Data protection

Data Protection statement of the secunet Security Networks AG

As one of the leading German suppliers of high-quality IT security, secunet Security Networks AG treats data security and data protection as a top priority. This requirement relates to all customers, suppliers and employees, and applies for all of our fields of activity and working processes.

Controller

The controller is defined by the General Data Protection Regulation and other data protection laws applicable in the member states of the European Union is:

     secunet Security Networks AG
     Kurfürstenstraße 58
     45138 Essen, Germany

     Management Board: Axel Deininger (CEO), Torsten Henn, Dr. Kai Martius, Thomas Pleines

     Tel.: +49 (0) 201 5454-0
     Fax: +49 (0) 201 5454-1000
     Email: info(at)secunet.com

Data protection is extremely important to the management team at secunet Security Networks AG. For this reason, we explain in this data protection statement how we protect your privacy when you share your personal data with us via this website.

You can contact the data protection officer at secunet Security Networks AG using the following contact details:

     Data Protection Officer
     secunet Security Networks AG
     Kurfürstenstraße 58
     45138 Essen, Germany

     Email: datenschutz(at)secunet.com

Personal data

To the extent that personal data (for example your first and last name, title, company, role, activity, postal address, email address, phone number, customer number, order number, invoice data, username, or IP address) are collected on our website, where possible this is always on a voluntary basis. Sensitive data such as information regarding health, political opinion, religion or trade union membership or other information is not collected by our website.

The definitions used such as “personal data” or their “processing” correspond to the definitions stated in Article 4 of the General Data protection Regulation (GDPR).

Accordingly, the term personal data refers to all information that relates to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name or an identification number, a code number, location data, an online code, or one or multiple special features.

Personal data concerning individuals under the age of 16

Our website is not intended for minors. Personal data concerning minors are only collected if they are completing an internship/training within our organisation, and use our communications channels for this purpose.

Collecting and processing personal data

The personal data concerning data subjects processed in the context of the secunet website includes core data (for example names and addresses of customers), usage data (for example their interest in our products and services), core data concerning applicants in the context of online applications (for example personal details and information regarding professional experience and education) and content-related data (for example entries in the contact form).

The categories of data subjects affected by data processing include our business partners, customers, interested parties, and other visitors to our website.

We process your personal data in compliance with the relevant data protection provisions. This means that your data are only processed if there is legal authorisation to do so. Data is processed in particular to provide our contractual services, where consent has been provided, and based on our legitimate interests (for example the interest in the analysis, optimisation, and security of our website as defined by point (f) of Article 6(1) GDPR).

The legal basis for consent is point (a) of Article 6(1) GDPR and Article 7 GDPR; the legal basis for processing to provide our services and implement contractual measures is point (b) of Article 6(1) GDPR.

Purposes of data processing

We collect, process and use your personal data for the following reasons, depending on your interaction with our website: Where applicable, we respond to your queries for the purposes of customer relationship management, send you our newsletter, customer magazine, and financial reports and press releases following corresponding registration, and optimise our website. In the event of contact requests, we collect the following data from you: Your name, organisation, email address, phone number, and the content of your message. When you register for the newsletter, we collect the following data from you: Your title, first and last name, email address, and company name. When you register for the customer magazine, we collect the following data from you: Your honorific, title, first and last name, organisation, role, and postal address. We collect the following data from you for sending press releases: Your honorific, title, first and last name, organisation/medium, email address, postal address, phone number, and fax number. We collect the following data from you for sending financial reports: Your title, first and last name, organisation/medium and email address. We collect the following data from you for annual reports by post: Your honorific, first and last name, organisation/medium, role, postal address, phone number, and fax number. The collection and processing of data are limited to the degree necessary for processing through the use of a reduced selection of mandatory fields. If you register for an event, we collect information that is necessary for your participation in such events and for their organisation. If you register to use the SINA customer portal, we collect information that is necessary for your registration, internal audit, and release, as well as use. We collect the following data for this purpose: Your honorific, first and last name, organisation/medium, email address, the username you select, and your postal address, phone number and fax number. We collect and process your data that you voluntarily provide to us in the context of your online application. In addition, your browser automatically transfers your IP address when you visit our website.

The data are stored for these purposes or as stipulated by the applicable law and subsequently erased. Personal data is exclusively collected and processed for the specific purpose of achieving the business objectives of secunet, in accordance with legal requirements.

Online Applications

We process and use your personal data to process your online application. The data are collected in accordance with the legal provisions for the purpose of processing your application. Your application will be processed and stored in the secunet applicant database, solely for the processing of your online application. Your data will be automatically erased, at the latest 6 months after the application procedure has been completed.

If you have entered your application data and confirm your input by pressing the “Send” button, your data pass directly to our server via an SSL-encrypted connection. We use the applicant management tool from rexx Systems GmbH to process your data. The required contract for (commissioned) processing has been concluded between us and rexx Systems GmbH; this contract ensures proper and secure processing by the service provider. Your data that are made available to us will be passed on within secunet Group in the context of application processing, and taking into account the data protection specifications. secunet will not disclose these data to third parties or use your data for other purposes.

Investor Relations: Participation in the audio webcast

If you register to participate in the audio webcast, we will process the personal data you provide for the purpose of performing the audio webcast and answering your questions. This includes:

  • Name
  • Company
  • Email address
  • IP address
  • Phone number, if applicable (if you dial in via your cell phone)
  • Login information
  • Contact data that you give us in order to respond to your requests
  • Audio recordings, if applicable,  (if you participate in discussion rounds)

For the technical implementation of the services we offer you, we work together with the service provider EQS Group AG, Karlstr 47, 80333 Munich, Germany. The scope of data processing is limited to what is necessary in relation to the purposes for which they are processed and in accordance with legal provisions of the GDPR. Your data will not be passed on to third parties or used for other purposes.

secunet Customer portal

The secunet Portal allows registered and authorized Participants who have been logged in, to access extended product information and downloads. This includes in particular:

  • software images
  • technical documentation
  • user documentation (manuals)
  • certificates & documents
  • release notes
  • marketing material
  • other media & material

When you register to use the secunet Portal through two-factor authentication (secunet protect4use), we process your personal data that is required for your registration, activation and creation of your user account and use of the secunet Portal. For this purpose, we collect at least the following data:

  • salutation
  • first and last name
  • organization 
  • e-mail address

When using the secunet Portal as Participant you have the option to add voluntarily some personal data to complete your user account with following data:

  • business phone number
  • business mobile number
  • position
  • department
  • contact preference
  • profile picture if applicable

Your role is always assigned to an organization via a member management role and therefore bound to the following data:

  • organization / company
  • company address
  • company logo, if applicable

After you have entered your personal data and successfully registered, your data will be transferred directly to our servers or the servers of our service providers via an SSL-encrypted connection. 

The following subcontractors support secunet in the context of the secunet Portal and have concluded a data protection agreement for the processing of personal data in accordance with Art. 28 GDPR.

  • Development: takomat GmbH, Cologne, Germany
  • Hosting and operation: FLOWSITE GmbH, Cologne, Germany

Your data provided to us will be processed for the purpose of the registration and approval process and to ensure proper use, in compliance with data protection regulations within. Access to your data will only be granted to those areas and persons who need access to fulfill the purpose.

To ensure the technical operation and to identify and eliminate faults, we process the following data during your interaction withe the secunet Portal:

  • IP address
  • date and time of access
  • functions used

The processing of your personal data is based on Art. 6 b GDPR and Art. 6 f GDPR.

SINA Customer portal

If you register to use the SINA customer portal, we process your personal data that are necessary for your registration, internal verification, and release, as well as for the use of the customer portal. As a minimum, we collect the following data for this purpose: first and last name, company, and email address. In addition, you may voluntarily provide us with further data such as your title, address, company address, phone number, and fax number.

The SINA customer portal enables registered and approved participants to access special information and software updates.

If you enter your personal data and have successfully registered, your data pass directly to our server via an SSL-encrypted connection. Your data that are made available to us will be passed on within secunet Group for the purpose of the registration and approval process, as well as to guarantee proper use, taking into account the data protection specifications.

secunet will not disclose these data to third parties or use your data for other purposes.

Passing on of personal data

Your personal data is only passed on within the framework of legal requirements. We only pass the data on to third parties if this is necessary for contractual purposes, for example on the basis of point (b) of Article 6(1) GDPR, or on the basis of legitimate interests pursuant to point (f) Article 6(1) GDPR in the economic and effective operation of our company, under consideration of your interests worthy of protection.

Your personal data will not be disclosed to third parties unless you have approved such disclosure, or such disclosure is permissible according to the applicable law, for example if this is required for the fulfilment of a contract concluded with you. If you submit a query that relates to a subsidiary of secunet, this query may be passed on to the corresponding Group company together with the information required for responding to the query. The subsidiaries are located within the European Union and the European Economic Area.

In as far as we use subcontractors for the provision of our services, we implement appropriate legal precautions as well as corresponding technical and organisational measures in order to ensure the protection of personal data pursuant to the relevant legal requirements.

For sending the print version of secuview as well as the newsletter, we collaborate with providers (marketing service providers) who guarantee appropriate measures for the protection of personal data.

In as far as data are transferred to third countries in certain cases, this takes place exclusively based on an appropriate level of data protection, consent from the data subject, or a legal permit, and secunet shall ensure that the recipient of the data in the third country has in place an appropriate level of data protection in accordance with the specifications of the GDPR, for example through the conclusion of EU standard contracts for third-country transfers, an adequacy decision by the EU Commission for a third country or another legal basis.

Use of Friendly Captcha

In ordert to prevent misuse and spam, we use the "Friendly captcha"service in some areas of our website. Friendly captcha checks wheter data is entered by a natural person or automated.

The request headers, user agent, origin, referer, puzzle, widget version and the timestamp are processed and sent to Friendly Captcha GmbH (Am Anger 3-5, 82237 Woerthsee, Germany) and delted immediately after the pupose has been fulfilled.

The processing of this data is based on Art. 6 para. 1 lit. b DSGVO, insofar as your enquiry is related to the fulfilment of a contract or is necessary for the performance of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the prevention of misuse of our website (Art. 6 para. 1 lit. F DSGVO).

Use of cookies

Cookies are small text files that are stored locally in the buffer of the website visitor’s internet browser.

This website uses technologies from etracker GmbH (www.etracker.com), which has its registered office in Germany, to collect and store data for the purposes of marketing and optimisation. The data stored can be used to create usage profiles under a pseudonym. Cookies may be used for this purpose. The data are processed based on the legal provisions of point (f) Article 6(1) (legitimate interest) of the EU General Data Protection Regulation. The purpose of processing personal data is to optimise our online offering and our web presence. Data such as your IP address, registration or device identifiers are pseudonymised as early as possible at etracker in order to protect your privacy, meaning that it is no longer possible to create a connection with a certain person. These data are not used in any other way, merged with other data held by etracker, or passed on to third parties.

Use of SalesViewer® technology

This website uses SalesViewer® technology from SalesViewer® GmbH on the basis of the website operator’s legitimate interests (Section 6 paragraph 1 lit.f GDPR) in order to collect and save data on marketing, market research and optimisation purposes.

In order to do this, a javascript based code, which serves to capture company-related data and according website usage. The data captured using this technology are encrypted in a non-retrievable one-way function (so-called hashing). The data is immediately pseudonymised and is not used to identify website visitors personally

The data stored by Salesviewer will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them.

The data recording and storage can be repealed at any time with immediate effect for the future, by clicking on https://www.salesviewer.com/opt-out in order to prevent SalesViewer® from recording your data. In this case, an opt-out cookie for this website is saved on your device. If you delete the cookies in the browser, you will need to click on this link again.

You may object to the data processing described above at any time in as far as such processing is specific to an individual.

No additional analytical tools are used.

Security measures

secunet Security Networks AG uses extensive technical and organisational safety measures (TOMs) to ensure that the personal data you make available to us are not compromised and do not become known to unauthorised third parties through accidental or intentional manipulation, loss or destruction. Our safety measures are improved and adapted on an ongoing basis in line with technological development.

In particular, the security measures include the encrypted transfer of data between your browser and our server.

Please note that there may be security vulnerabilities when transferring data online (such as when communicating by email). It is not possible to protect data completely against access by third parties.

Your rights as a data subject

You are also entitled to certain rights in the context of the processing of your personal data. Further detail on this can be found in the corresponding provisions of the General Data Protection Regulation and the following description of your rights. You may email the following address at any time to assert your rights:

datenschutz(at)secunet.com

Right to access and rectification

You have the right to receive access and information with respect to which of your personal data we process (Article 15 GDPR). In as far as this information is no longer accurate, you may request that we recify the data (Article 16 GDPR) and, if they are incomplete, you may request that we supplement them (Article 16 GDPR). If we have passed on your data to third parties, we will inform the relevant third parties of the legal circumstances (Article 19 GDPR). In as far as we have passed your data onto third parties, we will inform the corresponding third parties provided that the legal circumstances dictate that we do so (Article 19 GDPR).

Right to be forgotten (erasure)

You have the right to request the erasure of your personal data (Article 15 GDPR). Pursuant to the applicable data protection provisions, we do not store your personal data for longer than we needed for the purposes of the respective processing. If the data is no longer required for the fulfilment of contractual or legal obligations, we will delete the data on a regular basis unless their further time-limited retention continues to be necessary.

Our website is explicitly not intended for individuals who have not yet reached the age of 16 (children). If, despite this, children use our website and provide us with their data, the right to the erasure of this provided data shall apply in these cases (point (f) of Article 17(1) GDPR).

Right to restriction of processing

You may request that we restrict the processing of your personal data for any of the following grounds:

  • If you dispute the accuracy of the data – until we have had the opportunity to satisfy ourselves of the accuracy of the data;
  • If the data are processed unlawfully, but you request merely the restriction of the usage of the personal data rather than their erasure;
  • If we no longer needs the data for the purposes of processing, but you need the data for the establishment, exercise or defence of legal claims
  • If you have submitted an objection to processing and it has not yet been determined whether your legitimate interests override ours.

Right to data portability

You have the right to receive, on request, in a transferable and machine-readable format, the personal data that you have provided to us for processing.

You have the right to receive on request personal data that you have given us for processing and that we process automatically in a transferable and machine-readable format.

Right to object

In cases in which your personal data are used for marketing measures, you may at any time submit an objection to this form of processing (Para 2 of Article 21 GDPR). We will then no longer use your personal data for these purposes.

The objection may be submitted in any form and should be addressed to: datenschutz(at)secunet.com.

If processing is in the public interest or takes place on the basis of a balancing of interests, you have the right to object to processing for grounds that arise from your particular situation (Para 1 of Article 21 GDPR). If you submit objection, we will not process your personal data unless we are able to prove binding legitimate grounds for such processing, which override your interests, rights and freedoms, because your personal data serve the establishment, exercise or defence of legal claims. The objection does not contradict the legality of processing that has taken place before the submission of the objection. We restrict the processing of your data until your objection has been reviewed.

Right to withdraw your consent

You have the right to withdraw your consent at any time. Withdrawing consent shall not impact the legality of processing that has taken place on the basis of the consent until withdrawal.

Right to lodge complaints with the supervisory authority

We always endeavour to process your queries and claims as quickly as possible in order to appropriately safeguard your rights. However, if you are not satisfied with our answers and responses, or if you are of the view that we are in breach of the applicable data protection law, you are free to lodge a complaint with our data protection officer and the relevant supervisory authority. The supervisory authority relevant for us is:

     Landesbeauftragte für den Datenschutz und die Informationsfreiheit Nordrhein-Westfalen
     Kavalleriestr. 2 - 4
     40213 Düsseldorf, Germany

Links to other websites

The secunet Security Networks AG website may contain links to other websites. We do not take responsibility for the data protection provisions or the content of external websites.

Amendments to the data protection statement

We reserve the right to make amendments to the data protection statement in order to adapt it to changed legal circumstances, or in the event of changes to services as well as data processing. We ask that users keep up-to-date with respect to the content of the data protection statement on an ongoing basis.

 

Date of coming into effect: May 18, 2018