Privacy policy

Provision of the website

The access log by our web server has been completely disabled. However, our system uses certain security plugins from the provider WordPress, which protect our website from attacks and misuse. Normal, non-malicious website accesses are generally not logged by the plugins. If there is a suspicion of an attack on our system, data about the visitor’s computer system is automatically logged for forensic purposes and stored in firewall logs.

Type of data
The data stored is the IP address, date and time, browser user agent and the reason for the suspicious activity.

Purpose of the processing
The collection of log files serves to log averted or malicious website accesses, to ensure forensic activities and the security and stability of our website.

Legal basis
The aforementioned purposes also constitute the legitimate interest in data processing within the meaning of Article 6 (1) 1 (f) GDPR. Where access to information stored on the user’s end device is absolutely necessary, Section 25 (2) No. 2 TTDSG also applies.

Legitimate interests
The aforementioned purposes also constitute the legitimate interest in data processing within the meaning of Article 6 (1) 1 (f) GDPR.

Duration of data storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is usually the case after one month at the latest.

Possibility to object
Insofar as data is collected to the extent described, this is absolutely necessary for securing and operating the website. There is therefore no possibility to object.

Newsletter

Our newsletter informs you about free events, relevant articles and company information.

If you would like to subscribe to our newsletter, you need to provide your email address where you would like to receive the newsletter. Additionally, we ask you to provide your name so that we can address you personally. The newsletter will only be sent with your express consent. After entering your email, you will receive a confirmation email at the email address provided. The newsletter will only be sent after explicit confirmation by clicking on a link in the confirmation email (so-called double opt-in).

Purposes of the processing
The collection and storage of your e-mail address and name enables us to send you the newsletter.

Legal basis
The legal basis for the processing of data after subscribing to the newsletter is Article 6 (1) 1 (a) GDPR.

Duration of data storage
After subscribing to the newsletter, your email address will be stored in our mailing list. After unsubscribing from the newsletter, your email address will be deleted from the mailing list and placed on a blacklist. This list is deleted every 6 months.

Possibility to withdraw
Of course, you have the right to withdraw your consent at any time with effect for the future and unsubscribe from the newsletter. To do this, please click on the corresponding button in the newsletter sent to you. Your email address will be deleted from the mailing list and will be placed on a blacklist. This list is deleted every 6 months.

Cookies

Cookies are small text files that are stored on your computer when you visit our website and enable your browser to be reassigned. Cookies store information such as your language setting, the duration of your visit to our website or the entries you have made there.

There are different types of cookies. Session cookies are temporary cookies that are stored in the user’s internet browser until the browser window is closed and the session cookies are deleted. Permanent or persistent cookies are used for repeated visits and are stored in the user’s browser for a predefined time. First-party cookies are set by the website that the user visits. Only this website is allowed to read information from the cookies.

Third-party cookies are set by organisations that do not operate the website the user is visiting. These cookies are used by marketing companies, for example. We only use first-party cookies on our website.

You can find more information about the cookies used on this website in our Cookie Consent Tool.

Legal basis
The legal basis for the use of cookies is your consent pursuant to Section 25 (1) TTDSG, Article 6 (1) 1 (a) GDPR. Where the use of cookies is absolutely necessary, it is based on Section 25 (2) TTDSG. Further data processing is based on Article 6 (1) (c) or (f) GDPR.

You can find more information about withdrawing your consent here.

Google Tag Manager

For transparency reasons, we would like to point out that we use the Google Tag Manager provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. For users in the EU, the EEA and Switzerland the service is provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

The Google Tag Manager makes it easier for us to integrate, centrally manage and schedule our tags. Tags are script codes or code sections that can trigger different functionalities, such as measuring the success of our advertisements (Google Ads). The Google Tag Manager itself does not collect any personal data, but may transmit the IP address to Google. You can find more information in our privacy policy.

The legal basis for this data processing is your consent in accordance with Section 25 (1) TTDSG. You can withdraw any given consent with effect for the future by changing your settings here. The lawfulness of the data processing until the withdrawal remains unaffected.

If Google stores personal data, this data is stored on the Google servers. The storage period for the data processed by the individual tracking tools can be found in our individual data protection notices for the individual tools.

For more information on Google Tag Manager, see: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/.

Matomo Tag Manager

We use the Matomo Tag Manager. Through this service, we can manage our website tags. Tags are small code elements on our website that help us to improve our offer. You can find out which tags we use and which data we process with these tags for which purposes in the following sections of our data protection policy. The Tag Manager itself does not process any personal data. If you deactivate the individual tags, the Tag Manager will implement your settings.

Matomo

Our website uses the web analytics service Matomo. Matomo is an open source project and is legally represented by its founder Matthieu Aubry. Matomo uses “cookies”, which enable an analysis of the use of the website. For this purpose, the usage information collected in the cookie (including your shortened IP address) is transmitted to our server and stored for usage analysis purposes. Matomo does not transmit any data to servers that are outside of our control. Your IP address is immediately anonymised during this process so that you as a user are not identifiable to us. The information collected about your use of this website is not transferred to third parties.

Purposes of the processing
We use the collected data for statistical analysis of user behaviour for the purpose of optimising the functionality and stability of the website and for marketing purposes.

Legal basis
The legal basis for the use of Matomo is your consent pursuant to Section 25 (1) TTDSG, Article 6 (1) 1 (a) GDPR.

You can find more information about Matomo and the possibility to withdraw your consent here.

Conversion tracking with AFL

We do not use external scripts and service providers for conversion tracking purposes (measuring the success of our advertising campaigns) on our website, but carry out the performance measurement ourselves using first-party cookies. In this way, we retain full control over the data generated and are able to guarantee that it is used for the intended purpose and in accordance with data protection laws.

When you access our website via an advertisement, a unique pseudonym is assigned to you (Google Ads Click ID or Bing Ads Click ID and UTM parameters). This information is visible in the URL, but is lost the next time the page is accessed, which is why this data needs to be stored in a cookie. Our web analysis tool Matomo assigns a client ID to each user so that a distinction is possible.

We store the following data in the first-party cookie:

• Click ID source (Google Ads or Bing Ads)
• Click ID of the advertisement
• Matomo Client ID
• UTM parameters (see below)

No data is transferred to Google, Bing or other third-party providers, but initially only to us. Only where you have given your consent the data is sent directly to Matomo (hosted by us) or to us via email after filling out the contact form on our website. In the course of the sales process, we assign a value to the request and send the data back to Matomo and the ad networks. The ads networks only receive pseudonymous data, i.e. the click ID, the conversion name (e.g. “lead identified” or “contract signed”), the conversion value and a timestamp. Matomo receives the same data in order to clearly assign the success of a campaign. The conversion data (UTM parameters, click IDs) are also stored within WordPress.

Both in Matomo and in the advertising networks the conversions now appear as attributed conversions. This is the only way for us to optimise the effectiveness of our campaigns by, for example:

• Spending more budget on campaigns that generate actual revenue.
• Reducing campaigns that generate less valuable leads.
• Optimising costs vs. projected turnover.

UTM parameters are short text snippets that are appended to the end of a link’s URL aimed at tracking where that link came from. We use the following UTM parameters:

• utm_source: Source of the link. // Example: our newsletter, our websites and apps, search engine, podcast or social media.
• utm_medium: Medium in which the link is embedded. // Example: email, Twitter, LinkedIn, Xing, websites operated by us, such as https://gdpr-info.eu, Google, Bing.
• utm_campaign: Name of the campaign or promotion. // Example: Data protection ad campaign, special offer, discount code.
• utm_content: links within a campaign // example: banner link, sidebar link, footer link
• utm_term: Keywords in advertisements. // Example: External data protection officer, IT forensics

Purposes of the processing
Measuring the success of our advertisements and optimising our advertising campaigns

Legal basis
The legal basis for the use of our conversion tracking with AFL is your consent pursuant to Section 25 (1) TTDSG, Article 6 (1) 1 (a) GDPR.

You can find more information about AFL and the possibility to withdraw your consent here.

Contact by email or via contact form

Personal data is collected by us when you provide it to us voluntarily, for example, when you contact us. The personal data provided to us in this way is used exclusively for the purpose for which it was provided it when contacting us.

The communication of this information is voluntary and in these cases is initiated by you. Insofar as this involves information on communication channels (e.g. email address, telephone number), we will use these channels to contact you in accordance with your request.

Purposes of the processing
The purpose of processing your data is to handle and respond to your request.

Legitimate interests
The legitimate interest in the processing also lies in the purposes described.

Legal basis
The legal basis for the processing of the data that you transmit to us in the course of contacting us is Article 6 (1) 1 (f) GDPR.

Duration of data storage
We will delete your data that we have received in the course of contacting you as soon as it is no longer required to achieve the purpose for which it was collected, i.e. your request has been fully processed and no further communication with you is required or requested.

Possibility to object and delete
You can contact our data protection officer at any time regarding the deletion of data relating to your request. However, we may then not be able to fully process your request.

Data transmission to third parties

As a matter of principle, your data will not be transferred to third parties unless we are legally obliged to do so. If external service providers have access to your personal data, we have taken legal, technical and organizational measures, and conduct regular checks to ensure that they comply with the provisions of the data protection laws. Furthermore, these service providers may only use your data in accordance with our instructions.

We value processing your data within the EU / EEA. However, we may use service providers who process data outside the EU / EEA. In these cases, we ensure that an adequate level of data protection comparable to the standards within the EU is established at the recipient before transferring your personal data. This can be achieved, for example, via EU standard contractual clauses or Binding Corporate Rules or special agreements to whose regulations the company can submit.

Your rights

We will gladly provide you with information on whether personal data relating to you is being processed; if this is the case, you have right to access this personal data and to the information listed in detail in Art. 15 GDPR. In addition, you have the right to rectification (Art. 16 GDPR), the right to restriction of processing (Art. 18 GDPR), the right to erasure (Art. 17 GDPR) and the right to data portability (Art. 20 GDPR) under the respective legal conditions.

What right do you have in case of data processing based on your legitimate or public interest?

Pursuant to Article 21 (1) GDPR, you have the right to object at any time to the processing of personal data relating to you which is carried out based on Article 6 (1) 1 (e) GDPR (data processing in the public interest) or on the basis of Art. 6 (1) 1 (f) GDPR (data processing for the protection of a legitimate interest) for reasons arising from your particular situation.

You can withdraw your consent to the processing of personal data at any time. Please note that the withdrawl is only effective for the future.

Without limiting these rights and the possibility of seeking any other administrative or judicial remedy, you may at any time exercise your right to submit a complaint to a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes data protection law (Article 77 GDPR).

Which of your personal data do we use?

We process your personal data to the extent that it is required to carry out the application process. This includes the following categories of data:

Standard details

• Applicant master data (first name, last name, address, job position)
• Qualification data (cover letter, CV, previous activities, professional qualification)
• (Job) references and certificates (performance data, assessment data, etc.)

Special information that may be required due to the position to be filled

• Police clearance certificate (only when the employment contract is concluded)

Other information

• Voluntary information, such as an application photo, details of severely disabled status or other information that you provide to us voluntarily in your application.

In general, we only process the personal data that we receive from you as part of the application process.

In some cases we might receive personal data from the following bodies

• Service provider for applicant placement

For what purposes and on what legal basis do we process your data?

We process your personal data in particular in compliance with the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) as well as all other applicable laws.

Data processing for the purpose of the application relationship (Section 26 (1) BDSG, Article 6 (1) (b) GDPR)

Personal data of applicants may be processed for the purpose of the application procedure if this is necessary for the decision on the establishment of an employment relationship with us.

The necessity and scope of the data collection will be assessed, among other things, according to the position to be filled. If the position you are applying for involves particularly confidential tasks or increased personnel and/or financial responsibility, a more extensive collection of data may be necessary. For example, we ask our applicants to provide us with their police clearance certificate. In order to comply with data privacy law, such data processing will take place only after the selection of applicants has been completed, immediately before you are hired, or only after you have been hired.

Data processing based on your consent (Article 6 (1) 1 (a) GDPR, Section 26 (2) BDSG)

If you have given us your voluntary consent to the collection, processing or transmission of certain personal data, then this consent forms the legal basis for the processing of this data.

In the following cases, we process your personal data on the basis of consent given by you:

• Admission to the applicant pool, i.e. we store the application documents beyond the current application procedure for consideration in subsequent application procedures.

Based on the legitimate interest of the controller (Art. 6 (1) 1 (f) GDPR)

In certain cases, we process your data to protect a legitimate interest of us or a third party:

• To defend legal claims in proceedings under the General Equal Treatment Act (AGG). In the event of a legal dispute, we have a legitimate interest in processing the data for purpose of evidence.

To whom is your data shared?

Our HR department and the head of department who fills your position will mainly process your data. However, in some cases other internal and external bodies are also involved in the processing of your data.

Internal positions, depending on the job advertisement

• Human Resources
• Team leader
• Authorised officers
• Board of Directors

External service providers

• IT service providers (e.g. maintenance service providers, hosting service providers)
• Service provider for file and data destruction

If you have any further questions about the individual recipients, please contact us at datenschutzbeauftragter@intersoft-consulting.de.

Is your data transferred to countries outside the European Union (so-called third countries)?

We value processing your data within the EU / EEA. However, we may use service providers who process data outside the EU / EEA. In these cases, we ensure that an adequate level of data protection comparable to the standards within the EU is established at the recipient before transferring your personal data. This can be achieved, for example, via EU standard contractual clauses or Binding Corporate Rules or special agreements to whose regulations the company can submit.

How long will your data be stored?

We store your personal data to the extent necessary for the decision on your application. We store your personal data to the extent necessary for the decision on your application. If an employment between you and us does not follow, we may continue to store your data to the extent necessary to defend against possible legal claims. On a regular basis, your data will be deleted within 6 months after the end of the application process.

If an employment does not follow, but you have given us your consent for the further storage of your data, we will store your data until you revoke your consent, but for a maximum of one year. If there is a specific reason, we may also store your data for a longer period for the purpose of defending against possible legal claims.

What rights do you have in connection with the processing of your data?

Every data subject has the right to information under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR. With regard to the right to information and the right to erasure, the restrictions according to §§ 34 and 35 BDSG apply.

We will gladly provide you with information on whether personal data relating to you is being processed; if this is the case, you have the right to access this personal data and to the information listed in detail in Article 15 DSGVO. In addition, you have the right to rectification (Article 16 GDPR), the right to restriction of processing (Article 18 GDPR), the right to erasure (Article 17 GDPR) and the right to data portability (Article 20 GDPR) under the respective legal conditions.

What right do you have in case of data processing based on your legitimate or public interest?

Pursuant to Article 21 (1) GDPR, you have the right to object at any time to the processing of personal data relating to you which is carried out based on Article 6 (1) 1 (e) GDPR (data processing in the public interest) or on the basis of Article 6 (1) 1 (f) GDPR (data processing for the protection of a legitimate interest) for reasons arising from your particular situation.

In the event of your objection, we will no longer process your personal data unless we can justify compelling legitimate grounds for the processing, which outweigh your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

You can withdraw your consent to the processing of personal data at any time. Please note that the withdrawal is only effective for the future.

Without limiting these rights and the possibility of seeking any other administrative or judicial remedy, you may at any time exercise your right to submit a complaint to a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes on data protection law (Article 77 GDPR).

Is there an obligation to provide your personal data?

The providing of personal data is neither legally nor contractually required, nor are you obliged to provide the personal data. However, the providing of personal data is necessary for the completion of the application process. This means that if you do not provide us with personal data when applying, we will not be able to carry out the application process.

Which of your personal data do we use?

In order to conduct webinars via the Internet, we rely on the software solution of ClickMeeting (ClickMeeting Spółka z ograniczoną odpowiedzialnością with its registered office at ul. Arkońska 6/A4, 80-387 Gdańsk, Poland, company no. (KRS): 0000604194, VAT ID no. (NIP): 5842747535). You can participate in a webinar if you have registered in advance via https://intersoftconsulting.clickmeeting.com/. The following personal data will be requested for this purpose:

• First name, last name,
• Company,
• Email address,
• Position (optional).

For what purposes and on what legal basis do we process your data?

We use the above-mentioned data exclusively for the implementation of the webinar; the legal basis for this is Article 6 (1) 1 (f) GDPR and for paid webinars additionally Article 6 (1) (b) GDPR. An encrypted connection is established between you and ClickMeeting. We record the audio or visual information transmitted during this session for quality control purposes. Statistical data is collected during and after the webinar. If you participate in a webinar, in addition to your registration data, we receive information about the duration of participation, interest in the webinar, questions asked or answers given for the purpose of further customer support.

Following a webinar, we will send you a one-off email containing the most important information from the webinar together with a reference to our services. The legal basis for this is Article 6 (1) (f) GDPR.

You have the right to object to the processing under the legal conditions (Article 21 GDPR).

In the event of your objection, we will no longer process your personal data unless we can justify compelling legitimate grounds for the processing, which outweigh your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims. Please note that in the event of an objection, participation in a webinar may not be possible.

By clicking “Participate” you confirm that you will not record or screen capture this session.

To whom is your data shared?

For the implementation of the webinar, we transmit your registration data to the service provider ClickMeeting, who, as our processor, may only use your data on an instructions-related basis for the implementation of the webinar. In addition, the service provider as the responsible party collects your data in order to provide the service. This includes, for example, the following information: Data that is automatically processed during the use of the service (data on the use of the service, data that is processed with the help of cookies), data that is collected with the help of website navigation files, location data, data on the web browser, IP data of the device. For more information, please see ClickMeeting’s privacy policy: https://legal.clickmeeting.com/ and https://knowledge.clickmeeting.com/privacy-security/.

In order to fulfil our contractual and legal obligations, your personal data may be disclosed to various public or internal bodies, as well as external service providers:

• IT service providers (e.g. maintenance service providers, hosting service providers)
• Service provider for file and data destruction
• Auditors, Tax Consultant, Lawyer

We value processing your data within the EU / EEA.However, we may use service providers who process data outside the EU / EEA. In these cases, we ensure that an adequate level of data protection comparable to the standards within the EU is established at the recipient before transferring your personal data. This can be achieved, for example, via EU standard contractual clauses or Binding Corporate Rules or special agreements to whose regulations the company can submit.

Is your data transferred to countries outside the European Union (so-called third countries)?

We value processing your data within the EU / EEA. However, we may use service providers who process data outside the EU / EEA. In these cases, we ensure that an adequate level of data protection comparable to the standards within the EU is established at the recipient before transferring your personal data. This can be achieved, for example, via EU standard contracts or Binding Corporate Rules or special agreements to whose regulations the company can submit.

How long will your data be stored?

We store your personal data to the extent necessary for the fulfilment of our legal and contractual obligations, e.g.:

• Bills: Fulfilment of e.g. commercial and tax retention obligations. These include, among others, retention periods from the German Commercial Code (HGB) or the German Fiscal Code (AO). The retention periods are up to 10 years.
• The participation lists of paid webinars are subject to the 3-year storage period according to the German Civil Code (BGB). There are no legal storage periods for the participation lists of webinars that are free of charge. These participation lists are deleted at the end of each quarter.
• In addition, webinar statistics (participation duration) are collected by Clickmeeting. These statistics are deleted along with the event after one month.
• The chat messages sent during a webinar, which are only visible to the presenters/admins and speakers, are extracted into an extra Excel spreadsheet. This list will be anonymized at the latest one month after the webinar.

What rights do you have in connection with the processing of your data?

We will gladly provide you with information on whether personal data relating to you is being processed; if this is the case, you have right to access this personal data and to the information listed in detail in Article 15 GDPR. In addition, you have the right to rectification (Article 16 GDPR), the right to restriction of processing (Article 18 GDPR), the right to erasure (Article 17 GDPR) and the right to data portability (Article 20 GDPR) under the respective legal conditions

What rights do you have in case of data processing based on your legitimate or public interest?

Pursuant to Article 21 (1) GDPR, you have the right to object at any time to the processing of personal data relating to you which is carried out based on Art. 6 (1) 1 (e) GDPR (data processing in the public interest) or based on Art. 6 (1) 1 (f) GDPR
(data processing for the protection of a legitimate interest) for reasons arising from your particular situation.

You can object to the use of your data for advertising using electronic mail at any time without incurring any costs other than the transmission costs according to the basic rates.

In the event of your objection, we will no longer process your personal data unless we can justify compelling legitimate grounds for the processing, which outweigh your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

You can withdraw your consent to the processing of personal data at any time. Please note that the withdrawal is only effective for the future.

Without limiting these rights and the possibility of seeking any other administrative or judicial remedy, you may at any time exercise your right to submit a complaint to a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes data protection law (Article 77 GDPR).

Is there an obligation to provide your personal data?

In order to participate in a webinar, you must provide us with the personal data required to conduct the webinar. If you do not provide us with this data, then participation in the webinar is not possible.

Which of your personal data do we use?

If you contact us, have us prepare an offer or conclude a contract with us, we process your personal data. In addition, we also process your personal data to comply with legal obligations, to protect a legitimate interest or on the basis of your consent. We only process personal data that we receive from you.

Depending on the legal basis and the contractual relationship with us, these are the following categories of personal data:

• First name, last name
• Company
• Business address
• Official communication data (telephone, email address)
• Account information, especially registration and logins (e.g. DMS Guardileo, online training tool)
• Video or image recording

For what purposes and on what legal basis do we process your data?

Based on your consent (Article 6 (1) 1 (a) GDPR)
If you have given us your voluntary consent to the processing of certain personal data, then this consent forms the legal basis for the processing of this data.

In the following cases, we process your personal data on the basis of consent given by you:

• Sending information about our products, news, events, webinars and blog.

For the performance of a contract (Article 6 (1) 1 (b) GDPR)
We use your personal data for the execution of the contract and for pre-contractual communication.

For the fulfilment of legal obligations (Article 6 (1) 1 (c) GDPR)
As a company, we are subject to various legal obligations. In order to comply with these obligations, the processing of personal data may be necessary:

• Prevention/Defense of punitive acts (only on an occasion-related basis).
• Retention and storage obligations (§ 257 HGB; § 147 AO).
• Obligations to process customer data (e.g. due to obligations under tax law).

Based on a legitimate interest (Article 6 (1) 1 (f) GDPR)
In certain cases, we process your data to protect our legitimate interests:

• Communication with a contact persons at the business partners.
• Direct advertising for similar products within the scope of our business relationship.
• Ensuring IT security and IT operations.
• Video surveillance for the preservation of house rights.
• Customer satisfaction surveys.
• Occasional comparison of first and last names of business contacts with the lists of the EU anti-terror regulations (Regulation (EC) No 881/2002, Regulation (EC) No 2580/2001, so-called anti-terror lists) due to the prohibition of provision according to the EU anti-terror regulation.

To whom is your data shared?

In order to fulfil our contractual and legal obligations, your personal data will be disclosed to various public or internal bodies, as well as external service providers:

• IT service providers (e.g. maintenance service providers, hosting service providers)
• Service provider for file and data destruction
• Web hosting service provider
• Chartered Accountant, Tax Consultant, Lawyer

Is your data transferred to countries outside the European Union (so-called third countries)?

We value processing your data within the EU / EEA. However, we may use service providers who process data outside the EU / EEA. In these cases, we ensure that an adequate level of data protection comparable to the standards within the EU is established at the recipient before transferring your personal data. This can be achieved, for example, via EU standard contractual clauses or Binding Corporate Rules or special agreements to whose regulations the company can submit.

How long will your data be stored?

We store your personal data to the extent necessary to fulfil our legal and contractual obligations, including:

• Fulfilment of e.g. commercial and tax retention obligations. These include, among others, retention periods from the German Commercial Code (HGB) or the German Fiscal Code (AO). The retention periods are up to 10 years.
• Preservation of evidence within the framework of the statutory limitation provisions. According to the statutes of limitation of the German Civil Code (BGB), these limitation periods can be up to 30 years in some cases; the regular limitation period is three years.
• After subscribing to the newsletter, your email address will be stored in our newsletter distribution list. After unsubscribing from the newsletter, your email address will be deleted from the distribution list and placed on a blacklist. This list is deleted every 6 months.

What rights do you have in connection with the processing of your data?

We will gladly provide you with information on whether personal data relating to you is being processed; if this is the case, you have right to access this personal data and to the information listed in detail in Article 15 DSGVO. In addition, you have the right to rectification (Article 16 GDPR), the right to restriction of processing (Article 18 GDPR), the right to erasure (Article 17 GDPR) and the right to data portability (Article 20 GDPR) under the respective legal conditions

What rights do you have in case of data processing based on your legitimate or public interest?
Pursuant to Article 21 (1) GDPR, you have the right to object at any time to the processing of personal data relating to you which is carried out based on Art. 6 (1) 1 (e) GDPR (data processing in the public interest) or based on Art. 6 (1) 1 (f) GDPR (data processing for the protection of a legitimate interest) for reasons arising from your particular situation.

You can object to the use of your data for advertising using electronic mail at any time without incurring any costs other than the transmission costs according to the basic rates.

In the event of your objection, we will no longer process your personal data unless we can justify compelling legitimate grounds for the processing, which outweight your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

You can withdraw your consent to the processing of personal data at any time. Please note that the withdrawal is only effective for the future.

Without limiting these rights and the possibility of seeking any other administrative or judicial remedy, you may at any time exercise your right to submit a complaint to a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes data protection law (Article 77 GDPR).

Is there an obligation to provide your personal data?

In order to enter into a business relationship, you must provide us with the personal data that is required for the implementation of the contractual relationship. If you do not provide us with this data, it is not be possible for us to carry out and process the contractual relationship.

Which of your personal data do we use?

IP address
For calling the data protection management software the short-term logging of the IP address is indispensable. Your IP address will be deleted by us after the end of your session.

Registration and use
To use our data protection management software, you need to register. For the registration we collect and store the following data:

• Username
• First name
• Last name
• E-mail address
• Phone number
• Function/title, if applicable
• Password
• Selected language (English/German)

After successful registration, you will receive a personal, password-protected access and will be able to view and manage the data you have submitted.

In the course of your further use of the data protection management software, you can enter further data, such as contact details of your employees, your status (data protection coordinator, internal data protection officer), and in particular upload documents that contain personal data. We process this data only within the framework of the service contract we have concluded with your employer. Within our company, only the consultant responsible for your employer can access your data for the purpose of data protection consulting, and, if necessary, the administrators to ensure the functioning of the system. Furthermore, you will receive automatic notifications by e-mail from the data protection management software in certain cases.

For which purposes and on which legal basis do we process your data?

As part of our data protection consulting services, we provide you with a software-based data protection management system.

We process data directly related to the technical use of this website (IP address) based on a legitimate interest, Article 6 (1) (f) GDPR. Our legitimate interest is to provide you with the website, to ensure the security and stability of the website and to offer you a user-friendly operating experience. If you contact us of your own accord, we also process your data based on a legitimate interest pursuant to Article 6 (1) (f) GDPR to process your request accordingly.

Will the data be transferred to third parties?

Your data will not be transferred to third parties unless we are legally obliged to do so, e.g., if certain information needs to be passed on to the data protection supervisory authority. Where external service providers receive access to your personal data, we have ensured that they comply with the provisions of the data protection laws through legal, technical and organizational measures as well as through regular checks.

How long do we store the data?

We generally store your data for as long as is necessary for the technical operation as well as the use of the data protection management software or, if applicable, for processing your request. Your user account and the associated data will be deleted by default one year after termination of the service relationship with us, unless your employer gives us instructions to the contrary.

Is your data transferred to countries outside the European Union (so-called third countries)?

No.

What rights do you have in connection with the processing of your data?

Every data subject has the right of access pursuant to Article 15 GDPR, the right to rectification pursuant to Article 16 GDPR, the right to erasure pursuant to Article 17 GDPR, the right to restriction of processing pursuant to Article 18 GDPR, the right to object pursuant to Article 21 GDPR and the right to data portability pursuant to Article 20 GDPR. With regard to the right of access and the right to erasure, the restrictions pursuant to Sections 34 and 35 BDSG apply.

We will gladly provide you with information as to whether personal data relating to you is being processed; if this is the case, you have a right of access regarding this personal data and to the information detailed in Article 15 GDPR. In addition, you have the right to rectification (Article 16 GDPR), the right to restriction of processing (Article. 18 GDPR), the right to erasure (Article 17 GDPR) and the right to data portability (Article 20 GDPR) if the legal requirements are met.

What right do you have in case of data processing based on a legitimate or public interest?
Pursuant to Article 21 (1) GDPR, you have the right to object to the processing of personal data relating to you which is carried out based on Article 6 (1) (e) GDPR (data processing in the public interest) or on Article 6 (1) (f) GDPR (data processing for the purpose of a legitimate interest) at any time, on grounds relating to your particular situation.

In the event of your objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

You can withdraw your consent to the processing of personal data at any time. Please note that the withdrawal is only effective for the future.

Without prejudice to these rights and the possibility of seeking any other administrative or judicial remedy, you may at any time exercise your right to lodge a complaint with a supervisory authority, in particular the authority at your place of residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes data protection law (Article 77 GDPR).

Is there an obligation to provide your personal data?

The provision of personal data is neither legally nor contractually required, nor are you obliged to provide the personal data. However, the provision of personal data is necessary for the use of the data protection management software. If you do not provide us with personal data, you will not be able to register as a user and work with the software.

Data security

We have taken extensive technical and operational precautions to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological progress.

In order to fulfill our tasks and ensure the security of our IT infrastructure, we have to work with service providers who may also receive personal data for this purpose. These service providers are contractually bound by intersoft consulting services AG and may only use personal data they receive in this context for the permitted purpose. The data protection management software is operated on our server.