Privacy Policy for customers and interested parties

With the following information, we would like to give an overview to our customers or interested parties about how we process your personal data and about the data protection rights to which you are entitled.

Entity responsible for data processing and contact details

Responsible party in the sense of data protection law:
PROMATIS software GmbH
Pforzheimer Str. 160
76275 Ettlingen
Phone: +49 7243 2179 – 0

We have appointed a data protection officer in our company, who can be contacted as follows:
PROMATIS software GmbH
– Data Protection Officer –
Pforzheimer Str. 160
76275 Ettlingen
Email

Purpose and legal basis of the processing of personal data

We process your personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and all other applicable laws. The processing and use of individual data depends on the agreed service.

Consent (Art. 6 Abs. 1 lit. a GDPR)
If you have consented to the processing of your personal data, the respective consent is the legal basis for the processing mentioned there. You can revoke consent at any time with effect for the future.

Fulfillment of contractual obligations (Art. 6 Abs. 1 lit. b GDPR)
We process your personal data for the performance of our contracts with you, i.e. in particular in the context of order entry, service provision, consulting activities and invoicing, as well as for the performance of measures and activities in the context of pre-contractual relationships, such as, for example, the preparation of offers.

Fulfillment of legal obligations (Art. 6 para. 1 lit. c GDPR) or public interests (Art. 6 para. 1 lit. e GDPR)
We process your personal data if this is necessary to comply with legal obligations (e.g. commercial, tax laws) or to comply with regulatory or other official requirements.

Furthermore, we may process your data for the fulfillment of tax control and reporting obligations as well as the archiving of data for data protection and data security purposes and audits by tax and other authorities. In addition, the disclosure of personal data may be necessary in the context of official/court measures for the purposes of gathering evidence, criminal prosecution or enforcement of civil claims.

Balancing of interests of us or third parties (Art. 6 para. 1 lit. f GDPR)
To the extent necessary, we process your data beyond the actual performance of the contract to protect legitimate interests of us or third parties. In particular for the following purposes:

  • Advertising or market research, unless you have objected to the use of your data.
  • Conduct of webinars and events.
  • Enrichment of our data, including through the use or research of publicly available data.
  • Statistical evaluations or market analysis.
  • Further development of our services and products as well as existing systems and processes.
  • Assertion of legal claims and defense in legal disputes not directly related to the contractual relationship.
  • Obtaining information and exchanging data with credit agencies, insofar as this exceeds our economic risk.
  • Limited storage of your data, insofar as deletion is not possible or only possible with disproportionate effort due to the special type of storage.
  • Internal and external investigations and/or security reviews.
  • Obtaining or maintaining private law or regulatory certifications.
  • Ensuring and exercising our house rights through appropriate measures

Collection of your data

We store the personal data received from you as well as any personal data lawfully received from third parties (e.g. address publishers, credit agencies) to the extent necessary for the provision of our services. Furthermore, we process personal data from publicly accessible sources (e.g. press, Internet, other media, commercial register). Relevant personal data categories can be in particular:

  • Personal data (name, title, profession/industry, function, department and comparable data)
  • Contact details (address, email, telephone number and similar data)
  • Advertising and sales data
  • Documentation data (e.g. meeting protocols)
  • Data that is required to process our contractual relationship or a project with you (e.g. payment data, order data)
  • Customer history
  • and other data comparable with the above categories

Recipients of your data

Within our company, only people and departments that need your personal data to fulfill the above-mentioned purposes will have access to it.

Within our group of companies, your data will be transferred to certain companies if they perform tasks centrally for the companies affiliated in the group or if this is necessary to fulfill the above-mentioned purposes.

In addition, the following external entities may receive your data:

  • Processors appointed by us (Art. 28 GDPR), service providers for supporting activities and other responsible parties within the meaning of the GDPR, in particular in the areas of IT services, logistics, external data centers, support/maintenance of IT applications, accounting and controlling, purchasing/procurement, tax consulting, auditing, credit institutions.
  • Public bodies and institutions in the event of a legal or official obligation under which we are obliged to provide information, report or pass on data, or if the transfer of data is in the public interest.
  • Bodies and institutions on the basis of our legitimate interest or the legitimate interest of the third party (e.g. authorities, credit agencies, debt collection, lawyers, courts, appraisers, affiliated companies).
  • Other entities for which you have given us your consent to transfer data.

Data will only be transferred to third countries if it is necessary for the execution of your order/contract, if it is required by law (e.g. tax reporting requirements), if it is in the legitimate interest of us or a third party, or if you have given us your consent.

Duration of the storage of your data

In principle, we process and store your personal data only as long as it is required for the respective purpose. Thus, the storage period also depends on the duration of our business relationship, this also includes the initiation (pre-contractual legal relationship) and the execution of a contract.

In addition, we are subject to various statutory storage and documentation obligations (e.g. HGB, AO). The retention and documentation periods specified there are up to ten years beyond the end of the business relationship or the pre-contractual legal relationship.

Furthermore, the storage period is also assessed according to the statutory limitation periods, which according to §§ 195 et seq. of the German Civil Code (BGB) are generally three years, but in certain cases can be up to 30 years.

Your rights / further information

Right to objection

Pursuant to Art. 21 of the German Data Protection Regulation (GDPR), you have the right to object to the processing of data that has been or will be collected on the basis of your consent (Art. 6 (1) (f) GDPR) at any time on grounds relating to your particular situation. If you exercise your right to object, your data will not be further processed unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves, for example, to assert, exercise or defend legal claims.

Furthermore, you are free at any time to withdraw your application and thus your consent pursuant to Art. 6 para. 1 lit. a of the German Data Protection Act (GDPR). In this case, we commit to deleting your data in accordance with the above-mentioned deadlines (see " Duration of the storage of your data").

Right to revocation in the case of consent

Insofar as the data processing is based on your consent, you have the right to revoke the consent at any time. This also applies to the revocation of declarations of consent that you gave us before the GDPR came into force on May 25, 2018. The revocation of consent is for the future and does not affect the lawfulness of the data processed until the revocation. The revocation of consent can be submitted by email to the Data Protection Officer. Alternatively, you can choose any other way to notify us of the withdrawal of consent.

Further data protection rights according to Art. 13 para. 2 lit. b/d GDPR

In addition to your right to object, in accordance with the provisions of the GDPR, you have the

  • Right to disclosure (Art. 15 GDPR, § 34 BDSG)
  • Right to correction (Art. 16 GDPR)
  • Right to deletion (Art. 17 GDPR, § 35 BDSG)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to appeal to a data protection regulatory authority (Art. 77 GDPR, § 19 BDSG)