Data Protection Information for Customers/Contract Partners and Interested Parties

Information on data protection regarding our processing of customer and prospect data pursuant to Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR)


Information on data protection regarding our processing of customer and prospect data pursuant to Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR)

Dear customer, dear prospective customer,

In accordance with the provisions of Art. 13, 14 and 21 of the General Data Protection Regulation (GDPR), we hereby inform you of the processing of the personal data collected about you and your rights under data protection law in this regard. Which data is processed in detail and how it is used depends largely on the requested or agreed services. In order to ensure that you are fully informed about the processing of your personal data within the framework of the performance of a contract or the implementation of pre-contractual measures, please take note of the following information.

1. Controller in accordance with the data protection law

Enapt GmbH
Leopoldstraße 59
80802 München
support@magicplan.app
www.magicplan.app

2. Contact data of our data protection officer

PROLIANCE GmbH / datenschutzexperte.de
Datenschutzbeauftragter
Leopoldstr. 21
80802 München
E-Mail: datenschutzbeauftragter@datenschutzexperte.de

4. Categories of personal data

We process only such data which are connected with the contract initiation or the pre- contractual measures. This can be general data about your person or persons of your company (name, address, contact data etc.) as well as further data, if necessary, which you transmit to us in the context of the initiation of the contract.

5. Sources of data

We process personal data which we receive from you within the framework of establishing contact or a contractual relationship or within the framework of pre-contractual measures.

6. Recipient of the data

We transfer on your personal data within our company exclusively to those areas and persons who need this data to fulfil their contractual and legal obligations or to implement our legitimate interest.

We may transfer your personal data to companies affiliated with us to the extent permitted by the purposes and legal bases set out in Section 3 of this Data Protection Information Sheet.

Your personal data will be processed on our behalf on the basis of data processing agreements in accordance with Art. 28 GDPR. In these cases, we ensure that the processing of personal data is carried out in accordance with the provisions of the GDPR. The categories of recipients in this case are providers of Internet services and providers of customer management systems and software.

Data will otherwise only be transferred to recipients outside the company if this is permitted or required by law, if it is necessary for the processing of the contract or, at your request, for the implementation of pre-contractual measures, if we have your consent or if we are authorized to provide information. Under these conditions, recipients of personal data may be, for example:

External tax consultants
Public bodies and institutions (e.g. public prosecutor’s office, police, supervisory authorities, tax office) where there is a legal or official obligation,
Recipients to whom the transfer is directly necessary for the purpose of establishing or performing the contract

7. Transfer to a third country

Personal data will only be transferred to countries outside the EEA (European Economic Area) or to an international organization if this is necessary for the performance of the contract or, at your request, for the implementation of pre-contractual measures, if the transfer is required by law or if you have given us your consent.

Your data can be transferred to the USA and Canada. For Canada, the EU Commission has established an adequate level of data protection (EU adequacy decision on the Canadian Personal Information Protection and Electronic Documents Act). US recipients are required to use the Privacy Shield.

8. Duration of data storage

If necessary, we process and store your personal data for the duration of our business relationship or for the fulfilment of contractual purposes. This also includes the initiation and execution of a contract.
In addition, we are subject to various storage and documentation obligations, including those arising from the German Commercial Code (HGB) and the Fiscal Code (AO). The periods prescribed there for storage and documentation are between two and ten years.
Finally, the storage period also depends on the statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code (BGB) can generally be three years, but in certain cases also up to thirty years.

9. Your rights

Every data subject has the right of access pursuant to Art. 15 GDPR, the right to rectification pursuant to Art. 16 GDPR, the right to erasure pursuant to Art. 17 GDPR, the right to restriction of processing pursuant to Art. 18 GDPR, the right to notification pursuant to Art. 19 GDPR and the right to data portability pursuant to Art. 20 GDPR.
In addition, you have the right to lodge a complaint with a data protection supervisory authority pursuant to Art. 77 GDPR if you are of the opinion that the processing of your personal data is not lawful. The right to lodge a complaint with shall be without prejudice to any other administrative or judicial remedy.
If the processing of data takes place on the basis of your consent, you are entitled to withdraw your consent to the use of your personal data at any time in accordance with Art. 7 GDPR. Please note that the withdrawal will only take effect in the future. Processing that took place before the revocation is not affected by this. Please also note that we may need to retain certain data for a period of time to comply with legal requirements (see Section 8 of this Privacy Policy).

Please feel free to contact us using the contact details given in section 1 to protect your rights.

10. Necessity of providing personal data

The provision of personal data for the purpose of deciding whether to conclude a contract, perform a contract or take pre-contractual measures is voluntary. However, we can only make a decision within the framework of contractual measures if you provide personal data necessary for the conclusion of the contract, the performance of the contract or pre- contractual measures.

 

11. Automated decision-making

In principle, we do not use fully automated decision-making pursuant to Art. 22 GDPR for the establishment, performance or execution of the business relationship or for pre-contractual measures. Should we use these procedures in individual cases, we will inform you of this separately or obtain your consent if this is required by law.


We use cookies to ensure and improve the quality of the services we provide to our users through data analysis.
If you continue without changing your settings, we'll assume that you are happy to receive all cookies on the magicplan website. Read more about cookies and opt-out options here