Information on the use of your data in the data subject relationship
1 Version history
| Version | Date | Comment |
|---|---|---|
| 1.0 | 23.03.2018 | Creation |
| 1.1 | 07.05.2018 | Review and revision by company lawyer |
| 1.2 | 13.01.2021 | Revision CI and change of address |
With this notice, we inform you about the processing of personal data by GUS ERP GmbH and the rights to which you are entitled under data protection law.
2 Person responsible for data processing
GUS ERP GmbH
Josef-Lammerting-Allee 20-22, 50933 Cologne
Tel: 0221/376 59 0
E-mail: info@gus-group.com
You can reach our data protection officer by mail at the above data with the addition - data protection officer - or by e-mail at:
Datenschutz@gus-group.com
3 Source and types of personal data
As an IT service provider in the B2B sector, we strive to minimize the processing of personal data. When we process personal data, we do so in compliance with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and all other applicable laws.
We process personal data that we receive from interested parties, customers or partners of our company in the course of our business activities. In addition, we process - insofar as necessary for the provision of our services - personal data that we permissibly obtain from publicly accessible sources (e.g. Internet, press, commercial register, debtors' registers) or that we are legitimately provided with by other third parties (e.g. credit agencies, partner companies).
Relevant personal data includes personal details (title, name, address and other contact data such as e-mail address, telephone numbers), legitimation data (e.g. passwords for accessing IT systems) and data about the role and function of the data subject in his or her company.
4 Purposes and legal bases of data processing
We process the personal data for the implementation of pre-contractual measures, which are carried out upon request, as well as for the conclusion and fulfillment and execution of our contractual relationships.
Legal basis for these processing of personal data for the purposes of contract initiation or contract execution is Art. 6 para. 1 b) DSGVO.
If we process further personal data or special categories of personal data, we obtain your consent in accordance with Art. 9 (2) a) in conjunction with Art. 7 DSGVO. In this respect, the processing is carried out on the legal basis of Art. 6 (1) a) DSGVO.
We also process personal data beyond the actual performance of the contract in order to protect legitimate interests of us or of third parties. This may include in particular the following measures:
- for advertising/newsletters for our products and services as well as for opinion surveys, unless you have objected to the use of your data for this purpose,
- to test and optimize demand analysis procedures for the purpose of direct customer contact,
- to ensure IT security and IT operations,
- for the prevention and detection of criminal acts,
- for business management and further development of processes, services and products
- for the assertion of legal claims and defense in legal disputes.
The legal basis for this processing is Art. 6 (1) f) DSGVO.
In addition, we process personal data insofar as we are legally obliged to do so, e.g. by tax or social security law.
The legal basis for this processing is Art. 6 (1) c) DSGVO.
5 Categories of recipients of the personal data
External contractors and service providers:
In order to provide the contractually owed services, we sometimes use external contractors and service providers.
An overview of the contractors and service providers used by us, with whom business relationships are not only temporary, can be found in the appendix to the order processing contract or you can request this under the contact data of the data protection officer mentioned above.
Other recipients:
In addition, we may transfer personal data to other recipients, such as authorities for the fulfillment of legal notification obligations (e.g., social insurance carriers, employment agency, tax authorities, Datev or law enforcement agencies).
6 Duration of data storage
We store personal data for as long as they are required for the above purposes. Subsequently, they will be deleted in accordance with our document retention policy, unless we have
(a) are obliged to store data for a longer period of time pursuant to Art. 6 (1) sentence 1 lit c) DSGVO due to storage and verification obligations that may arise from the German Commercial Code, the German Fiscal Code, the German Money Laundering Act or other legal obligations;
(b) need the data to preserve evidence under the statutory limitation provisions; or
(c) have the consent of the data subject pursuant to Art. 6 (1) sentence 1 lit a) DSGVO to longer processing.
7 Data subject rights
Every data subject has the right to information pursuant to Art. 15 GDPR, the right to rectification pursuant to Art. 16 GDPR and the right to erasure pursuant to Art. 17 GDPR if the data has been collected unlawfully or is inaccurate. The data subject may also have a right to restriction of processing under Art. 18 GDPR if the accuracy of the data is in doubt or the data may not be erased. Finally, every data subject has the right to object under Art. 21 DSGVO and the right to data portability under Art. 20 DSGVO.
With regard to the right of information and the right of deletion, the restrictions pursuant to Sections 34 and 35 BDSG apply. In addition, there is a right of appeal to a competent data protection supervisory authority (Art. 77 DSGVO in conjunction with § 19 BDSG).
The data subject may withdraw consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent given to us before the applicability of the General Data Protection Regulation, i.e. before May 25, 2018. The revocation is only effective for the future. Processing that took place before the revocation is not affected.
8 Right of objection
The data subject has the right to object to processing of his or her personal data if grounds arise from his or her particular situation which argue against data processing based on Article 6 (1) (f) DSGVO (data processing based on a balance of interests).
In the event of the objection, we will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims.
In individual cases, we process personal data for the purpose of direct marketing. The data subjects have the right to object at any time to the processing of personal data concerning them for the purposes of such advertising.
In the event of an objection, we will no longer process the personal data for the purposes of direct marketing.
The objection can be made without formalities and should preferably be addressed to the contact address mentioned at the beginning.
9 Right of appeal
Every data subject has the possibility to address a complaint to the above-mentioned data protection officer or to a data protection supervisory authority. The data protection supervisory authority responsible for us is:
State Commissioner for Data Protection and Freedom of Information
North Rhine-Westphalia
Kavalleriestraße 2 - 4
40213 Düsseldorf
10 Data transfer to a third country
If we transfer personal data to service providers outside the European Economic Area (EEA), the transfer will only take place if the third country has been confirmed by the EU Commission to have an adequate level of data protection or if other data protection guarantees that are sufficient and adequate under the GDPR (e.g., binding corporate data protection rules, EU standard contractual clauses) are in place.