Data protection

Data Protection Declaration of secunet Security Networks AG


Information pursuant to Articles 13 and 14 of the GDPR

We hereby inform you in accordance with the provisions of Articles 13 and 14 of the General Data Protection Regulation (GDPR) about the processing of personal data collected about you and your rights under data protection law. To ensure that you are fully informed about the processing of your personal data, please take note of the following information.

1 Controller and data protection officer

The controller within the meaning of the GDPR for the processing of your personal data is

secunet Security Networks AG
Kurfürstenstraße 58
45138 Essen

Executive Board: Marc-Julian Siewert (Chairman), Torsten Henn, Dr. Kai Martius, Jessica Nospers

Tel.: +49 (0) 201 5454-0
Fax: +49 (0) 201 5454-1000
E-Mail: info@secunet.com

If you have any questions or complaints regarding data protection, you can also contact our data protection officer at:
Data Protection Officer
secunet Security Networks AG
Kurfürstenstraße 58
45138 Essen
E-Mail: datenschutz@secunet.com

2 Processing operations

The following explanations describe what data we process, for what purpose, and on what legal basis the processing is based.

2.1 Log files
When you visit our website, the browser you are using automatically transmits the following information to our website server, which is temporarily stored in log files:

  • IP address
  • URL requested
  • Date and time of the request
  • Access methods/functions requested by the browser
  • Operating system and browser type or browser settings


We process this data for the following purposes:

  • Ensuring the error-free operation of the website
  • Tracking unauthorized access attempts
  • Statistical evaluations

The legal basis for this is Article 6(1)(f) GDPR. Our legitimate interest is the error-free and secure provision of our website.

We delete this data after 7 days.

2.2 etracker
We collect statistical data of your visit to our website. For this purpose, we use a service provided by etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg. Etracker processes your personal data on our behalf. We process the following personal data from you:

  • IP address
  • Scroll behavior
  • Length of stay
  • Interactions with certain elements

This data is summarized and statistically evaluated by etracker. We only see the data of all our visitors on a given day, not the data of individual visitors. This data is not merged with other data or passed on to third parties.

We process this data for the following purposes::

  • Improvement of the design and functionality of the website

The legal basis for this is Article 6(1)(f) GDPR. Our legitimate interest is to make our information offering attractive.

If you give us your consent, we will store a cookie in your browser so that we can recognize you. We then create a profile with the data listed above and can thus identify trends. The legal basis for this is Article 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future.

If you have not given us your consent, we will only process your personal data until we have aggregated your data for our statistics. This is usually the case on the day following your visit to our website.

If you have given us your consent, we will process your data for 13 months. If you withdraw your consent, we will delete your data immediately, unless it is subject to statutory retention obligations.

2.3 FriendlyCaptcha
If you use the forms on our website (e.g., to contact us), we will process the following personal data about you with FriendlyCaptcha:

  • Request header sent to us by your browser
  • IP address
  • Result of the puzzle query solved by your browser

We process this data for the following purposes:
Prevention of abusive requests (e.g., SPAM)

The legal basis for this is Article 6(1)(f) GDPR. Our legitimate interest is the protection of our systems.

We only process your personal data for as long as it is necessary to achieve the purpose. This is usually the successful verification, which is completed when the form is submitted. If we suspect misuse, your data may also be processed for a longer period of time for the purposes of investigation and documentation. In this case, you would not be able to submit the form and would be made aware of this fact.

2.4 SINA customer portal
The SINA customer portal allows registered and authorized participants to access separate information and software updates. When you register to use the SINA customer portal, we process the personal data you provide on the registration form. We require the following mandatory information for your registration

  • Email
  • Title
  • First name
  • Last name
  • Company name

If you do not provide us with this personal data, you will not be able to complete your registration for the SINA customer portal and will not have access to the information and software updates we provide through it. If you voluntarily provide us with additional information, we will process some or all of the following personal data:

  • Title
  • Street and house number
  • ZIP code
  • City
  • Country
  • Phone number
  • Fax number

We process this data for the following purposes:

  • To activate your access after verification and approval
  • Provision of non-public information and software updates

The legal basis for this is Article 6(1)(b) GDPR and Article 6(1)(f) GDPR. Our legitimate interest lies in offering you options for customizing your profile by providing optional information and thus tailoring our customer communications to your preferences.

Data is passed on for the purpose of the registration and approval process and to ensure proper use, taking into account the data protection regulations within the Secunet Group. Secunet will not pass on your data to third parties or use it for other purposes.

We process your data until the purpose has been achieved or for as long as we are required to do so by statutory retention periods.

2.5 Participation in training courses at the secunet Training Center
If you register for one of our training courses at a secunet Training Center or are registered by your employer, we process the following personal data about you:

  • Booked course
  • Title
  • First name
  • Last name
  • Email
  • Company name
  • Street
  • ZIP Code
  • City
  • Phone number

You can also provide the following information (optional):

  • Title
  • Department
  • Position
  • Comments on registration as free text

We process this data for the following purposes:

  • To conduct training on our products

The legal basis for this is Article 6(1)(b) GDPR. If you do not provide us with the mandatory information, we will not be able to process your registration and you will not be able to participate in our training courses.

We process your data until the purpose has been fulfilled or for as long as we are required to do so by statutory retention periods.

2.6 Online application
If you apply to us or one of our subsidiaries for an advertised position or on your own initiative, we process the following personal data about you:

  • First and last name
  • Street
  • ZIP code
  • City
  • State
  • Nationality
  • Email
  • Whether we may forward your application to other departments
  • Whether you are currently employed by us
  • How you heard about us
  • earliest start date
  • Enrollment certificate, if applicable
  • If applicable, information about your skills

In addition, you can also send us the following personal data or documents:

  • Title
  • Date of birth
  • Desired salary
  • Photo
  • Cover letter
  • Resume
  • Last employer reference
  • Last school report
  • University degree

We process this data for the following purposes:

  • Job recruitment

Depending on which company in our group you are applying to, the following information applies:

secunet Security Networks AG, Kurfürstenstraße 58, 45138 Essen, Germany, is the controller for applications to secunet Security Networks AG. You can contact the data protection officer at datenschutz@secunet.com.

secunet international GmbH, Kurfürstenstraße 58, 45138 Essen is the controller for applications to secunet international GmbH. The data protection officer can be reached at datenschutz@secunet.com. Secunet AG is the recipient of your personal data and processes it on behalf of the controller.

stashcat GmbH, Schiffgraben 47, 30175 Hannover, Germany, is the controller for applications to stashcat GmbH. You can contact the data protection officer at datenschutz@floss-consult.de. Secunet AG is the recipient of your personal data and processes it on behalf of the controller.

The legal basis for this is Article 6(1)(b) GDPR. If you have given us your consent to store your data for consideration in other job applications ("talent pool") or to pass it on to other companies within the group, the legal basis for this is Article 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future.

If you give us your consent, we would like to share your application with our subsidiary SysEleven GmbH, Boxhagener Straße 80, 10245 Berlin. This enables SysEleven GmbH to consider your application and potentially offer you a position at SysEleven. The legal basis for this transfer is Article 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future. After the transfer, SysEleven GmbH will process your application as a controller in accordance with their Privacy Policy for Applicants. The privacy policy for Applicants can be found at: https://www.syseleven.de/en/privacy-policy/application/

We store your personal data for six months from receipt of the rejection. If you have consented to longer storage, we will store your data until you withdraw your consent or for a maximum of two years.

If you are considered for a position, we must check whether you are on a sanctions list before hiring you. To do this, we initially process only your first and last name. If this combination appears on a sanctions list, we will also process your date of birth and country of birth in order to compare them with the list.

We process this data for the following purposes:

  • Compliance with national and international requirements

The legal basis for this is Article 6(1)(f) GDPR. Our legitimate interest lies in not suffering any disadvantages resulting from non-compliance with the requirements.

If you are found on a sanctions list, we will process this finding for six months from receipt of your rejection.

2.7 Video conferences
If we invite you to a video conference (e.g., for a job interview, support, or meetings), we will process the following personal data from you:

  • Email
  • The name you enter when joining
  • Image and sound if you turn on your camera and participate in the conversation
  • Conversation log

We process this data for the following purposes:

  • Conducting sales, support, and job interviews, among other things

The legal basis for this is Article 6(1)(b) GDPR if the conversation serves to initiate a contract or the use of our support services. In all other cases, the legal basis is Article 6(1)(f) GDPR. Our legitimate interest lies in responding to inquiries about our products and services in customer conversations.

We process your data until the purpose has been achieved or for as long as we are obliged to do so by statutory retention periods. As a rule, we do not make recordings of video conferences unless we inform you separately.

Please note that the respective service provider we use may process data such as your IP address or your Name in order to provide the service and ensure the security of the processing. You can find more details in the privacy policies of the respective providers. Please refer to the invitation email to find out which provider we use for your video conference.

2.8 secunet customer portal
You can access extended product information and downloads via the secunet customer portal:

  • Software images
  • Technical documentation
  • User documentation (manuals)
  • Certificates & documents
  • Release notes
  • Marketing documents
  • Other media & materials

When you register for the secunet customer portal, we process the following mandatory information:

  • Title
  • First and last name
  • Organization
  • Email address

You also have the option of voluntarily providing us with the following data to complete your user account:

  • Business telephone number
  • Business mobile number
  • Position
  • Department
  • Contact preference
  • Profile

Your role is always assigned via a member management role within an organization and is therefore linked to the following data:

  • Organization name / Company
  • Company address
  • Company logo

We process this data for the following purposes:

  • Provision of non-public information and downloads for our customers

The legal basis for this is Article 6(1)(b) GDPR and Article 6(1)(f) GDPR. Our legitimate interest lies in providing you with a more personalized service through our support team if you provide additional information in your profile.

We process your data until the purpose has been achieved or as long as we are obliged to do so by statutory retention periods.

2.9 Contact requests
If you contact us via our website or our support team, we process the following personal data about you:

  • Name
  • Organization
  • Email
  • Phone number
  • Inquiry category
  • Free text inquiry

We require at least your email address and your name in order to respond to your inquiry. You can use the other fields on the form, and particularly the free text field, to provide us with further information and context that will help us respond to your inquiry.

We process this data for the following purposes:

  • Processing and responding to your contact request

The legal basis for this is Article 6(1)(b) GDPR if your contact request serves to initiate a contract or to use our support services. In all other cases, the legal basis is Article 6(1)(f) GDPR. Our legitimate interest lies in responding to contact requests in order to be able to process feedback or reports conclusively.

We process your data until the purpose has been achieved or for as long as we are obliged to do so by statutory retention periods.

2.10 secuview Print
If you order our print magazine, we will process the following personal data from you:

  • Title
  • First and last name
  • Organization
  • Street and house number
  • ZIP code
  • City
  • State

We process this data for the following purposes:

  • Shipping our magazine

The legal basis for this is Article 6(1)(a) GDPR. You can withdraw your consent at any time with future effect by using the order form again and selecting "unsubscribe."
We process your data until we receive your withdrawal of consent.

2.11 News
If you have subscribed to one of our target group-specific newsletters (e.g., our newsletter for production, infrastructure & mobility or our press distribution list), we process the following personal data from you:

  • Title
  • First and last name
  • Email address
  • Company

We only require your email address for delivery. The other information is optional.

We process this data for the following purposes:

  • Delivery of our target group-specific newsletters
  • Evaluation of optional information to identify target groups for our services

The legal basis for this is Article 6(1)(a) GDPR. You can withdraw your consent at any time with future effect by clicking on "unsubscribe" in the emails sent to you.

We process your data until we receive your withdrawal of consent.

2.12 Participation in events
If you would like to participate in one of our events, such as the SINA User Day, ELSTERdialog, DIALOG IT Security, or SINA Admin Day, we will process the following personal data from you:

  • Event for which you wish to register
  • First name
  • Last name
  • Organization
  • Your personal email address at your employer

Optionally, you can also provide us with your title and position.

We process this data for the following purposes:

  • Participant management for our events
  • Restriction of registrations to existing customers, if applicable

The legal basis for this is Article 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future.

If you are an existing customer of ours and we identify an event that is relevant to you, we may send you an invitation by email. The legal basis for this is Article 6(1)(f) GDPR. Our legitimate interest is to draw your attention to events that are relevant to your industry or the products you use from us.

We process your data until we receive your withdrawal of consent or until the purpose has been fulfilled. This is usually the case when the event has been completed and followed up.

Please note that the respective service provider we use may process data such as your IP address in order to provide the service and ensure the security of the processing. You can find more details in the privacy policies of the respective providers. Please refer to the invitation email to find out which provider we are using for your event.

2.13 Collection and Processing of Leads at Trade Fairs and Events
As part of trade fairs and events, we collect personal data (e.g., name, contact details, company affiliation) when you voluntarily provide it to us, for example by scanning your badge, handing over your business card, or filling out digital forms. The processing of this data is carried out solely for the purpose of contacting you and providing further information about our products and services. The legal basis for this is your consent in accordance with Art. 6 (1) (a) GDPR. Your data will be treated confidentially, will not be passed on to third parties without your consent, and will be deleted once the purpose no longer applies or you withdraw your consent.

2.14 Employee data of our business partners
If you are an employee of one of our business partners, we may process the following personal data about you in the context of our cooperation with your employer or the fulfillment of an order:

  • First and last name
  • Your position and function in the company or cooperation
  • If applicable, visitor data from our access control system if you visit our locations
  • Periods of absence, if applicable
  • Certificates, professional qualifications, and other qualifications, if applicable

We process this data for the following purposes:

  • Implementation of joint projects and joint participation in tenders
  • Product support
  • Order processing
  • Controlling access to our sites
  • Project and resource planning
  • Sending invitations to participate in pilot projects

The legal basis for this is Article 6(1)(b) GDPR if we need to process your personal data to fulfill our contracts with your employer. In all other cases, the legal basis is Article 6(1)(f) GDPR. Our legitimate interest lies in ensuring proper and effective cooperation with your employer and the further development of our products in line with customer requirements.

We process your data until the purpose has been achieved or for as long as we are required to do so by statutory retention periods.

2.15 Sanctions lists and credit checks
If you are authorized to represent one of our customers, we may process the following personal data about you before entering into a business relationship:

  • First and last name
  • Date of birth
  • Country of birth

We process this data for the following purposes:

  • Determination of credit risks
  • Prevention of bad debts
  • Compliance with national and international requirements

The legal basis for this is Article 6(1)(f) GDPR. Our legitimate interests lie in not suffering any disadvantages resulting from non-compliance with the requirements and in protecting ourselves against bad debts.

We process your data until the purpose has been achieved or for as long as we are required to do so by statutory retention periods.

2.16 Our social media presence
When you visit us on our social media sites, the platform operators process your personal data as controllers. Since we have no influence on the type of processing carried out by the platform operators, we refer you to the respective controllers and their privacy policies:

New Work SE, Am Standkai 1, 20457 Hamburg, Germany, is the controller for Xing. The privacy policy can be found at: https://privacy.xing.com/de/datenschutzerklaerung

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, is the controller for LinkedIn. The privacy policy can be found at: https://de.linkedin.com/legal/privacy-policy

Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland, is the controller for Twitter. The privacy policy can be found at: https://x.com/de/privacy

The scope of the data processed depends largely on whether you are a registered user of the respective platform and have logged in. If you do not interact with us via the respective platform, we only process aggregated statistics via the respective platform that do not allow any conclusions to be drawn about you. In this case, we do not process any personal data about you.

If you interact with us or our content via the platforms (sharing, commenting, etc.), we may process the following personal data from you:

  • Time of interaction
  • Type of interaction
  • Name and details in your user profile
  • Content of the comment, if you have written a comment

We process this data for the following purposes:

  • Improvement of our content and presence on the respective platform
  • Measuring interest in us or our content based on interactions
  • Considering feedback from users of the respective platform

The legal basis for this is Article 6(1)(f) GDPR. Our legitimate interest lies in maintaining our image and communicating with interested parties and customers in a manner that is effective in terms of public relations.

We process your data until the purpose has been achieved or for as long as we are required to do so by statutory retention periods.

If you send us direct messages via the platforms, we process the following personal data from you:

  • Time of the message
  • Message content
  • Name and details in your user profile

We process this data for the following purposes:

  • Responding to inquiries

The legal basis for this is Article 6(1)(b) GDPR, provided that your inquiry is related to an existing contract with us or serves to initiate a contract. In all other cases, the legal basis is Article 6(1)(f) GDPR. Our legitimate interest lies in the final processing of inquiries.

We process your data until the purpose has been achieved or for as long as we are required to do so by statutory retention periods.

2.17 Our podcasts, such as "IT Security Consultation Hour"
If you access our podcasts from our website or Podigee or subscribe to the RSS feed, we process the following personal data from you:

  • IP address
  • IP address
  • URL requested
  • Date and time of the request
  • Access methods/functions requested by the requesting computer
  • Operating system and browser type or browser settings

We process this data for the following purposes:

  • Provision of our podcasts
  • Creation of anonymized statistics on the number of times individual episodes are accessed

The legal basis for this is Article 6(1)(f) GDPR. Our legitimate interest lies in the publication, distribution, and improvement of our podcast offering. The processing of your data is technically necessary for the service you have requested within the meaning of §25 (2) TDDDG.

Your personal data is collected and processed by our service providers who provide the podcasts.

2.18 Whistleblower system
If you contact us via our whistleblower system, we will process your personal data in accordance with the whistleblower system privacy policy. Further information and the privacy policy can be found at: https://www.secunet.com/en/about-us/company/whistleblowing-portal

2.19 Return label for connectors
If you wish to return a connector with a return label created by Secunet, we will process the following personal data about you:

  • Address
  • Serial number of the connector
  • Support ticket ID
  • Generated QR code

We process this data for the following purposes:

  • Fulfillment of warranty claims

The legal basis for this is Article 6(1)(b) GDPR. If you do not provide us with the necessary personal data, we will not be able to provide you with a return label for the free return of the connector.

We pass on your personal data to our parcel service provider for the purpose of fulfilling the order

We process your personal data for 30 days from the creation of the return label and then delete it automatically.

Unless we have already provided more specific information on the following topics, the following processing principles apply:

3 Transfer of personal data and categories of recipients

In addition to the cases explicitly mentioned in this privacy policy, we only pass on personal data to internal and external recipients if this is necessary for the purposes listed or required by law.

Categories of recipients: Our own service providers (e.g., communication service providers, IT service providers, auditors, tax advisors, or judicial authorities), social security institutions, and financial authorities.

4 Transfer to third countries

We – or, in the case of order processing, our service providers – only process personal data in countries within the EU or the European Economic Area that are subject to the GDPR. In exceptional cases, personal data may be transferred to other countries (so-called "third countries") if an adequate level of data protection is guaranteed in accordance with Article 44 GDPR, for example

  • if a so-called "adequacy decision" has been made by the European Commission,
  • through the use of the "EU standard contractual clauses" or
  • by other suitable guarantees to ensure an adequate level of data protection in accordance with Article 46 GDPR.

For example, a transfer to a third country may take place in accordance with Article 49 (1)(a) GDPR if you have expressly consented to the data transfer after being informed of the possible risks of such data transfers without the existence of an adequacy decision and without suitable guarantees.

5 Storage period and deletion of personal data  

We will delete your personal data as soon as we have achieved the purpose for which it was processed.

Furthermore, we only store data if there are legal exceptions and obligations, such as those under Article 17(3) GDPR. In particular in connection with the fulfillment of statutory retention obligations (Article 17 (3)(b) GDPR) and with the assertion, exercise, or defense of legal claims (Article 17(3)(e) GDPR). Sector-specific regulations are observed

Legal provisions on storage arise in particular from the retention periods of the German Commercial Code (HGB) or the German Fiscal Code (AO). According to these, the retention period is between 6 and 10 years after completion of the transaction.

6 Rights of data subjects 

If we process your personal data, you are generally entitled to the rights listed below, where applicable. If you wish to exercise any of these rights, you can contact our data protection officer at any time using the contact details provided.

6.1 Right to information pursuant to Article 15 GDPR
You have the right to obtain information from us about your personal data processed by us at any time and free of charge.

6.2 Right to rectification pursuant to Article 16 GDPR
You have the right to request that inaccurate personal data concerning you be corrected or completed without delay.

6.3 Right to erasure pursuant to Article 17 GDPR
You have the right to request that we delete your personal data immediately.

As a matter of principle, personal data is only stored for the period of time necessary for the purpose for which it was collected or for the fulfillment of legal retention periods.

6.4 Right to restriction of processing pursuant to Article 18 GDPR
You have the right to request the restriction of the processing of your personal data at any time.

6.5 Right to data portability pursuant to Article 20 GDPR
You have the right to request that we provide you with the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format.

6.6 Right to object pursuant to Article 21 GDPR
You have the right to object to processing in various situations (processing based on the legal basis under Article 6(1)(e) or (f) GDPR, profiling, or direct marketing).

6.7 Right to lodge a complaint
You have the right to lodge a complaint with the supervisory authority of your choice regarding the processing.

Back to top
Logo
Contact

secunet Security Networks AG
Kurfürstenstraße 58
45138 Essen

Phone: +49 (0) 201 5454-0
E-Mail: info(at)secunet.com

LinkedInXING

Terms & conditions Data protection Whistlebl.-Tool Imprint
© 2026 secunet Security Networks AG