Privacy policy for the use of the Guarantee Vault Platform
Last Update: 28.04.2021
With the following information, Digital Vault Services GmbH (DVS) provides you with an overview of the processing of your personal data by DVS in the context of using the Guarantee Vault Platform as well as your rights under data protection law.
Table of Contents
- Identity of the responsible
- Categories of personal data
- Processing purposes and legal basis
- Recipients of the personal data
- Duration of the storage of personal data
- Transfer of data to a third country or to international organizations
- Rights of the affected
- Right of appeal
- Necessity of the data
- Automated decision making (including profiling)
- Information about your right to object
1. Identity of the responsible
The entity responsible for data processing is:
Digital Vault Services GmbH
Stahlgruberring 43,
81829 Munich
Phone: +49 (0)175 / 8868021
You can reach our data protection officer at the above contact details as well as by email:
data-protection@digitalvaultservices.com
2. Categories of personal data
Within the context of the initiation and implementation of the business relationship, DVS processes in particular the following categories of data of its business partners or their contact persons, managing directors or beneficial owners, which we receive from persons acting as representatives of the legal entity of a potential and/or existing customer or have legitimately received from other third parties. On the other hand, we process data that we have obtained in a lawful manner from publicly accessible sources (e.g. commercial register, register of debtors, land register, register of associations, Internet):
- Personal/contact data (e.g. first name, last name, company, (mobile) phone number, fax, e-mail, business address, place of birth, nationality)
- Contract and invoicing data (e.g. bank details, invoice data, signature)
- Communication data in connection with correspondence (e-mails, letters)
- IP addresses
- Legitimation data (e.g. identification documents), authentication data (e.g. specimen signature), Schufa score
- For mandate holders: Information on the mandate, entry in the commercial register, date of birth, private address
3. Processing purposes and legal basis
Data processing by DVS is carried out in the course of contract initiation and operation of the Guarantee Vault Platform in compliance with the provisions of General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and all other applicable laws (e.g. HGB, AO, etc.).
- For the execution and fulfillment of a contract or for pre-contractual measures (Art. 6 para. 1b) GDPR)
- The processing of personal data is carried out for the fulfillment of contracts with our customers. This also includes the implementation of pre-contractual measures, at the request of the business partner.
- In the course of a consideration of interests (Art. 6 para. 1 f) GDPR)
- To the extent necessary, DVS processes your personal data to protect legitimate interests, in particular:
- Onboarding and operation of the Guarantee Vault Platform
- Customer account setup/registration
- Identification verification process
- Authorization check/access control
- Assignment of user IDs to external systems
- Ensuring functionality and continued development of the Guarantee Vault Platform
- Improve user experience
- For internal management purposes within the business group
- Ensuring IT security and operations
- Communication/Support
- Promotion of DVS products
- Prevention of misuse and criminal acts
- Assertion of legal claims and defense in legal
- To the extent necessary, DVS processes your personal data to protect legitimate interests, in particular:
- Based on consent (Art. 6 para. 1 a) GDPR)
- If you have given us consent to process personal data for certain purposes (e.g. newsletter), the lawfulness of this processing is based on your consent. Consent given can be revoked at any time with effect for the future. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected.
- Due to legal requirements (Art. 6 para. 1 c) GDPR) or in the public interest (Art. 6 para. 1 e) GDPR)
- In addition, DVS is subject to various legal obligations, i.e. statutory requirements, e.g. tax regulations.
4. Recipients of the personal data
Within DVS, access to your data is granted to those offices that require it to fulfill our contractual and legal obligations or for the above-mentioned purposes. Service providers and vicarious agents employed by us may also receive data for this purpose. Data will only be passed on outside the company if required by law or if you have given your consent. All recipients, for their part, are obligated to comply with data protection.
Under these conditions, recipients of personal data may be:
- Public authorities and institutions (e.g. tax authorities) in the event of a legal or official obligation
- Order processors to whom we transfer personal data in order to carry out the business relationship with you (e.g. support/maintenance of IT systems, data destruction, payment transactions, accounting)
- Those entities for which you may have given us your consent to the transfer of data
5. Duration of the storage of personal data
DVS processes and stores your personal data as long as it is deemed necessary to fulfill the above-mentioned purposes. It should be noted that many of our business relationships are long-term. If the data are no longer required for the fulfillment of contractual or legal obligations, they are to be deleted regularly, unless their temporary further processing is required for the fulfillment of legal obligations. These can be in particular:
- Compliance with retention periods under commercial and tax law, e.g. under the German Commercial Code or the German Fiscal Code. The periods specified are 2 to 10 years
- Preservation of evidence within the framework of the statute of limitations (e.g. §§ 195ff. BGB).
6. Transfer of data to a third country or to international organizations
In principle, no data is transferred to recipients in countries outside the EU or the EEA (so-called third countries). If, in individual cases, data is transferred to third countries, this is either necessary for the performance of the contract, is carried out as part of an order processing, is required by law or is based on consent that you have given us. If service providers are used in the third country, an appropriate level of data protection is guaranteed.
7. Rights of the affected
Every data subject has a right to information (Article 15 GDPR), a right to rectification (Article 16 GDPR), a right to erasure (Article 17 GDPR), a right to restriction of processing (Article 18 GDPR), a right to object (Article 21 GDPR) and a right to data portability (Article 20 GDPR). The right to information and deletion is subject to the restrictions of §§ 34 and 35 BDSG.
You can revoke your consent to the processing of personal data at any time. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected by this.
8. Right of appeal
In accordance with Art. 77 GDPR, you have the right to lodge acomplaint with the supervisory authority responsible for DVS if you believe that the processing of your personal data is not lawful.
The supervisory authority responsible for DVS is the
Bavarian State Office for Data Protection Supervision (BayLDA)
Phone: +49 (0) 981 180093-0
Fax: +49 (0)981 180093-800
E-Mail : poststelle@lda.bayern.de
9. Necessity of the data
Within the course of our business relationship, you must provide the personal data that is necessary for the establishment and implementation of a business relationship and the fulfillment of the associated contractual obligations, or which we are legally obligated to collect.
10. Automated decision making (including profiling)
Automatic decision making or profiling is not used.
11. Information about your right to object
- Right to objecton a case-by-case basis
- You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6 para. 1 e) GDPR (data processing in the public interest) and Article 6 para. 1 f) GDPR (data processing on the basis of a balance of interests). If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
- Right to object to the processing of data for advertising purposes
- In individual cases, we process your personal data to conduct direct advertising. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes. The objection can be made informally by e-mail to data-protection@digitalvaultservices.com