Information obligations for customers and interested parties

Download file

Information obligations when data is collected from the data subject in accordance with Art. 13 GDPR

1. Name and contact details of the responsible party

Responsible for the processing of your personal data in the context of the present contact is the

Alasco GmbH
Leopoldstr. 21
80802 Munich
E-mail: legal@alasco.de
Telephone: +49 (0) 89 248867750
Website: https://www.alasco.de/

2. Contact details of the data protection officer

The designated data protection officer is

DataCo GmbH
Dachauer Str. 65
80335 Munich
Tel.: +49 (0) 89 7400 458 40
E-mail: datenschutz@dataguard.de
Website: www.dataguard.de

Processing of your personal data

a. Your personal data processed by us

As part of the existing customer relationship, we process the following personal data about you:

  • Address
  • Bank details
  • Customer number
  • Last name
  • First name
  • Your e-mail address
  • Your mobile number
  • Your landline number
  • Your fax number

b. Purposes of data processing

As part of the existing customer relationship, your personal data will be processed for the following purposes:

  • To process your enquiry as an interested party. For this purpose, we use your contact details in order to be able to answer your enquiry.
  • To prepare and carry out pre-contractual measures – this includes, for example, the creation and sending of an individual offer or individual agreement and transmission of contractual conditions with the aim of concluding a contract.
  • To include your contact details in our customer database.
  • To provide you with the best possible information about our products and services. This also includes the sending of (direct) advertising by e-mail or post.
  • To ensure smooth billing of the services provided. For this purpose, your personal data will be processed in order to be able to issue invoices.
  • To comply with our legal obligations. This includes, for example, the transmission of your personal data to the tax office.
  • In order to provide you, our customer, with the best possible service. This includes in particular communication with you by e-mail, mobile phone or landline number. For the purpose of sending the newsletter, insofar as you have registered for our newsletter.
  • To fulfil post-contractual measures.
  • To assert, exercise or defend legal claims.

c. Legal bases of data processing

The legal basis for the processing of the data in the context of section 3. b is Art. 6 (1) Sentence 1 (a – f) GDPR.

Processing of your personal data based on consent
Insofar as we obtain your consent for the processing of your personal data, the processing of your personal data is based on Art. 6 (1) Sentence 1 (a) GDPR in conjunction with Art. 5, 7 GDPR.

Processing for the purpose of performing the contract with you
Insofar as we process your personal data for the purpose of fulfiling a contract, Art. 6 (1) Sentence 1 (b) GDPR serves as the legal basis for us. This also applies to processing operations that are necessary to carry out pre- and post-contractual measures.

Processing to comply with a legal obligation
Insofar as the processing of your personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 (1) Sentence 1 (c) GDPR serves as the legal basis for us. Our legal obligation to process data results from retention obligations.

Processing based on legitimate interest
The legal basis for direct marketing purposes may be Art. 6 (1) Sentence 1 (f) GDPR, if we have a legitimate interest, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail. The legitimate interests pursued by us in this regard – in addition to the purposes listed under section 3 – include:

  • To be able to optimally inform you about our products, offers and services by means of direct marketing;
  • In the communication with you, in particular to be able to answer your enquiries by e-mail, phone and/or fax;

Legal basis for processing activities in connection with the assertion, exercise or defense of legal claims is also our legitimate interest pursuant to Art. 6 (1) Sentence 1 (f) GDPR.

4. Recipients or categories of recipients of the personal data

In the course of processing your personal data, we may disclose your personal data to the following recipients. We will only transfer your personal data to external recipients if you have given your consent or if this is permitted by law. External recipients of your personal data are in particular:

  • External employees / freelancers
  • Processors
  • Third parties
  • Authorities e.g. tax offices, courts, trade supervisory office
  • Billing partners
  • Collection agencies
  • Credit institutions
  • Parcel service providers
  • Post
  • Tax consultants

In addition, your personal data may be transmitted to the following service providers located in a country outside the EU/EEA:

  • Amazon Web Services (‘Amazon.com, Inc.’)
  • Auth0 Inc.
  • Chargebee, Inc.
  • Churnzero, Inc.
  • Google LLC
  • Hubspot, Inc.
  • SendGrid, Inc.
  • Zendesk, Inc.

In the case of processors and service providers outside the EU/EEA, your above-mentioned personal data will only be processed if this is the subject of our order processing agreement pursuant to Art. 28 GDPR with these recipients.

5. Transfer of personal data to a third country

In principle, personal data collected and generated during the provision of relevant products and services is stored on our servers in the European Union. However, as the providers of our software solutions, among others, offer their products and/or services based on available resources and servers worldwide, your personal data may be transferred to or accessed from other jurisdictions outside the European Union and the European Economic Area. In particular, personal data is transmitted to the third country USA within the meaning of Art. 15 (2) GDPR. In order to ensure the continued existence of the necessary level of protection when data is transferred to a third country, contractual measures are agreed for this purpose. The software provider has its registered office in the United States of America, which has not been recognised as providing an adequate level of data protection. In order to ensure appropriate guarantees for the protection of the transmission and processing of personal data outside the EU, data transmission to and data processing by our service providers is carried out on the basis of appropriate guarantees pursuant to Art. 46 et seq. GDPR, in particular by the conclusion of so-called standard data protection clauses pursuant to Art. 46 (2) (c) GDPR.

6. Duration of storage of personal data

We do not store your personal data for longer than is necessary for the purpose for which it was collected. This means that data in our systems is destroyed or deleted as soon as it is no longer needed. We take appropriate measures to ensure that your personal data is only processed under the following conditions:

  1. For the duration that the data will be used to provide you with a service
  2. As required by applicable law, contract or to comply with our legal obligations
  3. Only for as long as necessary for the purpose for which the data was collected, or longer if required by contract, applicable law, using appropriate safeguards.

A requirement may exist in particular if the data is still required in order to fulfil contractual services, to be able to check and grant or ward off warranty and, if applicable, guarantee claims. If the data is no longer required for the fulfilment of contractual or legal obligations, it is regularly deleted, unless its – temporary – retention is still necessary, in particular to comply with statutory retention periods of up to ten years (e.g. from the Commercial Code, the Fiscal Code and the Money Laundering Act). In the case of statutory retention obligations, deletion is only considered after expiry of the respective retention obligation.

7. Data subject rights

According to the General Data Protection Regulation you have the following rights:

  • If your personal data is processed, you have the right to obtain information from the responsible party about the data stored about you (Art. 15 GDPR).
  • If inaccurate personal data is processed, you have the right to rectification (Art.16 GDPR).
  • If the legal requirements are met, you may request the deletion or restriction of processing (Art. 17 and 18 GDPR).
  • If you have consented to the data processing or if there is a contract for data processing and the data processing is carried out using automated procedures, you may have the right to data portability (Art. 20 GDPR).
  • If the personal data concerning you is processed for the purpose of direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling to the extent related to such direct advertising.  If you object to the processing for direct advertising purposes, the personal data relating to you will no longer be processed for these purposes.
  • Furthermore, you have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). The supervisory authority responsible for us is the Bavarian State Office for Data Protection Supervision (BayLDA). You can reach them at

Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18
91522 Ansbach
Tel: +49 (0) 981 180093-0
Website:https://www.lda.bayern.de/de/index.html

If the legal requirements are met, you may, for reasons arising from your particular situation, object at any time to the processing of personal data relating to you, which is based on Art. 6 (1) (e) or (f) GDPR, lodge an objection (Art. 21 GDPR).

8. Right of withdrawal for consent

If you have consented to the processing by the responsible party by means of a corresponding declaration, you can revoke your consent at any time for the future. The lawfulness of the data processing carried out on the basis of the consent until the revocation is not affected by this.

Information obligations when data is collected from the data subject in accordance with Art. 14 GDPR

1. Name and contact details of the responsible party

Responsible for the processing of your personal data in the context of the present contact is the

Alasco GmbH
Leopoldstr. 21
80802 Munich
E-mail: legal@alasco.de
Telephone: +49 (0) 89 248867750
Website: https://www.alasco.de/

2. Contact details of the data protection officer

The designated data protection officer is

DataCo GmbH
Dachauer Str. 65
80335 Munich
Tel.: +49 (0) 89 7400 458 40
E-mail: datenschutz@dataguard.de
Website: www.dataguard.de

3. Categories of personal data processed and their sources

As part of our activity as a provider of a web-based software solution for digital processes in the context of financial controlling of construction projects we process the following personal data to your person:

  • Last name
  • First name
  • E-mail address
  • Your mobile number
  • Your landline number

from the following sources:

  • Public sources such as Google

4. Purposes of processing:

Your personal data will be processed for the following purposes:

  • To process your enquiry as an interested party. For this purpose, we use your contact details in order to be able to answer your enquiry.
  • To prepare and carry out pre-contractual measures – this includes, for example, the preparation and sending of an individual offer or individual agreement and transmission of contract conditions with the aim of concluding a contract.
  • To include your contact details in our customer database.
  • To provide you with the best possible information about our products and services. This also includes the sending of (direct) advertising by e-mail or post.
  • To ensure smooth billing of the services provided. For this purpose, your personal data will be processed in order to be able to issue invoices.
  • To comply with our legal obligations. This includes, for example, the transmission of your personal data to the tax office.
  • In order to provide you, our customer, with the best possible service. This includes, in particular, communication with you by e-mail, mobile phone or landline number. For the purpose of sending newsletters, insofar as you have registered for our newsletter.
  • To fulfil post-contractual measures.
  • To assert, exercise or defend legal claims.

5. Legal bases of data processing:

The legal basis for the processing of the data in the context of section 4 is Art. 6 (1) Sentence 1 (a – f) GDPR.

Processing of your personal data based on consent
Insofar as we obtain your consent for the processing of your personal data, the processing of your personal data is based on Art. 6 (1) Sentence 1 (a) GDPR in conjunction with Art. 5, 7 GDPR.

Processing for the purpose of performing the contract with you
Insofar as we process your personal data for the purpose of fulfiling a contract, Art. 6 (1) Sentence 1 (b) GDPR serves as the legal basis for us. This also applies to processing operations that are necessary to carry out pre- and post-contractual measures.

Processing to comply with a legal obligation
Insofar as the processing of your personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 (1) Sentence 1 (c) GDPR serves as the legal basis for us. Our legal obligation to process data results from retention obligations under tax law and/or commercial law.

Processing based on legitimate interest
The legal basis for contacting us is if our legitimate interests exist, unless the interests or fundamental rights and freedoms of the person concerned, which require the protection of personal data, prevail, Art. 6 Para. 1 S.1 lit. f DS-GVO. The legitimate interests pursued by us in this regard – in addition to the purposes listed under section 4 – include:

  • To be able to inform you optimally about your rights by way of direct contact;
  • In the communication with you, in particular to be able to answer your enquiries by e-mail, phone and/or fax;

Legal basis for processing activities in connection with the assertion, exercise or defense of legal claims is also our legitimate interest pursuant to Art. 6 (1) Sentence 1 (f) GDPR.

Processing based on legitimate interest
The legal basis for contacting is Art. 6 (1) Sentence 1 (f) GDPR, if we have a legitimate interest, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail.

6. Recipients or categories of recipients of the personal data

In the course of processing your personal data, we may disclose your personal data to the following recipients:

  • External employees / freelancers
  • Processors

In addition, your personal data may be transmitted to the following service providers located in a country outside the EU/EEA:

  • Amazon Web Services (‘Amazon.com, Inc.’)
  • Auth0 Inc.
  • Chargebee, Inc.
  • Churnzero, Inc.
  • Google LLC
  • Hubspot, Inc.
  • SendGrid, Inc.
  • Zendesk, Inc.

In the case of processors and service providers outside the EU/EEA, your above-mentioned personal data will only be processed if this is the subject of our order processing agreement pursuant to Art. 28 GDPR with these recipients.

7. Transfer of personal data to a third country

In principle, personal data collected and generated during the provision of relevant products and services is stored on our servers in the European Union. However, as the providers of our software solutions, among others, offer their products and/or services based on available resources and servers worldwide, your personal data may be transferred to or accessed from other jurisdictions outside the European Union and the European Economic Area. In particular, personal data is transmitted to the third country USA within the meaning of Art. 15 (2) GDPR. In order to ensure the continued existence of the necessary level of protection when data is transferred to a third country, contractual measures are agreed for this purpose. The software provider has its registered office in the United States of America, which has not been recognised as providing an adequate level of data protection. In order to ensure appropriate guarantees for the protection of the transmission and processing of personal data outside the EU, data transmission to and data processing by our service providers is carried out on the basis of appropriate guarantees pursuant to Art. 46 et seq. GDPR, in particular by the conclusion of so-called standard data protection clauses pursuant to Art. 46 (2) (c) GDPR.

8. Duration of storage of personal data

We do not store your personal data for longer than is necessary for the purpose for which it was collected. This means that data in our systems is destroyed or deleted as soon as it is no longer needed. We take appropriate measures to ensure that your personal data is only processed under the following conditions:

  1. For the duration that the data will be used to provide you with a service
  2. As required by applicable law, contract or to comply with our legal obligations
  3. Only for as long as necessary for the purpose for which the data was collected, or longer if required by contract, applicable law, using appropriate safeguards.

A requirement may exist in particular if the data is still required in order to fulfil contractual services, to be able to check and grant or ward off warranty and, if applicable, guarantee claims. If the data is no longer required for the fulfilment of contractual or legal obligations, it is regularly deleted, unless its – temporary – retention is still necessary, in particular to comply with statutory retention periods of up to ten years (e.g. from the Commercial Code, the Fiscal Code and the Money Laundering Act). In the case of statutory retention obligations, deletion is only considered after expiry of the respective retention obligation.

9. Data subject rights

According to the General Data Protection Regulation you have the following rights:

  • If your personal data is processed, you have the right to obtain information from the responsible party about the data stored about you (Art. 15 GDPR).
  • If inaccurate personal data is processed, you have the right to rectification (Art.16 GDPR).
  • If the legal requirements are met, you may request the deletion or restriction of processing (Art. 17 and 18 GDPR).
  • If you have consented to the data processing or if there is a contract for data processing and the data processing is carried out using automated procedures, you may have the right to data portability (Art. 20 GDPR).
  • If the personal data concerning you is processed for the purpose of direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling to the extent related to such direct advertising.  If you object to the processing for direct advertising purposes, the personal data relating to you will no longer be processed for these purposes.
  • Furthermore, you have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). The supervisory authority responsible for us is the Bavarian State Office for Data Protection Supervision (BayLDA). You can reach them at

Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18
91522 Ansbach
Tel: +49 (0) 981 180093-0
Website:https://www.lda.bayern.de/de/index.html

If the legal requirements are met, you may, for reasons arising from your particular situation, object at any time to the processing of personal data relating to you, which is based on Art. 6 (1) (e) or (f) GDPR, lodge an objection (Art. 21 GDPR).

10. Right of withdrawal for consent

If you have consented to the processing by the responsible party by means of a corresponding declaration, you can revoke your consent at any time for the future. The lawfulness of the data processing carried out on the basis of the consent until the revocation is not affected by this.