Data Protection Policy

On this page, you will find all legally required information in accordance with § 5 TMG (German Telemedia Act) as well as further legal information regarding the use of our website.
.

GDPR Data Protection Policy

Data Protection Policy

I. Name and address of the controller

SMS Business Software Solution GmbH
Carl-Zeiss-Straße 27–29
73230 Kirchheim unter Teck, Germany

Platzgasse 8
89182 Bernstadt, Germany

Phone: +49 7021 92804 00
Fax: +49 7021 92804 99

Email: christian.boennhoff@smserp.de

We are delighted that you are interested in our company. Data protection is a particularly high priority for the management of SMS Business Software Solution GmbH.

The processing of personal data, such as the name, address, email address, or telephone number of a data subject, is always carried out in accordance with the General Data Protection Regulation and in compliance with the country-specific data protection regulations applicable to SMS Business Software Solution GmbH. Through this privacy policy, our company would like to inform the public about the type, scope, and purpose of the personal data we collect, use, and process. Furthermore, this privacy policy informs data subjects about their rights.

II. Use of our websites

A. Collection of general information

When you access our website, information of a general nature is automatically collected. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your Internet service provider, and similar information. This is exclusively information that does not allow any conclusions to be drawn about your person. This information is technically necessary in order to correctly deliver the content you have requested from websites and is mandatory when using the Internet. Anonymous information of this kind is statistically evaluated by us in order to optimize our website and the technology behind it.

B.Cookies

Like many other websites, we also use so-called “cookies.” Cookies are small text files that are transferred from a website server to your hard drive. This automatically provides us with certain data, such as your IP address, the browser you are using, your operating system, and your connection to the Internet.

Cookies cannot be used to start programs or transfer viruses to a computer. The information contained in cookies enables us to facilitate navigation and ensure that our web pages are displayed correctly.

Under no circumstances will the data we collect be passed on to third parties or linked to personal data without your consent.

Of course, you can also view our website without cookies. Internet browsers are usually set to accept cookies. You can deactivate the use of cookies at any time via your browser settings. Please use the help functions of your Internet browser to find out how to change these settings. Please note that individual functions of our website may not work if you have deactivated the use of cookies.

C. SSL encryption

To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g., SSL) via HTTPS.

D. Newsletter

Based on your express consent, we will regularly send you our newsletter or similar information by email to the email address you have provided.

To receive the newsletter, you only need to provide your email address. When you register to receive our newsletter, the data you provide will be used exclusively for this purpose. Subscribers may also be informed by email about circumstances relevant to the service or registration (e.g., changes to the newsletter offering or technical circumstances).

We require a valid email address for effective registration. We use the “double opt-in” procedure to verify that a registration is actually made by the owner of an email address. For this purpose, we log the newsletter order, the sending of a confirmation email, and the receipt of the requested reply. No further data is collected. The data is used exclusively for sending the newsletter and is not passed on to third parties.

You can revoke your consent to the storage of your personal data and its use for sending newsletters at any time. Each newsletter contains a link for this purpose. You can also unsubscribe directly on this website at any time or notify us of your request using the contact details provided at the end of this privacy policy.

E. Contact form

If you contact us by email or contact form with any questions, you give us your voluntary consent for the purpose of contacting you. For this purpose, it is necessary to provide a valid email address. This is used to assign the inquiry and subsequently respond to it. Providing further data is optional. The information you provide will be stored for the purpose of processing your request and for possible follow-up questions. Once your request has been processed, your personal data will be automatically deleted.

F. Deletion or blocking of data

We adhere to the principles of data avoidance and data minimization. We therefore only store your personal data for as long as is necessary to achieve the purposes stated here or as required by the various storage periods provided for by law. After the respective purpose has ceased to exist or these periods have expired, the corresponding data will be routinely blocked or deleted in accordance with the statutory provisions.

G. Use of Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. (hereinafter: Google). Google Analytics uses “cookies,” which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States. However, due to the activation of IP anonymization on these web pages, your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

You can prevent cookies from being stored by adjusting your browser software settings accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available under the following link: Browser add-on to deactivate Google Analytics.

H. Analysis by wiredminds

Our website uses tracking pixel technology from wiredminds GmbH
(www.wiredminds.de) to analyze visitor behavior.

This may involve the collection, processing, and storage of data, which is used to create usage profiles under a pseudonym. Where possible and appropriate, these usage profiles are completely anonymized. Cookies may be used for this purpose. Cookies are small text files that are stored in the visitor's Internet browser and serve to recognize the Internet browser. The collected data, which may also include personal data, is transmitted to wiredminds or collected directly by wiredminds. wiredminds may use information left behind by visits to the websites to create anonymized user profiles. The data obtained in this way will not be used to personally identify visitors to this website without their express consent, and will not be merged with personal data about the bearer of the pseudonym. If IP addresses are recorded, they are immediately anonymized by deleting the last number block.

Exclude from tracking.

I. YouTube

We use YouTube on our website. This is a video portal operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as “YouTube.”

We use YouTube in conjunction with the “extended data protection mode” function to show you videos. If you have given your consent to this processing, the legal basis is Art. 6 (1) lit. a GDPR. The legal basis may also be Art. 6 (1) lit. f GDPR. Our legitimate interest lies in improving the quality of our website. According to YouTube, the “extended data protection mode” function means that the data specified below is only transmitted to the YouTube server when you actually start a video.

Without this “extended data protection,” a connection to the YouTube server in the USA is established as soon as you visit one of our web pages on which a YouTube video is embedded.

This connection is necessary in order to display the respective video on our website via your Internet browser. In the course of this, YouTube will at least collect and process your IP address, the date and time, and the website you visited. In addition, a connection to Google's “DoubleClick” advertising network is established.

This connection is necessary in order to display the respective video on our website via your Internet browser. In the course of this, YouTube will collect and process at least your IP address, the date and time, and the website you visited. In addition, a connection to Google's “DoubleClick” advertising network is established.

If you are logged into YouTube at the same time, YouTube will assign the connection information to your YouTube account. If you want to prevent this, you must either log out of YouTube before visiting our website or make the appropriate settings in your YouTube user account.

For the purpose of functionality and analysis of usage behavior, YouTube permanently stores cookies on your device via your Internet browser. If you do not agree to this processing, you have the option of preventing the storage of cookies by adjusting the settings in your Internet browser. For more information, see “Cookies” above.

Further information about the collection and use of data, as well as your rights and protection options in this regard, is available in Google's privacy policy, which can be found at https://policies.google.com/privacy.

III. Data protection for customers

For the purposes of the pre-contractual offer phase or for order fulfillment or service provision, we process personal data such as address and contact details, information on discussions held, your requirements, offers, and other information we receive from you. In the case of corporate customers, we also process information, in particular contact details, relating to our contact persons. For payment processing purposes, we may store and process data relating to your bank account or credit card information. If external partners are involved in the provision of services or fulfillment of orders, the information necessary for them to perform their services may be passed on to them. When processing the information, support systems (IT environment, CRM/ERP systems, financial accounting) may be used, which service providers access for maintenance purposes. In these cases, we agree on the necessary contracts for order processing.

IV. Data protection in job applications and the application process

The controller collects and processes the personal data of applicants for the purpose of handling the application process. Processing may also be carried out electronically. This is particularly the case if an applicant submits the relevant application documents to the controller by electronic means, for example by email or via a web form on the website. If the controller concludes an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted four months after notification of the rejection decision, provided that no other legitimate interests of the controller prevent deletion. Other legitimate interests in this sense include, for example, the burden of proof in proceedings under the General Equal Treatment Act (AGG). 

V. Data protection for suppliers

When selecting suppliers or service providers, we will store and process information about you. As part of the supplier review/evaluation process, we may obtain and store additional information from sources such as credit agencies. For order processing purposes, we will also process order-specific information in addition to your master data. In the case of company contacts, we also process information, in particular contact details, relating to our contact persons. When processing the information, support systems (IT environment, CRM/ERP systems, financial accounting) may be used, which service providers can access for maintenance purposes. In such cases, we conclude the necessary contracts for order processing.

VI. General information

A. Legal basis for processing

For processing operations where we obtain consent for a specific processing purpose, Art. 6 I lit. a GDPR serves as the legal basis for our company. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, with processing operations necessary for the delivery of goods or the provision of other services or consideration, the processing is based on Art. 6 I lit. b GDPR. This also applies to processing operations that are necessary for the implementation of pre-contractual measures, for example in connection with inquiries about our products or services. If our company is subject to a legal obligation that requires the processing of personal data, such as for the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were to be injured on our premises and their name, age, health insurance details, or other vital information had to be passed on to a doctor, hospital, or other third party. In this case, the processing would be based on Art. 6 I lit. d GDPR. Ultimately, processing operations could be based on Art. 6 I lit. f GDPR. This legal basis applies to processing operations that are not covered by any of the above legal bases if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights, and freedoms of the data subject do not prevail. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator. In this regard, the legislator took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (Recital 47, sentence 2 of the GDPR).

B. Legitimate interests in processing pursued by the controller or a third party

If the processing of personal data is based on Article 6 I lit. f GDPR, our legitimate interest is the performance of our business activities for the benefit of all our employees and our shareholders.

C. Purposes of data processing by the controller and third parties

We process your personal data only for the purposes stated in this privacy policy. Your personal data will not be transferred to third parties for purposes other than those stated. We only pass on your personal data to third parties if:

  • you have given your express consent to this,

  • the processing is necessary for the performance of a contract with you,

  • the processing is necessary for compliance with a legal obligation,

the processing is necessary for the purposes of legitimate interests and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data.

D. Transfer of data to third countries

In individual cases, e.g., use of the web service in connection with Google services or newsletter services, personal data may be transferred to third countries. In doing so, we always ensure that appropriate safeguards are in place to protect your data. In individual cases, you can obtain corresponding proof of this from our data protection officer.

E. Deletion or blocking of data

We adhere to the principles of data avoidance and data minimization. We therefore only store your personal data for as long as is necessary to achieve the purposes stated here or as required by the various storage periods provided for by law. After the respective purpose has ceased to exist or these periods have expired, the corresponding data will be routinely blocked or deleted in accordance with the statutory provisions.

F. Legal or contractual requirements for the provision of personal data; necessity for the conclusion of a contract; obligation of the data subject to provide personal data; possible consequences of non-provision

We would like to inform you that the provision of personal data is in some cases required by law (e.g., tax regulations) or may also result from contractual provisions (e.g., information on the contractual partner). In some cases, it may be necessary for a data subject to provide us with personal data in order to conclude a contract, which we must then process. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with them. Failure to provide personal data would mean that the contract with the data subject could not be concluded. Before providing personal data, the data subject must contact one of our employees. Our employee will explain to the data subject on a case-by-case basis whether the provision of personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data, and what the consequences of not providing the personal data would be.

G. Existence of automated decision-making

As a responsible company, we do not use automated decision-making or profiling.

H. Your rights as a data subject

You can exercise the following rights at any time using the contact details provided:

  • Information about your data stored by us and its processing,

  • Correction of incorrect personal data,

  • Deletion of your data stored by us,

  • Restriction of data processing, if we are not yet permitted to delete your data due to legal obligations,

  • Objection to the processing of your data by us, and

  • Data portability, if you have consented to data processing or have concluded a contract with us.

  • If you have given us your consent, you can revoke it at any time with effect for the future.

You can contact your competent supervisory authority at any time with a complaint. Your competent supervisory authority depends on the state in which you live, work, or where the alleged violation occurred. A list of supervisory authorities (for the non-public sector) with addresses can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

I. Changes to our data protection provisions

We reserve the right to occasionally amend this data protection declaration so that it always complies with current legal requirements or to implement changes to our services in the data protection declaration, e.g. when introducing new services. The new privacy policy will then apply to your next visit.

J. Questions about data protection

If you have any questions about data protection, please send us an email at: christian.boennhoff@smserp.de