Privacy policy schwarzprojekt GmbH & Co. KG (in the following schwarzprojekt)

The following information provides an overview of the processing of personal data by schwarzprojekt and the rights resulting from the European Data Protection Basic Regulation (EU-DSGVO) as of 25.05.2018

Who is responsible for data processing and whom can I contact?
Responsible are Nikolaus Schwarz-Hykel and Thomas Schnee, managing directors of schwarzprojekt GmbH & Co. KG
The complete contact details are:

schwarzprojekt GmbH & Co. KG
August-Bebel-Str. 40
04275 Leipzig

T +49 (0) 341 355 72 150
F +49 (0) 341 940 89 107

E-Mail: mail(at)schwarzprojekt.de

Data sources
schwarzprojekt receives contact information from various sources:
Contact form on the website
– E-mails
– Caller data
– Tender portals
– Networking events (handing over of business cards is considered as consent to contact)
– Social media channels (Facebook, LinkedIn, Xing, etc.)
– publicly available data

What data is processed?
The following categories of personal data are processed:
– Address and contact data (e.g. also from third parties, e.g. separate contact persons)
– Personal data (e.g. name, title, date of birth)
– Bank details (e.g. IBAN, name and address of a third party)
– Data on services (e.g. order history, accounting information, etc.)
– Accounting documents (e.g. for receivables, payments, direct debit)
– archived correspondence (outgoing and incoming correspondence, as well as conversation notes)
– Dunning measures (e.g. invoices, reminders)

Legal basis
schwarzprojekt processes personal data in accordance with the regulations of the EU-DSGVO:
processing on the basis of consent, Art. 6 para. 1 letter a EU-DSGVO
If consent has been given for the processing of personal data for specific purposes (e.g. telephone number or e-mail address, account data), the lawfulness of such processing is based on this consent.
Processing for the fulfilment of legal obligations, Art. 6 paragraph 1 letter. c EU-DSGVO
schwarzprojekt processes personal data in order to fulfill legal obligations to keep records.
The data is used exclusively for the following purposes:
contact data management (contact data of third parties)
Handling all correspondence with the data subject
Order acquisition and order fulfillment
Calculation and reimbursement of services (invoicing, handling of payments)
Implementation of reminder and collection measures (e.g. fixing and reminders)
Creation of own marketing measures (e.g. for targeted advertising measures)
Retention of personal data to fulfill legal retention obligations

Data access
schwarzprojekt gives access to personal data to those employees who need it to perform their respective legitimate tasks. Personal data will only be passed on to third parties for the purpose of fulfilling the assignment after explicit approval by the respective client, and only if the third party guarantees that appropriate technical and organizational measures are implemented in such a way that the processing is in compliance with the EU-DSGVO and that the rights of the person concerned are protected. In this sense, recipients of personal data may be
– External service providers for telephone and written processing
– Print / Postal Service Provider
– Subcontractors who must be involved in a project to ensure the proper provision of the service
– Financial institutions
– Debt collection agency
– Courts
– Other third parties for which the data subjects have given their consent to the transfer of data or have a legal authority to transfer data

Is data transferred to a third country or international organization?
schwarzprojekt uses software that includes a data transfer to servers in third countries (e.g. USA)
For the software in question, there is a contract for commissioned data processing in which data security is agreed upon in a scope conforming to EU-DSGVO. (EU-US Privacy Shield)
Thus, the provider assures to treat data according to EU standards. This includes a secure transmission of the data.
If, despite these measures, you have any objections to the storage of your data on servers in third countries, please let us know.
Of course we will follow your wishes.

How long will the personal data collected be stored?
The collected data will be deleted immediately by schwarzprojekt if it is clear that they are no longer needed for the purposes for which they were collected, if the person concerned revokes his or her consent on which processing was based, or if personal data have been processed unlawfully. However, the data will not be deleted for the time being if the processing of the data is still necessary for the following purposes:
Fulfilment of commercial and tax law obligations to retain data (e.g. Commercial Code, Tax Code). The periods of retention or documentation specified there are up to ten years.
If data is only stored for the above-mentioned purposes, access to this data is restricted, i.e. it is generally no longer available for processing (archiving). The data can no longer be changed and are used exclusively for storage purposes.

Rights within the data protection
Every person concerned has the right of access, rectification, cancellation, restriction of processing and objection in respect of his personal data within the scope of the provisions of the EU-DSGVO.
A right to information, Art. 15 EU-DSGVO, exists. Pursuant to Art. 15 (1), the data subject has the right to obtain confirmation as to whether personal data concerning him/her is being processed. If this is the case, he/she also has the right to be informed about these personal data and to receive the information pursuant to Art. 15 (1) letters a to h EU-DSA.
A right of rectification, Art. 16 EU-DSGVO, exists. If the personal data processed is incorrect or incomplete, taking into account the purposes of the processing, Art. 16 EU-DSA provides the right to request correction or completion of the personal data.
There is a right to deletion, Art. 17 EU-DSGVO. According to Art. 17 (1) EU-DSMGVO, there is a right to demand the deletion of personal data if the processing of personal data is inadmissible for one of the reasons stated in this provision. Deletion cannot be requested if (further) processing is necessary to fulfill a legal obligation (Art. 17 (3) EU-DSGVO). In particular, legal storage obligations are taken into account. A right to deletion of personal data does not exist if the aforementioned corresponding processing purposes continue to exist or legal regulations impose the obligation to continue to store the data.
A right to restriction of processing, Art. 18 EU-DSGVO, exists. Under the conditions of Art. 18 para. 1 letters a to d EU-DSGVO, the person concerned has the possibility to request the restriction of processing (blocking).
This may be the case, for example, if the data subject requires the stored data for the assertion, exercise or defense of legal claims and these data are therefore not yet to be deleted.
If the processing of the data is based on a granted consent, this consent can be revoked at any time. This also applies to the revocation of declarations of consent that were issued before the EU-DSGVO became effective, i.e. before 25 May 2018. Revocation of consent does not affect the legality of the data processed up to the point of revocation.
There is a right to data transferability according to Art. 20 EU-DSGVO.

Complaint about data protection
Every data subject has the right to complain to a data protection supervisory authority (Art. 77 EU-DSGVO).

Profiling
No automated processing or profiling in accordance with Art. 22 EU-DSGVO takes place.

Protective measures
schwarzprojekt attaches great importance to your privacy and the security of personal data. In order to protect personal data, schwarzprojekt takes appropriate protective measures to ensure the security, integrity and privacy of the information that the person concerned has provided. Among other things, measures such as anonymization of the IP address in statistical surveys, encrypted communication, physically secured rooms, firewalls and password protection systems are used to maintain the confidentiality of personal data.

Note on the use of the website
The use of our website is usually possible without providing personal data. As far as personal data (e.g. name, address or e-mail address) is collected on our website, this is always done on a voluntary basis, as far as possible.
We would like to point out that data transmission over the Internet (e.g. communication by e-mail) can have security gaps. A complete protection of data against access by third parties is not possible.

Collection of general data and information
This website collects a certain amount of general data and information with each visit. This data is stored in server log files. The following can be recorded, for example
– Browser type and version
-Operating system
– URL from which a visitor has reached the website
– Subwebsites that are visited
– Date and time of a visit
– IP address
– Internet service provider of the visitor
– other similar data and information that serve to prevent danger
When evaluating this general data, no conclusions are drawn about the person concerned. The anonymous data of the server log files are stored separately from the personal data provided by a person concerned.

Cookies
The Internet pages use so-called cookies in several places. They serve to make our offer more user-friendly, more effective and safer. Cookies are small text files that are stored on your computer and saved by your browser. Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit. Cookies do not damage your computer and do not contain viruses.

Use of script libraries (Google Webfonts)
In order to display our content correctly and graphically appealing across browsers, we use script libraries and font libraries such as Google Web Fonts (https://www.google.com/webfonts/) on this website. Google Web Fonts are transferred to the cache of your browser to avoid multiple loading. If the browser does not support Google Web Fonts or prevents access, content will be displayed in a default font.
Calling up script libraries or font libraries automatically triggers a connection to the library operator. It is theoretically possible – although it is currently unclear whether and for what purposes – that the operators of such libraries collect data.
The privacy policy of the library operator Google can be found here: https://www.google.com/policies/privacy/

Privacy policy for the use of Facebook-Plugins (Like-Button)
Our pages integrate plugins from the social network Facebook, provider Facebook Inc. 1 Hacker Way, Menlo Park, California 94025, USA. You can recognize the Facebook plugins by the Facebook logo or the “Like-Button” (“Like”) on our site. An overview of the Facebook plugins can be found here: http://developers.facebook.com/docs/plugins/.
When you visit our pages, the plugin establishes a direct connection between your browser and the Facebook server. Facebook thereby receives the information that you have visited our site with your IP address. If you click the Facebook “Like-Button” while you are logged in to your Facebook account, you can link the contents of our Pages on your Facebook profile. This allows Facebook to associate your visit to our Pages with your user account. We would like to point out that we, as the provider of the Pages, have no knowledge of the content of the transmitted data or its use by Facebook. You can find further information on this in the Facebook privacy policy at http://de-de.facebook.com/policy.php.
If you do not want Facebook to be able to assign visits to our Pages to your Facebook user account, please log out of your Facebook user account.

Privacy policy for the use of Xing
Our website uses features of the XING network. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Each time one of our pages containing Xing functions is called up, a connection to Xing servers is established. To the best of our knowledge, no personal data is stored. In particular, no IP addresses are stored or the usage behavior is evaluated.
Further information on data protection and the Xing Share button can be found in the Xing privacy policy at https://www.xing.com/app/share?op=data_protection.

Contact
If you contact us via the website (e.g. using the contact form or by e-mail), your details, including the contact information you provide there, will be stored by us for the purpose of processing your inquiry and in the event of follow-up questions. We will not pass on this data without your consent.

Change of our data protection regulations
We reserve the right to adapt this data protection declaration so that it always meets the current legal requirements or to implement changes to our services in the data protection declaration, e.g. when introducing new services. The new data protection declaration then applies to your renewed visit.

Status from 01.09.2022