Responsible body is gem. Article 4 (7) of the EU General Data Protection Regulation (GDPR):
NOS Microsystems
Tel: +44 20 81 449039 (no product support at this number) 7-12 Tavistock Square, London, WC1H 9BQ.
Our data protection officer is at your disposal for questions regarding the processing of your personal data under the
or at the postal address with the addition "The data protection officer".
2. Sources and data categories
We process personal data that we receive from you as part of our business relationship.
To the extent necessary for the provision of our services, we process personal data that we have received from other companies in a permissible manner (eg for the execution of orders, for the performance of contracts or on the basis of your consent).
We process personal data that we have legitimately gained and are able to process from publicly available sources (eg press, media).
Relevant personal data are master data (name, address and other contact details, date and place of birth and nationality) and credentials (eg ID data). In addition, this may include order data (eg order data, product data), data from the fulfillment of our contractual obligations (eg sales), credit worthiness data, scoring / rating data, advertising and sales data (including advertising scores), documentation data (eg from documented conversations), data about your use of our offered telemedia (eg time of calling our web pages, apps or newsletters, clicked pages of us or entries) as well as other data comparable with the mentioned categories.
3. Purpose of processing and legal bases
We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (FDPA), in detail below:
3.1 For the fulfillment of contractual obligations (Article 6 (1) (b) of the GDPR)
The processing of personal data (Art. 4 No. 2 GDPR) takes place to fulfill our obligation under the software license agreement with you
In particular for the execution of our contracts (Software-as-a-Service) or pre-contractual actions with you and the execution of your orders as well as all activities necessary for the operation and administration of our company in the IT sector.
The purposes of data processing are primarily based on the specific product or service (eg order, framework contract, annual subscription or free basic version of our products).
Further details on the purpose of data processing can be found in the respective contract documents and terms and conditions.
3.2 In the context of weighing interests (Article 6 (1) (f) of the GDPR)
If necessary, we process your data beyond the actual fulfillment of the contract for the protection of legitimate interests of us or third parties, eg. B .:
Data exchange with credit offices for the determination of creditworthiness or default risks;
Review and optimization of needs analysis and direct customer approach procedures;
Asserting legal claims and defense in legal disputes;
Ensuring the IT security and IT operation of our company;
Prevention and investigation of criminal offenses;
Measures for building and plant safety (eg access control);
Measures to ensure home ownership
Measures for business management and further development of services and products.
Our interest and that of the additional persons responsible for the respective processing results from the respective purposes and is otherwise of an economic nature (efficient performance of tasks, distribution, and avoidance of legal risks).
As far as the concrete purpose permits, we and the additional persons responsible process your data pseudonymised or anonymised.
3.3 On the basis of your consent (Article 6 (1) (a) of the GDPR)
If you have given us consent to the processing of personal data for specific purposes (eg, disclosure of data in the Group, use of your email address also for affiliates and advertising beyond your own similar goods and services), the lawfulness of this processing given on the basis of your consent. A given consent can be revoked at any time. This also applies to the revocation of declarations of consent given to us before May 25, 2018. Please note that the revocation only works for the future. Processing that occurred before the revocation is not affected.
3.4 Due to legal requirements (Article 6 (1) (c) GDPR)
We are subject to various legal obligations, ie legal requirements (eg tax laws) on the basis of which we must process personal data. The purposes of processing include fraud and money laundering prevention, the fulfillment of tax control and reporting obligations and the assessment and management of risks.
4. Use of the data
Within our organization, those entities receive your data for the fulfillment of their contractual and legal obligations or for the performance of their respective duties (for example, sales and marketing).
In addition, the following places can receive your data:
Processors employed by us (Article 28 GDPR), in particular in the field of IT services, logistics and printing services, who process your data according to our instructions
Public bodies and institutions (for example) in the presence of a legal or regulatory obligation
Our respective agents, employees, agents, agents, auditors, service providers and any subsidiaries or affiliates (and their respective agents, employees, consultants, agents, agents)
Specialized companies, such as CRM service providers, who can develop personal data related to sales objectives using processing centers located within the European Union or abroad (especially in the United States)
Other bodies for which you have given us your consent to the transfer of data.
5.Storage of the data
If necessary, we process and store your personal data for the duration of the business relationship, which includes, for example, the initiation and execution of a contract.
It should be noted that our business relationship is a perpetual obligation, which is created for years.
The time limits for storage and documentation are two to ten years. Finally, the storage period is also judged according to the statutory limitation periods, which, can usually be 3 years, in certain cases up to 30 years.
6. Transfer of data to a third country or to an international organization
Your data will be transmitted to countries outside the European Economic Area - EEA (Third Countries) only to the extent required or required by law to execute your orders or you have given your consent.
7. Privacy Rights
Each data subject has the right to information pursuant to Art. 15 GDPR, the right to a correction under Art. 16 GDPR, the right to cancellation under Art. 17 DS-BER, the right to limit processing according to Art. 18 GDPR and the right to data portability under Art. 20 GDPR. With regard to the right to information and the right to erase, the restrictions under §§ 34 and 35 FDPA apply. In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 GDPR i.V.m. § 19 FDPA).
The responsible data protection supervisory authority is:
The Information Commissioner's Office
Water Lane, Wycliffe House
Wilmslow - Cheshire SK9 5AF
Tel. +44 1625 545 700
email:
Website: https://ico.org.uk
Member: Ms Elizabeth DENHAM, Information Commissioner
8. Profiling (scoring)
We sometimes process your data automatically with the aim of evaluating certain personal aspects (so-called "profiling" according to Art. 4 No. 4 GDPR). For example, profiling is used to determine your potential interest in products and services. This evaluation is based on statistical methods using current customer data and those from the past. We use the results in order to be able to address you in a more targeted and targeted manner, as well as to assist you with advice, support and sales.
9. Right of opposition (Art. 21 GDPR)
a) Case-specific right of objection
You have the right, for reasons of your own particular situation, to object at any time to the processing of personal data concerning you pursuant to Article 6 (1) (f) of the GDPR (data processing based on a balance of interests) , This also applies to a profiling based on this provision within the meaning of Art. 4 No. 4 GDPR, which can be used for for customer consultation and support and for sales purposes.
If you object, your personal data will no longer be processed, unless there are compelling legitimate grounds for processing that outweigh your interests, rights and freedoms