I. Name and address of the Controller
The controller, within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations, is:
Gesellschaft für Soft- und Hardware
Managing Director: Dipl. Betriebsökonom (BWI) Mona Hansen
District Court Charlottenburg, 93 HRB 19 205
Tel.: +49 30 92 10 73 400
II. Name and address of the data protection officer
The data protection officer (“DPO”) of the Controller is:
Tel.: +49 30 92 10 73 400
III. General information regarding data processing
1. Scope of processing of personal data
In principle, we process personal data of our users only insofar as this is necessary to provide a functioning website, as well as its content and services. The processing of personal data of our users only takes place regularly with the consent of the user. An exception applies to cases in which prior consent is not possible for reasons of fact and the processing of the data is permitted by law.
We process personal data in accordance with the GDPR. Accordingly, the processing of your personal data is always founded on a legal basis. Article 6 of the GDPR defines legal bases for the processing of personal data.
2. Legal basis for the processing of personal data
Art. 6 (1) (a) of the EU General Data Protection Regulation (“GDPR”) applies insofar as we obtain the consent of the Data subject for the processing of personal data,
Art. 6 (1) (b) GDPR applies for the processing of personal data necessary for the performance of a contract to which the Data subject is a party. This also applies to processing operations required to carry out pre-contractual actions.
Insofar as processing of personal data is required to fulfill a legal obligation that is subject to our company, Art. 6 (1) (c) applies.
Art. 6 (1) (d) GDPR applies in the event that vital interests of the Data subject or another natural person require the processing of personal data.
Art. 6 (1) (e) GDPR applies in the event that public interests or official authority require the processing of personal data.If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the Data subject do not outweigh the interests of the prior, Art. 6 (1) (f) shall apply.
3. Legal bases for the processing of special categories of personal data
If, in extraordinary cases, we need to process special categories of personal data, such as
• data on racial or ethnic origin (e.g. skin color or special languages),
• data on political opinions (e.g. party memberships),
• data on religious or philosophical beliefs (e.g. membership of a sect),
• data on trade union membership,
• genetic data,
• biometric data (e.g. fingerprints or photographs),
• health data (e.g. identification numbers for disabilities),
• or data concerning the sex life or sexual orientation,
by you, this processing is based on one of the following legal bases, which are de-fined in Article 9 GDPR:
If you have given us your explicit consent for the processing of the above categories of personal data, this constitutes the legal basis for the processing in accordance with Art. 9 II lit. a GDPR.
Performing duties under social security/protection and employment law
If the processing of special categories of personal data relating to you is necessary in order to comply with a legal obligation arising from social security/protection or employment law, the legal basis for this processing is Art. 9 II lit. b GDPR.
Protection of vital interests
If the processing of special categories of personal data relating to you should be necessary to protect your vital interests or those of another person, such processing is carried out pursuant to Art. 9 II lit. c GDPR.
Manifestly public data
Insofar as special categories of personal data of yours are processed, which have previously been made public by yourself, the processing of these data is based on Art. 9 II lit. e GDPR.
Establishment / Exercise / Defence of legal claims
Insofar as the processing of the special categories of personal data relating to you serves us to establish, exercise or defend legal claims, Art. 9 II lit. f GDPR constitutes the legal basis for the processing.
Substantial public interest
In the case of the processing of special categories of personal data concerning you in order to safeguard a substantial public interest arising from EU or national law, the processing is based on Art. 9 II lit. g GDPR.
Assessment of the person's work capacity or other medical purposes such as health care
If the processing of special categories of personal data relating to you arises from a law of the EU or a Member State or a contract concluded with a member of a health profession and is carried out for the purposes of preventive health care, occupational medicine, assessment of an employee's work capacity, medical diagnosis, care or treatment in the health or social field or the management of systems and services in the health or social field, this processing is based on Art. 9 II lit. h GDPR.
Public interest in the area of public health
If the processing of special categories of personal data of yours should be necessary for public health reasons, including protection against cross-border health threats such as pandemics, this processing is carried out on the legal basis of Art. 9 II lit. i GDPR.
Archival purposes, scientific / historical research purposes, statistical purposes
Should the processing of special categories of personal data relating to you arise from a right of the EU or a member state, which stipulates processing for archiving, scientific or historical research or statistical purposes in the public interest, this processing is based on Art. 9 II lit. j GDPR.
4. Data erasure and storage duration
Unless otherwise stated, personal data will be deleted in accordance with Art. 17 GDPR or its processing will be restricted in accordance with Art. 18 GDPR.
The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage ceases to exist. Storage can furthermore apply if this has been provided for by the European or national legislature in EU law regulations, laws or regulations that govern the Controller. The blocking or deletion of the Data also takes place when a storage period prescribed by the standards mentioned above expires, unless there is a need for further storage of the Data for conclusion or fulfillment of the contract. In order to fulfil documentation obligations as well as to comply with statutory obligations to preserve records in Germany, the necessary documents are kept for six years in accordance with § 257 I Commercial Code (HGB) and for ten years in accordance with § 147 I of the Fiscal Code of Germany (AO).
5. Collaboration with processors and third parties
If, in the course of our processing, we transfer Data to other persons and companies (processors or third parties) or otherwise grant access to the Data, this will only be done on the basis of a legal permission that you have consented to, a legal obligation to do so which governs the contractual relationship we have with you, or, if we have a legitimate interest in the transfer of Data (e.g. the use of agents, webhosters, etc.). If we commission third parties with the processing of Data based on a so called "processing contract", this shall be done on the basis of Art. 28 GDPR.
6. Company social media profiles
We operate company profiles within social networks and platforms in order to communicate with customers, prospects and users and to inform them of our services. The terms and conditions and the Data processing guidelines apply to their respective operators upon making use of the respective networks and platforms.
IV. Availability of the website and creation of log files
When visiting our website www.sofha.de, the browser used on your device automatically sends information to the server of our website. This information will be temporarily saved in a so-called Logfile. The following information will be collected without your intervention and stored until automatic deletion:
(1) Information about the browser type and version used
(2) The operating system of the user
(3) The Internet service provider of the user
(4) The IP address of the user
(5) Date and time of access
(6) Websites from which the user's system reaches our website
(7) Websites that are accessed by the user's system through our website
The Data mentioned are processed by us for the following purposes:
• Ensuring a smooth connection setup for the website;
• Ensuring comfortable use of our website;
• Evaluation of system security and stability as well as
• for further administrative purposes.
The Data processed by cookies are required for the purposes mentioned, in order to safeguard our legitimate interests, as well as that of third parties, according to Art. 6 (1) sentence 1 (f) GDPR.
Most browsers accept cookies automatically. However, you can configure your browser such that no cookies are stored on your computer, or such that a hint always appears before a new cookie is created. However, disabling cookies completely may mean that you cannot use all features of our website.
VI. Contact form
For questions of any kind, we offer you the opportunity to contact us via a form provided on the website. It is necessary to provide a valid e- mail address so that we know who the request came from and in order to answer it. Further information can be provided voluntarily. The Data processing for the purpose of contacting us is in accordance with Art. 6 (1) sentence 1 (a) GDPR, and contingent upon on your voluntarily granted consent. The personal data collected by us for the use of the contact form will be automatically deleted after completion of the request made by you.
VII. E-mail contact
Contacting us is possible via the provided e-mail address firstname.lastname@example.org.
In this case, the user's personal data transmitted by e-mail will be stored. In this case, no transfer of Data to third parties will occur. The Data is used exclusively for processing the conversation.
The legal basis for the processing of the Data transmitted in the course of sending an e-mail is Art. 6 (1) (f) GDPR. If the e-mail contact aims to conclude a contract, then Art. 6 (1) (b) GDPR also applies.
The processing of the personal data from the e-mail solely serves us for the handling of the contact request. This also includes the necessary legitimate interest in the processing of the Data.
The Data will be erased as soon as it is no longer necessary for the purpose of its collection. For the personal data sent by e-mail, this is the case when the conversation with the user ends. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been clarified.
The user has the possibility at any time to revoke his consent to the processing of the personal data. If the user contacts us by e-mail at email@example.com, he can object to the storage of his personal data at any time. In such a case, the conversation cannot continue. All personal data stored in the course of the contact process will be deleted in this case.
The tracking measures listed below and used by us are based on Art. 6 (1) sentence 1 (f) GDPR. With the upcoming tracking measures, we intend to ensure a needs-based structure and an ongoing optimization of our website. On the other hand, we use the tracking measures to statistically record the use of our website and evaluate it for the purpose of optimizing our services for you. These interests are to be regarded as justified within the meaning of the aforementioned provision. The respective Data processing purposes and Data categories can be found in the corresponding tracking tools.
For the purpose of customizing and continually optimizing our pages, we use Google Analytics, a web analytics service provided by Google Inc. (https://www.google.com/intl/en/about/) (1600 Amphitheater Parkway, Mountain View, CA 94043, USA, hereafter "Google"). In this context, pseudonymised usage profiles are created and cookies are used (see under Art. V). The information generated by the cookie regarding your use of this website such as
• browser type / version,
• used operating system,
• Referrer URL (the previously visited page),
• Host name of the accessing computer (IP address),
• Time of server request,
are transmitted to a Google server in the US and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage for the purposes of market research and tailor-made website design. This information may also be transferred to third parties if required by law or if third parties are commissioned to process this Data. In no case will your IP address be merged with other Data from Google. The IP addresses are anonymized, so that an assignment is not possible (IP masking). You can prevent the installation of cookies by configuring the browser software accordingly; however, we point out that in this case not all features of this website may be fully utilized. You can also prevent the collection of Data generated by the cookie and related to your use of the website (including your IP address) and the processing of this Data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=en). As an alternative to the browser add-on, especially for browsers on mobile devices, you can prevent the collection by Google Analytics by clicking on this link. An opt-out cookie will be set that will prevent the future collection of your Data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must configure the opt-out cookie again. For more information about privacy in connection with Google Analytics, see the Google Analytics Help Center (https://support.google.com/analytics/answer/6004245?hl=en).
IX. Rights of the person concerned
If your personal data are processed, you are affected within the meaning of the GDPR and you have the following rights vis-à-vis the Controller:
1. Right to information
You can ask the Controller for a confirmation whether personal data concerning you is being processed by us.
(1) You can request the following information from the Controller:
(2) the purposes for which the personal data are processed;
(3) the categories of personal data being processed;
(4) the recipients or categories of recipients to whom the personal data relating to you have been disclosed or will be disclosed;
(5) the planned duration of the storage of your personal data, or, if specific information is not available, criteria for determining the duration of storage;
(6) the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
(7) the existence of a right of appeal to a supervisory authority;
(8) all available information on the source of the Data if the personal data is not collected from the data subject;
(9) the existence of automated decision-making including profiling under Art. 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logistics involved, and the scope and intended impact of such processing on the Data subject.
You have the right to request information about whether your personal information relates to a third country or an international organization. In this connection, you can request the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transfer.
2. Right to rectification
You have a right to rectification and/or completion against the controller, if the personal data being processed is incorrect or incomplete. The Controller must make the correction without delay.
3. Right to restriction of processing
You may request the restriction of the processing of your personal data under the following conditions:
(1) if you contest the accuracy of your personal information for a period of time that enables the Controller to verify the accuracy of your personal data;
(2) the processing is unlawful and you refuse the deletion of the personal data and instead demand the restriction of the use of the personal data;
(3) the Controller no longer needs the personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims; or if you have objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet certain whether the legitimate reasons of the Controller outweigh your grounds.
If the processing of personal data concerning you has been restricted, this Data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.
If processing restrictions are limited according to the above mentioned, you will be informed by the Controller before the restriction is lifted.
4. Right of erasure
a) Erasure obligations
You may require the Controller to erase your personal data without delay, and the Controller is required to delete that Data immediately if one of the following conditions apply:
(1) Personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You revoke your consent subject to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR and there is no other legal basis for processing.
(3) You file an objection against the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate reasons for the processing, or you file an objection against the processing pursuant to Art. 21 (2) GDPR.
(4) Your personal data have been processed unlawfully.
(5) The deletion of personal data concerning you shall be required to fulfill a legal obligation under European Union law or the law of the Member States to which the Controller is subject.
(6) The personal data concerning you were collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.
The right to erasure does not exist if the processing is necessary
(1) to exercise the right to freedom of expression and information;
(2) to fulfill a legal obligation to which we are subject;
(3) to fulfill a legal obligation that requires processing under European Union or Member State law to which the Controller is subject or for the performance of a task of public interest or in the exercise of official authority which has been conferred upon the Controller;
(4) for reasons of public interest in the field of public health pursuant to Art. 9 (2) (h) and (i) and Art. 9 (3) GDPR;
(5) for archival purposes of public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR, to the extent that the law referred to in subparagraph (a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or
(6) to assert, exercise or defend legal claims.
5. Right to information
If you have the right of rectification, erasure or restriction of processing vis-a-vis the controller, he/she is obliged to notify all recipients to whom your personal data have been disclosed of this correction or deletion of the Data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.
The Controller shall have the obligation to inform you of such recipients.
6. Right of data portability
You have the right to receive the personal data concerning you that you have provided to us as a controller in a structured, common and machine-readable format and to transfer it to another controller. Furthermore, you also have the right to request that your personal data be transferred from us to another controller, insofar as this is technically feasible.
The requirements for the applicability of data portability are:
(1) Your personal data is automatically processed based on your consent or a contract;
(2) Your personal data does not serve to fulfil a legal obligation to which we are subject;
(3) Your personal data will not be used to perform a task that is in the public interest;
(4) Your personal data do not serve for the performance of a task which is performed in the exercise of a official authority delegated to us;
(5) The exercise of your right shall not interfere with the rights and freedoms of others.
7. Right to object
You have the right to object at any time, for reasons arising from your particular situation, against the processing of personal data concerning you pursuant to Art. 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions.
The Controller will no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, exercising or defending legal claims.
If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct marketing.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
Regardless of Directive 2002/58/EC, you have the option, in the context of the use of information society services, of exercising your right to object through automated procedures that use technical specifications.
8. Right to revoke the Data protection consent declaration
You have the right to revoke your Data protection declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent up until the revocation.
9. Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of your residence, place of work or place of alleged infringement, if you believe that the processing of the personal data concerning you violates provisions of the GDPR.
The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
The address of the supervisory authority responsible for our company is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Tel.: +49 30 13 88 90
Fax: +49 30 21 55 050
As of July 2021