Data protection obligation information

We, act’o-soft GmbH Informationssystem, Brackweder Str. 51, 33790 Halle (Westf.), post@actosoft.de, as the responsible party, would like to explain to you below what data we process from you and how. If you have any questions regarding data protection, please contact Mr. Thomas Werning at datenschutz@actosoft.de.

With this data protection information, we, as the responsible body, fulfill our duty to inform you in accordance with Art. 12-14 DSGVO.

Information on data collection and processing

Below you will find information about what personal data (this is any data that identifies or makes identifiable you as a natural person) we collect and process. These are for example

Right of appeal

If you believe that the processing of personal data concerning you violates the General Data Protection Regulation, you have the right to lodge a complaint with the data protection supervisory authority responsible for us, the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia, https://www.ldi.nrw.de/, or with any other data protection supervisory authority.

Processing purposes

Data from customers and prospects

Purpose of processing

We process data that we receive in the course of handling our business relationship with you. We receive the data directly from you. Either in the case of inquiries from interested parties and contacts, the placing of orders or order processing (see point “Information on data collection and processing”).

Legal basis for processing of customer and prospective customer data

The collection and processing of data is necessary for the performance of the contract and is based on Article 6 (1) b) DSGVO. The use for direct advertising is based on Art. 6 para. 1 f) DSGVO. It is our legitimate interest to draw your attention to special offers by means of direct advertising. The data will not be passed on to third parties unless required by law, such as to the tax office within the framework of tax laws. The data will be deleted as soon as they are no longer required for the purpose of their processing or after expiry of the statutory retention periods, such as accounting records relevant under tax and commercial law: 10 years; commercial and business letters: 6 years; records of suppliers, type, quantity, purchase, delivery: 3 years).

You have the right to object to the use of your data for the purpose of direct marketing at any time. In addition, you have the right to request information about the data we have stored about you and to request that the data be corrected if it is incorrect or deleted if it has been stored inappropriately. You also have the right to lodge a complaint with a supervisory authority (see point Right of complaint).

Duration of data storage

After performance of the contractually owed service, your personal data will be stored – for the purpose of the statutory warranty for 2 years – for the purpose of fulfilling the warranty conditions for 5 years – for the purpose of executing follow-up orders (requested at the time of conclusion of the contract or at a later date) for 5 years and – for tax purposes for 10 years.

Deletion of data

Your personal data will be deleted at the latest after the expiry of the aforementioned periods.

Data from suppliers

Purpose of processing

We process data that we receive in the course of handling our business relationship with you. We receive the data directly from you when placing an order or processing an order (see item “Information on data collection and processing”).

Legal basis for the processing of supplier data

The collection and processing of data is necessary for the performance of the contract and is based on Article 6 (1) b) DSGVO. The data is not passed on to third parties unless required by law, such as to the tax office within the framework of tax laws. The data will be deleted as soon as they are no longer required for the purpose of their processing or after expiry of the statutory retention periods, such as accounting records relevant under tax and commercial law: 10 years; commercial and business letters: 6 years; records of suppliers, type, quantity, purchase, delivery: 3 years).

You are entitled to request information about the data we have stored about you and, if the data is incorrect, to demand that it be corrected or, in the case of unauthorized data storage, that it be deleted. You also have the right to lodge a complaint with a supervisory authority (see point Right of complaint).

Legal basis for the processing of supplier data

The data collection and data processing is necessary for the execution of the contract and is based on Article 6 (1) b) DSGVO. A transfer of data to third parties does not take place unless required by law, such as within the framework of tax laws to the tax office. The data will be deleted as soon as they are no longer required for the purpose of their processing or after expiry of the statutory retention periods, such as accounting records relevant under tax and commercial law: 10 years; commercial and business letters: 6 years; records of suppliers, type, quantity, purchase, delivery: 3 years).

You are entitled to request information about the data we have stored about you and, if the data is incorrect, to demand that it be corrected or, in the case of unauthorized data storage, that it be deleted. You also have the right to lodge a complaint with a supervisory authority (see point Right of complaint).

Data from employees

See separate template to be handed out to employees.

Newsletter

Purpose of processing

If you would like to receive the newsletter offered on the website, we require an e-mail address from you. The registration for the newsletter takes place in the double opt-in procedure. That is, after registration you will receive an e-mail with which you must confirm your registration. This procedure prevents unauthorized persons from registering with your e-mail address. Your registration for the newsletter is logged (storage of the registration and confirmation time and the IP address). With the help of the logging, the registration process can be proven in accordance with legal requirements.

You can revoke your consent to the storage of the e-mail address (and optionally first name and surname for the purpose of personal addressing) and its use for sending the newsletter with associated performance measurement at any time. A link for cancellation is provided at the end of each newsletter. In order to be able to prove a formerly given consent in the case of an unsubscribed e-mail address, we may store it for up to 2 years before deleting it.

Legal basis newsletter dispatch and the associated performance measurement.

This takes place on the basis of consent of the recipients according to Art. 6 I (a) DSGVO, Art. 7 DSGVO together with § 7 para. 2 No. 3 UWG or on the basis of legal permission according to § 7 para. 3 UWG.
As well as Art. 6 1 (f): Our legitimate interest of measuring success results from recognizing reading habits of our users based on the openings of the newsletters, opening times and the clicked links in order to be able to create and send them interest-based and useful content.

Legal basis logging

is Art. 6 l (f) DSGVO. Our legitimate interest arises from the fact that we use a secure and user-friendly newsletter system that is useful for sending and protects the personal data of newsletter subscribers. Furthermore, it allows us to prove consent.

You are entitled to request information about the data we have stored about you, as well as to request that the data be corrected if it is incorrect or deleted if it has been stored inappropriately. You also have the right to lodge a complaint with a supervisory authority (see point Right of complaint).

Applications

Purpose of processing

Applications online, by e-mail or by post: if you apply to us on the basis of a job advertisement, we will collect your personal data such as first name, last name, address, telephone number, e-mail address, attachments (cover letter, CV, certificates, photo) and store them for the duration of the selection process.

Online: By checking the box and submitting the form, you expressly agree that we may collect, process and use the data you provide to us, in particular sensitive information about mental and physical health, racial or ethnic origin, political opinions, religious or philosophical beliefs, memberships in a trade union or political party or sexual life, for the purpose of the application.

Your data will be used exclusively by authorized persons in the HR department or management for processing within the framework of the selection procedure. Your personal data will not be passed on to third parties.

If the specific position for which you are applying has already been awarded to someone else, but your profile makes you suitable for a later position or for working in a partner or subsidiary company, we will obtain your express consent before storing or forwarding your application any further, unless you have already consented to such storage or forwarding in your application.

If you send us an unsolicited application using our general contact e-mail address, the content of your application e-mail may be viewed by unauthorized personnel. There is a requirement that the application documents are forwarded unopened immediately to the personnel department and the incoming e-mail is deleted. If you would like to exclude this, please contact us by telephone before submitting your unsolicited application so that we can provide you with the contact details of the correct contact person.

The legal basis for the processing of applicant data

is Art. 6 I (b) DSGVO, for the processing of pre-contractual measures.

Unless you inform us otherwise, the data will be deleted 6 months after completion of the application process, or destroyed in the case of postal applications. Due to the long application and selection periods for trainees, we store their data in Germany for up to 18 months.

You have the following rights, subject to the relevant legal requirements: the right to information about your data stored by us; correction, deletion, restriction of the processing of your data or objection to the processing, as well as data portability. Furthermore, you have of course the possibility to request the deletion or destruction of all your application documents at any time by sending us an e-mail to: datenschutz@actosoft.de.

Video surveillance

Purpose of processing

Our purpose of video surveillance is vandalism prevention, protection against theft and burglary. As the responsible body, we process personal image files that we collect as part of the video surveillance on the premises. The storage period is 30 days. After that, the data is irrevocably deleted.

Legal basis for video surveillance

is Article 6 (1) f) DSGVO. Our legitimate interest lies in the burglary protection and the protection of our property and access control.

This data is only passed on to investigating authorities in the event of criminal offences.

You have the right to request confirmation from us as the controller as to whether personal data relating to you is being processed: if this is the case, you have the right to information about this personal data and, if the data is incorrect, to demand that it be corrected or, in the case of unauthorized data storage, that the data be deleted. You also have the right to lodge a complaint with a supervisory authority (see point Right of complaint).

If you have any questions regarding data protection, please contact Mr. Thomas Werning at datenschutz@actosoft.de.

Intention to process in third countries

Does not occur at this time.

Recipient categories

Within the scope of providing the service, we use service companies separately committed to secrecy and data protection for special areas where access to personal data cannot be ruled out.

These categories of recipients are:

Data will only be passed on to the authorities in the event of overriding legal provisions.

Advertising and right to object

The name, first name and address are also collected for advertising purposes (sending offers, information about additional services). The processing for advertising purposes can be objected at any time without giving reasons under the above contact details.

Objection to data storage

With the processing of data for the purpose of (at the time of the conclusion of the contract or at a later date desired) execution of follow-up orders for 5 years, legitimate business interests are pursued from a data protection perspective. You can object to this processing at any time using the above contact details.

Obligation to provide

Without correct information from you, it is usually not possible to conclude a contract.

Automated decision making and profiling

Currently not applicable.

Privacy notices for online meetings, conference calls, and webinars via Microsoft Teams

We would like to inform you below about the processing of personal data in connection with the use of “Microsoft Teams”.

Purpose of processing

We use the “Microsoft Teams” tool to conduct conference calls, online meetings, video conferences and/or webinars (hereinafter: “Online Meetings”). “Microsoft Teams” is a service of Microsoft Corporation.

Notice:

If you access the “Microsoft Teams” website, the “Microsoft Teams” provider is responsible for data processing. However, accessing the website is only necessary for the use of “Microsoft Teams” in order to download the software for the use of “Microsoft Teams”.

If you do not want to or cannot use the “Microsoft Teams” app, you can also use “Microsoft Teams” via your browser. The service will then also be provided via the “Microsoft Teams” website.

What data is processed?

When using “Microsoft Teams”, various types of data are processed. The scope of the data also depends on the data you provide before or during participation in an “online meeting”.

The following personal data are subject to processing:

User details:

For example, display name (“displayname”), email address if applicable, profile picture (optional), preferred language.

Meeting metadata: For example, date, time, meeting ID, phone numbers, location.

Text, audio and video data:

You may have the option of using the chat function in an “online meeting”. In this respect, the text entries you make will be processed in order to display them in the “online meeting”. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed accordingly for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time via the “Microsoft Teams” applications.

Scope of processing

We use “Microsoft Teams” to conduct “online meetings”. If we want to record “online meetings”, we will transparently communicate this to you in advance and – if necessary – ask for consent.

If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will usually not be the case.

Automated decision-making within the meaning of Art. 22 DSGVO is not used.

Legal bases of data processing

If, in connection with the use of “Microsoft Teams”, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component in the use of “Microsoft Teams”, Art. 6 (1) f) DSGVO is the legal basis for the data processing.

Our interest in these cases is in the effective conduct of “online meetings”.

Incidentally, the legal basis for data processing when conducting “online meetings” is Art. 6 (1) lit. b) DSGVO, insofar as the meetings are conducted in the context of contractual relationships.

If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f) DSGVO. Here, too, our interest is in the effective implementation of “online meetings”.

Recipient / passing on of data

Personal data processed in connection with participation in “online meetings” will not be disclosed to third parties unless it is intended for disclosure. Please note that the content of online meetings, as well as personal meetings, is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on.

Other recipients:

The “Microsoft Teams” provider necessarily obtains knowledge of the above-mentioned data to the extent provided for in our order processing agreement with “Microsoft Teams”.

Data processing outside the European Union

In principle, no data processing takes place outside the European Union (EU), as we have limited our storage location to data centers in the European Union. However, we cannot exclude the routing of data via Internet servers that are located outside the EU. This may be the case in particular if participants in “Online Meeting” are located in a third country.

However, the data is encrypted during transport over the Internet and thus protected against unauthorized access by third parties.

Data subject rights

According to Art. 15 DSGVO, you have the right to receive information about the data stored about you, including any recipients and the planned storage period. If incorrect personal data is processed, you have the right to rectification in accordance with Art. 16 DS-GVO. If the legal requirements are met, you may request deletion or restriction of processing as well as object to processing (Art. 17, 18 and 21 DSGVO).

If you wish data to be deleted but we are still legally obliged to retain it, access to your data will be restricted (blocked). The same applies in the event of an objection. You can exercise your right to data portability insofar as the technical possibilities are available to the recipient and to us.

Mr. Thomas Werning will be happy to assist you with your data subject rights at datenschutz@actosoft.de.

Actuality and change of this mandatory information

We reserve the right to adapt the content of this mandatory information at any time. This usually occurs in the event of further development or legal adaptation.


Status of this declaration: 16.12.2020