Affected rights

Who is responsible for data processing and who can you turn to?

Responsible is:

DRACOON GmbH
Galgenbergstrasse 2a
93053 Regensburg
Germany

Phone: +49 (941) 7 83 85 – 0
Email: info@dracoon.com

The operating data protection officer is:

Christian Volkmer
Projekt 29 GmbH & Co. KG
Ostengasse 14
93047 Regensburg
Germany

Phone: +49 (941) 29 86 93 – 0
Email: anfragen@projekt29.de

Which data is processed and from which sources does this data originate?

We process the data which we have received from you within the framework of contract initiation or execution, on the basis of consent or within the framework of your application or work for us.

The personal data includes:

Your master/contact data, for customers this includes, e.g., the first name and surname, address, contact data (email address, telephone number, fax), bank data.

For applicants and employees this includes, e.g., the first name and surname, address, contact data (email address, telephone number, fax), date of birth, data from the CV and job references, bank data, religion.

For business partners this includes, e.g., the names of their legal representatives, firm, commercial register number, VAT identification number, company number, address, contact data of the contact person (email address, telephone number, fax), bank data.

In addition, we also process the following other personal data:

information about the nature and content of contract data, order data, turnover and document data, customer and supplier history as well as consulting documents;
advertising and sales data,
information from the electronic exchange with us (e.g. IP address, log-in data),
other data which we have received from you within the scope of our business relationship (e.g. customer meetings),
data that we generate ourselves from master/contact data and other data, such as customer requirements and customer potential analyses,
the documentation of your declaration of consent for the receipt of e.g. newsletters.

For which purposes and on which legal basis is this data processed?

We process your data according to the legal regulation of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz) 2018 in the currently valid version:

For the fulfillment of (pre-) contractual obligations (Art. 6 (1) lit b GDPR):
The processing of your data takes place for the contract execution online or in one of our branches and for the contract execution of your work contract in our enterprise. The data is processed in particular for business initiation and the execution of the contracts with you.
For the fulfillment of legal obligations (Art. 6 (1) lit c GDPR):
A processing of your data is necessary for the purpose of fulfilling different legal obligations, e.g. from the commercial code or the tax code.
For the protection of legitimate interests (Art. 6 (1) lit f GDPR):
On the basis of a weighing of interests, data processing may take place beyond the actual fulfilment of the contract in order to safeguard the legitimate interests of us or third parties. Data processing to safeguard legitimate interests is carried out in the following cases, for example:
- advertisement or marketing (see number 4),
- measures for business management and further development of services and products;
- maintaining a group-wide customer database to improve customer service,
- for prosecution purposes,
- within the scope of your consent (Art. 6 (1) lit a GDPR),
- if you have given us your consent to process your data, e.g. to send you our newsletter.

Processing of personal data for advertising purposes

You can object at any time to the use of your personal data for advertising purposes in general or for individual measures without incurring any costs other than the transmission costs according to the basic tariffs.

We are entitled under the legal requirements of § 7 (3) UWG to use the e-mail address you provided when concluding the contract for direct advertising for our own similar goods or services. You will receive these product recommendations from us irrespective of whether you have subscribed to a newsletter or not.

If you do not wish to receive such recommendations via email, you can object at any time without incurring any costs other than the transmission costs according to the basic tariffs. A text message is sufficient for this purpose. Of course, every email always contains a unsubscribe link.

Who receives my data?

If we employ a service provider in the sense of an order processing, we nevertheless remain responsible for the protection of your data. All contract processors are contractually obliged to treat your data confidentially and to process it only within the scope of the service provision. The processors commissioned by us will receive your data if they need it to perform their respective services. These are, for example, IT service providers that we need for the operation and security of our IT system as well as advertising and address publishers for our own advertising campaigns.

Your data is processed in our customer data base. The customer database supports the improvement of the data quality of the existing customer data (duplicate cleansing, moved/deceased markings, address correction) and enables the enrichment with data from public sources.

This data is made available to the group companies if necessary, for the execution of the contract. Customer data is stored separately for each company, with our parent company acting as a service provider for the individual participating companies.

If there is a legal obligation and in the context of legal proceedings, authorities and courts as well as external auditors may be recipients of your data.

In addition, insurance companies, banks, credit agencies and service providers may be recipients of your data for the purpose of initiating and fulfilling contracts..

How long is my data stored?

We process your data until the end of the business relations or until the end of the valid legal storage periods (e.g. from the commercial code, tax code, homes act or the working hours act); in addition, until the end of any legal disputes in which the data is required as evidence.

Is personal data transmitted to a third country?

In principle, we do not transfer any data to a third country. In individual cases, data will only be transferred on the basis of an adequacy decision by the European Commission, standard contractual clauses, suitable guarantees or your express consent.

Which data protection rights do I have?

You have the right of access, right to rectification, to erasure or restriction of processing of your stored data, a right to object to the processing as well as a right to data portability and to complain in accordance with the requirements of the data protection law at any time.

Right of access:
You can request information from us as to whether and to what extent we process your data.

Right to rectification:
If we process your data that is incomplete or inaccurate, you may request that we correct or complete it at any time.

Right to erasure:
You may request that we delete your data if we process it unlawfully or if the processing disproportionately interferes with your legitimate protection interests. Please note that there may be reasons that prevent an immediate deletion, e.g. in the case of legally regulated storage obligations.

Irrespective of the exercise of your right to deletion, we will delete your data immediately and completely, insofar as there is no legal or statutory obligation to retain data in this respect.

Right to restriction of processing:
You can ask us to restrict the processing your data if

you dispute the accuracy of the data for a period of time that allows us to verify the accuracy of the data,
the processing of the data is unlawful, but you refuse to delete it and instead demand a restriction on the use of the data,
we do no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or
you have objected to the processing of the data.

Right to data portability:
You may request that we provide you with the information you have provided to us in a structured, common and machine-readable format and that you may provide that information to another responsible person without our interference, provided that

we process this data on the basis of an agreement given and revocable by you or for the fulfilment of a contract between us, and
such processing is carried out using automated procedures.

If technically feasible you may request a direct transfer of your data to a different responsible person.

Right to object:
If we process your data for legitimate reasons, you may object to such processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can prove compelling grounds for processing worthy of protection which outweigh your interests, rights and freedoms or unless the processing serves the assertion, exercise or defense of legal claims. You can object to the processing of your data for the purpose of direct marketing at any time without giving reasons.

Right to complain:
If you are of the opinion that we violate German or European data protection laws when processing your data, we ask you to contact us in order to clarify any questions you may have. Of course, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision.

If you wish to assert any of the rights above against us, please contact our data protection officer. In case of doubt, we can request additional information to confirm your identity.

Am I obliged to provide data?

The processing of your data is necessary to conclude or execute your contract with us. If you do not provide us with this data, we will generally have to refuse to enter into the contract or will no longer be able to execute an existing contract and will therefore have to terminate it. However, you are not required to consent to the processing of any data that is not relevant to the performance of the agreement or required by law.