Privacy Information for Applicants Max ASP- Identify - win

1.Introduction

We would like to use the information below to provide you “data subject” with an overview of our processing of your personal data and your rights under data protection law. It is generally possible to use our website without entering personal data. However, if you wish to make use of special services offered by our company through our website, it may be necessary to process personal data. If it is necessary to process personal data and there is no legal basis for such processing, we will generally obtain your consent.

Personal data, such as your name, address or email address, is always processed in accordance with the EU General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to the “Max ASP GmbH”. The aim of this Privacy Notice is to inform you about the scope and purpose of the personal data we collect, use and process.

As the data controller, we have implemented numerous technical and organisational measures to ensure the most complete possible protection of the personal data processed via this website. Nevertheless, Internet-based data transmissions can in principle have security gaps so that absolute protection cannot be guaranteed. For this reason, you are free to submit personal data on alternative ways, such as by phone or by post to us.

2.Data controller

The data controller, as defined by the GDPR, is:

Max ASP GmbH
Kässbohrerstraße 16, 89077 Ulm, Germany
Phone: +49 731 15927 0
Email: info@maxasp.com

Data controller’s representative: Benjamin Tänzer

3.Data protection officer

You can reach the data protection officer as follows:

Wolfgang Branz
Phone: +49 7525 9469859
Email: privacy@maxasp.com

You may contact our data protection officer directly at any time if you have any questions or suggestions regarding data protection.

4.Information on the processing activity

4.1 The purpose of this processing activity

is to collect and process contact details of customer/supplier contacts for the purpose of order processing. This includes the preparation and management of offer, order, and contract documents, as well as the maintenance of contact persons.

4.2 Legal basis of the processing activity

B2B (orders with business customers): Processing is necessary to protect the legitimate interests of the controller or a third party pursuant to Art. 6 Abs. 1 lit. f GDPR (protection of the company’s business interests).
B2C (orders with private customers): Processing is required to fulfill a contract or pre-contractual measure in accordance with Art. 6 Abs. 1 lit. b DS-GVO.

4.3 Categories of personal data

Contact details including the name, phone number, fax number, email
address, and position of both the contact person at the
customer/supplier and the employee who engages with the
customer/supplier.

5 Categories of recipients

Contractors (Processors)
Salesforce UK Limited ()

5.1 Data transfer to a third country

There are no planned transfers to third countries.

6.Additional Information Requirements

6.1 Personal Data Storage Period

10 Years (AO) (Deletion after 10 years. Retention period as per §147
AO for tax-relevant documents)
No regulation currently exists.

6.2 Legitimate interests of the data controller

B2B (orders with business customers): Processing is required to
safeguard the legitimate interests of the controller or a third party, as
specified in Art. 6 Abs. 1 lit. f DS-GVO (protection of the company’s
business interests).
The legitimate interest is grounded on the authoritative and
appropriate connection between the controller and the data subject as
a customer (see EwG 47 p. 2 DS-GVO), as manifested through emails,
postal mails, and phone calls. The data subject can reasonably
anticipate that their data may undergo processing for the intended
purpose, as it is necessary to carry out the business relationship.

6.3 Rights of data subjects

The above rights are applicable to data subjects.
Individuals have the right, under Article 15 of the DS-GVO, to request
information from the controller regarding their personal data. They
also have the right to rectification (Art. 16 DS-GVO), erasure (Art. 17
DS-GVO) and restriction of processing (Art. 18 (1) DS-GVO) of their
personal data. Additionally, individuals have the right to object to
processing (Art. 21 DS-GVO) and the right to data portability (Art. 20
DS-GVO).
If you wish to exercise your rights, please contact the data protection
officer mentioned above

6.4 Source of personal data

Direct collection (The data was collected directly from the data subject
by: conversation)

6.5 Right of complaint

You have the right to make a complaint to the relevant supervisory
authority.

6.6 Obligation to provide personal data

Providing your personal data is voluntary.

6.7 Automated decision making

We do not engage in automated decision making or profiling.

Currently valid from 20-06-2024