Data Protection statement of the secunet Security Networks AG

As one of the leading German suppliers of high-quality IT security, secunet Security Networks AG treats data security and data protection as a top priority. This requirement relates to all customers, suppliers and employees, and applies for all of our fields of activity and working processes.

Controller

The controller is defined by the General Data Protection Regulation and other data protection laws applicable in the member states of the European Union is:

     secunet Security Networks AG
     Kurfürstenstraße 58
     45138 Essen

     Management Board: Dr. Rainer Baumgart (Chairman), Axel Deininger, Thomas Pleines

     Tel.: +49 (0) 201 5454-0
     Fax: +49 (0) 2015454-100
     Email: info(at)secunet.com

Data protection is extremely important to the management team at secunet Security Networks AG. For this reason, we explain in this data protection statement how we protect your privacy when you share your personal data with us via this website.

You can contact the data protection officer at secunet Security Networks AG using the following contact details:

     Dr. Kay Rathke
     secunet Security Networks AG
     Kurfürstenstraße 58
     45138 Essen, Germany

     Email: datenschutz(at)secunet.com

Personal data

To the extent that personal data (for example your first and last name, title, company, role, activity, postal address, email address, phone number, customer number, order number, invoice data, username, or IP address) are collected on our website, where possible this is always on a voluntary basis. Sensitive data such as information regarding health, political opinion, religion or trade union membership or other information are not collected by our website.

The definitions used such as “personal data” or their “processing” correspond to the definitions stated in Article 4 of the General Data protection Regulation (GDPR).

Accordingly, the term personal data refers to all information that relates to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name or an identification number, a code number, location data, an online code, or one or multiple special features.

Personal data concerning individuals under the age of 16

Our website is not intended for minors. Personal data concerning minors are only collected if they are completing an internship/training within our organisation, and use our communications channels for this purpose.

Collecting and processing personal data

The personal data concerning data subjects processed in the context of the secunet website includes core data (for example names and addresses of customers), usage data (for example their interest in our products and services), core data concerning applicants in the context of online applications (for example personal details and information regarding professional experience and education) and content-related data (for example entries in the contact form).

The categories of data subjects affected by data processing include our business partners, customers, interested parties, and other visitors to our website.

We process your personal data in compliance with the relevant data protection provisions. This means that your data are only processed if there is legal authorisation to do so. Data is processed in particular to provide our contractual services, where consent has been provided, and based on our legitimate interests (for example the interest in the analysis, optimisation, and security of our website as defined by point (f) of Article 6(1) GDPR).

The legal basis for consent is point (a) of Article 6(1) GDPR and Article 7 GDPR; the legal basis for processing to provide our services and implement contractual measures is point (b) of Article 6(1) GDPR.

Purposes of data processing

We collect, process and use your personal data for the following reasons, depending on your interaction with our website: Where applicable, we respond to your queries for the purposes of customer relationship management, send you our newsletter, customer magazine, and financial reports and press releases following corresponding registration, and optimise our website. In the event of contact requests, we collect the following data from you: Your name, organisation, email address, phone number, and the content of your message. When you register for the newsletter, we collect the following data from you: Your title, first and last name, email address, and company name. When you register for the customer magazine, we collect the following data from you: Your honorific, title, first and last name, organisation, role, and postal address. We collect the following data from you for sending press releases: Your honorific, title, first and last name, organisation/medium, email address, postal address, phone number, and fax number. We collect the following data from you for sending financial reports: Your title, first and last name, organisation/medium and email address. We collect the following data from you for annual reports by post: Your honorific, first and last name, organisation/medium, role, postal address, phone number, and fax number. The collection and processing of data are limited to the degree necessary for processing through the use of a reduced selection of mandatory fields. If you register for an event, we collect information that is necessary for your participation in such events and for their organisation. If you register to use the SINA customer portal, we collect information that is necessary for your registration, internal audit, and release, as well as use. We collect the following data for this purpose: Your honorific, first and last name, organisation/medium, email address, the username you select, and your postal address, phone number and fax number. We collect and process your data that you voluntarily provide to us in the context of your online application. In addition, your browser automatically transfers your IP address when you visit our website.

The data are stored for these purposes or as stipulated by the applicable law and subsequently erased. Personal data is exclusively collected and processed for the specific purpose of achieving the business objectives of secunet, in accordance with legal requirements.

Online Application

We collect, process and use your personal data to process your online application. The data will be processed in accordance with the statutory provisions for the purpose of processing your application. Your application will be processed and stored in secunet's applicant database exclusively for the purpose of processing your online application. Your data will be automatically deleted no later than 6 months after the end of the application process. Of course, you also have the possibility at any time before the expiry of the aforementioned deletion period to request the deletion of all or part of your data for the future. You can make this request at any time in writing, by e-mail or fax to secunet at Datenschutz@secunet.com.

If you have entered your application data and confirm your entries by clicking the "Send" button, your data will be sent directly to our server via an SSL-encrypted connection. When processing the data, we use the applicant tool of rexx Systems GmbH. The data you make available to us will be passed on within the secunet group as part of the application process and in compliance with data protection regulations. Your data will not be passed on to third parties or used for other purposes by secunet.

SINA portal

When you register to use the SINA portal, we process your personal data, which is required for your registration, internal checking and approval and the use of the customer portal. For this purpose, we collect at least the following data: First and last name, company, e-mail address. You also have the option of voluntarily providing us with further data such as title, address, company address, telephone and fax number.

The SINA customer portal enables registered and approved participants to access separate information and software updates.

Once you have entered your personal data and successfully registered, your data is transferred directly to our server via an SSL-encrypted connection. Your data made available to us will be passed on within the secunet group for the purpose of the registration and release process and to ensure proper use, taking into account the data protection regulations.

Your data will not be passed on to third parties or used for other purposes by secunet.

Passing on of personal data

Your personal data is only passed on within the framework of legal requirements. We only pass the data on to third parties if this is necessary for contractual purposes, for example on the basis of point (b) of Article 6(1) GDPR, or on the basis of legitimate interests pursuant to point (f) Article 6(1) GDPR in the economic and effective operation of our company.

Your personal data will not be disclosed to third parties unless you have approved such disclosure, or such disclosure is permissible according to the applicable law, for example if this is required for the fulfilment of a contract concluded with you. If you submit a query that relates to a subsidiary of secunet, this query may be passed on to the corresponding Group company together with the information required for responding to the query. The subsidiaries are located within the European Union and the European Economic Area.

In as far as we use subcontractors for the provision of our services, we implement appropriate legal precautions as well as corresponding technical and organisational measures in order to ensure the protection of personal data pursuant to the relevant legal requirements.

For sending the print version of secuview as well as the newsletter, we collaborate with providers (marketing service providers) who guarantee appropriate measures for the protection of personal data.

If personal data are transferred to third countries, such transfer takes place exclusively based on an appropriate level of data protection, consent from the data subject, or legal authorisation.

Use of cookies

Cookies are small text files that are stored locally in the buffer of the website visitor’s internet browser.

This website uses technologies from etracker GmbH (www.etracker.com), which has its registered office in Germany, to collect and store data for the purposes of marketing and optimisation. The data stored can be used to create usage profiles under a pseudonym. Cookies may be used for this purpose. The data are processed based on the legal provisions of point (f) Article 6(1) (legitimate interest) of the EU General Data Protection Regulation. The purpose of processing personal data is to optimise our online offering and our web presence. Data such as your IP address, registration or device identifiers are pseudonymised as early as possible at etracker in order to protect your privacy, meaning that it is no longer possible to create a connection with a certain person. These data are not used in any other way, merged with other data held by etracker, or passed on to third parties.

You may object to the data processing described above at any time in as far as such processing is specific to an individual. Deactivating cookies

No additional analytical tools are used.

Security measures

secunet Security Networks AG uses extensive technical and organisational safety measures (TOMs) to ensure that the personal data you make available to us are not compromised and do not become known to unauthorised third parties through accidental or intentional manipulation, loss or destruction. Our safety measures are improved and adapted on an ongoing basis in line with technological development.

In particular, the security measures include the encrypted transfer of data between your browser and our server.

Please note that there may be security vulnerabilities when transferring data online (such as when communicating by email). It is not possible to protect data completely against access by third parties.

Your rights as a data subject

You are also entitled to certain rights in the context of the processing of your personal data. Further detail on this can be found in the corresponding provisions of the General Data Protection Regulation. You may email the following address at any time to assert your rights:

datenschutz(at)secunet.com

Right to access and rectification

You have the right to receive access and information (Article 15 GDPR) with respect to which of your personal data we process. In as far as this information is no longer accurate, you may request that we rectify the data and, if they are incomplete, you may request that we supplement them. In as far as we have passed your data onto third parties, we will inform the corresponding third parties provided that the legal circumstances dictate that we do so.

Right to be forgotten (erasure)

You have the right to request the erasure of your personal data (Article 15 GDPR). Pursuant to the applicable data protection provisions, we do not store your personal data for longer than we needed for the purposes of the respective processing. If the data is no longer required for the fulfilment of contractual or legal obligations, we will delete the data on a regular basis unless their further time-limited retention continues to be necessary.

Right to restriction of processing

You may request that we restrict the processing of your personal data for any of the following grounds:

  • If you dispute the accuracy of the data – until we have had the opportunity to satisfy ourselves of the accuracy of the data;

  • If the data are processed unlawfully, but you request merely the restriction of the usage of the personal data rather than their erasure;

  • If we no longer needs the data for the purposes of processing, but you need the data for the establishment, exercise or defence of legal claims

  • If you have submitted an objection to processing and it has not yet been determined whether your legitimate interests override ours.

Right to data portability

You have the right to receive, on request, in a transferable and machine-readable format, the personal data that you have provided to us for processing.

Right to object

In cases in which your personal data are used for marketing measures, you may at any time submit an objection to this form of processing. We will then no longer use your personal data for these purposes.

The objection may be submitted in any form and should be addressed to: datenschutz(at)secunet.com.

If processing is in the public interest or takes place on the basis of a balancing of interests, you have the right to object to processing for grounds that arise from your particular situation. If you submit objection, we will not process your personal data unless we are able to prove binding legitimate grounds for such processing, which override your interests, rights and freedoms, because your personal data serve the establishment, exercise or defence of legal claims. The objection does not contradict the legality of processing that has taken place before the submission of the objection.

Right to withdraw your consent

You have the right to withdraw your consent at any time. Withdrawing consent shall not impact the legality of processing that has taken place on the basis of the consent until withdrawal.

Right to lodge complaints with the supervisory authority

We always endeavour to process your queries and claims as quickly as possible in order to appropriately safeguard your rights. However, if you are not satisfied with our answers and responses, or if you are of the view that we are in breach of the applicable data protection law, you are free to lodge a complaint with our data protection officer and the relevant supervisory authority. The supervisory authority relevant for us is:

     Landesbeauftragte für den Datenschutz und die Informationsfreiheit Nordrhein-Westfalen
     Kavalleriestr. 2 - 4
     40213 Düsseldorf, Germany

Links to other websites

The secunet Security Networks AG website may contain links to other websites. We do not take responsibility for the data protection provisions or the content of external websites.

Amendments to the data protection statement

We reserve the right to make amendments to the data protection statement in order to adapt it to changed legal circumstances, or in the event of changes to services as well as data processing. We ask that users keep up-to-date with respect to the content of the data protection statement on an ongoing basis.

 

Date of coming into effect: May 18, 2018