Privacy Notes according to Art. 13, 14 GDPR

DataGuard | 18.12.23

Data protection is paramount to all DataGuard activities. A transparent process is very important to us when it comes to the way we process personal data. With the following privacy notes, we would like to inform you about how we handle your personal data in detail. For better legibility, we try not to use specific genders. Therefore, please note that the words they/them are intended to mean all genders.

A description of our data processing is available on our website.

General information

– applicable for all of the following descriptions of data processing

1.Identity and contact details of the data controller

The following party is responsible for all data processing described here:

DataCo GmbH
Nymphenburger Str. 86
80636 Munich
, Germany

Tel.:+49 89 452459 900
E-Mail: info@dataguard.de
Webseite: www.dataguard.de/en-de/

2.Contact details of the data protection officer

You can reach our data protection officer as follows:

DataCo GmbH
Nymphenburger Str. 86
80636 Munich
, Germany
for the attention of the Data Protection Officer

E-Mail:

If your request is specifically directed to DataCo GmbH as the data controller, please write to us at the following e-mail address: dpo@dataguard.de

If your request is directed to one of our customers for whom we are appointed as external data protection officer, please write to us at the following e-mail address: datenschutz@dataguard.de and kindly mention the company name of our customer in this e-mail.

Rights of the data subject

When your personal data is processed, you are subsequently a data subject in the sense of the GDPR and have the following rights:

1.Right to obtain information

(Art. 15 GDPR)

If your personal data is processed, you have the right to obtain information from the controller about the data stored about you (Art. 15 GDPR).

2.Right to rectification

(Art. 16 GDPR)

You have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you and the right to have incomplete personal data completed (Art. 16 GDPR).

3.Right to erasure

(Art. 17 und 18 GDPR)

If the legal requirements are met, you can request the immediate deletion of your personal data or restriction of processing (Art. 17 and 18 GDPR).

4.Right to information

(Art. 19 GDPR)

If you have asserted your right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right vis-à-vis the controller to be informed about these recipients (right to information, Art. 19 GDPR).

5.Right to data portability

(Art. 20 GDPR)

If you have consented to data processing or if there is a contract for data processing and the data processing is carried out using automated procedures, you may have a right to data portability (Art. 20 GDPR). In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, insofar as this is technically feasible. The freedoms and rights of other persons must not be adversely affected by this.

6.Right to object

(Art. 21 Abs. 1 GDPR)

You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you, which is based on Art. 6 para. 1 sentence 1 lit. e or f GDPR ; this also applies to profiling based on these provisions. The controller shall no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims (Art. 21 (1) GDPR).

7.Right to object to the processing of personal data for the purpose of advertising

(Art. 21 Abs. 2 GDPR)

If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is related to such direct marketing (Art. 21 (2) GDPR). If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

8.Right to revoke your declaration of consent

(Art. 7 Abs. 3 GDPR)

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation (Art. 7 (3) GDPR).

9.Automated individual decision-making, including profiling

(Art. 22 GDPR)

You have the right not to be subject to a decision based solely on automated processing, including profiling , which produces legal effects concerning you or similarly significantly affects you. In this case, if the legal requirements are met, you have the right to obtain human intervention on the part of the controller, to express your own point of view and to contest the decision (Art. 22 GDPR).

10.Right to lodge a complaint

(Art. 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of personal data concerning you infringes the GDPR (Art. 77 GDPR). The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 GDPR.

for applicants

1.Processing of your personal data

As part of the DataGuard application process, DataGuard collects the following personal data from you:

  • First name and surname
  • Email address
  • Phone / mobile number
  • Availability
  • Expected salary
  • All personal data contained in the application (curriculum vitae, cover letter, certificates, etc.)

DataGuard collects personal data from applicants in the following manners:

  • Direct application via the DataGuard careers page
  • Application via email, addressed directly to a DataGuard employee
  • Postal application
  • LinkedIn Easy Apply
  • Recruitment agencies
  • Candidates approached by DataGuard on LinkedIn

2.Purposes of processing and their legal basis

Your personal data will be processed for the following purposes:

  • Implementation of the application procedure and decision on the establishment of the employment relationship
  • Communication (telephone, e-mail, video telephony)
  • Implementation of pre-contractual measures (initiation of the employment relationship)
  • Inclusion of applicant data in a talent pool
  • Assertion, exercise or defence of legal claims arising from the application process

Processing of special categories of personal data that have been made public – Art. 9 (2) (e) GDPR
If special categories of personal data are processed that you have obviously made public, your data will be processed in accordance with Art. 9 (2) (e) GDPR.

Processing for the purpose of asserting, exercising or defending legal claims or in the event of acts of the courts – Art. 6 (1) (1) (f) GDPR, Art. 9 (1) (f) GDPR
If necessary, your data will be processed for the purpose of asserting, exercising or defending legal claims or in the event of actions of the courts pursuant to Art. 6 (1) (1) (f) GDPR, Art. 9 (1) (f) GDPR.

Processing on the basis of consent – Art. 6 (1) (1) (a) GDPR in conjunction with Art. 7 GDPR, Art. 88 (1) GDPR in conjunction with Art. 26 (2) BDSG (Federal Data Protection Act)
If you have given your consent to data processing, your data will be processed in accordance with Art. 6 (1) (1) (a) GDPR in conjunction with Art. 7 GDPR, Art. 88 (1) GDPR in conjunction with Art. 26 (2) BDSG.

Decision on the establishment of the employment relationship Art. 6 (1) (1) (b) GDPR, Art. 88 (1) GDPR in conjunction with § 26 (1) BDSG
We process your data in order to make a decision on the establishment of the employment relationship. In the case of employment in our company, your data will be processed for the purpose of carrying out and terminating the employment relationship. For this purpose, separate information about the processing of your personal data will be provided.

Processing on the basis of legitimate interest – Art. 6 (1) (1) (f) GDPR
Insofar as the processing is carried out to safeguard a legitimate interest of us or a third party and their interests or fundamental rights and freedoms do not outweigh the first-mentioned interest, Art. 6 (1) (1) (f) GDPR serves us as the legal basis for data processing. Our legitimate interest arises in particular from the following reasons:

  • The proper execution and optimization of the application process
  • Assertion, exercise or defence of legal claims

Processing of special categories of personal data – Art. 9 (2) (a) GDPR
If you have given your consent to the processing of special categories of personal data, such as health data, religious affiliation or nationality, your data will be processed in accordance with Art. 9 (2) (a) GDPR.

3.Recipients or categories of recipients of personal data and third country transfer

As part of the processing of your personal data, we may pass on the personal data concerning you to the following recipients:

  • Internally, only authorized employees are granted access to an applicant's data via an authorization concept.
  • Freelancers
  • Processor

In addition, your personal data may be transferred to the following service providers located in a country outside the EU/EEA:

  • DocuSign, Inc., San Francisco, USA
  • Oyster HR, Inc., Charlotte, USA
  • SourceWhale Ltd, 86-90 Paul Street, London, EC2A 4NE, United Kingdom (Our recruiting management tool). In the United Kingdom, an adequate level of data protection is provided according to a decision of the European Commission.  

In order to make the third country transfer as data protection-friendly as possible, standard contractual clauses have been concluded with providers in unsafe third countries in accordance with Art. 46 (2) (c) GDPR. A copy of the standard contractual clauses can be requested by sending an informal e-mail to dpo@dataguard.de .  

The following service providers in the USA are subject to the Trans-Atlantic Data Privacy Framework (TDPF; Data protection agreement between the EU and the USA) to ensure an adequate level of data protection for data processing: 

  • Asana, Inc., San Francisco, USA

For the purpose of communication with applicants, we use the Microsoft 365 service, including Microsoft Teams from the service provider Microsoft Operations Ltd. in Dublin, Ireland.  For more information about Microsoft's data processing, see: https://privacy.microsoft.com/de-de/privacystatement 

In addition, your personal data will be transmitted to the following service providers:

  • CodeTwo sp. z o.o. sp. k., Jelenia Gora at ul. Wolnosci 16, Poland

4.Duration of storage of personal data

We will delete your personal data as soon as the purposes for their storage mentioned under IV. no longer apply, or you object to the use of your personal data (in the case of processing on the basis of legitimate interests) or you revoke your previously given consent. However, your personal data may also be stored beyond this, in particular in the following cases:

  • if deletion conflicts with contractual, statutory (in particular from HGB (Commercial Code), StGB (Criminal Code) and AO (Tax code)) or statutory retention periods
  • to assert, exercise or defend legal claims
  • where required by European or national law to comply with a legal obligation to which we are subject.

Legal provisions result in the following storage periods for us in particular:

  • After decision on non-filling: 180 days retention period for application documents (§ 15 (4) General Equal Treatment Act (AGG), § 224 Code of Civil Procedure (ZPO)).

If the applicant has consented, the applicant documents will be included in the talent pool and stored there for a maximum of 1 year from the date of consent. They will be deleted with the loss of purpose or the revocation of consent by the applicant. In the case of employment in our company, your personal data will be deleted when the purpose ceases to apply, at the latest after termination of the employment relationship, unless there are any statutory retention periods to the contrary.

for customers and interested parties

We appreciate your interest in our company, our products and our services. As a data privacy company, we want you to feel comfortable interacting with us and our employees regarding the protection of your personal data. We take the protection of your personal data very seriously. Compliance with German and European data protection regulations is a matter of course for us. As a result, the protection of your personal data has top priority for us. With the following information, we would like to inform you about how we handle your personal data in detail:

1.Processing of your personal data

1.1Your personal data processed by us

Within the framework of the existing customer relationship as well as the contract initiation, we process the following personal data:

  • First name
  • Last name
  • Salutation
  • Title and academic degree
  • Company Name
  • Position within the company
  • Business address
  • Bank details
  • Tax ID
  • Customer number
  • Your e-mail address
  • Your mobile phone number
  • Your landline number
  • Your fax number
  • Role assigned within the platform and the according authorisations
  • All personal data that are provided to us during communication with clients
  • Creditworthiness data

Data protection management platform: DataGuard operates a data protection management platform. Employees of clients are invited to access this platform by the relevant DataGuard employees. It could also be the case that we process data of persons who assert their data subject rights against the clients of DataGuard. For the platform, the privacy policy provided therein applies, in the respective valid version.

DataGuard collects data from interested parties and customers in the following manners:

  • Requests via the contact form on the DataGuard website
  • Requests sent via messages to DataGuard employees, e.g. via email, LinkedIn messages and other communication channels
  • Requests at trade fairs or other events where data are passed on to DataGuard employees with the aim of establishing contact
  • Individual research about potential interested parties in business directories, contact information on websites, and professional networks
  • Individual booking of an appointment by an interested party
  • Querying of the personal data after concluding a contract with DataGuard from the persons themselves, or receipt of personal data via an employee of the client company. This could also concern employees of service providers used by a client’s company.
  • Entry of employees’ personal data by an administrative assistant of the client in the data protection platform.
  • From Dealfront Group GmbH, Durlacher Allee 73, 76131 Karlsruhe, Germany
  • Credit rating data is provided by Dun & Bradstreet, Deutschland GmbH (Robert-Bosch-Street 11, 64293 Darmstadt)
  • If you are a participant of the Bits & Pretzels event of Startup Events GmbH, Rumfordstraße 15, 80469 Munich, Germany and allow us to scan your name badge during the event in order to contact you afterwards for advertising purposes, we will receive your contact data from Startup Events GmbH afterwards.
    Further information on the handling of your personal data by Startup Events GmbH can be found here: https://www.bitsandpretzels.com/legal/privacy-policy

1.2Purpose of processing:

Within the framework of the existing customer relationship as well as the contract initiation, your personal data will be processed for the following purposes:

  • To process your request as an interested party. For this purpose, we use your contact details to be able to answer your request.
  • To prepare and carry out pre-contractual measures – this includes, for example, the preparation and sending of an individual offer or individual agreement and transmission of contractual condictions with the aim of concluding the contract.
  • To include your contact details in our customer and contactdatabase.
  • Contact (e-mail, telephone)
  • Establishment, execution and termination of the contractual relationship
  • Customer management and customer service – esp. the processing of customer inquiries
  • To inform you optimally about our products and services. This also includes sending (direct) advertising by e-mail or telephone .
  • In order to optimally serve you as our customer. This includes, in particular, communication with you by e-mail, mobile phone, landline number or fax.
  • To ensure smooth billing of the services provided. For this purpose, your personal data will be processed in order to be able to issue invoices. In addition, we forward your personal data to our external service provider Atradius N.V., David Ricardostraat 1, 1066 JS Amsterdam, P.O. Box 8982 , 1006 JD Amsterdam, The Netherlands, for the purpose of debt collection if invoices are not paid within the payment period.
  • To comply with our legal obligations. This includes, for example, the transmission of your personal data to the tax office.
  • For the performance of credit checks
  • For the purpose of providing information about Dataguard branded services.
  • For the purpose of carrying out marketing initiatives such as: newsletter dispatch, product updates, invitations to events and webinars
  • To fulfil post-contractual measures.
  • To assert, exercise or defend legal claims.
  • To carry out product testing phases
  • To query your satisfaction with our products and services

1.3 Legal basis of data processing

Processing of your personal data on the basis of consent
Insofar as we obtain your consent for the processing of your personal data, the processing of your personal data is based on Art. 6 (1) (1) (a) GDPR in conjunction with. Art. 5, 7 GDPR.

Processing for the purpose of implementing the contract with you
Insofar as we process your personal data for the purpose of fulfilling a contract, Art. 6 (1) (1) (b) GDPR serves as our legal basis. This also applies to processing operations that are necessary for the implementation of pre- and post-contractual measures.

Processing for the fulfillment of a legal obligation
Insofar as the processing of your personal data is necessary for the fulfillment of a legal obligation to which our company is subject, Art. 6 (1) (1) (c) GDPR serves as our legal basis. Our legal obligation to process data results e.g. from tax law and/or commercial law retention obligations.

Processing on the basis of legitimate interest
Legal basis for the purpose of direct advertising may be Art. 6 (1) (1) (f) GDPR GDPR if our legitimate interests are present, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail. The legitimate interests pursued by us in this regard - in addition to the purposes listed under 1.2 - include:

  • To be able to inform you optimally about our products, offers and services by means of direct marketing;  
  • In communicating with you, in particular to be able to answer your inquiries by e-mail, telephone and/or fax;
  • In order to be able to carry out a due diligence with our potential business partner.
  • We carry out credit checks on our potential business customers. Our legitimate interest lies in the avoidance of payment defaults.
  • To receive customer feedback to improve the customer experience, improve our products and services

The legal basis for processing activities in connection with the assertion, exercise or defense of legal claims is also our legitimate interest pursuant to Art. 6 (1) (1) (f) GDPR.

2.Recipients or categories of recipients of personal data and third country transfer

In the course of processing your personal data, we may disclose the personal data concerning you to the following recipients. We only transfer your personal data to external recipients if you have consented or if this is permitted by law.

External recipients of your personal data are in particular:

  • Freelancers
  • Data processors
  • Potential business partners in the context of a (future) due diligence review
  • Authorities e.g. tax offices, courts, trade supervisory office, Data protection supervisory authority, BAFA (Federal Office of Economics and Export Control)
  • Settlement partners   
  • Collection agencies  
  • Credit institutions   
  • Parcel service providers   
  • Postal service   
  • lawyer, tax consultants
  • Auditor
  • Affiliated companies

In order to offer you more payment methods and to simplify payments for you, we use the payment processing service provider Adyen N.V. Simon Carmiggeltstraat 6-50, 1011 DJ, Amsterdam, The Netherlands.
Further information about the processing of your personal data by Adyen can be found here: https://www.adyen.com/policies-and-disclaimer/privacy-policy

Your personal data will be transmitted to the following service providers:

  • PipeDrive OÜ - Tallinn, Estonia
  • Salesforce.com Germany GmbH, Erika-Mann-Strasse 31-37, 80636 Munich, Germany
  • decareto GmbH, Mittelweg 144, 20148 Hamburg, Germany
  • Demoboost Sp. z o. o., Stawki 2, 00-193 Warsaw, Poland
  • Simon-Kucher & Partners Strategy & Marketing Consultants GmbH, Luise-Ullrich-Straße 14, 80636 Munich, Germany
  • Dun & Bradstreet, Deutschland GmbH, Robert-Bosch-Straße 11, 64293 Darmstadt, Germany
  • GetAccept AB, Västra Varvsgatan 19, 211 77 Malmö, Sweden
  • LinkedIn Ireland Unlimited Company, Dublin, Ireland
  • Microsoft Operations Ltd. in Dublin, Ireland
  • CodeTwo sp. z o.o. sp. k., Jelenia Gora at ul. Wolnosci 16, Poland

DataGuard uses the Office 365 service, including Microsoft Teams, for business communication with customers and prospects.

We also use functionalities of the Microsoft Bookings software from Microsoft. Through Microsoft Bookings, we can make it easier for users to make appointments on our site by displaying and booking free appointments with appropriate employees.

As a result, the following personal data is processed by Microsoft:

  • Name
  • Forename
  • E-mail address
  • IP address
  • Device and browser information
  • A user ID associated with Microsoft
  • Refferer URL

For more information about Microsoft's data processing, see: https://privacy.microsoft.com/de-de/privacystatement

In addition, your personal data may be transferred to the following service providers located in a country outside the EU/EEA:

  • Chargebee, Inc., California, USA
  • Gitlab In., San Francisco, USA
  • Atlassian PTY, Ltd, Sydney, Australia

In order to make the transfer to a third country as privacy-friendly as possible, standard contractual clauses have been concluded with providers in unsafe third countries in accordance with Art. 46 (2) (c) GDPR. A copy of the standard contractual clauses can be requested by sending an informal e-mail to dpo@dataguard.de .

According to a decision of the European Commission, an adequate level of data protection is offered for the following service providers in third countries:

  • Cognism Limited, Richmond, United Kingdom
  • Our subsidiary DATACO INTERNATIONAL UK LIMITED, London, United Kingdom.

The following service providers in the USA have joined the Trans-Atlantic Data Privacy Framework (TDPF; data protection agreement between the EU and the USA), so that an appropriate level of data protection is guaranteed for data processing:

  • HubSpot, Inc., Cambridge, USA
  • Asana, Inc., San Francisco, USA
  • PandaDoc, Inc., San Francisco, USA
  • Outreach Corporation, Seattle, USA
  • Fivetran Inc., Oakland, USA
  • Figma, Inc., San Francisco, USA

3.Duration of storage of personal data

We do not store your personal data longer than is necessary for the purpose for which it was collected. This means that data in our systems will be destroyed or deleted as soon as it is no longer needed. Reasonable measures are taken by us to ensure that your personal data is only processed under the following conditions:

  • For the duration that the data is used to provide you with a service
  • As required by applicable law, contract, or in light of our legal obligations
  • Only as long as necessary for the purpose for which the data was collected, or longer if required by contract, applicable law, using appropriate safeguards.

A requirement may exist in particular if the data is still needed in order to fulfill contractual services, to check and grant or ward off warranty and, if applicable, guarantee claims. If the data is no longer required for the fulfillment of contractual or legal obligations, it is regularly deleted, unless its - temporary - retention is still necessary, in particular for the fulfillment of legal retention periods of up to ten years (including from the German Commercial Code, the German Fiscal Code and the German Money Laundering Act). In the case of statutory retention obligations, deletion is only considered after the expiry of the respective retention obligation.

4.Obligation to provide data

For a (planned) conclusion as well as the execution of the contract with you, you must provide those personal data which are necessary for the establishment and execution of the contractual relationship and the fulfillment of the associated contractual obligations or which we are legally obliged to collect (see in particular the standards listed under "III.3." listed standards). This obligation also arises from the law, e.g. § 14 UstG. Without this data, we will generally not be able to conclude and execute the contract with you.

for service providers and suppliers

1.Processing of your personal data

1.1Your personal data processed by us

DataGuard processes personal data from suppliers and service providers. This is necessary for business operations. The following data is processed in this context:

  • First name
  • Last name
  • Business address
  • Company name
  • Bank details
  • Your e-mail address,
  • Your mobile phone number
  • Your landline number
  • IYour fax number
  • Title and academic degree
  • Position within the company
  • All personal data that are provided to us during communication

DataGuard collects data from people in the following manners:

  • Receipt of personal data directly from the data subject via establishment of contact by suppliers / service provider
  • Receipt of personal data directly from the data subject via establishment of contact by DataGuard
  • Research in business directories or on websites

1.2Purpose of processing

We will process your data for the following purposes:

  • Initiation, execution and termination of a contractual relationship
  • Performance of orders
  • Review and optimisation of processes for needs assessment 
  • Consultation and data exchange with credit agencies to determine credit and default risks 
  • Market and opinion research, provided that you have not objected to the use of these data for this purpose 
  • Assertion, exercise or defence of legal claims 
  • Measures for business management and further development of our products  

1.3Legal basis of data processing:

Processing of your personal data on the basis of consent
Insofar as we obtain your consent for the processing of your personal data, the processing of your personal data is based on Art. 6 (1) (1) (a) GDPR in conjunction with. Art. 5, 7 GDPR.

Processing for the purpose of implementing the contract with you
Insofar as we process your personal data for the purpose of fulfilling a contract, Art. 6 (1) (1) (b) GDPR serves as our legal basis. This also applies to processing operations that are necessary for the implementation of pre- and post-contractual measures.

Processing for the fulfillment of a legal obligation
Insofar as the processing of your personal data is necessary for the fulfillment of a legal obligation to which our company is subject, Art. 6 (1) (1) (c) GDPR serves as our legal basis. Our legal obligation to process data results e.g. from tax law and/or commercial law retention obligations.

Processing on the basis of legitimate interest
The legal basis for direct marketing purposes may be Art. 6 (1) (1) (f) GDPR GDPR if our legitimate interests are present, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail. The legitimate interests pursued by us in this regard - in addition to the purposes listed under b - include:

  • To be able to inform you optimally about our products, offers and services by means of direct marketing;    
  • In communicating with you, in particular to be able to answer your inquiries by e-mail, telephone and/or fax;
  • In order to be able to carry out a due diligence with our potential business partner.

The legal basis for processing activities in connection with the assertion, exercise or defense of legal claims is also our legitimate interest pursuant to Art. 6 (1) (1) (f) GDPR.

2.Recipients or categories of recipients of personal data and third country transfer

In the course of processing your personal data, we may disclose the personal data concerning you to the following recipients. We only transfer your personal data to external recipients if you have consented or if this is permitted by law. External recipients of your personal data are in particular:

  • Freelancers
  • Data processors
  • Potential business partners in the context of a (future) due diligence review
  • Authorities e.g. tax offices, courts, trade supervisory office
  • Settlement partners   
  • Credit institutions   
  • Parcel service providers     
  • Postal service   
  • Lawyer, tax consultants
  • Auditor
  • Affiliated companies

Your personal data will be transmitted to the following service providers:

  • Yokoy Deutschland GmbH, Weihenstephaner Str.12 (Building M6), 81673 Munich, Germany
  • CodeTwo sp. z o.o. sp. k., Jelenia Gora at ul. Wolnosci 16, Poland

In addition, your personal data may be transferred to the following service providers located in a country outside the EU/EEA:

  • Our subsidiary DATACO INTERNATIONAL UK LIMITED, London, United Kingdom. An adequate level of data protection is provided there in accordance with a decision of the European Commission.
  • DocuSign, Inc., San Francisco, USA

In order to make the third country transfer as data protection-friendly as possible, standard contractual clauses have been concluded with providers in unsafe third countries in accordance with Art. 46 (2) (c) GDPR. A copy of the standard contractual clauses can be requested by sending an informal e-mail to dpo@dataguard.de.

For the transmission of emails and storage of contacts of suppliers and service providers we use the service Microsoft 365, incl. Microsoft Teams of the service provider Microsoft Operations Ltd. in Dublin, Ireland. For more information about Microsoft's data processing, see: https://privacy.microsoft.com/de-de/privacystatement

3.Duration of storage of personal data

We do not store your personal data longer than is necessary for the purpose for which it was collected. This means that data in our systems will be destroyed or deleted as soon as it is no longer needed. Reasonable measures are taken by us to ensure that your personal data is only processed under the following conditions:

  • As required by applicable law, contract, or in light of our legal obligations
  • Only as long as necessary for the purpose for which the data was collected, or longer if required by contract, applicable law, using appropriate safeguards.

A requirement may exist in particular if the data is still needed in order to fulfill contractual services, to check and grant or ward off warranty and, if applicable, guarantee claims. If the data is no longer required for the fulfillment of contractual or legal obligations, it is regularly deleted, unless its - temporary - retention is still necessary, in particular for the fulfillment of legal retention periods of up to ten years (including from the German Commercial Code, the German Fiscal Code and the German Money Laundering Act). In the case of statutory retention obligations, deletion is only considered after the expiry of the respective retention obligation.

4.Obligation to provide data

For a (planned) conclusion as well as the execution of the contract with you, you must provide those personal data which are necessary for the establishment and execution of the contractual relationship and the fulfillment of the associated contractual obligations or which we are legally obliged to collect (see in particular the standards listed under "III.3." listed standards). Without this data, we will generally not be able to conclude and execute the contract with you.

for event participants

With this data protection information, we inform you as a participant of our event about the processing of your personal data through video recordings and photos. In addition, we inform you about the claims and rights to which you are entitled under the data protection regulations. We hereby fulfil our information obligations under Art. 13, 14 General Data Protection Regulation (GDPR).

1.Processing of your personal data

1.1Your personal data processed by us

We process personal data that we receive from you by participating in the event. In particular, we process:

  • Livestream recordings
  • Video
  • Photos
  • Forename
  • Surname
  • Affiliation
  • E-mail address
  • Salutation
  • Signature in case of consent given

1.2Purpose of processing

We process your personal data for the following purposes:

  • To carry out the event
  • For internal reporting of the event
  • For advertising purposes for our company on social networks

In addition, the film and video recordings will be published for marketing purposes after the event:

  • On the website https://www.dataguard.de/
  • In social or professional networks (YouTube, LinkedIn, Twitter, Kununu, Glassdoor)

It is not intended to process your personal data for any other purpose.

1.3Legal basis of data processing:


Processing based on legitimate interest

The legal basis for the transmission of your personal data (first and last name and company name) to our conference organizers in Berlin (RYDES GmbH, Brunnenstreet 19-21, 10119 Berlin, Germany) and Düsseldorf (ARQIS Rechtsanwälte Partnerschaftsgesellschaft, Breite Street 28, 40123 Düsseldorf, Germany) is our legitimate interest (Art. 6 (1) (1) (f) GDPR) in holding the event at the venue requested by the event participant.

The legal basis for the production of photo and film recordings during our events is our legitimate interest (Art. 6 (1) (1) (f) GDPR) in the subsequent internal and external publication of the photo and film recordings for marketing purposes on our company website https://www.dataguard.de/ and in social or professional networks (YouTube, LinkedIn, Twitter, Kununu, Glassdoor).

If you do not wish to be photographed or filmed, you will receive a coloured lanyard from us at the entrance area of the event, which signals to the photographer / cameraman that you do not want to be photographed or filmed. If you should nevertheless be seen in group shots, you will be made unrecognizable in these shots afterwards.

For the publication of the photo and film recordings, we obtain your consent at the entrance area of the venue, which you can of course give voluntarily.

Processing of your personal data on the basis of consent

The legal basis for the processing of your personal data both for the purpose of participation in the event and for the internal and external publication of film recordings is your consent and thus Art. 6 (1) (1) (a) GDPR in conjunction with Art. 5, 7 GDPR. You have the right to revoke your declaration of consent under data protection law at any time by e-mail to dpo@dataguard.de. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation (Art. 7 (3) GDPR).

If you are depicted on a photo or film recording together with other persons, the deletion or destruction of the photo or film recording is not mandatory if you revoke your consent. It is enough if you are made unrecognizable. Insofar as information about your ethnic origin, religion or health (e.g. skin colour, headgear or glasses) can be seen on a photo or film recording, the consent also expressly refers to this information.

Information on publication on the Internet

If personal data has been made publicly accessible and you revoke your consent, we as the responsible body are only obliged to inform other recipients. This does not affect the obligation of these recipients to delete personal data. You can take direct action against other controllers who process your personal data and request deletion. Information posted on the Internet may never be completely deleted, even if it has been deleted from the original page. In any case, the providers of the main search engines are informed of the request for deletion, so that the personal data can at least no longer appear in search queries without further ado. We would like to point out that photos and/or videos on the Internet can be accessed by anyone. Despite all technical precautions, it cannot be ruled out that such persons may continue to use the photos and/or videos or pass them on to other persons. The Company is not liable for third parties using the photos for other purposes, including in particular by downloading and/or copying photos.

2.Recipients or categories of recipients of personal data and third country transfer

If you would like to participate in our events in Berlin or Düsseldorf, we will transmit your first and last name and the name of your company to our conference organizers in Berlin / Düsseldorf so that registration can be accepted on site and you can be granted admission to the office premises. The transfer of your personal data will take place to the following conference organizers:

For events in Düsseldorf:
ARQIS Rechtsanwälte Partnerschaftsgesellschaft
Breite Street 28
40123 Düsseldorf
Germany

For events in Berlin:
RYDES GmbH
Brunnenstreet 19-21
10119 Berlin
Germany

If we use a service provider (e.g. an event manager or streaming service provider) in the sense of order processing, we remain responsible for the protection of your data. All processors are obliged to treat your data confidentially and to process it only in the context of the provision of services.

Your personal data will be transmitted to the following service providers:

  • CodeTwo sp. z o.o. sp. k., Jelenia Gora at ul. Wolnosci 16, Poland
  • EventMobi GmbH, Warschauerplatz 11-13, 10245 Berlin, Germany
  • Microsoft Ireland Operations Limited: One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland

The purpose is to register for the event and carry it out as a hybrid event (broadcast of the event, possibility to ask questions, feedback loops to improve the event). Furthermore, it is published on the Internet, on our website and on social or professional networks. Under certain circumstances, further use by third parties or complete deletion cannot be ruled out.

The following data is used:

  • Name
  • Video footage (if the camera has been turned on)
  • E-mail address
  • IP address
  • Metadata of the end device

For more information about Microsoft's data processing, see: https://privacy.microsoft.com/de-de/privacystatement

In addition, your personal data may be transmitted to the following service providers in the context of the publication of film and video recordings for marketing purposes, provided that you have given your consent:

  • LinkedIn Ireland Unlimited Company, Dublin, Irland
  • Youtube: Google Ireland Limited, Dublin, Irland
  • New Work SE (“Kununu”), Am Strandkai 1, 20457 Hamburg, Germany
  • Glassdoor Inc., San Francisco, USA
  • Twitter: Twitter Inc., San Francisco, USA  

In order to make the transfer to a third country as privacy-friendly as possible, standard contractual clauses have been concluded with providers in unsafe third countries in accordance with Art. 46 (2) (c) GDPR. A copy of the standard contractual clauses can be requested by sending an informal e-mail to dpo@dataguard.de.

We would like to point out that we have no influence on the data collection and its further use by the providers of the social networks. You can find more information about objection and removal options vis-à-vis the providers of the social networks here:

3.Duration of storage of personal data

We do not store your personal data for longer than is necessary for the purpose for which it was collected. This means that data in our systems is destroyed or deleted as soon as it is no longer needed. We take reasonable steps to ensure that your personal data is only processed under the following conditions:

  • For the duration that the data is used to provide you with a service
  • As required by applicable law, contract or in view of our legal obligations
  • Only for as long as is necessary for the purpose for which the data was collected, or longer if required by contract, applicable law, applying appropriate safeguards.

If the data are no longer required for the fulfilment of contractual or legal obligations, they are regularly deleted, unless their - temporary - storage is still necessary.