1. Who is responsible for data processing and with whom can I get in touch?
85748 Garching (b. München)
Phone: 089 321 981 -70
Fax: 089 321 981 -89
Authorized representative: Dr.-Ing. Rainer Stetter
You can get in touch with our corporate Data Protection Officer at:
Corporate Data Protection Officer
85748 Garching (b. München)
Phone: 089 321 981 -63
Fax: 089 321 981 -89
2. What type of sources and data are being used?
We process personal data that we receive from our customers as part of our business relationship. In addition, insofar as this is necessary for the provision of our services, we process personal data which we gain from publicly available sources (e.g. debtor directories, land registers, trade and association registers, press, internet) or which we receive from other companies of the Stetter group.
Relevant personal data are:
Personal details (name, address, e-mail, telephone number and other contact details, gender, marital status, date and place of birth, nationality as well as data on legal capacity);
Legitimacy data (e.g. ID data), non-EU nationals residence and / or work permit;
Authentication data (e.g. signature sample); Tax ID;
Other data (project number, customer number, contract identification characteristics, information on the contractual relationship, technical data on fulfillment of the contract).
In addition, we may also process the following personal data:
Order data (e.g. payment order);
Data resulting from the fulfillment of our contractual obligations (e.g. sales data in payment transactions, IBAN etc.);
Data in connection with the initiation of business and during the ongoing business relationship (including date, time, cause / purpose, channel of communication, copies of correspondence (if necessary also in electronic form), recording of telephone calls and results of communication).
In this context, we also receive so-called IT data, i.e. IP address(es), assignment characteristics of your technical devices with which you access our websites and/or services, cookies.
3. What type of purpose for data processing and which legal basis is being referred to?
We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG):
a. Fulfillment of contractual obligations (Art. 6, 1 lit. b GDPR)
The processing of data is carried out to provide the services offered by ITQ GmbH within the context of the implementation of our contracts with our customers or to carry out pre-contractual measures, which are made on request.
The purposes of data processing are primarily based on the respective, agreed services and may include, among others, the technical testing and provision of services, preparation, implementation and quality assurance of pilot projects and integrated product forms. Please refer to further details of the data processing purposes the relevant contract documents and terms and conditions of the respective services.
b. In the context of balance of interests (Art. 6, 1 lit. f GDPR) – Examples:
Consultation and data exchange with credit agencies (e.g. SCHUFA Holding AG) for the determination of creditworthiness or default risks; Risk management within the Stetter Group;
Asserting legal claims and defense in legal disputes;
Ensuring IT security and IT operations;
Prevention and investigation of criminal offenses;
Video surveillance for the maintenance of domiciliary right;
Measures for building and plant safety (e.g. access control);
Measures to ensure the home ownership;
Business management and service development measures;
Testing and optimization of requirements analysis procedures for direct customer approach;
Advertising or market and opinion research, provided that you have not objected to the use of your data.
c. Based on your declaration of consent (Art. 6, 1 lit. a GDPR)
Taking into account that you have given us consent for the processing of personal data for specific purposes (e.g. disclosure of data within the Stetter group), the legality of this processing is based on your consent. A given consent can be revoked at any time. This also applies to the revocation of declarations of consent, which were issued before the GDPR came into force on May 25, 2018. The revocation of consent does not affect the legality of the data processed until the revocation.
d. Based on legal requirements (Art. 6, 1 lit. c GDPR) or for public benefit (Art. 6, 1 lit. e GDPR)
In addition, we are subject to various legal obligations, i.e. legal requirements. The purposes of the processing include, among other things, the creditworthiness check, identity and age checks, prevention of fraud and money laundering, the fulfillment of tax control and reporting obligations as well as the assessment and management of risks within the Stetter group.
4. Who is receiving your personal data?
Within the organization, only those departments gain access to your data that need your personal data in order to fulfill our contractual and legal obligations. Our service providers may also receive data for these purposes if they maintain data secrecy.
With regard to the transfer of data to third parties, it should be noted that we are contractually bound to secrecy about all customer-related facts and valuations from which we obtain knowledge. We may only disclose information about you if required by law, if you have given your consent.
Under these conditions, recipients of personal data may be, for example:
Companies of the categories:
Consulting and Consulting
Public bodies and institutions (e.g. tax authorities, law enforcement authorities) in the presence of a legal or regulatory obligation.
Other companies within the Stetter Group for risk management due to legal or regulatory obligations.
Processing in this context is for the following reasons / purposes:
Settlement of bank information
Purchasing / Procurement
Support / maintenance of EDP / IT applications
5. Is my personal data being transferred to third countries or to any international organisations?
A transfer of your personal data to third countries is not being carried out nor planned in the near future.
6. For how long will my personal date be stored?
We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations. It should be noted that our business relationship is a continual obligation, which has a duration of (several) years.
If personal data is no longer required for the fulfillment of contractual or legal obligations, these data are deleted on a regular basis, unless their (temporary) further processing is necessary for the following purposes:
Fulfillment of commercial and tax-related retention obligations, which are determined inter alia by the German Commercial Code (HGB), the German Tax Code (AO), the Banking Act (KWG) and the Money Laundering Act (GwG). The deadlines for storage and documentation vary between two and ten years.
Preservation of evidence in the context of the statutory statute of limitations. According to §§ 195 ff. of the Civil Code (BGB), these limitation periods can be up to thirty years, whereby the regular limitation period is three years.
7. Which data protection rights do I have?
Each party involved has the right to information under Article 15 of the GDPR, the right of correction under Article 16 GDPR, the right to cancellation under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR. With regard to the right to information and the right to erase, the restrictions under §§ 34 and 35 BDSG apply. In addition, there is a right of appeal to the Bavarian data protection supervisory authority (Article 77 DSGVO in conjunction with Section 19 BDSG).
You may revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent that were issued to us prior to the General Data Protection Regulation that came into force on May 25, 2018. Please note that the revocation only applies to the future; processing that took place before the revocation is not affected.
8. Is there any obligation for me to provide personal data?
As part of our business relationship, you must provide the personal information necessary to establish a business relationship and to perform its contractual obligations or we are required to collect it by law. Without this information we will generally not be able to conclude or execute a contract with you.