Data protection policy for customers and other stakeholders - valid from 25.05.2018

With the following information, we would like to give you an overview of the processing of your personal data by us and your rights under the Data Protection Act. Which data is processed in detail and in which way will be used depends on the requested or agreed services. Therefore, not all parts of this information will apply to you.

Who is responsible for data processing and who can I contact?
Responsible for


SOCON Sonar Control
Kavernenvermessung GmbH,
Windmuehlen Strasse 41
31180 Giesen
Telephone: +49 5121 998 19-0
JLIB_HTML_CLOAKING


You can contact our company data protection officer at


SOCON Sonar Control
Kavernenvermessung GmbH,
Windmuehlen Strasse 41
31180 Giesen
Telephone: +49 5121 998 19-0

Which sources and data do we use?
We process personal data that we receive from our customers or other stakeholders as part of our business relationship. In addition, we process - as far as necessary for the provision of our service - personal data, which we legitimately gain from publicly available sources or are transmitted by other third parties.
Relevant personal data are personal data (name, address and other contact data, legitimacy data (eg ID data) and authentication data (eg certificates), order data (eg payment order), data from the fulfillment of our contractual obligations (eg sales data in payment transactions). , Advertising and sales data (including advertising scores), documentation data (eg measurement protocol) as well as other data comparable to the mentioned categories.

What do we process your data for (purpose of processing) and on what legal basis?
We process personal data in accordance with the provisions of the EU General Data Protection Regulation (DSGVO) and the Federal Data Protection Act (BDSG)

a) for the fulfillment of contractual obligations (Article 6 (1) (b) GDPR)
The processing of data is done to provide surveying services and advice in the context of the execution of our contracts with our customers or to carry out pre-contractual actions, which are carried out on request. The purposes of data processing are primarily based on the specific service. Further details on the data processing purposes can be found in the relevant contract documents and terms and conditions.


b) in the context of the balance of interests (Article 6 (1) (f) GDPR)
If necessary, we process your data beyond the actual fulfillment of the contract for the protection of legitimate interests of us or third parties. Examples:
• review and optimization of requirements analysis procedures for direct customer approach,
• asserting legal claims and defense in legal disputes,
• Ensuring the IT security and IT operation of SOCON Sonar Control Kavernenvermessung GmbH
• prevention and investigation of criminal offenses,
• measures for building and plant safety (eg access control),
• measures to safeguard the house right,
• measures for the business control and further development of services and products,
• risk management.


c) on the basis of your consent (Article 6 (1) a GDPR)
Insofar as you have given us consent to the processing of personal data for specific purposes (for example, photographs in the context of events, newsletter delivery), the legality of this processing is based on your consent. A given consent can be revoked at any time. This also applies to the revocation of declarations of consent, which were issued to us before the validity of the GDPR, ie before May 25, 2018. The revocation of consent is only effective for the future and does not affect the legality of the data processed until the revocation.


Who gets my data?
Within SOCON, those entities gain access to your data, which they need to fulfill our contractual and legal obligations. Our service providers and vicarious agents may also receive data for these purposes if they, in particular, maintain secrecy.
With regard to the data transfer to recipients outside of SOCON Sonar Control Kavernenvermessung GmbH, it must first be noted that we are bound to secrecy about all customer-related facts and valuations from which we obtain knowledge. In principle, we may only disclose information about our customers if statutory provisions so dictate, if the customer has consented or if we are authorized to provide information. Under these conditions, recipients of personal data, e.g. be:
• Public bodies and institutions in the presence of a legal or regulatory obligation,
• other risk management companies due to legal or regulatory obligation,
• creditors or insolvency administrators requesting foreclosures
• Service providers that we use in the context of order processing relationships

Is data transmitted to a third country or to an international organization?
A transfer of data to offices in countries outside the European Union (so-called third countries) takes place, as far as
• it is necessary to execute the orders
• it is required by law (eg tax reporting obligations).


How long is the data stored?
We process and store the personal data as long as this is necessary for the fulfillment of our contractual and legal obligations. It should be noted that our business relationship is a permanent debt, which is designed for years.
If the data are no longer required for the fulfillment of contractual or legal obligations, these are regularly deleted, unless their temporary processing is necessary for the following purposes:
• Fulfillment of commercial and tax retention obligations, which may occur e.g. can result from: Commercial Code (HGB), Tax Code (AO) The time limits for storage and documentation specified there are usually two to ten years.
• Preservation of evidence within the statutory limitation period. According to §§195 ff of the Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular period of limitation is 3 years.


Which data protection rights do I have?
Each data subject has the right to information under Article 15 of the GDPR, the right of correction under Article 16 GDPR, the right to cancellation under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR. With regard to the right to information and the right to erase, the restrictions under §§ 34 and 35 BDSG apply. In addition, there is a right of appeal to a competent data protection supervisory authority (Article 77 DSGVO i.V.m. § 19 BDSG).
You may revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent, which were issued to us before the validity of the GDPR, ie before May 25, 2018. Please note that the revocation only works for the future. Processing that occurred before the revocation is not affected.

Is there a duty for me to provide data?
As part of our business relationship, you must provide the personal information necessary to initiate, conduct and terminate a business relationship and to perform the related contractual obligations, or we are required to collect it by law. Without this data, we will generally be unable to conclude, execute and terminate a contract with you.


To what extent is there an automated decision-making process?
In principle, we do not use fully automated decision-making pursuant to Article 22 of the GDPR to justify and implement the business relationship

.
________________________________________


Information about your right to object under Article 21 GDPR


Case-specific right of objection
You have the right at any time, for reasons arising out of your particular situation, to prevent the processing of personal data concerning you pursuant to Article 6 (1) (e) of the GDPR (Data Processing in the Public Interest) and Article 6 (1) (f) GDPR ( Data processing on the basis of a balance of interests) takes place, objecting; this also applies to a profiling based on this provision within the meaning of Article 4 No. 4 GDPR.
If you object, we will no longer process your personal information unless we can establish compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, pursuing or defending legal claims.


Right to object to the processing of data for direct marketing purposes
In individual cases, we process your personal data in order to operate direct mail. You have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling insofar as it is associated with such direct mail. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes.


Recipient of a contradiction
The objection can be form-free with the subject "objection" stating your name, address and date of birth and should be addressed to:


SOCON Sonar Control Kavernenvermessung GmbH,
Windmuehlen Strasse 41
31180 Giesen
Telephone: +49 5121 998 19-0

Data processing on the Internet pages
The SOCON Sonar Control Cavern Surveying GmbH also processes personal data on its Internet pages. The privacy policy installed in the Internet access informs about the processing of this data by us and the rights resulting from the data protection.


Further information
If you wish information that can not be provided to you by this privacy policy or if you wish to receive further information for a specific reason, please contact the Data Protection Officer.