Information requirements

Information requirements in accordance with Art. 13 GDPR

The protection of your personal data is very important to us. We therefore process your personal
data (in short "data") exclusively on the basis of the statutory provisions. With this data privacy
statement, we want to inform you comprehensively about the processing of your data in our
company and the data privacy claims and rights to which you are entitled in accordance with Art.
13 of the European General Data Protection Regulation (EU GDPR).

1. Who is responsible for data processing and who can you contact?

Responsible for the data processing:
KPIT Technologies GmbH
Frankfurter Ring 105b
80807 Munich
Germany
E-mail: DataPrivacy@kpit.verifinow.in
Phone: +49 89 322 99 66

German Data Protection Officer in accordance with Article 37 General Data Protection Regulation (GDPR) is:
Matthias Haßler (LL.M.)
Projekt 29 GmbH & Co. KG
Ostengasse 14
93047 Regensburg
Tel.:  +49 941 2986930
Fax:  +49 941 29869316
E-mail: m.hassler@projekt29.de
Internet: www.projekt29.de

2. Which data is processed and from which sources does this data originate?
The data which we have received from you during the initiating or processing of the contract is processed on the basis of consent or during the course of your application or your employment with us.

Personal data includes the following:
Your master/contact data in case of customers; this includes, for example, first and last name, address, contact data (e-mail address, telephone number, fax), bank data.

In case of applicants and employees, this includes, for example, first and last name, address, contact data (e-mail address, telephone number, fax), date of birth, data from the CV and job references, bank data, religious affiliation, photographs.

In case of business partners, this includes, for example, the name of their legal representative, company, commercial register number, VAT number, company number, address, contact person contact data (e-mail address, telephone number, fax), bank details.

In case of visitors to our company, this includes first name, surname, vehicle registration number and signature.

In case of journalists, this includes first and last name, e-mail address, fax number.

In case of contest participants this includes first name, surname and e-mail address.

In addition, we also process the following other personal data:
- Information about the type and content of contract data, order data, sales and document data, customer and supplier history and consulting documents
- Advertising and sales data
- Information from your electronic communication with us (e.g. IP address, log-in data)
- Other data that we have received from you in the course of our business relationship (e.g. in discussions with customers)
- Data that we generate ourselves from master/contact data and other data such as customer requirement and customer potential analyses
- Your declaration of consent for the receipt of e.g. newsletters
- Photography during events

3. For what purposes and on what legal basis are the data processed?
We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act 2018, as amended:

  • to fulfil (pre-)contractual obligations (Art. 6 Para. 1lit.b GDPR):

The processing of your data for the contract execution takes place online or in one of our branches, for the contract execution of your employees in our company. The data will be processed in particular during the initiation of business transactions and the implementation of contracts with you.

  • to fulfil legal obligations (Art. 6 Para. 1 lit.c GDPR):

A processing of your data is necessary for fulfilling various legal obligations arising, for example, from the German Commercial Code or the German Tax Code.

  • to safeguard legitimate interests (Art. 6 Para. 1 lit.f GDPR):

Due to the weighing of interests, data can still be processed after the actual fulfilment of the contract to protect the legitimate interests of us or third parties. Data processing to safeguard legitimate interests is carried out in the following cases, for example:
- Advertising or marketing (see point 4)
- Measures for business management and further development of services and products
- Maintaining a group-wide customer database to improve customer service
- In connection with legal proceedings
- Sending of non-promoting information and press releases.

  • subject to your consent (Art. 6 Para. 1lit.a GDPR):

If you have given us permission to process your data, e.g. by sending us our newsletter, publishing photos, raffles, etc., we will not use your data for any other purpose.

4. Processing of personal data for advertising purposes
You may at any time object to the use of your personal data for advertising purposes on the whole or to individual measures without incurring any costs other than the transmission costs according to the basic tariffs.

We are entitled under the legal preconditions of § 7 Para.3 UWG (Law against unfair competition) to use the e-mail address you provided when concluding the contract to directly advertise our own similar goods or services. You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter or not.

If you do not wish to receive such recommendations from us by e-mail, you can object to the use of your address for this purpose at any time without incurring any costs other than the transmission costs according to the basic tariffs. A text message is sufficient for this purpose. Of course, every e-mail always contains a unsubscribe link.

5. Who receives my data?
If we use a service provider for processing orders, we will still remain responsible for the protection of your data. All order processors are contractually obliged to treat your data confidentially and to process it only within the scope of the service provision. The contract processors commissioned by us will receive your data insofar as they require the data for the performance of their respective services. These are, for example, IT service providers we need for the operation and security of our IT system as well as advertising and address publishers for our own advertising campaigns.

This data is made available to the group companies, if necessary, for the execution of the contract. The customer data is stored separately for each company, with our parent company acting as a service provider for the individual participating companies.

If there is a legal obligation and in the context of a legal prosecution, authorities and courts as well as external auditors can be recipients of your data.

Insurance companies, banks, credit agencies and service providers may also be recipients of your data for the purpose of initiating and fulfilling contracts.

6. How long will my data be stored?

We process your data until the business relationship is terminated or until the applicable statutory retention periods have expired (e.g. as per German Commercial Code, the Tax Code or the Working Hours Act); furthermore until any legal disputes in which the data is required as evidence have ended.

7. Is personal data transferred to a third country?
Generally, we do not transfer any data to third countries. Should this be the case, data will be made available to the group companies, if necessary, for the execution of the contract. Such transmission will only take place on the basis of standard contractual clauses and/or appropriate safeguards.

8. What are my data protection rights?

You have the right at any time to the information, correction, deletion or restriction of the processing of your stored data; a right to object to the processing as well as a right to data portability and complain in accordance with the data protection law.

Right to information:
You can request information from us as to whether and to what extent we process your data.

Right to correction:
If we process data that are incomplete or inaccurate, you may request that we correct or complete them at any time.

Right to delete:
You can demand that we delete your data if we process it unlawfully or if the processing disproportionately interferes with your legitimate protection interests. Please note that there may be reasons that prevent an immediate deletion, e.g. in the case of legally regulated storage obligations.
Irrespective of the exercise of your right to deletion, we will delete your data immediately and completely, insofar as there is no legal or statutory obligation to retain data in this respect.

Right to restricted processing:
You can ask us to restrict the processing of your data if
- you dispute the accuracy of the data for a period of time that allows us to verify the accuracy of the data.
- the processing of the data is unlawful, but you refuse to delete it and instead demand a restriction on the use of the data
- we no longer need the data for the intended purpose but you still need this data to assert or defend legal claims, or
- you have objected to the processing of the data.

Right to data portability:
You may request that we make available the data you have provided in a structured, common and machine-readable format and that you may transfer that data to another responsible person without our interference, provided that
- we process this data based on your given and revocable consent or for the fulfilment of a contract between us and
- that this processing is carried out using automated procedures.
If technically feasible, you may request us to transfer your data directly to another responsible party.

Right of objection:
If we process your data for legitimate reasons, you may object to such processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can provide compelling reasons worthy of protection for the processing which outweigh your interests, rights and freedoms or the processing is used to assert, exercise or defend legal claims. You can object to the processing of your data for the purpose of direct marketing at any time without giving reasons.

Right to appeal:
If you believe that we have violated German or European data protection laws when processing your data, please contact us so that we can clarify any questions you may have. Of course, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision.
If you wish to assert any of the above rights against us, please contact our data protection officer. If in doubt, we may request additional information to confirm your identity.

9. Am I obliged to provide data?

The processing of your data is necessary to conclude or fulfil your contract with us. If you do not provide us with this data, we will generally have to refuse the conclusion of the contract or will no longer be able to perform an existing contract and will therefore have to terminate it. However, you are not obliged to give your consent to data processing with regard to data that are not relevant for the fulfilment of the contract or are not required by law.