Data Protection

1. Introductory statement - Why is data protection so important?

Data protection is an essential part of SYNTAX’s corporate philosophy. This is because SYNTAX’s entire business model is dominated by the exchange of data between customers as Controller and SYNTAX as Processor.

The General Data Protection Regulation (GDPR) addresses numerous legal obligations for our customers and SYNTAX, which both have to meet.

As part of our broad service portfolio, SYNTAX as a service provider is therefore very concerned to process the personal data of customers during the entire business relationship in accordance with the commissioned service and to protect it in the best possible way from a technical point of view.

SYNTAX ensures the contractual requirements through the following measures:

  • Conclusion of a data protection agreement on the basis of the EU standard contractual clauses
  • Implementation of technical and organizational measures (TOMs) according to the state of the art
  • ISO certifications
  • Provision of the subcontractor list according to the services provided

All essential processing of personal data is subject to a review and approval process to ensure that customer data is processed in accordance with internal and statutory data protection regulations.

Therefore, transparency and integrity with regard to the data provided by our customers to Syntax represent the key aspects for a trusting cooperation and business relationship.

Do you have any further questions about our data protection management? Please do not hesitate to contact us at the following e-mail address: [email protected].

2. Information overview on data protection and certifications

3. News

Since January 2023 SYNTAX uses the standard contractual clauses of the European Commission for the European Economic Area as data protection agreement according to Art. 28 (7) DSGVO. This is used for customers and suppliers alike.

In this way, SYNTAX ensures a contractual standard that complies with the uniform interpretation of the regulatory authorities and at the same time offers added value for both parties.

4. The data protection officer introduces himself

Our external data protection officer is Dr. Stefan Baum, M.A.E.S., attorney and specialist attorney for information technology law. He advises numerous large and medium-sized companies and draws on over 20 years of professional experience.

As an independent authority, Dr. Baum oversees the overall data protection management of SYNTAX and its affiliates, reporting directly to management.

His expertise and consulting activities make a significant contribution to optimizing the processing of personal data in day-to-day business, finding practical solutions to data protection issues and implementing new legal requirements in the company as quickly as possible.

For this purpose, Dr. Baum works with internal data protection coordinators who initiate the data protection requirements and processes accordingly. All employees and persons responsible can contact the data protection officer confidentially at any time if they have any questions.

Do you have any questions for our data protection officer? Please feel free to contact Dr. Baum personally at:

BHK Data Protection and Compliance GmbH

Humboldtstr. 3

79539 Lörrach

Phone: +49 (0)7621 5705398

Email: [email protected]

Registered office: Lörrach, Register Court Freiburg HRB 718081

Managing Director: Dr. Stefan Baum

5. Privacy policy for the use of the website

As of: 26.07.2022

In the following we would like to inform you, in accordance with the applicable national and European data protection regulations, about the type and scope of personal data we process in relation to (hereinafter referred to collectively as “website”):

  • your visit to our website,
  • how contact was established,
  • registration for events
  • job applications,
  • the sending of newsletters,
  • our social media presence

for what purposes we use this data and how we use it to optimize our services for you. We reserve the right to change and adapt this privacy policy at any time in compliance with the statutory provisions.

A. General

1. Responsibility for data processing and contact details of the data protection officer

1.1 Unless otherwise stated below, Syntax Systems GmbH & Co. KG is responsible for the processing of personal data on this website. The contact details are as follows:

Syntax Systems GmbH & Co. KG
Höhnerweg 2-4, 69469 Weinheim, Deutschland
Tel: +49 6201 80 8008
E-Mail: [email protected]

1.2 Our data protection officer is Dr. Stefan Baum. His contact details are as follows:

BHK Datenschutz und Compliance GmbH
Herr Dr. Stefan Baum
Humboldtstr. 3, 79539 Lörrach, Deutschland

E-mail address for general data protection concerns is [email protected] and for confidential communication with the data protection officer: [email protected] or +49 (0)7621 5705398.

2. Types of data processed, categories of data subjects

2.1 Type of data processed

  • Master data (e.g., customer master data such as names, addresses)
  • Account data (login, PW # hash)
  • Contact information (e.g., e-mail, telephone numbers)
  • Communication data and history
  • Content data (e.g., text input, photographs, videos)
  • Contract data (e.g., offers, order, subject matter of contract, customer category)
  • Payment data (e.g., bank details, payment history)
  • CRM data, in particular customer history and customer statistics
  • Usage data (e.g., pages visited, interest in content, access times)
  • Meta/communication data (e.g., device information, IP addresses)
  • Data under sections 4 and 5
  • Applicant data according to section 9
  • Section B data

2.2 Categories of data subjects

  • Visitors and users of the website and online offers
  • Customers, interested parties and business partners
  • Newsletter subscribers and direct marketing in existing customer relationships
  • Other communication partners

(In the following, we also refer to the data subjects as “users”.)

3. Purpose of Processing

We use your personal data for the following purposes:

  • For providing the website and the online offer, its functions and content.
  • To identify you as a contractual partner
  • For creating and managing your personal customer account.
  • For answering contact requests and communicating with users.
  • For event management
  • To assert, enforce, exercise, or defend against legal claims and legal disputes, as well as to detect, investigate and prevent criminal offences
  • About security measures
  • For range measurement
  • For the purpose of direct marketing, e.g., in the form of an e-mail newsletter or postal advertising.
  • For the purpose of product and service satisfaction surveys and analysis.

4.  Data Collection on this Website

This data protection information applies to the Internet offer of Syntax Systems GmbH & Co. KG, available under the domains www.syntax.com/de-de and www.syntax-systems.com as well as the various subdomains of the above websites (hereinafter “our website”) is operated. Additional information may apply to other websites offered by the Syntax Group.

4.1 When accessing our website

(1) If you only use the website for informational purposes, i.e., if you do not register or otherwise provide us with information, we only collect the personal data that your browser automatically transmits to our server. If you would like to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 para.1 S. 1 lit. f) GDPR):

  • IP address
  • Geolocation
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access Status/HTTP Status Code
  • Amount of data transferred in each case
  • Website from which the request comes
  • Browsers
  • Operating system and its interface
  • Browser software language and version

(2) The IP addresses of the users are deleted or made anonymous after use. In the case of anonymization, the IP addresses are changed in such a way that individual details of personal or factual circumstances can no longer be assigned to a specific or identifiable natural person, or only with a disproportionate amount of time, cost, and effort. By default, our website temporarily stores the connection data of the requesting computer (IP address), time of the server request, the pages you visit on our site, the date and duration of the visit, the identification data of the browser and operating system type used, as well as the Website from which you visit us (referrer). It is not possible for us to draw conclusions about a natural person from this data.

(3) The legal basis for this is Art. 6 para 1 S. 1 lit. f) GDPR (legitimate interest). Our legitimate interests are in the operation and maintenance of our website and the processing of relevant data to ensure the functionality and security of our services. Corresponding data will be deleted after your visit to the website, unless it is stored for other purposes, in particular for system control and technical security purposes, or for other reasons (e.g., due to legal obligations).

4.2 When you contact us by e-Mail, via the contact form or the telephone hotline

If you contact us by e-mail and/or use our contact form or our telephone hotline, we process your name, company, e-mail address, telephone number and the region from which you are contacting us, as well as all other information, which you communicate to us in order to process your request.

The legal basis for this is Art. 6 para. 1 S. 1 lit. b) or f GDPR (performance of contract or legitimate interest). The data will be deleted as soon as your request has been processed or the purpose for processing no longer applies. Depending on the type of request, there may be additional storage (e.g., for evidence purposes until the statute of limitations for any claims). We may also be legally obliged to store your data for longer, e.g., to comply with storage obligations (depending on the legal basis up to 10 years).

4.3 When you register for our events

If you would like to take part in one of our events, you can register on our website. We process, among other things, your title, first and last name, company, department, industry, postal code, telephone number and e-mail address. The processing of this data is necessary for the implementation of the events and your participation in them.

The legal basis for this is Art. 6 Paragraph 1 Sentence 1 Letter b) GDPR (performance of contract or legitimate interest). Unless there is another legal obligation, the data will be deleted as soon as the event has ended.

4.4 When you use our download center

4.4.1 Legal basis and description of the process

When you download from our Download Center, we collect and process your title, surname, company, industry, zip code and e-mail address, among other things.

By submitting the download form, you consent to us sending you interesting information about current developments as well as news and offers from Syntax to the e-mail address you have provided. The legal basis for sending the relevant information is your consent in accordance with Section 7 (2) UWG (German Act against unfair competition). We use your email address and your name to send the information. This personal data is processed to safeguard our legitimate interest in direct marketing. The legal basis for this is Art. 6 para 1 S. 1 lit. f) GDPR.

To be able to send you information tailored to your interests, we also take into account other information you send us when registering or using our services (including information regarding your function in the company, information about your company, such as how often you have visited our website, what other downloads you have made, etc.). The systems used for this also use the aforementioned data automatically in order to continuously improve the respective processes. We also evaluate the use of our e-mails (e.g., whether they are read or not).

This processing of your personal data is based on your consent, which you give by submitting the download form. The legal basis for this is Art. 6 para 1 S. 1 lit. a) GDPR.

The provision of personal data is necessary in order to send you information tailored to your needs. If you do not provide your personal data or do not give your consent, we cannot provide you with corresponding individualized information.

Registration takes place using the so-called double opt-in procedure. After registering, you will receive an email asking you to confirm your registration. This confirmation is necessary so that nobody can register with someone else’s e-mail address.

You can revoke your consent at any time (e.g., by clicking on the unsubscribe link contained in the e-mails) with effect for the future.

4.4.2 Passing on to HubSpot

HubSpot is a US software company located at 25 First Street, Cambridge, MA 02141, USA (“HubSpot”). HubSpot acts as our own contact management platform for marketing. We utilize this integrated software solution for the purpose of our own marketing activities, lead generation and customer service. We also use it to send our e-mails, ads and host content such as white papers, data sheets and much more.

Our whitepapers are downloaded using data provided by yourself, such as first and last name, company, phone number, postcode, line of business, and e-mail address, which is then passed on to the technical service provider HubSpot. Since personal data is transferred to the USA, we first request your consent to the data transfer (Art. 49 Para. 1 S. 1 lit. a GDPR) and your consent to the access to your device for the use of cookies (Sec. 25 TDDDG) to do so. There is currently no adequacy decision from the EU Commission for the USA meaning that a level of data protection corresponding to EU standards cannot be guaranteed. This can result in potential risks such as official access to data and impeding the enforcement of your rights as a data subject. You can revoke your consent at any time with effect for the future. In addition, we have agreed new EU standard contractual clauses with the provider (module 2) in accordance with Article 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process said data in accordance with the level of protection required in Europe. HubSpot is linked to the technical service provider Salesforce Inc. in Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA (“Salesforce”), to whom the above mentioned data is passed on. Within Salesforce, a comparison is made as to whether you have already been created as a customer in our CRM and if there is an existing contractual relationship. This is done for the purpose of classifying whether you are a new or existing customer. Your consent to the data transmission in HubSpot therefore also covers the respective link to Salesforce.

Data is deleted as soon as it is no longer required to fulfill the purpose for which it was collected. Deletion takes place automatically, at the latest 12 months after the data was collected. You can permanently object to the collection of data by HubSpot, and the setting of cookies by preventing the by changing the appropriate browser settings. You can also object to the processing of your personal data at any time with effect for the future by sending an email to [email protected].

4.5 When you apply for a job with us

(1) Directly via our website

Now service from the provider ADP Canada Co., headquartered in One ADP Boulevard, Roseland, New Jersey 07068, USA (“ADP”), which acts as our processor take action (Art. 28 GDPR).

In the case of an application, the following personal data is regularly collected and processed: first name, surname, suffixes, date of birth, e-mail address, postal address, telephone number. Skill data, photo, if necessary, work permit / residence permit, health data. In addition, we process personal data that we have legitimately obtained from publicly accessible sources (e.g., professional networks such as LinkedIn or Xing).

During the registration process, you have the option of logging in using an existing user account on the social networks LinkedIn, Google and Facebook. Here a check is carried out as to whether you have a valid user account with the selected network, with whose access data you can register on our portal. The result of this check and, if applicable, your name, e-mail address and profile picture will be transferred to our application management system. There is no further data transfer between us and the selected social network within the scope of this function.

Corresponding data is processed in a central system, operated and managed by Syntax Systems Ltd. 8250 Boul Décarie Bureau 400 Montreal, Canada for the companies of the Syntax Group. As part of the operation of this central application management system, we and Syntax Systems Ltd. act as joint controllers. While Syntax Systems Ltd. takes care of the technical and organizational operation and management of the systems, we are responsible for the content support of the application process. We have partnered with Syntax Systems Ltd. to conclude a contract regulating the data protection aspects of this cooperation. We will be happy to provide the other essential contents of the regulations made upon request. Inquiries to assert any data subject rights (see Section 7 below) can be sent to us using the contact details given above. The right to assert the rights of data subjects against all those involved in this processing remains unaffected. Corresponding inquiries to Syntax Systems Ltd. are to be addressed to:

Syntax Systems Limited LLC
110 Fieldcrest Avenue
Suite 18, 4th Floor
Edison, NJ 08837
E-Mail: [email protected]

As part of the application process, the Syntax Group companies involved or our service provider may transfer personal data to Group companies in third countries, e.g., to Automatic Data Processing, Inc., One ADP Boulevard, Roseland, New Jersey 07068 in the USA transmitted. Data transmission within our group of companies is made possible by the conclusion of the so-called EU standard contractual clauses of the EU Commission in accordance with Art. 46 (2) lit. 1 GDPR, available at https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=celex%3A32010D0087. Insofar as data is transferred to or processed in the USA by our service provider ADP, this is subject to Binding Corporate Rules (“BCR”) in accordance with Art. 46 para lit. b) in conjunction with Art. 47 GDPR or secured through the conclusion of EU Standard contractual clauses in accordance with Art. 46 para 2 lit. c) GDPR.

The processing of personal data to the extent described above serves to establish the employment relationship. The legal basis for this is Art. 88 (1) GDPR in conjunction with Section 26 (1) BDSG. Your data will only be processed to fill the specific position for which you are applying. In addition, the processing of health data for the assessment of your ability to work in accordance with Art. 9 para. 2 lit. h) GDPR i. V. m. § 22 para 1 lit. b) BDSG be required.

For more information on how our service provider ADP handles your data and the extent to which other personal data may be collected and processed by our service provider when you visit our application page, please see the data protection information at https://www.adp.com/privacy.aspx.

(2) Unsolicited Applications

All applications are processed by us uniformly in our applicant portal. If you send us an unsolicited application (e.g., by post or email), you will receive an email from us asking you to upload your application directly to the applicant portal on our website. If this is not possible, we will – at your express request – create your application in our applicant portal for you. For the processing of the data in the applicant portal, we refer to the statements above under (1).

The processing of your personal data, which you provide to us as part of your unsolicited application, serves to establish the employment relationship. The legal basis for this is Art. 88 para 1 GDPR in conjunction with Section 26 (1) BDSG. Your data will only be processed to create and process your application. In addition, the processing of health data for the assessment of your ability to work in accordance with Art. 9 para 2 lit. h) GDPR i.V. m. § 22 Abs. 1 lt. b) BDSG may be required.

In all other cases paragraph 1 applies.

(3) Duration of storage and inclusion in the applicant pool

If you are hired, we will transfer your application documents to your personnel file. After the end of the employment relationship, any personal data we are legally obliged to keep or which we have a legitimate interest in storing will continue to be stored. This regularly results from legal proof and storage obligations, regulated, among other things, in the German Commercial Code and the Tax Code and can be required to remain in storage for up to ten years. Legitimate interests may include defending against legal claims (cf. Art. 17 para. 3 lit. e) GDPR, usually for a period of three years, but possibly longer).

In the event of a rejection, your application documents will be deleted no later than six months after the end of the application process.

Continued storage will take place if you have given us consent to longer storage (applicant pool). The legal basis for this is Art. 6 para 1 S. 1 lit. a) GDPR. You can revoke your consent at any time using the above contact details or, if provided, via our applicant portal with effect for the future.

5. Cookies

(1) Cookies are small text files that are assigned to the browser you are using and stored on your hard drive and through which certain information flows to the place that sets the cookie (i.e., from us). Cookies cannot run programs or transmit viruses to your computer. They serve to make the internet offer more user-friendly and effective overall.

(2) Use of cookies:

a) This website uses the following types of cookies, the scope and functionality of which are explained below:

  • Session cookies (see b)
  • Persistent cookies (see c).

b) Session cookies store a so-called session ID, with which various requests from your browser can be assigned to the joint session. The session cookies are deleted when you log out or close the browser. If you restart your browser and go back to the website, the website will not recognize you. You will need to log in again (if a login is required) or reset templates and preferences if the website offers these features. A new session cookie is then generated, which stores your information and remains active until you leave the site and close your browser.

c) Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

(3) Technically necessary and unnecessary cookies

Technically necessary cookies

We use technically necessary cookies based on our legitimate interest in order to be able to optimally design and display our website according to your preferences. The legal basis for this is Art. 6 Para. 1 S. 1 lit. f) GDPR (legitimate interest).

Technically unnecessary cookies

Technically unnecessary cookies are only used with your consent. The legal basis for this is Art. 6 Para. 1 S. 1 lit. a) GDPR, § 25 TDDDG. You can revoke your consent at any time with effect for the future by making the appropriate settings in the cookie banner and/or the settings of your browser or by deleting the cookies in your browser.

You can delete previously set cookies at any time via the settings in your browser or other software programs. We would like to point out that in this case you may not be able to use all the functions of our website.

(4) For what purposes do we use cookies?

We use cookies to personalize content and ads, to provide social media features, and to analyze traffic to our website. We also share information about your use of our website with our social media, advertising, and analytics partners. Our partners may combine this information with other data that you have provided to them or that they have collected as part of your use of the services. You consent to our cookies if you continue to use our website.

General Overview

Purpose

Description

Storage Duration

Technically necessary cookies

Technically necessary cookies make the use of our website possible by enabling basic functions such as page navigation and access to secure areas of the website. Visiting our website cannot function properly without these cookies.

Session cookies – are deleted when the browser is closed.

Performance (e.g., user’s browser), presentation and preferences

When using our website, cookies are used (e.g., to recognize the browser) in order to improve performance (e.g., faster loading of content). When you visit our website, the country and language selection determined or chosen by you is stored in cookies in order to save you having to make a new selection on subsequent visits. It is checked in advance whether your browser supports cookies and this information is stored in another cookie. You will then be shown country and language based localized contact information, which will also be saved. The legal basis for this is your consent (Art. 6 para. 1 lit. a) GDPR, § 25 TDDDG).

Session cookies – are deleted when the browser is closed.

Analytics cookies / Tracking (Statistics)

We use third-party analytics cookies to understand how visitors use our site. This helps us to improve the quality and content of our site. The aggregate statistical information includes data such as the total number of visitors. For example, we learn how often, and in which order the individual pages were accessed and how much time the visitors spend on our pages on average. We also find out whether users have already visited our website at an earlier point in time. The legal basis for this is the consent you have given in accordance with Art. 6 para 1 S. 1 lit. a) GDPR, § 25 TDDDG. For further information please see Nr. 13 (Web analysis services).

Persistent cookies – remain but are automatically deleted after 2 years when the website is no longer visited.

“Advertising
cookies
(Marketing)”

We use advertising cookies in order to be able to assess the efficiency of our advertising measures and derive optimizations from this. The legal basis for this is your consent (Art. 6 para 1 S. 1 lit. a) GDPR, § 25 TDDDG).

Permanent cookies – remain but are automatically deleted after 26 months at the latest if the website is no longer visited. Shorter periods may apply in individual cases.

(5) Controlling Cookies

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when the browser is closed. If cookies are deactivated, the functionality of this website may be restricted.

Our website uses cookies. Cookies are small text files that are sent from our web server to your browser when you visit our website and are stored on your end device for later retrieval. They serve to make our offer more user-friendly, effective, and secure.

(6) Cookiebot

We use functions of the provider Cookiebot on our website. The company behind Cookiebot is Cybot A/S, Havnegade 39, 1058 Copenhagen, DK. Among other things, Cookiebot offers us the option of providing you with a comprehensive cookie notice (also known as a cookie banner or cookie notice). By using this function, data from you can be sent to Cookiebot or Cybot, stored and processed. In this data protection declaration we inform you why we use Cookiebot, which data is transferred and how you can prevent this data transfer.

Cookiebot is a software product by Cybot. The software automatically creates a GDPR-compliant cookie notice for our website visitors. In addition, the technology behind Cookiebot scans, controls and evaluates all cookies and tracking measures on our website.

What data is stored by Cookiebot?

If you allow cookies, the following data will be transmitted to Cybot, stored and processed.

  • IP address (in anonymous form, the last 3 digits are set to 0)
  • Date and time of your consent
  • Our website URL
  • Technical browser data
  • Encrypted, anonymous key
  • The cookies you have consented to (as proof of consent)

The following cookies are set by Cookiebot if you have consented to the use of cookies:

Name: CookieConsent
Value: {stamp:’P7to4eNgIHvJvDerjKneBsmJQd9331656935318-2
Purpose: Your consent status is stored in this cookie. This allows our website to read and follow the current status on future visits.
Expiry Date: after one year
Name: CookieConsentBulkTicket
Value: kDSPWpA%2fjhljZKClPqsncfR8SveTnNWhys5NojaxdFYBPjZ2PaDnUw%3d%3331656935318-6
Purpose: This cookie is set if you allow all cookies and have therefore activated a “collective consent”. The cookie then stores its own, random, and unique ID.
Expiry Date: after one year

Legal Basis

If you agree to cookies, your personal data will be processed and stored via these cookies. If we are allowed to use cookies with your consent (Art. 6 Para. 1lit. a) GDPR), this consent is also the legal basis for the use of cookies or the processing of your data. The Cookiebot is used in order to be able to manage the consent to cookies and to enable you to give your consent. The use of this software enables us to operate the website in an efficient and legally compliant manner, which represents a legitimate interest (Article 6 (1) (f) GDPR.

(7) Overview of Cookies Used (Cookiebot):

(7) (1) Description of Cookies:

Necessary (3) Necessary cookies help make a website usable by enabling basic functions such as page navigation and providing access to secure areas of the website. The website cannot function properly without these cookies.

Name: li_gc
Provider: LinkedIn
Purpose: Stores the user’s consent status for cookies on the current domain.
Duration: 2 years
Type: HTTP

Name: CookieConsent
Provider: Cookiebot
Purpose: Stores the user’s consent status for cookies on the current domain.
Duration: 1 year
Type: HTTP

Preference (3) Preference cookies allow a website to remember information that affects the way a website behaves or looks, such as your preferred language or the region you are in.

Name: lang (x2)
Provider: LinkedIn
Purpose: Stores the user-selected language version of a web page.
Duration: Session
Type: HTTP

Name: CookieConsentB #
Provider: CookieBot
Purpose: Enables cookie consent for multiple websites.
Duration: Persistent
Type: HTML

Statistics (8) Statistics cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

Name: collect
Provider: Google
Purpose: Used to send data to Google Analytics about the visitor’s device and behavior. Tracks the visitor across devices and marketing channels.
Duration: Session
Type: Pixel

Name: AnalyticsSyncHistory
Provider: LinkedIn
Purpose: Used in connection with data synchronization with third-party analytics service.
Duration: 29 days
Type: HTTP

Name: _ga (x2)
Provider: Google
Purpose: Registers a unique ID that is used to generate statistical data on how website is used.
Duration: 2 years
Type: HTTP

Name: _gat (x2)
Provider: Google
Purpose: Used by Google Analytics to limit the request rate.
Duration: 1 day
Type: HTTP

Name: _gid (x2)
Provider: Google
Purpose: Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
Duration: 1 day
Type: HTTP

Not Classified (9) Unclassified cookies are cookies that we are currently trying to classify, together with providers of individual cookies.

Name: sytx_geo_redirect
Provider: www.syntax.com
Purpose: Pending
Duration: 1 day
Type: HTTP

Name: ADLangLocale
Provider: adp.com / workforcenow.ad
Purpose: Pending
Duration: Session
Type: HTTP

Name: ADDPORTAL
Provider: adp.com
Purpose: Pending
Duration: Session
Type: HTTP

Name: RelayState
Provider: adp.com
Purpose: Pending
Duration: Session
Type: HTTP

Name: _aeaid
Provider: workforcenow.ad
Purpose: Pending
Duration: 1 year
Type: HTTP

Name: aeatstartmessage
Provider: workforcenow.ad / wsv3cdn.audioey
Purpose: Pending
Duration: Session
Type: HTTP

Name: workforcenow40
Provider: workforcenow.ad
Purpose: Pending
Duration: Session
Type: HTTP

Marketing (19) Marketing cookies are used to follow visitors on websites. The intent is to show ads that are relevant and engaging to the individual user and therefore more valuable to publishers and third-party advertisers.

Name: IDE
Provider: Google
Purpose: Used by Google DoubleClick to register and report the user’s actions on the website after viewing or clicking on one of the provider’s ads, with the purpose of measuring the effectiveness of an advertisement and displaying targeted advertisements to the user.
Duration: 1 year
Type: HTTP

Name: RUL
Provider: Google
Purpose: Used by DoubleClick to determine whether website advertisements have been displayed correctly – This is done to make their marketing efforts more efficient.
Duration: 1 year
Type: HTTP

Name: test_cookie
Provider: Google
Purpose: Used to check if the user’s browser supports cookies.
Duration: 1 day
Type: HTTP

Name: tr
Provider: Facebook
Purpose: Used by Facebook to display a range of advertising products, such as real-time bidding from third party advertisers.
Duration: Session
Type: Pixel

Name: pagead/1p-user-list/#
Provider: Google
Purpose: Used to track whether visitor has shown interest in specific products or events across multiple websites and how the visitor navigates between websites _ This is used to measure advertising effort and facilitates payment for referrals between websites.
Duration: Session
Type: Pixel

Name: bcookie
Provider: LinkedIn
Purpose: Used by the social networking service LinkedIn to track use of embedded services.
Duration: 2 years
Type: HTTP

Name: bscookie
Provider: LinkedIn
Purpose: Used by the social networking service LinkedIn to track use of embedded services.
Duration: 2 years
Type: HTTP

Name: lidc
Provider: LinkedIn
Purpose: Used by the social networking service LinkedIn to track use of embedded services.
Duration: 1 day
Type: HTTP

Name: UserMatchHistory
Provider: LinkedIn
Purpose: Used to track visitors across multiple websites in order to present relevant advertisements based on the visitor’s preferences.
Duration: 29 days
Type: HTTP

Name: VISITOR_INFO1
Provider: YouTube
Purpose: Tries to estimate user bandwidth on pages with embedded YouTube videos.
Duration: 179 days
Type: HTTP

Name: YSC
Provider: YouTube
Purpose: Registers a unique ID, to store statistics on YouTube videos seen by visitors.
Duration: Session
Type: HTTP

Name: _fbp (x2)
Provider: Facebook
Purpose: Used by Facebook to display a range of advertising products, such as real-time bidding from third party advertisers.
Duration: 3 months
Type: HTTP

Name: _gcl_au (x2)
Provider: Google Tag Manager
Purpose: Used by Google AdSense to experiment with advertising effectiveness on websites using their services.
Duration: 3 months
Type: HTTP

Name: d/px
Provider: Drawbridge
Purpose: Collects data about visitors’ preferences and behavior on the website – This information is used to make content and advertising more relevant to the respective visitor.
Duration: Session
Type: Pixel

Name: fr
Provider: Facebook
Purpose: Used by Facebook to display a range of advertising products, such as real-time bidding from third party advertisers.
Duration: 3 months
Type: HTTP

Name: li_sugr
Provider: LinkedIn
Purpose: Collects data about visitor behavior and interaction – This is used to optimize the website and make advertisements on the website more relevant.
Duration: 3 months
Type: HTTP

Name: ewafutano
Provider: syntax-systems.com
Purpose: Used to present relevant content and advertising to the visitor – The service is provided by third-party providers that enable real-time bidding for advertisers.
Duration: 2 years
Type: HTTP

 

 

(7) (2) Description of Cookie “6sense”:

We use 6sense for marketing activities on our website. The third-party provider is 6sense Insights Inc, a software company from the USA with a branch office at 450 Mission Street, Suite 201 San Francisco, CA 94105.

We use the integrated software solution for our own marketing, lead generation and customer service purposes. This includes tracking user behavior and data on our website and third-party websites. For this purpose, 6sense uses cookies, small text files that are stored locally in the cache of your web browser on your end device and enable us to analyze your use of the website. The information collected (e.g. IP address, geographical location, type of browser, duration of visit and pages viewed) is evaluated by 6sense on our behalf so that we can analyze which company visits our website and also suggests suitable contact information from LinkedIn.

Information collected by 6sense and the content of our website is stored on the servers of 6sense’s service providers. If you have given  your consent to this in accordance with Art. 6 (1) lit. a GDPR, the processing on our website is carried out by 6sense for the aforementioned analysis purposes.

Since a transfer of personal data by 6sense to subsidiaries and subcontractors in countries outside the EU and the EEA is possible, further protection mechanisms are required to ensure the level of data protection of the GDPR.

For the USA, there is an adequacy decision of the EU Commission pursuant to Art. 45 (1) GDPR with regard to companies certified under the EU-U.S. Data Privacy Framework. 6sense Insights Inc. is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be researched at the following link: www.dataprivacyframework.gov/s/participant-search.
For potential transfers to other third countries outside the EU and the EEA for which there is no adequacy decision by the EU Commission, EU standard contractual clauses /SCCs pursuant to Art. 46 (2) lit. c) GDPR are also concluded. These oblige the recipient of the data in the third country to contractually process and protect the data in accordance with the level of protection in Europe. Furthermore, data subjects are granted rights comparable to the GDPR.

The data will be deleted in accordance with Art. 17 GDPR as soon as it is no longer required to achieve the purpose for which it was collected. The consent given to us is only stored for a period of 12 months for the purpose of proof (consent management).  You can permanently object to the collection of data by 6sense and the setting of cookies by preventing the storage of cookies through your browser settings. You can object to the processing of your personal data at any time with effect for the future by sending an email to [email protected] and revoking your consent.

6. Contact Form

(1) There is a contact form on our website which can be used to contact us electronically. If you contact us via this contact form, data entered in the input fields will be processed by us.

(2) When submitting the form, the following data is also saved:

  • Your IP address
  • Date and time of sending

Please note that the scope of personal data collected in the contact form also depends on which data you disclose yourself in the contact form.

(3) The purpose of processing personal data is to process the contact request and to be able to contact you with regard to your request. The legal basis for the processing of personal data you provide in connection with the contact is Art. 6 para 1 S. 1 lit. b) GDPR.

(4) Other personal data processed during sending (IP address, date and time of sending) serves to prevent misuse of our contact form. The legal basis for this is our legitimate interest in accordance with Art. 6 (para S. 1 1 lit. f) GDPR. We have a legitimate interest in preventing or being able to prove misuse of our contact form.

(5) The data will be deleted as soon as it is no longer required to achieve the purpose for which they were collected.

(6) The recipient of the data is our server host, who works for us within the framework of an order data agreement.

(7) The provision of personal data is neither required by law nor by contract and is also not required for the conclusion of a contract. You are also not obliged to provide the personal data. However, failure to provide it could mean that you may not be able to use our contact form.

7. E-Mail Contact

(1) It is possible to contact us via the e-mail addresses provided on the website. In this case, the user’s personal data transmitted with the e-mail will be stored. The data will only be used to process the request. The legal basis for processing the data transmitted in the course of sending an e-mail is Art. 6 para 1 S. 1 lit. f) GDPR. If the e-mail contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 para 1 S. 1 lit. b) GDPR.

(2) The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data from the input mask of the contact form and that sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is over when it can be inferred from the circumstances that the facts in question have been finally clarified.

(3) Irrespective of paragraph 2, the following applies: contact requests from customers which relate to a specific business transaction are stored as long as this is necessary for the implementation and processing of the contract (Art. 6 para 1 S. 1 lit. b) DSGVO) or required under legal storage obligations (Art. 6 para 1 S. 1 lit. c) DSGVO). Contact requests from customers not relating to a specific business transaction are stored as long as the business relationship exists. The legal basis is Art. 6 para 1 S.1 lit. f) GDPR to protect our legitimate interests and those of the customer, in particular support and quality assurance. Customers can object to the processing at any time in individual cases.

8. Collection of Personal Data not from Data Subject

In accordance with Art. 14 GDPR, we would like to inform you about the sources and data categories we use when researching or collecting data from third parties. For this purpose, we use the Echobot tool, which does not collect data directly from you, but moreover from its own research and data from third parties. The legal basis is Art. 5 para 1 lit. d) GDPR and the protection of legitimate interests for the purpose of verifying and updating our database in accordance with Art. 6 para 1 S. 1 lit. f) GDPR. The data is only used within the scope of this data protection declaration. It will only be used for advertising if we have given our consent.

9. Disclocure of Data to Third Partiese

(1) As part of the hosting of our website, your data processed by us will be processed by external service providers on our behalf and according to our instructions on the basis of an order processing contract.

(2) If web analysis services and third-party providers are used, the data will be transmitted to the extent described here, see Section B.

10. Duration of Storage

We process and store your personal data for as long as it is necessary to fulfill our contractual and legal obligations. We delete your personal data as soon as it is no longer required for the above purposes. It may happen that personal data is kept for the period in which claims can be asserted against our companies (statutory limitation periods of three or up to thirty years). In addition, we store your personal data insofar as we are legally obliged to do so. Corresponding proof and storage obligations result from commercial, tax and social security regulations.

11. Automated decision-making, profiling

As a matter of principle, we do not use fully automated decisionfindings in accordance with Article 22 of the GDPR to establish and implement the business relationship.

B. Automated Decision Making, Profiling by Third Parties

12. Technology and Plug-ins

In accordance with Art. 2 GDPR, we do not use fully automated decision-making to establish and implement business relationships.

(1)  Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google Ireland. Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses cookies, which are stored on your end device and which enable an analysis of your use of the website. Among other things, data is recorded about which website you came from, which sub-pages you visited, how often and for how long.

Primarily, Google uses this information to evaluate the use of our website, to compile reports on website activity for us and to provide other services related to the use of our website. Google also uses the data for its own purposes, in particular to provide its web analysis and tracking service or to create a profile.

There may be a link to other data, e.g., via existing Google accounts.

We store your data for 14 months.

Basically, Google processes your IP address when using Google Analytics. We have activated the Google Analytics IP anonymization function on our website. As a result, your IP address will be shortened before it is transmitted to Google within the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there.

Google may transmit your personal data to Google group companies, such as Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.

We use Google Analytics to analyze and optimize the use of our website. The statistics obtained allow us to design our website according to your preferences. This processing is based on your voluntarily given consent. The legal basis for this is Art. 6 para 1 S. 1 1 lit. a) GDPR, Art. 49 Paragraph 1 Clause 1 Letter a) GDPR. You can revoke your consent at any time with effect for the future by changing the cookie settings in the Cookie Consent Manager.

You can prevent the setting of cookies at any time by means of a corresponding setting in your browser and thus permanently object to the setting of cookies. In addition, a cookie already set by Google Analytics can be deleted at any time via your browser or other software programs.

It is possible to prevent the collection of data generated by Google Analytics relating to the use of this website and the processing of this data by Google. To do this, the browser add-on must be downloaded and installed from the link https://tools.google.com/dlpage/gaoptout

The installation of the browser add-on is evaluated by Google as a contradiction. This browser add-on tells Google Analytics via JavaScript that no data and information about visits to websites may be transmitted to Google Analytics.

Finally, you can also prevent the transmission of data to Google Analytics by setting an opt-out cookie in your browser.

Further information on the purpose and scope of data collection and its processing by Google within the framework of Google Analytics can be found in Google’s data protection declaration at https://www.google.com/policies/privacy/ and at https://policies.google.com/technologies/ads?hl=de. There you will also receive further information on your rights in this regard and setting options to protect your privacy.

Insofar as consent has been obtained, the above-mentioned service is used exclusively on the basis of Art. 6 para 1 S. 1 lit. a) GDPR and § 25 TDDDG. Consent can be revoked at any time. Unless consent has been obtained, this service is used on the basis of Art. 6 para 1 S. 1 lit. f) GDPR; the website operator has a legitimate interest in optimizing its marketing campaigns.

(2)   Google Tag Manager

This website uses the Google Tag Manager as part of Google Analytics. Tags are small code elements on our website that are used, among other things, to measure traffic and visitor behavior, to record the impact of online advertising and social media, to use remarketing and targeting of target groups and to test and optimize the website. Google Tag Manager is a solution that allows Saueressig to manage website tags via one interface. The Tag Manager tool itself (which implements the tags) is a cookieless domain. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, this will remain in place for all tracking tags implemented with Google Tag Manager.

Further information on Google Tag Manager can be found on the Internet at: https://www.google.com/analytics/tag-manager/use-policy/

Insofar as consent has been obtained, the above-mentioned service is used exclusively on the basis of Art. 6 para 1 S. 1 lit. a) GDPR and § 25 TDDDG. Consent can be revoked at any time. Unless consent has been obtained, this service is used on the basis of Art. 6 para 1 S. 1 lit. f) GDPR; the website operator has a legitimate interest in optimizing its marketing campaigns.

(3) Google Ads

We use the online advertising program Google Ads from Google. We use conversion tracking as part of Google Ads. Google sets a cookie on your end device if you have reached our website via a Google ad on an external website.

Google provides us with statistical evaluations using the information collected through the cookies. This tells us the total number of users who have clicked on our advertisement(s) and been redirected to our website. Based on these evaluations, we can see which of the advertising measures used are particularly effective. We do not receive any further data, in particular we cannot identify the users based on this information.

We do not collect or process any personal data ourselves. By using Google Ads and conversion tracking, we pursue our interest in showing you advertising that may be of interest to you, making our website more interesting for you and being able to calculate advertising costs accordingly.

Due to the use of conversion tracking, your browser automatically establishes a direct connection to the Google server. We have no influence on the scope and further use of the data collected through the use of conversion tracking by Google. We will inform you according to our level of knowledge: Through the integration, Google receives the information that you have accessed the relevant part of our website or clicked on one of our advertisements. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, Google will receive your IP address and statistical information (browser type and version number, address of the previously visited website (referrer), date and time of the request) and the Address of the pages that you call up from us.

Google may transmit your personal data to Google group companies, such as Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.

Processing is based on your voluntarily given consent. The legal basis for this is Art. 6 para 1 S. 1 lit. a) GDPR, Art. 49 para1 Clause 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future by changing the cookie settings in the Cookie Consent Manager.

You can also prevent the setting of cookies at any time in various ways: a) by setting your browser accordingly; in particular, suppressing third-party cookies means that you will not receive any third-party ads; b) by deactivating cookies for conversion tracking by setting your browser so that cookies from the domain https://www.google.de/settings/ads; are blocked; c) by deactivating interest-based ads from providers that are part of the “About Ads” self-regulation campaign via the link https://www.aboutads.info/choices; d) by permanent deactivation in your browser under the link https://www.google.com/settings/ads/plugin. We would like to point out that in this case you may not be able to use all the functions of our website.

Further information on the purpose and scope of data collection and its processing by Google within the framework of Google Ads can be found in Google’s data protection declaration at https://www.google.de/intl/de/policies/privacy/ and https://policies.google.com/technologies/ads?hl=de. There you will also receive further information on your rights in this regard and setting options to protect your privacy

(4)   LinkedIn Insight Tag

We use the Insight Tag of the social network LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”) on our website. With this measure, we want to make our website user-friendly and comfortable and continuously optimize it in terms of content and technology.

The LinkedIn Insight Tag enables the collection of data regarding visits to our website, including URL, referrer URL, IP address, device and browser properties, timestamp, and page views. LinkedIn does not share any personally identifiable information with us, but only provides aggregated reports on website audience and viewing performance. LinkedIn also offers retargeting for website visitors, so that we can use this data to display targeted advertising outside of our website without the LinkedIn member being identified. LinkedIn members can control the use of their personal data for advertising purposes in their LinkedIn account settings.

LinkedIn may also transmit personal data to other LinkedIn companies, such as LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.

The processing is based on your voluntarily given consent. The legal basis for this is Art. 6 Paragraph 1 Clause 1 Letter a) GDPR, Art. 49 para 1 Clause 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future by changing the cookie settings in the Cookie Consent Manager.

You can decide at any time about the function of the tool via your browser settings. We would like to point out that in this case you may not be able to use all the functions of our website.

As an alternative to changing your browser settings, you can click on the following link to prevent LinkedIn from collecting data on this website in the future: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Further information on the purpose and scope of data collection and its processing by LinkedIn can be found in LinkedIn’s data protection information at https://www.linkedin.com/legal/privacy-policy. There you will also receive further information on your rights in this regard and setting options to protect your privacy.

(5)   Facebook Custom Audiences

The website also uses the “Custom Audiences” remarketing function of Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). As a result, users of the website are shown interest-based advertisements (“Facebook Ads”) when they visit the social network Facebook or other websites that also use the process. In doing so, we are interested in showing you advertising that is of interest in order to make our website more interesting for you.

Due to the marketing tools used, your browser automatically establishes a direct connection to the Facebook server when you visit our website. We have no influence on the scope and further use of the data collected by Facebook through the use of this tool and are therefore informing you according to our state of knowledge: By integrating Facebook Custom Audiences, Facebook receives the information that you have visited the corresponding website of ours accessed our website or clicked on one of our advertisements. If you are registered with a Facebook service, Facebook can assign the visit to your account. This survey by Facebook enables us, for example, to show you, as a (former) visitor to our website, advertising from us on other websites (so-called retargeting). Even if you are not registered with Facebook or have not logged in, there is a possibility that the provider will find out and store your IP address and other identifiers.

Facebook may also transmit data to other Facebook companies, such as Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA.

Your personal data will only be processed if you have given your consent. The legal basis for the processing of your data is Art. 6 para 1 S. 1 lit. a) GDPR, Art. 49 para 1 clause 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future by changing the cookie settings in the Cookie Consent Manager.

In addition, the “Facebook Custom Audiences” function can be deactivated for logged-in users at https://www.facebook.com/settings/?tab=ads .

Further information on the purpose and scope of the data collection and its processing by Facebook can be found at https://www.facebook.com/about/privacy. There you will also receive further information on your rights in this regard and setting options to protect your privacy.

(6)   Twitter Remarketing

We use the Twitter Remarketing service from Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland (“Twitter”). This allows us to address visitors to our website on the Twitter platform with advertising that is of interest to them. Twitter uses so-called “tags” for this purpose. In addition, visits, and data on the use of our website are recorded in pseudonymous form. If you then visit Twitter, you may be shown interest-based advertising.

Twitter may also transmit data to Twitter group companies in third countries, such as Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA.

Your personal data will only be processed if you have given your consent. The legal basis for processing is Art. 6 Paragraph 1 Clause 1 Letter a) GDPR, Art. 49 Paragraph 1 Clause 1 Letter a) GDPR. You can revoke your consent at any time with effect for the future in the Cookie Consent Manager.

In addition, if you do not want interest-based advertising to be displayed to you on Twitter, you can deactivate this function on Twitter at  https://support.twitter.com/Art.s/20171528. Twitter also supports the “Do Not Track (DNT)” option. You can activate this at: https://support.twitter.com/Art.s/20171372.

Further information on the purpose and scope of data collection and its processing by Twitter is available at https://business.twitter.com/de/help/troubleshooting/how-twitter-ads-work.html. There you will also receive further information on your rights in this regard and setting options to protect your privacy.

Insofar as consent has been obtained, the above-mentioned service is used exclusively on the basis of Art. 6 para 1 S. 1 lit. a) GDPR and § 25 TDDDG. Consent can be revoked at any time. Unless consent has been obtained, this service is used on the basis of Art. 6 para 1 S. 1 lit. f) GDPR; the website operator has a legitimate interest in optimizing its marketing campaigns.

(7)   Microsoft Advertising

We use the Microsoft Advertising service from Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland (“Microsoft”) on our website. If you reach our website via a Microsoft Advertising advertisement, Microsoft will set a cookie on your end device. This allows Microsoft and us to recognize that someone clicked on an ad and was directed to our website. Here we only learn the total number of users who clicked on such an advertisement and were forwarded to our website. Microsoft uses the cookie to process information from which pseudonymised usage profiles are created, by means of which visitor behavior is analyzed and which is used to place advertisements.

Microsoft may also transmit data to Microsoft group companies, such as Microsoft Privacy, Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052, USA.

Your personal data will only be processed if you have given your consent. The legal basis for the processing of your data is Art. 6 Paragraph 1 Clause 1 Letter a) GDPR, Art. 49 Paragraph 1 Clause 1 Letter a) GDPR. You can revoke your consent at any time with effect for the future by changing the cookie settings in the Cookie Consent Manager.

You can also prevent this processing by declaring your objection (opt-out) under the following link https://choice.microsoft.com/de-DE/opt-out.

Further information on the purpose and scope of data collection and its processing by Microsoft is available at https://privacy.microsoft.com/de-de/privacystatement. There you will also receive further information on your rights in this regard and setting options to protect your privacy.

Insofar as consent has been obtained, the above-mentioned service is used exclusively on the basis of Art. 6 para 1 S. 1 lit. a) GDPR and § 25 TDDDG. Consent can be revoked at any time. Unless consent has been obtained, this service is used on the basis of Art. 6 para 1 S. 1 lit. f) GDPR; the website operator has a legitimate interest in optimizing its marketing campaigns.

(8) Evalanche

(1) We use the Evalanche marketing tool. The provider is SC-Networks GmbH, Würmstraße 4, 82319 Starnberg (hereinafter Evalanche).

(2) Evalanche is a tool for optimizing and automating our marketing activities. With Evalanche we can e.g., automate our lead generation and target our website content based on audiences. Furthermore, we can analyze user behavior of our website visitors and trigger further marketing campaigns on this basis. For this purpose, Evalanche stores various data of the website visitors, such as addresses, interests, geographic location, etc.

(3) Evalanche is certified according to the internationally recognized IT security standard ISO 27001.

(4) Insofar as consent has been obtained, the above-mentioned service is used exclusively on the basis of Art. 6 para 1 S. 1 lit. a) GDPR and § 25 TDDDG. Consent can be revoked at any time. Unless consent has been obtained, this service is used on the basis of Art. 6 para 1 S. 1 lit. f) GDPR; the website operator has a legitimate interest in optimizing its marketing campaigns.

13. Social Media Plug-Ins

(1) LinkedIn, Xing, YouTube, Facebook, and Twitter

On our website we use the plugins of the social networks LinkedIn, Xing, Youtube, Facebook and Twitter.

We do not use direct plug-ins for this, but the so-called two-click solution. You can decide for yourself whether and when data is transmitted to the operators of the respective social networks. Therefore, when you visit our website, no data is automatically transmitted to the social networks. Only when you click on the respective button yourself does your browser establish a connection to the servers of the respective social network. The plug-in provider contains the information that you have accessed the corresponding website of our online offer. In addition, the data mentioned under 2.1 of this declaration will be transmitted.

We have no influence on the data and data processing operations collected by the respective plug-in providers. Personal data may be transferred to third countries, including the USA, and/or linked to other data, e.g., via an existing user account with the respective provider. Information on the purpose and scope of the data collection and its processing by the plug-in provider can be found in the data protection declarations of these providers. There you will also receive further information on your rights in this regard and setting options to protect your privacy.

  1. LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; https://www.linkedin.com/legal/privacy-policy.
  2. Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; https://privacy.xing.com/en/privacy-policy.
  3. Youtube LLC, 901 Cherry Ave., San Bruno, CA 94066,
  4. USA; https://www.google.de/intl/de/policies/privacy.
  5. Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland;
    http://www.facebook.com/policy.php

    http://www.facebook.com/help/186325668085084

    http://www.facebook.com/about/privacy/yourinfo-on-other#applications

    http://www.facebook.com/about/privacy/your-info#everyoneinfo.
  6. Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland; https://twitter.com/de/privacy

(2)   Integration of YouTube Videos

We have integrated YouTube videos into our online offer, which are stored on http://www.YouTube.com and can be played directly from our website. These are all integrated in “extended data protection mode”, i.e., no data about you as a user is transmitted to YouTube if you do not play the videos. Only when you play the videos will the data mentioned in the following paragraph be transmitted. We have no influence on this data transmission.

By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under 2.1 of this declaration will be transmitted. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on YouTube, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for advertising, market research and/or needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.

Further information on the purpose and scope of the data collection and its processing by YouTube can be found in the data protection declaration. There you will also find further information on your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy.

14. Online Social Media Presence

We operate online presences in social media in order to be able to communicate with you as a customer or interested party and inform you about our products and services and career opportunities. We would like to inform you as to how we process your personal data when you visit our online presence in social media.

14.1 Notices for all platforms

We operate online presences on the following social media of the following platform operators at the following addresses:

14.2 Processing by Syntax

This data protection declaration applies to our online presence on social media. The following additional information applies:

The processing of personal data in connection with our presence in social media takes place – unless otherwise described below – on the basis of our legitimate interests in public relations, communication and product improvement. The legal basis for this is Art. 6 para 1 S. 1 1 lit. f) GDPR.

We can see your posts and similar interactions on our online properties and also your public profile (depending on which data you have allowed to be viewed). We may use this information to improve our products and information, particularly on the platforms.

If you contact us via our online presence in social media, we process the data that you make available to us when contacting us in order to answer your request. We may then answer your inquiries via the respective platform. In this context, we would like to point out that communication via the platforms is potentially insecure and that you can contact us at any time via other means and accordingly receive an answer via other means. The legal basis for this is regularly Art. 6 (1) sentence 1 lit. b) GDPR (contract initiation and/or contract execution with regard to answering an inquiry).

In individual cases, it may also be necessary for us to process data left on our online presence in social media or transmitted to us due to legal obligations (e.g., for the purpose of passing them on to authorities or courts) or for the purpose of product monitoring and product safety. The legal basis for this is Art. 6 Paragraph 1 Clause 1 Letter c) (legal obligation) or Letter f) (legitimate interest) GDPR.

In addition, we receive aggregated, anonymous usage statistics from the platforms in individual cases, which we use to evaluate usage behavior and to improve our information offering. These may also have been created by the platform operator on the basis of personal user data. For more information on the relevant services and evaluation options, please refer to the previously linked data protection notices of the respective platform operators.

With regard to the aforementioned processing activities (evaluations), you are entitled to certain data subject rights in accordance with Art. 12 et seq. GDPR (cf. Section 16 below). Of course, you can also assert corresponding rights against us. The following clause 7 applies accordingly. For corresponding inquiries, please use the contact details given above. If we do not have sufficient influence on the respective data processing in individual cases, we reserve the right to refer individual questions and to the extent legally permissible to the respective platform operator. For any assertion of data subject rights against the platform operator, please refer to the respective data protection notices for further information.

14.3 Additional Notes on LinkedIn

As part of our LinkedIn presence, we use LinkedIn’s Lead Gen Forms service. We thus provide download forms that are automatically pre-filled with your contact and profile data as a LinkedIn member. This includes your title, last name, company, industry, postal code, and email address.

By submitting the pre-filled download form, you consent to us sending you interesting information about current developments, news and offers from Syntax to the e-mail address you have provided. The legal basis Art. 6 para 1 S. 1 lit. a) GDPR, § 25 TDDDG.

In order to be able to send you information tailored to your interests, we also took into account other information that you or LinkedIn have transmitted to us when using our services (including information about your function in the company, information about your company, how often you visit our website) when designing the measures have, what other downloads you have made, etc.).

Please refer to Provider’s Data Protection Information for the data LinkedIn makes available to us in this context. The systems used for this also use the aforementioned data automatically in order to constantly improve the respective processes. We also evaluate the use of our e-mails (e.g., whether they are read or not).

This processing of your personal data is based on your consent, which you give by submitting the download form. The legal basis for this is Art. 6 para 1 S. 1 lit. a) GDPR, § 25 TDDDG. You can revoke your consent at any time (e.g., by clicking on the unsubscribe link contained in the e-mails) with effect for the future.

15. Links to other Websites

(1) Our website may contain links to websites operated by third parties that are not covered by this data protection declaration. These third-party websites have their own privacy policies and may also use cookies or other tracking technologies. The respective operator or the person named as responsible for the corresponding website is responsible.

(2) The links to external websites are checked by us before they are linked. However, we have no influence on whether their operators comply with data protection regulations. If we become aware of violations or violations of the law, we will remove the relevant links immediately.

C. Rights of Data Subjects

16. Your Rights

If personal data is processed by you, you are the data subject under GDPR and you have the following rights vis-à-vis us as the person responsible.

a) Rights under Art. 15 et seq. GDPR

(1) The data subject has the right to request confirmation from the person responsible as to whether personal data relating to them are being processed; if this is the case, they have a right to information regarding this personal data and to the information listed in Art. 15 GDPR. Under certain legal conditions, you have the right to correction under Art. 16 GDPR, the right to restriction of processing under Art. 18 GDPR and the right to erasure (“right to be forgotten”) under Art. 17 GDPR. In addition, you have the right to the data you have provided being issued in a structured, common and machine-readable format (right to data transferability) in accordance with Art. 20 GDPR, provided that the processing is carried out using automated procedures and on the basis of consent in accordance with Art. 6 para 1 S. 1 lit. a) or Art. 9 (2) lit. a) or on a contract pursuant to Art. 6 para 1 S. 1 lit. b) GDPR.

b) Revocation of consent in accordance with Art. 7 para. 3 GDPR

If the processing is based on consent, you can revoke your consent to the processing of personal data at any time. Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected.

c) Right of Objection

You have the option of contacting us or a data protection supervisory authority with an objection (Art. 77 GDPR). The applicable supervisory authority in Baden-Württemberg is:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit, Postfach 10 29 32, 70025 Stuttgart, Tel.: 0711/615541-0, FAX: 0711/615541-15, E-Mail: [email protected].

d) Right of Objection according to Article 21 GDPR

In addition to the aforementioned rights, you have the right to object as follows:

Individual Right of Objection

For reasons arising from your particular situation, you have the right at any time to object to the processing of personal data relating to you, which is based on Art. 6 para 1 S.1 lit. e) GDPR (data processing in the public interest) and Art. 6 para 1 S. 1 1 lit f) GDPR (data processing on the basis of a balance of interests) to file an objection; this also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR.

If you file an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims.

Right to Object to the Processing of Data for Advertising Purposes

In individual cases, we process your personal data in order to carry out direct advertising. You have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes.

D. Final Provisions

17. Security

1) We have taken technical and organizational security measures in accordance with Art. 24, 32 GDPR to protect your personal data from loss, destruction, manipulation, and unauthorized access. All our employees and all third parties involved in data processing are obliged to comply with the requirements of the GDPR and to treat personal data confidentially.

(2) SSL or TLS encryption: For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses an SSL or TLS encryption. TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

18. Changes to our Privacy Policy

We reserve the right to change our security and data protection measures if this becomes necessary due to technical developments, the expansion of our services or legal changes. In these cases, we will also adapt our data protection declaration accordingly. Therefore, please consider the currently valid versions of our data protection declaration.

6. Data processing information for customers and suppliers in the event of a business relationship

Syntax is a global IT service and managed cloud provider with 2096 employees that supports companies from the industrial SME sector in particular with their diverse IT challenges.

I. Overview

In this section of the privacy policy, you will find an overview of information on the data controller, its data protection officer, the purposes and legal bases of the processing of your data, and your rights.

1. Who is responsible for data processing?

a) Responsible in the sense of Art. 4 No. 7 GDPR (General Data Protection Regulation) is:

Syntax Systems GmbH & Co. KG, Höhnerweg 2-4, 69469 Weinheim, Germany

Tel. +49 6201 808008
https://www.syntax.com/de-de/

hereinafter referred to as “SYNTAX”; “we” or “us”.

2. Data Protection Officer

You can reach our data protection officer Dr. Stefan Baum by telephone +49 7621 – 5705398, by e-mail: [email protected] or by post at the above address with the addition “attn. data protection officer”.

3. Purposes and legal bases of processing at a glance

We use your data to initiate business, to fulfill contractual and legal obligations, to carry out the contractual relationship, to offer products and services and to strengthen the customer relationship, which may also include analyses for marketing purposes, customer satisfaction surveys and direct advertising. If your personal data is processed for the implementation of pre-contractual measures (e.g. for the creation of offers for products or services) and for the fulfillment of contractual obligations (e.g. for the implementation of our service or for order/order/payment processing), Art. 6 para. 1 p. 1 lit. b) GDPR) or if there is a legal obligation to process (e.g. due to tax law requirements), Art. 6 para. 1 p. 1 lit. c) GDPR is the legal basis.

Your consent also constitutes a permission requirement under data protection law (Art. 6 para. 1 p. 1 lit. a) GDPR). Here, we will inform you about the purposes of the data processing and about your right of revocation. If the consent also refers to the processing of special categories of personal data, we will expressly point this out to you in the consent.

4. Obligation to provide

Various personal data are necessary for the establishment, implementation and termination of the debt relationship and the fulfillment of the associated contractual and legal obligations. The same applies to the use of our website and the various functions it provides. In certain cases, data must also be collected or made available due to legal requirements. Please note that it is not possible to process your request or carry out the underlying contractual obligation without providing this data.

5. Your rights at a glance

We would like to inform you about your rights as a data subject. These rights are standardized in Art. 15 – 22 GDPR. This includes:

  • The right to information (Art. 15 GDPR),
  • The right to erasure (Art. 17 GDPR),
  • The right to rectification (Art. 16 GDPR),
  • The right to data portability (Art. 20 EU GDPR),
  • The right to restriction of data processing (Art. 18 GDPR),
  • The right to object to data processing (Art. 21 GDPR).

To assert these rights, please contact us or the data protection officer. The same applies if you have questions about data processing in our company. You also have the right to lodge a complaint with a data protection supervisory authority.

II. Data processing in detail

In this section of the Privacy Policy, we inform you in detail about the processing of personal data within the scope of our services.

1. What categories of data do we process, data subjects and from what sources do the personal data originate?

Which data we process is determined by the respective context and the purposes pursued by the processing.

a) The categories of personal data processed include:

  • Account data: Login/user ID and password
  • Log data about the use of the IT systems (diagnostic data)
  • Master data (title, first and last name, title, company, address)
  • Job-related data (e.g. function in the company, department)
  • Contact information (phone number, mobile number, fax number and email address, social media accounts if applicable);
  • Data necessary for processing an inquiry, if necessary also creditworthiness data
  • CRM data, especially customer history, customer statistics
  • Personal data processed in the context of projects and meetings, in particular dates, times, participants, meeting content, minutes, travel, hospitality and accommodation
  • Time recording, especially project documentation and accounting
  • Advertising and sales data and other data from similar categories,
  • Tracking, analysis and usage data of our websites (cf. separate privacy policy)
  • Data in the context of support requests, trouble shooting
  • Other information that is required to process our contractual relationship or a project with our customers or sales partners (such as payment data, order data, etc.)
  • Visitor management at the site, including master data and contact information, reason for visit, syntax contact person, date, time.

b) Affected persons

We process data of the following persons for the aforementioned purposes:

  • Customers, suppliers and business partners
  • Employees of customers, suppliers and business partners
  • Employees of affiliated companies of customers, suppliers and business partners
  • Lawyers, auditors, consultants, data protection officers and ext. service providers of the aforementioned persons,
  • Interested parties.

c) We process personal data that we have obtained from business relationships (such as with customers or suppliers) or inquiries. As a rule, we receive this data directly from the contractual partner or a person making an inquiry. However, personal data may also originate from public sources (e.g. commercial register), provided that the processing of such data is permitted. Required data may also be made available to us by third-party providers and business partners, insofar as these are involved in the provision of services or are commissioned by us. Data may also have been legitimately provided to us by other companies, as well as affiliated companies. Depending on the individual case, we also store our own information on this data (e.g. as part of an ongoing business relationship).

2. For what purposes and on what legal basis do we process personal data?

We process personal data in accordance with the provisions of the GDPR and national data protection legislation:

a) In the context of the performance of a contract or for the execution of pre-contractual measures (Art. 6 para. 1 p. 1 lit. b) GDPR)

We process personal data primarily for the fulfillment of contractual obligations and the provision of related services or in the context of a corresponding contract initiation (e.g. contract negotiations, preparation of offers). The specific purposes here depend on the respective service or product to which the business relationship or contract initiation relates, in particular in connection with orders from customers and orders placed with suppliers, service partners. Furthermore, we process your data in processing the services provided, in particular invoicing, accounts receivable management, dunning and collection.

The data processing serves the following purposes in particular:

  • Initiation, execution and processing of orders
  • Planning, development, migration and operation of IT services, in particular Industrial IoT, SaaS, managed services
  • Cloud Computing, Application Management Services, Digital Manufacturing and Modern Workplace
  • SAP: From consulting and planning to implementation and operation of regional and globally distributed hybrid SAP landscapes
  • IT Security Services
  • License management and billing
  • IT Consulting
  • administration of customer data, for the processing of payments and, if necessary, for credit checks.
  • Communication with customers, service providers, subcontractors, business partners as well as authorities
  • Support, in particular answering inquiries from our contact persons, interested parties, customers or partners
  • Organization and implementation of trainings, workshops and certifications
  • Conducting internal and external audits on our behalf
  • Organization and planning, implementation and management of the business relationship between us and our customers and partners as well as our affiliated companies

b) For the protection of legitimate interests (Article 6 para. 1 p. 1 lit. f) GDPR)

To the extent necessary, we process your data beyond the actual performance of the contract to protect legitimate interests of us or third parties, namely:

  • Data processing for security, quality assurance and process optimization: to the extent permitted by law, we process the data collected in the course of contract performance for (data) security purposes (e.g. for the purpose of detecting criminal acts or misuse), for compiling statistics, and for quality assurance, process optimization and planning security. For this processing, there is a legitimate interest on the part of the responsible parties with regard to ensuring a smooth process as well as the continuous improvement of the respective products and services. In the opinion of the data controller, there is no predominant interest of the data subjects that is worthy of protection, since the intensity of the processing is kept as low as possible, e.g. by using pseudonyms. The legal basis for this data processing is Art. 6 para.1 lit. f) GDPR.
  • Credit assessment and fraud prevention
  • Terrorist List and Sanctions List Screening
  • Settling legal disputes, enforcing existing contracts, and asserting, exercising, and defending legal claims.
  • Maintaining and protecting the security of our systems and the Company’s IT operations.
  • Measures for building and facility security (e.g. access control or video surveillance)
  • Exchange of control and planning data, key figures with affiliated Syntax companies and their consultants and service providers.
  • Credit check

c) Due to legal obligations (Art. 6 para. 1 p. 1 lit c) GDPR)

The purposes of the processing include, among other things, the fulfillment of tax and social law control and reporting obligations. This also includes legal reporting obligations for the provision of services and the posting according to A1 procedures, see also item 5. Likewise, the processing of personal data insofar as this is necessary for the implementation of technical and organizational measures according to Art. 32 GDPR.

d) Based on your consent (Article 6 para. 1 p. 1 lit. a) GDPR)

Insofar as you have given us consent in individual cases to process personal data for specific purposes (e.g. filming and photographing, newsletter subscription, consent to direct marketing and electronic advertising or consent to e.g. customer satisfaction surveys), the lawfulness of this processing is based on your consent.

3. Postal advertising

We collect and process your address and communication data and the customer segment for our own marketing purposes and the marketing purposes of our affiliated companies. Furthermore, we are entitled to store and use additional information, e.g. from your previous orders, in compliance with the statutory provisions, in order to send you advertising that is as tailored to your needs and interests as possible. A transfer of previously not mentioned additional stored data does not take place. The processing of the data is based on Article 6 para. 1 p. 1 lit. f) GDPR. You can object to the use and disclosure of your data for advertising purposes at any time.

4. Who receives my data?

Within SYNTAX, access to your personal data is granted to those persons who need it to fulfill our contractual and legal obligations or to protect legitimate interests.

We may disclose personal data to courts, regulatory authorities or law firms to the extent legally permissible and necessary to comply with applicable law or to assert, exercise or defend legal claims.

Furthermore, service providers and vicarious agents employed by us may receive data for these purposes. We may only disclose information about you if required by law, if you have consented, if we are legally authorized to provide information or to disclose information and/or if processors commissioned by us equally guarantee compliance with confidentiality and the requirements of the General Data Protection Regulation and the Federal Data Protection Act.

Under these conditions, the following recipients may receive data in the process:

  • Affiliated companies in the context of controlling, financial controlling and reporting or processing of data as a processor
  • Affiliated companies in the context of global task fulfillment and reporting
  • Affiliated companies within the scope of intercompany order processing
  • For the purposes of contract processing, invoicing and archiving, your data will be stored at SAP Deutschland SE & Co. KG, Hasso-Plattner-Ring 7, 69190 Walldorf.
  • Customers, suppliers and business partners as well as authorities within the scope of order processing
  • Processors, in particular cloud services, including Salesforce, SAP, Microsoft
  • Processor, the services we provide to you as part of Cloud Computing, Application Management Services, Digital Manufacturing and Modern Workplace.
  • IT security service provider
  • IT service provider within the scope of (remote) maintenance of IT systems
  • Subcontractors to fulfill the order,
  • Customers and suppliers within the framework of business correspondence and order documentation
  • Auditors
  • Credit assessment service provider
  • Data destruction service provider
  • Courts and arbitration tribunals for legal disputes
  • Public bodies for the fulfillment of statutory notification obligations e.g. tax authorities, competent bodies in A1 proceedings
  • Lawyers, tax consultants and auditors
  • Collection service provider
  • Banks, payment card processors (credit cards) and payment service providers
  • Telephony provider
  • Digital signature solution provider
  • Gate and visitor management service at the site
  • Insurances

5. Will your data be transferred to a third country?

A data transfer to countries outside the EU or the EEA (so-called third countries) finds only if this is necessary for the execution of your orders (e.g. material procurement, manufacturing, delivery, logistics) or is required by law (e.g. tax reporting obligations), you have given us consent or within the framework of an order processing. Furthermore, we transmit data to affiliated companies for the protection of legitimate interests. In case of transfer of personal data to third countries, we ensure an adequate level of data protection in compliance with the principles according to Art. 44 et seq. GDPR. This means that processing is carried out, for example, on the basis of special guarantees, such as the officially recognized determination of a level of data protection corresponding to the EU (e.g. for Canada or USA according to the Data Privacy Framework) or compliance with recognized special contractual obligations (so-called “EU standard contractual clauses”).

When providing services and posting employees (A1 procedure), it may be that we transmit personal data about our customers and/or clients or the place of work to the competent authorities in accordance with the statutory reporting requirements.

Data processing systems to third countries:

a) Interested parties

Potential customers are created in Salesforce. Master data such as the company, address, contact person and other contact data are stored in this.

b) Suppliers and customers

Processors in third countries according to section 4.

Your master data (company, address, contact person, telephone number or e-mail) is created in ServiceNow, Inc. for the purpose of billing and service provision. For general communication (especially email, phone, teams) and M365 services, we use the global tenant of Syntax Group from Microsoft Corp.

Data exchange takes place with affiliated Syntax companies within the scope of global task fulfillment and reporting, in particular with the USA and Canada.

c) Processors in third countries

We use processors in third countries, in particular SaaS, cloud and IT security services. As a rule, we have concluded EU standard contractual clauses with Syntax Inc., USA, through which we procure the services of the various third-party providers. In individual cases, we have concluded corresponding contractual agreements directly with third-party providers on the basis of the EU standard contractual clauses. We will be happy to provide you with information upon request.

6. How long will my data be stored?

We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations. We delete your personal data as soon as it is no longer required for the above-mentioned purposes. In this context, personal data may be retained for the period during which claims can be asserted against our companies (statutory limitation periods of three or up to thirty years). In addition, we store your personal data to the extent that we are required to do so by law. Corresponding obligations to provide proof and to store data result from commercial, tax and social security regulations. Furthermore, we store business-relevant documents and e-mails for the purpose of legally secure archiving for tax purposes and documentation for the defense against unjustified claims and enforcement of claims. The storage period for tax and commercial law is generally 6 or 10 years at the end of a fiscal year in accordance with § 147 AO, § 257 HGB.

7. Obligation to provide data

We process your personal data insofar as it is necessary for the fulfillment of our contractual and legal obligations and for the protection of our legitimate interests or you have given us your consent. In the context of the performance or initiation of a contract, you must provide those personal data that are necessary for the performance of the contract or the performance of pre-contractual measures and the associated obligations. Furthermore, you must provide those personal data that we are legally obligated to collect. Without providing this data, we will not be able to conclude or fulfill a contract with you.

In cases of data collection based on consent, the provision of data by you is voluntary and not mandatory.

8. To what extent is there automated decision making (including profiling)?

For the establishment and implementation of the business relationship, we generally do not use any fully automated decisionfindings pursuant to Article 22 GDPR. Profiling does not take place. Separate data protection declarations apply to the use of the websites.

9. What data protection rights do I have?

You are entitled to the following rights against us as the data controller. If you wish to exercise your rights or would like more information, please contact us or our data protection officer:

a) Rights according to Art. 15 ff. GDPR

The data subject has the right to obtain confirmation from the controller as to whether personal data concerning him or her are being processed. If this is the case, he or she has a right to information about this personal data and to the information listed in detail in Article 15 of the GDPR. Under certain legal conditions, you have the right to rectification under Article 16 GDPR, the right to restriction of processing under Article 18 GDPR and the right to erasure (“right to be forgotten”) under Article 17 GDPR. In addition, you have the right to receive the data you have provided in a structured, common and machine-readable format (right to data portability) pursuant to Article 20 GDPR, provided that the processing is carried out with the help of automated processes and is based on consent pursuant to Article 6 (1) sentence 1 a) or Article 9 (2) a) or on a contract pursuant to Article 6 (1) sentence 1 b) GDPR. The restrictions according to §§ 34 and 35 BDSG apply to the right to information and the right to deletion.

b) Revocation of consent

If the processing is based on consent given to us, e.g. for film and photo recordings, you can revoke the consent given for the processing of personal data at any time (Art. 7 (3) GDPR). The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. The data subject will be informed of this before giving consent.

c) Right of appeal

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with us or with a competent data protection supervisory authority (Article 77 GDPR in conjunction with Section 19 BDSG).

Right of objection according to Article 21 GDPR

In addition to the aforementioned rights, you have the right to object as follows:

Right to object on a case-by-case basis

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6 (1) sentence 1 f) GDPR (data processing on the basis of legitimate interests); this also applies to a profiling based on this provision within the meaning of Article 4 (4) GDPR, where applicable. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Right to object to the processing of data for advertising purposes

In individual cases, we process your personal data for the purpose of direct advertising. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is related to such direct advertising. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes. The objection can be made informally to the office indicated under Section I (1).

  • Why are subcontracted processors necessary?

In order to provide 24/7 support (“follow the sun”), it is necessary for us to work globally with sub-processors to provide our services accordingly.

  • How does the ticket system work and who can view my data?

Tickets are processed by ServiceNow, Inc. (data centers: Frankfurt and Amsterdam), which is primarily used for incident reports etc. by our customers.

No data is transferred that customers have hosted on our servers, but only the data entered in the ticket by their employees, such as company name, name of the employee, description of the incident, etc. This data can be used by our sub-processors for solving the technical issue.

This data entered in the tickets opened by the customers can also be edited or accessed by our colleagues of the syntax entities named in the sub-processor list. However, this is only for the purpose of quickly finding a technical solution to the described problem in the ticket.

  • Which data centers does SYNTAX use?

SYNTAX stores customer data in the agreed jurisdiction (EU, USA or China).
If customer data is to be stored exclusively by SYNTAX in Europe, for example, the SYNTAX data centers in Weinheim and Mutterstadt (Germany) are used. To ensure that the systems there run smoothly on a continuous basis, the Slovak syntax entity supports the operational process. Hosting/cloud services are therefore in EU-only access, if ordered accordingly.

On request, data centers of hyperscalers such as AWS, Azure, Oracle Cloud and SAP Cloud can also be used in dedicated jurisdictions to be agreed.

  • Sub-processors

Depending on the services provided, Syntax uses the following sub-processors; any deviations therefrom may be agreed upon in individual contracts as required.

List of sub-processors

Subcontractor
(name and address)
Description of the affected part of performance
PfalzKom, Gesellschaft für Telekommunikation mbH
Koschatplatz 1
67061 Ludwigshafen
Germany
Provider of data center in Mutterstadt
ServiceNow, Inc.
2225 Lawson Lane
Santa Clara, CA 95054
USA
Operation of ticket system/Multi Cloud Orchestration data center in Europe
Syntax Systems, s.r.o.
Aupark Tower Košice
Protifašistických bojovníkov 11
040 01 Košice
Slovak Republic
Ticket and Operational Support;
IT Services
Syntax Information Technology S.L.U.
Carrer del Llucanes 38
08022 Barcelona
Ticket and Operational Support;
IT Services
Syntax Systems USA, LP
629 Davis Drive, Suite 600
NC 27560 Morrisville
USA
Ticket and Operational Support;
IT Services
Syntax Systems USA, LP dba Illumiti
199 Wells Avenue, Suite 214
Newton, Massachusetts, 02459
USA
Ticket and Operational Support;
IT Services
Syntax Systems Limited dba Illumiti
Suite 500, 123 Commerce Valley Drive East,
Thornhill, Ontario, L3T 7W8
Canada
Ticket and Operational Support;
IT Services
Syntax Systems Private Limited
561. 6th Floor Building number 5,
Solitaire Corporate Park,
Andheri – Ghatkopar Link Road,
Chakala, Andheri (E)
Mumbai – 400093
Ticket and Operational Support;
IT Services
Syntax Systems (Suzhou) Co. Ltd
A1/A2, Floor 5, Technology Plaza, International Sci-Tech. Park,
No. 1355 Jinjihu Boulevard, Industrial Park
Souzhou, Jiangsu, 215021
China
Ticket and Operational Support;
IT Services
Enterprise Syntax Cloud Mexico, S.A. de C.V.
Piso 3, CP., Av. de los Insurgentes Sur 670
Col del Valle Nte, 03100 Ciudad de México, D.F.
Mexico
Ticket and Operational Support;
IT Services
Rhenus Data Office GmbH
Industriestr. 5
48301 Nottuln
Germany
Destruction of data carriers
Cisco Corporate Headquarters
170 West Tasman Dr.
San Jose, CA 95135
USA
Endpoint Protection
Microsoft Corporation
One Microsoft Way
Redmond, WA 98052
USA
Software Services, e.g. Office 365, SPLA licensing and Azure Data Center Services
SAP Deutschland SE & Co. KG
Hasso-Plattner-Ring 7
69190 Walldorf
Germany
SAP Support, as far as expressly agreed with the customer
Amazon Web Services, Inc.
410 Terry Avenue North
Seattle, WA 98109-5210
USA

Amazon Web Services EMEA SARL
39 Avenue John F. Kennedy
1855 Luxembourg
Cloud Services, as far as expressly agreed with the customer
Xiting GmbH
Obere Ringstraße 17
79859 Schluchsee
Germany
Analysis and optimization of SAP authorizations, as well as consultancy and support in this context within the scope of Application Management Security Services, as far as expressly agreed with the customer.
abresa GmbH
Katharina-Paulus-Straße 8
65824 Schwalbach
Germany
Applicable for Application Management Security Services when expressly commissioned by the customer. Consultancy and support for SAP HR.
Consilio GmbH
Einsteinring 22
85609 Aschheim/Dornach
Germany
Applicable for Application Management Security Services when expressly commissioned by the customer. Consultancy and support for SAP software.
entplexit GmbH
Kölner Straße 12
65760 Eschborn
Germany
Applicable for SAP Archiving Services when expressly commissioned by the customer. Consultancy and support for SAP data archiving.

*Subcontractors of the above mentioned service providers are not mentioned here. The aforementioned subcontractors are also permitted to include subcontractors, subject to compliance with the corresponding obligations imposed on the subcontractors in this agreement. Information on relevant subcontractors of the above-listed companies will be provided upon request.