Privacy


Data protection information for customers and interested parties of Steigauf Daten Systeme GmbH
according to Art. 13, 14, 21 of the General Data Protection Regulation (GDPR)

We will inform you below how and on what basis we process your personal data and what rights you are entitled to.

1. Who is responsible for data processing?
Steigauf Daten Systeme GmbH, Otto-Hahn-Str. 13a, 85521 Riemerling (hereinafter: Steigauf Daten Systeme GmbH), represented by: Roul Steigauf, Otto-Hahn-Str. 13a, 85521 Riemerling, Germany.
E-Mail: kundenservice@steigauf.de
Tel.: +49 (0) 89 4111 862 10
You can contact our data protection officer at the following email address: datenschutz@steigauf.de

2. Processing purposes and legal basis
Your personal data will be processed in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other relevant data protection regulations. Our contract documents, forms, declarations of consent and the other information made available to you (e.g. on the website or in the terms and conditions) provide further details and additions to the processing purposes.

2.1 Consent (Art. 6 Para. 1 a GDPR)
If you have given us your express consent to the processing of personal data for certain cases, the respective consent is the legal basis for the processing mentioned there. You can revoke your consent at any time with effect for the future.

2.2 Implementation of pre-contractual measures and fulfilment of contractual obligations (Art. 6 Para. 1 b GDPR)
We process your personal data to carry out measures and activities in the context of pre-contractual relationships, in particular for contract negotiations. Furthermore, your personal data will be processed to carry out our contracts with you, in particular in the context of our order processing and the use of your services

Fulfillment of legal obligations (Art. 6 Para. 1 c GDPR
We process your personal data insofar as this is legally necessary to fulfill commercial and tax retention obligations or otherwise due to legal norms. (e.g. according to the Money Laundering Act).

Safeguarding the legitimate interests of us or a third party (Art. 6 Para. 1 f GDPR)
We can also process your personal data on the basis of a balance of interests to safeguard the legitimate interests of us or a third party. This is done for the following purposes:

  • for comparison with European and international anti-terror lists, if this goes beyond the legal obligations;
  • for the further development of services and products as well as existing systems and processes;
  • for obtaining information and exchanging data with credit agencies if this goes beyond our economic risk;
  • for the disclosure of personal data as part of a due diligence (catalog of duties), e.g. in company sales;
  • for the enrichment of our data by researching and using publicly available data;
  • for statistical evaluations or for market analyzes;
  • for benchmarking;
  • for internal and external investigations and / or security reviews;
  • for ensuring and exercising our house rules through appropriate measures (e.g. video surveillance);
  • for the enforcement of our rights and defense against unjustified claims in the event of a legal dispute with you.
  • We process data from interested parties to safeguard our legitimate interests or to initiate a contract. This also includes the data that you gave us in the course of the online survey using the Survio survey tool (the tool is provided by Survio s.r.o., Hlinky 995/70, 603 00 Brno, Czech Republic) in advance of a personal consultation.

3. Categories of personal data that are processed by us

  • The following categories of data are processed:
  • Personal data (e.g. name, nationality, occupation / industry),
  • Contact details (e.g. address, email address, telephone number),
  • Bank details (e.g. account number),
  • Tax data (e.g. VAT ID number)
  • Information about your financial situation (e.g. creditworthiness data),
  • Register data and other data from public sources (e.g. internet, media, press, trade and

4. Who will receive your data?
We pass on your personal data within our company to those areas that need this data to fulfill contractual and legal obligations or to implement our legitimate interests.
In addition, the following offices can receive your data:

  • Processors employed by us (Art. 28 GDPR) and service providers for supporting activities, e.g. in the fields of IT services, logistics and printing services, archiving, document processing, data destruction, purchasing / procurement, media technology, tax and auditing, courier services;
  • Public bodies and institutions in the event of a legal or official obligation, according to which we are obliged to disclose data;
  • Bodies and institutions based on our legitimate interest or the legitimate interest of the third party for the purposes mentioned in section 3.4 (e.g. to authorities, credit agencies, debt collection, lawyers, courts, experts).

5. Transfer of your data to a recipient in a third country or to an international organization
A transfer of data to locations outside the European Union (EU) or the European Economic Area (EEA) (so-called third countries) or to an international organization is currently not intended. If necessary, it only takes place after separate information about the existence of an adequacy decision by the EU Commission on the level of data protection and only if it is necessary for the implementation or termination of the contract with you, it is required by law (e.g. tax reporting obligations), it within the framework a legitimate interest of us or a third party or you have given us your consent. Your data can also be processed in a third country in connection with the involvement of service providers as part of order processing.
Unless the EU Commission has decided on an appropriate level of data protection for the country in question, we ensure, in accordance with Art. 46, 47 GDPR, through binding internal data protection regulations, corresponding contracts or other legally provided guarantees that your personal data, rights and Freedoms are adequately protected and guaranteed for the recipient, unless there is a legal exception to compliance with the appropriate level of protection according to Art. 49 GDPR

6. How long do we keep your data?
If necessary, we process your personal data for the duration of our contractual relationship with you.
In addition, we are subject to various storage and documentation obligations that may a. o. reasons be a result of the legal framework. The periods for storage and documentation specified there are up to ten years after the end of the contract.
Ultimately, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 ff. of the German Civil Code (BGB) can usually be three years, but in certain cases also up to thirty years.


7. To what extent is there automated decision-making in individual cases (including profiling)?
We do not use any purely automated decision-making processes in accordance with Article 22 GDPR. Should we use this procedure in individual cases, we will inform you about this separately.


8. Scope of your obligations to provide us with your data
You only need to provide the data that is necessary for the establishment and implementation of a contractual relationship with us, which we are legally obliged to collect or are entitled to protect legitimate interests. You are not obliged to provide personal data. Without the provision, however, the execution of the contract would not be properly possible, which could ultimately result in the refusal to conclude or the termination of a contract. If we also request data from you, you will be informed separately that the information is voluntary.


9. Rights of data subjects
You have the right:

  • in accordance with Art. 15 GDPR, to request information about your personal data processed by us. In particular, you can obtain information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the existence of a The right to lodge a complaint, the origin of your data, if we have not collected it, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information on their details;
  • in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us;
  • in accordance with Art. 17 GDPR, to request the deletion of your personal data stored by us, unless processing to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend Legal claims is required;
  • in accordance with Art. 18 GDPR, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need to assert it, Need to exercise or defend legal claims or you have objected to processing in accordance with Art. 21 GDPR;
  • in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transmitted to another person responsible;
  • in accordance with Art. 7 Para. 3 GDPR, to revoke your consent given to us at any time. As a result, we are no longer allowed to continue the data processing based on this consent in the future.

If you want to assert one of these rights, please contact us or our data protection officer.

Information about your right of objection according to Art. 21 GDPR
You have the right to object to the processing of personal data concerning you which is based on Art. 6 Paragraph 1 f GDPR (data processing to safeguard legitimate interests) or Art. 6 Paragraph 1 e GDPR (data processing for tasks in the public interest) to insert.

If you object, we will no longer process your personal data unless we can prove compelling legitimate reasons for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of asserting, exercising or defending legal claims.

Information about your right of withdrawal according to Art. 7 Para. 3 GDPR
Insofar as we process your personal data for specific purposes based on your consent, you have the right to withdraw your consent at any time in accordance with Art. 7 Para. 3 GDPR. After receiving your revocation, we will stop processing data for the purposes for which you have given us your consent. The lawfulness of the processing before receipt of your revocation remains unaffected.

Please note that the revocation will only take effect in the future. Processing that took place before the revocation is not affected.

Objection to processing for direct marketing purposes
In the case of data processing for direct mail, you have the right to object at any time to the processing of your personal data for the purpose of such advertising, as well as to profiling insofar as it is related to such direct mail.

If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

The objection can be made informally and should be addressed to:
Steigauf Daten Systeme GmbH, Otto-Hahn-Str. 13; 85521 Riemerling, Email: datenschutz@steigauf.de

10. Your right of appeal to the competent supervisory authority
You have a right of appeal to the data protection supervisory authority if you are of the opinion that the processing of your data violates the GDPR (Art. 77 GDPR). The supervisory authority responsible for us is:

Bavarian State Office for Data Protection Supervision, Promenade 18, 91522 Ansbach,
Phone: +49 (0) 981 180093-0, Email: poststelle@lda.bayern.de

Steigauf DMS Podcast