Information requirements

Information requirements according to Art. 13 GDPR

Contact data for all groups concerned

Name and contact data of the responsible person (Art. 13 Paragraph 1 a of the GDPR)

STARFACE GmbH
Adlerstraße 61
76137 Karlsruhe
Email: info@starface.com

Name and contact data of the Data Protection Officer (Art. 13 Paragraph 1 b of the GDPR)

ENSECUR GmbH
Kaiserstr. 86
76133 Karlsruhe
Personally responsible: Thorsten Jordan
Email: dsb-starface@ensecur.de

 

 

 

Information requirement for interested parties and customers

Purpose and legal basis of data processing (Art. 13 Para. 1 c of the GDPR)

  • Processing and handling of inquiries from interested parties (Art. 6 para. 1 f GDPR)*
  • Sanction list checks (Art. 6 para. 1 c GDPR in conjunction with Regulation (EC) No. 2580/2001 against other persons and entities suspected of terrorism and Regulation (EC) No. 881/2002 against Osama bin Laden, Al-Qaida and the Taliban)
  • Preparation of offers for interested parties (Art. 6 para. 1 f GDPR)*
  • Conclusion of sales contracts (Art. 6 para. 1 f GDPR)*
  • Fulfilment of legal obligations (Art. 6 para. 1 c GDPR)
  • Support of operational processes by service providers (Art. 28 GDPR)
  • Order processing and delivery (Art. 6 para. 1 c GDPR)
  • Implementation of marketing measures (Art. 6 para. 1 a GDPR)
  • Processing of complaints (Art. 6 para. 1 c GDPR)

* Interests of the person responsible when balancing interests (Art. 13 Para. 1 d of the GDPR)

  • Assertion of legal claims and defence in legal disputes
  • Ensuring IT security and IT operations in the company
  • Prevention of criminal offences
  • Measures for business management and the further development of services and products

 

Recipients or categories of recipients of personal data (Art. 13 Para. 1 e of the GDPR)
Authorities, banks, auditors, software manufacturers, affiliated companies, waste disposal service providers, advertising agencies, IT service providers, suppliers/service providers. We also use the “Insights Tag” service of the service provider LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (hereinafter “LinkedIn”), in order to be able to target people interested in our offer and to determine the conversion rate. For this purpose, we transmit data such as your name, your email address and, if applicable, your current employer with your consent. For more information on the service provider, see https://www.linkedin.com. You can access LinkedIn’s privacy policy at the following link: https://www.linkedin.com/legal/privacy-policy. Information on LinkedIn’s cookie policy can be found at the following link: https://www.linkedin.com/legal/cookie_policy. To ensure the appropriate level of data protection when processing in third countries, we use the conclusion of standard contractual clauses; at the following link, you will find the order processing agreement with LinkedIn and information on the standard contractual clauses: https://legal.linkedin.com/dpa. To object to the processing of your data by LinkedIn (opt-out), you can use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Transfer to third countries (Art. 13 Para. 1 f of the GDPR)
There is currently no transfer of data to third countries other than the transfer to LinkedIn described above.

Any data transfer to third countries always takes place in accordance with the legal permissibility requirements pursuant to Article 45 of the GDPR in conjunction with Article 46 Para. 5 s. 2 of the GDPR). The GDPR provides for the continuation of adequacy decisions already adopted. For the EU-US Privacy Shield, the Commission has determined the adequacy of the level of data protection (C(2016) 4176 final).

Storage period in accordance with the statutory retention requirements (Art. 13 Para. 2 a of the GDPR)
Personal data is usually deleted within ten years after the end of the contractual relationship or even earlier if an interested party does not become a customer.

Right of access, rectification, erasure, restriction, data portability and objection (Art. 13 para. 2 b GDPR)
As a person concerned, you have the right to information, the correction and deletion of your data and to the restriction of processing at any time, as well as the right to data portability. Please contact the person responsible using the contact details provided.

Right of objection (Art. 21. Para. 1 of the GDPR)
If your data is processed to safeguard legitimate interests, you have the right to object to this processing at any time using our contact details provided, if your particular situation gives rise to reasons that conflict with this data processing. We will then terminate this processing unless it serves overriding legitimate interests on our part.

Right of withdrawal (Art. 13. Para. 2 c of the GDPR)
If you have consented to the processing of your data, you have the right to revoke it at any time for the future. This does not affect the legality of the processing up to the point of revocation. Please contact the responsible office using the contact details provided.

Right of appeal (Art. 13 para. 2 d GDPR)
As a data subject, you can contact the responsible State Commissioner for Data Protection and Freedom of Information in Baden-Württemberg at any time if you have a complaint.

Existence of a need to provide personal data (Art. 13 Para. 2 e of the GDPR)
The data collected is required for the processing of inquiries from interested parties, for the preparation of offers, the conclusion of sales contracts or the implementation of business operations.

 

 

Information requirement for suppliers and service providers

Purpose and legal basis of data processing (Art. 13 Para. 1 c of the GDPR)

  • Purchase and processing of support services for the fulfilment of business purposes (Art. 6 Para. 1 f GDPR)*
  • Fulfilment of legal obligations (Art. 6 para. 1 c GDPR)
  • Sending information material (Art. 6 Para. 1 b GDPR)

 * Interests of the person responsible when balancing interests (Art. 13 Para. 1 d of the GDPR)

  • Assertion of legal claims and defence in legal disputes
  • Ensuring IT security and IT operations in the company
  • Prevention of criminal offences
  • Measures for business management and the further development of services and products

 

Recipients or categories of recipients of personal data (Art. 13 Para. 1 e of the GDPR)
Authorities, banks, auditors and disposal service providers.

Transfer to third countries (Art. 13 Para. 1 f of the GDPR)
There is currently no transfer of data to third countries.

Any data transfer to third countries is carried out in accordance with the legal permissibility regulations pursuant to Article 45 of the GDPR in conjunction with Article 46 Para 5 s. 2 of the GDPR). The GDPR provides for the continuation of adequacy decisions already adopted. For the EU-US Privacy Shield, the Commission has determined the adequacy of the level of data protection (C(2016) 4176 final).

Storage period in accordance with the statutory retention requirements (Art. 13 Para. 2 a of the GDPR)
Personal data is usually deleted within ten years after the termination of the business relationship, unless a longer legal storage period exists in exceptional cases or in the event of revocation by the person concerned.

Right of access, rectification, erasure, restriction, data portability and objection (Art. 13 para. 2 b GDPR)
As a data subject, you have the right to information, the correction and deletion of your data and to the restriction of processing, as well as a right to data portability at any time. Please contact the responsible office using the contact details provided.

Right of objection (Art. 21. Para. 1 of the GDPR)
If your data is processed to safeguard legitimate interests, you have the right to object to this processing at any time using our contact details provided, if your particular situation gives rise to reasons that conflict with this data processing. We will then terminate this processing unless it serves overriding legitimate interests on our part. 

Right of withdrawal (Art. 13. Para. 2 c of the GDPR)
If you have consented to the processing of your data, you have the right to revoke it at any time for the future. This does not affect the legality of the processing up to the point of revocation. Please contact the responsible office using the contact details provided.

Right of appeal (Art. 13 para. 2 d GDPR)
As a data subject, you can contact the responsible State Commissioner for Data Protection and Freedom of Information in Baden-Württemberg at any time if you have a complaint.

Existence of a need to provide personal data (Art. 13 Para. 2 e of the GDPR)
The data collected is necessary for the establishment, implementation and termination of business relationships.

 

 

Information requirement for applicants

Purpose and legal basis of data processing (Art. 13 Para. 1 c of the GDPR)

  1. Processing of applications/eRecruiting (§ 26 Para. 1 German Federal Data Protection Act-new)
  2. Inclusion in an applicant pool for subsequent contact (Art. 6 Para. 1 a GDPR)

Interests of the person responsible when balancing interests (Art. 13 Para. 1 d of the GDPR)
Not applicable.

Recipients or categories of recipients of personal data (Art. 13 Para. 1 e of the GDPR)
Personnel service provider, payroll office, provider of the software-supported applicant portal and waste disposal service provider.

Transfer to third countries (Art. 13 Para. 1 f of the GDPR)
There is no transfer to a third country.

Storage period in accordance with the statutory retention requirements (Art. 13 Para. 2 a of the GDPR)
Personal data will be deleted six months after the end of the application process, taking into account § 61b Para. 1 German Labour Court Law in conjunction with § 15 German General Equal Treatment Act. In the case of inclusion in the applicant pool, deletion takes place after 2 years if no suitable position can be offered.

In the event of employment, the required data will be transferred to the personnel file. The information on the deletion of the data can be taken from the information obligation on employee data processing.

Right of objection (Art. 21. Para. 1 of the GDPR)
If your data is processed to safeguard legitimate interests, you have the right to object to this processing at any time using our contact details provided, if your particular situation gives rise to reasons that conflict with this data processing. We will then terminate this processing unless it serves overriding legitimate interests on our part.

Right of withdrawal (Art. 13. Para. 2 c of the GDPR)
If you have consented to the processing of your data, you have the right to revoke it at any time for the future. This does not affect the legality of the processing up to the point of revocation. Please contact the responsible office using the contact details provided.

Right of access, rectification, erasure, restriction, data portability and objection (Art. 13 para. 2 b GDPR)
As a data subject, you have the right to information, the correction and deletion of your data and to the restriction of processing, as well as a right to data portability at any time. Please contact the person responsible using the contact details provided.

Right of appeal (Art. 13 para. 2 d GDPR)
As a data subject, you can contact the responsible State Commissioner for Data Protection and Freedom of Information in Baden-Württemberg at any time if you have a complaint.

Existence of a need to provide personal data (Art. 13 Para. 2 e of the GDPR)
The data collected is necessary for the implementation of the application procedure. In the case of non-provision, it is not possible to carry out the application procedure.

 

 

Information requirement within the meaning of § 52 German Telecommunication law in conjunction with Art. 13 GDPR

Service providers shall inform their subscribers at the time of conclusion of the contract about the nature, scope, location and purpose of the collection and use of personal data in such a way that the subscribers are informed in a generally comprehensible way about the basic processing facts of the data. In doing so, the participants shall also be made aware of the permissible options for choice and design. Users shall be informed by the service provider about the collection and use of personal data by means of generally accessible information.

In the event of a personal data breach, the participants or persons concerned have the rights under section 109a Para. 1 sentence 2 in conjunction with II.

 Purpose and legal basis of the collection and processing of data (§ 52 German Telecommunication law in conjunction with Art. 13 Para. 1 GDPR)

  • Conclusion of contractual relationships (§§ 54 in conjunction with 3 No. 6 German Telecommunication law)
  • Order processing and delivery (§§ 54 in conjunction with 3 No. 6 German Telecommunication law)
  • Amendment and termination of the contractual relationship (§§ 54–57 in conjunction with 3 No. 6 German Telecommunication law)
  • Processing of complaints (Art. 6 para. 1 c GDPR)
  • Establishment and maintenance of telecommunications, as well as traffic data necessary for billing. (§ 9 Para. 1 German Telecommunications Telemedia Data Protection Act)
  • Fulfilment of legal obligations (Art. 6 para. 1 c GDPR)
  • Determination of remuneration and payroll accounting (§ 10 German Telecommunications Telemedia Data Protection Act)
  • Advising participants, advertising own offers, market research and informing about an individual call request of another user (Art. 6 Para. 1 a GDPR)
  • Marketing and demand-oriented design of telecommunication services, provision of services with additional benefits (Art. 6 Para. 1 a GDPR)
  • Support of operational processes by service providers (Art. 28 GDPR)
  • Remedying faults in telecommunications systems (§ 12 Para. 1 German Telecommunications Telemedia Data Protection Act)
  • Avoidance of misuse of telecommunications services (§ 12 Para. 1 German Telecommunications Telemedia Data Protection Act)

* Interests of the person responsible when balancing interests (Art. 13 Para. 1 d of the GDPR)

  • Ensuring IT security and IT operations in the company
  • Prevention of criminal offences

 

Type and scope of personal data (§ 52 para. 1 German Telecommunication law)
The following data is collected within the scope of our telecommunications service to the extent specified:

  • Name of the company and contact person, address of the company, telephone number and email address of the contact person, account details of the company,
  • date and time of access/delivery of telephone calls, start and end of connections, number/identifier of involved connections/the terminal device, involved IP addresses, transmitted data volumes (traffic data)

Recipients or categories of recipients of personal data (Art. 13 Para. 1 e of the GDPR)
Authorities, banks, auditors, affiliated companies, waste disposal service providers, IT service providers, other suppliers/service providers

Transfer to third countries (Art. 13 Para. 1 f of the GDPR)
There is currently no transfer of data to third countries. Any data transfer   to   third countries   is carried out   in accordance with   the   legal permissibility   regulations   pursuant to Article 45 of the GDPR in conjunction with Article 46 Para. 5 sentence 2 of the GDPR.

Choice and design options according to § 52 Para. 1 German Telecommunication law  in conjunction with § 11 German Telecommunications Telemedia Data Protection Act
The following options are available to you within the framework of your telecommunications contract in accordance with §11 German Telecommunications Telemedia Data Protection Act:

  • Itemised bills
  • List of participants

If you need detailed advice on your options, please visit connect@starface.de for more information.

Duration of storage in accordance with the legal storage obligations (§§ 52 ff. German Telecommunication law in conjunction with Art. 13 Para. 2 a GDPR)
Personal data will be deleted if it is no longer required. The deletion of inventory data shall take place one year after the end of the calendar year following the termination of the contract. If there is a longer legal storage period (usually 6–10 years), this data will be deleted upon the expiry of this period.

Traffic data is deleted immediately after the termination of the connection, unless it is relevant for the preparation of the statement. The deletion of data relevant for billing takes place six months after the invoice has been sent. If objections are raised against the invoice, the cancellation shall not take place until the objections have been finally resolved. 

Rights of the data subject to information, deletion, revocation and objection § 169 Para. 1 sentence 2, Para. 2 German Telecommunication law in conjunction with Art. 13 Para. 2 b GDPR
As a data subject, you have the right to information, the revocation of your consent, restriction of processing, data portability and the correction and deletion of your data at any time. Please contact the person responsible using the contact details provided.

Right of objection (Art. 21. Para. 1 of the GDPR)
If your data is processed to safeguard legitimate interests, you have the right to object to this processing at any time using our contact details provided, if your particular situation gives rise to reasons that conflict with this data processing. We will then terminate this processing unless it serves overriding legitimate interests on our part.

Right of withdrawal (Art. 13. Para. 2 c of the GDPR)
If you have consented to the processing of your data, you have the right to revoke it at any time for the future. This does not affect the legality of the processing up to the point of revocation. Please contact the responsible office using the contact details provided.

Right of appeal
As a data subject, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI) at any time if you have a complaint about non-compliance with data protection regulations in the collection, processing or use of your personal data.

The Federal Commissioner for Data Protection and Freedom of Information:

Husarenstraße 30
53117 Bonn
Phone: +49 228 997 7990
Email: poststelle@bfdi.bund.de

Existence of a need to provide personal data (Art. 13 Para. 2 e of the GDPR)
The provision of personal data is required by law in the form of telecommunications security, in particular for the rectification of faults in telecommunications equipment and the prevention of misuse of telecommunications services under § 12 Para. 1 German Telecommunications Telemedia Data Protection Act. In addition, the provision of data is necessary for the establishment, content, amendment or termination of a contractual relationship for telecommunication services.

Telecommunications secrecy according to § 3 German Telecommunications Telemedia Data Protection Act
The content of telecommunications, all details of the parties involved in a telecommunications process, as well as unsuccessful connection attempts, are subject to the secrecy of telecommunications.