The following party is responsible for all data processing described here:
DataCo GmbH
Nymphenburger Str. 86
80636 Munich, Germany
Tel.:+49 89 452459 900
E-Mail: info@dataguard.de
Webseite: www.dataguard.de/en-de/
DataGuard | 18.12.23
Data protection is paramount to all DataGuard activities. A transparent process is very important to us when it comes to the way we process personal data. With the following privacy notes, we would like to inform you about how we handle your personal data in detail. For better legibility, we try not to use specific genders. Therefore, please note that the words they/them are intended to mean all genders.
A description of our data processing is available on our website.
– applicable for all of the following descriptions of data processing
The following party is responsible for all data processing described here:
DataCo GmbH
Nymphenburger Str. 86
80636 Munich, Germany
Tel.:+49 89 452459 900
E-Mail: info@dataguard.de
Webseite: www.dataguard.de/en-de/
You can reach our data protection officer as follows:
DataCo GmbH
Nymphenburger Str. 86
80636 Munich, Germany
for the attention of the Data Protection Officer
E-Mail:
If your request is specifically directed to DataCo GmbH as the data controller, please write to us at the following e-mail address: dpo@dataguard.de
If your request is directed to one of our customers for whom we are appointed as external data protection officer, please write to us at the following e-mail address: datenschutz@dataguard.de and kindly mention the company name of our customer in this e-mail.
When your personal data is processed, you are subsequently a data subject in the sense of the GDPR and have the following rights:
(Art. 15 GDPR)
If your personal data is processed, you have the right to obtain information from the controller about the data stored about you (Art. 15 GDPR).
(Art. 16 GDPR)
You have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you and the right to have incomplete personal data completed (Art. 16 GDPR).
(Art. 17 und 18 GDPR)
If the legal requirements are met, you can request the immediate deletion of your personal data or restriction of processing (Art. 17 and 18 GDPR).
(Art. 19 GDPR)
If you have asserted your right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right vis-à-vis the controller to be informed about these recipients (right to information, Art. 19 GDPR).
(Art. 20 GDPR)
If you have consented to data processing or if there is a contract for data processing and the data processing is carried out using automated procedures, you may have a right to data portability (Art. 20 GDPR). In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, insofar as this is technically feasible. The freedoms and rights of other persons must not be adversely affected by this.
(Art. 21 Abs. 1 GDPR)
You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you, which is based on Art. 6 para. 1 sentence 1 lit. e or f GDPR ; this also applies to profiling based on these provisions. The controller shall no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims (Art. 21 (1) GDPR).
(Art. 21 Abs. 2 GDPR)
If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is related to such direct marketing (Art. 21 (2) GDPR). If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
(Art. 7 Abs. 3 GDPR)
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation (Art. 7 (3) GDPR).
(Art. 22 GDPR)
You have the right not to be subject to a decision based solely on automated processing, including profiling , which produces legal effects concerning you or similarly significantly affects you. In this case, if the legal requirements are met, you have the right to obtain human intervention on the part of the controller, to express your own point of view and to contest the decision (Art. 22 GDPR).
(Art. 77 GDPR)
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of personal data concerning you infringes the GDPR (Art. 77 GDPR). The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 GDPR.
As part of the DataGuard application process, DataGuard collects the following personal data from you:
DataGuard collects personal data from applicants in the following manners:
Your personal data will be processed for the following purposes:
Processing of special categories of personal data that have been made public – Art. 9 (2) (e) GDPR
If special categories of personal data are processed that you have obviously made public, your data will be processed in accordance with Art. 9 (2) (e) GDPR.
Processing for the purpose of asserting, exercising or defending legal claims or in the event of acts of the courts – Art. 6 (1) (1) (f) GDPR, Art. 9 (1) (f) GDPR
If necessary, your data will be processed for the purpose of asserting, exercising or defending legal claims or in the event of actions of the courts pursuant to Art. 6 (1) (1) (f) GDPR, Art. 9 (1) (f) GDPR.
Processing on the basis of consent – Art. 6 (1) (1) (a) GDPR in conjunction with Art. 7 GDPR, Art. 88 (1) GDPR in conjunction with Art. 26 (2) BDSG (Federal Data Protection Act)
If you have given your consent to data processing, your data will be processed in accordance with Art. 6 (1) (1) (a) GDPR in conjunction with Art. 7 GDPR, Art. 88 (1) GDPR in conjunction with Art. 26 (2) BDSG.
Decision on the establishment of the employment relationship Art. 6 (1) (1) (b) GDPR, Art. 88 (1) GDPR in conjunction with § 26 (1) BDSG
We process your data in order to make a decision on the establishment of the employment relationship. In the case of employment in our company, your data will be processed for the purpose of carrying out and terminating the employment relationship. For this purpose, separate information about the processing of your personal data will be provided.
Processing on the basis of legitimate interest – Art. 6 (1) (1) (f) GDPR
Insofar as the processing is carried out to safeguard a legitimate interest of us or a third party and their interests or fundamental rights and freedoms do not outweigh the first-mentioned interest, Art. 6 (1) (1) (f) GDPR serves us as the legal basis for data processing. Our legitimate interest arises in particular from the following reasons:
Processing of special categories of personal data – Art. 9 (2) (a) GDPR
If you have given your consent to the processing of special categories of personal data, such as health data, religious affiliation or nationality, your data will be processed in accordance with Art. 9 (2) (a) GDPR.
As part of the processing of your personal data, we may pass on the personal data concerning you to the following recipients:
In addition, your personal data may be transferred to the following service providers located in a country outside the EU/EEA:
In order to make the third country transfer as data protection-friendly as possible, standard contractual clauses have been concluded with providers in unsafe third countries in accordance with Art. 46 (2) (c) GDPR. A copy of the standard contractual clauses can be requested by sending an informal e-mail to dpo@dataguard.de .
The following service providers in the USA are subject to the Trans-Atlantic Data Privacy Framework (TDPF; Data protection agreement between the EU and the USA) to ensure an adequate level of data protection for data processing:
For the purpose of communication with applicants, we use the Microsoft 365 service, including Microsoft Teams from the service provider Microsoft Operations Ltd. in Dublin, Ireland. For more information about Microsoft's data processing, see: https://privacy.microsoft.com/de-de/privacystatement
In addition, your personal data will be transmitted to the following service providers:
We will delete your personal data as soon as the purposes for their storage mentioned under IV. no longer apply, or you object to the use of your personal data (in the case of processing on the basis of legitimate interests) or you revoke your previously given consent. However, your personal data may also be stored beyond this, in particular in the following cases:
Legal provisions result in the following storage periods for us in particular:
If the applicant has consented, the applicant documents will be included in the talent pool and stored there for a maximum of 1 year from the date of consent. They will be deleted with the loss of purpose or the revocation of consent by the applicant. In the case of employment in our company, your personal data will be deleted when the purpose ceases to apply, at the latest after termination of the employment relationship, unless there are any statutory retention periods to the contrary.
We appreciate your interest in our company, our products and our services. As a data privacy company, we want you to feel comfortable interacting with us and our employees regarding the protection of your personal data. We take the protection of your personal data very seriously. Compliance with German and European data protection regulations is a matter of course for us. As a result, the protection of your personal data has top priority for us. With the following information, we would like to inform you about how we handle your personal data in detail:
Within the framework of the existing customer relationship as well as the contract initiation, we process the following personal data:
Data protection management platform: DataGuard operates a data protection management platform. Employees of clients are invited to access this platform by the relevant DataGuard employees. It could also be the case that we process data of persons who assert their data subject rights against the clients of DataGuard. For the platform, the privacy policy provided therein applies, in the respective valid version.
DataGuard collects data from interested parties and customers in the following manners:
Within the framework of the existing customer relationship as well as the contract initiation, your personal data will be processed for the following purposes:
Processing of your personal data on the basis of consent
Insofar as we obtain your consent for the processing of your personal data, the processing of your personal data is based on Art. 6 (1) (1) (a) GDPR in conjunction with. Art. 5, 7 GDPR.
Processing for the purpose of implementing the contract with you
Insofar as we process your personal data for the purpose of fulfilling a contract, Art. 6 (1) (1) (b) GDPR serves as our legal basis. This also applies to processing operations that are necessary for the implementation of pre- and post-contractual measures.
Processing for the fulfillment of a legal obligation
Insofar as the processing of your personal data is necessary for the fulfillment of a legal obligation to which our company is subject, Art. 6 (1) (1) (c) GDPR serves as our legal basis. Our legal obligation to process data results e.g. from tax law and/or commercial law retention obligations.
Processing on the basis of legitimate interest
Legal basis for the purpose of direct advertising may be Art. 6 (1) (1) (f) GDPR GDPR if our legitimate interests are present, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail. The legitimate interests pursued by us in this regard - in addition to the purposes listed under 1.2 - include:
The legal basis for processing activities in connection with the assertion, exercise or defense of legal claims is also our legitimate interest pursuant to Art. 6 (1) (1) (f) GDPR.
In the course of processing your personal data, we may disclose the personal data concerning you to the following recipients. We only transfer your personal data to external recipients if you have consented or if this is permitted by law.
External recipients of your personal data are in particular:
In order to offer you more payment methods and to simplify payments for you, we use the payment processing service provider Adyen N.V. Simon Carmiggeltstraat 6-50, 1011 DJ, Amsterdam, The Netherlands.
Further information about the processing of your personal data by Adyen can be found here: https://www.adyen.com/policies-and-disclaimer/privacy-policy
Your personal data will be transmitted to the following service providers:
DataGuard uses the Office 365 service, including Microsoft Teams, for business communication with customers and prospects.
We also use functionalities of the Microsoft Bookings software from Microsoft. Through Microsoft Bookings, we can make it easier for users to make appointments on our site by displaying and booking free appointments with appropriate employees.
As a result, the following personal data is processed by Microsoft:
For more information about Microsoft's data processing, see: https://privacy.microsoft.com/de-de/privacystatement
In addition, your personal data may be transferred to the following service providers located in a country outside the EU/EEA:
In order to make the transfer to a third country as privacy-friendly as possible, standard contractual clauses have been concluded with providers in unsafe third countries in accordance with Art. 46 (2) (c) GDPR. A copy of the standard contractual clauses can be requested by sending an informal e-mail to dpo@dataguard.de .
According to a decision of the European Commission, an adequate level of data protection is offered for the following service providers in third countries:
The following service providers in the USA have joined the Trans-Atlantic Data Privacy Framework (TDPF; data protection agreement between the EU and the USA), so that an appropriate level of data protection is guaranteed for data processing:
We do not store your personal data longer than is necessary for the purpose for which it was collected. This means that data in our systems will be destroyed or deleted as soon as it is no longer needed. Reasonable measures are taken by us to ensure that your personal data is only processed under the following conditions:
A requirement may exist in particular if the data is still needed in order to fulfill contractual services, to check and grant or ward off warranty and, if applicable, guarantee claims. If the data is no longer required for the fulfillment of contractual or legal obligations, it is regularly deleted, unless its - temporary - retention is still necessary, in particular for the fulfillment of legal retention periods of up to ten years (including from the German Commercial Code, the German Fiscal Code and the German Money Laundering Act). In the case of statutory retention obligations, deletion is only considered after the expiry of the respective retention obligation.
DataGuard processes personal data from suppliers and service providers. This is necessary for business operations. The following data is processed in this context:
DataGuard collects data from people in the following manners:
We will process your data for the following purposes:
Processing of your personal data on the basis of consent
Insofar as we obtain your consent for the processing of your personal data, the processing of your personal data is based on Art. 6 (1) (1) (a) GDPR in conjunction with. Art. 5, 7 GDPR.
Processing for the purpose of implementing the contract with you
Insofar as we process your personal data for the purpose of fulfilling a contract, Art. 6 (1) (1) (b) GDPR serves as our legal basis. This also applies to processing operations that are necessary for the implementation of pre- and post-contractual measures.
Processing for the fulfillment of a legal obligation
Insofar as the processing of your personal data is necessary for the fulfillment of a legal obligation to which our company is subject, Art. 6 (1) (1) (c) GDPR serves as our legal basis. Our legal obligation to process data results e.g. from tax law and/or commercial law retention obligations.
Processing on the basis of legitimate interest
The legal basis for direct marketing purposes may be Art. 6 (1) (1) (f) GDPR GDPR if our legitimate interests are present, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail. The legitimate interests pursued by us in this regard - in addition to the purposes listed under b - include:
The legal basis for processing activities in connection with the assertion, exercise or defense of legal claims is also our legitimate interest pursuant to Art. 6 (1) (1) (f) GDPR.
In the course of processing your personal data, we may disclose the personal data concerning you to the following recipients. We only transfer your personal data to external recipients if you have consented or if this is permitted by law. External recipients of your personal data are in particular:
Your personal data will be transmitted to the following service providers:
In addition, your personal data may be transferred to the following service providers located in a country outside the EU/EEA:
In order to make the third country transfer as data protection-friendly as possible, standard contractual clauses have been concluded with providers in unsafe third countries in accordance with Art. 46 (2) (c) GDPR. A copy of the standard contractual clauses can be requested by sending an informal e-mail to dpo@dataguard.de.
For the transmission of emails and storage of contacts of suppliers and service providers we use the service Microsoft 365, incl. Microsoft Teams of the service provider Microsoft Operations Ltd. in Dublin, Ireland. For more information about Microsoft's data processing, see: https://privacy.microsoft.com/de-de/privacystatement
We do not store your personal data longer than is necessary for the purpose for which it was collected. This means that data in our systems will be destroyed or deleted as soon as it is no longer needed. Reasonable measures are taken by us to ensure that your personal data is only processed under the following conditions:
A requirement may exist in particular if the data is still needed in order to fulfill contractual services, to check and grant or ward off warranty and, if applicable, guarantee claims. If the data is no longer required for the fulfillment of contractual or legal obligations, it is regularly deleted, unless its - temporary - retention is still necessary, in particular for the fulfillment of legal retention periods of up to ten years (including from the German Commercial Code, the German Fiscal Code and the German Money Laundering Act). In the case of statutory retention obligations, deletion is only considered after the expiry of the respective retention obligation.
For a (planned) conclusion as well as the execution of the contract with you, you must provide those personal data which are necessary for the establishment and execution of the contractual relationship and the fulfillment of the associated contractual obligations or which we are legally obliged to collect (see in particular the standards listed under "III.3." listed standards). Without this data, we will generally not be able to conclude and execute the contract with you.
With this data protection information, we inform you as a participant of our event about the processing of your personal data through video recordings and photos. In addition, we inform you about the claims and rights to which you are entitled under the data protection regulations. We hereby fulfil our information obligations under Art. 13, 14 General Data Protection Regulation (GDPR).
We process personal data that we receive from you by participating in the event. In particular, we process:
We process your personal data for the following purposes:
In addition, the film and video recordings will be published for marketing purposes after the event:
It is not intended to process your personal data for any other purpose.
Processing based on legitimate interest
The legal basis for the transmission of your personal data (first and last name and company name) to our conference organizers in Berlin (RYDES GmbH, Brunnenstreet 19-21, 10119 Berlin, Germany) and Düsseldorf (ARQIS Rechtsanwälte Partnerschaftsgesellschaft, Breite Street 28, 40123 Düsseldorf, Germany) is our legitimate interest (Art. 6 (1) (1) (f) GDPR) in holding the event at the venue requested by the event participant.
The legal basis for the production of photo and film recordings during our events is our legitimate interest (Art. 6 (1) (1) (f) GDPR) in the subsequent internal and external publication of the photo and film recordings for marketing purposes on our company website https://www.dataguard.de/ and in social or professional networks (YouTube, LinkedIn, Twitter, Kununu, Glassdoor).
If you do not wish to be photographed or filmed, you will receive a coloured lanyard from us at the entrance area of the event, which signals to the photographer / cameraman that you do not want to be photographed or filmed. If you should nevertheless be seen in group shots, you will be made unrecognizable in these shots afterwards.
For the publication of the photo and film recordings, we obtain your consent at the entrance area of the venue, which you can of course give voluntarily.
Processing of your personal data on the basis of consent
The legal basis for the processing of your personal data both for the purpose of participation in the event and for the internal and external publication of film recordings is your consent and thus Art. 6 (1) (1) (a) GDPR in conjunction with Art. 5, 7 GDPR. You have the right to revoke your declaration of consent under data protection law at any time by e-mail to dpo@dataguard.de. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation (Art. 7 (3) GDPR).
If you are depicted on a photo or film recording together with other persons, the deletion or destruction of the photo or film recording is not mandatory if you revoke your consent. It is enough if you are made unrecognizable. Insofar as information about your ethnic origin, religion or health (e.g. skin colour, headgear or glasses) can be seen on a photo or film recording, the consent also expressly refers to this information.
Information on publication on the Internet
If personal data has been made publicly accessible and you revoke your consent, we as the responsible body are only obliged to inform other recipients. This does not affect the obligation of these recipients to delete personal data. You can take direct action against other controllers who process your personal data and request deletion. Information posted on the Internet may never be completely deleted, even if it has been deleted from the original page. In any case, the providers of the main search engines are informed of the request for deletion, so that the personal data can at least no longer appear in search queries without further ado. We would like to point out that photos and/or videos on the Internet can be accessed by anyone. Despite all technical precautions, it cannot be ruled out that such persons may continue to use the photos and/or videos or pass them on to other persons. The Company is not liable for third parties using the photos for other purposes, including in particular by downloading and/or copying photos.
If you would like to participate in our events in Berlin or Düsseldorf, we will transmit your first and last name and the name of your company to our conference organizers in Berlin / Düsseldorf so that registration can be accepted on site and you can be granted admission to the office premises. The transfer of your personal data will take place to the following conference organizers:
For events in Düsseldorf:
ARQIS Rechtsanwälte Partnerschaftsgesellschaft
Breite Street 28
40123 Düsseldorf
Germany
For events in Berlin:
RYDES GmbH
Brunnenstreet 19-21
10119 Berlin
Germany
If we use a service provider (e.g. an event manager or streaming service provider) in the sense of order processing, we remain responsible for the protection of your data. All processors are obliged to treat your data confidentially and to process it only in the context of the provision of services.
Your personal data will be transmitted to the following service providers:
The purpose is to register for the event and carry it out as a hybrid event (broadcast of the event, possibility to ask questions, feedback loops to improve the event). Furthermore, it is published on the Internet, on our website and on social or professional networks. Under certain circumstances, further use by third parties or complete deletion cannot be ruled out.
The following data is used:
For more information about Microsoft's data processing, see: https://privacy.microsoft.com/de-de/privacystatement
In addition, your personal data may be transmitted to the following service providers in the context of the publication of film and video recordings for marketing purposes, provided that you have given your consent:
In order to make the transfer to a third country as privacy-friendly as possible, standard contractual clauses have been concluded with providers in unsafe third countries in accordance with Art. 46 (2) (c) GDPR. A copy of the standard contractual clauses can be requested by sending an informal e-mail to dpo@dataguard.de.
We would like to point out that we have no influence on the data collection and its further use by the providers of the social networks. You can find more information about objection and removal options vis-à-vis the providers of the social networks here:
We do not store your personal data for longer than is necessary for the purpose for which it was collected. This means that data in our systems is destroyed or deleted as soon as it is no longer needed. We take reasonable steps to ensure that your personal data is only processed under the following conditions:
If the data are no longer required for the fulfilment of contractual or legal obligations, they are regularly deleted, unless their - temporary - storage is still necessary.
Inhalt
TISAX® is a registered trademark of the ENX Association. DataGuard is not affiliated with the ENX Association. We provide Software-as-a-Service and support for the assessment on TISAX® only. The ENX Association does not take any responsibility for any content shown on DataGuard's website.
All data provided is for information only, based on internal estimates. This information is not indicative of KPIs, and is not given with any warranties or guarantees, expressly stated or implied in relation to accuracy and reliability.