We hereby inform you about how your personal data is processed within the scope of membership and the claims and rights to which you are entitled under data-protection regulations as stipulated in Art. 13 EU-DS-GVO (hereinafter referred to as “DSGVO” (European Data Protection Regulation)).
1. Who is responsible for data processing?
The external data-protection officer appointed by ONE LOGIC GmbH is:
Verimax GmbH, Warndtstr. 115, D-66127 Saarbrücken
Mr. Winfrid Meusel, E-Mail: firstname.lastname@example.org
Tel: +49 681/309873-33 (extension), Telefax: +49 681/309873-29
2. Which sources and data are used?
3. For what purpose and on what legal basis is the data processed?
Personal data is processed for the purpose of concluding and implementing the contract and the associated ancillary obligations (contract in the sense of membership in the ONE LOGIC Network), the lawfulness of which is derived from Art. 6 (1) b DSGVO. This includes, among other things, communication with members, e.g. about new use cases, accompanying material for these, blueprints, white papers, product and version adjustments, new functionalities, findings from beta tests and development projects, and advertising the product and service portfolio of ONE LOGIC GmbH.
In addition, lawfulness can result from the fulfillment of legal obligations to provide information (Art. 6 (1) c DSGVO in conjunction with § 24 BDSG)
4. By whom and how the data is used?
Within ONE LOGIC GmbH, only those departments and functions that require this data to support members within the network have access.
In addition, ONE LOGIC uses various service providers (called processors) for registration, member management and communication with members. Contracts for commissioned processing have been concluded with these processors in accordance with Art. 28 DSGVO. The communication channels used are generally protected against access by third parties.
Personal data is not passed on to third parties as a matter of principle.
Feedback requested from members is anonymized, and only evaluated and used in summarized form.
5. Where is the data processed?
5.2 Gravity Forms
To send our newsletters, we use the service “MailChimp”, a newsletter sending platform of the US provider Rocket Science Group LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA (“MailChimp”). We use the services of MailChimp as part of an order processing.
MailChimp may use the data of the recipients in pseudonymous form, i.e. without assignment to a user, to optimize or improve its own services, e.g. for the technical optimization of the dispatch and presentation of the newsletters or for utilization for statistical purposes. However, MailChimp does not use the data of our newsletter recipients to write to them itself or to pass the data on to third parties.
MailChimp also processes personal data in the USA. As appropriate guarantees for the data transfer, so-called standard contractual clauses have been concluded in accordance with Art. 46 DSGVO. Further information can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_de.
5.4 Data Interface Zapier.
This site uses Zapier, a service provided by Zapier Inc, 548 Market St #62411, San Francisco, California 94104, USA, to integrate various databases and tools. This may involve the transmission of customer data, with the exception of payment data. Further information on data protection at Zapier can be found at https://zapier.com/privacy. We have entered into a so-called “Data Processing Agreement” with Zapier, in which Zapier undertakes to protect our customers’ data and not to pass it on to third parties. By filling out a form, the Zapier data interface is activated and data is transferred from Gravity Forms to Pipedrive via Zapier (see 5.1 and 5.2).
6. How long is the data stored?
If further contracts are concluded with ONE LOGIC GmbH during membership in the Network, the agreements concluded with them regarding data processing apply, as well as various obligations to store and provide proof, which result, among other things, from the German Commercial Code (HGB) and the German Fiscal Code (AO). Accordingly, the storage periods can be up to ten years.
7. How is the data processed?
7.1 By e-mail, telephone and fax.
On our ONE LOGIC platform, there is an e-mail address and a telephone and fax number, which you can use to contact us. If you write us an e-mail or send us a fax, we will store your sender data (e-mail address/fax number) as well as other data you provide. Even if you call us, it is possible that we store the data we need to answer your inquiry. The legal basis for the processing is Art. 6 (1) b) and f) DSGVO, as the contact may be a contract initiation. However, ONE LOGIC also has a legitimate interest in processing your data in order to be able to respond to you.
In the event that we would like to use your data, in particular your telephone number, fax number or e-mail address for marketing purposes, we ask for your consent in advance. In this case, Art. 6 (1) a) DSGVO is the legal basis. You can revoke your consent at any time with effect for the future. In the case of direct marketing, we also base the processing of the data on our legitimate interest according to Art. 6 (1) f) DSGVO.
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected and there are no legal or contractual archiving obligations to the contrary. This is the case at the latest after 10 years. The conversation is terminated when it can be inferred from the circumstances that the facts concerned have been conclusively clarified.
7.2 Via contact form
A contact form is available on our platform, which you can use to contact ONE LOGIC electronically. If you use this option, the data entered in the input mask will be transmitted to us and stored. In particular, this involves the following data:
- Your title, your name, your company;
- Your e-mail address;
- your telephone number;
- Your inquiry and, if applicable, personal data entered there by you.
The legal basis for the processing of the data is Art. 6 (1) a), b) or f) DSGVO. The processing of personal data from the input mask of our contact form serves us – in addition to the above-mentioned purposes – solely to process your request, which is in our interest. It may be a matter of initiating a contract. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected and there are no legal archiving obligations to prevent its deletion. The conversation is terminated when the circumstances indicate that the matter in question has been conclusively clarified.
At the time your message is sent, the following data is also stored:
- Your IP address;
- Date and time of your contact.
These other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems. The legal basis for the processing of the data is Art. 6 para. 1 f) DSGVO. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest. The data is used exclusively for the processing of the conversation.
8. What data protection rights exist?
Every data subject has the right to information under Article 15 of the GDPR, the right to rectification under Article 16 of the GDPR, the right to erasure under Article 17 of the GDPR, the right to restriction of processing under Article 18 of the GDPR, the right to data portability under Article 20 of the GDPR and a right of objection under Article 21 of the GDPR. With regard to the right to information and the right to erasure, the restrictions pursuant to Sections 34 and 35 BDSG apply. In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 DSGVO in conjunction with § 19 BDSG).
9. Is there an obligation to provide data?
In the context of a membership, members must provide only those personal data that are necessary for the establishment, implementation and termination of membership. Without this data, as a rule, membership will not be possible. In addition, further data transfers may take place on a voluntary basis for the respective purpose (e.g. when using the service desk or for surveys).