The controller as defined by data protection laws, especially the EU General Data Protection Regulation (GDPR), is:
SAE IT-systems GmbH & Co. KG
Im Gewerbegebiet Pesch 14
50767 Cologne, Germany
Tel.: +49 (0) 221 59 80 8-0
Fax: +49 (0) 221 59 80 8-60
Data Protection Officer
If you have any questions regarding the processing of your personal data, you can contact our external data protection officer at the postal address mentioned above with the following addendum:
Personal / Confidential
Attn: External data protection officer of SAE IT-systems GmbH & Co. KG
or by e-mail: privacy( at )sae-it.de
Our data privacy statement should be simple and easy for anyone to understand. As a rule, our data privacy statement uses the terminology of the General Data Protection Regulation (GDPR). Those official definitions are explained in Art. 4 GDPR.
Data processing through the visit to our website
Whenever you access our website, it is technically necessary that data be transmitted to our web server via your internet browser. The following data will be recorded during an ongoing connection to communication between your internet browser and our web server.
• Domain visited
• Date and time of the request
• Page from which the file was requested
• Access status (file transmitted, file not found, etc.)
• Web browser and operating system used
• IP address of the requesting computer
• Quantity of transferred data
We collect the data listed to guarantee a smooth connection setup on the website and make our website comfortable to use. The log file also helps us evaluate system security and stability and serves administrative purposes. The legal basis for the temporary storage of the data or log files is Art. 6 (1) f GDPR.
For reasons of technical security, especially to defend against attacks attempted on our web server, as well as to optimise the underlying technology (server capacity), we store these data for a short time. These data cannot be used to draw any conclusions about specific people. These data are not evaluated, except in anonymised form for statistical purposes. These data will not be combined with data from other data sources.
General data processing on the website
To protect the security of your data during transmission, we use state-of-the-art encryption procedures (such as SSL) via HTTPS.
a) Up- and download area (ShareFile)
Our up- and download area is based on ShareFile. ShareFile, a service provided by Citrix, is hosted in our company and enables data to be accessed or exchanged more quickly and securely.
When registering to use our download area, the following personal data will be collected in a user account:
• Company name
• Last name, First name
• Email address
• Date and time of registration
• Time of the last login
The legal basis for processing the data is Art. 6 (1) GDPR.
The data will be stored as long as the user account exists. Registered users can independently alter or delete data entered during registration at any time. Obviously, we will also give you information at any time about any of your personal data we are storing. We will gladly correct data or delete the user account at your request. To contact us for that purpose, please use the contact information given at the end of this data privacy statement.
There will be no forwarding to third parties.
b) Contact forms and establishing contact by email
Our website contains contact forms for general questions, registrations for training, and repair requests or complaints.
If you send us requests using a contact form or email, your information from the request form or your email, including the contact data you provide there, will be stored to process your request and help us answer follow-up questions. We will never forward those data without your permission. By selecting the option “hotel reservation desired” in the contact form to register for trainings, you are granting us your consent to forward the necessary contact information of the guest and the booking period to a hotel we choose, exclusively for the purpose of the one-time booking.
The legal basis for processing the data is our legitimate interest in addressing your concerns under Art. 6 (1) f GDPR and Art. 6 (1) b GDPR, provided your request aims at concluding a contract.
Based on your expressly granted consent, we will periodically send you our newsletter or comparable information to the email address you have provided.
To receive the newsletter, providing your first and last name and your email address will be enough. If you register to receive our newsletter, the data you provide will be used exclusively for this purpose. Subscribers can also be informed by email of circumstances that are relevant to the service or registration (such as offers, technical matters, or changes to the newsletter).
For a registration to be effective, we will need a valid email address. We use a “double opt-in” procedure to make sure we are registering the actual owner of the email address. To do so, we log the order of the newsletter, the sending of a confirmation email, and the receipt of the answer that email requests. If you answer in the affirmative, you are granting us your consent under Art. 6 (1) a GDPR to use your personal data to send the requested newsletter. No additional data will be collected to this end. The data will be used only to send the newsletter and will not be forwarded to third parties.
You may at any time withdraw your consent to have your personal data stored or used to send the newsletter. Every newsletter contains a link for this purpose. You may also deregister at any time—either directly on this website or by notifying us of your intentions via the contact information given at the end of this data privacy statement.
Web analysis and ad tracking
a) Google Analytics
Our website uses Google Analytics, a web analysis service of Google Ireland Limited (“Google”). Google Analytics uses what are known as “cookies”. Those are text files that are stored on your computer and allow us to analyse how you use our website. The information the cookie generates about your use of this website is normally transmitted to a Google server in the USA and stored there. We use Google Analytics only with activated IP anonymisation. This means that Google will truncate the user’s IP address within member states of the European Union, or in other Contracting Parties to the EEA Agreement, to keep it from being traced to a specific person. Google Ireland Limited has its registered office in Ireland (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) and is certified for the US-European data protection treaty “Privacy Shield”, which guarantees compliance with the level of data protection applicable in the EU. The data is processed under Art. 6 (1) f GDPR or § 15 (3) TMG (German Telemedia Act), based on our legitimate interest in statistically analysing user behaviour for optimisation and marketing purposes.
You can prevent the cookies from being stored by adjusting your browser settings accordingly, but we must point out that if you do, you will not be able to use all of this website’s functions to their full extent. You can also prevent Google from capturing and processing the data collected through the cookie, which relates to your use of the website and includes your IP address, by downloading and installing the browser plug-in available under the URL tools.google.com/dlpage/gaoptout.
Clicking the following link will prevent Google Analytics from capturing data by setting an opt-out cookie:
Deactivate Google Analytics
Google’s data privacy statement contains more information about how Google Analytics handles data:
a) Social media links
Social networks (Kununu, Xing, LinkedIn and YouTube) are incorporated into our website as links to those services. By clicking the embedded text-image link, you will be redirected to the site of the provider in question. User information will not be forwarded to that provider until you have been redirected. Please read the data protection provisions of the site provider for information on how your personal data will be handled when using that website.
b) Embedded YouTube videos
We embed YouTube videos on our website. The operator of the plug-in in question is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is owned by Google Ireland Limited, which has its registered office in Ireland (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). Visiting a site with a YouTube plug-in establishes a connection to YouTube’s servers. This informs YouTube of which sites you are visiting. If you are logged into your YouTube account, YouTube can assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account in advance.
If a YouTube video is started, the provider places cookies to collect information about user behaviour.
Users who deactivate the storage of cookies for the Google Ad programme won’t need to worry about such cookies when watching YouTube videos. However, YouTube also places usage information in other, non-personalised cookies. If you wish to prevent this, you must block the storage of cookies in your browser.
Please consult the provider’s data privacy statement for more information about data privacy with YouTube: policies.google.com/privacy
c) Google Maps
You will find extensive instructions for managing your own data in connection with Google products here.
Cookie cannot be used to start programmes or transmit viruses to a computer. We use the information cookies contain to simplify navigation and have our website be correctly displayed.
If personal data are also processed through individual cookies we implement, that processing will take place either to execute the contract (Art. 6 (1) b GDPR) or to guard our legitimate interests (Art. 6 (1) f GDPR) in having our website function at its best and our site visit be customer-friendly and effective.
Data forwarding and recipient
Your personal data will be forwarded to third parties only if
• we have explicitly referred to this in the description to the data processing for the procedure in question
• you have given us your express consent under Art. 6 (1) sentence 1 a GDPR
• those data must be forwarded under Art. 6 (1) sentence 1 f GDPR to assert, exercise or defend against legal claims and there is no reason to assume that you have an overriding interest in the data not being forwarded that is worth protecting,
• a statutory obligation for forwarding the data exists under Art. 6 (1) sentence 1 c GDPR
• we must do so to develop our contractual relationship with you under Art. 6 (1) sentence 1 b GDPR
Moreover, we use external service providers for that development, whom we have carefully selected and commissioned in writing. They are bound by our instructions. To this end, contracts on commissioned data processing have been concluded where necessary, under Art. 28 GDPR. We use service providers for web hosting, to send emails and the newsletter, and to maintain and care for our IT systems, etc. These service providers will not forward those data to third parties.
Storage period for personal data
The storage period for personal data is measured by the relevant statutory retention periods (such as those under commercial or tax law). After the time limit in question expires, the data will be routinely deleted. If data is needed to initiate or fulfil a contract, or we have a legitimate interest in further storage, the data will be deleted if they are no longer needed for those purposes or if you assert your right to object or withdraw consent.
Rights of the data subject
The following will inform you about which data subject rights toward the controller are granted to you by applicable data protection laws regarding the processing of your personal data:
The right under Art. 15 GDPR to demand access to information about the personal data about you we are processing. In particular, you may demand access to information about the processing purpose, the categories of personal data, the categories of recipients to whom your data were or will be disclosed, the planned storage duration, the existence of rights to rectification, erasure, restriction of processing, objection or complaint, the origin or your data (if those data were not collected by us), and information about the existence of an automated decision-making procedure, including profiling, and any meaningful information about its details.
The right under Art. 16 GDPR to demand that the personal data about you we have stored be rectified or completed if necessary.
The right under Art. 17 GDPR to demand the erasure of personal data about you we have stored, unless those data must be processed to exercise the right to free information and expression of opinion, to fulfil a legal obligation, for reasons in the public interest, or to assert, exercise or defend against legal claims.
The right under Art. 18 GDPR to demand the restriction of the processing of your personal data if you dispute its correctness, the processing is illegal, but you waive your right to have those data erased and we no longer need the data but you need them to assert, exercise or defend against legal claims, or you have lodged an objection against their processing under Art. 21 GDPR.
The right under Art. 20 GDPR to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format, or to demand that they be transmitted to another controller.
The right to lodge a complaint with the supervisory authority under Art. 77 GDPR. As a rule, you can do so by contacting the supervisory authority of the federal province of our registered office specified above, or where you normally live or work.
The right under Art. 7 (3) GDPR to withdraw a consent you have granted: You have the right at any time to withdraw a consent you have granted to have your data processed, with effect for the future. If you do so, we will delete the data concerned without undue delay, unless their further processing can be supported by the legal basis of “processing without the need for consent”. Withdrawing your consent will not affect the legality of processing that has already occurred based on your consent;
Right to object
If we are processing your personal data on the basis of legitimate interests under Art. 6 (1) sentence 1 f GDPR, you have the right under Art. 21 GDPR to object to the processing of your personal data, provided this arises from reasons revealed by your particular situation. If your objection to the processing of personal data is aimed at direct marketing, you have a general right to object without being required to provide details about your particular situation.
If you wish to assert your right of withdrawal or your right to object, please use the contact information given at the end of this data privacy statement.
Adjustments and status of the data privacy statement
We reserve the right to adapt or update this data privacy statement if necessary, under observance of applicable data protection provisions. This will allow us to adapt that statement to current legal requirements and take changes in our services into consideration, such as when introducing new services. The most current version will apply to your visit.
Last revision of this data privacy statement:
25 May 2018
For questions, objections or change requests, please send an email to firstname.lastname@example.org.