Principles of data processing

We are very happy to make available the following information about data protection in order to satisfy our information obligations towards our customers, suppliers and interested parties in line with Articles 12 and 13 of the General Data Protection Regulation (GDPR):

 

Who is responsible for data processing?

The Controller in the sense of data protection law is:

GK Software SE
Waldstraße 7
08261 Schöneck
Germany

Phone: +49 (0)3 74 64 84 - 0
Fax: +49 (0)3 74 64 84 - 15
E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

Chairperson of the Supervisory Board: Nicholas Fraser
Management Board: Michael Scheibner (CEO), Michael Jaszczyk (CDXO)

Chemnitz Local Court: HRB 31501
International VAT No.: DE 141 093 347

 

Which data do we process about you? And for what purposes?

If we have received any data from you, we will always exclusively process it for the purposes, for which we have gathered it.

This will normally involve the following:

  • Communications to meet contractual obligations and pre-contract activities
  • Information about our products and services
  • Mentioning references for new customers
  • Accessing and using online services provided by GK Software SE (e.g. Getmygooods.com)
  • Issuing invoices and accounting procedures
  • Safeguarding any guarantee claims

This data normally involves:

  • Your general data (e.g. surname, first name, title, form of address, job profile)
  • Contact data (e.g. e-mail address, phone number, mobile phone number, other means of communication, if necessary, if used by both sides)
  • Data for bank transactions (e.g. IBAN, BIC, creditworthiness)
  • Any other personal data that you communicate to us during the pre-contractual or contractual relationship.

Please note that we cannot name all the potential data here. However, we only gather data, which you actively communicate to us or which is publicly accessible.

In individual cases (e.g. after you have registered for our newsletter), we process your data on the basis of your consent (Article 6 Para. 1 a) of the GDPR) or e.g. to provide more efficient cooperation (a justified interest in line with Article 6 Para. 1 f) of the GDPR)). 

Any data processing for other purposes is then only possible if the necessary statutory requirements exist for this according to Article 6 Para. 4 of the GDPR. We will naturally satisfy any information obligations outlined in Article 13 Para. 3 of the GDPR and Article 14 Para. 4 of the GDPR in each case.

 

What is the legal basis for this?

The legal basis or bases for processing personal data is/are:

  • Your consent (Article 6 Para. 1 a) of the GDPR)
  • Data processing for the performance of contracts (Article 6 Para. 1 b) of the GDPR)
  • Data processing on the basis of a legitimate interest (Article 6 Para. 1 f) of the GDPR)
  • Data processing to comply with a legal obligation (Article 6 Para. 1 c) of the GDPR)

If any personal data is processed on the basis of your consent, you have the right to cancel your consent with us as regards the future at any time. You can send your cancellation to our data protection officer, whose details are provided below. 

We justify our legitimate interest in using opportunities for direct advertising in line with Section 7 Para. 3 of the Act against Unfair Competition according to Recital 47 of the GDPR; we have a legitimate interest in informing our customers about products and services by informing them via communications channels.  As a data subject, you have the right to object to the processing of personal data for these purposes, taking into account the stipulations in Article 21 of the GDPR.

 

How long is the data stored?

We process your data for as long as this is necessary for the relevant purpose.

If any retention obligations exist in the law – e.g. in commercial law or tax law – the relevant personal data will be stored for the duration of the obligatory retention period. Once this retention obligation has expired, checks will be made to see whether there is any other requirement for processing. If no other obligation exists, the data will be deleted.

As a matter of principle, we conduct a check on data to see whether any further processing is necessary at the end of each calendar year. Because of the quantity of data involved, this check takes place with regard to specific types of data or purposes for processing.

If you have unsubscribed from our newsletter, we automatically delete your data. 

You can naturally demand information about the personal data that we have stored about you at any time (see below) and, if there is no further need for this, request that the data is deleted or that the processing is restricted.

 

To which recipients is the data forwarded?

Any forwarding of your personal data to third parties will always exclusively take place if this is necessary to perform the contractual relation relationship with you, if forwarding takes place on the basis of a legitimate interest that is permissible in the sense of Article 6 Para. 1 f) of the GDPR, if we are legally obliged to pass it on or you have granted your consent for this.

These recipients may, for example, be providers of IT services or transport and logistics companies.

 

Office communications and completing projects: Microsoft (Microsoft 365, Microsoft Teams)

We use Microsoft 365 and Microsoft Teams to handle our normal office communications and to hold telephone conferences, online meetings and/or video conferences. If we record online meetings, we will inform you of this before they start and – if necessary – ask you for your verbal consent. If you do not want any recording to take place, you can leave the online meeting.

We will record the content of any chats if this is necessary for the purposes of recording the results of an online meeting.

Microsoft 365 and Microsoft Teams are a service provided by Microsoft Ireland Operations, Ltd. We have concluded an order processing agreement with the provider for this purpose.

Different types of data are processed when using “Microsoft Teams”. The scope of the data also depends on what details you have provided as regards data before an “online meeting” or when participating in it. 

The following personal data is subject to processing:

  • Details about the user: the display name, e-mail address, profile photo (optional), preferred language
  • Metadata about the meeting: e.g. the date, time, meeting ID, phone number, place
  • Text, audio and video data: you may possibly have the opportunity of using the chat function at an online meeting. In this case, the text information that you input will be processed in order to display it during the online meeting.

The data from the microphone on your terminal device or from the video camera on your terminal device will be processed during the meeting in order to display any videos and record any audio content. You may turn off the camera or mute the microphone yourself using the “Microsoft Teams” applications at any time.

 

Personal participation at Teams meetings

As a matter of principle, the following categories of data are processed via the Teams online seminar software: 

Participant data without a Teams account: You can specify your participant name before entering the digital seminar area. This participant name, however, does not have to be your real name. You may also specify your e-mail address, a profile photo and/or your preferred language.

Participant data with a Teams account: If you yourself have a Teams or Office 365 or Microsoft 365 account, the data stored there, e.g. your name, your profile photo, the name of your organization (your employer) and your e-mail address, will be made available to the other participants. The data that can be retrieved there depends on the data that has been entered by you or your organization.

Audio and video data: If you are involved in making verbal contributions and/or use the video function too in order to enable visual transmission of your image, this personal content data will naturally be processed for the purposes of communication within the online seminar. It is up to you to decide whether you use this function. The aforementioned data processing can only take place if you yourself activate the microphone or the camera on your terminal device. However, please bear in mind that you may then lose any opportunity of anonymous or pseudo-anonymous usage.

Text data, chat function: If you use the chat function, this content data will naturally be processed for the purposes of communication within the online seminar. Firstly, it is up to you to decide whether you use this function. Secondly, as already indicated, you are not obliged to log in using your real identity or any identity at all, so that you can use this function, even when protecting your identity.

Recording of online seminars: Should a recording take place in exceptional circumstances – e.g. for later use, for downloading by third parties or for a similar purpose - we will clearly explain this to you in advance and obtain your consent for this. You can also recognize at any time whether a recording is taking place. The software will indicate this to you.

 

Metadata, diagnosis data (“telemetric data”)

The metadata processed by Teams does not involve any personal data. For the sake of completeness, however, we would refer you to the following types of data processing:

Metadata: Teams processes device and hardware information like the operating system and language settings as well as a user ID and a device ID. The user ID is not related to any individual. You can find a summary of the metadata processed by Teams at: https://docs.microsoft.com/de-DE/microsoftteams/data-collection-practices.

Diagnosis data: When it comes to diagnosis or telemetric data, the scope of the data processing significantly depends on the settings that have been made by your organization. You can obtain a summary of the necessary diagnosis data, i.e. the data processing that is necessary to provide the service, with regard to any mobile usage at: https://docs.microsoft.com/de-DE/microsoftteams/policy-control-diagnostic-data-mobile#properties-sent-with-all-events and related to usage via a desktop client at: https://docs.microsoft.com/de-DE/microsoftteams/policy-control-diagnostic-data-desktop.

 

Information about data security

Teams uses the TLS and MTLS protocols, which enable encrypted communications and endpoint authentication on the Internet. You can find more information about this at: https://docs.microsoft.com/de-de/microsoftteams/teams-security-guide

If we do not have a contractual relationship with you, the legal basis for processing your personal data is Article 6 Para. 1 f) of the GDPR. In this case, we have a justified interest in effectively conducting online meetings.

Tax and commercial law

Data may need to be forwarded to tax advisors, banks and other financial authorities as part of the stipulations under tax and commercial law.

In our case, these third parties are not service providers or associated companies, which have to comply with our requirements related to data protection. We have concluded order processing agreements for this purpose and can therefore guarantee that you may exercise your rights with regard to them too.

If the business relationship with you should make it necessary to transfer personal data to any recipients, whose data protection laws offer a level of protection that does not comply with the level of protection provided by the EU's General Data Protection Regulation (GDPR), GK Software SE will adopt other suitable and appropriate guarantees to protect your personal data. Personal data will only be transferred to external recipients in these kinds of countries, if they have concluded EU standard contract clauses with GK Software SE.

 

Where is the data processed?

No personal data is normally processed outside the European Union (EU), as we have restricted our storage capacity to data centers within the European Union. 

In individual cases, personal data may be processed outside the European Union (EU). In this case, we explicitly refer to this in the section entitled “Recipients” and guarantee that only providers are used for which a suitability decision from the EU Commission is available or appropriate guarantees exist according to the GDPR.

 

Your rights as a “data subject”

You have the right to obtain information about the personal data that we process about you according to Article 15 of the GDPR. If you make a request about information, which is not made in writing, we would ask you to appreciate that we may then demand evidence from you to prove that you are the person that you purport to be.

You also have a right to have the processing work corrected or deleted or restricted, if you are legally entitled to this according to Articles 16, 17 and 18 of the GDPR.

You also have a right to object to any processing within the statutory regulations. The same applies to your rights to data portability. You particularly have a right in line with Article 21 Para. 1 and 2 of the GDPR to object to any processing of your data in conjunction with Article 6 Para. 1 f) of the GDPR. You can send your objection to our data protection officer in an informal manner via the following addresses:

 

Our data protection officer

We have appointed an external data protection officer at our company. You can reach the officer using the following contact options:

FKC CONSULT GmbH
Eschenburgstr. 5
23568 Lübeck
E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

 

Right of appeal

You have the right to complain about the way that we process any personal data to a supervisory authority for data protection.

 

Miscellaneous

We do not make use of any systems for automated decision-making or profiling.

We revise this data protection information if any changes are made to data processing or if there are any other reasons that make this necessary. You can always find the latest version of this information on our website.

 

Stand: 10/27/2020