The following information is intended to provide you with an overview of how we process your personal data and your rights under data protection law. The exact data which are processed and the manner in which they are used depend primarily on the nature of our contact or the agreed services. For this reason, not all of the following information will be relevant for you.
1. Who is responsible for data processing and who is my contact person?
The controller is:
Solectrix GmbH, Dieter-Streng-Str. 4, 90766 Fürth, Germany
E-mail: datenschutz@solectrix.de
Contact information for our data protection officer:
Christian Hammerbacher
SPH IT + Consulting GmbH & Co. KG
Phone: +49 (0) 911 217-7480
E-mail: datenschutz@sph-consulting.de
Our data protection officer can also be contacted by post. Please address any correspondence to “Data Protection Officer/Datenschutzbeauftragter” at our business address.
2. Data we use and their origin
We process personal data which we receive from our clients and other data subjects, e.g. their agents, prospective clients, individuals requesting information, etc., in the course of conducting our business activities.
These data may include personal information (name, contact information, address, telephone number, fax number, e-mail address, birth date, birthplace and gender), order data, data resulting from the fulfilment of our contractual obligations, advertising data, sales data and other data which fall into similar categories.
We also process additional personal data resulting from personal, telephone or written contact initiated by you or by us, e.g. information about the relevant communication channel (telephone, e-mail, fax or Internet).
Additionally, we process personal data which we have lawfully obtained from publicly available sources (e.g. commercial registers, press, media or the Internet) and which we are permitted to process.
3. Taking part in webinars using GoToWebinar
(1) We host webinars using “GoToWebinar”, a service of LogMeIn, Inc., 320 Summer Street Boston, MA 02210, USA. For data processing purposes, a distinction must be made between taking part in the webinar itself, registering, and downloading the GoToWebinar software or app.
solectrix GmbH is the controller responsible for the data processing directly connected with hosting the webinars we offer.
However, the provider “LogMeIn, Inc.” is the controller for processing data when you visit the GoToWebinar website at https://www.gotomeeting.com/webinar. LogMeIn’s privacy policies are available at https://www.logmeininc.com/legal/privacy
In order to use GoToWebinar, you must visit the GoToWebinar website to:
- download the GoToWebinar software, and
- register for a webinar.
You can also use GoToWebinar via the app and enter your log-in data for the webinar there. If you cannot or prefer not to use the GoToWebinar app, the functions are also available via a browser version, which you can also find on the GoToWebinar website.
(2) What data do we process?
When you use GoToWebinar, various types of data are processed. The scope of the data collected will also depend on what data you provide before and/or while taking part in a webinar.
Name, surname, e-mail address, company
Webinar metadata: topic, description (optional), attendee IP addresses, device/hardware information
Text, audio and video: you may have the option to use the Chat, Questions, or Polls features during a webinar In this respect, the text entries you make are processed in order to display them during the webinar and, if necessary, log them.
The webinar organiser can also arrange for a “screen sharing” option that makes the content of your screen visible to the other webinar attendees, the organiser and any presenters/speakers. To facilitate this function as well as to show videos and play back audio, the data from the microphone of your terminal device and any webcam on the device as well as the video data shown on your screen are processed for the duration of the session. You can switch off the webcam and screen sharing function or mute the microphone yourself at any time via the GoToWebinar app.
(3) Purpose and legal basis of processing
We use GoToWebinar for the purpose of hosting webinars. We have the technical capability of recording the webinar. If we intend to record the webinar you are attending, we will transparently inform you of this in advance and request your consent where necessary. You will also be notified of any recording in the GoToWebinar app.
Attendees are prohibited from making any type of recordings of the webinar. Audio, image and text data may not be recorded, copied or saved. By entering the virtual webinar room, you agree to this.
We may log chat content if this is necessary for purposes of logging the results of a webinar, but this will not generally be the case.
For post-session purposes, we may also process questions asked by webinar attendees.
No automated individual decision-making within the meaning of Article 22 GDPR will be used.
The legal basis for processing is the participation agreement (Article 6(1)(b) GDPR).
(4) Recipients/disclosure of data
Personal data processed in connection with taking part in webinars will generally not be disclosed to third parties unless their disclosure is expressly intended.
Other recipients: the provider of GoToWebinar, LogMeIn, Inc., as our processor, will be given access to the above-mentioned data to the extent provided for in our data processing agreement with GoToWebinar. LogMeIn, Inc. also engages sub-processors, a current list of which is provided on its website.
(5) GoToWebinar is a service offered by a provider from the USA. As such, the personal data may also be processed outside the EU in a third country. As a US company, LogMeIn Inc. is subject to the US CLOUD (Clarifying Lawful Overseas Use of Data) Act, which allows US government agencies access to the data stored by LogMeIn, Inc. We have no control over this.
4. Reasons for processing your data (purpose of processing) and legal basis
We process personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz, “BDSG”) as well as all other applicable laws.
a) Preparing and performing our contractual relationships (Article 6(1)(b) GDPR)
Data is processed for the purposes of providing our services and producing and delivering our products in the context of rendering performance under our contracts with our clients or in order to take steps at the request of the data subject prior to entering into a contract. The purposes of data processing are primarily oriented toward the subject matter of the relevant agreement and may comprise, among other things, requirements analysis and consulting.
b) Balancing of interests (Article 6(1)(f) GDPR)
To the extent necessary, we process your data beyond what is required to perform the contract for the purposes of pursuing our legitimate interests.
Examples:
Advertising; reviewing and optimising requirements analysis processes for the purpose of direct client contact; asserting legal rights and mounting a defence in legal disputes; ensuring IT security and the security of our IT system; taking measures to ensure building and facility security (e.g. access controls); preventing and investigating criminal offences; taking measures to manage the business and improve services and products.
c) Compliance with legal obligations (Article 6(1)(c) GDPR)
We are subject to various statutory requirements, i.e. legal obligations. For the purposes of processing, these obligations include compliance with tax-related control and reporting obligations.
d) Based on your consent (Article 6(1)(a) GDPR)
If you have given us your consent to process personal data for specific purposes (e.g. submitting your application documents, sending your business card or subscribing to our newsletter), the lawfulness of processing is based on your consent. You may withdraw your consent at any time with future effect. There are no formal requirements to do so.
5. Who will receive my data?
Within our company, the offices which need your data to fulfil our contractual and statutory obligations will be given access to your data. Service providers and vicarious agents engaged by us may also receive data for these purposes, provided they treat the data as confidential and comply with our instructions regarding data protection.
With regard to disclosing data to persons outside our company, we observe a policy of non-disclosure for all data attributable to our clients and prospective clients of which we gain knowledge. We are not permitted to disclose information about you unless we are required to provide such information under statutory provisions or you have given your consent thereto. In this context, the processors we have engaged must also ensure confidentiality is maintained and must comply with the requirements of the GDPR. These processors include in particular printing service providers; providers of data storage media destruction services; computer and IT support and maintenance service providers; scanning service providers; payment processing service providers; legal advisers and tax advisers.
6. Are data transmitted to a third country or to an international organisation?
Data are not transmitted to countries outside the EU or the EEA (referred to as third countries) unless such transmission is required by law in order to carry out our orders (e.g. reporting requirements under tax law), you have given us your consent thereto or subject to a data processing agreement. To the extent required in the individual case, your personal data may be transmitted to an IT service provider in a third country in order to ensure our IT operations. If service providers in a third country are utilised, they must be provided with written instructions and must agree to observe the EU standard contractual clauses to ensure compliance with the level of data protection applicable in Europe.
7. Length of data storage period
We process and store your data only as long as is necessary to fulfil our contractual and statutory obligations. If data are no longer required to fulfil contractual or statutory obligations, they are deleted at regular intervals unless they must be processed further for a fixed period of time in order to fulfil retention period obligations under commercial and tax law provisions in the German Commercial Code (Handelsgesetzbuch, “HGB”) and the German Fiscal Code (Abgabenordnung, “AO”). The retention periods stipulated in the above-mentioned laws generally range from two to ten years. In such a case, processing is restricted once the purpose of processing has been achieved such that only the purpose of data retention arising under the above-mentioned exemplary laws may be pursued.
Additionally, there may be individual interests in data retention which override obligations to delete data. In such a case as well, processing is restricted once the purpose of processing has been achieved such that only the purpose of data retention can be pursued. One example of the foregoing is the preservation of evidence in the context of statutory limitation period requirements. In accordance with sections 195 et seq. of the German Civil Code (Bürgerliches Gesetzbuch, “BGB”), such limitation periods may be up to 30 years, although the standard limitation period is three years.
8. Data processing as relates to the right to obtain information under Article 15 GDPR
Where you assert your right to obtain information about your stored personal data pursuant to Article 15 GDPR, the purpose of processing is the fulfilment of your claim to information. For the purposes of furnishing this information, we store the following data about you: first name, surname, e-mail address and street address.
These personal data are processed to comply with a legal obligation under Article 15 GDPR, i.e. the obligation to furnish the information you have requested from us. The legal basis for the foregoing arises from Article 6(1)(c) GDPR.
We will transmit your data to our data protection officer or to a lawyer we have engaged to provide legal advice on this matter with the ultimate purposes of jointly processing and responding to your request for information. In this context, your data will not be transferred to any other third parties, nor will they be transferred to countries outside the EU or the EEA (referred to as third countries).
When handling requests for information, we will store your personal data only as long as is necessary to fulfil the above-mentioned purpose of processing.
9. Job postings and unsolicited applications
We take the matter of protecting your personal data over the course of the application process seriously. The following information applies to applications which we receive by e-mail or post.
The purpose of processing your personal data is to review the possibility of hiring you at our company (applicant selection) based on the documents comprising your application (applicant information). To this end, we process the following data which you provide: personal data (first name, surname, date of birth, birthplace and street address), contact information (telephone number, mobile number and e-mail address), education-related information (schooling, vocational training, military or alternative service, university programs and doctorate programs), data about your professional career (vocational training certificates and letters of recommendation from employers) and an application photo.
The legal basis for processing your data is twofold: your consent, which is implied when you send us your application (Article 6(1)(a) GDPR), and Section 26 BDSG (new version) since we also process your data to decide whether to enter into an employment relationship with you.
We use the personal data which you have transmitted only to process your application for the posted position. Only those employees who have been involved in the application process receive knowledge of your data. Additionally, all employees entrusted with data processing are obliged to keep your data confidential. We do not disclose your personal data to third parties unless you have given your express prior consent to such disclosure or we are obligated to make such a disclosure pursuant to statutory provisions and/or compelled by administrative or court orders.
Your data is automatically deleted within four months of the completion of your specific application process unless statutory provisions prohibit such deletion or further retention is required for evidence purposes or you have expressly consented to a longer retention period.
Application information is provided voluntarily. You may withdraw your consent at any time. If you withdraw your consent to the processing of your personal data, we will delete from our database the applicant information we have received from you. In the event that any retention obligations or legitimate interests to retain data arise, we will restrict any processing accordingly until the retained data are deleted.
10. Your rights under data protection law
Every data subject has the right of access under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR. If you assert any of the above-mentioned rights, we will assess whether the relevant statutory requirements have been met. Additionally, you have the right to lodge a complaint with the Data Protection Authority of Bavaria for the Private Sector (Bayerisches Landesamt für Datenschutzaufsicht)
You may withdraw your consent to the processing of your personal data at any time. The foregoing shall also apply to consent you gave us prior to 25 May 2018, when the GDPR went into effect. Please note that any such withdrawal will apply with future effect only and will not affect any processing which took place prior thereto.
11. Am I required to provide data?
In the context of our business dealings, you must provide those personal data which are required to start, carry out and complete our business dealings and to fulfil the obligations associated with those activities, or which we are required by law to collect. In the absence of these data, we will generally not be able to enter into a contract with you, render performance under it or see it through to its termination.
12. Concluding remarks
Collecting and processing data is a necessary part of doing business, as is ensuring the protection and security of that data. This is more than merely a legal requirement; it is a fundamental interest of our own.
If you would like information which you cannot find in this privacy policy or if you would like more information about a specific item, please do not hesitate to get in touch using the contact details given above.
Information about your right to object under Article 21 GDPR
The right to reject in a specific case
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(f) GDPR (data processing based on a balancing of interests).
If you object, we will no longer process your personal data unless we are able to demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Right to object to processing of data for direct marketing purposes
In specific cases, we process your personal data in order to engage in direct marketing. You have the right to object at any time to processing of personal data concerning you for such marketing.
Where you object to processing for direct marketing purposes, we will no longer process your personal data for such purposes.
Contact information for objections
You may send objections to the following address with the subject “Objection”; please provide your name and address. There are no formal requirements for objections.
Solectrix GmbH, Dieter-Streng-Str. 4, 90766 Fürth, Germany
E-mail: datenschutz@solectrix.de
