Information Obligations
Privacy Notices in Accordance with Articles 13 and 14 GDPR
The following information is intended to give you an overview of the personal data processed by us and to inform you about your data protection rights.
1. Person responsible for data processing and contact details of the data protection officer
SNP Schneider-Neureither & Partner SE
Speyerer Straße 4
69115 Heidelberg
SNP Deutschland GmbH
Speyerer Straße 4
69115 Heidelberg
SNP Applications DACH GmbH
Speyerer Straße 4
69115 Heidelberg
Innovation Lab
Speyerer Str. 4
69115 Heidelberg
ERST European Retail Systems Technology GmbH
Frankenstraße 5
20097 Hamburg
SNP Slovakia s.r.o.
Vajnorska 100, 831 04
Bratislava, Slovakia
SNP Software s.r.o.
Vajnorska 100, 831 04
Bratislava, Slovakia
Telefon: +49 6221 64 25 – 0
E-Mail: dpo@snpgroup.com
Data protection officer: can be reached via e-mail to datenschutzanfragen@xdsb.de or via our postal address specifying "The data protection officer".
SNP UK
150 Buckingham Palace Road
London
SW1W 9TR
United Kingdom
SNP AUSTRIA GmbH
Kramlehnerweg 1 + 1a
4061 Pasching
Austria
Telefon: +49 6221 64 25 – 0
E-Mail: dpo@snpgroup.com
2. From which sources does the personal data originate?
We process personal data that we have obtained from business relationships (e.g. with customers or suppliers) or customer requests. As a rule, we receive this data directly from the contracting party or the person who made the request. However, personal data may also originate from public sources (e.g. commercial register), provided that the processing of this data is permitted. Other companies may also transmit data to us legitimately. Depending on the individual case, we also store our own information related to this data (e.g. as part of an ongoing business relationship).
Depending on the individual case, this may involve master data (e.g. name, address), contact data (e.g. telephone number, e-mail address), contract and billing data to fulfill our contractual obligations or data that is necessary for processing a request, such as creditworthiness data, advertising and sales data and other data of comparable categories.
3. For what purposes and on what legal basis is the personal data processed?
We process personal data in compliance with data protection laws, in particular the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) or other applicable local legislation.
a.) Within the framework of the performance of a contract or in order to take steps prior to entering into a contract (Art. 6(1)(1)(b) GDPR).
We process personal data primarily to fulfil contractual obligations and to provide the related services, in particular the provision of our software solutions, or within the framework of a corresponding contract initiation (e.g. contract negotiations, preparation of quotations). The specific purposes are determined by the respective service or product that form the basis of the business relationship or contract initiation.
b.) Within the framework of the compliance with a legal obligation (Art. 6(1)(1)(c) GDPR)
In many situations, we are legally obliged to collect certain personal data and to forward it to, usually public, authorities or to make it available to them.
For example, we provide the tax authorities with the personal data that is required for tax calculation purposes in accordance with the relevant legal requirements.
c.) Within the framework of legitimate interests (Art. 6(1)(1)(f) GDPR)
We also collect and process personal data to pursue legitimate interests in the following situations:
- Processing of general requests for our products and services
- Assessing creditworthiness via credit agencies to assess the default risk in business relationships
- Advertising or market research
- Assertion of legal claims and defense in legal disputes
- Ensuring IT operations and IT security
- Measures for building and system security (e.g. access authorizations)
- Measures to improve our internal business processes and product optimization and measures to assess the collaboration with you or your company
In addition, we may use communication systems for communication purposes (e.g. video conference systems, chat etc.). Depending on the type of communication, your contact data, messages and image and sound recordings are processed. Recordings of image or sound transmissions will not be made without your express consent. Please also note the respective data protection information of the provider of the tool.
d.) Within the framework of a consent (Art. 6(1)(1)(a) GDPR)
In some situations, the processing of your personal data is not absolutely necessary and only permitted with your consent. In such cases, we inform you about this circumstance and in particular about the fact that giving your consent is voluntary and revocable at any time with effect for the future.
This is the case, for example,
- with some data processing via our website (see privacy policy on our website)
- in some situations of advertising (existence of an advertising consent, if required by law)
4. Recipients of personal data
In general, the company only grants access to your data for authorities that must work with your data ("need-to-know principle"), i.e. entities that require access to this data to fulfil a contractual or legal obligation. These may be affiliated companies, but may also include service providers and vicarious agents who act on behalf of the company and/or who are obliged to process the data confidentially.
In certain situations, we transfer your data to
- Public authorities (e.g. tax authorities) in the case of a legal obligation
- Other companies within the framework of the contractual relationship, within the framework of legitimate interests or on the basis of your consent. In individual cases, depending on the business relationship or order, these may be companies, logistics partners, marketing service providers, credit agencies, banks, tax consultants or lawyers that are involved in the provision of our services.
5. Is data transferred to a third country or to an international organization?
We transfer personal data to other authorities in countries outside the European Union (third country) if it is necessary to maintain the business relationship, if it is required by law or if you have given us your consent to do so.
In certain situations, we collaborate or reserve the right to collaborate with service providers that are either located in a third country or that may also collaborate with service providers in a third country.
In accordance with Art. 45 GDPR, a transfer of personal data to a third country may take place where the Commission has decided that the third country in question ensures an adequate level of protection. In the absence of such a decision, a controller or processor may transfer personal data to a third country only if the controller or processor has provided appropriate safeguards (e.g. standard data protection clauses issued by the European Commission), and on condition that enforceable data subject rights and effective legal remedies for data subjects are available (Art. 46 GDPR).
As a rule, we only cooperate with authorities in third countries that fulfil the criteria listed above.
6. Data retention
We process and store your personal data as long as it is necessary for the fulfilment of our contractual and legal obligations. If the storage of personal data is no longer necessary for the fulfilment of these obligations, it will be deleted, unless there are legal obligations to retain such data, such as commercial and fiscal obligations of the German Tax Code and the German Commercial Code (6 or 10 years) and for the preservation of evidence within the framework of statutory limitation rules.
7. Rights of the data subject
You have the following rights with regard to your personal data:
- Right to information
- Right to rectification or erasure
- Right to restriction of processing
- Right to object
- Right to data portability
You also have the right to complain to a data protection supervisory authority about our processing of your personal data.
However, you also have the option of contacting our internal data protection officer (confidentially).
If you have given us your consent (Art. 6(1)(1)(a) GDPR), you can revoke it at any time with effect for the future.
If we base the processing of your personal data on legitimate interests (Art. 6(1)(1)(f) GDPR), you may object to the processing. In the event of such an objection, we kindly ask you to explain why we should not process your personal data. In the event of a justified objection, we will examine the situation and either discontinue or adapt the data processing or point out legitimate reasons why we will continue the processing.
You can object to the processing of your personal data for advertising purposes at any time.
8. Obligation to provide data
Within the framework of the performance or initiation of a contract, you must provide the personal data necessary for the performance of the contract or to take steps prior to entering into a contract and the associated obligations. Furthermore, you must provide the personal data that we are legally obliged to collect. We will not be able to conclude or fulfil a contract without the provision of this data.
In cases of data collection on the basis of consent, the provision of data is voluntary and not mandatory. However, if you do not give your consent, we will not be able to provide the services that require your consent for data processing. You can revoke your consent at any time with effect for the future, even after it has been granted.
9. Is there automated individual decision-making or profiling?
No.