The SensAction AG (“SensAction AG”, “we” or “us”) attaches great importance to the protection of your personal data. We therefore conduct our business in compliance with applicable laws on personal data protection and data security.
This Data Protection Notice applies to all affiliated companies of the SensAction AG Group in the EU/EEA. It also applies in addition to the General Data Protection Policy, which has global validity and takes precedence in case of conflict.
Details of the responsible SensAction AG company within the meaning of the GDPR and further information about the competent supervisory authority can be found on our website.
The relevant company’s internal Data Protection Responsible can be contacted by post at the address indicated on the website, adding the title “Data Protection Responsible”, or via email: firstname.lastname@example.org
Local Authorities :
Der Bayerische Landesbeauftragte für den Datenschutz
Dr. Thomas Petri
Postfach 22 12 19
Telefon: 089/21 26 72-0
Telefax: 089/21 26 72-50
2 Purpose of processing, legal basis
We process personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and national data protection regulations:
a. For fulfilment of contractual obligations (Art. 6 para. 1 b GDPR)
particularly in connection with customer orders, suppliers, service partners and employees
b. To safeguard legitimate interests within the context of a balance of interests (Art. 6 para. 1 f GDPR)
To the extent necessary, we process your data beyond the actual fulfilment of the contract in order to safeguard our legitimate interests or those of third parties. This concerns in particular:
– Passing on data within the SensAction AG
– Advertising or market research, unless you have objected to the use of your data
– Reviewing and optimising procedures for needs assessment and for direct client discussions,
including client segmentations and calculation of closing probabilities
– Asserting legal claims and defence in legal disputes
– Guaranteeing IT security
– Video surveillance to safeguard domiciliary rights and protect buildings and property from
vandalism and theft
– Measures for building and site security (e.g. access control)
– Measures to safeguard domiciliary rights
– Measures for business management and further development of products and services
– Risk management within the Company
c. Based on your consent (Art. 6 para. 1 a GDPR)
Where you have granted us consent to process your personal data for certain purposes (e.g. filming and photographs, newsletters), such processing is lawful on the basis of your consent. Consent given can be withdrawn at any time. This also applies to the withdrawal of declarations of consent that were given to us before the GDPR came into force, i.e. before May 25, 2018. Please note that the withdrawal is only valid for the future. Data processed prior to the with- drawal is not affected.
d. Based on legal requirements (Art. 6 para. 1 c GDPR) or in the public interest (Art. 6 para. 1e GDPR)
We are also subject to various legal obligations, that is to say, statutory requirements (e.g. checks against anti-terrorism lists, anti-money laundering legislation). Purposes of processing include identity checking, fulfilment of verification and reporting obligations in relation to tax and social security, fraud and money laundering prevention and measurement and manage- ment of risks within the SensAction AG.
Who receives my data?
Within the responsible SensAction AG company, those units that require your data to fulfil our con- tractual and legal obligations or to safeguard legitimate interests will have access to it.
Affiliated companies of the SensAction AG, our service providers and vicarious agents appointed by us, public authorities or third parties may also receive data for such purposes.
In particular, the following recipients or recipients which offer the following activities and services may receive data:
– Affiliated companies of the SensAction AG Group
– Third party cloud and ASP service providers
– Public bodies for compliance with statutory reporting requirements, e.g. financial authori-
ties, social security institutions, law enforcement agencies
– Processing of bank information
– Support/maintenance of computer/IT applications
– Document processing
– Call centre services
– Compliance services
– Data screening for anti-money laundering purposes
– Data destruction
– Auditing services
– Leasing companies
– Credit-checking service providers
– Debt collection companies
– Payment card processing (debit cards/credit cards) and payment transactions
– Media technology
– Website management