Data Protection Information

 

General Information

Data Protection and Information Security constitute a vital base for stable and successful customer relationships for soffico GmbH and the whole in the x-tention group (see section 2) and are therefore of high significance in the company group. On that account, the protection of your personal data (hereinafter abbreviated as “data”) is a key concern to us.

All relevant and applicable provisions – particularly GDPR provisions and the Telecommunications Act (TKG) – are adhered to when dealing with data. Furthermore, technical and organizational requirements for an appropriate Data Protection standard are complied with.

Subsequently, we would like to give detailed information of which type of data are collected when visiting our website and when making use of the offers of the x-tention group (see section 2) as well as how these data are processed.

1.   Website

Our website https://orchestra.soffico.de/ (hereinafter referred to as “website”) is operated by soffico GmbH. When using our website exclusively to retrieve information, your personal data are not necessary to be given generally. However, for the operation of the website it is necessary to process certain data, through which a personal reference can be established. In this context, exclusively data obtained from your internet browser are transferred, such as:

  • Date and time of website access
  • Your browser type
  • Browser settings
  • Used operating system
  • Previously accessed website
  • Transferred volume of data and access status (file transferred, file not found, etc.)
  • Your IP-address

Purpose

This is necessary in order to enable website visits.

Legal Basis

The legal basis for this is our legitimate interest according to point (f) of Article 6(1) GDPR to ensure the operation of our website, to implement error- and availability-analyses as well as the defense against attacks.

Recipient

These data are transferred to processers at most, not however to third parties.

Storage Period

The data are stored for a maximum of four weeks provided that no legal obligation, which requires to store them for a longer period of time, applies. Concurrently, a longer storage period may occur if necessary in order to investigate detected attacks on our website.

Cookies

In order for you to be able to use our website without constraints, so-called “cookies” are used. Cookies are small text files that enable recognition of users and the implementation of a usage analysis of our website. These text files contain a randomly selected and explicit identification number as well as information concerning their origin and retention period. These cookies cannot store any other data. Using cookies does not permit us to look into any files on your computer.

The cookies used on our website constitute no danger for the user’s computer system, as they do not cause harm nor contain viruses or the like.

We differentiate between three kinds of cookies, which we use for operating our website:

  • Functional cookies ensure the technical operation and basic functions of our website. These kinds of cookies are used, inter alia, to memorize the choice of activated cookies via cookie-banner.
  • Statistical-/marketing-cookies enable insight in the user’s interaction with our website and allow placing targeted advertising activities. Information is collected and analyzed anonymously. This provides us with valuable insights for optimizing our website as well as our product range.
  • Third-party cookies – provided that third-party media contents are integrated, such as when playing YouTube videos.

Moreover, the application of cookies may be prevented by certain browser settings. Provided that your browser supports the “do-not-track” feature and it is activated, no usage profile will be created via the website visit. However, the respective website may not function properly without cookies.

Legal Basis

The legal basis for the use of functional cookies is our legitimate interest according to point (f) of Article 6(1) GDPR to ensure the technical operation and basic functions of our website as well as to save and memorize chosen cookie settings.

The legal basis for the use of cookies for marketing- and analytical-purposes (see section “Matomo” below), which is configured via cookie-banner, is your consent in accordance with point (a) of Article 6(1) GDPR.

The legal basis for the use of third-party cookies is your consent in accordance with point (a) of Article 6(1) GDPR, which is obtained either via cookie-banner or via retrieving certain content, such as playing YouTube videos (see section “YouTube Videos”).

Cancellation Policy, Right of Objection

Submitted consent can be withdrawn at any time. You are entitled to object against the processing of data based on legitimate interest of the controller. Further information concerning rights of the data subject is to be found in section 5.

Recipient

These data are transferred to processers at most, not however to third parties.

Storage Period

The respective storage period of cookies is to be found in the table above.

 

Matomo

Provided that you declared consent to statistical-/marketing cookies, our website uses the software “Matomo” (https://matomo.org/) as a web-analysis tool in order to improve and adjust our web presence. The software places cookies on your computer, which enable recognizing your browser. When subpages are accessed, the following data are retained:

  • Date and time of website access
  • Your browser type
  • Browser settings
  • Used operating system
  • Previously accessed website
  • Transferred volume of data and access status (file transferred, file not found, etc.)
  • Your IP-address, cut by the last 2 bytes (anonymized)

Data obtained via Matomo are stored on our own servers.

 

YouTube Videos

Our website integrates and enables watching YouTube videos, which are saved on www.youtube.com.

YouTube is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View CA 94043 USA (hereinafter referred to as “Google”). In doing so, we apply the by YouTube provided option “privacy-enhanced mode”, i.e. no user data is transferred to YouTube if no videos are played.

When playing videos, your computer stores YouTube cookies and data are transferred to Google. Provided that you play videos saved on YouTube, not less than the following data are transferred to Google: IP-address and Cookie-ID, specific address of accessed website, language setting of browser, system date and time of access as well as identification of the browser. The data transfer takes place regardless of being or not being logged in on YouTube with a user account. When being logged in, the data are directly allocated to the respective user account. This allocation can be prevented by logging out before activating the start-button. YouTube/Google stores these data as usage profiles and uses them for advertising, market research and/or needs-oriented design of their website. You are entitled to object against the creation of usage profiles; this objection has to be directed directly to Google as the operator of YouTube.

Further information on data protection on YouTube is provided by Google under this link: https://policies.google.com/privacy. By playing YouTube videos, the user declares consent to the processing of their data. The respective data is not processed by us.

 

Google Maps

“Google Maps” of Google is integrated into our website.

No cookies are used when using “Google Maps”. We would like to point out that data are only transferred to Google provided that the component is actively used, i.e. when you click on the map and access “Google Maps”. Google is responsible for any processing of personal data (IP-address, location) concerning this matter; we do not have access to these data.

For the use of “Google Maps” and information obtained via “Google Maps”,  the terms of use of Google https://policies.google.com/terms as well as additional terms and conditions for “Google Maps” apply, which can be accessed via the following link: https://www.google.com/intl/de_de/help/terms_maps/

 

2.   Data Transfer within the x-tention group

The x-tention group consists of the following companies:

  • soffico GmbH, Bürgermeister-Wegele-Straße 12, 86167 Augsburg, Germany;
  • x-tentionInformationstechnologie GmbH, Römerstraße 80A, 4600 Wels, Austria;
  • x-tentionInformationstechnologie GmbH, Bürgermeister-Wegele-Straße 12, 86167 Augsburg, Germany;
  • x-tentionInformationstechnologie AG, Bellerivestraße 3, 8008 Zürich, Switzerland;
  • x-tentionLimited, The Echo Bournemouth, BH1 1BZ, Great Britain;
  • InterComponentWare AG, Altrottstraße 31, 69190 Walldorf, Germany;
  • FAKTOR D consulting GmbH, Bürgermeister-Wegele-Straße 12, 86167 Augsburg, Germany;
  • It for industries GmbH, Römerstraße 80A, 4600 Wels, Austria

(hereinafter referred to as “x-tention group”).

Within the scope of activities of the x-tention group members, it may be necessary to seek further expertise and/or support within the x-tention group in order to accomplish the processing purpose. As a result, the transfer of personal data may be required. Provided that no individual or shared responsibility of a supporting x-tention group member persists for the respective processing purpose, the member acts as processor for the enquiring company and processes personal data exclusively for the intended purpose.

All required measures concerning information security (Article 32 GDPR) and data protection are being met in order to ensure the protection of personal data. Particularly, the required agreements according to Article 26 and Article 28 GDPR are entered into among the x-tention group members.

3. Individual Processing

Contacting

Purpose

By getting in touch with us via contact form on the website, email or telephone, any data provided is saved for order processing and potential follow-up questions.

Legal Basis

The legal basis in this context is our legitimate interest in accordance with point (f) of Article 6(1) GDPR to reply to enquiries, contract initiation or contractual performance as per point (b) of Article 6(1) GDPR.

Storage Period

Data are only stored as long as required to fulfill the intended purpose or in compliance with legal retention periods.

Recipient

Your personal data is exclusively transferred within the x-tention group (see section 2) or to external processors, not however to third parties.

Customer Portal, Orchestra Academy, linkits

Purpose

You can register on our Website in order to use additional functions; for example, the customer portal, the partner portal or the Orchestra Academy.

We use the data entered for this purpose only for the purpose of using the additional function or service for which you have registered. The required information requested during registration must be given in full. Otherwise we will reject the registration. For important changes, for example in the scope of the offer or for technically necessary changes, we will use the email address provided during registration to inform you in this way.

Legal basis

The processing of the data entered during registration is based on your consent (Art. 6 (1) lit. a GDPR). You can revoke your consent at any time. An informal e-mail to us is sufficient. The legality of the data processing that has already taken place remains unaffected by the revocation.

If you revoke your consent, it will unfortunately no longer be possible for us to make the additional functions available to you.

Storage period

The data recorded during registration will be stored by us as long as you are registered on our website and will then be deleted. Statutory retention periods remain unaffected.

 

Newsletter Dispatch

Purpose

You are provided with the possibility to subscribe to our newsletter via our website. Our newsletters contain interesting corporate news, themed information, as well as invitations to events. For this purpose, your name, email address and consent to subscription is necessary. Furthermore, with the subscription to our newsletter, your IP address and date and time of registration are stored by us. This is necessary to secure ourselves in case a third party misuses your email address and subscribes without your knowledge as well as to be able to verify your consent. Furthermore, the so-called double-opt-in process applies.

Additionally, statistics about the opening-, reading- and clicking-behavior are created in context with our newsletter. This enables us to offer improved services and helps us to exclusively send information of the user’s interest.

Legal Basis

The legal basis for our newsletter dispatch is your consent according to point (a) of Article 6(1) GDPR. The generation of statistics is based on our legitimate interest as per point (a) of Article 6(1) GDPR, whereby our interest results from the aforementioned purpose. Objection is possible by unsubscribing from the newsletter.

Insofar as we received your email address in context with selling our products or services, we will use it for direct advertising for similar products or services we offer. However, with entering the email address as well as with every single mailing, you are provided with the possibility to unsubscribe easily and free of charge. In that case, the legal basis is our legitimate interest to keep you up to date about the information provided in the paragraph “Purpose” above – in context with the exception of business relationships as per §7 Section UWG.

Recipient

Your personal data is potentially shared within the x-tention group (see section 2) or with external processors if necessary, not however with third parties. For our newsletter service, the tool Mailworx by the company EWORX NETWORK & INTERNET GMBH is used. Mailworx is bound by contract to comply with data protection regulations.

Storage Period

Unsubscribing from the newsletter leads to erasure or non-processing for the above-mentioned purpose.

Revocation

Unsubscribing is possible at all times by clicking the “Unsubscribe” button. The cancellation is sent to the following email address: marketing@soffico.de.

As a matter of course, unsubscribing is also possible via email or by phone. Your data in context with our newsletter service will be erased immediately after unsubscribing. The legality remains intact in between your consent and the processing of withdrawing consent.

 

Application Procedure

Purpose

Any personal data transferred in the course of an application (including correspondence) are processed for registration and storage as well as for coordination and evaluation in the application process. Furthermore, your application data may be held evidence for later application procedures provided that you have declared your consent. Additionally, application data are stored for establishment and defense against any legal claims. Moreover, we conduct an anonymous statistical evaluation of the applicant structure.

Your application cannot be considered in the application process without the provision your application data, as they are necessary to evaluate the suitability for the respective vacancy.

Legal Basis

The processing is based on the following legal grounds:

  • Initiation of a contract in context with the concrete application procedure – point (b) of Article 6(1) GDPR.
  • Consent in context with holding the application evidence – point (a) of Article 6(1) GDPR.
  • The legitimate interest of the company to hold application data evidence for defense against claim for compensation according to öGlBG or dAAG – point (f) of Article 6(1) GDPR.

The data transferred are stored for nine (9) months after rejection.

Recipient

Your personal data are shared within the x-tention group (see section 2) or with external processors if necessary, not however with third parties. In order to administrate our applications, the software solution by Sage GmbH is used.

 

Business Relations

Depending on the contract, we are required to process certain data in order to make use of a certain service or to deliver a certain service ourselves.

Purpose

In the course of initiating contracts (proposal preparation, participation in tendering, etc.) we process the therefore required data.

Furthermore, data are processed within the scope of existing business contracts, which are necessary for delivering our services, customer support and information as well as internal documentation and administration. In addition to that, data are stored in order to comply with legal obligations as well as, where applicable, for establishment and defense of legal claims.

Legal Basis

Following legal grounds apply:

  • Initiation or performance of a contract – point (b) of Article 6(1) GDPR.
  • Compliance with legal obligations – point (c) of Article 6(1) GDPR.
  • The legitimate interest of the company to hold data evidence for establishment and defense against legal claims – point (f) of Article 6(1) GDPR.

Storage Period

Data are only stored as long as necessary for the fulfilment of mutual contractual duties. In order to comply with legal obligations (see § 147 AO, §§ 238 and 257 HGB), data are stored for 10 years as of the end of the calendar year. In certain cases, such as establishment and defense of legal claims, data may be stored for a longer period of time. Particularly contracts and coherent data are stored for 30 years in compliance with the general limitation period. Until erasure, data are restricted from further processing or access.

Recipient

In order to be able to render our services, we employ x-tention group members (see section 2), as well as various external contractual partners and business partners if necessary, which contribute to the supply or service. They are bound by contract to maintain confidentiality. Furthermore, your data are shared with authorities and courts, provided that we are legally obliged to do so.

 

Tasks of the External Chief Privacy Officer

Purpose

Within the scope of our function as external chief privacy officer for our clients, it is necessary to process your data in order to comply with legal obligations as per Article 37 – 39 GDPR.

Legal Basis

The legal basis for processing your data is the compliance with legal obligations of a chief privacy officer (point (c) of Article 6(1) GDPR) as per Article 38, 39 GDPR. The legal basis for processing special categories of data is the public interest in protecting the fundamental right to data protection (point (g) of Article 9(2) GDPR in connection with point (c) of Article 6(1) GDPR).

Storage Period

Data are only stored as long as necessary for the fulfilment of mutual contractual duties. In order to comply with legal obligations, data are stored for 10 years (see § 147 AO, §§ 238 and 257 HGB) as of the end of the calendar year. In certain cases, such as establishment and defense of legal claims, data may be stored for a longer period of time. Particularly contracts and coherent data are stored for 30 years in compliance with the general limitation period.

Until erasure, data are restricted from further processing or access.

Recipient

Besides the transfer to potential processors, data are also shared with authorities or courts, provided that we are legally obliged to do so.

 

Photos and/or Video Recordings at Company Events

Purpose

Usually, photos and/or videos are taken at events hosted by x-tention group members. It is not the objective to identify individual persons in this context, but rather to document the event. For documentation purposes, the photos and/or videos taken are stored safely and are potentially published on the internet (on our homepage), in our company magazine or shared via newsletter. Furthermore, the respective photos and/or videos are stored for archiving purposes. In addition to that, it might occur that the photos and/or videos are presented at future events of the hosting x-tention group member or another member of the x-tention group (i.e. annual events/anniversary events).

Legal Basis

The processing (capturing, presenting, as well as publishing of photos/videos) is based on our prevailing legitimate interest to document events hosted by x-tention group members and to store the respective photos/videos in an archive (point (f) of Article 6(1) GDPR). This includes the interest to inform the public, clients, and stakeholders about company group events as well as to document the individual company history via photos and video recordings for further generations.

Storage Period

The captured photos/videos are stored as long as necessary for the intended purpose. Photos and videos are usually deleted immediately if not suitable for the above-mentioned purposes, legitimate interests of depicted persons are violated or in case of objection by parties concerned.

Objection

You are not obligated to have your picture taken or to be on camera. In case you are not content with the shot or publication, please inform the photographer on the spot. You can also contact us after the photo/video has been taken. More details on the right to object are to be found below.

 

Live Streaming of Events

Purpose

We would like to offer the opportunity to follow selected events via live-stream for those who are not able to attend on-site. Presenters are usually mentioned by name. Depiction of persons might occur, for example as a visitor of a booth at a fair, if appearing in the recording area of a camera. The identification of persons is not intended, can however not be excluded in this context.

Live-streams are offered on established channels such as YouTube and are usually viewable for everyone. Further use of the recordings is not intended.

Legal Basis

The processing (capturing as well as simultaneous broadcast of videos) is based on our prevailing legitimate interest to make the event available to as many people as possible. Visitors of events are informed about the live broadcast on-site and are therefore provided with the opportunity to not appear in the recording area of the camera.

Storage Period

The storage of recordings beyond the duration of the live broadcast is not intended. The captured image and sound files are therefore deleted immediately after broadcasting.

Objection

You are not obligated to appear on camera. In case you are not content with being filmed, we provide the opportunity to use our offers without being on camera.

 

Administration of Requests to Data Subject Rights

Purpose

The purpose is the processing of requests in context with data subject rights as per GDPR. Furthermore, we store these data beyond the completion of the request for verifying our compliance with the legal obligation of handling your request timely and reasonably.

Legal Basis

The legal basis for the processing of requests is Article 12 ff GDPR. Therefore, all notifications in context with data subject rights are submitted to you. The storage beyond completion of the request is based on our legitimate interest as per point (f) of Article 6(1) GDPR, whereby this interest arises from the above-mentioned purpose.

Storage Period

Your data are stored 3 years after the request has been saved. This takes place on the basis of the general limitation period as per § 195 BGB. Until erasure, all data are restricted from further processing for different purposes.

 

4. Social Media

This section is subject to the x-tention group’s (see section 2) presence on social media (hereinafter referred to as “social media”).

Social media usage data are generally processed for advertising and market research purposes. For instance, social media providers are able to create individual usage profiles based on various interests of users and to use it to place targeted ads within and beyond social media. Therefore, cookies are applied on social media in order to identify the usage behavior and interests of users. Furthermore, these usage profiles might contain data about the users as members of the respective social media, provided that the user is logged in (subsequently “usage data”).

For a more detailed description of the respective data processing and possibilities to object or withdraw consent we refer to the data protection information of the respective social media (see section Social Media in Detail below).

Furthermore, within the scope of our social media presence we process your username, name, as well as contact and communication data, provided that you get in touch and share these data with us.

Purposes

We use our social media presence to inform about our company, vacancies, our products and services as well as to get in touch with users. Furthermore, we receive statistical evaluations of usage data in anonymized form, which are collected by the respective social media in order to better adapt our offers to your interests.

Legal Basis

The legal basis for communication is either contract initiation or performance of a contract (point (b) of Article 6(1) GDPR), provided that you contact us for this purpose, or our legitimate interest (point (f) of Article 6(1) GDPR) to reply to other inquiries.

The legal basis for the processing in shared responsibility with the respective social media is our legitimate interest (point (f) of Article 6(1) GDPR) to the above-mentioned processing of data for analytical and marketing purposes for the continuous improvement of our social media presence.

Shared Responsibility

As the x-tention group members operate various social media presences (see section Social Media Presences x-tention group below for a detailed list), we consider current developments in the field data protection on social media and take them seriously. Therefore, we inform you that due to the current jurisdiction of the European Court of Justice a shared responsibility for the processing of usage data persists between the operator of a media appearance and the respective provider of the social media according to Article 26 GDPR.

In this context, we would like to inform you that the primary processing of your social media usage data is operated by the respective social media provider and we receive these – if at all – exclusively in anonymized form; therefore, the primary responsibility as per GDPR lies with the social media provider. Consequently, we recommend you to assert your data subject rights directly towards the respective social media provider. The corresponding links to the providers’ data protection information are to be found below in the section Social Media in Detail. You can assert your data subject rights towards us as well within the scope of our shared responsibility. In that case, we will promptly establish contact with the respective social media provider.

Recipient

Your personal data may under certain circumstances be shared within the x-tention group or external processors, not however with third parties.

For some social media it might be the case that usage data are processed outside the European Union. With regard to US-providers certified with the privacy-shield, we point out that the providers undertake to comply with the data protection standards of the European Union, particularly with the GDPR. Data transfer to the US is permitted according to Article 45 GDPR, provided that the respective social media provider holds a valid privacy-shield-certificate.

Storage Period

Your data, which we process as part of your contacting via our social media, is usually processed until deletion of your respective social media account, unless a longer storage period is necessary on the basis of legal obligations, establishment or defense of legal claims. Provided that none of these conditions apply, your data will be erased.

We receive and process usage data in anonymized form exclusively. Further information regarding the storage period is to be found in the data protection information of the respective social media.

 

Social Media in detail

Facebook

Company Facebook Ireland Ltd.
Address 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Data Protection Information https://www.facebook.com/policy.php
Shared Responsibility https://www.facebook.com/legal/terms/page_controller_addendum
Further Information https://www.facebook.com/legal/terms/information_about_page_insights_data
Privacy Shield https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

 

LinkedIn

Company LinkedIn Ireland Unlimited Company
Address Wilton Plaza, Wilton Pl, Saint Peter’s, Dublin 2, Ireland
Data Protection Information https://www.linkedin.com/legal/privacy-policy?_l=de_DE
Shared Responsibility https://de.linkedin.com/legal/l/dpa
Further Information https://www.linkedin.com/help/linkedin/answer/89877?trk=microsites-frontend_legal_privacy-policy&lang=de
Privacy Shield https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active

 

XING

Company New Work SE
Address Dammtorstraße 30, 20354 Hamburg, Deutschland
Data Protection Information https://privacy.xing.com/de/datenschutzerklaerung

 

Twitter

Company Twitter, Inc.
Address 1355 Market Street, Suite 900 San Francisco, California 94103, USA
Data Protection Information https://twitter.com/de/privacy
Privacy Shield https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active

 

YouTube

Company Google Ireland Limited
Address Gordon House, 4 Barrow Street, Dublin, D4 E5W5, Ireland
Data Protection Information https://policies.google.com/privacy?gl=AT&hl=de#about
Privacy Shield https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

 

Social Media Presences – x-tention group

x-tention group members are represented on various social media with individual presences:

 

5. Automated decision making

The customer is not subject to any automated decision that has any legal effect on him. Automatic decision-making (profiling) can only take place using the Mailworks program when registering for and sending the newsletter.

 

6. Transfer to third parties

Your data is generally processed in Germany and / or in the EU. Nevertheless, we would like to inform you that soffico provides support from soffico Ltd. in the context of programming and support activities. in Thailand and thus enables access to the following data: master data (name, first name, address), contact data (name, email address, address, customer number), customer data (customer number, contact data (name, address, e- Mail), project data, project team). For this purpose, the soffico standard contractual clauses acc. Art. 49 GDPR with soffico Ltd. agreed. If you need information about this contract (e.g. inspection) or further information, please contact us.

 

7. Your rights

Provided that your personal data are processed (collected, stored, evaluated, modified, sorted, queried, disclosed, shared, collated, lined, restricted, erased, destroyed, etc.), you are a data subject according to the GDPR.

At this point, we once again would like to point out that the primary processing of your social media usage data (see section 4) is operated by the respective social media provider and we receive these – if at all – exclusively in anonymized form. Therefore, the primary responsibility as per GDPR lies with the social media provider. Consequently, we recommend you to assert your data subject rights regarding your usage data directly towards the respective social media provider. You can assert your data subject rights towards us as well within the scope of our shared responsibility. In that case, we will promptly establish contact with the respective social media provider.

As data subject, you are entitled to the following rights towards all those responsible for processing your personal data:

 

Access

According to Art 15 GDPR you are entitled to enquire to gain access and information regarding all your personal data processed in the company. In that case, information regarding these data has to be provided. Additionally, you are entitled to obtain the following information:

  • the purposes of the processing;
  • the categories of personal data concerned;
  • the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  • the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of your personal data or to object to such processing;
  • the right to lodge a complaint with a supervisory authority;
  • where the personal data are not collected from you, any available information as to their source;
  • the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences for you of such processing;
  • where personal data are transferred to a third country or to an international organization, you have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

 

Rectification

As per Article 16 GDPR you are entitled to demand immediate rectification and/or completion of incorrect personal data.

 

Erasure

As per Article 17 GDPR you are entitled to demand immediate erasure of personal data. The controller is obligated to erase data immediately, provided that one of the following conditions apply:

  • Your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • You withdraw consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing;
  • You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR;
  • Your personal data have been unlawfully processed;
  • Your personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
  • Your personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

 

The Right to Erasure does not apply, insofar as processing is necessary:

  • for exercising the right to freedom of expression and information;
  • for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) GDPR;
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR in so far as the right mentioned above is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  • for the establishment, exercise or defense of legal claims.

If personal data have been published by the controller, which he is obligated to erase, adequate measures considering available technology and implementation costs need to be taken in order to inform controllers of the demand by the data subject to erase all links to the personal data or to any replications of the personal data.

 

Restriction

As per Article 18 GDPR you have the right to obtain from the controller restriction of processing where one of the following applies:

  • the accuracy of your personal data is contested by you, for a period enabling the controller to verify the accuracy of your personal data;
  • the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
  • the controller no longer needs your personal data for the purposes of the processing, but you require them for the establishment, exercise or defense of legal claims;
  • You have objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of you.

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. You shall be informed by the controller before the restriction of processing is lifted.

 

Information

The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.

 

Data Portability

You have the right to receive your personal data, which you have provided to a controller, in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without hindrance from the controller to which your personal data have been provided, where:

  • the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and
  • the processing is carried out by automated means.

You have the right to have your personal data transferred directly from one controller to another, where technically feasible.

The exercise of the right to data portability shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. It shall not adversely affect the rights and freedoms of others.

 

Objection

As per Article 21 GDPR, you have the right to object, on grounds relating your particular situation, at any time to processing of your personal data which is based on point (e) or (f) of Article 6(1). The right to object can be established, if:

  • the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by your interests or your fundamental rights and freedoms which require protection of personal data (in particular where the data subject is a child); and
  • the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing is not necessary for the establishment, exercise or defense of legal claims.

Furthermore, you have the right to object, where personal data are processed for direct marketing purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

 

Withdrawal of Consent

You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

 

Complaint

If you believe your personal data are unlawfully processed or your data protection rights and claims are violated in any way, we kindly ask you to contact us. That way, we are able to deal with your concerns. However, you are also entitled to contact the responsible data protection authority.

 

8. Contact

Your trust very important to us. Therefore, if you have any more questions regarding data protection in connection with soffico, feel free to contact us via:

 

soffico GmbH
Buergermeister-Wegele-Straße 12
86167 Augsburg
Germany

 

External Data Protection Officer – x-tenion Informationstechnologie GmbH (Austria):

Römerstraße 80a
4600 Wels
Austria
Email: service.datenschutz@soffico.com
Telephone: +43 7242 / 2155-65065

We would like to point out, that via usage of this website copyright rights, name rights, trademark laws as well as third-party rights are to be complied with. You are obliged to refrain from any misuse of the entire content (particularly photos, videos, texts and trademarks).