Privacy information for business partners
Data protection notices according to Art. 13, 14 GDPR.
Scope of data processing and data categories
With regard to our business partners, we process the following categories of personal data in particular:
- Contact information such as title, first and last name, business communication data such as address, e-mail address, telephone number, mobile phone number, fax number
- Other personal information related to the execution and processing of contracts, orders and requests
- Data in the context of the use of video conferencing tools
- Payment and processing data such as account data and other information required for the processing of payment transactions
- Account and log data incl. access logs in connection with a collaboration on the IT infrastructures or IT systems of ]init[ AG as well as in the context of ticket creation and processing
- Information we collect from public sources, information databases or credit reporting agencies.
Purpose of data processing
The data processing is carried out for the purpose of
- Communication with our business partners and execution of contract-related correspondence
- Planning, implementation and administration of the contractual and pre-contractual business relationship between ]init[ AG and the business partners, including administration in a contract data or customer database
Processing of orders
- Billing and payment processing as well as accounting
- Collaboration in collaboration tools
- Conducting web conferences, webinars and face-to-face events
- Maintaining and protecting the security of our IT infrastructure
- Preventing and detecting security risks, fraudulent activity, or other criminal activity or activity undertaken with the intent to cause harm
- Compliance with legal requirements (e.g. tax and commercial law retention obligations) as well as the guidelines and standards specified by ]init[ AG
- exercise and defense of legal claims.
Depending on the form, the same also applies to the initiation of business relationships with our business partners, e.g. when concluding NDAs, pre-contractual agreements for the execution of orders or for participation in tenders, the evaluation of project partnerships, etc.
Legal bases of data processing
Personal data is processed on the basis of the following legal grounds:
- In the context of contract initiation, contract performance and contract termination as well as fulfillment of pre-contractual measures and / or contractual obligations arising from the contract concluded with you, e.g. from a purchase, work, service, license or rental contract (Art. 6 para. 1 lit. b) GDPR)
- For the fulfillment of legal obligations such as, for example, retention obligations under commercial and tax law, obligations under company law, data protection law and civil law, also with regard to the fulfillment of obligations to provide evidence in compliance with the respective legal regulations (Article 6 para. 1 lit. c) GDPR
- To safeguard the legitimate interests of ]init[ AG, e.g. to assert legal claims, to defend against legal disputes, to ensure IT security, to optimize our business processes, e.g. by maintaining a "Customer Relationship Management" database, to ensure operational security and business control, for building and plant security (e.g. access controls), for comparison with European and international risk lists, if this goes beyond legal obligations, e.g. the German Supply Chain Security Obligations Act (Lieferkettensorgfaltspflichtengesetz). (e.g., access controls), for reconciliation with European and international risk lists if this goes beyond the legal obligations, e.g., of the German Supply Chain Duty of Care Act (Lieferkettensorgfaltspflichtengesetz), to mitigate default risks in our procurement processes by consulting credit agencies, to ensure and safeguard the right of domicile (Article 6 (1) f) GDPR, Section 25 (2) TTDSG).
- The use of contact data of employees of our business partners is also based on our legitimate interest, as long as and to the extent that this serves the order- or project-related cooperation in the context of contract fulfillment.
- on the basis of your consent for the purpose explicitly stated in each case, e.g. when ordering a newsletter or using ]init's[-own project management software (§ 25 para. 1 TTDSG in conjunction with Article 6 para. 1 lit. a) GDPR).
Within ]init[ AG, only those company units will have access to your data that need it to fulfill our contractual and legal obligations and to carry out our internal processes (e.g. sales, purchasing, financial accounting or IT management).
We also transfer your data to the service providers used by ]init[ AG only if this is necessary to fulfill the above-mentioned data processing purposes. These are in particular external companies in the areas of economic and legal consulting and IT services. Insofar as these service providers act as order processors, they are contractually obliged on the basis of Art. 28 GDPR to carry out data processing only in accordance with the instructions of ]init[ AG and in compliance with the applicable data protection requirements.
If, in exceptional cases, a service provider outside the EU / EEA is commissioned, it is ensured that this only concerns service providers that are based in a third country with an adequacy decision and, if necessary, can provide evidence of certification applicable to the country. In the case of a transfer to a third country for which no recognized level of data protection is recognized due to the lack of an adequacy decision, e.g. in the case of an international business relationship or payment processing, ]init[ AG will implement all measures required by the EU Commission and the German data protection authorities, such as the conclusion of so-called standard contractual clauses, the demand for additional guarantees and the implementation of a transfer impact assessment, in order to ensure a level of data protection comparable to the GDPR.
In addition, data transfer to law enforcement agencies may be considered, in particular for the purpose of uncovering criminal acts.
Duration of data storage
]init[ AG will store your personal data only for as long as is necessary to fulfill the purpose for which it was collected, to comply with legal, official or internal regulations and to protect the legitimate interests of ]init[ AG. When the purpose/legitimate interest of the data processing no longer applies, your data will be deleted, unless this conflicts with tax law, commercial law or other legal obligations to retain data. In this case, your data will be stored until the expiry of the respective periods and then deleted.
For example, all accounting vouchers will be stored for a period of 10 years, contract documents, received and the reproduction of sent commercial letters as well as acceptance protocols in the case of contracts for work and services for a period of 6 or 3 years and the access logs generated in the course of accessing internal systems or externally accessible infrastructure systems of ]init[ AG (such as Jira, documentation, portal Sharepoint, Mattermost or Venus) for a period of one year.
Obligation to provide personal data
You are not obligated to provide this data, but without this data we can not carry out the contractual business relationship. In this respect, the processing of your data is based on Art. 6 para. 1 lit. b of the GDPR.
Automated decision making
]init[ AG does not use your data for automated decision-making or profiling.
Rights of the data subject
Each data subject has
- the right to information according to Art.15 GDPR,
- the right to rectification according to Art.16 GDPR,
- the right to erasure according to Art.17 GDPR,
- the right to restriction of processing according to Art.18 GDPR,
- the right to data portability from Art.20 GDPR,
- the right to revoke consent given at any time for the future from Art. 7 GDPRas well as
- the right to lodge a complaint with a data protection supervisory authority under Art. 77 GDPR.
In addition, you have the right to object to data processing on the basis of Art. 21 GDPR, insofar as we process your data on the basis of our legitimate interests.
Insofar as data processing is based on your consent, you have the right to revoke your consent for the future at any time in accordance with Art. 7 (3) GDPR. The lawfulness of the data processing until the time of your revocation remains unaffected.
If you wish to exercise your rights, please contact the data protection officer in writing (by post or by e-mail) (see above for contact details).
We always keep this data protection notice up to date. Therefore, it may be necessary to adapt this data protection information to changed framework conditions of a factual or legal nature. Therefore, please refer to the current version of our data protection statement, which you can find here.
Memberships in the data protection context
Status of data protection information: September 2023