Privacy Policy
Information obligations according to Art. 12, 13 et seq. GDPR
We take the protection of your personal data seriously and comply with the legal data protection regulations. Personal data is only collected to the extent necessary.
The following statement/information provides you with an overview of how we ensure this protection and for what purpose which type of data is collected.
The statement is divided into:
A. General information on data protection
B. Additional information for visitors to our website
C. Additional information for customers, suppliers, and other business partners
D. Additional information for visitors/customers of our online shop
E. Additional information for our online services/Sensaru App
A. General information on data protection
I. Name and contact details of the data controller
1. The controller as defined in Art. 4 Para. 7 EU General Data Protection Regulation (GDPR) is
Sensaru GmbH,
An der Raumfabrik 1
76227 Karlsruhe
HRB 505930, AG Mannheim
Managing Directors Matthias Zeh, Gregor Aumann, Dr. Sathya Laufer
Phone: +49 721 957 961 70
mail@sensaru.com
https://sensaru.com
2. We are not obligated to appoint a data protection officer.
III. Legal basis for the processing of personal data
We only process your personal data if there is a legal basis, especially if
you have given your explicit consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR;
this is legally permissible and required for the processing of contractual relationships with you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR;
in the event that there is a legal obligation for the transfer pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR;
In the event that the processing of personal data is necessary to protect the vital interests of the data subject or another natural person, Article 6 (1) sentence 1 lit. d GDPR serves as the legal basis;
processing pursuant to Art. 6 para. 1 sentence 1 lit. f, Art. 9 para. 2 lit. f GDPR is necessary for the establishment, exercise or defense of legal claims and there is no reason to believe that you have an overriding legitimate interest in not disclosing your data;
In general, we do not transfer data to a third country (outside the EU). Should such a transfer become necessary, we will obtain your consent, unless your consent already results from the contractual relationship (e.g. services/delivery to a third country).
IV. Data deletion and storage period
We adhere to the principles of data avoidance and data minimization. Therefore, we only store your personal data for as long as is necessary to achieve the purposes mentioned here or as required by the various storage periods provided for by the legislator.
After the respective purpose has ceased to apply or these deadlines have expired, the corresponding data will be routinely blocked or deleted in accordance with the statutory provisions.
In principle, the duration of storage is based on the respective legal retention period, e.g. commercial and tax retention periods according to § 257 (4) HGB, § 147 (3) AO (6 or 10 years). Retention periods may also arise from ongoing limitation periods for claims. Civil law claims usually become statute-barred in 3 years, at most in 30 years. After the deadline, the corresponding data will be routinely deleted, provided that they are no longer required for contract fulfillment or contract initiation and/or there is no longer any legitimate interest on our part in continuing to store the data.
V. Your rights as a data subject
If your personal data (as a visitor to our website, as a customer or other business partner, as an employee or applicant) is processed by us, you are a data subject within the meaning of the GDPR and you have the following rights against us:
1. Right to information
You have the right to information about whether and which personal data about you is processed by us. In this case, we will additionally inform you about
the purpose of processing;
the categories of data;
the recipients of your personal data;
the planned duration of storage or the criteria for the planned duration of storage;
your other rights;
if we have not received your personal data from you: all available information about its origin;
if available: the existence of automated decision-making as well as information about the logic involved, the scope, and the intended effects of the processing.
2. Right to rectification
You have the right to rectification and/or completion if your personal data processed by us is incorrect or incomplete.
3. Right to restriction of processing
You have the right to restrict processing if
we are checking the accuracy of your personal data processed by us;
the processing of your personal data is unlawful;
you need your personal data processed by us for legal claims after the purpose has ceased;
you have objected to the processing of your personal data and we are examining this objection.
4. Right to erasure
You have the right to erasure if
we no longer need your personal data for its original purpose;
you withdraw your consent and there is no other legal basis for the processing of your personal data;
you object to the processing of your personal data and - if it is not direct marketing - there are no overriding reasons for further processing;
the processing of your personal data is unlawful;
the erasure of your personal data is legally required;
your personal data has been collected as a minor for information society services.
5. Right to notification
If you have exercised your right to rectification, erasure, or restriction of processing, we will inform all recipients of your personal data of these rectifications, deletion of data, or restriction of processing.
6. Right to data portability
You have the right to receive your personal data processed by us on the basis of consent or for the performance of a contract in a structured, commonly used, and machine-readable format, and to transmit it to another controller. If this is technically feasible, you have the right for us to transmit this data directly to another controller.
7. Right to object
In the event of special reasons, you have the right to object to the processing of your personal data. In this case, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing.
In the event of processing of your personal data for the purpose of direct marketing, you have the right to object at any time.
If there is another legal basis for the processing of personal data, we may continue to process this data despite your objection.
8. Right to withdraw consent
You have the right to withdraw any consent given to us at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
If there is another legal basis for the processing of personal data, we may continue to process this data despite your withdrawal.
9. Right to lodge a complaint
If you believe that the processing of your personal data by us violates data protection rules, you can lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority at your usual place of residence or work or our registered office. You can follow the link for this: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html or contact directly the State Commissioner for Data Protection and Freedom of Information Baden-Württemberg responsible for our registered office.
VI. Submissions as data subjects pursuant to Art. 12 et seq. GDPR
1. Description and Scope of Data Processing
If you want to exercise the above A.V. rights or otherwise assert claims against us or want to defend against claims from us against you, we will record your inputs that you make when exercising your rights towards us.
2. Legal Basis of Data Processing
The legal basis for the processing of your personal data in the context of processing your data protection request ("data subject's request") is Art. 6 para. 1 lit. c in conjunction with Art. 12 et seq. GDPR. The legal basis for the subsequent documentation of the lawful processing of the data subject's request is Art. 6 para. 1 lit. f GDPR.
3. Purpose of Data Processing
The purpose of processing your personal data in the context of processing data subject's requests is to respond to your data protection request. The subsequent documentation of the lawful processing of the respective data subject's request serves to fulfill the legally required obligation to provide evidence, Art. 5 para. 2 GDPR.
4. Storage Period
Your personal data will be deleted as soon as it is no longer necessary for the purpose of its collection. In the case of processing data subject's requests, this is given three years after the end of the respective process in accordance with § 41 BDSG in conjunction with § 31 para. 2 No. 1 OWiG.
5. Right to Object and Erasure
You have the opportunity to object to the processing of your personal data in the context of processing data subject's requests for the future at any time. In this case, however, we cannot further process your data protection request.
The documentation of the lawful processing of the respective data subject's request is mandatory. Therefore, there is no right of objection for you.
VII. Defense and Enforcement of Rights
1. Legal basis
The legal basis for processing your personal data in the context of our legal defense and enforcement is Art. 9 para. 2 f lit. f; 6 para. 1 lit. f GDPR.
2. Recipient categories
Within our company, only those departments and divisions receive personal data that they need to fulfill the aforementioned purposes. In addition, we partially use different service providers and transfer your personal data to other trusted recipients as necessary. These may include, for example:
Banks
Insurance companies
IT service providers
Lawyers, courts, notaries, bailiffs
Tax consultants
3. Purpose
The purpose of processing your personal data in the context of legal defense and enforcement is to defend against unauthorized claims as well as to legally enforce and assert claims and rights.
4. Storage period
Your personal data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection.
5. Right to object and removal
The processing of your personal data in the context of legal defense and enforcement is essential for legal defense and enforcement. Therefore, you have no right to object.
An overview of your rights as a data subject can be found under A. V.
B. Additional information for the visitors of our website
I. Provision of our website and creation of log files
1. Description and scope of data processing
When you use the website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you want to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security.
IP address
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status/HTTP status code
Respectively transmitted data volume
Websites from which the request comes
Websites that are accessed by the user's system via our website
Type of browser
Operating system (e.g. Windows 10, Linux) and its interface (e.g. X-Windows)
Language and version of the browser software
The data is stored in the log files of our system. The IP addresses of the user or other data that could enable the data to be associated with a user are not affected by this. Storage of this data together with other personal data of the user does not take place.
Our website may contain links to websites of other providers or integrate content from other websites. When you click on such a link, the respective website operator may obtain information about the fact that you have accessed the page. This data protection declaration is solely applicable to our website. We have no influence on the data collected and processed, nor are we aware of the full extent of data collection, the purposes of processing, the retention periods of linked websites. We must rely on the fact that the data protection declarations there are comprehensive and correct.
2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.
3. Purpose of data processing
We process the above-mentioned data for the following purposes:
Ensuring a smooth connection setup of the website,
Ensuring comfortable use of our website,
Evaluating system security and stability as well as
for other administrative purposes,
Creating a server log (typically deleted after 7 days)
In no case do we use the data collected to draw conclusions about your person unless otherwise stated below.
4. Duration of storage
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. In the case of data collection for the provision of the website, this is the case when the respective session is ended. In the case of storing data in log files, this is the case after at most seven days. Further storage is possible. In this case, the IP addresses of the users will be deleted or distorted, so that an association with the calling client is no longer possible.
5. Right to object and removal options
The collection of data for the provision of the website and the storage of data in log files is mandatory for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
II. Use of Cookies
1. Description and scope of data processing
In addition to the data mentioned above, when you use our website, cookies are stored on your computer. Cookies are small text files that are stored on your hard drive by the browser you use and through which certain information flows to the entity that sets the cookie (in this case, us). Cookies cannot execute programs or transfer viruses to your computer. We use cookies to make our website more user-friendly. Some elements of our website require the calling browser to be identified even after a page change.
Furthermore, we do not use any technically unnecessary cookies that enable an analysis of the users' surfing behavior on our website.
However, we do use specific analysis programs (explained separately below).
2. Legal basis for data processing
The legal basis for processing personal data using technically necessary cookies is Art. 6 para. 1 lit. f GDPR.
The legal basis for processing personal data using cookies for analysis purposes is Art. 6 para. 1 lit. a GDPR, provided that the user has given consent.
3. Purpose of data processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these functions, it is necessary for the browser to be recognized again after a page change.
The user data collected using technically necessary cookies are not used to create user profiles.
The use of analysis cookies is for the purpose of improving the quality of our website and its content. Through analysis cookies, we learn how the website is used and can continuously optimize our offerings.
In these purposes lies our legitimate interest in processing personal data in accordance with Art. 6 para. 1 lit. f GDPR.
4. Duration of storage
Cookies are stored on the user's computer and transmitted to our site. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies for our website are disabled, it may not be possible to use all the functions of the website to their full extent. Your personal data will be deleted as soon as it is no longer necessary for the purpose of its processing; this is particularly the case when leaving the website.
5. Right to object and options for removal
An overview of the technically necessary cookies used on our website can be found in the so-called cookie box when the website starts.
In the case of permission, cookies are stored on your computer and transmitted to our website. Therefore, you have full control over the use of cookies.
By changing the settings in your browser, you can disable or restrict the transmission of cookies. You can delete already stored cookies at any time. This can also be done automatically. If cookies for our website are disabled, it may not be possible to use all the functions of the website to their full extent.
It is not possible to block the transmission of flash cookies through your browser settings. This requires corresponding changes to the settings of Adobe Flash Player.
III. Contact Form and Email Contact
1. Description and scope of data processing
There are contact forms on our website or our email address is provided, which can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask/the email will be transmitted to us and stored. This data includes:
First name, last name
Email address
Phone number (optional)
Reason for contact (concern)
Request for callback
Confirmation of acknowledgment of the data protection declaration
At the time of sending the message, the following data is also stored:
The user's IP address
Date and time of contact
For the processing of the data, your consent is obtained within the framework of the sending process and reference is made to this data protection declaration.
Alternatively, contact can be made via the provided email address. In this case, the personal data of the user transmitted with the email will be stored.
In this context, the data will not be passed on to third parties. The data will be used exclusively for the processing of the conversation.
2. Legal basis for data processing
The legal basis for the processing of data is the user's consent in accordance with Art. 6 para. 1 lit. a GDPR.
The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 lit. a and lit. f GDPR. If the email contact aims to conclude a contract, an additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
3. Purpose of data processing
The processing of personal data from the input mask serves solely for processing the contact. In the case of contact via email, there is also a necessary legitimate interest in processing the data.
The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.
4. Duration of storage
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. For the personal data from the input mask of the contact form and those sent by email, this is the case when the respective conversation with the user is finished. The conversation is deemed to be finished when it can be inferred from the circumstances that the relevant matter has been conclusively clarified.
The additional personal data collected during the sending process will be deleted no later than seven days after the transmission.
Please note that longer storage/retention periods may result from legal requirements (see section A. IV. above).
5. Right to object and right to erasure
The user has the option to revoke his/her consent to the processing of personal data at any time.
If the user contacts us via email, he/she can object to the storage of his/her personal data at any time. In such a case, the conversation cannot be continued.
All personal data that has been stored as part of the contact will be deleted in this case unless we are required to store it based on a legal obligation (see section A. IV. above).
An overview of your rights as a data subject can be found under A. V.
IV. Google AdWords
1. Description and scope of data processing
We use the online advertising program "Google AdWords" and within Google AdWords the conversion tracking. The Google Conversion Tracking is an analysis service of Google Inc. If you click on an ad placed by Google, a cookie for the conversion tracking will be placed on your computer. These cookies lose their validity after 30 days, do not contain any personal data and therefore do not serve for personal identification. Each Google AdWords customer receives a different cookie. Thus, there is no way that cookies can be tracked across the websites of AdWords customers.
Further information about Google Inc., Google AdWords and Google's privacy policy can be found at:
http://www.google.com/policies/technologies/ads/, http://www.google.de/policies/privacy/.
2. Legal basis for data processing
The legal basis for processing the data within the integration of Google Fonts is Art. 6 (1) lit. f GDPR
3. Purpose of data processing
When you visit certain internet pages of our website and the cookie has not yet expired, Google and we can recognize that you clicked on the ad and were redirected to this page. The information obtained using the so-called conversion cookie is used to create conversion statistics for AdWords customers who have decided to use conversion tracking. Here, we learn the total number of users who clicked on the ad and were redirected to a page with a conversion tracking tag.
4. Storage duration
The cookies with the stored data lose their validity after 30 days.
5. Possibility of objection and elimination
If you do not want to participate in the tracking, you can object to this use by preventing the installation of cookies through the appropriate setting of your browser software (deactivation option). You will then not be included in the conversion tracking statistics.
An overview of your rights as an affected person can be found under A. V.
V. Social Media, YouTube, Google Maps
1. Description and scope of data processing
(1) We do not use social plugins on our website. We have only set a link to Facebook.
(2) When you visit our site, no personally identifiable information is initially transmitted to Facebook. We provide you with the opportunity to communicate directly with the provider via the link/button. Only if you click on the highlighted field and activate it, the provider receives the information that you have accessed the respective website of our online offering. In addition, the data mentioned under § 3 of this statement will be transmitted. According to the respective providers in Germany, the IP address is anonymized immediately after collection. By using the link or button, personal data is therefore transmitted from you to the respective provider and stored there (by US providers in the USA). Since providers in particular collect data through cookies, we recommend that you delete all cookies through the security settings of your browser.
(3) We have no influence on the data collected and data processing operations, nor do we know the full extent of data collection, the purposes of processing, or the storage periods. We also have no information about the deletion of the data collected by the plug-in provider.
(4) The Facebook provider stores the data collected about you as user profiles and uses them for advertising, market research, and/or the needs-based design of its website. Such an evaluation is carried out in particular (also for non-logged-in users) to display needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, but you must contact the respective provider to exercise this right. Through the link or button, we offer you the opportunity to interact with social networks and other users, so that we can improve our offering and make it more interesting for you as a user.
(5) You can find Facebook's privacy policies at:
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php, further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo, Facebook has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework
YouTube
(1) YouTube LLC is a subsidiary of Google LLC. We have embedded our own YouTube videos in our online offering, which are stored at http://www.YouTube.com and can be played directly from our website. These are all embedded in
VI. Google Analytics
1. Description and scope of data processing
Our website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses so-called "cookies", which are text files placed on your computer, to help the website analyze how users use the site.
This website uses Google Analytics with the extension "_anonymizeIp()". This means that IP addresses are processed in a shortened form, so that any direct reference to a person can be excluded. If data collected about you has a personal reference, it will be immediately excluded and the personal data deleted without delay.
The IP address transmitted by your browser within the framework of Google Analytics will not be associated with any other data held by Google.
2. Legal basis
The legal basis for using Google Analytics is Art. 6 para. 1 p. 1 lit. f GDPR. If we have obtained your consent, the processing will be based exclusively on Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.
3. Purpose
We use Google Analytics to analyze the use of our website and to regularly improve it. We also use Google Analytics for cross-device analysis of visitor traffic, which is carried out via a user ID. You can deactivate the cross-device analysis of your usage in your customer account under "My Data", "Personal Information".
The statistics obtained allow us to improve our offering and design it more interestingly for you as a user. For exceptional cases in which personal data is transferred to the USA, Google has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
4. Recipients
The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. If IP anonymization is activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activities, and to provide further services to the website operator related to website usage and internet usage.
5. Objection and elimination possibility
You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
6. Further information
Third-party information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of use: http://www.google.com/analytics/terms/en.html, Privacy overview: http://www.google.com/intl/en/analytics/learn/privacy.html, and the Privacy Policy: http://www.google.com/intl/en/policies/privacy.
C. Additional information for customers, suppliers, other business partners
The GDPR obliges us to provide you with comprehensive information about the processing of your personal data within the framework of our contractual relationship, which we are very happy to do.
In case you have any questions about your personal data and its processing, we are always available to assist you.
We would like to inform you as follows:
I. Customers, suppliers, other business partners; Contract processing etc.
1. Description and scope of data processing
Personal data is processed to fulfill our rights and obligations from contractual relationships with our customers, suppliers, and other business partners.
We collect/process the following personal data (but only to the extent necessary):
Title, first name, last name of the customer
First name, last name of the entrepreneur and the contact person in your company;
a valid email address;
address;
date of birth, especially for applications to authorities
phone/fax number (landline and/or mobile);
information necessary for the processing of the contractual relationship or for the protection of our rights and the fulfillment of our obligations.
2. Categories of recipients
We process personal data to process the contractual relationship and record it in our database system (ERP, CRM) and in our accounting. The data is internally transmitted to departments and divisions that must be involved in accomplishing the purpose associated with the data collection. The data is also sent to our tax consultant and to authorities (e.g. building authority, tax office) to the extent legally required or necessary. For the delivery of orders, we provide address data to the commissioned shipping company. Recipients of personal data can also be third parties, if contracts or services are offered or provided by us together with partners, as well as suppliers, subcontractors, entrepreneurs of preceding or subsequent trades, as well as credit institutions, legal services providers, to the extent necessary for contract processing (production, delivery, payment). For the delivery of orders, we pass on your data to the commissioned shipping company. Profiling or automatic decision-making does not take place.
Failure to provide data by you may result in the contract not being concluded or not being processed
3. Legal basis for data processing
The legal basis for the processing of your personal data as well as the personal data of the contact persons of your company in the context of customer and supplier registration, conclusion of the transaction, and ongoing business relationship is Art. 6 para. 1 lit. b DSGVO or Art. 6 para. 1 lit. f DSGVO.
If you or the contact persons of your company have given consent, Art. 6 para. 1 lit. a DSGVO is an additional legal basis for the processing of your personal data as well as the personal data of the contact persons of your company.
4. Purpose of data processing
The purpose of processing your personal data as well as the personal data of the contact persons of your company in the context of customer and supplier registration, conclusion of the transaction, and ongoing business relationship is the initiation, execution, and termination of the respective order as well as consideration in future contract awards or tenders.
This data is processed in particular
to be able to identify you as our contracting party or employee of our contracting party;
to be able to advise, support, and supply you appropriately;
for correspondence with you;
for invoicing;
for the processing of any warranties or liability claims
for defense against unjustified claims as well as for legal enforcement and assertion of claims and rights
5. Origin
If we have not received personal data directly from you, the contact person of your company has provided and disclosed your personal data to us as part of customer and supplier registration.
6. Storage duration
Your personal data as well as the personal data of the contact persons of your company will be deleted as soon as they are no longer required for the purpose of their collection.
In the case of customer and supplier registration, conclusion of the transaction, and ongoing business relationship, this is the case when the contract underlying the order or the offer has been fulfilled and all claims arising from the contractual relationship have expired or no longer exist any legal storage periods.
In the case of consideration in future contract awards or tenders, this is the case when your company finally has no interest in consideration in future contract awards, tenders, or offers.
Please note that longer storage/retention periods may result from legal requirements (above A. IV.).
7. Right to object and rectification
The processing of your personal data as well as the personal data of the contact persons of your company is necessary for the initiation, execution and termination of the respective contract, order or offer. Consequently, there is no possibility of objection for you or the contact person of your company.
If you or the contact persons of your company have given consent to the processing of your personal data, the consents can be revoked at any time for the future or the processing of personal data, within the framework of consideration in future orders or offers, can be objected to for the future.
An overview of your rights as a data subject can be found under A. V.
II. Contact by email
1. Description and scope of data processing
You have the option to contact us via our email address(es). In this case, the personal data of the user transmitted with the email will be stored.
In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the conversation.
2. Legal basis for data processing
The legal basis for the processing of your personal data as well as the personal data of the contact persons of your company, which are transmitted to us in the course of sending an email, is Art. 6 para. 1 lit. f GDPR. If the email contact aims at the conclusion or execution of a contract, Art. 6 para. 1 lit. b GDPR is an additional legal basis for the processing of personal data.
3. Purpose of data processing
The processing of personal data in the case of contacting us by email serves solely for processing the contact.
4. Duration of storage
The personal data will be deleted as soon as they are no longer necessary for the purpose of their collection. For the personal data sent by email, this is the case when the respective conversation with you or the contact persons of your company is finished. The conversation is deemed to be finished when it can be inferred from the circumstances that the relevant facts have been conclusively clarified between us.
Please note that longer storage/retention periods may result from legal requirements (see A. IV. above)
5. Right to object and to erasure
There is always the possibility to object to the processing of personal data within the framework of contacting us by email for the future. In such a case, the conversation between us cannot be continued. All personal data stored in the course of the contact will be deleted in this case.
An overview of your rights as the data subject can be found under A. V.
D. Additional information for the visitors/customers of our online shop
The GDPR obliges us to provide you with comprehensive information about the processing of your personal data within the framework of our contractual relationship, to which we are happy to comply. In the event that you have further questions about your personal data and its processing, we are always at your disposal.
We would like to inform you as follows:
I. Customers/visitors of our online shop
1. Description and Scope of Data Processing
Without your registration in our online shop, only those personal data will be collected and processed from you as from any other visitor to our website (see B.)
Orders in our online shop require prior registration of the customer. The data collected in this process is needed for us to fulfill our rights and obligations arising from a contractual relationship with our customers.
We collect/process the following personal data (but only as far as necessary):
- Salutation, first name, last name of the customer
- First name, last name of the entrepreneur and the contact person in their company;
- A valid email address;
- Address;
- Date of birth, especially for applications to authorities
- Telephone/fax number (landline and/or mobile);
- Information necessary for the processing of the contractual relationship or for the protection of our rights and fulfillment of our obligations.
2. Categories of Recipients
We process personal data for the handling of the contractual relationship and record it in our database system (ERP, CRM) and in our accounting. The data goes internally to departments and units that must be involved in fulfilling the purpose associated with the data collection. The data also goes to our tax advisor and to authorities (e.g., building regulation office, tax office) as far as legally required or necessary. For the delivery of orders, we pass on address data to the commissioned shipping company. Recipients of personal data may also be third parties if contracts or services are offered or provided by us together with partners, as well as suppliers, subcontractors, contractors of preceding or subsequent trades, and financial institutions, legal service providers as far as this is necessary for contract processing (manufacturing, delivery, payment). We pass on your data to the commissioned shipping company for the delivery of orders. No profiling or automatic decision making takes place.
Failure to provide data by you may result in the contract not being concluded or not being processed.
3. Legal Basis for Data Processing
The legal basis for the processing of your personal data, as well as the personal data of the contact persons of your company in the context of customer, supplier setup, business conclusion, and ongoing business relationship is Art. 6 para. 1 lit. b GDPR or Art. 6 para. 1 lit. f GDPR.
If you or the contact persons of your company have given consent, then Art. 6 para. 1 lit. a GDPR is an additional legal basis for the processing of your personal data as well as the personal data of the contact persons of your company.
4. Purpose of Data Processing
The purpose of processing your personal data, as well as the personal data of the contact persons of your company in the context of customer, supplier recording, business conclusion, and ongoing business relationship is the establishment, execution, and termination of the respective order, as well as consideration for future contract awards or tenders.
The processing of this data is carried out in particular
- to be able to identify you as our contractual partner or employee of our contractual partner;
- to be able to adequately advise, support, and supply you;
- for other correspondence with you (e.g., customer inquiries);
- for invoicing;
- for handling any warranties or liability claims;
- to defend against unjustified claims and to legally enforce and assert claims and rights.
5. Origin
If we have not received personal data directly from you, your company's contact person has provided and mentioned your personal data to us in the context of customer and supplier recording.
6. Duration of Storage
Your personal data, as well as the personal data of the contact persons of your company, will be deleted as soon as they are no longer necessary for achieving the purpose of their collection.
In the case of customer, supplier setup, business conclusion, and ongoing business relationship, this is the case when the contract underlying the order or offer is fulfilled and all claims from the contractual relationship have expired or no legal retention periods exist anymore.
In the case of consideration for future contract awards or tenders, this is the case when your company definitively has no interest in being considered for future contract awards, tenders, or offers.
Please note that longer storage/retention periods may arise from legal requirements (see above A. IV.).
7. Objection and Elimination Option
The processing of your personal data, as well as the personal data of the contact persons of your company, is mandatory for the establishment, execution, and termination of the respective contract, order, or offer. Consequently, there is no possibility of objection for you or the contact person of your company.
If you or the contact persons of your company have given consents to the processing of your personal data, you can revoke these consents at any time for the future or object to the processing of personal data in the context of consideration for future orders or offers for the future.
An overview of your rights as an affected person can be found under A. V.
II. Contact in the online shop via email
1. Description and Scope of Data Processing
You have the option to contact us via our email address(es). In this case, the personal data of the user transmitted with the email will be stored.
In this context, the data will not be shared with third parties. The data is exclusively used for processing the conversation.
2. Legal Basis for Data Processing
The legal basis for the processing of your personal data, as well as the personal data of the contact persons of your company, which is transmitted in the course of sending an email to us, is Art. 6 para. 1 lit. f GDPR. If the email contact aims at concluding or processing a contract, then Art. 6 para. 1 lit. b GDPR is an additional legal basis for the processing of personal data.
3. Purpose of Data Processing
The processing of personal data in the case of contact via email is solely for the purpose of handling the contact.
4. Duration of Storage
The personal data will be deleted as soon as they are no longer necessary for achieving the purpose of their collection. For personal data sent by email, this is the case when the respective conversation with you or the contact persons of your company is concluded. The conversation is considered concluded when it can be inferred from the circumstances that the relevant matter has been finally clarified between us.
Please note that longer storage/retention periods may arise from legal requirements (see above A. IV).
5. Objection and Elimination Option
There is always the option to object to the processing of personal data in the context of contact via email for the future. In such a case, the conversation between us cannot be continued. All personal data stored during the contact will be deleted in this case.
E. Additional information for our online services/Sensaru app
I. General information on data processing
The GDPR obliges us to provide you with comprehensive information about the processing of your personal data in the context of a contractual relationship with us.
We distribute sensors developed by us, which are installed on heating systems, electricity meters, and/or water meters to record the data incurred for and during use, particularly consumption data. The data collected by the sensor can be read by us as the customer's service provider through the app developed by us for this purpose ('Sensaru app').
Below, we would like to inform you about the processing of the personal data collected in this context. In case you have any questions about your personal data and its processing, we are always at your disposal.
II. Data processing when using the sensor and the app
1. Description and Scope of Data Processing
The sensor we provide is used to collect consumption data (heating, electricity, water) in your apartment or building, as well as other related data. The data from the sensor is read out via the app. The data enables the customer to be continuously (currently) and cumulatively informed about the respective consumption for certain periods. However, the collection of data also serves to enable us to prepare the data for the customer and/or to provide our customer (apartment owner, building owner, building management) with information to improve usage and show possibilities for savings after data analysis.
The use of the sensor is not possible without the services provided by us for this purpose.
For and during the use of the sensor data via the app, the following data is collected/processed. We also need the data to be able to exercise/fulfill our rights and obligations from a contractual relationship with you, as our customer.
We collect/process the following personal data (but only to the extent necessary):
Salutation, first name, last name of the customer
First name, last name of the entrepreneur and the contact person in their company;
A valid email address;
Address;
Date of birth, to distinguish customers with the same or similar names or for applications to authorities;
Phone/fax number (landline and/or mobile);
IP address when forwarding data via phone/fax number (landline and/or mobile);
Age, year of construction of the building/apartment;
Consumption data (meter readings) for electricity, heat (heating), water, both current and on a daily, weekly, monthly, yearly basis and on average, as well as temperatures, data on pressure in pipes, fault messages, leakage reports;
Other information necessary for the processing of the contractual relationship or the protection of our rights and fulfillment of our obligations;
2. Categories of Recipients
The contractually necessary data is collected by us.
The collected data is stored in a data storage administered by us and in an external data storage (cloud).
With the consent of the customer (e.g., tenant), this data is also made available to the tenant, building owner, landlord, or property manager.
We process the sensor data for the handling of the contractual relationship and record it in our database system for preparation for the customer and for statistical purposes. The prepared data is provided to the customer (owner, landlord, tenant, property manager) and, on their behalf/with their consent, also to third parties, such as building owners, property managers.
Failure to provide data by the customer may result in the contract not being concluded or not being processed/carried out by us.
Without your consent, the collected data will not be passed on to third parties.
3. Legal Basis for Data Processing
The legal basis for processing your personal data, or the personal data of contact persons if the customer is a company, is Art. 6 para. 1 lit. b GDPR or Art. 6 para. 1 lit. f GDPR in the context of the contractual customer or supplier relationship.
If you - or in the case of your commercial or self-employed activity - the contact persons of your company have given consent, Art. 6 para. 1 lit. a GDPR is an additional legal basis for the processing of your personal data and the personal data of the contact persons of your company.
If the customer is the owner or landlord of a property, data from rented apartments can only be collected/processed if the tenant/resident has consented, insofar as (consumption) data about individual apartments and thus about their users are to be collected or conclusions (e.g., usage behavior) can be drawn from these data.
4. Purpose of Data Processing
The purpose of processing personal data and the personal data of the customer's contact persons within the framework of the contractual relationship is the establishment, execution, and termination of the contract awarded to us. The data should enable the customer to be continuously (currently) and cumulatively informed about the respective consumptions, temperatures, pressures, or leaks in pipelines. However, the collection of data also serves to enable us, by accessing this data, to provide our customer with information for the improvement of individual consumptions or for future purchases of energy/water after a consumption analysis.
The processing of data is carried out in particular
to be able to identify you as our contractual partner or employee of our contractual partner;
to be able to adequately supply you with (processed) consumption data, to advise and support you in improving usage or in savings;
for other correspondence with you (e.g., customer inquiries);
for invoicing;
for handling any warranties or liability claims;
to defend against unjustified claims and to legally assert and enforce claims and rights;
for the purposes of billing consumptions (heating, electricity, water);
to control consumptions and their billing by other service providers (e.g., municipal utilities);
to predict and optimize consumptions;
to determine temperatures, pressures, leaks;
to detect damage to heating systems and/or supply/discharge lines; fault messages.
No automated processing with individual decision-making, including profiling, takes place.
5. Source
We will only collect personal data directly from you or - in the case of commercial activity by you - from an employee of your company. Consumption data etc. as personal data are collected in buildings and apartments and are such that are initiated by the respective user/resident.
6. Storage Duration
The collected personal data will be deleted as soon as it is no longer necessary for achieving the purpose of its collection. In the case of an ongoing contractual relationship, deletion takes place when the contract underlying the order is fulfilled and all claims arising from the contractual relationship have expired or no legal retention periods exist anymore.
Please note that longer storage/retention periods may arise from legal requirements (see above A. IV.).
The collected data can, however, be used anonymously by us for the further development/improvement of our services and products, even after the termination of the contractual relationship.
7. Objection and Elimination Options
As long as the processing of your personal data and the personal data of the contact persons of your company is mandatory for the establishment, execution, and termination of the respective contract, there is no possibility of objection for you as a customer.
If you have given consent to the processing of your personal data, such as the forwarding of consumption data collected by the sensor via the app to us, this consent can be revoked at any time for the future.
The user of the app always has the option to object to the forwarding of the data collected by the app from the sensor to us or to revoke a consent once given. In this case, however, the collected data can no longer be processed and analyzed by us. In this case, the app will only provide the user with the raw data. In this case, we will delete the consumption data already collected by us for the period before.
An overview of your rights as a data subject can be found under A. V.
F. Additional information for our employees
I. General information on data processing
The GDPR obliges us to provide you with comprehensive information about the processing of your personal data in the context of a contractual relationship with us.
In the event that you have any questions about your personal data and its processing, we are always at your disposal.
II. Data processing in the context of the employment relationship
1. Description and Scope of Data Processing
We process your personal data only to the extent necessary for the establishment, execution, and termination of the employment relationship. Further processing of your personal data generally occurs only if we have obtained your prior consent. An exception applies in cases where obtaining prior consent is not possible for factual reasons or if the processing of your personal data is permitted by legal regulations.
2. Categories of Recipients
Within our company, those departments and divisions that need your personal data to fulfill the purpose of the collection have access to it. We also transfer your data to the following (internal and external) recipients, but only if this is necessary for the fulfillment of legal or contractual obligations:
- Our Human Resources department
- Supervisors of the affected employee
- Payroll accounting
- Financial accounting
- Works council (if available)
- Representative body for severely disabled persons (if available)
- Equal opportunities officer (if available)
- Controlling/Revision
- Social insurance carriers: Health insurances, Physicians' pension funds, Pension insurance carriers
- Employment agency
- Supervisory, occupational safety authorities
- Tax office
- Integration office in case of severe disability
- Insurance companies
- Document shredders
- Creditors, in case of wage and salary garnishments
- IT service providers
- Lawyers
- Courts
- Tax consultants
- Personnel service providers
- Other external service providers
- Customers (if the employee is e.g. in sales)
- Professional associations
- Banking institutions.
3. Legal Basis for Data Processing
a. Personal Data
If we obtain consent from you for the processing of personal data, Art. 6 para. 1 lit. a GDPR, Art. 88 para. 1 GDPR in conjunction with § 26 para. 2 BDSG serves as the legal basis.
For the processing of personal data necessary for the establishment, execution, or termination of the employment contract, Art. 6 para. 1 lit. b GDPR, Art. 88 para. 1 GDPR in conjunction with § 26 para. 1 BDSG, § 611a BGB serves as the legal basis.
If the processing of personal data is necessary to fulfill a legal obligation, Art. 6 para. 1 lit. c GDPR serves as the legal basis. Legal obligations include, among others:
- Various sections of the Social Code, Civil Procedure Code, Working Time Act, Minimum Wage Act, Youth Employment Protection Act, Vocational Training Act, and Rehabilitation and Participation of People with Disabilities Act, for reporting to authorities, documentation of working time accounts, salary garnishments, etc.
If the processing is necessary to protect a legitimate interest of ours or a third party and your interests, fundamental rights, and freedoms do not override the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.
b. Special Categories of Personal Data
If we obtain consent from you for the processing of special categories of personal data (Art. 9 para. 1 GDPR), such as religious affiliation, nationality, and health data, Art. 9 para. 2 lit. a GDPR serves as the legal basis.
If the processing of special categories of personal data is necessary for us to exercise our rights and fulfill our duties in the field of employment law, social security, and social protection, the legal basis for processing follows from Art. 6 para. 1 lit. c GDPR, Art. 9 para. 2 lit. b GDPR, Art. 88 para. 1 GDPR in conjunction with § 26 para. 3 BDSG.
If the processing relates to special categories of personal data that you have made public, the legal basis follows from Art. 6 para. 1 lit. f GDPR, Art. 9 para. 2 lit. e GDPR, Art. 88 para. 1 GDPR in conjunction with § 26 para. 1 BDSG.
If the processing of special categories of personal data is necessary for health care, occupational medicine, or the assessment of work capacity, the legal basis follows from Art. 6 para. 1 lit. b GDPR, Art. 9 para. 2 lit. h GDPR, Art. 88 para. 1 GDPR in conjunction with § 26 para. 1 BDSG.
4. Purposes of Data Processing
The processing of your personal data is carried out for the purpose of establishing, executing, and terminating the employment relationship, in particular for fulfilling contractual, legal, collective bargaining, and social security obligations.
5. Duration of Storage
Your personal data will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may also occur if this is provided for by European or national legislation in EU regulations, laws, or other provisions to which we are subject. A blocking or deletion of data also occurs when a storage period prescribed by the aforementioned standards expires unless there is a necessity for further storage of the data for the conclusion or fulfillment of a contract.
Subsequently, we store your data for the following periods:
- Payroll records up to 10 years
- Warnings up to 2.5 years
- Application documents, data, up to 6 months or upon termination of employment
- Working time records 2 years
- Other working time records 6 years
- Retirement provisions 30 years from retirement
Please note that longer storage/retention periods may result from legal requirements (see above A. IV.).
6. Objection and Elimination Possibility
The processing of your personal data within the employment relationship is mandatory for the establishment, execution, and termination of the employment relationship. Consequently, you do not have the possibility to object.
If the processing of your personal data is based on consent, you have the right to revoke your consent at any time.
An overview of your rights as a data subject can be found under A. V.
Additional information for applicants
I. General information about data processing
The GDPR requires us to provide you with comprehensive information about the processing of your personal data in the context of your application process.
II. Data processing within the scope of the application procedure
1. Description and scope of data processing
We generally process your personal data only to the extent necessary for the initiation and establishment of an employment relationship. Further processing of your personal data is usually only carried out if we have obtained your prior consent for this. An exception applies in cases where obtaining prior consent is not possible for factual reasons or the processing of your personal data is permitted by a legal regulation.
2. Recipient categories
Within our company, those departments and divisions receive personal data that they need to fulfil the aforementioned purposes. In addition, we partly use different service providers and transmit your personal data to other external or internal recipients if this is legally permissible or if you have given your consent, e.g.
Our human resources department
Possible superiors
Specialist departments
Accounting department
Works council (if available)
Representatives for employees with severe disabilities
Equality officer
Controlling/auditing
Employment agency
Integration office in case of severe disability
IT service providers
3. Legal basis for data processing
The legal basis for the processing of your personal data in the context of the application process is § 26 para. 1 sentence 1, para. 3 BDSG (Federal Data Protection Act).
If we obtain your consent for the processing of your personal data, § 26 para. 2 BDSG serves as the legal basis.
If the processing of your personal data is necessary to fulfil a legal obligation to which we are subject, Art. 6 para. 1 lit. c GDPR (General Data Protection Regulation) serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of ours or of a third party, and if your interests, fundamental rights, and freedoms do not override the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing. A legitimate interest in this sense is, for example, an obligation to provide evidence in a procedure under the General Equal Treatment Act (AGG).
The legal basis for the processing of special categories of personal data, within the meaning of Article 9 para. 1 GDPR, is § 26 para. 3 BDSG.
4. Purposes of data processing
The processing of your personal data is carried out for the purpose of establishing the employment relationship, in particular to fulfil contractual, legal, and, if applicable, collective bargaining and social security law obligations arising from it.
5. Duration of storage
Your personal data will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may also take place if this has been provided for by the European or national legislator in EU regulations, laws, or other provisions to which we are subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the purpose of concluding or fulfilling a contract.
We store your personal data, among other things, for the following periods:
Application documents, data, after decision on non-appointment, up to 6 months, burden of proof of discrimination, deadline §§ 21 para. 5, 22 AGG (General Equal Treatment Act)
Application documents otherwise: Upon dissolution, termination of the employment relationship
6. Right to object and right to erasure
The processing of your personal data in the context of the application process is essential for the establishment of the employment relationship. Therefore, you do not have the right to object.
If the processing of your personal data is based on consent, you have the opportunity to revoke your consent at any time.
You can find an overview of your rights as a data subject under A. V.