Online Software AG Privacy Policy
in Terms of Art. 13 of the GDPR
– for Clients and Other Business Partners –

Protection of your personal data and its confidential treatment are of utmost importance to this company. Your personal data will be processed exclusively in line with statutory provisions concerning data protection, in particular on the basis of the European Union General Data Protection Regulation (hereinafter referred to as the “GDPR”). On the basis of this Privacy Policy, we would like to provide you with information about how we process your personal data and about the rights to which you are entitled in this regard and applicable to our business relationship.

1. Data controller and data protection officer

The controller in terms of data processing law is:

Online Software AG
Bergstraße 31
69469 Weinheim
Phone: +49 6201 9988-0
Fax: +49 6201 9988-77
E-mail: info@online-software-ag.de

You can contact our data protection officer at:

Online Software AG, Peter Walter, Bergstraße 31, 69469 Weinheim, Germany, tel.: +49 6201 9988-0, e-mail: peter.walter@online-software-ag.de

2. Subject matter of data protection

The terms used in this Privacy Policy, for example “personal data” and its “processing”, correspond to the definitions under Art. 4 of the GDPR.

The subject matter of data protection consists in the processing of personal data. “Personal data” shall include any information relating to an identified or an identifiable natural person (hereinafter referred to as the “data subject”).

On a regular basis, we process the following data categories which we receive from the contact persons of our potential customers, existing customers, suppliers and other business partners:

  • master data, in particular your family name, your given name, the form of address, the company you represent and your function/position;
  • contact data, in particular your physical address and, if need be, your telephone or fax number and your e-mail address;
  • contract data, in particular any data which you communicate to us for the purpose of executing a contract;
  • invoice/payment data, in particular any information about the type of payment you selected and other data in the context of invoicing and payment processing; and
  • content data, in particular any data which we exchange on the basis of correspondence between us.

We process your personal data in strict compliance with the relevant data protection provisions. This means that we will process your personal only on the condition that we obtained your consent for this or if this is admissible on the basis of the law, for example in cases where data processing is required (by law) for the purpose of rendering our contractual services (e.g. the processing of orders).

We implement both organisational and technical security measures in compliance with the state of the art to ensure that data protection law provisions will be complied with and to protect all personal data which we process from accidental or intentional manipulation, loss, destruction or from access by unauthorised third parties.

3. Purpose and legal bases of data processing

In the following, we provide you with an overview of both the purposes and the legal bases of data processing in the context of us contacting you or establishing/maintaining a business relationship with you.

3.1 Contract fulfilment

We process your personal data in the case where this is required for the purpose of preparing, concluding or executing a contract with you. The purposes depend on the subject matter of the relevant contract and they may particularly include, without limitation to this,

  • the preparation and processing of commercial offers;
  • the processing of existing contracts, e.g. the delivery of products and the provision of services;
  • the performance of workshops and training courses;
  • the processing of payments and the processing of personal data for accounting purposes;
  • the customer support and the services before and during the business relationship with you and – to the extent to which this is admissible – after this is terminated; and
  • the processing of possible warranty claims.

Your personal data will be processed on the basis of the provisions under point (b) of Art. 6(1) of the GDPR to the extent to which this is required for the purposes referred to above. Without this data, we will be unable to conclude or to fulfil a contract with you.

Personal data which we collect will be stored only for so long as this is required to fulfil the purposes for which such personal data had been collected in the first place. According to the above, we generally erase your personal data in the case where the contractual services were completely provided and if the warranty periods have lapsed, unless we are required to store such personal data for longer periods on the basis of any applicable statutory retention obligations.

3.2 Fulfilment of legal obligations

We process your personal data also for the purpose of fulfilling our statutory obligations which may, as an example, result from German commercial, export control, tax, anti-money laundering, financial or criminal law. In this regard, the exact purposes of the processing result from the relevant statutory obligations which we are obliged to fulfil; in general, the processing has the purpose of fulfilling statutory archiving and data retention obligations or government claims or requests for information to be provided. Consequentially, the data processing is based on the provisions under point (c) of Art. 6(1) of the GDPR. Once a legal obligation no longer applies, we will erase your personal data, unless another legal basis for data retention applies.

3.3 Protection of legitimate interests

In addition to the above, we process your personal data to protect our legitimate interests, for example for the following purposes:

  • the storage of data in our customer database, for example to enable follow-up communication after initial contacts were made at a trade show;
  • the performance of customer satisfaction surveys, marketing campaigns, market analyses, contests, raffles or similar campaigns and events (to the extent admissible on the basis of the law);
  • the answering of questions not relevant for the contract and business correspondence;
  • the delivery of information materials, price lists and information on events;
  • the performance of credit standing checks;
  • the assertion and enforcement of legal claims; and
  • the optimisation of the safety of our products, services and our business processes.

To this extent, the data processing is based on the provisions under point (f) of Art. 6(1) of the GDPR. Our legitimate interest in this regard result from the purposes referred to above.

Apart from that, we reserve the relevant right and we hereby expressly inform you that we process your personal data, that is, to be more precise, your name and your contact data which you provided to us in the context of initial business contacts or the business relationship, also for the purpose of providing you with information, in particular also by e-mail, about similar products and services of the company. However, we do so under strict compliance with valid provisions under competition law in addition to the provisions under the GDPR. You have the right, at any time, to object to your personal data being used for the above purpose or for the performance of marketing activities (see sec. 6 below).

3.4 Consent

In the event that we process your personal data on the basis of your consent to this, the concrete data processing purposes result from the contents of the relevant declaration of consent, for example your consent to receiving e-mails containing advertisements for our products or services. In these cases, the data processing takes place on the basis of point (a) of Art. 6(1) of the GDPR. After giving your consent, you may withdraw such consent at any time without this affecting the lawfulness of the processing activities which we performed on the basis of your consent until the time of the withdrawal.

4. Recipients of personal data

We will transfer your personal data to third parties only in the case where this is required for the purpose of processing a contract, if this is admissible on the basis of the law or if we obtained your consent to this. In these cases, the transfer of your personal data is based on point (a), point (b), point (c) and/or point (f) of Art. 6(1) of the GDPR.

External data recipients may be those service providers who we commission with the rendering of services in the context of contract data processing in terms of Art. 28 of the GDPR (e.g. in the form of sub-contractors or in the fields of IT services, marketing services or document destruction). We will carefully select and regularly check such data processors who may use such personal data exclusively for the purposes which we indicated to them and in compliance with our instructions. In addition to the above, we transfer your personal data to external service providers based on a statutory obligation applicable to us or for the protection of our legitimate interests; these service providers, under their own responsibility, provide third-party specialist services to us, including, without limitation, payment service providers, tax advisers or chartered accountants.

It is also possible that compulsory statutory reasons require us to transfer your personal data to public authorities and government institutions, including, without limitation, public prosecution offices, courts, customs or financial authorities.

In the event that your personal data is to be transferred to any bodies having their registered office or their place of data processing outside a Member State of the European Union or a contracting state of the Treaty on the European Economic Area, we will make sure, prior to personal data being transferred, that the relevant data recipients, with the exception of cases provided for by the law, either provide for a reasonable level of data protection or that we obtained your consent to such transfer.

5. Retention periods and data erasure

Unless otherwise provided for under sec. 3, we process your personal data only for as long as this is required for the purpose of fulfilling the purposes for which such personal data had been collected or – in the case where you granted your consent – for as long as you do not withdraw your consent. Should another legal basis require longer retention periods, we will erase your personal data only once the relevant legal basis no longer applies. It may be necessary to (continue to) store your personal data in particular in the case where such personal data is still required to the purpose of rendering contractual services, to assess any warranty and, if applicable, guarantee claims which you asserted or to fulfil our statutory retention obligations.

Should you object to this, we will no longer process your personal data, unless its continued processing is admissible or even compulsory on the basis of the relevant legal provisions. We will erase your personal data also in the case where we are obliged to do so on the basis of statutory reasons.

6. Data subject rights

Being an individual who is affected by these data processing activities (“data subject”), you are entitled to a number of rights. In detail:

__________________________________________________

Right to object in terms of Art. 21 of the GDPR:

To the extent to which we process your personal data on the basis of legitimate interests (point (f) of Art. 6(1) of the GDPR) or for fulfilling any task carried out in the public interest (point (e) of Art. 6(1) of the GDPR), you shall have a right to object to your personal data being processed for reasons which result from the special situation. Apart from that, you have a right to object to any type of data processing for direct advertising purposes.
__________________________________________________

On the condition that the relevant statutory requirements are fulfilled, you are additionally entitled to exercise the following rights:

Withdrawal of consent: If you have given us your consent to the processing of your personal data, you can withdraw it at any time with effect for the future. A withdrawal shall not affect the lawfulness of the data up until the time of the withdrawal.

Right of access: You have the right to access the personal data which we process about you.

Right of rectification and erasure: You have the right to request us to rectify any inaccurate personal data and to also erase your personal data.

Right of restriction of processing: You have a right to request us to restrict the processing of your personal data.

Right to data portability: In the event that you provided personal data to us on the basis of a contract or your consent, you have a right to receive such personal data which you provided in a structured, commonly-used and machine-readable format or to have us transfer such personal data to any other data controller indicated by you.

Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with the supervisory authority in charge in the case where you think that the processing of your personal data violates applicable law. For this purpose, you can contact the data protection authority which is competent for your registered office or the federal state relevant or the data protection authority competent for us. For a list of the data protection officers of the different federal states, including their contact data, please refer to the below link:

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

Should you have any questions concerning the processing of your personal data, the rights to which you are entitled as a data subject and any consents which you possibly granted, please feel free to contact us on a free-of-charge basis. To exercise the rights to which you are entitled, please contact us or our data protection officer directly (see contact data under sec. 1). When doing so, please ensure that we are able to clearly identify you.

7. Version

From time to time, it may be necessary to adjust and update the contents of this Privacy Policy which is why we reserve the right to amend it at any time. The updated version of this Privacy Policy shall apply, of which you can download a copy by following the below link: https://online-software-ag.com/en/privacy-policy-online-ag/

Stand: 11.01.2019