Data Privacy Declaration

Who we are

The person responsible within the meaning of the Basic Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

Soley GmbH

Managing Director: Dr. Maximilian Kissel
Landaubogen 1, 81373 Munich, Germany
https://www.soley.io
https://support.soley.io
Email: info(a)soley.io
Phone: +49 (0)89 904 1016 00
Fax: +49 (0)89 904 1016 05

Name and address of the data protection officer

The data protection officer of the responsible contact is:
Hans-Peter Wolf
Ludwigsplatz 9
83022 Rosenheim
Email: it-ccc-wolf(at)t-online.de
Mobile: +49 172 8961301

Definitions of terms

This Privacy Statement is based on the definitions used by the European legislator for the adoption of the DS GMO (Article 4 DS GMO). This privacy policy should be easy to read and understand for everyone. To ensure this, we would first like to explain the terms used. Among other things, these definitions are used in this privacy statement:

  • “personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by assignment to an identifier such as a name, an identification number, location data, an online identifier or to one or more special characteristics which express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person;
  • “data subject” means any identified or identifiable natural person whose personal data are processed by the controller.
  • “processing” means any operation carried out with or without the aid of automated procedures or any such series of operations relating to personal data, such as the collection, collection, organisation, arrangement, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of provision, reconciliation or linking, restriction, erasure or destruction;
  • “Restriction of processing” means the marking of stored personal data with the aim of restricting their future processing;
  • “Profiling” means any automated processing of personal data consisting in the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or relocation of that natural person;
  • “controller” means the natural or legal person, authority, body, agency or other entities which alone or jointly with others decides on the purposes and means of processing personal data; where the purposes and means of such processing are specified by Union law or the law of the Member States, the controller or certain criteria for his appointment may be laid down in accordance with Union law or the law of the Member States;
  • “recipient” means any natural or legal person, authority, institution or other entities to which personal data is disclosed, whether or not it is a third party. However, authorities which may receive personal data under Union law or the law of the Member States under a particular investigation mandate shall not be considered recipients; the processing of such data by the said authorities shall be carried out in accordance with the applicable data protection rules in accordance with the purposes of the processing;
  • “third party” means any natural or legal person, authority, institution or other entities other than the data subject, the data processor, the data processor and the persons authorized to process the personal data under the direct responsibility of the data processor or the data processor;
  • “data subject’s consent” means any voluntary declaration of intent in the specific case, in an informed and unequivocal manner, in the form of a declaration or other clear affirmative act,

which the data subject indicates that he/she agrees to the processing of personal data concerning him/her.

Sect. 1 General

We will process your personal data (e.g. title, name, address, e-mail address, phone number) solely in accordance with the provisions of the German data protection law and the data protection law of the European Union (EU). The following provisions will inform you, besides the information about the processing purposes, recipients, legal bases and storage periods, also about your rights and the controller for your data processing. This privacy policy applies only to our websites. If you are forwarded to other sites via links on our pages, please inform yourself there about the respective handling of your data.

Website Visitors

Edit cookie settings

Sect.2 Provision of the website and creation of log files

(1) description and scope of data processing
You can use our website without disclosing your identity. Every time you visit our website, our system automatically collects data and information from the computer system of the calling computer.
This information is temporarily stored in a so-called log file.

The following information is recorded without your intervention and stored until it is automatically deleted:

• Information about your browser type
• Information about your operating system
• Information about your Internet service provider
• Your IP address
• the date and time of your visit to our site
• information about the website from which your system accesses our site
• Information about the website that your system accesses through our website.

The mentioned data will be processed by us for the following purposes:

• Ensuring a smooth connection of the website,
• Ensuring comfortable use of our website,
• evaluation of system security and stability as well as
• for other administrative purposes.

(2) legal basis for data processing
The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f DS-GMO. Our legitimate interest follows from the purposes listed above for data collection. Under no circumstances do we use the data collected for the purpose of drawing conclusions about you personally.
In addition, we use cookies and analysis services when you visit our website. You will find more detailed explanations under points V and 7 of this data protection declaration.

(3) Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the visitor’s computer. For this purpose, the IP address of the visitor to the website must remain stored for the duration of the session.

If IP addresses are stored in log files:
This is done to ensure the functionality of the website. In addition, the storage of data in log files serves us to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. DS-GMO.

(4) Duration of storage
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

If IP addresses are stored in log files:
If the data is stored in log files, this is the case after seven days at the latest. Further storage is possible. In this case, the IP addresses of the visitors of the website are deleted or alienated so that an assignment of the calling client is no longer possible.

(5) the possibility of opposition and elimination
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the visitor to the website.

Sect. 3 Contact us and Forms

(1) Purpose of data processing
Your personal data you provide us by e-mail, contact form etc., will be processed to answer your inquiries. You are not obliged to provide us with your personal data but we would not be able to answer your inquiries sent by e-mail without your e-mail address.

(2) Legal basis
a) If your explicit consent is given for the processing of your data, the legal ground for this processing is set out in Art. 6 section (1) (a) of the GDPR.
b) If your personal data is processed for the purpose of contract performance, the legal ground for this processing is set out in Art. 6 section (1) (b) of the GDPR.
c) The legal ground for all other cases (especially when using a contact form) is set out in Art. 6 section (1) (f) of the GDPR.
Right of revocation: You have the right to object at any time to the processing of data which was performed according to Article 6 (1) (f) of GDPR and which does not serve direct marketing for reasons arising from your particular situation.
In the case of direct marketing, however, you may object to the processing at any time without stating any reasons.

(3) Legitimate interest
Our legitimate interest in data processing is to communicate with you in a timely manner and to answer your queries cost-efficiently. If you provide us with your address, we reserve the right to use it for direct postal marketing. You can protect your interest in data protection by transferring of data efficiently (e.g. using a pseudonym).

(4) Recipient categories
Provider of hosting, service provider for direct marketing

(5) Duration of Storage
Your data will be deleted if it can be inferred from the circumstances that your queries or questions have been completely clarified. If you agree to a later resumption of the conversation, the data remains stored for this purpose until resubmission so that the facts can be clarified at this later point in time. You have the right to revoke your consent for processing at any time in compliance with your consent.
However, if a contract is concluded, the data required by commercial and tax law will be retained by us for the periods as required by law, i.g. generally for ten years (cf. § 257 HGB, § 147 AO).

(6) Right of revocation
You have the right to revoke your consent for processing at any time in compliance with your consent.

(7) List of data processors

  • automattic (WordPress.com) – Website Host ( https://automattic.com/privacy-notice/ )
  • zapier – automated further processing of form data
  • pipedrive – Storage and maintenance of the data transmitted in the form (for making contact, resubmission, business initiation, customer service) ( https://www.pipedrive.com/en/privacy | https://www.pipedrive.com/en/terms-of-service )

Sect. 4 Comments in our forum on support.soley.io

(1) Purpose of data processing
There is the possibility to write questions or comments in our forum. Your personal data (e.g. name/pseudonym, email address, website) collected in this scope will be solely processed for the purpose of publishing your comments.

(2) Legal basis
The legal basis for such processing is set out in Article 6 (1) (f) of the GDPR.

(3) Legitimate interest
Our legitimate interest is the public exchange of user opinions on specific topics and products. The publication serves, among other things, the purpose of transparency and opinion-forming. Your interest in data protection is preserved, as you can publish your comment under a pseudonym.

(4) Duration of Storage
There is no provision for a certain storage period. You may request the deletion of your comment at any time.

(5) Right of objection
You have the right to object at any time to the processing of data which was performed according to Article 6 (1) (f) of GDPR and which does not serve direct marketing for reasons arising from your particular situation. In the case of direct marketing, however, you may object to the processing at any time without stating any reasons.

§ 5 Web Tracking

a) Web analysis using Matomo (formerly Piwik)

(1) Scope of the processing of personal data:
On this website we use the software “Matomo” (www.matomo.org), a service of the provider InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand. The software places a cookie (a text file) on your computer to recognize your browser. If subpages of our website are accessed, the following data will be stored:

  • the IP address of the user, shortened by the last three digits of the address (anonymized)
  • the called subpage and time of the call
  • the page from which the user accessed our website (referrer)
  • which browser with which plugins, which operating system and which screen resolution is used
  • the time spent on the website
  • the pages that are accessed from the bottom of the page that is called up

The data collected with Matomo is stored on our own servers. The data will not be passed on to third parties.

(2) Purpose of processing
We need the data in order to analyse the surfing behaviour on our website and to obtain information about the use of the individual components of the website. This enables us to constantly optimise the website and its user-friendliness. In these purposes lies our legitimate interest according to Art. 6 Para. 1 lit. f GDPR justified. By anonymizing the IP address, we take into account the user’s interest in the protection of personal data. The data will never be used to personally identify the user of the website and will not be merged with other data.

(3) Legal basis
The legal basis for such processing is set out in Article 6 (1) (f) of the GDPR.

(4) Legitimate interest
Unser berechtigtes Interesse ist die statistische Analyse des Nutzerverhaltens zu Optimierungs- und Marketingzwecken. In order to protect your interest in data protection, we do not collect any personal data with Matomo.

(5) Categories of beneficiaries
No personal data will be passed on.

(6) Transfer to a third country
This WordPress website is hosted via automattic possibly way in a third country. However, tracking does not collect, process or store any personal data.

(6) Duration of Storage
The data is deleted when it is no longer needed for our purposes.

(7) Right of objection
You can consent to the tracking of personal data at the beginning of your website visit via an opt-in dialogue. If you do not agree or actively decline tracking, no personally identifiable information will be collected. If you have agreed, this decision will be stored for 365 days in the cookie “cookie_notice_accepted” for 365 days. Durch das Löschen dieses Cookies in Ihrem Browser können Sie Ihre Zustimmung jederzeit widerrufen. The next time you visit the site you will be asked for your preference.

B) Web analysis using Google Analytics (anonymous IP address)

(1) Scope of the processing of personal data:

This website uses the Google Analytics service, which is provided by Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) for the analysis of website usage by users. The service uses “cookies” – text files that are stored on your terminal device. The information collected by the cookies is usually sent to a Google server in the USA and stored there.
On this website IP anonymization is used. The IP address of the users is shortened within the member states of the EU and the European Economic Area. By this shortening the personal reference of your IP address is omitted. Within the framework of the agreement on the order data agreement, which the website operators have concluded with Google Inc. uses the information collected to compile an analysis of website usage and website activity and provides services associated with Internet usage.

You have the option of preventing cookies from being stored on your device by making the appropriate settings in your browser. It is not guaranteed that you can access all functions of this website without restrictions if your browser does not allow cookies.

You can also use a browser plug-in to prevent the information collected by cookies (including your IP address) from being sent to Google Inc. and used by Google Inc. The following link will lead you to the corresponding plugin: https://tools.google.com/dlpage/gaoptout?hl=en
Here you will find further information on the use of data by Google Inc.: https://support.google.com/analytics/answer/6004245?hl=en

Disable Google Analytics tracking:

If you have agreed to tracking with Analytics, the following data will be collected and evaluated:

  • the IP address of the user, shortened by the last three digits of the address (anonymized)
  • the called subpage and time of the call
  • the page from which the user accessed our website (referrer)
  • which browser with which plugins, which operating system and which screen resolution is used
  • the time spent on the website
  • the pages that are accessed from the bottom of the page that is called up
  • Google ID psyeudonymized user profile

(2) Purpose of processing
We need the data in order to analyse the surfing behaviour on our website and to obtain information about the use of the individual components of the website. This enables us to constantly optimise the website and its user-friendliness. In these purposes lies our legitimate interest according to Art. 6 Para. 1 lit. f GDPR justified. By anonymizing the IP address, we take into account the user’s interest in the protection of personal data. The data will never be used to personally identify the user of the website and will not be merged with other data.

The Google ID is used for targeted, pseudonymous customer acquisition via retargeting measures in connection with Google Ads and the Google Display Partner Network. our legitimate interest pursuant to Art. 6 Para. 1 lit f GDPR justified. Cross-device pseudonymised profiling for retargeting purposes is subject to active approval. In order to protect the personal data of our users, this data will only be collected if, in accordance with Art. 6 Para. 1 lit a GDPR by means of the cookie bar.

Google-Analytics-Tracking:

(3) Legal basis
The legal basis for this processing is Art. 6 para. 1 f) GDPR, Art. 6 para. 1 a) GDPR.

(4) Legitimate interest
Unser berechtigtes Interesse ist die statistische Analyse des Nutzerverhaltens zu Optimierungs- und Marketingzwecken. In order to protect your interest in data protection, we do not collect any personal data with Matomo.

(5) Categories of beneficiaries
The pseudonymised data will be transmitted to Google LLC for processing.

(6) Transfer to a third country
Google LLC is certified under the Privacy Shield Agreement between the EU and the US (EU-US Privacy Shield) and the Privacy Shield Agreement between Switzerland and the US.

(6) Duration of Storage
The data is deleted when it is no longer needed for our purposes.

(7) Right of objection
You can consent to the tracking of personal data at the beginning of your website visit via an opt-in dialogue. If you do not agree or actively decline tracking, no personally identifiable information will be collected. If you have agreed, this decision will be stored for 365 days in the cookie “cookie_notice_accepted” for 365 days. Durch das Löschen dieses Cookies in Ihrem Browser können Sie Ihre Zustimmung jederzeit widerrufen. The next time you visit the site you will be asked for your preference.

Sect. 6 Information about cookies

Edit cookie settings

(1) Purpose of data processing
This website uses technically necessary cookies. These are small text files that are stored in or by your Internet browser on your computer system and only serve the functionality of the website. Other cookies remain stored permanently and recognize your browser on your next visit to improve theusability of the website.

(2) Legal basis
The legal basis for such processing is set out in Article 6 (1) (a) of the GDPR. You have expressly given your consent to the use of cookies on our website as follows: “”Yes” to cookies & tracking. Get faster, better, stronger!”

(3) Duration of Storage
The technically necessary cookies are usually deleted when the browser is closed. Permanently stored cookies remain stored from a few minutes to several years.

(4) Right of Withdrawal You may object to the additional cookies by responding to the prompt displayed in our cookie notification as follows: “”No” to Cookies and Tracking.”. Then only the technically necessary cookies are created in your browser. If you do not wish these cookies to be stored, please deactivate the acceptance of these cookies in your Internet browser. However, this may result in a functional limitation of our website. Your decision will be stored in the cookie “cookie_notice_accepted” for 30 days.

You can revoke your consent to permanent storage by deleting the stored cookies via your browser. If you delete the cookie “cookie_notice_accepted”, we will ask you again for your cookie and tracking preference on your next visit.

(5) Cookies used
Technically necessary cookies (anonymous, no personal data):

  • PHPSESSID – necessary – ends with session
  • Automatische Worpress Serverlogs – (Automattic, Inc (Worpress.com) – https://automattic.com/privacy-notice/
  • Cookie_notice_accepted – necessary – storage for 365 days – stores the cookie and tracking decision without personal data.
  • Matomo – (formerly Piwik); tracking of anonymous website traffic; no profiling; no disclosure to third parties
  • Personio_session – ends with Session – Iframe of job ads from Personio

Explicit consent on the website for use:

  • OpenStreetMap – https://wiki.osmfoundation.org/wiki/Privacy_Politik

Marketing-Cookies

  • LinkedIn-Tracking Code: https://www.linkedin.com/legal/privacy-policy

Statistic-Cookies

  • Google Analytics – https://policies.google.com/privacy
    Google-Analytics-Tracking revoke:

§ 7 E-Mail-Onboarding / Request of a Software License

(1) Purpose of data processing
If you enter data in the web form for sending a license key, your e-mail address will be used for information purposes. This means that, depending on the product, we will send you a series of e-mails as part of our e-mail onboarding, which will help you get started with our software. We can evaluate which links are clicked in email onboarding and use this information to further improve the onboarding process. You were informed in the opt-in e-mail together with the license key that you are activating e-mail onboarding by activating the license key.

(2) Legal basis
The legal basis for this processing is Art. 6 Para. 1 a) GDPR.

(3) Categories of data processors
Email dispatch via Zapier.

(4) Storage period
Your email address will be stored for email onboarding. Your email address will be deleted within 30 days after the onboarding expires.

(5) Right of revocation
You can revoke your consent at any time with effect for the future. If you no longer wish to receive the opt-in, you can unsubscribe at any time via a link in the onboarding emails.

Sect. 8 Rights of the data subject

If your personal data is being processed, you are the ‘data subject’ in terms of GDPR and you have the following rights towards the controller:

1. Right of access by the data subject
You may ask the controller to confirm whether your personal data is processed. In the case of such processing, you may request the following information from the controller:

(1) the purposes of the processing of the personal data;
(2) the categories of personal data concerned;
(3) the recipients or categories of recipient to whom the personal data have been or will be disclosed;
(4) the estimated period of time for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
(5) the right to request from the controller to rectify or erase the personal data or the right to restrict the processing of personal data concerning the data subject or to object to such processing;
(6) the right to lodge a complaint with a supervisory authority;
(7) the right to all available information on the source of the data if the personal data are not collected from the data subject;
(8) the existence of automated decision-making, including profiling in accordance with Article 22 (1) and (4) of the GDPR and – at least in these cases – meaningful information for your about the logic involved, as well as the consequences and intended effects of such processing. As a data subject, you have the right to be informed whether the personal data concerning you are transferred to a third country or to an international organisation. In this regard, you may request to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

2. Right to rectification

You have the right to have corrected and/or completed your personal data from the controller if your personal data processed is incorrect or incomplete. The controller has to make the correction without delay.

3. Right to restriction of processing

You have the right to obtain from the controller restriction of processing where one of the following applies:

(1) if you contest the accuracy of the personal data relating to you for a period of time that enables the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you refuse to erase the personal data and request the restriction of the use of the personal data instead;
(3) the controller no longer needs the personal data for the purposes of processing, but you need them to establish, exercise or defend legal claims; or
(4) if you have lodged an objection against the processing in accordance with Art. 21 Section (1) GDPR and it has not yet been determined whether the legitimate reasons of the controller outweigh your grounds. Where processing of personal data relating to you has been restricted, such data may, with the exception of storage, only be processed with your consent or for the purpose of establishing, exercising or defending legal claims or for the protecting of the rights of another natural or legal person or for reasons of an important public interest of the Union or of a Member State. If the restriction of processing has been restricted in accordance with the conditions mentioned above, you will be informed by the controller before the restriction of processing is lifted.

4. Right to erasure

a) You may ask the data controller to delete the personal data concerning you immediately and the data controller is obliged to delete this data immediately if one of the following reasons applies:
(1) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
(2) you withdraw your consent on which the processing is based accordance to point (a) of Article 6 section (1), or point (a) of Article 9 section (2) GDPR and where there is no other legal ground for the processing;
(3) you submit an objection to the processing accordance to Article 21 Section (1) (1) of the GDPR, and there are no legitimate reasons for the processing, or you lodge an objection against the processing accordance to Article 21 Section (2) of the GDPR;
(4) your personal data have been unlawfully processed;
(5) your personal data need to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
(6) your personal data have been collected in relation to the offer information society services referred to Article 8 Section (1) GDPR;

b) Information to third parties: If the person in charge has made the personal data concerning you public and if he is in accordance with. Article 17 Section (1) (1) of the GDPR, he has to take reasonable steps, taking into account the available technology and the cost of implementation, including technical measures, to inform the controllers who process the personal data that you, as the person concerned, have requested the erasure of any links to, or copy or replication of those personal data.
c) Exceptions: The right to cancellation does not exist if the processing is necessary.

(1) for exercising the right of freedom of expression and information;
(2) for fulfilment of a legal obligation which requires processing by the law of the Union or of the Member States to which the controller is subject, or for the performance of a task carried out in the public interest or the exercise of official authority transferred to the controller;
(3) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9 Section (2) as well as Article 9 Section (3) of the GDPR;
(4) for archiving purposes in the public interest, scientific or historical research or for statistical purposes in accordance with Article 89 Section (1) GDPR to the extent that the law referred to in (a) is likely to render impossible or seriously prejudice the attainment of the objectives of such processing, or
(5) for the establishing, exercising or defending legal claims.

5. Notification obligation

If you have made use of your right to correct, erase or restrict the processing of your personal data, the controller is obliged to inform all recipients to whom the personal data have been disclosed of this correction or erasure of the data or limitation of the processing, unless this proves to be impossible or involves a disproportionate effort. You have the right to be informed of these recipients by the controller.

6. Right to data portability

You have the right to receive the personal data relating to you which you have provided to the data controller, in a structured, commonly used and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance by the controller, who has been provided with the personal data, where:
(1) the processing is based on a consent in accordance with the point (a) of Article 6 Section (1) or point (a) of Article 9 Section (2) or on a contract in accordance with the point (b) of Article 6 Section (1) GDPR;
and (2) the processing is carried out using automated means. In exercising this right, you also have the right to have your personal data are transmitted directly from one controller to another, as far as this is technically feasible. Freedoms and rights of other persons may not be affected thereby. The right to data portability is not applicable to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority given to the data controller.

7. Right to object

For reasons arising from your particular situation, you have the right to object at any time to processing of personal data concerning you, which is carried out based on point (e) or (f) of Article 6 Section (1); this also applies to profiling based on these provisions. The controller will no longer process the personal data concerning you, unless the controller can prove that there are compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms or the processing serves to establish, exercise or defend legal claims. Where the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing; this also applies to profiling, insofar as it is related to such direct marketing. Where you object to the processing for the purposes of direct marketing, the personal data concerning you will no longer be processed for these purposes. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you have the possibility of exercising your right to object by automated means using technical specifications.

8. right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of the consent does not affect the legality of the processing carried out on the basis of the consent until the withdrawal.

9. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effect on you or which significantly impairs you in a similar manner. This does not apply if the decision:
(1) is necessary for entering into, or performance of, a contract between you and a data controller;
(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3) is based on your explicit consent. However, these decisions may not be based on special categories of personal data in accordance with Article 9 Section (1) GDRP, unless point (a) or (g) of Article 9 Section (2) applies and appropriate measures to safeguard the rights and freedoms and your legitimate interests are in place. Regarding the cases referred to in (1) and (3), the data controller has to take appropriate measures to safeguard the rights and freedoms and your legitimate interests, at least the right to obtain human intervention on the part of the data controller, to state his or her own position and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes this Regulation. The supervisory authority with which the complaint has been lodged is to inform the complainant on the progress and the outcome of the complaint including the possibility of judicial remedy accordance to Article 78 GDPR.

Data protection information for applicants

The following data protection information provides an overview of the collection, processing and use of your data from the employment relationship. Applicants also belong to the group of employees within the framework of data protection pursuant to § 26 of the Federal Data Protection Act).
In the following, we inform you about the processing of your personal data by us and about your rights under data protection law.
Which data we process in detail and how they are used depends largely on the concrete application procedure.

1. who is responsible for data processing and who can I contact?
Responsible body is:
Maximilian Kissel,
Management of the company

You can reach our data protection officer at:
Hans-Peter Wolf
Ludwigsplatz 9
83022 Rosenheim
Email: it-ccc-wolf(at)t-online.de
Mobile: +49 172 8961301

2. what data sources and data do we use?
We process the personal data that you transmit to us as part of the application process.

Type of data
Relevant personal data are in particular personal data (name, address and other contact data, date and place of birth and nationality), identification data (e.g. identity card data) and authentication data (e.g. specimen signature), health data (e.g. information on disability/disability), qualification documents (e.g. certificates, assessments and other training certificates) and photographs.

3. what do we process your data for (purpose of processing) and on what legal basis?
We process your personal data within the framework of the Basic Data Protection Regulation (EU-DSGVO), the Federal Data Protection Act (BDSG), sector-specific data protection standards and company agreements which may apply to the application procedure (Social Code, Telecommunications Act, Works Constitution Act, etc.).

3.1 For the fulfilment of contractual obligations
The processing of personal data (Art. 4 No. 2 EU-DSGVO) is carried out to carry out the application procedure (taking into account Art. 88 EU-DSGVO and § 26 BDSG). There is no contractual obligation.

3.2 Within the scope of balancing interests
If necessary, we also process your data to safeguard our legitimate interest or the legitimate interests of third parties.
For example:
Measures for
• Building and system security (e.g. access controls),
• Securing the householder’s rights,
• Business management and further development
• Assertion of legal claims and defence in legal disputes,
• Video surveillance for the protection of the house right, for the collection of evidence with robberies and fraud offences,

Your personal data may only be processed for the detection of criminal offences if documented realistic indications lead to the suspicion that you have committed a criminal offence, that the processing is necessary for the detection and that your legitimate interest in the exclusion of the processing does not predominate, in particular that its nature and extent are not disproportionate with regard to the cause.

3.3 Based on your consent
If you have given us permission to process personal data for certain purposes (e.g. passing on application data to affiliated companies), the legality of this processing is given on the basis of your consent. A given consent can be revoked at any time. Please note that the revocation will only take effect in the future. Processing that took place before the revocation is not affected by this.

3.4 Due to legal requirements
As a company we are subject to various legal obligations (e.g. tax laws). Measures to fulfil control and reporting obligations include, inter alia, the purposes of processing.

4. Who gets my data?
Within the company, your data will be sent to those positions that need it for processing the application process and legal obligations. Also contract processors used by us may receive data for these purposes. Data will only be passed on to recipients outside the company in compliance with the applicable data protection regulations. We only pass on information about you if this is required by law, if you have consented or if we are authorised to provide information. Under these circumstances, recipients of personal data may be, for example, affiliated companies (for the purpose of applying for other jobs).
Other data recipients may be such places for which you have given us your consent for data transmission.

5. how long will my data be stored?
We process and store your personal data for the duration of the application process. Your personal data will be deleted after 3-6 months after fulfilment of the purpose and complexity (application procedure).

If data storage is no longer required for the application process and there are no other legal retention periods, or if you have not given us your consent to longer storage (e.g. for further application processes), your data will be deleted immediately in accordance with data protection regulations.

6. are data transferred to a third country or to an international organisation?
Unless you have given us your consent, data will not be transferred to third countries (countries outside the European Economic Area – EEA). If necessary, we will inform you separately about details as far as required by law.

7 What data protection rights do I have?
Every data subject has the right of access to the processing of his/her personal data, the right to rectification, the right to cancellation, the right to limitation of the processing, the right to object to the processing and the right to data transfer within the framework of the statutory provisions. The restrictions according to §§ 34 and 35 of the Federal Data Protection Act must be taken into account with regard to the right to information and the right to deletion. In addition, the right to lodge a complaint with the data protection supervisory authority pursuant to Art. 77 DS-GVO i.V.m. § 19 BDSG.

8. am I obliged to provide data?
As part of the application process, you only need to provide the personal data necessary for the application process. There is no obligation to provide us with this necessary data. But without this data we cannot and will not usually be able to carry out the application procedure.

9. to what extent is there automated decision-making in individual cases?
We do not use automated processing to make a decision on the justification and conduct of the application process. If we should use these procedures in individual cases, we will inform you separately about details, as far as legally prescribed.

10. to what extent is my data used for scoring?
Your data will not be used to create a profile (scoring) for the justification and implementation of the application procedure.

11. information about your right of objection
You have the right to object to the processing of your personal data at any time for reasons arising from your particular situation.
After you have submitted an objection, we will no longer process your personal data unless we are able to prove compelling reasons for the processing that outweigh your interests, rights and freedoms, or if the processing serves the assertion, exercise or defense of legal claims.

The objection can be made without form and should preferably be addressed to: privacy@soley.io.

Data processing for our customers

The following data protection information provides an overview of the collection, processing and use of your data.
With the following information we would like to provide you with an overview of how we process your personal data and your rights under data protection law.
Which data is processed by us in detail and how this data is used, depends decisively on our business relationship and, if necessary, on the type of data we use. the services you have requested or agreed with us.

1. who is responsible for data processing and who can I contact?
Responsible body is:
Maximilian Kissel, Managing Director

You can reach our data protection officer at:
Hans-Peter Wolf
Ludwigsplatz 9
83022 Rosenheim
Email: it-ccc-wolf(at)t-online.de
Mobile: +49 172 8961301


2. what data sources and data do we use?
We process personal data that you transmit to us within the scope of our business relationship.
On the other hand, we process personal data that we have obtained and are permitted to process from publicly accessible sources (e.g. debtor directories, land registers, commercial and association registers, press, media).
Type of data
Relevant personal data are personal data (name, address and other contact data, date and place of birth and nationality), if applicable. Identity data (e.g. ID card data) and authentication data (e.g. signature sample) and bank connection data (e.g. IBAN, account holder).

3. what do we process your data for (purpose of processing) and on what legal basis?
We process your personal data within the framework of the Basic Data Protection Regulation (EU-DSGVO) and the Federal Data Protection Act (BDSG).

3.1 For the fulfilment of contractual obligations
We collect, process and use the personal data of our customers for the purpose of establishing, fulfilling, implementing or terminating contractual obligations arising out of the business relationship and the possible business relationship with us. related services.
The purposes of the data processing depend primarily on the respective contractual object. Further details for the purpose of data processing can be found in the respective contract documents and the respective valid terms and conditions.

3.2 Within the scope of balancing interests
If necessary, we process your data beyond the actual fulfilment of the contract to protect the legitimate interests of us or third parties.
Examples:
• Consultation and data exchange with credit agencies (e.g. SCHUFA) to determine creditworthiness and default risks
• Examination and optimization of procedures for needs analysis and direct customer contact
• advertising or market and opinion research, insofar as you have not objected to the use of your data
• Assertion of legal claims and defence in legal disputes
• Ensuring IT security and IT operations
• Prevention and investigation of criminal offences
• Video surveillance is used to collect evidence of criminal offences. They thus serve to protect customers and employees as well as the exercise of the householder’s rights.
• actions
– for building and plant security (e.g. access controls)
– to secure the householder’s title
– for business management and the further development of services and products.

3.3 Based on your consent
If you have given us permission to process personal data for certain purposes, the lawfulness of this processing is given on the basis of your consent. A given consent can be revoked at any time. This also applies to the revocation of declarations of consent given to us before the DS-GVO came into force, i.e. before 25 May 2018.
Please note that the revocation will only take effect in the future. Processing that took place before the revocation is not affected by this.

3.4 Due to legal requirements
As a company we are subject to various legal obligations, i.e. legal requirements and ordinances (e.g. tax laws). The purposes of the processing include, among other things, the fulfilment of control and reporting obligations under tax law as well as the assessment and control of risks.

4. Who gets my data?
Within the company, your data will be passed on to the bodies that need it to process or fulfil our contractual and legal obligations. Also contract processors used by us may receive data for these purposes. These are also companies in the categories IT services and printing and shipping services. Data will only be passed on to recipients outside the company in compliance with the applicable data protection regulations. We only pass on information about you if this is required by law, if you have consented or if we are authorised to provide information. Under these conditions, recipients of personal data may be, for example:
• Public bodies and institutions (e.g. offices) where there is a legal or official obligation.
Other data recipients may be those for whom you have given us your consent for data transmission.

pipedrive– we use pipedrive to manage customer enquiries and support business development. (https://www.pipedrive.com/en/privacy). Pipedrive only cooperates with certified data processors and uses data centers in accordance with its own specifications also only uses data processors.

5. how long will my data be stored?
We process and store your personal data for the duration of our business relationship, which includes, for example, the initiation and execution of a contract. In addition, we are subject to various storage and documentation obligations, including the German Tax Code (AO) and the German Commercial Code (HGB). The retention periods laid down there are between two and ten years.
Already after the fulfilment of the purpose certain data are to be deleted (e.g. personal data of prospective customers who have not entered into a contractual obligation). Finally, the storage period is assessed according to the statutory limitation periods, which in certain cases can be up to thirty years.

6. are data transferred to a third country or to an international organisation?
Unless you have given us your consent, data will not be transferred to third countries (countries outside the European Economic Area – EEA). If necessary, we will inform you separately about details as far as required by law.

7 What data protection rights do I have?
Every data subject has the right of access to the processing of his/her personal data, the right to rectification, the right to cancellation, the right to limitation of the processing, the right to object to the processing and the right to data transfer within the framework of the statutory provisions. The restrictions according to §§ 34 and 35 of the Federal Data Protection Act must be taken into account with regard to the right to information and the right to deletion. In addition, the right to lodge a complaint with the data protection supervisory authority pursuant to Art. 77 DS-GVO i.V.m. § 19 BDSG.

8. am I obliged to provide data?
In the context of our business relationship, you must only provide personal data which is necessary for the establishment, performance and termination of our business relationship or which we are legally obliged to collect. As a rule, we will have to refuse to conclude a contract without this data or will no longer be able to execute an existing contract and may have to terminate it.

9. to what extent is there automated decision-making in individual cases?
We do not use automated decision making for the establishment and execution of the business relationship. If we should use these procedures in individual cases, we will inform you separately about details, as far as legally prescribed.

10. to what extent is my data used for scoring?
Your data will not be used to create a profile (scoring) for the establishment and implementation of the business relationship.


Information about your right of objection

1. right of objection in individual cases
You have the right to object to the processing of your personal data at any time for reasons arising from your particular situation.
After you have submitted an objection, we will no longer process your personal data unless we are able to prove compelling reasons for the processing that outweigh your interests, rights and freedoms, or if the processing serves the assertion, exercise or defense of legal claims.

2. the right to object to the processing of data for direct marketing purposes
In order to operate direct advertising, we process your personal data in individual cases. You have the right to object at any time to the processing of your personal data for the purpose of such advertising. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes.

The objection can be made without form and should be addressed, if possible, to: privacy@soley.io