger services.

In addition, personal data will only be passed on to recipients outside our company if this is permitted or required by law, if the transfer is necessary for processing and thus for the fulfilment of the contract or for the implementation of pre-contractual measures, if we have your express consent in other cases or if we are authorised to provide information.

Under these conditions, personal data may be transferred to the following recipients, for example:
Public bodies and institutions (e.g. public prosecutor's office, police, supervisory authorities, tax office) if there is a legal or official obligation, other data recipients for whom you have given us your consent to transfer data.

7 Transfer to third countries

Personal data will only be transferred to countries outside the EEA (European Economic Area) or to an international organisation if this is necessary for the processing and thus the fulfilment of the contract or, at your request, for the implementation of pre-contractual measures, if the transfer is required by law or if you have given us your consent. In these cases, the recipients may include software companies or IT platform operators.

8 Duration of data storage

Where necessary, we process and store your personal data for the duration of our business relationship or for the fulfilment of contractual purposes. This also includes the initiation and execution of a contract.

In addition, we are subject to various storage and documentation obligations, which result from the German Commercial Code (HGB) and the German Fiscal Code (AO), among others. The periods of retention or documentation prescribed there are two to ten years.

Finally, the duration of storage also depends on the statutory limitation periods, which, for example, according to §§ 195 ff. of the German Civil Code (BGB), are usually three years, but in certain cases can be up to thirty years.

9 Your rights as an affected party/person

Every individual concerned has the right of disclosure according to Art. 15 DSGVO, the right of rectification according to Art. 16 DSGVO, the right of deletion according to Art. 17 DSGVO, the right to limit data processing according to Art. 18 DSGVO, the right of communication according to Art. 19 DSGVO and the right of data transfer according to Art. 20 DSGVO.

If you are of the opinion that the processing of your personal data by us is illegitimate, you also have the right of complaint to a data protection supervisory authority pursuant to Art. 77 DSGVO. This right of appeal is without prejudice to any other administrative or judicial remedy.

If data is processed on the basis of your consent, you have the right to revoke this consent to the processing of your personal data at any time with effect for the future in accordance with Art. 7 DSGVO. Processing operations that took place before the revocation are not affected by this. Please note that we may be obliged to store certain data for a certain period of time for the purpose of fulfilling legal requirements (see item 8 of this document).

If the processing of your personal data pursuant to Art. 6 para. 1 letter f DSGVO is carried out to protect legitimate interests, you have the right pursuant to Art. 21 DSGVO to object to the processing of such data at any time for reasons arising from your particular situation. We will then refrain from processing this personal data, except in cases where there are compelling reasons for processing that merit protection, which we must prove. These must outweigh your interests, rights and freedoms, or the processing must serve the assertion, exercise or defence of legal claims.

In individual cases we process your personal data for the purpose of direct advertising. You have the right to object to the processing for the purpose of such advertising at any time. This also applies to profiling, insofar as it is related to this direct marketing. If you object to processing for the purpose of direct marketing, we will not further process your personal data for these purposes.

If you have any questions regarding the protection of your rights, please contact us at any time.

10 Need to provide personal data

As a general rule, there is no legal requirement to provide your personal data for the purpose of establishing, executing or fulfilling contracts or for the implementation of pre-contractual measures. Therefore, you are generally not legally obliged to provide information on personal data. However, this information is generally required for the decision on the conclusion of a contract, the performance of a contract or for pre-contractual measures. If you do not provide us with personal data, we may not be in a position to make a decision within the scope of contractual measures.

However, as a matter of principle, we only request such personal data that is absolutely necessary for the conclusion of the contract, the fulfilment of the contract or for pre-contractual measures. We neither request nor otherwise process any other personal data.

11 Automated decision making

As a matter of principle, we do not use a fully automated decision-making process in accordance with Art. 22 DSGVO to establish, fulfil or execute business relationships and contracts or to carry out pre-contractual measures.

Should we or third parties use these procedures in individual cases and should the use of these procedures be necessary for the establishment, execution or performance of a contract or the implementation of pre-contractual measures, we will inform you separately or obtain your consent, provided this is required by law.

12 List of contract processors

We have entered into a contract processing agreement with the following suppliers:

• Microsoft Deutschland GmbH; Walter-Gropius-Strasse 5; 80807 Munich and other Microsoft support organizations
• Gbedv GmbH & Co. KG; Loger Str. 22 B; 27711 Osterholz-Scharmbeck
• LESSOR GmbH; Kokkolastraße 2; 40882 Ratingen
• CKL Software GmbH; Theodorstraße 42-90; Building 4, Loft 423; 22761 Hamburg
• Continia Software A/S; Stigsborgvej 60; DK-9400 No. Sundby
• Akquinet dynamic solutions GmbH; Bollhörnkai