I. Name and address of the Controller
The controller, within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations, is:
Gesellschaft für Soft- und Hardware
Managing Director: Dipl. Betriebsökonom (BWI) Mona Hansen
District Court Charlottenburg, 93 HRB 19 205
Tel.: +49 30 92 10 73 400
II. Name and address of the data protection officer
The data protection officer (“DPO”) of the Controller is:
Tel.: +49 30 92 10 73 400
III. General information regarding data processing
1. Scope of processing of personal data
In principle, we process personal data of our users only insofar as this is necessary to provide a functioning website, as well as its content and services. The processing of personal data of our users only takes place regularly with the consent of the user. An exception applies to cases in which prior consent is not possible for reasons of fact and the processing of the data is permitted by law.
2. Legal basis for the processing of personal data
Art. 6 (1) (a) of the EU General Data Protection Regulation (“GDPR”) applies insofar as we obtain the consent of the Data subject for the processing of personal data,
Art. 6 (1) (b) GDPR applies for the processing of personal data necessary for the performance of a contract to which the Data subject is a party. This also applies to processing operations required to carry out pre-contractual actions.
Insofar as processing of personal data is required to fulfill a legal obligation that is subject to our company, Art. 6 (1) (c) applies.
Art. 6 (1) (d) GDPR applies in the event that vital interests of the Data subject or another natural person require the processing of personal data.
If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the Data subject do not outweigh the interests of the prior, Art. 6 (1) (f) shall apply.
3. Data erasure and storage duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage ceases to exist. Storage can furthermore apply if this has been provided for by the European or national legislature in EU law regulations, laws or regulations that govern the Controller. The blocking or deletion of the Data also takes place when a storage period prescribed by the standards mentioned above expires, unless there is a need for further storage of the Data for conclusion or fulfillment of the contract.
4. Collaboration with processors and third parties
If, in the course of our processing, we transfer Data to other persons and companies (processors or third parties) or otherwise grant access to the Data, this will only be done on the basis of a legal permission that you have consented to, a legal obligation to do so which governs the contractual relationship we have with you, or, if we have a legitimate interest in the transfer of Data (e.g. the use of agents, webhosters, etc.). If we commission third parties with the processing of Data based on a so called "processing contract", this shall be done on the basis of Art. 28 GDPR.
5. Company social media profiles
We operate company profiles within social networks and platforms in order to communicate with customers, prospects and users and to inform them of our services. The terms and conditions and the Data processing guidelines apply to their respective operators upon making use of the respective networks and platforms.
IV. Availability of the website and creation of log files
When visiting our website www.sofha.de, the browser used on your device automatically sends information to the server of our website. This information will be temporarily saved in a so-called Logfile. The following information will be collected without your intervention and stored until automatic deletion:
(1) Information about the browser type and version used
(2) The operating system of the user
(3) The Internet service provider of the user
(4) The IP address of the user
(5) Date and time of access
(6) Websites from which the user's system reaches our website
(7) Websites that are accessed by the user's system through our website
The Data mentioned are processed by us for the following purposes:
• Ensuring a smooth connection setup for the website,
• Ensuring comfortable use of our website
• Evaluation of system security and stability as well as
• for further administrative purposes.
The Data processed by cookies are required for the purposes mentioned, in order to safeguard our legitimate interests, as well as that of third parties, according to Art. 6 (1) sentence 1 (f) GDPR.
Most browsers accept cookies automatically. However, you can configure your browser such that no cookies are stored on your computer, or such that a hint always appears before a new cookie is created. However, disabling cookies completely may mean that you cannot use all features of our website.
VI. Contact form
For questions of any kind, we offer you the opportunity to contact us via a form provided on the website. It is necessary to provide a valid e- mail address so that we know who the request came from and in order to answer it. Further information can be provided voluntarily. The Data processing for the purpose of contacting us is in accordance with Art. 6 (1) sentence 1 (a) GDPR, and contingent upon on your voluntarily granted consent. The personal data collected by us for the use of the contact form will be automatically deleted after completion of the request made by you.
VII. E-mail contact
Contacting us is possible via the provided e-mail address email@example.com.
In this case, the user's personal data transmitted by e-mail will be stored. In this case, no transfer of Data to third parties will occur. The Data is used exclusively for processing the conversation.
The legal basis for the processing of the Data transmitted in the course of sending an e-mail is Art. 6 (1) (f) GDPR. If the e-mail contact aims to conclude a contract, then Art. 6 (1) (b) GDPR also applies.
The processing of the personal data from the e-mail solely serves us for the handling of the contact request. This also includes the necessary legitimate interest in the processing of the Data.
The Data will be erased as soon as it is no longer necessary for the purpose of its collection. For the personal data sent by e-mail, this is the case when the conversation with the user ends. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been clarified.
The user has the possibility at any time to revoke his consent to the processing of the personal data. If the user contacts us by e-mail at firstname.lastname@example.org, he can object to the storage of his personal data at any time. In such a case, the conversation cannot continue. All personal data stored in the course of the contact process will be deleted in this case.
The tracking measures listed below and used by us are based on Art. 6 (1) sentence 1 (f) GDPR. With the upcoming tracking measures, we intend to ensure a needs-based structure and an ongoing optimization of our website. On the other hand, we use the tracking measures to statistically record the use of our website and evaluate it for the purpose of optimizing our services for you. These interests are to be regarded as justified within the meaning of the aforementioned provision. The respective Data processing purposes and Data categories can be found in the corresponding tracking tools.
For the purpose of customizing and continually optimizing our pages, we use Google Analytics, a web analytics service provided by Google Inc. (https://www.google.com/intl/en/about/) (1600 Amphitheater Parkway, Mountain View, CA 94043, USA, hereafter "Google"). In this context, pseudonymised usage profiles are created and cookies are used (see under Art. V). The information generated by the cookie regarding your use of this website such as
• browser type / version,
• used operating system,
• Referrer URL (the previously visited page),
• Host name of the accessing computer (IP address),
• Time of server request,
are transmitted to a Google server in the US and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage for the purposes of market research and tailor-made website design. This information may also be transferred to third parties if required by law or if third parties are commissioned to process this Data. In no case will your IP address be merged with other Data from Google. The IP addresses are anonymized, so that an assignment is not possible (IP masking). You can prevent the installation of cookies by configuring the browser software accordingly; however, we point out that in this case not all features of this website may be fully utilized. You can also prevent the collection of Data generated by the cookie and related to your use of the website (including your IP address) and the processing of this Data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=en). As an alternative to the browser add-on, especially for browsers on mobile devices, you can prevent the collection by Google Analytics by clicking on this link. An opt-out cookie will be set that will prevent the future collection of your Data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must configure the opt-out cookie again. For more information about privacy in connection with Google Analytics, see the Google Analytics Help Center (https://support.google.com/analytics/answer/6004245?hl=en).
IX. Rights of the person concerned
If your personal data are processed, you are affected within the meaning of the GDPR and you have the following rights vis-à-vis the Controller:
1. Right to information
You can ask the Controller for a confirmation whether personal data concerning you is being processed by us.
(1) You can request the following information from the Controller:
(2) the purposes for which the personal data are processed;
(3) the categories of personal data being processed;
(4) the recipients or categories of recipients to whom the personal data relating to you have been disclosed or will be disclosed;
(5) the planned duration of the storage of your personal data, or, if specific information is not available, criteria for determining the duration of storage;
(6) the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
(7) the existence of a right of appeal to a supervisory authority;
(8) all available information on the source of the Data if the personal data is not collected from the data subject;
(9) the existence of automated decision-making including profiling under Art. 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logistics involved, and the scope and intended impact of such processing on the Data subject.
You have the right to request information about whether your personal information relates to a third country or an international organization. In this connection, you can request the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transfer.
2. Right to rectification
You have a right to rectification and/or completion against the controller, if the personal data being processed is incorrect or incomplete. The Controller must make the correction without delay.
3. Right to restriction of processing
You may request the restriction of the processing of your personal data under the following conditions:
(1) if you contest the accuracy of your personal information for a period of time that enables the Controller to verify the accuracy of your personal data;
(2) the processing is unlawful and you refuse the deletion of the personal data and instead demand the restriction of the use of the personal data;
(3) the Controller no longer needs the personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims; or if you have objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet certain whether the legitimate reasons of the Controller outweigh your grounds.
If the processing of personal data concerning you has been restricted, this Data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.
If processing restrictions are limited according to the above mentioned, you will be informed by the Controller before the restriction is lifted.
4. Right of erasure
a) Erasure obligations
You may require the Controller to erase your personal data without delay, and the Controller is required to delete that Data immediately if one of the following conditions apply:
(1) Personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You revoke your consent subject to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR and there is no other legal basis for processing.
(3) You file an objection against the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate reasons for the processing, or you file an objection against the processing pursuant to Art. 21 (2) GDPR.
(4) Your personal data have been processed unlawfully.
(5) The deletion of personal data concerning you shall be required to fulfill a legal obligation under European Union law or the law of the Member States to which the Controller is subject.
(6) The personal data concerning you were collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.
The right to erasure does not exist if the processing is necessary
(1) to exercise the right to freedom of expression and information;
(2) to fulfill a legal obligation that requires processing under European Union or Member State law to which the Controller is subject or for the performance of a task of public interest or in the exercise of official authority which has been conferred upon the Controller;
(3) for reasons of public interest in the field of public health pursuant to Art. 9 (2) (h) and (i) and Art. 9 (3) GDPR;
(4) for archival purposes of public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR, to the extent that the law referred to in subparagraph (a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or
(5) to assert, exercise or defend legal claims.
5. Right to information
If you have the right of rectification, erasure or restriction of processing vis-a-vis the controller, he/she is obliged to notify all recipients to whom your personal data have been disclosed of this correction or deletion of the Data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.
The Controller shall have the obligation to inform you of such recipients.
6. Right to object
You have the right to object at any time, for reasons arising from your particular situation, against the processing of personal data concerning you pursuant to Art. 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions.
The Controller will no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, exercising or defending legal claims.
If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct marketing.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
Regardless of Directive 2002/58/EC, you have the option, in the context of the use of information society services, of exercising your right to object through automated procedures that use technical specifications.
7. Right to revoke the Data protection consent declaration
You have the right to revoke your Data protection declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent up until the revocation.
8. Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of your residence, place of work or place of alleged infringement, if you believe that the processing of the personal data concerning you violates provisions of the GDPR.
The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
As of May 2018