Information about the processing of your personal data

Data protection and information security are central components of our corporate policy. The protection of your privacy in the processing of personal data as well as the security of all business data is an important concern for us, which we take into account in our business processes. We process personal data confidentially and only in accordance with the legal provisions. Which data is processed in detail and in what way depends largely on the services you have requested or agreed with you. With this data protection declaration, we inform you about the data protection regulations as well as the claims and rights to which you are entitled.

Responsible body for the processing of your data and contact details of the Data Protection Officer

ZDE – Zentrum für Digitale Entwicklung GmbH
In der Waage 9
73463 Westhausen

Phone: 07363 / 9604-0
E-mail: info@digitaleentwicklung.de
Management: Rudi Feil, Wolfgang Weiß

You can reach our company data protection officer at the postal address mentioned above under the keyword “PERSONALLY to the data protection officer Mr. Torsten Schmid” or by e-mail at info@schmid-datenschutz.de

What data sources do we use and for what purposes do we process your personal data?
We process personal and company-related data that we receive from you in the course of our business relationship or its initiation. In addition, we process – to the extent necessary for the provision of our services – personal data that we have permissibly received from third parties, e.g. cooperation partners (e.g. for the execution of orders, for the fulfilment of contracts, on the basis of legitimate interests or on the basis of consent given by you). In addition, we process personal data that we have permissibly obtained from publicly accessible sources (including tender documents, land registers, commercial and association registers, press, media) and are permitted to process.

Purposes and legal bases of processing as well as type of data
We process your data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) for the following purposes:

For the fulfilment of contractual obligations or pre-contractual measures (Art. 6 para. 1 lit. b GDPR):
The processing of personal data is carried out in the context of the initiation or fulfilment of our contracts with you or for the execution of your orders.

Based on our legitimate interest (Art. 6 para. 1 lit. f GDPR):
To the extent necessary and legally permissible, we process your data beyond our own fulfilment in order to safeguard the legitimate interests of us or third parties. Examples include:

Testing and optimization of procedures for needs analysis and direct customer contact
Market and opinion research, provided that you have not objected to the use of your data
Assertion of legal claims and defence in legal disputes
Ensuring IT security and trouble-free IT operations
Measures for business management and further development of services, services and products
To determine creditworthiness or default risks
Measures for building and plant security, e.g. video surveillance in connection with the observance of domiciliary rights

On the basis of your consent (Art. 6 para. 1 lit. a GDPR):
If you give us explicit consent to the processing of personal data for certain purposes (e.g. for advertising purposes, for sending e-mail newsletters, for the publication of image and video material or for other marketing purposes), this forms the legal basis for the processing of your personal data. You can revoke your consent at any time with effect for the future, in whole or in part.

Due to legal obligations or due to the public interest (Art. 6 para. 1 lit. c, e GDPR):
As a company, we are subject to various legal (e.g. tax) obligations. In order to fulfil these obligations, the processing of personal data (primarily contract and billing-related data) may be necessary.

Which of your personal data is collected, processed and used by us?
For the aforementioned purposes, the following categories of personal data are usually processed:

– Contact information (names, addresses, contact details such as telephone, fax, mobile and e-mail addresses, and addresses
of messenger services such as Skype)
– Information, its processing in the context of a project or the establishment and execution of a contract
are required (contract and property data)
– Turnover and payment data, bank details and account information
– Account information (registration and login data)

To whom is personal data shared?
Within our company, access to your data is granted to those entities that need it to fulfil our contractual and legal obligations. Furthermore, data may be passed on to external service providers. These service providers primarily include companies in the categories of IT services, IT security, marketing, market research, processing of payment transactions, provision of products and services, consulting as well as implementation of events and events as well as shipping logistics. External service providers are carefully selected by us and regularly inspected. If a data processing relationship exists, the service providers concerned are contractually bound in accordance with Art. 28 GDPR and bound by our instructions. In addition, we may be obliged to transmit your personal data to other recipients (public bodies), such as tax authorities in order to comply with legal notification obligations. Other data recipients may be cooperation partners (e.g. engineering offices or construction companies) or those bodies for which you have given us your consent to data transfer.

Data transfer to affiliated companies
If necessary, personal data will be transmitted to companies affiliated or cooperating with us, insofar as this is necessary to fulfil the aforementioned purposes and is permissible under data protection law.

Data transfer to third countries

Countries outside the European Union (and the European Economic Area (“EEA”) handle the protection of personal data differently than countries within the European Union. In the event of data transfer to third countries (e.g. in the context of the use of information or communication technologies), we have taken appropriate measures to ensure that your data is processed in these third countries as securely as within the European Union. The transfer of your data will be carried out in compliance with the special requirements of Art. 44 – 49 GDPR, whereby the appropriate level of protection is guaranteed either by an adequacy decision of the European Commission in accordance with Art. 45 GDPR or concluded EU standard contractual clauses in accordance with Art. 46 (2) (c) and (d) GDPR.

Duration of data storage
We generally store your personal data for the duration of the contractual relationship or until the purpose limitation ceases to apply. We store billing-relevant data for as long as it is necessary to fulfil our legal and contractual obligations (including for the fulfilment of retention obligations under commercial and tax law, such as retention periods from the German Commercial Code (HGB) or the German Fiscal Code (AO)).

If the storage of the data is no longer necessary for the fulfilment of contractual or legal obligations, your data will be deleted, unless their further processing is necessary for the following purposes:
Preservation of evidence within the framework of the statutory statute of limitations. According to the statute of limitations of the German Civil Code (BGB), these limitation periods can be up to 30 years in some cases, and the regular limitation period is three years. We will process data collected and processed on the basis of your consent until you revoke your consent.

In addition, we also use your data for a reasonable time after orders have been completed to inform you about our products and services. This is done on the basis of Art. 6 (1) (f) GDPR. After this time, your data will be deleted or only processed in anonymised form (e.g. for statistical purposes).

Your rights
You have the following rights vis-à-vis us in relation to personal data concerning you:
The right to information pursuant to Art. 15 GDPR, the right to rectification pursuant to Art. 16 GDPR, the right to erasure pursuant to Art. 17 GDPR, the right to restriction of processing pursuant to Art. 18 GDPR, the right to data portability pursuant to Art. 20 GDPR and the right to object pursuant to Art. 21 GDPR. The right to information and the right to erasure are subject to the restrictions under §§ 34 and 35 BDSG. To exercise your rights, you can contact the responsible body or the data protection officer using the contact details provided above.

In addition, there is a right to lodge a complaint with the competent data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG):

The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg

Address: Königstrasse 10a, 70173 Stuttgart, Postal address: Postfach 10 29 32, 70025 Stuttgart

Phone: 0711/615541-0, Fax: 0711/615541-15, E-Mail: poststelle@lfdi.bwl.de
The person concerned is also free to lodge a complaint with the supervisory authority in the Member State of his or her habitual residence, place of work or place of the alleged infringement.

Withdrawal of your consent and right to object
You can revoke any consent you have given to the processing of personal data, in whole or in part, at any time. Please note that the revocation only applies to the future.

YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU THAT IS CARRIED OUT ON THE BASIS OF ART. 6 (1) (F) GDPR (DATA PROCESSING ON THE BASIS OF A BALANCING OF INTERESTS); THIS ALSO APPLIES TO PROFILING BASED ON THIS PROVISION WITHIN THE MEANING OF ART. 4 SEC. 4 GDPR, WHICH WE USE FOR CREDIT RATING OR ADVERTISING PURPOSES.

IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS. IN INDIVIDUAL CASES, WE PROCESS YOUR PERSONAL DATA FOR THE PURPOSE OF DIRECT MARKETING. YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING; THIS ALSO APPLIES TO PROFILING, INSOFAR AS IT IS RELATED TO SUCH DIRECT ADVERTISING. IF YOU OBJECT TO PROCESSING FOR DIRECT MARKETING PURPOSES, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA FOR THESE PURPOSES.

Obligation to provide your personal data, automated decision-making and profiling

As a rule, there is no legal obligation to provide personal data. However, in order to process an enquiry or conclude a contract, you must provide us with the personal data that is necessary to answer your enquiry or to establish or perform the contractual relationship or that we are required to collect due to legal requirements. If you do not provide us with this data, then it will not be possible for us to process your request or to carry out and process the contractual relationship.
There is no automatic decision-making or profiling.

Status of this data protection information: 21.06.2021

Information about the processing of your personal data

UNSERE LEISTUNGEN

Strategie

Technik

Smart City Campus

Über das ZDE

Mehr

Karriere

Neuigkeiten

Kontakt

Rechtliches

Impressum

Datenschutzerklärung

Folgen Sie Uns

Unsere Standorte

Hauptsitz Westhausen

Standort Neu-Ulm

Standort Norderstedt

Standort Berlin

Kontaktmöglichkeiten