General data protection information from the TROWIS GmbH regarding processing of personal data according to Art. 13, 14 and 21 of the General Data Protection Regulation (GDPR)

1. Mandatory information according to Art. 12 ff. GDPR

Responsible:
TROWIS GmbH
Annaberger Straße 240, D-09125 Chemnitz (GERMANY)
Phone: +49 371 5437630
E mail: info@trowis.de

We appreciate your interest in our company. Data protection is a major priority for the management of the TROWIS GmbH. For this reason, your personal data are processed confidentially and in compliance with the provisions of the General Data Protection Regulation (GDPR), and the Federal Data Protection Act (FDPA-new), as well as miscellaneous legal data protection provisions.

Decision regarding what data will be processed in detail depend to a great extent on the nature of the contractual and pre-contractual business relationship. Please find details and additions to the volume and the purposes of data processing in the information regarding data protection (including the additional data protection information pertaining to use of our website and for candidates) for the corresponding contractual documents, forms, declaration of agreement and/or other information made available to you (such as in the context of the use of our website).

2. Where do we get your personal data from?

Your data are generally collected on your computer. Processing of your personal data is required to fulfill the contractual obligations resulting from the contract you sign with us. Because you are required to cooperate, it is necessary to make available the personal data we request, since we could not perform our contractual obligations otherwise.

In the context of our pre-contractual actions (such as recording of master data in the interested party procedure, answering requests) it is necessary to make available your personal data. If you do not provide the data requested, it is impossible to complete a contract.

To perform our services, it may be necessary to process personal data we have fairly obtained, and for the corresponding purpose, from other companies or miscellaneous third parties, such as financial authorities, you and our business partners or similar.

Furthermore, if necessary, we process personal data from sources accessible to the public, such as internet presentations that we fairly use exclusively for this purpose. We also process personal data that we have fairly received, retained or obtained and are allowed to process from sources open to the public (such as telephone directories, trade and association registers, reporting registers, debtor directories, land registers, press, internet and other media).

Relevant personal data categories can be in particular:

  • Personal data (name, date of birth, place of birth, nationality, marital status, profession, industry, position in the company and commensurable data),
  • Contact data (address, email address, phone number and similar data),
  • Address data (reporting data and similar data),
  • Contractual data (real property and delivery address, bank affiliation, photo documentation and similar data)
  • Payment/coverage confirmation in case of bank and credit cards,
  • Information about your financial situation (financial standing data including score, also data on the assessment of the economic risk),
  • Data about your use of the telemedia we offered (such as time of calling our website, apps or newsletters, clicked on our pages/ links of us or entries and similar data),
  • meta /communication data (such as device information, IP addresses)

as well as miscellaneous data commensurable with the mentioned categories.

3. Purposes and legal foundations of processing

We process your personal data and thereby maintain the applicable legal data protection requirements. Processing is legal if at least one of the conditions listed below is fulfilled:

a) consent has been giving (according to Art. 6 paragraph 1 lit. a GDPR)

The purposes for processing personal data result are validated by approval. You may withdraw your approval any time with effect for the future. Prior approvals granted before the GDPR’s validity (before 25 May 2018) can also be revoked. Data processing carried out before the revocation remains unaffected by it.

b) it is necessary to perform contractual obligations or pre-contractual actions (according to Art. 6 paragraph 1 lit. b GDPR)

The data processing purposes result from the initiation of pre-contractual actions preceding a contractually regulated business relationship. They also arise from the performance of duties stipulated in a contract you signed,

  • to identify you as our business partner/ contact partner
  • to provide our services,
  • to communicate with you in writing,
  • to issue invoices,
  • for business process control and optimization,
  • to trace orders and other agreements,
  • to guarantee IT safety (such as system or plausibility tests),
  • to perform general duties of care,
  • to safeguard and exercise property rights (such as by access monitoring and video surveillance),
  • for cost recording and controlling, as well as reporting
  • for execution of potential liability claims, as well as assertion of potential claims against you.

c) it is required by law (according to Art. 6 paragraph1 lit. c GDPR) or in the public interest (according to Art. 6 paragraph 1 lit. e GDPR)

The data processing purposes result from legal requirements or are for the public benefit (such as to maintain the duty to preserve books and records).

d) it is within the context of weighing of interests (according to Art. 6 paragraph 1 lit. GDPR)

The processing purposes arise from maintenance of our vital interests. It may be necessary to process your personal data beyond the actual contract performance. This vital interest can be considered to justify the further processing of your personal data, insofar as your interests or fundamental rights and freedom are not predominant. The vital interest can be, in particular:

  • revision and improvement of procedures for general business control and refinement of products and services
  • advertising market and public opinion research, so long as you have not revoked the use of your data
  • assertion of legal claims and defense in the event of legal disputes
  • circumvention, elucidation, or prevention in case of criminal offences
  • indemnification of IT safety and operation
  • consultation and data exchange with credit agencies to estimate risks in creditworthiness or of nonpayment
  • due to a special kind of storage, data is impossible or unreasonably costly to delete, and processing for other purposes is precluded by suitable technical and administration actions.

4. What do we use your data for?

In our company, divisions and individuals will access your personal data as needed to execute their contractual and legal duties and if they are authorized to process this data.
We also outsource some of the previously mentioned processes and tasks to service providers who are carefully selected and empowered in conformity with the data protection regulations, being located in the European Union. These are firms working in IT services and those providing payment transactions, print media, logistics, shipment, accounting, collections, consultation, marketing& sales, as well as other service providers we consult under order processing conditions.
With regard to transferring personal data to third parties, we may only do so if this is required due to legal regulations, you have approved this, or we are authorized to do so. If these preconditions are fulfilled, then the receivers of personal data can be, among others:

  • public authorities and institutions (such as financial authorities, social insurance carriers, courts) given a demonstrated legal or official obligation;
  • other companies or similar institutions we send personal data in order to do business with you (such as credit agencies).
    In continuation, other organizations can receive data, if they have been given approval for the data transfer.

5. Are your personal data sent to third countries or international organizations?

We will not consciously transfer your personal data to a third country or an international organization. If, in individual cases, you would like us to send your personal data to a third country or an international organization, or if this data transfer should be necessary due to the contractual content, then we will undertake this only with your prior written approval.

6. Are the personal data subject to automated decision-making including profiling?

Fully automated decision-making, including profiling according to Art. 22 GDPR, is not applied to process your personal data.

7. Processing period

Your personal data are processed for as long as necessary to achieve the purpose that has been contractually agreed – in general, this is the length of the contractual relationship with you. Once the contractual relationship has ended, your personal data are processed to maintain legal periods to preserve books and records or due to our vital interests. Your personal data will be deleted after expiration of the periods legally required to preserve books and records and/or the lapse of our vital interests. Expected periods legally required to preserve books and maintain records and our vital interests are:

  • Fulfillment of commercial and tax-based periods to preserve books and records. The periods for preserving and documenting listed there range from two to ten years.
  • maintenance of evidence in the context of the statutory limitation regulations. According to §§ 195 ff. of the German Civil Code (German abbrev.: BGB), these limitation periods may last up to 30 years, whereas the regular limitation period is three years.

8. What rights do you have?

  • Right to information according to Art. 15 GDPR,
  • Right to correction according to Art. 16 GDPR,
  • Right to deletion (“Right to be forgotten”) according to Art. 17 GDPR,
  • Right to limitation of processing according to Art. 18 GDPR, § 35 FDPA-new,
  • Right to data transferability according to Art. 20 GDPR,
  • Right of complaint at a supervisory authority according to Art. 13 paragraph 2 lit. d, 77 GDPR in connection with § 19 FDPA-new,
  • Withdrawal of approval according to Art. 7 paragraph 3 GDPR, as well as
  • Right to contradiction according to Art. 21 GDPR:

You are entitled to enter an objection to the processing of your personal data according to Art. 6 paragraph1 lit. e (data processing for public interest) or lit. f GDPR (data processing based on weighing of interests), for reasons resulting from your special situation, at any time; this is also valid for profiling based on these regulations according to Art. 4 No. 4 GDPR.

If you refuse, we will no longer process your personal data, unless we can prove mandatory protectable reasons for processing that supersede your interests, rights and freedom, or processing is used for the assertion, exercising or defense of legal claims.

Where appropriate, we also process your personal data for direct advertising purposes. If you prefer not to receive advertising, you have the right to enter an objection at any time; this is also possible in the case of profiling insofar as it is connected with this kind of direct advertising. We will recognize this refusal for the future.

If you refuse the processing of your personal data for direct advertising purposes, we will no longer process your personal data for these purposes.

Contradiction can be sent in free text and should be preferably addressed to:

TROWIS GmbH
Annaberger Straße 240, D-09125 Chemnitz (GERMANY)
Phone: +49 371 5437630
E-mail: verwaltung@trowis.de

9. Validity and amendment of this data protection statement

This data protection statement, as well as our information about data protection, are currently valid from 10 October 2019.

Our offers, including our website, may change from time to time due to changes in legal or official requirements. You may download the current data protection statement from our website, print it, or request for it from the responsible party (see above) at any time.

II. Additional data protection information for our website

1. Collection and storage of personal data, as well as type and purpose of their use

If you only use the website for information, that is, if you do no not register or send us information otherwise, then we only collect the personal data your browser sends our server. If you want to visit our website, then we collect the following data that are technically necessary for us to display our website, as well as to guarantee stability and safety. The legal foundation for this is Art. 6 paragraph 1 S. 1 lit. f GDPR:

  • IP address
  • User of directory protection
  • Date and time of request
  • Difference between the corresponding time zone and Greenwich Mean Time (GMT)
  • Content of request (specific page)
  • Access status/http status code
  • Amount of data transferred
  • Website the request is sent from
  • Browser
  • Operating system and its interface (surface)
  • Language and version of the browser software.

In addition to the data mentioned above, cookies are stored on your computer when you visit our website. Cookies are small text files that are stored on your hard disk by the browser you use; thanks to these text files, the authority setting the cookie (in this case: we) can obtain specific information. Cookies cannot run programs or transfer viruses onto your computer. Their sole purpose is to make services offered on the internet more user-friendly and efficient.

2. Use of Cookies

This website uses the following types of cookies whose setting and function are explained in the following:

Transient cookies are deleted automatically when you close your browser. These include specifically session cookies. They store a so-called session ID, to which several requests from your browser can be assigned in a joint session. This way, your computer can be re-identified when you visit our website again. The session cookies are deleted if you log out or close the browser.

Persistent cookies are automatically deleted after a preset period depending on the type of cookie. You can delete the cookies in the safety settings of your browser at any time.

You can configure your browser settings as you like and, for example, refuse to accept third-party cookies or all cookies. We inform you that if you do this, you may not be able to use all the functions of this website.

3. Other website functions and offers

In addition to using our website for information, we offer several services you can make use of if you like. To do this, as a rule, you must enter additional personal data we make use of to provide the specific service, and for which the previously mentioned rules for data processing are valid.

We sometimes employ external service providers to process your data. We carefully select and outsource tasks to them, and they are obligated to adhere to our instructions and are regularly inspected.

If our service providers or partners are located in a country outside the European Economic Area, we will inform you of the consequences of this circumstance in the description of the offer.

4. Contact form

If you send us requests via the contact form, then your data on the request form, including the contact information, are stored by us for processing of the request and for additional questions. The determination of what personal data will be transmitted to whom results from the corresponding input screen. The legal justification for this is given in Art. 6 paragraph 1 S. 1 lit. b GDPR.

5. Use of Google Analytics

This website makes use of Google Analytics, a web analysis service by Google Inc. („Google“). Google Analytics uses so-called “cookies”, text files that are stored on your computer and allow for analysis of your use of the website. The information generated by the cookie about your website use are, as a rule, transferred to a Google server in the USA and stored there. If the IP anonymization on this website is enabled, your IP address is shortened beforehand for data transmission inside the member states of European Union or in other contractual states of the agreement on the European Economic Area by Google. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there. Google will use this information on behalf of this website’s operator to analyze your website use, to create reports about the website activities, and to provide other services connected with the website and internet use for the website operator.

The IP address sent from your browser in the context of Google Analytics will not be connected with other Google data.

You can avoid the storage of cookies by using a specific setting on your browser. We inform you that if you do this, you may not be able to use all the functions of this website. You can also refuse to allow data created by the cookie and related to your use of this website to be recorded (incl. your IP address) by Google, as well as processed; for this purpose, download and install the browser plug (in your browser settings) available under the link
http://tools.google.com/dlpage/gaoptout?hl=de.

This website makes use of Google Analytics with the extension „_anonymizeIp()“. This allows IP addresses to be processed in an abbreviated form, and thus precludes identification of individuals. To the extent that the data collected about you are personal, this personal relationship is excluded at once, and the personal data are thus immediately deleted.

We use Google Analytics to analyze our website’s use and to improve it regularly. The statistics obtained make it possible to improve our offerings and make them more interesting to you as the user. For exceptional cases in which personal data are sent into the USA, Google is subject to the EU-US privacy shield, https://www.privacyshield.gov/EU-US-Framework. The legal foundation for using Google Analytics is Art. 6 paragraph 1 S. 1 lit. f GDPR.

Information about the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions: http://www.google.com/analytics/terms/de.html, Overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html, as well as the data protection statement: http://www.google.de/intl/de/policies/privacy.

6. Integration of Google Maps

We use Google Maps on this website. This way, we can show you interactive maps immediately on the website and make possible comfortable use of the map function.

The visit to our website informs Google that you accessed the corresponding subpage of our website. Moreover, the data mentioned in No. 2 of this section are transferred. This is carried out regardless of whether Google makes available a user account through which you are logged in or whether there is no user account. If you are logged in at Google, then your data are immediately assigned to your account. If you do not want the assignment to your profile at Google, then you must log out before enabling the button. Google stores your data as usage profiles and makes use of them for advertising purposes, market research, and/or the design of its website according to need. An analysis like this is specifically carried out (even for users that are not logged in) to engage in advertising tailored to suit a market need and to inform other users in social networks of your activities on our website. You are entitled to make use of a right of refusal of the establishment of these user profiles, but you must inform Google to exercise this right.

You can find additional information about the purpose and content of data collection and processing by the plug-in provider in the data protection statements of the provider. There you can also find additional information about your rights and setting options in this field to protect your privacy: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has subjected itself to EU-US privacy shield, https://www.privacyshield.gov/EU-US-Framework.

7. Embedding of Google Webfonts

Google webfonts, which make it possible to represent fonts, are implemented on this website. Using Google webfonts activates an external Google server in the USA when using this website - Google is theoretically informed about the use of the offer.

The legal foundation for processing of your data is fixed in Art. 6 paragraph 1 S. 1 lit. f GDPR. For other information on data protection at Google, see: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html.

8. Data safety

When you visit the website, you are protected by the SSL method (Secure Socket Layer) that is widely used in connection with the highest encryption level supported by your browser. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use the 128-bit v3 technology instead. You can see whether an individual page of our website is encrypted by looking for the image of the key or lock icon in the status bar of your browser.

Additionally, we make use of appropriate technical and organizational safety measures to protect your data against random or intentional manipulations, partial or complete loss, destruction, or unauthorized access by third parties. We are continuously improving our safety measures in compliance with technological development.

III. Additional data protection information for job candidates

In the following, we inform our job candidates of additional data protection information concerning the collection and processing of your personal data within the context of the application procedure.

1. To what extent do we process your data?

During the application procedure, only the data you supply are processed (name, contact data, CV, photo, etc.).

2. What is the purpose of data processing?

The collection of your personal data is the basis for participating in our application procedure. The data made available will also make possible an evaluation of the candidate’s suitability for the vacant job/ position. We cannot consider your application without this data.

The approval for data processing to execute pre-contractual actions is based on Art. 6 paragraph 1 lit. b GDPR.

3. Who receives the data during processing?

In our company, only the departments and persons involved in the execution of the application process receive your personal data.

It is also possible that data relevant in individual cases may be sent based on legal regulations or contractual agreements with third parties. This includes processing companies, such as IT service providers.

4. How long is the data stored?

Your data will be stored at least for the duration of the application procedure. Regardless, we will delete your data within six months following a rejection, unless you have granted an approval according to Art. 6 paragraph 1 lit. a, 7 GDPR that would entitle us to store your data for a longer time.

For successful applicants, we will store the data in the personnel file for further processing.

In other respects, we refer to the full extent to our previously mentioned general data protection information and the additional data protection information for the use of our website.

Issued: 10 October 2019