Information obligations DS-GVO

Below you will find an overview of the collection, processing and use of your data.

CEOTRONICS AG takes the protection of your personal data very seriously and processes it in accordance with the applicable statutory data protection requirements.

What is personal data?

Personal data is all information that can be related to your person (e.g. surname, first name, address, etc.).

What is contained in this letter?

The following information provides you with an overview of the processing of your personal data, which is collected, processed and used by us and on the basis of your data protection rights. Which data is collected, processed and used by you in detail depends on the services requested or agreed in each case. Please also pass on the information contained in the letter to all current or future authorized representatives who use the services/products of CEOTRONICS AG.

1. who is responsible for the collection, processing and use of data and who can I contact?

The controller is: CEOTRONICS AG
Adam-Opel-Straße 6
D – 63322 Rödermark
Phone: +49 (0)6074 / 8751-0
Email: datenschutz@ceotronics.com You can contact our external data protection officer at: wavesun-technologies
Patrick Bäcker
Am Lerchenberg 13
D – 63322 Rödermark
Phone: +49 (0)6074 / 3709395
Email: info@wavesun-technologies.de

2. which sources and data do we use and according to which categories are the personal data processed?

We process personal data that we receive from our customers, interested parties, service providers and suppliers as part of our business relationships. In addition, we process personal data that we legitimately obtain from publicly accessible sources or that is transmitted to us by other companies within CEOTRONICS AG or other third parties (e.g. credit agencies), should this be necessary for the provision of our services. The following categories of data are processed by us:

• Master data: e.g. surname, first name and department of the contact person, company name, address, telephone, fax and e-mail
• Order data: e.g. company name, address, contact person
• Data for the fulfillment of our contractual obligations: e.g. contract billing and payment data
• Correspondence (correspondence with you)
• Communication data
• Advertising and sales data
• Planning and control data
• Other data comparable to the above categories

3. for what purpose and on what legal basis do we process the data?

We process the aforementioned personal data in compliance with the applicable statutory data protection requirements. Processing is lawful if at least one of the following conditions is met:

a.) Based on your consent (Art. 6 para. 1 lit. a GDPR)

If you have given us your consent to process personal data for specific purposes (e.g. transfer of data within the Group, use of data for marketing purposes). Any consent given can be revoked at any time with effect for the future. This also applies to the revocation of declarations of consent given to us before May 25, 2018.

b.) For the fulfillment of contractual obligations or for the implementation of pre-contractual measures
(Art. 6 para. 1 lit. b GDPR)

We process data so that we can fulfill our contractual obligations to provide services for our customers or to carry out pre-contractual measures that are carried out on request. The purposes of data processing result primarily from the specific service/product and may include, among other things, needs analyses and consultations. Further details on the data processing purposes can be found in the contract documents and General Terms and Conditions.

c.) Due to legal requirements (Art. 6 para. 1 lit. c GDPR)

CEOTRONICS AG is subject to various legal obligations, which means statutory requirements (e.g. retention periods under commercial and tax law in accordance with the German Fiscal Code and the German Commercial Code). The purposes of processing also include the fulfillment of tax control and reporting obligations as well as risk assessment and management within the company.

As part of the balancing of interests (Art. 6 para. 1 lit. f GDPR)

• If necessary, we process your data beyond the actual fulfillment of the contract to protect the legitimate interests of CEOTRONICS AG or a third party. Examples are
• Prevention of criminal offenses
• Building security measures (e.g. access control)
• Ensuring IT operations and IT security
• Measures to safeguard domiciliary rights
• Advertising (e.g. direct advertising) or market and opinion research, provided you have not objected to the use of your data
• Assertion of legal claims and defense in legal disputes
• Consultation of and data exchange with credit agencies

4. who receives my data? (Categories of recipients of the personal data)

Within CEOTRONICS AG, the departments that require this data to fulfill our contractual and legal obligations are authorized to access it. Carefully selected and data protection-compliant service providers may also receive data from CEOTRONICS AG for these purposes. These are essentially companies in the following categories

• Payment transactions
• Billing
• IT service provider
• Consulting
• Sales and marketing
• Service providers in the context of order processing relationships

When passing on data to other recipients, we may only pass on information about you if this is required by law, if you have consented to the data being passed on or if we are authorized to do so. Recipients of personal data include

• Public bodies or institutions (e.g. tax authorities, supervisory authorities) in the event of a legal or official obligation
• Other companies or comparable institutions (e.g. manufacturing companies) to which we transfer your personal data in order to carry out the business relationship
• Other companies within CEOTRONICS AG (e.g. CT-Video GmbH)

Other data recipients may be bodies for which you have given us your consent.

5. is data transferred to third countries?

An active transfer of personal data to third countries only takes place if this is necessary for the execution of your orders or is required by law.

6 How long will my personal data be stored?

Your personal data will only be stored for as long as it is necessary for the fulfillment of our contractual and legal obligations. If the data is no longer required for the fulfillment of contractual or legal obligations, it is regularly deleted. Unless temporary and limited further processing is required for the following purposes:

• Compliance with retention periods under commercial and tax law: The German Commercial Code (HGB) and the German Fiscal Code (AO) should be mentioned. The retention periods specified there are up to 10 years.
• Preservation of evidence within the scope of the statutory limitation period. According to Sections 195 et seq. of the German Civil Code (BGB), the regular limitation period is 3 years, in special circumstances up to 30 years.
• Compliance with storage obligations under telecommunications law in accordance with the Telecommunications Act (TKG) and other laws.

7 What is the obligation to provide data and what are the consequences of not providing data?

As part of our business relationship, you must provide the personal data that is necessary for the establishment and execution of a business relationship and the fulfillment of the associated contractual obligations or that we are legally obliged to collect. Without this data, we will generally not be able to conclude or execute the contract with you.

8. is there automated decision-making (including profiling)?

In principle, we do not use fully automated decision-making in accordance with Article 22 GDPR to establish and conduct business relationships. Should we use this procedure in individual cases, we will inform you of this separately if this is required by law.

9. what data protection rights do I have?

You have the following rights:

• in accordance with Art. 7 para. 3 GDPR, the right to withdraw your consent once given to us at any time with effect for the future. As a result, we may no longer continue the data processing that was based on this consent in the future;
• in accordance with Art. 15 GDPR, the right to request information free of charge about your personal data processed by us;
• in accordance with Art. 16 GDPR, the right to demand the immediate correction of incorrect or incomplete personal data processed by us;
• in accordance with Art. 17 GDPR, the right to demand the deletion of your personal data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
• in accordance with Art. 18 GDPR, the right to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you
• have objected to the processing pursuant to Art. 21 GDPR;
• pursuant to Art. 20 GDPR, the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request transmission to another controller, and
• to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company.

Right to object (Art. 21 GDPR):
If your data is processed to protect legitimate interests, you have the right to object to this processing at any time using the contact details provided above if your particular situation gives rise to reasons that conflict with this data processing. We will then terminate this processing, unless it serves overriding interests worthy of protection on our part. Right to object to the processing of data for direct marketing purposes: In individual cases, we process your personal data for direct marketing purposes. You have the right to object to the processing of your personal data for the purpose of such advertising at any time using the contact details provided above. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes in the future.