Data Protection statement of the secunet Security Networks AG
As one of the leading German suppliers of high-quality IT security, secunet Security Networks AG treats data security and data protection as a top priority. This requirement relates to all customers, suppliers and employees, and applies for all of our fields of activity and working processes.
The controller is defined by the General Data Protection Regulation and other data protection laws applicable in the member states of the European Union is:
secunet Security Networks AG
45138 Esse, Germany
Management Board: Axel Deininger (CEO), Torsten Henn, Dr. Kai Martius, Thomas Pleines
Tel.: +49 (0) 201 5454-0
Fax: +49 (0) 2015454-100
Data protection is extremely important to the management team at secunet Security Networks AG. For this reason, we explain in this data protection statement how we protect your privacy when you share your personal data with us via this website.
You can contact the data protection officer at secunet Security Networks AG using the following contact details:
Dr. Kay Rathke
secunet Security Networks AG
45138 Essen, Germany
To the extent that personal data (for example your first and last name, title, company, role, activity, postal address, email address, phone number, customer number, order number, invoice data, username, or IP address) are collected on our website, where possible this is always on a voluntary basis. Sensitive data such as information regarding health, political opinion, religion or trade union membership or other information is not collected by our website.
The definitions used such as “personal data” or their “processing” correspond to the definitions stated in Article 4 of the General Data protection Regulation (GDPR).
Accordingly, the term personal data refers to all information that relates to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name or an identification number, a code number, location data, an online code, or one or multiple special features.
Personal data concerning individuals under the age of 16
Our website is not intended for minors. Personal data concerning minors are only collected if they are completing an internship/training within our organisation, and use our communications channels for this purpose.
Collecting and processing personal data
The personal data concerning data subjects processed in the context of the secunet website includes core data (for example names and addresses of customers), usage data (for example their interest in our products and services), core data concerning applicants in the context of online applications (for example personal details and information regarding professional experience and education) and content-related data (for example entries in the contact form).
The categories of data subjects affected by data processing include our business partners, customers, interested parties, and other visitors to our website.
We process your personal data in compliance with the relevant data protection provisions. This means that your data are only processed if there is legal authorisation to do so. Data is processed in particular to provide our contractual services, where consent has been provided, and based on our legitimate interests (for example the interest in the analysis, optimisation, and security of our website as defined by point (f) of Article 6(1) GDPR).
The legal basis for consent is point (a) of Article 6(1) GDPR and Article 7 GDPR; the legal basis for processing to provide our services and implement contractual measures is point (b) of Article 6(1) GDPR.
Purposes of data processing
We collect, process and use your personal data for the following reasons, depending on your interaction with our website: Where applicable, we respond to your queries for the purposes of customer relationship management, send you our newsletter, customer magazine, and financial reports and press releases following corresponding registration, and optimise our website. In the event of contact requests, we collect the following data from you: Your name, organisation, email address, phone number, and the content of your message. When you register for the newsletter, we collect the following data from you: Your title, first and last name, email address, and company name. When you register for the customer magazine, we collect the following data from you: Your honorific, title, first and last name, organisation, role, and postal address. We collect the following data from you for sending press releases: Your honorific, title, first and last name, organisation/medium, email address, postal address, phone number, and fax number. We collect the following data from you for sending financial reports: Your title, first and last name, organisation/medium and email address. We collect the following data from you for annual reports by post: Your honorific, first and last name, organisation/medium, role, postal address, phone number, and fax number. The collection and processing of data are limited to the degree necessary for processing through the use of a reduced selection of mandatory fields. If you register for an event, we collect information that is necessary for your participation in such events and for their organisation. If you register to use the SINA customer portal, we collect information that is necessary for your registration, internal audit, and release, as well as use. We collect the following data for this purpose: Your honorific, first and last name, organisation/medium, email address, the username you select, and your postal address, phone number and fax number. We collect and process your data that you voluntarily provide to us in the context of your online application. In addition, your browser automatically transfers your IP address when you visit our website.
The data are stored for these purposes or as stipulated by the applicable law and subsequently erased. Personal data is exclusively collected and processed for the specific purpose of achieving the business objectives of secunet, in accordance with legal requirements.
We process and use your personal data to process your online application. The data are collected in accordance with the legal provisions for the purpose of processing your application. Your application will be processed and stored in the secunet applicant database, solely for the processing of your online application. Your data will be automatically erased, at the latest 6 months after the application procedure has been completed.
If you have entered your application data and confirm your input by pressing the “Send” button, your data pass directly to our server via an SSL-encrypted connection. We use the applicant management tool from rexx Systems GmbH to process your data. The required contract for (commissioned) processing has been concluded between us and rexx Systems GmbH; this contract ensures proper and secure processing by the service provider. Your data that are made available to us will be passed on within secunet Group in the context of application processing, and taking into account the data protection specifications. secunet will not disclose these data to third parties or use your data for other purposes.
SINA Customer portal
If you register to use the SINA customer portal, we process your personal data that are necessary for your registration, internal verification, and release, as well as for the use of the customer portal. As a minimum, we collect the following data for this purpose: first and last name, company, and email address. In addition, you may voluntarily provide us with further data such as your title, address, company address, phone number, and fax number.
The SINA customer portal enables registered and approved participants to access special information and software updates.
If you enter your personal data and have successfully registered, your data pass directly to our server via an SSL-encrypted connection. Your data that are made available to us will be passed on within secunet Group for the purpose of the registration and approval process, as well as to guarantee proper use, taking into account the data protection specifications.
secunet will not disclose these data to third parties or use your data for other purposes.
Test access secunet safe surfer
If you request the secunet safe surfer test access via the general contact request, we process your personal data for the purpose of processing your request. We also process the information required for authentication, which is necessary for the following purposes:
- Account provision (consisting of e-mail and pseudonym)
- Using the secunet safe surfer test access
The following personal data is collected for authentication and account provisioning in the test environment: First name, last name, academic degree (if applicable), business e-mail address, company. During the use of the secunet safe surfer, protocol data in the form of visited Internet pages (http enquiries) are generated. The recording of such data is necessary to ensure proper operation, in particular to detect criminal offences committed by the user.
There is no automated decision making, such as profiling.
Your data will not be passed on to third parties or used for other purposes. Unless you have consented to such disclosure or it is permitted under applicable law (e.g. in investigations by the police and law enforcement agencies).
Your contact data will be deleted after the purpose has been fulfilled, unless you expressly declare your interest in the solution, so that the processing of your personal data becomes necessary for the implementation of pre-contractual measures and the fulfilment of a contract. Your account data will be deleted after fulfilment of the purpose, taking into account the retention period. Furthermore, the log data will also be pseudonymised before the retention period expires and deleted after the period has expired.
Passing on of personal data
Your personal data is only passed on within the framework of legal requirements. We only pass the data on to third parties if this is necessary for contractual purposes, for example on the basis of point (b) of Article 6(1) GDPR, or on the basis of legitimate interests pursuant to point (f) Article 6(1) GDPR in the economic and effective operation of our company, under consideration of your interests worthy of protection.
Your personal data will not be disclosed to third parties unless you have approved such disclosure, or such disclosure is permissible according to the applicable law, for example if this is required for the fulfilment of a contract concluded with you. If you submit a query that relates to a subsidiary of secunet, this query may be passed on to the corresponding Group company together with the information required for responding to the query. The subsidiaries are located within the European Union and the European Economic Area.
In as far as we use subcontractors for the provision of our services, we implement appropriate legal precautions as well as corresponding technical and organisational measures in order to ensure the protection of personal data pursuant to the relevant legal requirements.
For sending the print version of secuview as well as the newsletter, we collaborate with providers (marketing service providers) who guarantee appropriate measures for the protection of personal data.
In as far as data are transferred to third countries in certain cases, this takes place exclusively based on an appropriate level of data protection, consent from the data subject, or a legal permit, and secunet shall ensure that the recipient of the data in the third country has in place an appropriate level of data protection in accordance with the specifications of the GDPR, for example through the conclusion of EU standard contracts for third-country transfers, an adequacy decision by the EU Commission for a third country, the EU-US privacy shield, or other possibilities provided for in accordance with the GDPR.
Cookies are small text files that are stored locally in the buffer of the website visitor’s internet browser.
This website uses technologies from etracker GmbH (www.etracker.com), which has its registered office in Germany, to collect and store data for the purposes of marketing and optimisation. The data stored can be used to create usage profiles under a pseudonym. Cookies may be used for this purpose. The data are processed based on the legal provisions of point (f) Article 6(1) (legitimate interest) of the EU General Data Protection Regulation. The purpose of processing personal data is to optimise our online offering and our web presence. Data such as your IP address, registration or device identifiers are pseudonymised as early as possible at etracker in order to protect your privacy, meaning that it is no longer possible to create a connection with a certain person. These data are not used in any other way, merged with other data held by etracker, or passed on to third parties.
You may object to the data processing described above at any time in as far as such processing is specific to an individual. Deactivating cookies
No additional analytical tools are used.
secunet Security Networks AG uses extensive technical and organisational safety measures (TOMs) to ensure that the personal data you make available to us are not compromised and do not become known to unauthorised third parties through accidental or intentional manipulation, loss or destruction. Our safety measures are improved and adapted on an ongoing basis in line with technological development.
In particular, the security measures include the encrypted transfer of data between your browser and our server.
Please note that there may be security vulnerabilities when transferring data online (such as when communicating by email). It is not possible to protect data completely against access by third parties.
Your rights as a data subject
You are also entitled to certain rights in the context of the processing of your personal data. Further detail on this can be found in the corresponding provisions of the General Data Protection Regulation and the following description of your rights. You may email the following address at any time to assert your rights:
Right to access and rectification
You have the right to receive access and information with respect to which of your personal data we process (Article 15 GDPR). In as far as this information is no longer accurate, you may request that we recify the data (Article 16 GDPR) and, if they are incomplete, you may request that we supplement them (Article 16 GDPR). If we have passed on your data to third parties, we will inform the relevant third parties of the legal circumstances (Article 19 GDPR). In as far as we have passed your data onto third parties, we will inform the corresponding third parties provided that the legal circumstances dictate that we do so (Article 19 GDPR).
Right to be forgotten (erasure)
You have the right to request the erasure of your personal data (Article 15 GDPR). Pursuant to the applicable data protection provisions, we do not store your personal data for longer than we needed for the purposes of the respective processing. If the data is no longer required for the fulfilment of contractual or legal obligations, we will delete the data on a regular basis unless their further time-limited retention continues to be necessary.
Our website is explicitly not intended for individuals who have not yet reached the age of 16 (children). If, despite this, children use our website and provide us with their data, the right to the erasure of this provided data shall apply in these cases (point (f) of Article 17(1) GDPR).
Right to restriction of processing
You may request that we restrict the processing of your personal data for any of the following grounds:
- If you dispute the accuracy of the data – until we have had the opportunity to satisfy ourselves of the accuracy of the data;
- If the data are processed unlawfully, but you request merely the restriction of the usage of the personal data rather than their erasure;
- If we no longer needs the data for the purposes of processing, but you need the data for the establishment, exercise or defence of legal claims
- If you have submitted an objection to processing and it has not yet been determined whether your legitimate interests override ours.
Right to data portability
You have the right to receive, on request, in a transferable and machine-readable format, the personal data that you have provided to us for processing.
You have the right to receive on request personal data that you have given us for processing and that we process automatically in a transferable and machine-readable format.
Right to object
In cases in which your personal data are used for marketing measures, you may at any time submit an objection to this form of processing (Para 2 of Article 21 GDPR). We will then no longer use your personal data for these purposes.
The objection may be submitted in any form and should be addressed to: datenschutz(at)secunet.com.
If processing is in the public interest or takes place on the basis of a balancing of interests, you have the right to object to processing for grounds that arise from your particular situation (Para 1 of Article 21 GDPR). If you submit objection, we will not process your personal data unless we are able to prove binding legitimate grounds for such processing, which override your interests, rights and freedoms, because your personal data serve the establishment, exercise or defence of legal claims. The objection does not contradict the legality of processing that has taken place before the submission of the objection. We restrict the processing of your data until your objection has been reviewed.
Right to withdraw your consent
You have the right to withdraw your consent at any time. Withdrawing consent shall not impact the legality of processing that has taken place on the basis of the consent until withdrawal.
Right to lodge complaints with the supervisory authority
We always endeavour to process your queries and claims as quickly as possible in order to appropriately safeguard your rights. However, if you are not satisfied with our answers and responses, or if you are of the view that we are in breach of the applicable data protection law, you are free to lodge a complaint with our data protection officer and the relevant supervisory authority. The supervisory authority relevant for us is:
Landesbeauftragte für den Datenschutz und die Informationsfreiheit Nordrhein-Westfalen
Kavalleriestr. 2 - 4
40213 Düsseldorf, Germany
Links to other websites
The secunet Security Networks AG website may contain links to other websites. We do not take responsibility for the data protection provisions or the content of external websites.
Amendments to the data protection statement
We reserve the right to make amendments to the data protection statement in order to adapt it to changed legal circumstances, or in the event of changes to services as well as data processing. We ask that users keep up-to-date with respect to the content of the data protection statement on an ongoing basis.
Date of coming into effect: May 18, 2018