Data protection information according to Art. 13, 14 GDPR

Thank you for your interest in our company, our products and our services. As the data controller, we want you to feel comfortable interacting with us and our employees regarding the protection of your personal data. We take compliance with German and European data protection regulations very seriously. The protection of your personal data is therefore a top priority for us. With the following information, we would like to inform you about how we handle your personal data in detail:

1. Data controller

NT-ware Systemprogrammierungs-GmbH
Niedersachsenstraße 6
49186 Bad Iburg

2. Contact Details of the Data Privacy Officer

NT-ware Systemprogrammierungs- GmbH
Data Protection Officer
Niedersachsenstr. 6
49186 Bad Iburg

privacy@nt-ware.com

3. Rights of data subjects

3.1. Right to information

(Art. 15 GDPR)

If your personal data is processed, you have the right to obtain information from the controller about the data stored about you (Art. 15 GDPR).

3.2. Right to rectification

(Art. 16 GDPR)

You have the right to request the controller to rectify inaccurate personal data concerning you without undue delay and the right to request the completion of incomplete personal data (Art. 16 GDPR).

3.3. Right to erasure

(Art. 17 and 18 GDPR)

If the legal requirements are met, you can demand the immediate deletion of your personal data or restriction of processing (Art. 17 and 18 GDPR).

3.4 Right to information

(Art. 19 GDPR)

If you have asserted the right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients vis-à-vis the controller (right to information, Art. 19 GDPR).

3.5 Right to data portability

(Art. 20 GDPR)

If you have consented to the data processing or if there is a contract for data processing and the data processing is carried out using automated methods, you may have a right to data portability (Art. 20 GDPR). In exercising this right, you also have the right to obtain that the personal data concerning you is transferred directly from one controller to another controller, to the extent that this is technically feasible. The freedoms and rights of other persons must not be impaired by this.

3.6 Right to object to processing

(Art. 21 para. 1 GDPR)

You have the right, for reasons relating to your particular situation, to object at any time to the processing of personal data concerning you which is prohibited on the basis of Art. 6 para. 1 sentence 1 lit. e or f GDPR; this also applies to profiling based on these provisions. The controller will no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims (Art. 21 para. 1 GDPR).

3.7 Right to object to direct marketing

(Art. 21 para. 2 GDPR)

If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing, including profiling insofar as it is related to such direct marketing (Art. 21 para. 2 GDPR). If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes

3.8 Right to withdraw consent

(Art. 7 para. 3 GDPR)

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent before the revocation (Art. 7 para. 3 GDPR).

3.9 Automated individual decision-making, including profiling

(Art. 22 GDPR)

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. In this case, if the legal requirements are met, you have the right to obtain the intervention of a person from the controller, to express your own point of view and to contest the decision (Art. 22 GDPR).

3.10 Right to lodge a complaint

(Art. 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of personal data concerning you violates the GDPR (Art. 77 GDPR). The supervisory authority to which the complaint was lodged informs the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

4. For Applicants

4.1 Processing of your personal data

NT-ware collects the following personal data from you as part of the application process:

First and last name
Address
E-mail address
Phone/Mobile Number
Professional qualifications and further training
Availability
Salary requirement
All personal data contained in the application (CV, cover letter, certificates, etc.)

NT-ware collects personal data from applicants in the following ways:

Application sent by e-mail directly to jobs@nt-ware.com
Postal application
Recruiters

4.2 Purposes of the processing and its legal basis

Your personal data will be processed for the following purposes:

Implementation of the application procedure and decision on the establishment of the employment relationship
Communication (telephone, e-mail etc.)
Implementation of pre-contractual measures (initiation of the employment relationship)
Asserting, exercising or defending legal claims arising from the application process

Processing of special categories of personal data that have been made public - Art. 9 (2) (e) GDPR
Insofar as special categories of personal data are processed that you have obviously made public, your data will be processed in accordance with Art. 9 (2) (e) GDPR.

Processing for the purpose of asserting, exercising or defending legal claims or for acts of the courts - Art. 6 (1) sentence 1 (f) GDPR, Art. 9 (1) (f) GDPR
Insofar as necessary, your data will be processed for the purpose of asserting, exercising or defending legal claims or in the case of actions of the courts pursuant to Art. 6 (1) sentence 1 (f) GDPR, Art. 9 (1) (f) GDPR.

Processing on the basis of consent - Art. 6 (1) sentence 1 (a) GDPR in conjunction with Art. 7 GDPR, Art. 88 (1) GDPR in conjunction with Art. 26 (2) BDSG
If you have given your consent to data processing, your data will be processed in accordance with Art. 6 (1) sentence 1 (a) GDPR in conjunction with Art. 7 GDPR, Art. 88 (1) GDPR in conjunction with Art. 26 (2) BDSG.

Decision on the establishment of the employment relationship Art. 6 para. 1 sentence 1 lit. b GDPR, Art. 88 para. 1 GDPR in conjunction with § 26 para. 1 BDSG
We process your data in order to make a decision on the establishment of the employment relationship. In the event of employment in our company, your data will be processed for the purpose of carrying out and terminating the employment relationship. For this purpose, separate information about the processing of your personal data will be provided.

Processing on the basis of legitimate interest - Art. 6 (1) sentence 1 (f) GDPR
Insofar as the processing is carried out to safeguard a legitimate interest of us or a third party and their interests or fundamental rights and freedoms do not outweigh the first-mentioned interest, Art. 6 (1) sentence 1 (f) GDPR serves us as the legal basis for data processing. Our legitimate interest arises in particular from the following reasons:

The proper implementation and optimization of the application process
Assertion, exercise or defence of legal claims

Processing of special categories of personal data - Art. 9 (2) (a) GDPR
If you have given your consent to the processing of special categories of personal data, such as health data, religious affiliation or nationality, your data will be processed in accordance with Art. 9 (2) (a) GDPR.

4.3 Recipients or categories of recipients of personal data and transfers to third countries

As part of the processing of your personal data, we may pass on the personal data concerning you to the following recipients:

Internally, only authorized employees are granted access to an applicant's data via an authorization concept.

For the purpose of communicating with applicants, we use the Microsoft 365 service, including Microsoft Teams, of the service provider Microsoft Operations Ltd. in Dublin, Ireland. For more information about Microsoft's data processing, see: https://privacy.microsoft.com/de-de/privacystatement

4.4 Duration of storage of personal data

We will delete your personal data as soon as the purposes specified under 4.2 for their storage no longer apply, or you object to the use of your personal data (in the case of processing based on legitimate interests) or you withdraw your previously given consent. However, your personal data may also be stored beyond this, in particular in the following cases:

if deletion is precluded by contractual, statutory (in particular from HGB, StGB and AO) or statutory retention periods
to assert, exercise or defend legal claims
where required by European or national law to comply with a legal obligation to which we are subject .

In particular, the following storage periods result for us from legal provisions:

After decision on non-appointment: 180 days retention period for application documents (Section 15 (4) of the General Equal Treatment Act (AGG), Section 224 of the Code of Civil Procedure (ZPO)).

In the event of employment in our company, your personal data will be deleted when the purpose ceases to exist, at the latest after the termination of the employment relationship, unless statutory retention periods prevent the deletion.

5. For customers, employees of customers and interested parties

5.1 Processing of your personal data

In the context of the existing customer relationship with you or your employer and the initiation of the contract with you or your employer or when you contact us as an interested party, we process the following data about you:

Forename
Surname
Salutation
Titles and academic degrees
Company Name
Position in the company
Business address
Your business email address,
Your business mobile phone number

NT-ware collects data from customers, employees of customers and interested individuals in the following ways:

In the context of the performance of the contract to which you or your employer is a party
Inquiries via the e-mail, contact form, telephone or fax

5.2 Purposes of data processing

As part of the existing customer relationship with you or your employer and the initiation of a contract with you or your employer, your personal data will be processed for the following purposes:

To process your request as an interested party. For this purpose, we use your contact details to be able to answer your request.
For the preparation and implementation of pre-contractual measures for a contract to which you or your employer is a party.
To add your contact details to our customer and contact database.
Establishment, implementation, billing and termination of the contractual relationship of a contract to which you or your employer is a party; this includes, in particular, communicating with you by e-mail, mobile phone, landline number or fax.
Customer management and customer support - esp. processing customer inquiries
For the purpose of carrying out marketing initiatives such as: newsletters, product updates, invitations to events and webinars
To comply with our legal obligations. This includes, for example, the transmission of your personal data to the tax office, if necessary.
To comply with post-contractual measures.
To assert, exercise or defend legal claims.

5.3 Legal basis for data processing

Processing of your personal data on the basis of consent
Insofar as we obtain your consent for the processing of your personal data, the processing of your personal data is carried out on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR in conjunction with Art. 5, 7 GDPR.

Processing for the purpose of performing the contract with you
Insofar as we process your personal data for the purpose of fulfilling the contract, Art. 6 (1) sentence 1 (b) GDPR serves as our legal basis. This also applies to processing operations that are necessary for the implementation of pre- and post-contractual measures.

Processing to comply with a legal obligation
Insofar as the processing of your personal data is necessary to comply with a legal obligation to which our company is subject, Art. 6 para. 1 sentence 1 lit. c GDPR serves as our legal basis. Our legal obligation to process data arises, for example, from retention obligations under tax and/or commercial law.

Processing based on legitimate interest
Insofar as you are acting on behalf of your employer who is our customer, we process your data based on our legitimate interests according to Art. 6 para. 1 sentence 1 lit. f GDPR, because the processing of your data is necessary to perform the contract with our customer.

Additionally, the legitimate interests pursued by us in regard of Art. 6 para. 1 sentence 1 lit. f GDPR include:

To provide you with the best possible information about our products, offers and services through direct marketing;
In communication with you, in particular to be able to respond to your inquiries by e-mail, telephone and/or fax;
To be able to conduct due diligence with our potential business partner
To receive customer feedback to improve the customer experience, improve our products and services

The legal basis for processing activities in connection with the assertion, exercise or defence of legal claims is also our legitimate interest in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

5.4 Recipients or categories of recipients of the personal data

As part of the processing of your personal data, we may pass on the personal data concerning you to the following recipients. We will only transfer your personal data to external recipients if you have given your consent or if this is permitted by law.

External recipients of your personal data are, in particular:

Authorities e.g. tax offices, courts, trade supervisory office, data protection supervisory authorities, Federal Office of Economics and Export Control (BAFA)
Parcel service providers
Attorney-at-Law, Tax Advisor
Auditor
Affiliated companies

NT-ware uses the Office 365 service, including Microsoft Teams, for business communication with customers, employees of customers and interested parties.

5.5 Duration of storage of personal data

We do not store your personal data for longer than is necessary for the purpose for which it was collected. This means that data in our systems is destroyed or deleted as soon as it is no longer needed. We will take reasonable steps to ensure that your personal data is only processed under the following conditions:

For the duration that the data will be used to provide you or your employer with a service
As required by applicable law, contract or in light of our legal obligations
Only for as long as is necessary for the purpose for which the data was collected, or longer if required by contract, applicable law, using appropriate safeguards.

A requirement may exist in particular if the data is still needed to fulfil contractual services to which you or your employer is a party, to be able to examine and grant or defend warranty and, if applicable, guarantee claims. If the data is no longer required for the fulfilment of contractual or legal obligations, it will be deleted on a regular basis, unless its - temporary - retention is still necessary, in particular for the fulfilment of statutory retention periods of up to ten years (e.g. from the Commercial Code, the Tax Code and the Money Laundering Act). In the case of statutory retention obligations, deletion is only possible after the expiry of the respective retention obligation.

6. For suppliers and service providers and employees of suppliers and service providers

6.1 Processing of your personal data

NT-ware processes personal data of suppliers and service providers and employees of suppliers and service providers. This is necessary for business operations. The following data is processed:

Forename
Surname
Business address
Company Name
Bank account
Your email address
Your mobile phone number
Your landline number
Your fax number
Titles and academic degrees
Position in the company
Any personal data provided to us in the course of communications

NT-ware collects data from individuals in the following ways:

Receipt of personal data directly from the data subject by contacting suppliers/service providers
Receipt of personal data directly from the data subject by contacting NT-ware
Research in business directories or websites

6.2 Purposes of data processing

We process your data for the following purposes:

Initiation, implementation and termination of a contractual relationship to which you or your employer is party
Execution of orders
Assertion, exercise or defence of legal claims
Measures for business management and further development of our products

6.3 Legal basis for data processing

Processing based on legitimate interest
Insofar as you are acting on behalf of your employer who is our supplier or service provider, we process your data based on our legitimate interests according to Art. 6 para. 1 sentence 1 lit. f GDPR, because the processing of your data is necessary to perform the contract with our supplier or service provider.

Additionally, the legitimate interests pursued by us in regard of Art. 6 para. 1 sentence 1 lit. f GDPR include:

In communication with you, in particular to be able to respond to your inquiries by e-mail, telephone and/or fax;
To be able to conduct due diligence with our potential business partner

6.4 Recipients or categories of recipients of personal data and transfers to third countries

External recipients of your personal data are, in particular:

Authorities e.g. tax offices, courts, trade supervisory office
Attorney-at-Law, Tax Advisor
Auditor
Affiliated companies

NT-ware uses the Office 365 service, including Microsoft Teams, for business communication with employees of suppliers and service providers and suppliers and service providers.

6.5 Duration of storage of personal data

As required by applicable law, contract or in light of our legal obligations
Only for as long as is necessary for the purpose for which the data was collected, or for longer if required by contract, applicable law, using appropriate safeguards.

A requirement may exist in particular if the data is still needed to fulfil contractual services, to be able to examine and grant or defend warranty and, if applicable, guarantee claims. If the data is no longer required for the fulfilment of contractual or legal obligations, it will be deleted on a regular basis, unless its - temporary - retention is still necessary, in particular for the fulfilment of statutory retention periods of up to ten years (e.g. from the Commercial Code, the Tax Code and the Money Laundering Act). In the case of statutory retention obligations, deletion is only possible after the expiry of the respective retention obligation.

6.6 Obligation to provide the data

In order to (planned) conclude and execute the contract with you, you must provide the personal data that is necessary for the establishment and performance of the contractual relationship and the fulfilment of the associated contractual obligations or that we are legally obliged to collect (see in particular the standards listed under "6.3."). Without this data, we will generally not be able to conclude and perform the contract with you.

7. For event participants

7.1. Processing of your personal data

We process personal data that we receive from you through your participation in the event. In particular, we process:

Forename
Surname
Company affiliation
E-mail address
Photo
Hotel name and address, when we book the hotel for you
T-shirt size, when we buy a T-shirt for you

7.2 Purposes of data processing

We process your personal data for the following purposes:

To carry out the event
To the internal and external reporting of the event
To promote our company on social networks

We do not intend to process your personal data for any other purpose.

7.3 Legal basis for data processing

Processing based on legitimate interest

The legal basis for taking photos during our events can be our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR) in the subsequent internal and external publication of the photos for marketing purposes in social or professional networks (LinkedIn, Facebook etc.), for example when we publish photos of the back of the event audience or photos in which data subjects are only shown as accessories.

If you do not want to be photographed or filmed, you may receive a colored lanyard from us at the entrance area of the event, which signals to the photographer/cameraman that you do not want to be photographed or filmed. If you can still be seen in group shots, you will be made unrecognizable in these shots afterwards.

Processing of your personal data on the basis of consent

The legal basis for the processing of your personal data for the purpose of participating in the event as well as for the internal and external publication of photos, for which you clearly posed, can be your explicit or implied consent and thus Art. 6 (1) sentence 1 lit. a GDPR in conjunction with Art. 5, 7 GDPR.

If you do not want to be photographed or filmed, you may receive a colored lanyard from us at the entrance area of the event, which signals to the photographer / cameraman that you do not want to be photographed or filmed. If you can still be seen in group shots, you will be made unrecognizable in these shots afterwards.

You have the right to revoke your consent under data protection law at any time by sending an e-mail to privacy@nt-ware.com. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent before the revocation (Art. 7 para. 3 GDPR).

If you are depicted in a photo together with other people, the deletion or destruction of the photo or is not mandatory if you revoke your consent. It is enough if you are made unrecognizable. If information about your ethnic origin, religion or health (e.g. skin colour, head scarf or glasses) is recognisable on a photo, the consent also expressly refers to this information.

Information on publishing on the Internet

If personal data has been made publicly available and you revoke your consent, we as the controller are only obliged to provide information to other recipients. This does not affect the obligation of these recipients to delete personal data. You can take direct action against other controllers who process your personal data and request erasure. Information posted on the Internet may never be completely deleted, even if it has been deleted on the original page. In any case, the providers of the most important search engines are informed about the deletion request, so that the personal data can at least no longer appear without further ado in search queries. We would like to point out that photos and/or videos on the Internet can be accessed by anyone. Despite all technical precautions, it cannot be ruled out that such persons may reuse the photos and/or videos or pass them on to other persons. The company is not liable for third parties using the photos for other purposes, in particular by downloading and/or copying photos.

7.4 Recipients or categories of recipients of personal data and third-country transfers

Your personal data may be transmitted to the following service providers in the context of the publication of photos for marketing purposes, provided that you have given your consent:

LinkedIn Ireland Unlimited Company, Dublin, Ireland - https://de.linkedin.com/legal/privacy-policy
Meta Platforms Ireland Limited, Dublin, Ireland - https://de-de.facebook.com/privacy/policy/

We would like to point out that we have no influence on the collection of data and its further use by the providers of social networks. Further information on objection and removal options vis-à-vis the providers of the social networks can be found in the respective data protection notices of the respective providers.

7.5 Duration of storage of personal data

We do not store your personal data for longer than is necessary for the purpose for which it was collected.

Your data will be deleted on a regular basis, unless its - temporary - retention is still necessary, in particular for the fulfilment of statutory retention periods of up to ten years (e.g. from the Commercial Code, the Tax Code and the Money Laundering Act). In the case of statutory retention obligations, deletion is only possible after the expiry of the respective retention obligation.