>>>

Art. 13 GDPR - collection and processing of data_

We are aware of the importance of the personal data you entrust to us. We see it as one of our most important tasks to ensure the confidentiality of your data. In accordance with the General Data Protection Regulation (GDPR), we would like to fulfil our duty to provide information when collecting personal data and inform you transparently about the type, scope and purpose of the processing of the personal data we collect and inform you of the rights to which you are entitled.

1. contact details of the data controller responsible for processing

The controller within the meaning of the General Data Protection Regulation is:

naymspace software GmbH & Co. KG
Dennis Nissen
Schauenburgerstraße 116
24118 Kiel
Phone: +49 (0) 431 55 686 77 0
E-mail: info@naymspace.de

We have appointed a data protection officer.

You can reach him at dsb@dsgvo-nord.de or with the reference ‘Data Protection Officer’ at the above company address.

2. Which sources are used to collect personal data?

We process personal data that we receive directly from our customers as part of our business relationship. We also process personal data that we have received from other companies, e.g. for the execution of orders, the fulfilment of contracts or on the basis of consent given by you.

On the other hand, we process personal data that we have legitimately obtained from publicly accessible sources (e.g. commercial and association registers, press, media, internet) and are authorised to process.

Personal data relevant to us may include:

Customer contact information

As part of the business initiation phase and during the business relationship, in particular through personal, telephone or written contacts initiated by you or by one of our employees, further personal data is generated, e.g. information about the contact channel, date, occasion and result; (electronic) copies of correspondence and information about participation in direct marketing measures.

Credit information

Business creditworthiness documents: income/surplus statements, balance sheets, business analyses, type and duration of self-employment.

3. What is your data processed for (purposes) and on what legal basis?

We process the aforementioned personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG-new):

When processing personal data for which we obtain the consent of the data subject, Article 6(1)(a) of the General Data Protection Regulation serves as the legal basis.

When processing personal data that is necessary for the fulfilment of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This provision also includes processing operations that are necessary for the performance of pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 letter c GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 letter f GDPR serves as the legal basis for the processing. The legitimate interest of our company lies in the performance of our business activities.

4. Disclosure of data to third parties

Within our company, only those persons and departments receive your personal data that need it to fulfil our contractual and legal obligations.

We transfer data to third parties if we need it to fulfil a contractual obligation.

Data will not be transferred to third parties for purposes other than those listed under point 3.

In addition, we transmit data to third parties if there is a legal obligation to do so. This is the case if state institutions (e.g. authorities and offices) request information in writing, a court order exists or a legal basis permits the transfer.

If we make advance payments, e.g. when purchasing on account, we reserve the right to obtain identity and creditworthiness information from specialised service providers (credit agencies) in order to protect our legitimate interests.

5. transfer of data to third countries

Personal data is not transferred to so-called third countries outside the EU/EEA.

6. storage period of the data/deletion periods

We process and store your personal data for as long as it is necessary for the fulfilment of our contractual obligations and for all other purposes mentioned under point 3 or as required by the retention periods provided for by law.

If the data is no longer required for the fulfilment of contractual or legal obligations, it will be regularly blocked for further processing or deleted in accordance with the statutory provisions.

7. data protection rights of the data subject

If you have any questions about your personal data, you can contact us in writing at any time.

You have the following rights under the GDPR:

The right to information (subsection Art. 15 GDPR)

You have the right to obtain information at any time about which categories and information about your personal data are processed by us and for what purpose, how long and according to what criteria these data are stored and whether automated decision-making, including profiling, is used in this context. You also have the right to know which recipients or categories of recipients your data has been disclosed to or will be disclosed to, in particular in the case of recipients in third countries or international organisations. In this case, you also have the right to be informed about suitable guarantees in connection with the transfer of your personal data.

In addition to the right to lodge a complaint with the supervisory authority and the right to information about the origin of your data, you have the right to erasure, rectification and the right to restrict or object to the processing of your personal data.

In all of the above cases, you have the right to request a copy of your personal data processed by us from the data processor free of charge. For all further copies that you request or that go beyond the data subject's right to information, we are authorised to charge a reasonable administrative fee.

The right to rectification (Art. 16 GDPR)

You have the right to request the immediate rectification of your incorrect personal data and, taking into account the purposes of the processing, to request the completion of incomplete personal data, including by means of a supplementary declaration.

If you wish to exercise your right to rectification, you can contact our data protection officer or the controller at any time.

The right to erasure (Art. 17 GDPR)

You have the right to request the immediate erasure of your data (‘right to be forgotten’), in particular if the storage of the data is no longer necessary, you withdraw your consent to data processing, your data has been processed unlawfully or has been collected unlawfully and there is a legal obligation to erase it under EU or national law.

However, the right to be forgotten does not apply if there is an overriding right to freedom of expression or freedom of information, if data storage is necessary for the fulfilment of a legal obligation (e.g. retention obligations), if archiving purposes prevent deletion or if the storage serves the assertion, exercise or defence of legal claims.

The right to restriction (Art. 18 GDPR)

You have the right to demand the restriction of the processing of your data by the controller if the accuracy of the data is contested by you, the processing is unlawful, you oppose the erasure of your personal data and request the restriction of the processing instead, if the necessity for the processing purpose no longer applies or you have objected to the processing pursuant to Article 21(1) pending the verification whether our legitimate grounds override yours.

The right to data portability (Art. 20 GDPR)

You have the right to the portability of your personal data, which you have provided to our company in a commonly used format, so that you can have your personal data transmitted to another controller without hindrance, provided that, for example, you have given your consent and the processing is carried out by automated means.

The right to object (Art. 21 GDPR)

You have the right to object to the processing of your personal data at any time, unless there are legitimate grounds for doing so. There are legitimate grounds for data processing, for example, if the interests, rights and freedoms of the data subject prevail or the processing serves the assertion, defence and exercise of legal claims. In addition, you can also express a separate, explicit right to object to the processing of your personal data for the purpose of direct marketing at any time.

Right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR in conjunction with Section 19 BDSG)

You have the right to lodge a complaint with a supervisory authority if you believe that there has been an infringement in the processing of your personal data.

Competent supervisory authority:
Independent State Centre for Data Protection (ULD)
Marit Hansen - State Commissioner for Data Protection Schleswig-Holstein
Holstenstraße 98 - 24103 Kiel
Telephone: +49 (0) 431 988 1200
E-mail: mail@datenschutzzentrum.de

Right to withdraw consent under data protection law (Art. 7 para. 3 GDPR)

You can revoke your consent to the processing of your personal data at any time and without giving reasons. This also applies to the revocation of declarations of consent given to us before the EU General Data Protection Regulation came into force.

8. legal or contractual requirements for the provision of personal data and possible consequences of non-provision

We hereby point out that the provision of personal data is required by law in certain cases (e.g. tax regulations) or may result from a contractual provision (e.g. details of the contractual partner). For example, in order to conclude a contract, it may be necessary for the data subject/contractual partner to provide their personal data so that we can process their request (e.g. order) in the first place. An obligation to provide personal data arises above all when concluding a contract. If no personal data is provided in this case, the contract cannot be concluded with the data subject. Before personal data is provided by the data subject, the data subject can contact our data protection officer or the data controller. The data protection officer or the controller will then clarify to the data subject whether the provision of the required personal data is required by law or contract or is necessary for the conclusion of the contract and whether there is an obligation to provide the personal data arising from the data subject's concerns or what the consequences are for the data subject if the requested data is not provided.

9. legal existence of automated decision-making (including profiling)

As a responsible company, we do not use automated decision-making or profiling in our business relationships.