Information on how we process your personal data and on your rights to information in accordance with Articles 13, 14 and 21 of the Basic Data Protection Regulation (“DSGVO”).
We hereby inform you about the processing of your personal data by us and the rights and entitlements to which you are entitled under the Data Protection Acts.
1. General information
Who is responsible for data processing?
Responsible for the collection, processing and / or use of personal data in connection with our products is (“Responsible Person”):
Widdersdorfer Str. 403
If you have any questions or suggestions regarding data protection, you are welcome to contact our data protection officer.
Our data protection officer:
Dr. Judith Nink
What sources and categories of data do we use to process your personal data?
Data that you have made available to us directly or indirectly via business cards; e-mails; professional social networks; our company website, etc.
Categories of personal data
Contact details, contact person, communication data, bank details
Purposes of data processing
These data are collected and processed,
- to identify you as our partner;
- to communicate with you
- to settle up
- or to provide our services.
Legal basis of data processing
The collection and processing is necessary for the performance of a contract to which the data subject is party or in order to take measures at the request of the data subject before the conclusion of the contract (Art. 6(1)(b) DSGVO)
Your personal data is processed if this is necessary for (i) the conclusion of a contract, (ii) the proper execution of our contract or (iii) the mutual fulfilment of obligations arising from the contract in accordance with Article 6(1)(b) DSGVO.
The processing is necessary for our legitimate interests (Art. 6(1)(f) DSGVO)
If necessary, we will process your data beyond the actual scope of contract fulfilment in order to protect legitimate interests of us or third parties, e.g. ODOSCOPE newsletters about our products and ODOSCOPE news which we send with the help of software solutions from our partners.
The processing is based on your consent (Art. 6(1)(a), Art. 7 DSGVO)
Your consent to the processing of personal data for specific purposes (e.g. sending newsletters or mailings) allows us to process your personal data for these purposes. A given consent can be revoked at any time. This also applies to the revocation of declarations of consent that we received before the DSGVO came into force, i.e. before 25 May 2018. Please note that the revocation of your consent only affects the processing of personal data after the date of revocation. The processing that took place before your revocation remains unaffected by this revocation.
The processing is necessary to fulfil a legal obligation (Art. 6(1)(c) DSGVO)
As a company we are also subject to various other legal obligations, i.e. legal requirements. These additional obligations may have the following background:
- Compliance with legal requirements (e.g. tax matters, reporting to financial regulators),
- Fulfilment of legal information obligations (court orders, investigations, etc.).
What happens with your data?
Who may access your data?
Within ODOSCOPE, certain departments (e.g. the respective processors) may receive the data required to fulfil our contractual and legal obligations (e.g. accounting receives invoice data). In addition, we use various service providers and freelancers to fulfil our contractual and legal obligations. We may also pass on your personal data to other recipients outside ODOSCOPE if this is necessary to fulfil contractual and legal obligations. These other recipients may be, but are not limited to
- public authorities (e.g. tax authorities, courts, data protection authorities)
- Bank details (SEPA payment method)
The contractors employed by us, which include service providers and freelancers, may also receive personal data for these purposes (Art. 28 DSGVO). These contractors include companies that provide banking services, accounting services, marketing services, IT services, logistics, printing services, telecommunications, debt collection, consulting and sales and marketing.
How long do we store personal data?
All personal data that we collect for the purposes of our contractual relationship will be stored until the end of the statutory retention period (6 or 10 years after the end of the calendar year in which the contractual relationship was terminated). After this period, the data will be deleted, unless we can prove that further storage is necessary to fulfil an obligation according to Art. 6(1)(c) DSGVO. This includes, among other things, the tax and commercial law storage and documentation obligations according to HGB, StGB or AO. Retention periods of more than 6 or 10 years after termination of the contract may also apply if this has been agreed in writing (Art. 6(1)(a) DSGVO).
Do we transfer personal data to third parties based in a non-EU/EEA country?
We transfer personal data to the following companies:
- Microsoft, Inc (EU standard contractual clauses (processor) agreed)
- Hubspot, Inc (EU standard contractual clauses (processor) agreed)
- Slack EU standard contractual clauses (processor) agreed
- Lexoffice; accounting programme (EU standard contractual clauses (processor) agreed)
- Kanbanzie (project management tool; EU standard contract clauses (processor) agreed)
You can request a copy of the agreed EU standard contractual clauses (processor) by e-mail.
Rights of data subjects
What rights do you have?
In accordance with the DSGVO and the applicable national data protection laws of the EU and Germany, you have the following rights, to the extent permitted by law, to protect the personal data we collect and process:
Information, access, rectification and restriction rights
You have the right at any time to information about the data stored about you and how we collect, process and store this data. You also have the right to access the personal data stored by us. You have the right to demand that we correct incorrect personal data that we store about you. Taking into account the purposes of the collection and processing of your data, you have the right to have incomplete personal data completed. You have the right to request restrictions on the processing of your personal data.
Right to data transferability
You also have the right (1) to receive all personal information you have provided to us in a structured, generally accepted, machine-readable format and (2) to transfer this information to another controller.
Right to have your data deleted
You have the right to ask us to delete your personal data if, among other things, one of the following reasons applies:
- If we no longer need your personal data for any of the above purposes;
- If you withdraw your consent on which the collection and processing of your personal data is based and there are no other legal reasons for the collection and processing of your personal data; or
- If you object to the collection and processing and there are no compelling reasons for the further collection and processing of your personal data.
Please note that we will restrict the use of the data if they have to be stored in accordance with the deletion exemptions provided for in Article 17(3) of the DSGVO.
Right of appeal to a supervisory authority
You have the right to lodge a complaint with a supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the collection and processing of your personal data violates data protection laws.
Right to object to the processing of your data
You have the right at any time to object to the collection and processing of your personal data for reasons relating to your particular situation, if the collection and processing of such data is based on our legitimate business interests (Art. 6(1)(f) DSGVO).
Right to withdraw your consent at any time
You have the right to withdraw your consent at any time if you have given us your consent to collect and process your personal data for one or more purposes.
How to exercise your rights
To exercise your rights, please contact us by e-mail (firstname.lastname@example.org) or by post:
Widdersdorfer Str. 403
Are you obliged to provide us with personal data?
In connection with our contractual relationship, you are only obliged to provide us with personal data that is necessary for the execution of our contract or to take the steps that are necessary for you, e.g. contact details, contact person and bank account details.
2. Your right of objection
You have the right at any time to object to the collection and processing of your personal data for reasons relating to your particular situation, if the collection and processing of such data was based on our legitimate business interests (Art. 6(1)(f) DPA). This also applies to any profiling (Art. 4 DSGVO) based on our legitimate business interests (Art. 6(1)(f) DSGVO).
If you object, we will no longer process your personal data, unless (1) we can demonstrate compelling reasons for further processing of your personal data that outweigh your interests, rights and freedoms; or (2) the processing serves to assert, exercise or defend legal claims.
To object, please contact us by e-mail (email@example.com) or by post at
Widdersdorfer Str. 403
3. Subcontractor / Contract processor
ODOSCOPE currently uses the following categories of subcontractors in connection with the processing of your personal data. These subcontractors have entered into contract processing agreements with us and will only process your personal data in accordance with our instructions:
Categories of sub-contractors Main subject of the services commissioned
Software Service Provider Customer Relation Management (CRM) tool, office tool for communication and filing, synchronisation between e-mail and CRM, obtaining electronic signatures, invoicing, e-mails, newsletters, marketing and sales software, digital project management tool, internal Wiki, video conferencing tool.