1. Name and contact details of the responsible party
Responsible for the processing of your personal data in the context of the present contact is the
Alasco GmbH
Leopoldstr. 21
80802 Munich
E-mail: legal@alasco.de
Telephone: +49 (0) 89 248867750
Website: https://www.alasco.de/
2. Contact details of the data protection officer
The designated data protection officer is
DataCo GmbH
Dachauer Str. 65
80335 Munich
Tel.: +49 (0) 89 7400 458 40
E-mail: datenschutz@dataguard.de
Website: www.dataguard.de
Processing of your personal data
a. Your personal data processed by us
As part of the existing customer relationship, we process the following personal data about you:
b. Purposes of data processing
As part of the existing customer relationship, your personal data will be processed for the following purposes:
c. Legal bases of data processing
The legal basis for the processing of the data in the context of section 3. b is Art. 6 (1) Sentence 1 (a – f) GDPR.
Processing of your personal data based on consent
Insofar as we obtain your consent for the processing of your personal data, the processing of your personal data is based on Art. 6 (1) Sentence 1 (a) GDPR in conjunction with Art. 5, 7 GDPR.
Processing for the purpose of performing the contract with you
Insofar as we process your personal data for the purpose of fulfiling a contract, Art. 6 (1) Sentence 1 (b) GDPR serves as the legal basis for us. This also applies to processing operations that are necessary to carry out pre- and post-contractual measures.
Processing to comply with a legal obligation
Insofar as the processing of your personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 (1) Sentence 1 (c) GDPR serves as the legal basis for us. Our legal obligation to process data results from retention obligations.
Processing based on legitimate interest
The legal basis for direct marketing purposes may be Art. 6 (1) Sentence 1 (f) GDPR, if we have a legitimate interest, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail. The legitimate interests pursued by us in this regard – in addition to the purposes listed under section 3 – include:
Legal basis for processing activities in connection with the assertion, exercise or defense of legal claims is also our legitimate interest pursuant to Art. 6 (1) Sentence 1 (f) GDPR.
4. Recipients or categories of recipients of the personal data
In the course of processing your personal data, we may disclose your personal data to the following recipients. We will only transfer your personal data to external recipients if you have given your consent or if this is permitted by law. External recipients of your personal data are in particular:
In addition, your personal data may be transmitted to the following service providers located in a country outside the EU/EEA:
In the case of processors and service providers outside the EU/EEA, your above-mentioned personal data will only be processed if this is the subject of our order processing agreement pursuant to Art. 28 GDPR with these recipients.
5. Transfer of personal data to a third country
In principle, personal data collected and generated during the provision of relevant products and services is stored on our servers in the European Union. However, as the providers of our software solutions, among others, offer their products and/or services based on available resources and servers worldwide, your personal data may be transferred to or accessed from other jurisdictions outside the European Union and the European Economic Area. In particular, personal data is transmitted to the third country USA within the meaning of Art. 15 (2) GDPR. In order to ensure the continued existence of the necessary level of protection when data is transferred to a third country, contractual measures are agreed for this purpose. The software provider has its registered office in the United States of America, which has not been recognised as providing an adequate level of data protection. In order to ensure appropriate guarantees for the protection of the transmission and processing of personal data outside the EU, data transmission to and data processing by our service providers is carried out on the basis of appropriate guarantees pursuant to Art. 46 et seq. GDPR, in particular by the conclusion of so-called standard data protection clauses pursuant to Art. 46 (2) (c) GDPR.
6. Duration of storage of personal data
We do not store your personal data for longer than is necessary for the purpose for which it was collected. This means that data in our systems is destroyed or deleted as soon as it is no longer needed. We take appropriate measures to ensure that your personal data is only processed under the following conditions:
A requirement may exist in particular if the data is still required in order to fulfil contractual services, to be able to check and grant or ward off warranty and, if applicable, guarantee claims. If the data is no longer required for the fulfilment of contractual or legal obligations, it is regularly deleted, unless its – temporary – retention is still necessary, in particular to comply with statutory retention periods of up to ten years (e.g. from the Commercial Code, the Fiscal Code and the Money Laundering Act). In the case of statutory retention obligations, deletion is only considered after expiry of the respective retention obligation.
7. Data subject rights
According to the General Data Protection Regulation you have the following rights:
Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18
91522 Ansbach
Tel: +49 (0) 981 180093-0
Website:https://www.lda.bayern.de/de/index.html
If the legal requirements are met, you may, for reasons arising from your particular situation, object at any time to the processing of personal data relating to you, which is based on Art. 6 (1) (e) or (f) GDPR, lodge an objection (Art. 21 GDPR).
8. Right of withdrawal for consent
If you have consented to the processing by the responsible party by means of a corresponding declaration, you can revoke your consent at any time for the future. The lawfulness of the data processing carried out on the basis of the consent until the revocation is not affected by this.
1. Name and contact details of the responsible party
Responsible for the processing of your personal data in the context of the present contact is the
Alasco GmbH
Leopoldstr. 21
80802 Munich
E-mail: legal@alasco.de
Telephone: +49 (0) 89 248867750
Website: https://www.alasco.de/
2. Contact details of the data protection officer
The designated data protection officer is
DataCo GmbH
Dachauer Str. 65
80335 Munich
Tel.: +49 (0) 89 7400 458 40
E-mail: datenschutz@dataguard.de
Website: www.dataguard.de
3. Categories of personal data processed and their sources
As part of our activity as a provider of a web-based software solution for digital processes in the context of financial controlling of construction projects we process the following personal data to your person:
from the following sources:
4. Purposes of processing:
Your personal data will be processed for the following purposes:
5. Legal bases of data processing:
The legal basis for the processing of the data in the context of section 4 is Art. 6 (1) Sentence 1 (a – f) GDPR.
Processing of your personal data based on consent
Insofar as we obtain your consent for the processing of your personal data, the processing of your personal data is based on Art. 6 (1) Sentence 1 (a) GDPR in conjunction with Art. 5, 7 GDPR.
Processing for the purpose of performing the contract with you
Insofar as we process your personal data for the purpose of fulfiling a contract, Art. 6 (1) Sentence 1 (b) GDPR serves as the legal basis for us. This also applies to processing operations that are necessary to carry out pre- and post-contractual measures.
Processing to comply with a legal obligation
Insofar as the processing of your personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 (1) Sentence 1 (c) GDPR serves as the legal basis for us. Our legal obligation to process data results from retention obligations under tax law and/or commercial law.
Processing based on legitimate interest
The legal basis for contacting us is if our legitimate interests exist, unless the interests or fundamental rights and freedoms of the person concerned, which require the protection of personal data, prevail, Art. 6 Para. 1 S.1 lit. f DS-GVO. The legitimate interests pursued by us in this regard – in addition to the purposes listed under section 4 – include:
Legal basis for processing activities in connection with the assertion, exercise or defense of legal claims is also our legitimate interest pursuant to Art. 6 (1) Sentence 1 (f) GDPR.
Processing based on legitimate interest
The legal basis for contacting is Art. 6 (1) Sentence 1 (f) GDPR, if we have a legitimate interest, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail.
6. Recipients or categories of recipients of the personal data
In the course of processing your personal data, we may disclose your personal data to the following recipients:
In addition, your personal data may be transmitted to the following service providers located in a country outside the EU/EEA:
In the case of processors and service providers outside the EU/EEA, your above-mentioned personal data will only be processed if this is the subject of our order processing agreement pursuant to Art. 28 GDPR with these recipients.
7. Transfer of personal data to a third country
In principle, personal data collected and generated during the provision of relevant products and services is stored on our servers in the European Union. However, as the providers of our software solutions, among others, offer their products and/or services based on available resources and servers worldwide, your personal data may be transferred to or accessed from other jurisdictions outside the European Union and the European Economic Area. In particular, personal data is transmitted to the third country USA within the meaning of Art. 15 (2) GDPR. In order to ensure the continued existence of the necessary level of protection when data is transferred to a third country, contractual measures are agreed for this purpose. The software provider has its registered office in the United States of America, which has not been recognised as providing an adequate level of data protection. In order to ensure appropriate guarantees for the protection of the transmission and processing of personal data outside the EU, data transmission to and data processing by our service providers is carried out on the basis of appropriate guarantees pursuant to Art. 46 et seq. GDPR, in particular by the conclusion of so-called standard data protection clauses pursuant to Art. 46 (2) (c) GDPR.
8. Duration of storage of personal data
We do not store your personal data for longer than is necessary for the purpose for which it was collected. This means that data in our systems is destroyed or deleted as soon as it is no longer needed. We take appropriate measures to ensure that your personal data is only processed under the following conditions:
A requirement may exist in particular if the data is still required in order to fulfil contractual services, to be able to check and grant or ward off warranty and, if applicable, guarantee claims. If the data is no longer required for the fulfilment of contractual or legal obligations, it is regularly deleted, unless its – temporary – retention is still necessary, in particular to comply with statutory retention periods of up to ten years (e.g. from the Commercial Code, the Fiscal Code and the Money Laundering Act). In the case of statutory retention obligations, deletion is only considered after expiry of the respective retention obligation.
9. Data subject rights
According to the General Data Protection Regulation you have the following rights:
Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18
91522 Ansbach
Tel: +49 (0) 981 180093-0
Website:https://www.lda.bayern.de/de/index.html
If the legal requirements are met, you may, for reasons arising from your particular situation, object at any time to the processing of personal data relating to you, which is based on Art. 6 (1) (e) or (f) GDPR, lodge an objection (Art. 21 GDPR).
10. Right of withdrawal for consent
If you have consented to the processing by the responsible party by means of a corresponding declaration, you can revoke your consent at any time for the future. The lawfulness of the data processing carried out on the basis of the consent until the revocation is not affected by this.