Online Software AG

Data protection

Privacy policy of Online Software AG in accordance with Article 13 GDPR
- for customers and other business partners

The protection of your personal data and its confidential treatment is a high priority for us. Your personal data is processed exclusively within the framework of the statutory provisions of data protection law, in particular the General Data Protection Regulation (hereinafter "GDPR"). With this privacy policy, we inform you about the processing of your personal data and about your rights in this respect in the context of our business relationship with you.

1. responsible person and data protection officer

Responsible for data processing within the meaning of the data protection laws is

Online Software AG
Forum 7
D-69126 Heidelberg
Phone: T. +49 6221 40508-0

Fax: +49 6221 40508-777
e-mail: info@online-software-ag.de

You can contact our data protection officer as follows:

Online Software AG, Peter Walter, Forum 7, 69126 Heidelberg, Germany, Phone: +49 6221 40508-0, Email: peter.walter@online-software-ag.de

2. subject matter of data protection

The terms used in this privacy policy, such as "personal data" or their "processing", correspond to the definitions in Art. 4 GDPR.

The subject of data protection is the processing of personal data. This is any information relating to an identified or identifiable natural person (so-called data subject).

We regularly process the following categories of data of the contact persons of our interested parties, customers, suppliers and other business partners:

- Master datain particular your surname, first name, title, your company and your function/position;

- Contact detailsin particular your address, by post and, if applicable, by telephone, fax and e-mail;

- Contract datain particular data that you provide to us for the fulfilment of a contract;

- Invoice/payment datain particular information about your payment method and other data in the context of invoicing and payment processing;

- Content datain particular the data exchanged in correspondence between us.

We process personal data in compliance with the relevant data protection regulations. This means that your data will only be processed by us if we have your consent or legal authorisation, e.g. if the data processing is necessary for the provision of our contractual services (e.g. processing of orders) or is required by law.

We take state-of-the-art organisational and technical security measures to ensure that data protection regulations are complied with and to protect the data processed by us against accidental or intentional manipulation, loss, destruction or access by unauthorised persons.

3. purposes and legal bases of data processing

Below you will find an overview of the purposes and legal bases of data processing in the context of our contact or business relationship with you.

3.1 Contract fulfilment

We process personal data if this is necessary for the preparation, conclusion or fulfilment of a contract with you. The purposes depend on the subject matter of the specific contract and include in particular

- the preparation and processing of quotations;

- the fulfilment of concluded contracts, e.g. delivery of products, provision of services;

- the organisation of workshops and training courses;

- the processing of payments and the processing of data for accounting purposes;

- the support and service before, during and - as far as permissible - after the end of the business relationship with you;

- the handling of any warranty claims;

In this respect, your personal data is processed on the basis of Art. 6 para. 1 lit. b) GDPR, insofar as it is necessary for the above-mentioned purposes. Without this data, we will not be able to conclude and fulfil the contract with you.

The data collected by us will only be stored for as long as is necessary to fulfil the purposes for which the data was collected. Accordingly, we generally delete your data when the contractual services have been fully performed and the warranty periods have expired, unless we are obliged to store the data for a longer period due to statutory retention obligations.

3.2 Fulfilment of legal obligations

We also process your personal data in order to fulfil our legal obligations. These may arise, for example, from commercial, export control, tax, money laundering, financial or criminal law. The exact purposes of the processing are determined by the relevant legal obligation that we comply with; as a rule, it serves the purpose of fulfilling statutory archiving and retention obligations or state information claims or requests. In this respect, data processing is carried out on the basis of Art. 6 para. 1 lit. c) GDPR. We delete the data once the legal obligation no longer applies, unless another legal basis applies.

3.3 Safeguarding legitimate interests

We also process your personal data to protect our legitimate interests, e.g. for the following purposes:

- Storage in our customer database, e.g. to enable follow-up communication after initial contact at a trade fair;<br>

- Carrying out customer satisfaction surveys, marketing campaigns, market analyses, competitions or similar campaigns (within the legally permitted framework);

- Answering non-contractual questions and business correspondence;

- Sending of information material, price lists and event information;

- Carrying out credit checks;

- Assertion and enforcement of legal claims;

- Optimising the security of our products, services and business processes;

In this respect, data processing is carried out on the basis of Art. 6 para. 1 lit. f) GDPR. In this respect, our legitimate interest arises from the purposes described above.

We also reserve the right and expressly point out to you that we also process personal data, namely your name and your contact details, which you have provided to us as part of the business initiation or business relationship, for the purpose of sending you information, in particular by e-mail, about our own similar products or services, whereby we will comply with any applicable competition law regulations in addition to the GDPR in such measures. You can object to the use of your data for this purpose and the implementation of marketing measures at any time (see section 6 below).

3.4 Consent

If we process personal data on the basis of your consent, the specific purposes result from the content of the respective declaration of consent, e.g. to send you emails with advertising content about our products or services. In these cases, data processing is carried out on the basis of Art. 6 para. 1 lit. a) GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

4. recipients of personal data

We only pass on your personal data to external third parties if this is necessary to fulfil the contract, if there is another legal permission or if we have your consent to do so. The transfer then takes place on the basis of Art. 6 para. 1 lit. a), lit. b), lit. c) and/or lit. f) GDPR.

External recipients may be service providers that we commission to provide services as part of order processing in accordance with Art. 28 GDPR (e.g. as subcontractors or in the area of IT services, marketing services or document destruction). Such processors are carefully selected and regularly checked by us. They may only use the data for the purposes specified by us and in accordance with our instructions. In addition, on the basis of a legal obligation or to protect our legitimate interests, we also pass on data to external service providers who provide external specialised services for us under their own responsibility, such as payment service providers, tax consultants or auditors.

It is also possible that we may have to transfer personal data to authorities and state institutions, such as public prosecutors, courts, customs or tax authorities, for compelling legal reasons.

If data is transferred to bodies whose registered office or place of data processing is not located in a member state of the European Union or in another signatory state to the Agreement on the European Economic Area, we will ensure before the transfer that, except in exceptional cases permitted by law, the recipient either has an adequate level of data protection or that you have given your consent to the transfer of data.

5. storage period and deletion

Unless otherwise stated in section 3, we will only store your personal data for as long as is necessary to fulfil the purposes for which it was collected or - in the case of consent - as long as you do not withdraw your consent. If another legal basis requires a longer storage period, we will only delete your data once this legal basis no longer applies. A requirement for (further) storage of your data may exist in particular if the data is still required in order to fulfil contractual services, to be able to check warranty and guarantee claims asserted by you or to comply with our statutory retention obligations.

In the event of an objection, we will no longer process your personal data unless further processing is permitted or even mandatory under the relevant statutory provisions. We will also delete your personal data if we are obliged to do so for legal reasons.

6. rights of data subjects

As a data subject affected by data processing, you have numerous rights. In detail:

__________________________________________________

Right to object pursuant to Art. 21 GDPR:

If we process your data on the basis of legitimate interests (Art. 6 para. 1 lit. f) GDPR) or for the performance of a public task (Art. 6 para. 1 lit. e) GDPR), you may object to the processing of your personal data on grounds relating to your particular situation. You also have the right to object to any processing of data for direct marketing purposes.
__________________________________________________

If the relevant legal requirements are met, you are also entitled to the following additional rights:

Revocation of consentIf you have given us your consent to process your personal data, you can revoke this at any time with effect for the future. This does not affect the legality of the processing of your data until you withdraw your consent.

Right to informationYou have the right to receive information about the personal data we have stored about you.

Right of rectification and cancellationYou can request the correction of incorrect data and the deletion of your data.

Restriction of processingYou can request that we restrict the processing of your data.

Data portabilityIf you have provided us with data on the basis of a contract or consent, you may request that you receive the data you have provided in a structured, commonly used and machine-readable format or that we transmit it to another controller named by you.

Right to lodge a complaint with the supervisory authorityYou can also lodge a complaint with the competent supervisory authority if you believe that the processing of your personal data violates applicable law. To do so, you can contact the data protection authority responsible for your registered office or country or the data protection authority responsible for us. A list of the data protection officers in your country, including contact details, can be found here:

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

You can contact us free of charge if you have any questions about the processing of your personal data, your rights as a data subject and any consent you may have given. To exercise your rights, please contact us directly or our data protection officer (see section 1 for contact details). Please ensure that we are able to clearly identify you.

7. stand

From time to time it may be necessary to amend the content of this privacy policy. We therefore reserve the right to amend it at any time. The current version of our privacy policy applies, which you can access via the following link: https://online-software-ag.com/de/datenschutzerklaerung-der-online-software-ag/

Status: 11.01.2019

Online Software AG

Visit us in the Forum 7, 69126 Heidelbergor contact us online.

+49 6221 40508-0

info@online-software-ag.de

+49 6221 40508-0

info@online-software-ag.de