Data protection applications | SITS

Information on the controller pursuant to Art. 4 No. 7 GDPR

Swiss IT Security Deutschland GmbH
Konrad-Adenauer-Ring 33
65187 Wiesbaden

Phone: +49 611 945881-0

Data Protection Officer

Dr. Bettina Kraft, DPO@SITS-GROUP.CH, Konrad-Adenauer-Ring 33, 65187 Wiesbaden, Fon: +49 611 945881-99

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses).

1. Data processing when participating in an appointment survey

Swiss IT Security Deutschland GmbH uses the Microsoft service FindTime to conduct surveys to find appointments. If you are invited to take part in such a survey, the following data will be stored from you:

  • Name and first name
  • E-mail-address
  • Your voting entries

The data will be stored in the inviter’s mailbox. 90 days after the end of the survey, your data will be automatically deleted. At the duration of the survey, all invitees can see the following information about the other participants:

  • Name and first name
  • E-mail-address
  • Whether and how the participants voted

Updated information on how FindTime uses what data can be found here: HTTPS://SUPPORT.MICROSOFT.COM/EN-US/TOPIC/PRIVACY-AND-PERSONAL-DATA-PROTECTION-IN-FINDTIME-7DBBEB41-245C-4573-97EA-50FCB8610CDE

The processing of your data is based on Art. 6 (1) lit. b GDPR, insofar as the appointment survey is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interests (Art. 6 (1) lit. f GDPR), as we have a legitimate interest in the effective organisation of meetings and appointments. If the data processing is based on Art. 6 (1) lit. f GDPR, you have the right to object at any time on grounds relating to your particular situation. We will then no longer process your personal data unless the processing serves to assert, exercise or defend legal claims or we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms (see Art. 21 (1) GDPR).

We expressly point out that the invitation to an appointment survey is addressed exclusively to you personally. Forwarding the e-mail or passing on the link to the voting page contained in the e-mail to third parties is not permitted.

2. Data processing when participating in a webinar

For the registration to the webinar we process the following types of data:

  • Name and first name
  • E-mail-address
  • Telephone number
  • Company affiliation, if applicable

The legal basis is Art. 6 (1) lit. b, f GDPR. The purpose of the data processing is the implementation of the webinar and thus the performance of the contract with you, or the company, body or other institution to which you belong. Our legitimate interests are the organisation of the webinar and the associated standardisation and simplification of communication and data exchange through the use of the online service.

Access to your data is granted to our employees in marketing/sales who need to handle this data in order to fulfil their tasks.
After completion of the webinar and expiry of the subsequent retention periods, we will delete your data if we no longer need it for the assertion, exercise or defence of legal claims. During the webinar, user data and usage data (chat logs, communication metadata, duration of participation) will also be collected from you via the online service we use (MS 365) and stored for at least 90 days.

In order to conduct the webinar, we use Microsoft Teams. The recipient of the data processed is Microsoft Ireland Operations Limited. The associated data transfer is secured via EU standard contractual clauses that we have concluded with the service provider. No other data transfer to third countries takes place.

3. Service desk

We offer our customers and their employees the opportunity to register on our service desk (HTTPS://SERVICEDESK.SITS-D.DE) in order to be able to create a ticket in case of problems with one of our products or if technical assistance is required.

To register at the service desk, we need the following information from you:

  • Username (mandatory)
  • Password (mandatory)
  • First name (mandatory)
  • E-Mail-address (mandatory)

Once you have registered with the service desk, you can log in at any time with your user name and password to create new tickets and view the tickets you have already created. You can manage and change the data you provided during registration at any time in the service desk itself.

Only those employees who need your personal data for the performance of their duties come into contact with your personal data via the service desk.

We process your data via the service desk for the performance of a contract with you in accordance with Art 6 (1) lit. b GDPR.

Tickets are deleted/anonymised when the purpose for this no longer applies and there is no further legal obligation to retain them and they are not required for the exercise, implementation or assertion of legal claims.

4. Team Viewer

The TeamViewer software can be used for remote maintenance and our helpdesk. The provider of this software is TeamViewer GmbH, Jahnstr. 30, 73037 Göppingen. If you wish to use remote maintenance, you must download the TeamViewer software from the provider using a link provided by us and run it on your computer. TeamViewer allows us to temporarily access your system, view your screen and remotely control your mouse and keyboard. Please close all windows with content that requires data protection or is critical to your company before you release TeamViewer. Team Viewer is subject solely to the data protection provisions of TeamViewer GmbH as your contractual partner for the use of the software, which can be accessed at HTTPS://WWW.TEAMVIEWER.COM/DE/PRIVACY-POLICY/.

5. Customer portal

The customer portal is only used to view billing data. You can change your password and view your address data there. No further processing of personal data takes place.

6. Domain application or change of holder

If you apply for a domain or wish to change the holder, we collect the names and contact details of the domain holder and, if applicable, the original domain holder, the Admin C and the invoice recipient and their bank details. The data is collected in accordance with Art. 6 (1) lit. b GDPR for the purpose of performing the contractual relationship.

Recipient of the data:

.de domains: DENIC eG
Kaiserstraße 75 – 77
60329 Frankfurt am Main
+49 69 27 235 0
All others: Knipp Medien und Kommunikation GmbH
Technology Park
Martin-Schmeißer-Weg 9
44227 Dortmund
+49 231 9703-0

The data will be kept for 10 years beyond the duration of the contract and then deleted.

7. SEPA Direct Debit Mandate

If you give us a SEPA direct debit mandate, we collect your bank connection data within the scope of Art. 6 (1) lit. b GDPR to process the contractual relationship. The data will be stored for 10 years beyond the duration of the contract and then deleted.

8. General

If nothing specific is regulated in this Privacy Policy Applications our Privacy Policy applies.