Information on data collection

The data controller within the meaning of the GDPR is the SYNAXON Group company responsible for your contractual relationship. The SYNAXON Group includes the following companies:

• SYNAXON AG,
  Falkenstraße 31, 33758 Schloß Holte-Stukenbrock,
  Telephone: +49 (0) 5207 / 9299-200, Fax: +49 (0) 5207 / 9299-296, Email: info@synaxon.de
• Akcent Computerpartner Deutschland AG,
  Falkenstraße 31, 33758 Schloß Holte-Stukenbrock,
  Telephone: +49 (0) 5207 / 9299-200, Fax: +49 (0) 5207 / 9299-296, Email: info@synaxon.de
• einsnulleins GmbH,
  Falkenstraße 31, 33758 Schloß Holte-Stukenbrock,
  Telephone: +49 (0) 5207 / 9299-500, Fax: +49 (0) 5207 / 9299-296, Email: info@einsnulleins.de
• emendo Cooperation Management GmbH & Co. KG,
  Falkenstraße 31, 33758 Schloß Holte-Stukenbrock,
  Telephone: +49 (0) 5207 / 9299-200, Fax: +49 (0) 5207 / 9299-296, Email: info@synaxon.de
• iTeam Systemhauskooperation GmbH,
  Falkenstraße 31, 33758 Schloß Holte-Stukenbrock,
  Telephone: +49 (0) 5207 / 9299-440, Fax: +49 (0) 5207 / 9299-296, Email: info@iteam.de
• SYNAXON Project and Trading GmbH,
  Falkenstraße 31, 33758 Schloß Holte-Stukenbrock,
  Telephone: +49 (0) 5207 / 9299-400, Fax: +49 (0) 5207 / 9299-296, Email: info@synaxon.de

You can reach our data protection officer for SYNAXON AG and all other companies belonging to the group, with the exception of einsnulleins GmbH, as follows:

• By letter: SYNAXON AG, Data Protection Officer, Falkenstraße 31, 33758 Schloß Holte-Stukenbrock
• by fax: +49 (0) 52 07 / 92 99-296
• by email: datenschutz@synaxon.de

 

For einsnulleins GmbH

• By mail: einsnulleins GmbH, Data Protection Officer, Falkenstraße 31, 33758 Schloß Holte-Stukenbrock
• by fax: +49 (0) 52 07 / 92 99-296
• by email: datenschutz@einsnulleins.de

We process personal data that we receive in connection with initiating a contract (e.g., inquiry, telephone or email contact, preparation of an offer, event booking) or from the contractual relationship with you.

 

We obtain the data either directly from you or from publicly accessible sources (e.g., commercial registers), or it is collected and processed based on legal regulations. In particular, the following data or categories of data are processed:

• Master data, such as first name, last name, company address, associated company, function, and, if applicable, date of birth.
• Contact details, such as email address, telephone number (landline and/or mobile)
• Names, email addresses, telephone numbers and other (contact) details of the respective contact persons or your employees
• As part of the application process: applicant's contact details (e.g., first and last name, email address, telephone number); application documents (e.g., CV, cover letter, information on professional development, qualifications and language skills)
• Contract details, such as customer number, bank details, tax number/VAT ID
• Credit data
• Payment and billing data
• Usage data and logs
• Correspondence data (e.g., written correspondence with you), including emails generated when you contact us via procurement platforms such as ITscope or cop.
• If you call us, we will record the time of the call, the calling number, the number called, and the duration of the call.
• Advertising and sales data
• Sales data (type and quantity of products purchased during the relevant period)
• Offer data, data on project inquiries and order transactions
• Photos that you provide to us or that are taken at events where you are a participant/visitor
• personal data that we are lawfully permitted to process from publicly accessible sources (e.g. commercial register, credit information from Creditreform).
• End customer data, insofar as it is required for ordering licenses or collecting project price inquiries.
• as well as other data comparable to the aforementioned categories.

 

Beyond all of this, we also process personal data when you use the telemedia services we offer (e.g., the time you access our websites, apps, or newsletters, the pages you click on, the entries you make, etc.). You can find information about this data processing and your data protection rights in our privacy policies on the respective websites.

For the execution of contracts

We process your data to initiate and fulfill our contractual relationship with you. This processing is carried out, among other things, for order processing, the creation of invoices and credit notes, the administration and execution of contracts, the management and enforcement of claims, and in the interest of comprehensive customer support. The specific purposes of data processing are primarily determined by the respective contract. You can find further details regarding the purpose of data processing in the relevant contract documents and terms and conditions. The legal basis for this data processing is Article 6(1)(b) GDPR.

 

To fulfill legal obligations

Furthermore, we process your data to fulfill legal obligations to which we are subject. These include, in particular, tax and commercial law retention requirements, obligations related to statutory accounting, and regulations concerning risk assessment, fraud prevention, and money laundering prevention. The legal basis for this data processing is Article 6(1)(c) GDPR.

 

To protect legitimate interests

We process personal data to protect our own legitimate interests or the interests of third parties, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, override those interests. Our legitimate interests include, in particular:

• Optimization of processes for needs analysis for the purpose of direct customer contact
• Distribution analysis and sales management
• Assessment of the economic efficiency of the business relationship
• Measures for business management and further development of services and products
• Data exchange with credit agencies to determine creditworthiness and default risks
• For advertising or market and opinion research purposes, unless you have objected to the use of your data.
• Security measures to ensure IT operations and IT security 

 

The legal basis for this data processing is Art. 6 para. 1 lit. f) GDPR.

 

Based on your consent

If and to the extent that you have given us your consent to process your personal data for specific purposes (e.g., receiving a newsletter), this consent is the legal basis for the data processing in accordance with Article 6(1)(a) GDPR. You can withdraw your consent to data processing at any time without affecting the lawfulness of the processing carried out based on the consent before its withdrawal.

We collect and process the personal data of applicants for the purpose of the application process. If an employment contract is concluded with us as a result of the application, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with legal regulations. If an employment contract is not concluded, the application documents will be deleted six months after receipt of the application, unless other legitimate interests on our part preclude deletion. A legitimate interest in this sense is, for example, the obligation to provide evidence in proceedings under the German General Equal Treatment Act (AGG). The legal basis for storing the data is Art. 6 para. 1 lit. a and f GDPR.

Your data will only be shared with third parties outside the SYNAXON group of companies if you have expressly consented to the transfer beforehand, we are legally obligated to do so, or there is a legal basis for transfer (see below). 

 

Within the SYNAXON Group, your data will be shared, among other things, for the purpose of initiating or carrying out a business relationship with you. For this purpose, your personal data will be stored in our central databases for internal billing and accounting purposes, as well as for customer care and support.

 

To the extent that this is necessary for the performance of a contract with you in accordance with Article 6(1)(b) GDPR, your personal data will be disclosed to third parties. This includes disclosure to our affiliated service providers and distributors so that you can be identified as a SYNAXON contractual partner when placing orders with them; as well as disclosure of your name and company to instructors if you have booked a seminar. In the area of centralized payment processing, we will forward your data to the central payment processor.

 

Before being accepted into one of our partnerships, and in individual cases for first-time credit applications to SYNAXON Projekt und Handels GmbH, we will transmit your name, the name of your company (Firma) and your contact details to Creditreform Bielefeld Riegel & Unger KG for the purpose of checking your company's creditworthiness, from whom we obtain the necessary data.

 

To fulfill our tasks and contractual obligations (e.g., sending newsletters), we sometimes use external service providers and contractors who receive access to your data to the necessary extent and are only permitted to use it for fulfilling the assigned tasks. These contractors are carefully selected and contractually bound in accordance with Article 28 of the GDPR.

We transfer personal data to a service provider (cloud infrastructure provider) in the USA. To ensure an adequate level of protection at the service provider, we use the European Commission's standard contractual clauses for data transfers outside the EU.

The duration for which personal data is stored is determined by the respective statutory retention period. After this period expires, the corresponding data will be deleted unless it is still required for the performance of a contract or for initiating a contract, and/or we have a legitimate interest in its continued storage. If data must be deleted due to the exercise of rights of intervention (e.g., when asserting a right to erasure or withdrawing consent), the corresponding data will be deleted immediately.

As part of our business relationship, you generally only need to provide the personal data necessary for establishing, executing, and terminating the respective contractual relationship. Otherwise, concluding the contract, your participation in an event, or processing your request will not be possible; we will generally no longer be able to fulfill an existing contract and may have to terminate it. Providing this personal data is not legally required beyond this.

We do not use automated decision-making pursuant to Article 22 GDPR, including profiling.

Current data protection law grants you various rights regarding the processing of your personal data. You have the right

• request for information pursuant to Article 15 GDPR,
• for rectification pursuant to Article 16 GDPR,
• to erasure pursuant to Article 17 GDPR,
• to restriction of processing pursuant to Article 18 GDPR,
• Information pursuant to Article 19 GDPR,
• on data portability according to Article 20 GDPR,
• to object pursuant to Article 21 GDPR (see below),
• to lodge a complaint with a supervisory authority pursuant to Article 77 GDPR.

 

The right to information and the right to erasure are subject to the restrictions set out in Sections 34 and 35 of the German Federal Data Protection Act (BDSG).

You have the right to revoke your consent to the processing of personal data at any time with future effect. In the event of revocation, we will delete the data in question immediately, unless further processing can be based on a legal basis for processing without consent. Revoking your consent does not affect the legality of the processing carried out on the basis of your consent up to the time of revocation.

If we process your personal data pursuant to Article 6(1)(f) GDPR based on a balancing of interests due to our overriding legitimate interests, you have the right to object to this processing at any time, on grounds relating to your particular situation, with effect for the future. If you exercise your right to object, we will cease processing the data in question, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of establishing, exercising or defending legal claims.

 

If we process personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such advertising purposes. If you exercise your right of objection, we will stop processing the data concerned for advertising purposes.

 

If you wish to exercise the aforementioned rights, your contact person in all these cases is our data protection officer, whose contact details you can find above.

The following details advise you on the processing of your personal data by SYNAXON AG in relation to existing or future contractual relationships as well as all your entitled rights. Details on which data is processed and how it is used predominantly depend on the services agreed with yourself and therefore differ from case to case. Specifics therefore result from the respective agreements as well as the underlying terms and conditions. Please pass this information on to whom this may concern in your company, as well as current and future authorized representatives.

Person responsible within the meaning of the General Data Protection Regulation (EU GDPR) is the relevant company of the SYNAXON group of companies for your contractual relationship. The following companies belong to the SYNAXON group of companies:

• SYNAXON AG, Falkenstraße 31, D-33758 Schloß Holte-Stukenbrock, Germany,
  phone: +49 (0) 5207 / 9299-200, fax: +49 (0) 5207 / 9299-296, e-mail: info@synaxon.de
• Akcent Computerpartner Deutschland AG, Falkenstraße 31, D-33758 Schloß Holte-Stukenbrock, Germany,
  phone: +49 (0) 5207 / 9299-200, fax: +49 (0) 5207 / 9299-296, e-mail: info@synaxon.de
• einsnulleins GmbH, Falkenstraße 31, D-33758 Schloß Holte-Stukenbrock, Germany,
  phone: +49 (0) 5207 / 9299-500, fax: +49 (0) 5207 / 9299-296, e-mail: info@einsnulleins.de
• emendo Cooperation Management GmbH & Co. KG, Falkenstraße 31, D-33758 Schloß Holte-Stukenbrock, Germany,
  phone: +49 (0) 5207 / 9299-200, fax: +49 (0) 5207 / 9299-296, e-mail: info@synaxon.de
• iTeam Systemhauskooperation GmbH, Falkenstraße 31, D-33758 Schloß Holte-Stukenbrock, Germany,
  phone: +49 (0) 5207 / 9299-440, fax: +49 (0) 5207 / 9299-296, e-mail: info@iteam.de
• SYNAXON Project and Trading GmbH, Falkenstraße 31, D-33758 Schloß Holte-Stukenbrock, Germany,
  phone: +49 (0) 5207 / 9299-400, fax: +49 (0) 5207 / 9299-296, e-mail: info@synaxon.de

You can contact our data protection officer for SYNAXON AG and all other companies belonging to the group of companies, with the exception of einsnulleins GmbH, as follows:

• via mail: SYNAXON AG, Data Protection Officer, Falkenstraße 31, D-33758 Schloß Holte-Stukenbrock, Germany
• via fax: +49 (0) 52 07 / 92 99-296
• via email: datenschutz@synaxon.de

 

 

For einsnulleins GmbH

• via mail: einsnulleins GmbH, Data Protection Officer, Falkenstraße 31, D-33758 Schloß Holte-Stukenbrock, Germany
• via fax: +49 (0) 52 07 / 92 99-296
• via email: datenschutz@einsnulleins.de

We process all personal data that we receive in connection with the initiation of a contract (eg enquiry, telephone or e-mail contact, preparation of an offer, booking of an event) or from the contractual relationship with you. 

 

The data is received either directly from yourself or from publicly accessible sources (eg commercial register) or they are collected and processed in accordance with legal regulations. In particular, the following data or categories of data are processed:

• Master data, such as name, surname, company address, associated company, function, date of birth if applicable
• Contact details, such as e-mail address, telephone number (landline and/or mobile phone)
• Names, e-mail addresses, telephone numbers and other (contact) data of the respective contact persons or your employees
• In the context of application procedures: Contact data of the applicant (eg first and last name, e-mail address, telephone number); application documents (eg CV, cover letter, career development data, qualifications and language skills).
• Contract data, such as customer number, bank details, tax number/VAT no
• Credit rating data
• Payment data and billing information
• Usage data and protocols
• Correspondence data (eg correspondence with you), including e-mails that arise when you contact us via procurement platforms
• When calling us, we record the call time, number calling, number called and duration of the call
• Advertising and sales data
• Turnover data (type and quantity of products purchased in a relevant period)
• Quote data, data on project inquiries and order transactions
• Photos provided by you or taken at events of which you are a participant/visitor
• Personal data which we may legitimately process from publicly accessible sources (eg commercial register, data from credit rating agencies)
• End customer data, if required for ordering licenses or requesting special bid prices
• and other data similar to those categories.

 

Beyond the data above, we also process personal data produced whilst using telemedia offered by us (eg point of time when entering our websites, apps or newsletters, clicked pages, entries, etc.) Find further information on these data processes and your data protection claims and rights in our data protection declarations on the respective websites.

To execute contracts

We process your data to initiate and implement our contractual relationship with you. The processing is carried out, among other things, for order processing, for invoice and credit notes preparation, for the administration and processing of contracts, administration and enforcement of claims and in the interest of comprehensive customer service. The specific purposes of data processing depend primarily on the respective contract. Further details on the purpose of data processing can be found in the relevant contractual documents as well as the terms and conditions. The legal basis for this data processing is Article 6(1) (b) GDPR.

 

To fulfill legal obligations

In addition, we process your data to fulfill legal obligations we are subject to. These include in particular tax and commercial law storage regulations, obligations in connection with legal accounting or regulations regarding risk assessment, fraud and money laundering prevention. The legal basis for this data processing is Article 6(1) (c) GDPR.

 

To protect legitimate interests

We process personal data to protect the legitimate interests of ourselves or third parties, unless these conflict with the interests or fundamental rights and freedoms of the data subject, as this personal data requires to be protected. Our legitimate interests include in particular:

• Optimization of methods for needs assessments in regards to direct customer approach
• Distribution analysis and sales management
• Assessment of the economic viability of business relationships
• Measures for business management and development of services and products
• Data exchange with credit rating agencies to determine credit and default risks
• Advertising activities or market and opinion research, if the data usage has not been objected
• Security precautions to guarantee IT operations and IT security

 

The legal basis for this data processing is Article 6 (1) (f) GDPR.

 

Based on your consent

If you have given us your consent to process your personal data for certain purposes (eg receipt of a newsletter), the respective consent pursuant to Article 6 (1) (a) GDPR is the legal basis for data processing. You can revoke your consent to data processing at any time without affecting the legality of the processing carried out on the basis of the consent until revocation

We collect and process the personal data of applicants for the purposes of the application process. If an employment contract is concluded with us as a result of the application, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If an employment contract is not concluded, the application documents will be deleted six months after receipt of the application, provided that no other legitimate interests on our part prevent deletion. Other legitimate interests in this sense include, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG). The legal basis for the storage of the data is Article 6 (1) (a) and (f) GDPR.

Your data will only be passed on to third parties outside the SYNAXON group if you have given your expressed prior consent to this, if we are obliged to do so on the basis of statutory regulations or if there is a statutory right of transfer (see below).

 

Within the SYNAXON group your data will be passed on, among other things, for the implementation or initiation of the business relationship with yourself. For this purpose, your personal data is stored in our central databases for group-internal invoicing and accounting purposes as well as for customer care / support.

 

Your personal data will be passed on to third parties if necessary according to Article 6 (1) (b) GDPR to execute the contractual relationship with you. This includes passing data on to our affiliated service providers and distributors so that you can be identified as a SYNAXON contractual partner when placing your orders there, as well as passing on your name and company to lecturers if you have booked a seminar.

 

Before being accepted into one of our co-operations as well as in individual cases of initial payments to SYNAXON Projekt und Handels GmbH, we transmit your name, the name of your company and your contact data to Creditreform Bielefeld Riegel & Unger KG for the purpose of checking the creditworthiness of your company, from whom we receive the necessary data.

 

To fulfill our tasks and to fulfill the contract (eg to send newsletters) we use external service providers and contractors who have access to your data to the required extent and who may only use the data for the fulfillment of the orders placed. The contractors are carefully selected and contractually bound by Article 28 GDPR.

We transfer personal data to a service provider (cloud infrastructure provider) in the USA. We use the standard data protection clauses of the European Commission for the transfer of data to other EU countries to ensure an appropriate level of protection at the service provider.

The duration of the storage of personal data is determined by the respective legal retention period. After the deadline, the corresponding data is routinely deleted, if it is no longer required for contract fulfillment or contract initiation and / or we have no legitimate interest in the re-storage. If data is to be deleted due to the exercise of intervention rights (for example in the case of the assertion of a cancellation claim or the revocation of a consent), the corresponding data will be deleted immediately.

As part of our business relationship, you are generally only required to provide the personal data required to establish, execute and terminate the respective business relationship. If not required the conclusion of the contract, your participation at an event or the processing of your request will not be possible; as a rule, we will no longer be able to execute on an existing contract and may have to terminate it. Other than this, the provision of personal data is not prescribed by law

We do not use automated decision making according to Article 22 GDPR, including profiling.

The applicable data protection law grants you various rights regarding the processing of your personal data. You have

• the right of access under Article 15 GDPR,
• the right to rectification under Article 16 GDPR,
• the right to erasure under Article 17 GDPR,
• the right to restrict processing under Article 18 GDPR,
• notification obligation regarding rectification or erasure of personal data or restriction of processing under Article 19 GDPR,
• the right to object under Article 21 GDPR (see below) as well as
• the right to data portability under Article 20 GDPR
• the right to appeal to a supervisory authority under Article 77 GDPR.

 

The restrictions under Sections 34 and 35 BDSG apply to the right to information and the right to erasure.

You have the right to withdraw your consent to the processing of personal data at any time with future effect. In the case of withdrawal, we will delete the data concerned immediately, as far as further processing cannot be based on a legal basis for consentless processing. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until revocation.

If we process your personal data as part of a balance of interests based on our overriding interest, you have the right at any time, for reasons that arise from your particular situation, to file an objection against this processing with effect for the future.

 

If you exercise your right of objection, we will cease processing the data concerned unless we can demonstrate compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims.

 

If personal data is processed by us in order to operate direct mail, you have the right to object at any time the processing of personal data concerning you for the purpose of such advertising. If you exercise your right of objection, we will stop the processing of the relevant data for advertising purposes.

 

If you wish to assert the above rights, your contact person in all these cases is ours data protection officer, whose contact details can be found above.