With the following information, we provide you with an overview of the processing of your personal data by us and your rights under the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). Which data is processed in detail and how it is used depends largely on the products and services requested or commissioned in each case.

1. Person responsible for IT
Senseca Germany GmbH
Tenter Weg 2-8
42897 Remscheid
Germany

Phone +49 (0) 2191 / 9672 0
Fax +49 (0) 2191 / 9672 40
E-Mail info(at)senseca.com
Internet www.senseca.com

2. Data protection officer of the responsible person

GINDAT GmbH
Mr. Arndt Halbach
Wetterauer Str. 6
42897 Remscheid
Germany

Phone +49 (0) 2191 909 / 430
E-Mail datenschutz(@)senseca.com

3. Data and services
a) Sources

We process personal data that we receive from you during our business relationship. In addition, we process (to the extent necessary for the provision of our products and services) personal data that we have permissibly received from other companies of Senseca Germany GmbH or from other third parties (e.g. for the execution of orders, for the performance of contracts or on the basis of consent given by you). On the other hand, we process personal data that we have permissibly obtained from publicly accessible sources (e.g. trade and association registers, press, media, Internet) and are allowed to process.

b) Categories of personal data

When initiating a business relationship or creating master data, the following personal data may be collected, processed, and stored:

Address and communication data (name, address, telephone, e-mail address, other contact data), personal master data (date/place of birth, gender, nationality, marital status, business capacity, occupational group key, legitimation data (e.g. ID card data), authentication data (e.g. specimen signature), tax ID).

When using products and services within the scope of the contracts entered into with us, in addition to the above-mentioned data, essentially the following further personal data may be collected, processed and stored:

Contract master data (order data, data from the fulfillment of our contractual obligations, details of any third-party beneficiaries), billing, performance and payment data (direct debit data, tax information, other personal master data (profession, employer), documentation data (e.g. logs), product data (e.g. requested or booked services and products) and the following business creditworthiness documents: income/surplus statements, balance sheets, business management evaluation , type and duration of self-employment.

c) Customer contact information
In the course of the business initiation phase and during the business relationship, specifically through personal, telephone or written contacts, initiated by you or by Senseca, further personal data is generated. This includes, for example, information on the contact channel, date, occasion, and result, (electronic) copies of correspondence and information on participation in direct marketing activities.

d) Career page & job postings
Description and scope of data processing

Our website provides the opportunity to apply for open positions with us. Certain data is required for an application with us. This may vary depending on the position, but usually includes name, email address, phone number, resume and other data. During the application process, we may ask for additional information to move forward in the process and/or make a contract offer. They may include information such as date of birth, gender, career, qualifications, language skills, residence. The data will be automatically deleted six months after the end of your application process.

For applicant management and interviewing, we use an external service provider: Personio GmbH & Co. KG, a cloud service provider based in Munich. Personio meets all requirements of the EU General Data Protection Regulation and is data protection compliant as an organization as well as software according to EU-DSGVO.

The legal basis for the processing of the data is the consent according to Art. 6.

Para. 1 lit. a DSVGO. The consent is obtained in the context of submitting the application.

The collection of data is solely for the purpose of carrying out the application process for a specific position. The date and time of the application are collected solely for the purpose of documenting receipt of the application.

Consent to the storage and processing of data and its use in the context of an application process at can be revoked at any time.

If the revocation for storage and processing is made with immediate effect, this automatically ends the application process.

d) Information society services

When processing data in the context of information society services, you will receive further information on data protection in connection with the respective service.

4. Purpose and legal basis of processing

We process the personal data mentioned under 3. in accordance with the provisions of the EU General Data Protection Regulation (DSGVO) and the German Federal Data Protection Act (BDSG):

a) For the fulfillment of contractual obligations (Article 6 para.1 lit. b DSGVO).

The processing of personal data is carried out for the establishment, implementation, and termination of a contract for the provision of products or provision of services, as well as for the implementation of pre-contractual measures for the preparation of offers, contracts or other requests directed towards the conclusion of a contract, which are made in response to your request.

The purposes of the data processing are primarily based on the specific products and services and may include, among other things, needs analyses, consultations, and support. Further details on the purpose of data processing can be found in the respective (also pre-contractual) contractual documents of our cooperation. Interested parties may be contacted, considering any restrictions expressed, during the contract initiation phase, and customers, suppliers and sales and cooperation partners may be contacted during the business relationship, using the data they have provided.

b) Based on your consent (Article 6 para. 1 lit. a DSGVO).

Insofar as you have given us consent to process personal data for certain purposes
(e.g. transfer of data within the group of companies), the lawfulness of this processing is based on your consent. Any consent given can be revoked at any time. This also applies to the revocation of declarations of consent given to us before the EU General Data Protection Regulation came into force, i.e., before May 25, 2018. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected. You can request an overview of the status of the consents you have granted from us at any time.

c) Due to legal requirements (Article 6 para.1 lit. c DSGVO) or in the public interest (Article 6 para.1 lit. e DSGVO).

We are subject to various legal obligations as well as legal requirements and process data for the following purposes, among others: Identity and age verification, the fulfillment of control and reporting obligations under tax law, and the assessment and management of risks in the group of companies.

d) Within the framework of the balancing of interests (Article 6 (1) f DSGVO).

To the extent necessary, we process your data beyond the actual performance of the contract to protect legitimate interests of us or third parties. Examples:

o  Testing and optimization of procedures for needs analysis and direct customer approach, incl. segmentations and calculation of closing probabilities

o  Advertising or market and opinion research, insofar as you have not objected to the use of your data

o Assertion of legal claims and defense in legal disputes

o Ensuring IT security and IT operations

o Consultation of and data exchange with credit agencies to determine creditworthiness or default risks

o Prevention of criminal offences

o Video surveillance to safeguard house rights, to collect evidence in the event of criminal acts

o Measures for building and office security (e.g., access controls)

o Measures to safeguard domiciliary rights

o Measures for business management and further development of services and products

o Risk management within the group of companies

5. Recipients of the data

Within Senseca Germany GmbH, access to your data is granted to those departments that require it to fulfill our contractual and legal obligations. Service providers employed by us may also receive data for these purposes if they comply with our written instructions under data protection law.

Regarding the transfer of data to recipients outside the Senseca Germany GmbH, it should first be noted that we are obligated to maintain confidentiality about all customer-related information of which we become aware. We may only pass on information about you if this is required by legal provisions if you have given your consent and/or if order processors commissioned by us guarantee the specifications of the EU General Data Protection Regulation and the Federal Data Protection Act in the same way.

Under these conditions, recipients of personal data may be, for example:

o  Public bodies and institutions in the event of a legal or official obligation.

o  Order processors to whom we transfer personal data to carry out the business relationship with you. In detail: Support/maintenance of EDP/lT applications, archiving, document processing, call center services, compliance services, controlling, data destruction, purchasing/procurement, space management, recovery, customer administration, letter shops, marketing, media technology, reporting, research, risk controlling, expense reporting, telephony, video legitimation, website management, auditing services, payment transactions.

Other data recipients may be those entities for which you have given your consent to the transfer of data.

6. Data transfer to third countries or to international organizations

A data transfer to countries outside the EU or the EEA (so-called third countries) only takes place if this is necessary for the execution of your orders, is required by law (e.g. reporting obligations under tax law), you have given us your consent or within the scope of an order processing. If service providers are used in a third country, they are, in addition to written instructions, obligated by the agreement of the EU standard contractual clauses to comply with the level of data protection in Europe.

7. Duration of data storage

We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations. If the data is no longer required for the fulfillment of contractual or legal obligations, it will be regularly deleted, unless its (temporary) further processing is necessary for the following purposes:

o   Fulfillment of retention periods under commercial and tax law in accordance with §257 of the German Commercial Code (HGB) and the German Fiscal Code (Abgabenordnung) with the periods specified therein for retention or documentation of two to ten years.

o   Preservation of evidence within the framework of the statute of limitations. According to Sections 195 et seq. of the German Civil Code (BGB), these limitation periods can be up to 30 years, with the regular limitation period being three years.

8. Obligation to provide data

Within the scope of our business relationship, you must provide those personal data that are necessary for the establishment and performance of a business relationship and the fulfillment of the associated contractual obligations, or which we are legally obligated to collect. Without this data, we will usually have to refuse to conclude the contract, provide products and services, or will no longer be able to perform an existing contract and may have to terminate it.

9. Automated decision-making (including profiling)

For the establishment and implementation of the business relationship, we generally do not use fully automated decision-making (including profiling) pursuant to Article 22 DSGVO. If we use these procedures in individual cases, we will inform you about this separately, provided this is required by law.

10. Profiling

We process your data in part automatically with the aim of evaluating certain personal aspects (profiling). We use profiling, for example, to be able to inform and advise you about products in a targeted manner with the help of evaluation tools. These enable needs-based communication and advertising, including market and opinion research.

11. Your rights

Pursuant to Articles 15-21 of the GDPR, if the conditions described therein are met, you may assert the following rights with respect to the personal data processed by us.

You may request information pursuant to Article 15 DSGVO about your personal data processed by us.

If incorrect personal data is processed, you have a right to rectification pursuant to Art. 16 DS-GVO. If the legal requirements are met, you may request the deletion or restriction of processing (Art. 17, 18 DSGVO).

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent until the revocation.

Right of objection according to Art. 21 DSGVO.

The data subject has the right to object at any time, on grounds relating to his or her situation, to the processing of personal data concerning him or her which is carried out on the basis of Article 6(1)(e) or (f) of the DSGVO; this also applies to profiling based on these provisions.

12. right to lodge a complaint with a supervisory authority.

According to Art. 77 DSGVO, every data subject has the right to lodge a complaint with a supervisory authority if he or she is of the opinion that the processing of personal data concerning him or her violates the DSGVO. The competent supervisory authority in matters of data protection law is the State Data Protection Commissioner of the federal state in which our company is based.

State Commissioner for
Data Protection and Freedom of Information North-Rhine Westphalia
PO Box 20 04 44
40102 Düsseldorf
poststelle@ldi.nrw.de