Data protection

DATA PROTECTION INFORMATION FOR CUSTOMERS/OTHER CONTRACTUAL PARTNERS AND INTERESTED PARTIES

 

Information from ISL Internet Sicherheitslösungen GmbH on how we process data from customers and interested parties in accordance with Art. 13, 14 and 21 of the EU General Data Protection Regulation (GDPR)

Dear customer, interested party, contractual partner,

In accordance with the requirements of Art. 13, 14 and 21 of the EU General Data Protection Regulation (GDPR), the following Privacy Statement provides information on how we process your personal data and your rights according to data protection regulations. The specific data that is processed and the extent to which it is used depends on the requested or agreed services. Please consult the information provided below to ensure that you are fully informed of how we process your personal data in relation to performing a contract or executing pre-contractual measures.

1. CONTROLLER ACCORDING TO DATA PRIVACY LAW

ISL Internet Sicherheitslösungen GmbH

Wittener Str. 2

44789 Bochum

+49 234 976672-0

info(a)isl.de

www.isl.de

2. CONTACT DETAILS FOR THE CONTROLLER

The controller responsible for data protection at our company is:

Managing director: Thomas Schmidt

ISL Internet Sicherheitslösungen GmbH

Wittener Str. 2

44789 Bochum

+49 234 976672-0

info(a)isl.de

www.isl.de

3. PURPOSES AND LEGAL BASES FOR PROCESSING

We process your personal data in compliance with the provisions of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) where necessary to conclude, perform or fulfil a contract, or to perform pre-contractual measures. If the provision of personal data is required to establish or perform a contractual relationship, or in relation to the performance of pre-contractual measures, processing takes place on the legal basis of Art. 6(1) lit. b GDPR.

Where necessary or permissible by law, we will process your data beyond the scope permitted for contractual purposes to fulfil our legal obligations as per Art. 6(1) lit. c GDPR. Furthermore, we may process your personal data to protect legitimate interests pursued by us or a third party, and in the defense and establishment of legal claims as per Art. 6(1) lit. f GDPR. Where legally required, we will notify you separately of this processing stating our legitimate interest.

CATEGORIES OF PERSONAL DATA

We only process data required to enter into contracts or in relation to pre-contractual measures. This may include general information about you or employees at your company (name, address, contact details, etc.) and other data that you disclose to us when concluding the contract.

5. DATA SOURCES

We process personal data that we receive from you when you contact us or enter into a contractual relationship and in relation to pre-contractual measures.

6. RECIPIENTS OF PERSONAL DATA

Only departments and employees at our company who require your personal data for the fulfilment of our contractual and statutory obligations or to pursue our legitimate interests shall be granted access thereto.

We may disclose personal data that you submit to us to affiliated companies, provided this is permissible within the scope of the purposes and legal bases stipulated in Section 3 of this Privacy Statement.

Your personal data will be processed on our behalf on the basis of Data Processing Agreements concluded with third parties according to Art. 28 GDPR. In this case, we ensure that your data is processed in compliance with the provisions of the GDPR. The categories of recipients in the above case are internet service providers and providers of customer management systems and software.

Your data will only be disclosed to recipients external to our company where permitted or required by statutory provisions; the disclosure is required for the execution and subsequent fulfilment of the contract or, at your request, the performance of pre-contractual measures; you have granted your consent; or we are authorized to disclose this information. As such, under the above conditions, recipients of your personal data may include:

  • External accountants
  • Public authorities and institutions (such as public prosecutors, the police, supervisory authorities, the tax authorities) in the case of a statutory or regulatory obligation
  • Recipients that require the disclosure of your personal data to establish or perform a contract
  • Other data recipients to which you have granted your consent for data transfers

Special information for applicants

RECIPIENTS OF PERSONAL DATA

Only departments and employees at our company who require your personal data for the fulfilment of our contractual and statutory obligations or to pursue our legitimate interests shall be granted access thereto.

We may disclose personal data that you submit to us to affiliated companies, provided this is permissible within the scope of the purposes and legal bases stipulated in Section 3 of this Privacy Statement.

Your personal data will be processed on our behalf on the basis of Data Processing Agreements concluded with third parties according to Art. 28 GDPR. In this case, we ensure that your data is processed in compliance with the provisions of the GDPR.

Your data will only be transferred to recipients external to our company where permitted or required by statutory provisions, where this disclosure is required to fulfil statutory obligations, or you have granted your consent to this disclosure.

7. TRANSFERS TO THIRD COUNTRIES

Your personal data will not be transferred to third countries.

8. RETENTION PERIODS

Where necessary, we will process and store your personal data for the duration of our contractual relationship in order to fulfil our contractual obligations. This covers the establishment and execution of a contract, among other obligations.

Furthermore, we are subject to a range of retention and documentation obligations as per the German Commercial Code and the General Fiscal Code, among other regulations. The retention and documentation periods stipulated in these regulations span two to ten years.

The retention period is also determined on the basis of statutory periods of limitation, for example, three years as per Section 195 ff. of the German Civil Code in certain cases, but up to thirty years in certain cases.

9. YOUR RIGHTS

Each data subject is entitled to the right to access as per Art. 15 GDPR; the right to rectify as per Art. 16 GDPR; the right to erasure as per Art. 17 GDPR; the right to restrict processing as per Art. 18 GDPR; the right to notification as per Art. 19 GDPR; and the right to data portability as per Art. 20 GDPR.

In addition to the above, you are also entitled to lodge a complaint with a supervisory authority as per Art. 77 GDPR if you have reason to suspect that the processing of your data may violate the provisions of the law. Your right to lodge a complaint shall continue to apply without prejudice to other administrative or judicial remedies.

If your data is processed on the basis of your consent, according to Art. 7 GDPR, you are entitled to withdraw your consent to this use of your personal data at any time. Please note that this withdrawal only applies with future effect. Processing that takes place prior to withdrawal is not affected by this and shall remain lawful. Furthermore, please note that we are required to store certain data for a certain period to fulfil our statutory obligations (see Section 8 of this Privacy Statement).

Right to object

In the event that we process your personal data in order to safeguard our legitimate interests as per Art. 6(1) lit. f GDPR , you shall be entitled to lodge an objection to this processing at any time on grounds that arise from your personal situation as per Art. 21 GDPR. We shall then cease to process this personal data in the absence of any compelling and legitimate grounds for continued processing. Compelling and legitimate grounds in this regard must override your interests, rights and liberties, or the processing must be required to assert, exercise or defend against legal claims.

In certain cases, we may process your personal data for direct advertising purposes. You are entitled to object to the processing of your data for this kind of advertising at any time. The same applies any profiling carried out in relation to this direct advertising. If you lodge an objection to the processing of your data for direct advertising purposes, we shall no longer process your personal data for these purposes.

Please contact us using the contact details specified in Section 1 to exercise your rights.

10. WHY WE REQUIRE YOU TO DISCLOSE PERSONAL DATA

Personal data required to decide whether to conclude a contract, execute a contract or to perform pre-contractual measures is disclosed on a voluntary basis. However, we will only be able to make a decision on contractual measures if you provide the personal data required to conclude a contract, execute a contract or to perform pre-contractual measures.

11. AUTOMATED DECISION-MAKING

We do not use automated decision-making as per Art. 22 GDPR in order to establish and perform business relationships, or to perform pre-contractual measures. However, if we do use this process in individual cases, we shall separately inform you thereof or obtain your consent if we are legally required to do so.