Privacy Policy
Privacy policy
This privacy policy explains the type, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offering and the associated websites, functions and content as well as external online presences, such as our social media profile. (hereinafter jointly referred to as the “Online Offer”). With regard to the terms used, such as “processing” or “controller”, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
Person responsible
SRC
Security Research & Consulting GmbH
Emil-Nolde-Str.7
D-53113 Bonn
Phone: +49 (0) 228 – 2806 – 0
Fax: +49 (0) 228 – 2806 – 199
Internet: www.src-gmbh.de
eMail: info[at]src-gmbh.de
Managing Directors: Gerd Cimiotti and Markus Schierack
Commercial Register: Bonn HRB 9414
VAT ID number: DE 212254844
https://src-gmbh.de/impressum/
You can contact our data protection officer as follows:
Florian Reichert
Adenauerallee 136
53113 Bonn
Phone: +49 (0) 228-227 226-0
Fax: +49 (0) 228-227 226-26
Contact: http://www.scheja-partner.de/kontakt/kontakt.html
www.scheja-partner.de
Types of data processed:
- Inventory data (e.g., names, addresses).
- Contact details (e.g., e-mail, telephone numbers).
- Content data (e.g., text entries, photographs, videos).
- Usage data (e.g., websites visited, interest in content, access times).
- Meta/communication data (e.g., device information, IP addresses).
Purpose of the processing
- Provision of the online offer, its functions and content.
- Answering contact requests and communicating with users.
- Safety measures.
Terminology used
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and encompasses practically any handling of data.
The “controller” is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Relevant legal bases
In accordance with Art. 13 GDPR, we inform you of the legal basis of our data processing. If the legal basis is not stated in the privacy policy, the following applies: The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 GDPR, the legal basis for the processing for the fulfillment of our services and the implementation of contractual measures as well as answering inquiries is Art. 6 para. 1 lit. b GDPR, the legal basis for processing to fulfill our legal obligations is Art. 6 para. 1 lit. c GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6 para. 1 lit. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR as the legal basis.
Security measures
We ask you to inform yourself regularly about the content of our privacy policy. We will adapt the data protection declaration as soon as changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification.
Cooperation with processors and third parties
If we disclose data to other persons and companies (processors or third parties) as part of our processing, transfer it to them or otherwise grant them access to the data, this is done
- on the basis of legal permission (e.g. if the transfer of data to third parties, such as payment service providers, is necessary for the fulfillment of a contract pursuant to Art. 6 para. 1 lit. b GDPR),
- insofar as you have given your consent,
- a legal obligation provides for this or
- on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
If we commission third parties with the processing of data on the basis of a so-called “order processing contract”, this is done in accordance with the relevant requirements of Art. 28 GDPR.
Rights of data subjects/ right to information
You have the right to receive information about the personal data we have stored about you.
Right of correction and deletion
You can demand the correction of incorrect data and – insofar as the legal requirements are met – the deletion of your data.
Restriction of processing
If the legal requirements are met, you can demand that we restrict the processing of your data.
Data portability
If you have provided us with data on the basis of a contract or consent, you may request that you receive the data you have provided in a structured, commonly used and machine-readable format or that we transfer it to another controller if the legal requirements are met.
Objection to data processing on the legal basis of “legitimate interest”
You have the right to object to data processing by us at any time for reasons arising from your particular situation, insofar as this is based on the legal basis of “legitimate interest”. If you exercise your right to object, we will stop processing your data unless we can demonstrate compelling legitimate grounds for further processing which override your rights in accordance with the statutory provisions.
Control over the use of cookies
You can control the use of cookies at any time. For details, please refer to the Cookies section. We offer you an appropriate tool for this purpose.
Revocation of consent
If you have given us your consent to process your data, you can revoke this at any time with effect for the future. The lawfulness of the processing of your data until the revocation remains unaffected by this.
Right to lodge a complaint with the supervisory authority
You can also lodge a complaint with the competent supervisory authority if you believe that the processing of your data violates applicable law. You can contact the data protection authority responsible for your place of residence or country or the data protection authority responsible for us.
Your contact to us:
Furthermore, you can contact us free of charge if you have any questions about the processing of your personal data, your rights as a data subject and any consent you may have given. To exercise all of your aforementioned rights, please contact datenschutz@src-gmbh.de or send a letter to the address given above under “Controller”. Please make sure that we are able to clearly identify you.
Right to object on the legal basis of “legitimate interest”
Objection to data processing on the legal basis of “legitimate interest”: You have the right to object to the future processing of data concerning you by us at any time for reasons arising from your particular situation, insofar as this is based on the legal basis of “legitimate interest”. If you exercise your right to object, we will stop processing your data unless we can demonstrate compelling legitimate grounds for further processing which override your rights in accordance with the statutory provisions.
To exercise your right to object, please contact us at datenschutz@src-gmbh.de or by post at the address given above under “Controller”.
Cookies
Cookies” are small files that are stored on users’ computers. Different information can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after their visit to an online service. Temporary cookies, or “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online service and closes their browser. For example, the content of a shopping cart in an online store or a login status can be stored in such a cookie. Permanent” or “persistent” cookies are cookies that remain stored even after the browser is closed. For example, the login status can be saved if users visit it after several days. The interests of users can also be stored in such a cookie and used for reach measurement or marketing purposes. Third-party cookies” are cookies that are offered by providers other than the controller who operates the online service (otherwise, if they are only the controller’s cookies, they are referred to as “first-party cookies”).
We may use temporary and permanent cookies and provide information about this when you use our website. When you visit our website for the first time, you will receive a pop-up message at the bottom of the screen with information on the use of cookies. If you click on the Accept button, we save a cookie so that we know that you have taken note of our message and it will not be displayed again on your next visit.
If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f GDPR. Our legitimate interests are the simplification of the use of our website and the recognizability of the user’s browser even after a change of website.
Deletion of data
The data processed by us will be deleted or its processing restricted in accordance with Art. 17 and 18 GDPR. Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the data are not deleted because they are required for other and legally permissible purposes, their processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
According to legal requirements in Germany, the data is stored for 6 years in accordance with § 257 para. 1 HGB (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting vouchers, etc.) and for 10 years in accordance with § 147 para. 1 AO (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).
Order processing for services
We process our customers’ data as part of the ordering process in our online ticket management system in order to enable them to select and order the selected products and services, as well as their payment and delivery or execution.
The processed data includes inventory data, communication data, contract data and payment data. The persons affected by the processing include our customers, interested parties and other business partners. The processing is carried out for the purpose of providing contractual services in the context of operating an online store, billing, delivery and customer services. We use session cookies to store the contents of the shopping cart and permanent cookies to store the login status.
The processing is carried out on the basis of Art. 6 para. 1 lit. b (execution of order processes) and c (legally required archiving) GDPR. The information marked as required is necessary for the establishment and fulfillment of the contract. We only disclose the data to third parties within the scope of delivery, payment or within the scope of legal permissions and obligations towards legal advisors and authorities. The data is only processed in third countries if this is necessary to fulfill the contract (e.g. at the customer’s request for delivery or payment).
We store the IP address and the time of the respective user action as part of the registration and renewed logins and use of our online services. The storage is based on our legitimate interests, as well as the interest of users in protection against misuse and other unauthorized use. This data will not be passed on to third parties unless it is necessary for the pursuit of our claims or there is a legal obligation to do so in accordance with. Art. 6 para. 1 lit. c GDPR.
The deletion takes place after the expiry of statutory warranty and comparable obligations, the necessity of storing the data is reviewed every three years; in the case of statutory archiving obligations, the deletion takes place after their expiry (end of commercial law (6 years) and tax law (10 years) retention obligation).
Administration, financial accounting, office organization, contact management
We process data as part of administrative tasks and the organization of our business, financial accounting and compliance with legal obligations, such as archiving. In doing so, we process the same data that we process as part of the provision of our contractual services. The processing bases are Art. 6 para. 1 lit. c. GDPR, Art. 6 para. 1 lit. f. GDPR. Customers, interested parties, business partners and website visitors are affected by the processing. The purpose and our interest in the processing lies in the administration, financial accounting, office organization, archiving of data, i.e. tasks that serve the maintenance of our business activities and the provision of our services. The deletion of data with regard to contractual services and contractual communication corresponds to the information specified in these processing activities.
We disclose or transmit data to the tax authorities, consultants such as tax advisors or auditors as well as other fee offices and payment service providers.
We also store information on suppliers, event organizers and other business partners on the basis of our business interests, e.g. for the purpose of contacting them at a later date. We store this data, most of which is company-related, permanently.
Business analyses and market research
In order to operate our business economically and identify market trends, customer and user requirements, we analyze the data we have on business transactions, contracts, inquiries, etc. In doing so, we process inventory data, communication data, contract data, payment data, usage data, metadata on the basis of Art. 6 para. 1 lit. f. GDPR, whereby the data subjects include customers, interested parties, business partners, visitors and users of the online offer.
The analyses are carried out for the purpose of business evaluations, marketing and market research. In doing so, we can take into account the profiles of registered users with details of their purchase transactions, for example. The analyses help us to increase user-friendliness, optimize our offer and improve business efficiency. The analyses serve us alone and are not disclosed externally, unless they are anonymous analyses with summarized values.
If these analyses or profiles are personal, they will be deleted or anonymized upon termination by the user, otherwise after two years from the conclusion of the contract. In addition, the overall business analyses and general trend determinations are prepared anonymously wherever possible.
Data protection information in the application process
We process the applicant data only for the purpose and in the context of the application process in accordance with the legal requirements. The processing of applicant data is carried out to fulfill our (pre-)contractual obligations in the context of the application process within the meaning of Art. 6 para. 1 lit. b. GDPR Art. 6 para. 1 lit. f. GDPR if the data processing becomes necessary for us, e.g. in the context of legal proceedings (in Germany, Section 26 BDSG also applies).
The application procedure requires applicants to provide us with their application data. If we offer an online form, the necessary applicant data is marked as such, otherwise it can be found in the job descriptions and basically includes personal details, postal and contact addresses and the documents belonging to the application, such as cover letter, CV and certificates. Applicants can also voluntarily provide us with additional information.
By submitting their application to us, applicants consent to the processing of their data for the purposes of the application process in accordance with the type and scope set out in this privacy policy.
Insofar as special categories of personal data within the meaning of Art. 9 Para. 1 GDPR, their processing is additionally carried out in accordance with Art. 9 para. 2 lit. b GDPR (e.g. health data, such as severely disabled status or ethnic origin). Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR are requested from applicants, their processing is additionally carried out in accordance with Art. 9 para. 2 lit. a GDPR (e.g. health data if this is necessary for the exercise of the profession).
Applicants can send us their applications using an online form on our website. The data is transmitted to us in encrypted form in accordance with the state of the art.
Applicants can also send us their applications by e-mail. Please note, however, that e-mails are generally not sent in encrypted form and applicants must ensure that they are encrypted themselves. We can therefore accept no responsibility for the transmission path of the application between the sender and receipt on our server and therefore recommend using an online form or sending it by post. Instead of applying via the online form or by e-mail, applicants still have the option of sending us their application by post.
In the event of a successful application, the data provided by applicants may be processed by us for the purposes of the employment relationship. Otherwise, if the application for a job offer is not successful, the applicant’s data will be deleted. Applicants’ data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time.
The deletion takes place, subject to a justified revocation by the applicant, after a period of six months so that we can answer any follow-up questions about the application and meet our obligations to provide evidence under the Equal Treatment Act. Invoices for any travel expense reimbursements are archived in accordance with tax regulations.
Contact us
When contacting us (e.g. via contact form, e-mail or telephone), the user’s details are used to process the contact request and its handling in accordance with Art. 6 para. 1 lit. f GDPR. Art. 6 para. 1 lit. b) GDPR is processed. User data may be stored in a customer relationship management system (“CRM system”) or comparable inquiry organization.
We delete the requests if they are no longer required. We review the necessity every two years; the statutory archiving obligations also apply.