Additional data protection statements

In particular relating to Article 13 GDPR

General information

es2000 Errichter Software GmbH places special importance on the protection of personal data. For this reason, es2000 Errichter Software GmbH only processes personal data in accordance with current legal policies and ensures that data protection regulations are adhered to technically and organizationally.

The following information summarizes the handling of data and the rights of the data subject that arise from the General Data Protection Regulations (GDPR) as from 25 May 2018.

Information in accordance with Article 13 (data collected directly from the data subject) and Article 14 (data collected from third parties) of the General Data Protection regulations (GDPR)

Personal data is collected in connection with the provision of our services as well as within the framework of employment relationships. Please note the following data protection notices in this regard:

1. Data controller

Responsible for collection of data:

ES 2000 Errichter Software GmbH

Otto-Vesper-Straße 6

49078 Osnabrück
Germany

Telephone: +49 541 4042 0

datenschutz@es2000.de

Internet address: www.es2000.de

Director: Klaus Enke

2. Data protection officer

You can contact our external data protection officer as follows:

External data protection officer Benjamin Spallek

Creditreform Compliance Services GmbH

Hammfelddamm 13

41460 Neuss

Germany

Tel.: +49 2131 1091072

Email: datenschutz@es2000.de

3. Supervisory authority

The supervisory authority responsible for data protection is:

Regional data protection representative for the State of Lower Saxony

Prinzenstraße 5

30159 Hannover

Germany

+49 511 120 4500

+49 511 120 4599

Email: poststelle@lfd.niedersachsen.de

4. Purpose of and legal basis for processing

The legal bases for processing the data are:

  • Processing for fulfilment of contracts concluded with es2000 Errichter Software GmbH in accordance with Article 6 Para. 1 point (b) GDPR

Insofar as personal data are collected and processed for performance of precontractual measures or on the basis of a contract, these data shall be used for completion of the contract, implementation of the contractual relationship and where necessary its termination. This also includes, for example, data processing in the framework of employment relationships according to § 26 BDSG.

  • Processing for the purpose of legitimate interests in accordance with Art. 6 Para. 1 point (f) GDPR

It may be necessary to process data in order to protect the legitimate business interests of es2000 Errichter Software GmbH or where appropriate those of third parties. This may be necessary, for example, in order to ensure IT security and IT operations, to update the address data of clients and contract partners, to prevent or solve crimes / offences, to maintain property rights, to offer our customers service subsequent to contract, or for the purposes of direct marketing to our customers when other conditions are met.

  • Processing on the basis of consent, Art. 6 Para. 1 point (a) GDPR

Insofar as the data subject has given es2000 Errichter Software GmbH consent to process the data for specific purposes, such personal data may be legally used to the extent of the consent given.

  • Processing to fulfil legal obligations, Art. 6 Para. 1 point (c) GDPR

Finally, data processing may be necessary in order to fulfil legal obligations, in particular the compulsory keeping of records according to the German Commercial Code and Fiscal Code.

  • Insofar as we process special categories of personal data, the legal basis is Art. 9 Paras. 2 and 4 GDPR where necessary in conjunction with § 22 BDSG.

5. Data categories that we collect from third parties

We process the following categories of personal data that we receive from third parties:

  • Contact data from interested persons (name, address, email, telephone)
  • Creditworthiness information

6. Sources (third parties) from which the personal data is collected

es2000 Errichter Software GmbH processes personal data to the extent that these data are provided or transmitted by the data subjects themselves (e.g. customers, employees) or have been provided or transmitted by third parties.

Insofar as es2000 Errichter Software GmbH receives personal data from third parties, such parties are in particular:

  • Economic information bureaus
  • Sales agents (trade partners)
  • Business partners in the sense of fulfilment of contractual services

7. Recipients or categories of recipients of the personal data

Access to personal data is granted to those persons at es2000 Errichter Software GmbH who require it in order to fulfil their legitimate tasks. Insofar as contracted external service providers receive personal data for such purposes, we ensure that suitable technical and organizational measures are enacted and necessary agreements are secured to ensure that the processing is in accordance with applicable data protection regulations and that protection of the rights of the data subject is guaranteed.

We may pass on personal data where necessary to:

  • External service providers (IT service providers, payroll service providers)
  • Business partners where such data transfer is necessary for them to fulfil their tasks and / or providing our services (such as payment service providers, banks, postal and delivery services, event partners)
  • Debt collection agencies in order to recover outstanding debts
  • Authorities and companies in order to update information or to fulfil any legal duty of notification (e.g. social insurance carriers, financial authorities, police and public prosecutors, supervisory authorities, road traffic licensing authorities
  • Any other third party to which the data subject has given consent to transfer data or where a legal warrant to transfer data exists (e.g. attorney, liquidator)

And additionally, for the area of employee data, to e.g.:

  • trade associations
  • relevant bodies (chamber of commerce)
  • cooperative partners in vocational training
  • occupational health service
  • further education establishments

8. Intention to transfer data to a third country or international organization

No transfer of personal data will be made to a third country (country outside of the European Union or European Economic Area) or an international organization.

9. Period of storage or criteria used to determine the period

The personal data will only be stored for as long as is permitted by the applicable legal basis, but in particular for as long as is necessary to fulfil the purposes of the contract for which the personal data was collected, or as long as their further retention is necessary in order to fulfil compulsory keeping of records or due to overriding legitimate interests, or until the data subject withdraws their consent on which the processing was based.

10. Rights of the data subject

You have the following rights in relation to the collection of your personal data:

  • Right of access, Art. 15 GDPR: The data subject has according to Art. 15 Para. 1 GDPR the right to confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the further information as stated in Art. 15 Para. 1 points (a) through (h) GDPR.
  • Right of rectification, Art. 16 GDPR: Should the personal data be incorrect or incomplete taking into account the purposes for processing the data, the data subject shall have the right to obtain rectification or have incomplete personal data completed according to Art. 16 GDPR.
  • Right of erasure, Art. 17 GDPR: The data subject shall have the right to obtain the erasure of personal data where the processing of personal data is no longer permitted on one of the grounds stated in Art. 17 Para. 1 of these regulations. Erasure cannot, however, be obtained where the further processing of the data is necessary in the cases stated in Art. 17 Para. 3 GDPR, for example for compliance with legal obligations.
  • Right of restriction of processing, Art. 18 GDPR: Under the conditions stated in Art. 18 Para. 1 points (a) through (d) GDPR, the data subject has the right to obtain restriction of the processing of the data.
  • Right to data portability, Art. 20 GDPR: the data subject has the right to receive in a structured, commonly used and machine-readable format their personal data, which they have provided to es2000 Errichter Software GmbH and which have been subjected to automated processing by es2000 Errichter Software GmbH on the basis of their consent or a contract. This right is conditional upon technical feasibility, among other things.
  • Right to object, Art. 21 GDPR: the data subject has the right to object to the processing of their personal data that is being processed for the purposes of legitimate interest (Art. 6 Para. 1 point (f) GDPR) taking into account the statements in Art. 21 GDPR.

Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes. In other cases, processing may only be continued despite the objection where there are compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

11. Right to withdraw consent

Furthermore, consent can be amended or completely withdrawn for the future at any time and without any reason being given. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

You can withdraw consent in writing to es2000 Errichter Software GmbH by post to Otto-Vesper-Straße 6, 49078 Osnabrück, Germany, or by email to datenschutz@es2000.de, at no additional cost other than the usual tariffs for the use of these services.

12. Right to lodge a complaint with the supervisory authority

You have the right to lodge a complaint with a supervisory authority for data protection. The contact details for the regulatory authority governing us are stated in Section 3 of this document.

13. Obligation to provide personal data

An obligation to provide certain personal data results from contracts that have been or are to be concluded insofar as the execution of the contract cannot be completed without the provision of the data. Legal obligations that require us to obtain / process certain data may also need to be observed.

Where data is required for a contract, the contract cannot be concluded if the data are not provided.

Where a legal obligation to provide data exists, the associated service cannot be performed if the data are not provided.

With regard to your application, you must provide the personal data that is required in order to complete the application process and suitability assessment. We will not be able to process the application and decide on forming an employment relationship without these data.

14. Automated decision-making or profiling

Automated individual decision-making including profiling as per Article 22 GDPR is not performed by es2000 Errichter Software GmbH.