The protection of your personal data and other information provided to us is of the utmost importance to SIEVERS-SNC Computer & Software GmbH & Co. KG. The collection, processing and use of your data within the scope of using our software products is carried out exclusively in accordance with the provisions set forth below and in compliance with the applicable data protection laws.
Below we would like to inform you about the data collected while using AssetSec (hereinafter "product"), the way we process them as well as your associated rights. In addition, we inform you of the accompanying technical and organisational measures we have taken to protect your data.
The controller responsible for operating the product within the meaning of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) and the service provider within the meaning of the Telemedia Act (TMG) is
Hans-Wunderlich-Straße 8 49078 Osnabrück Tel.: +49 (0) 541 – 9493 - 0 Fax: +49 (0) 541 – 9493 - 250 Email: firstname.lastname@example.org Court of registration: Osnabrück District Court, HR A 6465 VAT ID: DE117654222
Represented by the general partner: SIEVERS-SNC Beteiligungs GmbH Hans-Wunderlich-Straße 8 49078 Osnabrück Court of registration: Osnabrück District Court, HR B 19289
in turn represented by Managing Directors Klaus Gerdes-Röben, Marco Naber, Rüdiger Sievers and Udo Wenker
SIEVERS-SNC Computer & Software GmbH & Co. KG has appointed a data protection officer. You can contact our in-house data protection officer by post to the above address or by email to: email@example.com.
Personal data means all information concerning personal or material circumstances that can be easily and uniquely attributed to you. These include, for example, your name, your IP addresses, your email address or an online identifier (including password). Personal data also include the names, email addresses and IP addresses of third parties.
To use the product, you need to register and thereby create a user profile. We collect and use the following data in connection with your registration:
After registration, we will use your email address and password for authentication when you log in to your personal profile. After login to your personal profile, you have the opportunity to view and change your personal data.
For the purpose of billing, you will need to provide the credit card details of your company, unless payment on account has been agreed. However, these do not constitute personal data within the meaning of Art. 4 GDPR.
In connection with the use of the product, we collect and process the following personal data within the product:
For the purpose of validation, the IP address to be scanned will be transmitted to the company RIPE NCC, Stationsplein 11, 1012 AB Amsterdam (Netherlands). By matching it with the data stored in the local database – if available – the name and email address of the controller of the host to be scanned are ascertained.
You can get in touch with us directly using the "live chat" feature provided within the product. We collect, process and use the personal data (including your name) and information you provide us during the chat exclusively for the purpose of processing your request. This correspondence will be stored in accordance with the statutory retention periods and deleted after expiry of any retention periods.
We use software by the company INTERCOM Inc., 55 2nd Street, 4th Floor, San Francisco, CA 94105 (USA) to provide the "live chat" feature. Our service provider is headquartered in a country outside the European Union ("third country").
INTERCOM Inc. is commissioned based on the European Commission's decision of 12/07/2016, according to which the USA offers an adequate level of protection (adequacy decision pursuant to Art. 45 GDPR).
We process your personal data in accordance with the requirements of the European General Data Protection Regulation (GDPR) as well as the national data protection regulations (Federal Data Protection Act, Telemedia Act) for the following purposes:
We process your personal data for the purpose of providing the features within the product. In this case, the legal basis for processing is point (b) of Art. 6 (1) GDPR.
The same applies to the processing of personal data in connection with the processing of your requests submitted via the live chat.
Furthermore, we process your personal data to the extent that you have given your consent. In this case, the legal basis for processing is point (a) of Art. 6 (1) GDPR. Upon obtaining your consent, we will inform you of the specific purpose of the intended processing. You may withdraw your consent you have given to us at any time with effect for the future. This also applies to consents you have given before 25 May 2018. We will inform you of the possibility of withdrawing your consent upon obtaining your consent.
Within SIEVERS-SNC Computer & Software GmbH & Co. KG, your data is transferred to those departments which need them for the performance of the contract or to take steps prior to entering into a contract (e.g. Remote Support for eliminating vulnerabilities, Sales for enquiries about other products and services).
To the extent necessary, we transfer data, in addition to the above-mentioned companies, to service providers supporting us (e.g. postal service providers, logistics companies, IT service providers, debt collection agencies and legal advisors).
Outside SIEVERS-SNC Computer & Software GmbH & Co. KG, your data are transferred to the company RIPE NCC, Stationsplein 11, 1012 AB Amsterdam, Netherlands, for the purpose of validating the IP address to be scanned.
In addition, we transfer the bank details and/or credit card data of your company to the company Stripe Payments Europe, Ltd., Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, for the purpose of processing payments.
Apart from that, we transfer your data to third parties to the extent that we are legally required to do so (e.g. to law enforcement authorities).
We have engaged the above-mentioned technical service providers in connection with the processing of your data. To the extent that these service providers process your data in a country outside the European Union ("third country"), this has been pointed out in the description of the respective service provider.
If, in connection with the operation of our product, we intend to use the services of additional or other service providers that process the users' data in a country outside the European Union, this will only take place if the European Commission has decided in an adequacy decision that the respective third country offers an adequate level of protection (Art. 45 GDPR) or, in the absence of such decision, if appropriate safeguards are provided for the protection of your data and enforceable rights and effective legal remedies are available to you (Art. 46 GDPR).
We will store your personal data as long as you use our products. To the extent that your data are subject to fiscal, commercial or other statutory retention requirements, we will store these data until expiry of the aforementioned periods. The IP address of the IT system you use while using our product will be stored until disclosure of your postal address.
Every user has the right to obtain information on the data stored by SIEVERS-SNC Computer & Software GmbH & Co. KG and the related processing activities pursuant to Art. 15 GDPR, the right to obtain rectification of inaccurate data pursuant to Art. 16 GDPR, the right to obtain erasure of their data after performance of the contract pursuant to Art. 17 GDPR, unless the erasure conflicts with any retention requirements, the right to obtain restriction of processing pursuant to Art. 18 GDPR, the right to object pursuant to Art. 21 GDPR as well as the right to data portability pursuant to Art. 20 GDPR.
To the extent that you have given your consent to data processing by SIEVERS-SNC Computer & Software GmbH & Co. KG, you may withdraw this consent at any time, without this affecting the lawfulness of processing based on consent before the withdrawal.
Furthermore, you have the right to lodge a complaint with a competent supervisory authority pursuant to Art. 77 GDPR.
If you have any questions or enquiries concerning the protection of your personal data and the exercise of the aforementioned rights, please contact our data protection officer using the contact details provided above.
Right to object in particular situations
Right to object to processing of data for direct marketing purposes, including any related prior processing activities (profiling)
SIEVERS-SNC Computer & Software GmbH & Co. KG Hans-Wunderlich-Straße 8 49078 Osnabrück Tel.: +49 (0) 541 – 9493 - 0 Fax: +49 (0) 541 – 9493 - 250 E-Mail: firstname.lastname@example.org
For technical reasons, the use of our product requires collection and processing of the data listed in D. I. Without these data, we are not able to provide the features of our product.
The customer has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the customer or similarly significantly affects the customer (Art. 22 GDPR). We do not use such automated decision-making.
We do not process your data for the purpose of creating user profiles.
We employ technical and organisational security measures to protect personal data, in particular against accidental or intentional manipulation, loss, destruction or access by unauthorised persons.
Our security measures are continuously improved in line with technological progress. In addition, we only use employees during the collection and processing of personal data who have been committed to maintain confidentiality.
However, the results of the scans of the IT systems in your company will be stored in unencrypted form to enable evaluation of the reports necessary to react to any detected vulnerabilities at short notice.
As of 16/07/2018