Data processing is an essential part of our work as an IT service provider. Wherever data is stored, processed and sent, data protection and data security must be guaranteed. This applies equally to data from customers, prospects, partners and employee data. Data protection consists in the safeguarding of personal rights and the privacy of each individual and underlies any trusting cooperation. Therefore, it is particularly important for our company.
The use of the Internet pages of S&N Group AG and its affiliated companies is essentially possible without providing any personal data. If a Data Subject wishes to make use of specific services of our company, the processing of personal data may become necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we will always ask for your consent as the Data Subject.
1 Scope and Validity
This data protection declaration applies to S&N Group AG and its affiliated companies. These are in particular: S&N Invent GmbH, S&N CQM GmbH, S&N ENS GmbH, ABISCON GmbH, 4YOU ABISCON GmbH and S&N Marktsoft GmbH.
It comes into force on the date of its publication on the websites of S&N Group AG and its affiliated companies. With each new version of this data protection declaration, the previous version loses its validity.
The data protection declaration of S&N Group AG and its affiliated companies is based on the terms used in the context of Article 4 of GDPR. Our data protection declaration should be readable and understandable for you as a customer or business partner, as well as for all interested parties. To this end, we will explain some of the terms used in advance:
a) Personal data and Data Subject
Personal data is any information relating to an identified or identifiable natural person (hereinafter “Data Subject”). An identifiable natural person is anyone who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
c) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific Data Subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
f) Data controller
“Data controller” refers to the natural or legal person, public authority, agency, or other body that alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by either Union law or the law of Member States, either the Data Controller or the specific criteria for their appointment may be provided for in accordance with Union law or the law of Member States.
A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Data Controller.
The recipient means a natural or legal person, public authority, agency or another body to which the personal data is disclosed, whether a third party or not. Public authorities which receive personal data as part of a specific inquiry in accordance with Union law or the law of member states will, however, not be regarded as recipients.
i) Third party
Third party means a natural or legal person, public authority, agency or body other than the Data Subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent is any statement of intent voluntarily and unambiguously given by the Data Subject in an informed and unambiguous manner in the form of a statement or other unambiguous confirming act that indicates to the Data Subject that they have consented to the processing of their personal data.
3 Name and address of the Data Controller
Data controller within the meaning of the GDPR and other national data protection regulations is:
S&N Group AG
Tel .: +49 5251 1581 0
Fax : +49 5251 1581 71
4 Name and address of the Data Protection Officer
The Data Protection Officer of the Data Controller is:
Ms Anna Stark
S&N Group AG
If you have any questions or suggestions about data protection, please contact our Data Protection Officer.
5 General information on data processing
5.1 Collection of general data and information
The S&N Group website collects a series of general data and information every time a person or an automated system accesses the website. This general data and information are stored in the server’s log files. The following may be recorded:
- browser types and versions used,
- the operating system used by the accessing system,
- the website from which an accessing system reaches our website (so-called referrer),
- the subpages, which are accessed via an accessing system on our website,
- the date and time of access of the website,
- the internet protocol address (IP address),
- the Internet service provider of the accessing system,
- other similar data and information used in the event of attacks on our information technology systems.
When using this general data and information, S&N Group does not draw any conclusions about the Data Subject. Rather, this information is needed,
- to deliver the contents of our website correctly,
- to optimise the contents of our website as well as the advertising for it,
- to ensure the permanent functionality of our information technology systems and the technology of our website, as well as
- to provide law enforcement authorities with the information necessary for law enforcement in the event of a cyber-attack. This anonymously collected data and information are therefore statistically evaluated by S&N Group with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from all personal data provided by a Data Subject.
5.2 Scope of personal data processing
We collect and process personal data of data subjects only if this is necessary for the provision of services, for the functional maintenance of services or for contractual requirements. The processing of personal data takes place only with the consent of the respective Data Subject, unless there is already a legal basis for it. An exception applies in cases in which factual reasons prevent us from obtaining prior consent and the processing of the data is permitted by law.
5.3 Legal basis for personal data processing
Insofar as we obtain the consent of the Data Subject for processing their personal data, Art. 6 Para. 1a EU General Data Protection Regulation (GDPR) serves a legal basis.
For the processing of personal data necessary for performance of a contract to which the Data Subject is a party, Art. 6 Para. 1b GDPR serves as a legal basis. This also applies to processing operations that are necessary for carrying out pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 Para. 1c GDPR serves as a legal basis.
In the event that vital interests of the Data Subject or another natural person require the processing of personal data, Art. 6 Para. 1d GDPR serves as a legal basis.
If processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights, and freedoms of the person concerned do not outweigh the first-mentioned interest, Art. 6 Para. 1f GDPR serves as the legal basis for processing.
5.4 Rights of data subjects
If your personal data is processed by us as the Data Controller, you are the Data Subject within the meaning of the GDPR and, as such, the European legislator of directives and regulations has granted each Data Subject the following rights vis-à-vis the Data Controller,
5.4.1 Right to information
- You have the right to request confirmation as to whether your personal data is being processed.
- You have the right to request information about the personal data processed about you and to receive a free copy of this information.
- The following information is available for the Data Subject:
- the purpose of the processing
- the categories of personal data being processed
- the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
- the existence of a right to correct or delete the personal data concerning you or restrict its processing by the Data Controller or object to such processing
- the existence of the right to lodge a complaint with a supervisory authority
- where the personal data is not collected from the Data Subject, any available information as to its source
- the existence of any automated decision-making processes, including profiling, as defined in Art. 22 Para.1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing on the Data Subject.
The Data Subject also has a right to information concerning the disclosure of their personal data to a third party or to an international organisation.
In addition, the right to information about the appropriate guarantees in connection with the transfer of personal data to a third country or international organisations.
5.4.2 Right to correction
- You have the right to request the immediate correction of incorrect personal data concerning you; as well as, taking into account the purposes of the processing, to request the completion of incomplete personal data – also by means of a supplementary declaration.
5.4.3 Right to deletion (“right to be forgotten”)
- You have the right to demand that the personal data concerning you be deleted immediately if one of the following reasons applies and if processing is not required:
- The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
- The Data Subject withdraws his/her consent to the processing pursuant to Art. 6 para. 1a GDPR or Art. 9 para. 2a GDPR, and there is no other legal basis for its continued processing.
- The Data Subject makes an objection according to Art. 21 Para. 1 GDPR and there are no overriding legitimate grounds for its continued processing or the Data Subject is entitled to submit an objection pursuant to Art. 21, Para. 2 GDPR.
- the personal data have been unlawfully processed;
- The personal data must be deleted in compliance with the obligations under European Union or Member State law to which the Data Controller is subject.
- The personal data has been collected in relation to services offered by the information Society according to Art. 8 Para. 1 GDPR.
If the personal data has been made public by the S&N Group and the S&N Group, as the Data Controller pursuant to Art. 17 Para. 1 GDPR for the deletion of personal data, S&N Group shall take appropriate measures, also of a technical nature, taking into account the available technology and the implementation costs, to inform other data processors who process the published personal data that the Data Subject has requested the deletion of all links to this personal data or of copies or replications of this personal data from these other data processors, insofar as the processing is not necessary.
5.4.4 Right to restriction of processing
- You have the right to request a limitation of the processing if one of the following conditions is met:
- the accuracy of the personal data is contested by the Data Subject, for a period enabling the Data Controller to verify the accuracy of the personal data.
- the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests instead the restriction of their use instead;
- the Data Controller no longer needs the personal data for the purposes of the processing, but they are required to by the Data Subject for the establishment, exercise or defence of legal claims;
- the Data Subject has objected to the processing pursuant to Art. 21 Para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the Data Controller outweigh those of the Data Subject
, if one of the above conditions is met and a Data Subject requests the restriction of personal data that is processed by the Data Controller, the Data Controller can initiate the corresponding restrictive measures.
5.4.5 Right to data portability
- You have the right to receive the personal data concerning you which you have provided to a Data Controller in a structured, current and machine-readable format and to transmit this data to another Data Controller without interference by the Data Controller to whom the personal data has been provided, provided that
- the processing is based on the consent in accordance with Art. 6 Para. 1a GDPR or Art. 9 Para. 2a GDPR, or on a contract in accordance with Art. 6 Para. 1b GDPR, and
- the processing is carried out using automated procedures.
- Furthermore, in exercising their right to data portability pursuant to Art. 20 para. 1 GDPR, the Data Subject has the right to require that the personal data be transmitted directly from one controller to another as far as this is technically feasible and provided that this does not affect the rights and freedoms of others.
- The right to data portability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the Data Controller.
5.4.6 Right of objection
- You have the right to object, at any time, for reasons arising from your particular situation, to the processing of your personal data carried out on the basis of Art. 6, Para. 1e or 1f GDPR. This also applies to profiling based on these provisions. The S&N Group will no longer process personal data in the event of an objection, unless we can prove compelling reasons worthy of protection for the processing, which outweigh the interests, rights and freedoms of the Data Subject, or the processing serves to assert, exercise or defend legal claims.
- If the S&N Group processes personal data in order to carry out direct advertising, the Data Subject has the right to object at any time to the processing of the personal data for the purpose of such advertising. This also applies to any profiling connected with such direct advertising.
- If the Data Subject objects to the S&N Group processing for direct advertising purposes, the S&N Group will no longer process the personal data for these purposes.
- In addition, you have the right, for reasons arising from your particular situation, to object to the processing of personal data concerning you for scientific or historical research purposes or for statistical purposes by the S&N Group in accordance with Art. 89 para. 1 GDPR, unless such processing is necessary for the performance of a task in the public interest.
- In the context of the use of information society services, notwithstanding Directive 2002/58/EC, you may exercise his right of opposition by means of automated procedures using technical specifications.
5.4.7 Automated individual decision-making including profiling
- You have the right to not be subjected to a decision based solely on automated processing – including profiling – which has legal bearing on you or that significantly affects you in a similar manner.
- The previously granted right does not apply if the decision:
- is necessary for entering into, or for the performance of, a contract between the Data Subject and a Data Controller,
- is authorised by Union or Member State law to which the Data Controller is subject and which also lays down suitable measures to safeguard the rights and freedoms of the Data Subject and legitimate interests or
- is made with the express consent of the Data Subject.
If the decision (1) is necessary for the conclusion or performance of a contract between the Data Subject and the Data Controller or (2) is made with the express consent of the Data Subject, S&N Group shall take appropriate measures to protect the rights and freedoms as well as the legitimate interests of the Data Subject, including at least the right to obtain the intervention of a Data Controller, to state their own position and to challenge the decision.
5.4.8 Right to revoke consent under data protection law
You have the right to revoke your consent to the processing of personal data at any time.
To implement the aforementioned rights of data subjects, each Data Subject can contact the S&N Group Data Protection Officer or the contact person responsible for processing. If the Data Protection Officer or the contact person for the Data Controller cannot carry out the immediate implementation themselves, they will comply with the legal claim by taking the necessary steps.
Most of the cookies we use are so-called “session cookies”. They are automatically deleted after your visit. Cookies do not damage your computer and do not contain viruses.
The S&N Group offers the option of registering with us by providing personal data. The personal data which is transmitted for further use and processing results from the respective requirement and the purpose of the registration. The personal data entered by the Data Subject shall be collected and stored solely for internal use by us, the Data Controller, and for our own purposes. We may arrange for the transfer to one or more contract processors (third parties) who also use the personal information solely for internal use attributable to us (the Data Controller).
By registering on our website, the IP address of the Data Subject, the date and time of registration are saved. The storage of this data serves to protect against misuse. In the event of a criminal offense or other legal infringement, the data can be used for monitoring and clarification if required by law. This data will not be passed on to third parties unless required to do so by law or for the purpose of criminal or legal prosecution.
The registration of the Data Subject with the voluntary provision of personal data enables us to offer the Data Subject content or services that, due to the nature of the matter, can only be offered to registered users. Moreover, we use the information for further marketing purposes, which include contacting people by telephone, sending information and advertising material by post and email.
The rights set out in the section “Rights of the data subjects” remain unaffected and apply to all registered people and thus data subjects.
8 Data protection in the application and employment process
The S&N Group collects and processes the personal data of applicants for the purpose of handling the application process. Processing may also be carried out electronically. This is particularly the case if an applicant sends the necessary application documents to the Data Controller by electronic means, for example by email.
If the Data Controller concludes an employment contract with an applicant, the data transmitted shall be stored for the purpose of processing the employment contract in compliance with the statutory provisions.
If no employment contract is concluded, the application documents will automatically be deleted six months after notification of that decision, provided that deleting the documents does not conflict with any other legitimate interests of the Data Controller. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).
9 Use and application of social media
The S&N Group website uses plug-ins from social media networks such as Google+, Xing, LinkedIn, Facebook, Twitter and YouTube. These plug-ins can be recognised by logos or other proper references to the respective platform and can be used to address our external “sites”.
When you select one of the plug-ins, direct connections are established between your browser and the selected social media provider. As the Data Controller for our website, we have no access to the data sent and received as part of this communication.
If you log in to the previously selected social media network at the same time or at a later point in time, plug-ins can connect the information previously obtained with your user account there. Thus, the information is assigned to you as an individual. An active plug-in entry (confirmation in the sense of “I like” or of comments, messages also causes a person-related assignment. Depending on the social media network, the following data, for example, can be transmitted and stored:
- IP address
- Browser and operating system information
- Installed browser add-ons/plug-ins
- Visitor origin (e.g. whether a link was followed) “Referrer”
- Visited pages (URLs)
The S&N Group has neither knowledge nor control over the data in the respective social media network. Your personal data and related content in social media networks are not subject to the scope of this data protection declaration. At this point, reference must be made to the respective data protection declarations of the network operators. In the following table we inform you about the social media network operators (URLs and links to the data protection declaration) whose plug-ins are used on the S&N Group website.
10 Information or questions about the data protection declaration
Your trust is important to us. This means we are happy to talk to you at any time and answer questions relating to the processing of your personal data. If you have any questions that this data protection declaration has not answered, or if you would like more detailed information on a specific point, please contact the Data Protection Office of S&N Group at any time.
Please note that only questions about data protection and your understanding of this data protection declaration will be accepted, processed and answered.
Questions about our range of services or topics that are not relevant to data protection are not answered here. For such questions, please use the contact addresses given on our website.