Data protection declaration

The protection of your personal data and other information provided to us is of the utmost importance to SIEVERS-SNC Computer & Software GmbH & Co. KG. The collection, processing and use of your data within the scope of using our software products is carried out exclusively in accordance with the provisions set forth below and in compliance with the applicable data protection laws.

Below we would like to inform you about the data collected while using AssetSec (hereinafter "product"), the way we process them as well as your associated rights. In addition, we inform you of the accompanying technical and organisational measures we have taken to protect your data.

A. Controller

The controller responsible for operating the product within the meaning of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) and the service provider within the meaning of the Telemedia Act (TMG) is

SIEVERS-SNC Computer & Software GmbH & Co. KG

Hans-Wunderlich-Straße 8
49078 Osnabrück
Tel.: +49 (0) 541 – 9493 - 0 
Fax: +49 (0) 541 – 9493 - 250 
Email: info@sievers-group.com 
Court of registration: Osnabrück District Court, HR A 6465
VAT ID: DE117654222

Represented by the general partner:
SIEVERS-SNC Beteiligungs GmbH
Hans-Wunderlich-Straße 8
49078 Osnabrück
 Court of registration: Osnabrück District Court, HR B 19289

in turn represented by Managing Directors Klaus Gerdes-Röben, Marco Naber, Rüdiger Sievers and Udo Wenker

B. Data protection officer

SIEVERS-SNC Computer & Software GmbH & Co. KG has appointed a data protection officer. You can contact our in-house data protection officer by post to the above address or by email to: datenschutz@grosshandelsverband.de.

C. Personal data

Personal data means all information concerning personal or material circumstances that can be easily and uniquely attributed to you. These include, for example, your name, your IP addresses, your email address or an online identifier (including password). Personal data also include the names, email addresses and IP addresses of third parties.

D. Scope of the collection and use of your data and purposes of processing

I. Registration

To use the product, you need to register and thereby create a user profile. We collect and use the following data in connection with your registration:

  • Date and time of registration
  • Your name
  • Your sex
  • Your company
  • Your email address
  • The password you have selected
  • IYour IP address

After registration, we will use your email address and password for authentication when you log in to your personal profile. After login to your personal profile, you have the opportunity to view and change your personal data.

For the purpose of billing, you will need to provide the credit card details of your company, unless payment on account has been agreed. However, these do not constitute personal data within the meaning of Art. 4 GDPR.

II. Collection and processing of personal data while using the product

In connection with the use of the product, we collect and process the following personal data within the product:

  • IP addresses to be scanned (targets)
  • Defined schedules
  • Tasks
  • Name and email address of the controller of the host to be scanned
  • IP address of the system from which you use the product

For the purpose of validation, the IP address to be scanned will be transmitted to the company RIPE NCC, Stationsplein 11, 1012 AB Amsterdam (Netherlands). By matching it with the data stored in the local database – if available – the name and email address of the controller of the host to be scanned are ascertained.

III. Live chat

You can get in touch with us directly using the "live chat" feature provided within the product. We collect, process and use the personal data (including your name) and information you provide us during the chat exclusively for the purpose of processing your request. This correspondence will be stored in accordance with the statutory retention periods and deleted after expiry of any retention periods.

We use software by the company INTERCOM Inc., 55 2nd Street, 4th Floor, San Francisco, CA 94105 (USA) to provide the "live chat" feature. Our service provider is headquartered in a country outside the European Union ("third country").

INTERCOM Inc. is commissioned based on the European Commission's decision of 12/07/2016, according to which the USA offers an adequate level of protection (adequacy decision pursuant to Art. 45 GDPR).

E. On what legal basis do we process your data?

We process your personal data in accordance with the requirements of the European General Data Protection Regulation (GDPR) as well as the national data protection regulations (Federal Data Protection Act, Telemedia Act) for the following purposes:

We process your personal data for the purpose of providing the features within the product. In this case, the legal basis for processing is point (b) of Art. 6 (1) GDPR.

The same applies to the processing of personal data in connection with the processing of your requests submitted via the live chat.

Furthermore, we process your personal data to the extent that you have given your consent. In this case, the legal basis for processing is point (a) of Art. 6 (1) GDPR. Upon obtaining your consent, we will inform you of the specific purpose of the intended processing. You may withdraw your consent you have given to us at any time with effect for the future. This also applies to consents you have given before 25 May 2018. We will inform you of the possibility of withdrawing your consent upon obtaining your consent.

Finally, we process your data to the extent that we have a legitimate interest therein, except where our interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data. In this case, the legal basis for processing is point (f) of Art. 6 (1) GDPR. This includes the processing of your IP address in connection with the use of our product in order to be able to identify you before disclosure of your postal address in the event of any infringements of the agreed terms of use.

F. To whom do we transfer your data?

Within SIEVERS-SNC Computer & Software GmbH & Co. KG, your data is transferred to those departments which need them for the performance of the contract or to take steps prior to entering into a contract (e.g. Remote Support for eliminating vulnerabilities, Sales for enquiries about other products and services).

To the extent necessary, we transfer data, in addition to the above-mentioned companies, to service providers supporting us (e.g. postal service providers, logistics companies, IT service providers, debt collection agencies and legal advisors).

Outside SIEVERS-SNC Computer & Software GmbH & Co. KG, your data are transferred to the company RIPE NCC, Stationsplein 11, 1012 AB Amsterdam, Netherlands, for the purpose of validating the IP address to be scanned.

In addition, we transfer the bank details and/or credit card data of your company to the company Stripe Payments Europe, Ltd., Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, for the purpose of processing payments.

Apart from that, we transfer your data to third parties to the extent that we are legally required to do so (e.g. to law enforcement authorities).

G. Do we transfer your data to an international organisation or a third country?

We have engaged the above-mentioned technical service providers in connection with the processing of your data. To the extent that these service providers process your data in a country outside the European Union ("third country"), this has been pointed out in the description of the respective service provider.

If, in connection with the operation of our product, we intend to use the services of additional or other service providers that process the users' data in a country outside the European Union, this will only take place if the European Commission has decided in an adequacy decision that the respective third country offers an adequate level of protection (Art. 45 GDPR) or, in the absence of such decision, if appropriate safeguards are provided for the protection of your data and enforceable rights and effective legal remedies are available to you (Art. 46 GDPR).

H. For how long do we store your data?

We will store your personal data as long as you use our products. To the extent that your data are subject to fiscal, commercial or other statutory retention requirements, we will store these data until expiry of the aforementioned periods. The IP address of the IT system you use while using our product will be stored until disclosure of your postal address.

I. Rights of data subjects / Supervisory authority

Every user has the right to obtain information on the data stored by SIEVERS-SNC Computer & Software GmbH & Co. KG and the related processing activities pursuant to Art. 15 GDPR, the right to obtain rectification of inaccurate data pursuant to Art. 16 GDPR, the right to obtain erasure of their data after performance of the contract pursuant to Art. 17 GDPR, unless the erasure conflicts with any retention requirements, the right to obtain restriction of processing pursuant to Art. 18 GDPR, the right to object pursuant to Art. 21 GDPR as well as the right to data portability pursuant to Art. 20 GDPR.

To the extent that you have given your consent to data processing by SIEVERS-SNC Computer & Software GmbH & Co. KG, you may withdraw this consent at any time, without this affecting the lawfulness of processing based on consent before the withdrawal.

Furthermore, you have the right to lodge a complaint with a competent supervisory authority pursuant to Art. 77 GDPR.

If you have any questions or enquiries concerning the protection of your personal data and the exercise of the aforementioned rights, please contact our data protection officer using the contact details provided above.

J. Information on the right to object pursuant to Art. 21 GDPR

Right to object in particular situations

You have the right to object, on grounds relating to your particular situation, to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority (point (e) of Art. 6 (1) GDPR) vested in SIEVERS-SNC Computer & Software GmbH & Co. KG, including profiling based on the foregoing provision. If you object to processing, we will no longer process your data for these purposes, unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Right to object to processing of data for direct marketing purposes, including any related prior processing activities (profiling)

We process your data for direct marketing purposes and carry out prior processing activities to tailor our marketing activities to your interests (profiling). This processing for direct marketing purposes is carried out on the basis of an overriding legitimate interest of SIEVERS-SNC Computer & Software GmbH & Co. KG.

You have the right to object at any time to processing of your personal data for direct marketing purposes, including profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, your data will no longer be processed for such purposes.

You can exercise your right to object without having to comply with any formal requirements by contacting:

SIEVERS-SNC Computer & Software GmbH & Co. KG
Hans-Wunderlich-Straße 8
49078 Osnabrück
Tel.: +49 (0) 541 – 9493 - 0
Fax: +49 (0) 541 – 9493 - 250
E-Mail: info@sievers-group.com

K. Are users required to provide personal data to SIEVERS-SNC Computer & Software GmbH & Co. KG?

For technical reasons, the use of our product requires collection and processing of the data listed in D. I. Without these data, we are not able to provide the features of our product.

L. Is automated decision-making used?

The customer has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the customer or similarly significantly affects the customer (Art. 22 GDPR). We do not use such automated decision-making.

M. Creation of profiles (profiling)

We do not process your data for the purpose of creating user profiles.

N. Security measures

We employ technical and organisational security measures to protect personal data, in particular against accidental or intentional manipulation, loss, destruction or access by unauthorised persons.

Our security measures are continuously improved in line with technological progress. In addition, we only use employees during the collection and processing of personal data who have been committed to maintain confidentiality.

However, the results of the scans of the IT systems in your company will be stored in unencrypted form to enable evaluation of the reports necessary to react to any detected vulnerabilities at short notice.

O. Amendments to this Privacy Policy

We reserve the right to adapt the above Privacy Policy from time to time in line with future changes regarding the collection and processing of personal data.

As of 16/07/2018

Any further questions?

Contact us by e-mail or messenger. We will be happy to answer any questions you may have. You can test AssetSec free of charge for 7 days. We are happy to answer your questions. We look forward to hearing from you!