The following information is intended to give you an overview of the personal data processed by us and to inform you about your data protection rights.
1. Person responsible for data processing and contact details of the data protection officer
SNP Schneider-Neureither & Partner SE
Dossenheimer Landstr. 100
SNP Business Landscape Management GmbH
Speyerer Str. 4
SNP Transformation Deutschland GmbH
SNP Applications DACH GmbH
Speyerer Str. 4
ERST European Retail Systems Technology GmbHHögerdamm 39
Telefon: +49 6221 64 25 – 0
Data protection officer: can be reached via e-mail to firstname.lastname@example.org or via our postal address specifying "The data protection officer".
150 Buckingham Palace Road
SNP AUSTRIA GmbH
Kramlehnerweg 1 + 1a
Telefon: +49 6221 64 25 – 0
2. From which sources does the personal data originate?
We process personal data that we have obtained from business relationships (e.g. with customers or suppliers) or customer requests. As a rule, we receive this data directly from the contracting party or the person who made the request. However, personal data may also originate from public sources (e.g. commercial register), provided that the processing of this data is permitted. Other companies may also transmit data to us legitimately. Depending on the individual case, we also store our own information related to this data (e.g. as part of an ongoing business relationship).
Depending on the individual case, this may involve master data (e.g. name, address), contact data (e.g. telephone number, e-mail address), contract and billing data to fulfill our contractual obligations or data that is necessary for processing a request, such as creditworthiness data, advertising and sales data and other data of comparable categories.
3. For what purposes and on what legal basis is the personal data processed?
We process personal data in compliance with data protection laws, in particular the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) or other applicable local legislation.
a.) Within the framework of the performance of a contract or in order to take steps prior to entering into a contract (Art. 6(1)(1)(b) GDPR).
We process personal data primarily to fulfil contractual obligations and to provide the related services, in particular the provision of our software solutions, or within the framework of a corresponding contract initiation (e.g. contract negotiations, preparation of quotations). The specific purposes are determined by the respective service or product that form the basis of the business relationship or contract initiation.
b.) Within the framework of the compliance with a legal obligation (Art. 6(1)(1)(c) GDPR)
In many situations, we are legally obliged to collect certain personal data and to forward it to, usually public, authorities or to make it available to them.
For example, we provide the tax authorities with the personal data that is required for tax calculation purposes in accordance with the relevant legal requirements.
c.) Within the framework of legitimate interests (Art. 6(1)(1)(f) GDPR)
We also collect and process personal data to pursue legitimate interests in the following situations:
d.) Within the framework of a consent (Art. 6(1)(1)(a) GDPR)
In some situations, the processing of your personal data is not absolutely necessary and only permitted with your consent. In such cases, we inform you about this circumstance and in particular about the fact that giving your consent is voluntary and revocable at any time with effect for the future.
This is the case, for example,
4. Recipients of personal data
In general, the company only grants access to your data for authorities that must work with your data ("need-to-know principle"), i.e. entities that require access to this data to fulfil a contractual or legal obligation. This can also include service providers and vicarious agents who act on behalf of the company and/or who are obliged to process the data confidentially.
In certain situations, we transfer your data to
5. Is data transferred to a third country or to an international organization?
We transfer personal data to other authorities in countries outside the European Union (third country) if it is necessary to maintain the business relationship, if it is required by law or if you have given us your consent to do so.
In certain situations, we collaborate or reserve the right to collaborate with service providers that are either located in a third country or that may also collaborate with service providers in a third country.
In accordance with Art. 45 GDPR, a transfer of personal data to a third country may take place where the Commission has decided that the third country in question ensures an adequate level of protection. In the absence of such a decision, a controller or processor may transfer personal data to a third country only if the controller or processor has provided appropriate safeguards (e.g. standard data protection clauses issued by the European Commission), and on condition that enforceable data subject rights and effective legal remedies for data subjects are available (Art. 46 GDPR).
As a rule, we only cooperate with authorities in third countries that fulfil the criteria listed above.
6. Data retention
We process and store your personal data as long as it is necessary for the fulfilment of our contractual and legal obligations. If the storage of personal data is no longer necessary for the fulfilment of these obligations, it will be deleted, unless there are legal obligations to retain such data, such as commercial and fiscal obligations of the German Tax Code and the German Commercial Code (6 or 10 years) and for the preservation of evidence within the framework of statutory limitation rules.
7. Rights of the data subject
You have the following rights with regard to your personal data:
You also have the right to complain to a data protection supervisory authority about our processing of your personal data.
However, you also have the option of contacting our internal data protection officer (confidentially).
If you have given us your consent (Art. 6(1)(1)(a) GDPR), you can revoke it at any time with effect for the future.
If we base the processing of your personal data on legitimate interests (Art. 6(1)(1)(f) GDPR), you may object to the processing. In the event of such an objection, we kindly ask you to explain why we should not process your personal data. In the event of a justified objection, we will examine the situation and either discontinue or adapt the data processing or point out legitimate reasons why we will continue the processing.
You can object to the processing of your personal data for advertising purposes at any time.
8. Obligation to provide data
Within the framework of the performance or initiation of a contract, you must provide the personal data necessary for the performance of the contract or to take steps prior to entering into a contract and the associated obligations. Furthermore, you must provide the personal data that we are legally obliged to collect. We will not be able to conclude or fulfil a contract without the provision of this data.
In cases of data collection on the basis of consent, the provision of data is voluntary and not mandatory. However, if you do not give your consent, we will not be able to provide the services that require your consent for data processing. You can revoke your consent at any time with effect for the future, even after it has been granted.
9. Is there automated individual decision-making or profiling?