The PackSynergy AG takes the protection of your personal data very seriously. Your privacy is important to us. Your privacy is an important concern for us. We process your personal data in accordance with the applicable statutory data protection requirements for the following purposes. Personal data in the sense of this data protection information is all information that relates to you as an individual.
In the following we explain how we handle this data. For a better overview, we have divided our data protection information into chapters.
Tel. 0751 3595560
If you have any questions or comments on data protection (such as information and updates of your personal data), you may also contact us for questions on the subject of data protection at email@example.com
We process personal data that we have collected directly from you.
Insofar, as this is necessary for the provision of our services, we process personal data that has been legitimately obtained from other companies or other third parties (e.g. credit agencies, address publishers). In addition, we process personal data that we have legitimately collected, received or acquired from publicly available sources (such as telephone directories, trade and association registers, population registers, debtor registers, land registers, press, Internet and other media).
Relevant categories of personal data may include, in particular:
We process personal data in accordance with the provisions/regulations of the General Data Protection Regulation (GDPR), the new version of the Federal Data Protection Act of Germany (BDSG-neu) and other applicable data protection regulations (details below). Which data are processed in detail and how they are used depends largely on the services requested or agreed/settled in each case. Further details or additions for the purposes of data processing can be found in the respective contractual documents, forms, a declaration of consent and/or other information provided to you (e.g in the context of the use of our website or our general terms and conditions).
Purposes for the Performance of a Contract or Pre-Contractual Measures (Art. 6 (1) b GDPR)
The processing of personal data takes place to fulfill our contracts with you and to carry out your orders as well as measures and activities within the framework of pre-contractual relationships, e.g. with interested parties. This essentially includes: contract-related communication with you, the corresponding billing and associated payment transactions, the verifiability of orders and other agreements as well as quality control through corresponding documentation, goodwill procedures, measures for the control and optimisation of business processes as well as for the fulfilment of general due diligence obligations; statistical evaluations for corporate management, cost recording and controlling, reporting, internal and external communication, emergency management, billing and tax assessment of operational services, risk management, assertion of legal claims and the defence in legal disputes; guaranteeing IT security (including system or plausibility checks); the processing of personal data in the event of legal disputes. (e.g. system and plausibility tests) and general security, ensuring and exercising domiciliary rights (e.g. through access controls); ensuring the integrity, authenticity and availability of data, prevention and investigation of criminal offences as well as control by supervisory bodies or control authorities (e.g. auditing).
Purposes Within the Scope of a Legitimate Interest of Us or Third Parties (Art. 6 (1) f GDPR)
Beyond the actual performance/fulfilment of the contract or preliminary contract, we process your data to pursue our own legitimate interests or those of a third party, in particular for purposes of
Purposes in the Context of Your Consent (Art. 6 (1) a GDPR)
Your personal data may also be processed for certain purposes with your consent (e.g. use of your e-mail address for marketing purposes, recording of telephone calls). Regularly, you can withdraw this consent at any time. This also applies to the withdrawal of consents issued to us prior to the GDPR coming into force. You will be informed separately of the purpose and consequences of your withdrawal or non-issuance of consent in the corresponding consent text. The withdrawal of consent is generally only effective for the future. Processing that took place before the withdrawal, is not affected and remains lawful.
Purposes for the Fulfillment of Legal Requirements (Art. 6 (1) c GDPR) or in the Public Interest (Art. 6 (1) e GDPR)
Like everyone who participates in economic activities, we’re also subject to a large number of legal obligations/regulations. These are primarily statutory requirements (e.g. commercial and tax laws), but also, regulatory or other official requirements. The purposes of the processing may include the fulfilment of fiscal control and reporting obligations, the archiving of data for the purposes of data protection and data security, and the examination by fiscal and other authorities. Furthermore, the disclosure of personal data within the framework of official/judicial measures may become necessary for the purpose of collecting evidence, criminal prosecution or enforcement of civil law claims.
Automated Individual Decision-Making (Including Profiling)
We do not use sole automated decision-making procedures pursuant to Article 22 GDPR.Nevertheless, if we should use such a procedure in individual cases in the future, we will inform you separately, if this is prescribed by law.
In the context of the business relationship, you must provide the necessary personal data for the establishment, execution and termination of the legal transaction and the fulfilment of the associated contractual obligations or which we are legally obliged to collect. Without this data, we will not be able to execute the legal transaction with you.
Within the EU
Within our institution, the internal departments or organisational units that receive your data are those which require these to fulfil our contractual and legal obligations or within the context of the processing and execution of our legitimate interest. Within our group, your data will be transmitted to certain companies to undertake central data processing tasks (e.g. accounting, disposal of documents, IT support).
Your data will only be passed on to external bodies
In addition, we will not share your data with third parties. If we commission service providers as part of the order processing, your data there are subject to the same security standards. Recipients may only use the data for the purposes for which they were provided to them.
Outside the EU
Data is only transferred to bodies in countries outside the European Union (EU) or the European Economic Area (EEA) (so-called third countries), as far it is necessary to execute contracts by using specialized service providers.
At the end of this document, you can find a list of data recipients.
We process and store your data for the duration of our business relationship. This also includes the initiation of a contract (pre-contractual legal relationship) and the execution of a contract.
In addition, we are subject to various storage and documentation obligations pursuant to, inter alia, the German Commercial Code (HGB) and the German Tax Code (AO). The deadlines for storage and / or documentation specified therein are up to ten years beyond the end of the business relationship or the pre-contractual legal relationship to the end of the calendar year.
Furthermore, special legal regulations may require a longer storage period, e.g. the preservation of evidence within the framework of the legal statute of limitations. Pursuant to Paragraph 195 et seq. of the German Civil Code (BGB), the regular limitation period is three years, but limitation periods of up to 30 years may also apply.
If the data is no longer required for the fulfilment of contractual or legal obligations and rights, they are deleted on a regular basis, unless their – limited – further processing is necessary to fulfil the purposes for a higher legitimate interest. Such an overriding legitimate interest also exists, for example, if erasure is not or only possible with a disproportionate amount of effort due to the special nature of the storage, and processing for other purposes by suitable technical and organizational measures is excluded.
Under certain conditions, you can assert your data protection rights against us.
The data protection supervisory authority responsible for us is:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
Tel.: 0711/61 55 41 – 0
Fax: 0711/61 55 41 – 15
Recipient: ADLON Intelligent Solutions GmbH, Albersfelder Straße 30, 88213 Ravensburg
Data transfer: Data is not transferred to a third country
Recipient: DATEV eG, Paumgartnerstr. 6 – 14, 90429 Nürnberg
Data transfer: The transfer is either based on an adequacy decision or on Art. 46 (1) GDPR.
Recipient: Sophos Limited, The Pentagon, Abingdon, OX14 3YP, Great Britain
Data transfer: There is no adequacy decision for this transfer. The transfer is based on Art. 46 (1) GDPR. The appropriate safeguards can be viewed here.
Recipient: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
Data transfer: There is no adequacy decision for this transfer. The transfer is based on Art. 46 (1) GDPR. Deployed services are provided by Microsoft, a U.S. provider. Thus, processing of personal data takes place in a third country. We have concluded a data processing agreement with the service provider, which complies with the requirements of Art. 28 GDPR. The data transfer only takes place when the special requirements of Art. 44 et seq. GDPR are fulfilled. The data transfer to the USA is based on the standard data protection clauses and the amended terms of the contract resulting from the Schrems II court decision. Specifically, Microsoft included the following provisions in the contract clauses: