— Information requirements for employees

Data protection information for employees
according to Art. 13, 14 and 21 of the Data Protection Regulation DSGVO (GDPR)

Data protection is an important matter for us. In the following, we inform you how we process your data and what rights you are entitled to.

1. Who is responsible for data processing and whom can you contact?
Signite GmbH
Kiefernweg 3
74321 Bietigheim-Bissingen
Telephone: +49.151.2422.2022
E-mail: peter.klingler@signite-experts.com

2. Contact details of the data protection officer
Markus Geiger; datenschutz@mage-solutions.de

3. Processing purposes and legal basis

Your personal data will be processed in accordance with the provisions of the General Data Protection Regulation (DSGVO), the Federal Data Protection Act BDSG and other relevant data protection regulations. The processing and use of individual data depends on the agreed or requested service. Our contractual documents, forms, declarations of consent and other information provided to you (e.g. on the website or in the terms and conditions) provide further details and supplements on the purposes of processing.

3.1 Consent (Art. 6 para. 1 letter a DSGVO)

If you have given us consent to process personal data, the respective consent is the legal basis for the processing mentioned there. You can revoke your consent at any time with effect for the future.

3.2 Fulfilment of contractual obligations (Art. 6 para. 1 lit. b DSGVO)

We process your personal data for the performance of our contracts with you, in particular in the context of our order processing and service utilisation. Furthermore, your personal data is processed for the implementation of measures and activities in the context of pre-contractual relations.

3.3 Fulfilment of legal obligations (Art. 6 para. 1 c DSGVO)

We process your personal data if this is necessary for the fulfilment of legal obligations (e.g. commercial, tax laws).
Furthermore, we may process your data for identity verification, fraud and money laundering prevention, prevention, compliance with tax control and reporting obligations and archiving of data for data protection and data security purposes as well as for auditing by tax and other authorities. In addition, the disclosure of personal data may be necessary in the context of official/court measures for the purpose of collecting evidence, criminal prosecution or the enforcement of civil law claims.

4. Categories of personal data that we process.

The following data are processed:
– Personal data (name, nationality, profession/industry and comparable data).
– Contact data (address, email address, telephone number and comparable data)
– Information about your financial situation (creditworthiness data, i.e. data for assessing the economic risk)
– Supplier history
– We also process personal data from public sources (e.g. internet, media, press, trade and association registers, civil registers, debtor registers, land registers).
– If necessary for the provision of our services, we process personal data that we have lawfully received from third parties (e.g. address publishers, credit agencies).

5. Who receives your data?
We pass on your personal data within our company to the departments that need this data to fulfil contractual and legal obligations or to implement our legitimate interests.

In addition, the following departments may receive your data:

– Order processors used by us (Art. 28 DS-GVO), service providers for supporting activities and other responsible parties within the meaning of the DS-GVO, in particular in the area of.
(e.g. IT services, logistics and printing services, external data centres, support/maintenance of IT applications, archiving, document processing, call centre services, compliance services, controlling, data screening for anti-money laundering purposes, data validation or plausibility checks, data security services, etc.). -data validation or plausibility check, data destruction, purchasing/procurement, customer administration, lettershops, marketing, media technology, research, risk controlling, billing, telephony, website management, auditing services, credit institutions, printing services or companies for data disposal, courier services, logistics
– Public bodies and institutions in the event of a legal or official obligation, according to which we are obliged to provide information, report or pass on data or the passing on of data is in the public interest.
– bodies and institutions on the basis of our justified interest or the justified interest of the third party for the purposes stated in section 3.5 (e.g. to authorities, credit agencies, debt collection, lawyers, courts, experts, companies belonging to the group and committees and supervisory bodies);
– other bodies for which you have given us your consent to the transfer of data.

6. Transfer of your data to a third country or to an international organisation

A transfer of data to countries outside the European Union (EU) or the European Economic Area (EEA), so-called third countries, takes place if it is necessary for the execution of an order/contract from or with you, if it is required by law (e.g. reporting obligations under tax law), if it is in the context of a legitimate interest of us or a third party or if you have given us your consent.
The processing of your data in a third country may also be carried out in connection with the involvement of service providers within the framework of commissioned processing. If the EU Commission has not passed a resolution on an adequate level of data protection for the country in question, we will ensure that your rights and freedoms are adequately protected and guaranteed in accordance with EU data protection regulations by means of corresponding contracts. We will provide you with detailed information on request.

7. How long do we store your data?

As far as necessary, we process your personal data for the duration of our business relationship, this also includes the initiation and execution of a contract.

In addition, we are subject to various storage and documentation obligations, which result from the German Commercial Code (HGB) and the German Fiscal Code (AO), among others. The retention and documentation periods specified there are up to ten years beyond the end of the business relationship or the pre-contractual legal relationship.

Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 ff. of the German Civil Code (BGB), are usually three years, but in certain cases can be up to thirty years. 8.

8. To what extent is there automated decision-making in individual cases (including profiling)?

We do not use any purely automated decision-making procedures in accordance with Article 22 of the GDPR. Should we use such procedures in individual cases, we will inform you of this separately, insofar as this is required by law.

9. Your data protection rights
You have the right to information pursuant to Article 15 of the Data Protection Regulation, the right to rectification pursuant to Article 16 of the Data Protection Regulation, the right to deletion pursuant to Article 17 of the Data Protection Regulation, the right to restriction of processing pursuant to Article 18 of the Data Protection Regulation and the right to data portability pursuant to Article 20 of the Data Protection Regulation. In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 DSGVO). In principle, there is a right to object to the processing of personal data by us in accordance with Article 21 of the GDPR. However, this right of objection only applies in the case of very special circumstances of your personal situation, whereby rights of our company may possibly conflict with your right of objection. If you wish to exercise one of these rights, please contact our data protection officer (Markus Gei-ger; geiger@mage-solutions.de).

10. Scope of your obligations to provide us with your data

You only need to provide us with the data that is necessary for the establishment and implementation of a business relationship or for a pre-contractual relationship with us or for which we are legally obliged to collect. Without this data, we will generally not be able to conclude or execute the contract. This may also refer to data required later in the course of the business relationship. If we request additional data from you, you will be informed separately of the voluntary nature of the information.

11. Your right to complain to the competent supervisory authority

You have a right of appeal to the data protection supervisory authority (Art. 77 DSGVO). The supervisory authority responsible for us is:

The State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg.
Lautenschlagerstraße 20
70173 Stuttgart / Germany