Preamble
With the following data protection declaration we would like to inform you about which types of your personal data (hereinafter also referred to as "data") we process, for what purposes and to what extent. The data protection declaration applies to all processing of personal data carried out by us, both within the framework of the provision of our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as “online offering”).
The terms used are not gender specific.
As of May 31, 2023
Content overview:
preamble
Responsible person
Overview of processing
Relevant legal bases
Safety measures
Transfer of personal data
Deletion of data
Business benefits
Providers and services used in the course of business activities
Payment procedure
Contact and inquiry management
Application process
Newsletters and electronic notifications
Advertising communication via email, post, fax or telephone
Web analysis, monitoring and optimization
Customer reviews and rating process
Plugins and embedded functions and content
Changes and updates to the data protection declaration
Responsible person:
VELLAP Diagnostics GmbH
Industriestraße 8
99427 Weimar/Germany
Email address: info@vellap.de
Overview of processing:
The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.
Types of data processed:
Inventory data.
Payment details.
Location data.
Contact details.
Content data.
Contract data.
Usage Data.
Meta, communication and procedural data.
Applicant data.
Categories of data subjects:
Customers.
employees.
Interested persons.
Communication partner.
User.
Applicant.
members.
Business and contractual partners.
Purposes of processing:
Provision of contractual services and customer service.
Contact inquiries and communication.
Safety measures.
Direct marketing.
Range measurement.
Tracking.
Office and organizational procedures.
Conversion measurement.
Managing and responding to inquiries.
Application process.
Feedback.
Marketing.
Profiles with user-related information.
Provision of our online offering and user-friendliness.
Relevant legal bases:
Below you will find an overview of the legal basis of the GDPR on the basis of which we process personal data. Please note that in addition to the regulations of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. If more specific legal bases apply in individual cases, we will inform you of these in the data protection declaration.
Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR) - The data subject has given his or her consent to the processing of personal data concerning him or her for a specific purpose or several specific purposes.
Fulfillment of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is a party or to carry out pre-contractual measures at the request of the data subject take place.
Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR) - Processing is necessary to fulfill a legal obligation to which the controller is subject.
Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR) - Processing is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject are infringing on the protection of personal data Data requirements predominate.
Application process as a pre-contractual or contractual relationship (Art. 6 Para. 1 lit. b) GDPR) - As far as special categories of personal data within the meaning of Art. 9 Para. 1 GDPR (e.g. health data, such as severely disabled status or ethnic origin) are included in the application process ) are requested from applicants so that the person responsible or the data subject can exercise his or her rights under labor law and social security and social protection law and fulfill his or her obligations in this regard, the data will be processed in accordance with Article 9 Paragraph 2 lit. b. GDPR, in the case of protecting the vital interests of applicants or other persons in accordance with Art. 9 Para. 2 lit. c. GDPR or for the purposes of health care or occupational medicine, for assessing the employee's ability to work, for medical diagnostics, care or treatment in the health or social sector or for the administration of systems and services in the health or social sector in accordance with Article 9 Paragraph 2 lit. h. GDPR. In the case of communication of special categories of data based on voluntary consent, their processing takes place on the basis of Article 9 Paragraph 2 Letter a. GDPR.
In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. This includes in particular the law to protect against misuse of personal data during data processing (Federal Data Protection Act – BDSG). In particular, the BDSG contains special regulations on the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes and transmission and automated decision-making in individual cases, including profiling. Furthermore, it regulates data processing for the purposes of the employment relationship (Section 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships and the consent of employees. Furthermore, state data protection laws of the individual federal states may apply.
Safety measures:
We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons to ensure a level of protection appropriate to the risk.
The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, disclosure, ensuring availability and its separation. We have also set up procedures to ensure that the rights of those affected are exercised, data are deleted and responses are made to data threats. We also take the protection of personal data into account when developing or selecting hardware, software and procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.
Transmission of personal data:
As part of our processing of personal data, the data may be transmitted to or disclosed to other bodies, companies, legally independent organizational units or persons. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we observe the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.
Transfer of data within the organization: We may transfer personal data to others within our organization or grant them access to this data. If this transfer is made for administrative purposes, the transfer of the data is based on our legitimate entrepreneurial and business interests or takes place if it is necessary to fulfill our contractual obligations or if there is consent from those affected or legal permission.
Deletion of data:
The data processed by us will be deleted in accordance with the legal requirements as soon as the consent for processing is revoked or other permissions no longer apply (e.g. if the purpose of processing this data no longer applies or it is not necessary for the purpose). Unless the data is deleted because it is required for other legally permissible purposes, its processing will be limited to these purposes. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax reasons or whose storage is necessary to assert, exercise or defend legal claims or to protect the rights of another natural or legal person.
Our data protection information may also contain further information on the storage and deletion of data, which applies primarily to the respective processing.
Business services:
We process data from our contractual and business partners, e.g. customers and interested parties (collectively referred to as “contractual partners”) within the framework of contractual and comparable legal relationships as well as associated measures and as part of communication with the contractual partners (or pre-contractual), e.g. to respond to inquiries answer.
We process this data to fulfill our contractual obligations. This includes, in particular, the obligations to provide the agreed services, any update obligations and remedies in the event of warranty and other service disruptions. In addition, we process the data to protect our rights and for the purposes of the administrative tasks associated with these obligations and the company organization. In addition, we process the data on the basis of our legitimate interests in proper and business management as well as security measures to protect our contractual partners and our business operations from misuse and jeopardy of their data, secrets, information and rights (e.g. for the participation of telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Within the scope of applicable law, we only pass on the data of contractual partners to third parties to the extent that this is necessary for the aforementioned purposes or to fulfill legal obligations. The contractual partners will be informed about other forms of processing, e.g. for marketing purposes, within the framework of this data protection declaration.
We inform the contractual partners which data is required for the aforementioned purposes before or as part of data collection, e.g. in online forms, through special marking (e.g. colors) or symbols (e.g. asterisks, etc.), or in person.
We delete the data after statutory warranty and comparable obligations have expired, ie, in principle after 4 years, unless the data is stored in a customer account, for example as long as it must be retained for legal archiving reasons. The statutory retention period is ten years for documents relevant to tax law as well as for commercial books, inventories, opening balance sheets, annual financial statements, the work instructions required to understand these documents and other organizational documents and accounting documents, and six years for commercial and business letters received and copies of the commercial and business letters sent. The period begins at the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance sheet, the annual financial statements or the management report were prepared, the commercial or business letter was received or sent or the accounting document was created and the recording was also made has been made or the other documents have been created.
To the extent that we use third-party providers or platforms to provide our services, the terms and conditions and data protection notices of the respective third-party providers or platforms apply in the relationship between the users and the providers.
Types of data processed: inventory data (e.g. names, addresses); Payment data (e.g. bank details, invoices, payment history); Contact details (e.g. email, telephone numbers); Contract data (e.g. subject matter of the contract, term, customer category); Usage data (e.g. websites visited, interest in content, access times); Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status).
Data subjects: customers; Interested persons; Business and contractual partners.
Purposes of processing: provision of contractual services and customer service; Safety measures; Contact inquiries and communication; office and organizational procedures; managing and responding to inquiries; Conversion measurement (measuring the effectiveness of marketing measures); Profiles with user-related information (creating user profiles).
Legal basis: fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR); Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR).
Further information on processing processes, procedures and services:
Customer account: Customers can create an account within our online offering (e.g. customer or user account, “customer account” for short). If registration of a customer account is required, customers will be informed of this as well as the information required for registration. Customer accounts are not public and cannot be indexed by search engines. As part of the registration and subsequent logins and use of the customer account, we store the customers' IP addresses along with the access times in order to be able to prove registration and prevent any misuse of the customer account. If the customer account has been terminated, the customer account data will be deleted after the termination date, unless it is retained for purposes other than provision in the customer account or must be retained for legal reasons (e.g. internal storage of customer data, order processes or invoices). It is the responsibility of customers to secure their data upon termination of the customer account; Legal basis: fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 Sentence 1 Letter b) GDPR).
Economic analyzes and market research: For business reasons and in order to be able to identify market trends, wishes of contractual partners and users, we analyze the data we have on business transactions, contracts, inquiries, etc., whereby the group of affected persons includes contractual partners, interested parties, customers, Visitors and users of our online offering may fall. The analyzes are carried out for the purpose of business evaluations, marketing and market research (e.g. to determine customer groups with different characteristics). If available, we can take into account the profiles of registered users, including their information, for example about the services they have used. The analyzes serve us alone and are not disclosed externally unless they are anonymous analyzes with summarized, i.e. anonymized, values. We also take the privacy of users into account and process the data for analysis purposes as pseudonymously as possible and, if possible, anonymously (e.g. as summarized data); Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
Shop and e-commerce: We process our customers' data to enable them to select, purchase or order the selected products, goods and related services, as well as their payment and delivery or execution. If necessary for the execution of an order, we use service providers, in particular postal, forwarding and shipping companies, to carry out the delivery or execution to our customers. We use the services of banks and payment service providers to process payment transactions. The required information is marked as such as part of the ordering or comparable purchase process and includes the information required for delivery, provision and billing as well as contact information in order to be able to hold any consultations; Legal basis: fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 Sentence 1 Letter b) GDPR).
Providers and services used in the course of business activities:
As part of our business activities, we use additional services, platforms, interfaces or plug-ins from third-party providers (“services” for short) in compliance with legal requirements. Their use is based on our interests in the proper, legal and economic management of our business operations and our internal organization.
Types of data processed: inventory data (e.g. names, addresses); Payment data (e.g. bank details, invoices, payment history); Contact details (e.g. email, telephone numbers); Content data (e.g. entries in online forms); Contract data (e.g. subject matter of the contract, term, customer category).
Data subjects: customers; Interested persons; Users (e.g. website visitors, users of online services); business and contractual partners; members; Employees (e.g. employees, applicants, former employees).
Purposes of processing: provision of contractual services and customer service; Office and organizational procedures.
Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
Further information on processing processes, procedures and services:
Add WaWi program DEVIDIA
DATEV:
Lexware: Invoicing, accounting, banking and tax filing software with receipt storage; Service provider: Haufe Service Center GmbH, Munzinger Straße 9, 79111 Freiburg, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.lexoffice.de/datenschutz/; Data protection declaration: https://datenschutz.lexware.de/.