GDPR

Information on data protection for self-employed persons, service providers and employees of suppliers

We wish to inform you about how we handle your personal data and your rights under the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). The responsibility for the data processing lies with the organisation SEVEN PRINCIPLES AG (hereinafter referred to as “we” or “us”).

 

Responsibilities

The person responsible for the processing of your personal data is

SEVEN PRINCIPLES AG
Dr. Michael Pesch
Ettore-Bugatti-Strasse 6-14
51149 Cologne
Phone: 0221 92 00 7-0
Mail: info@7p-group.com

 

Contact details of the data protection officer

You can reach our data protection officer using the following contact details:

Data protection officer

SEVEN PRINCIPLES AG
Ettore-Bugatti-Strasse 6-14
51149 Cologne
E-mail: datenschutz@7p-group.com

 

General information on the legal basis for data processing

“Personal data” means any information relating to a specific person. We process this data in compliance with the applicable data protection laws, in particular the GDPR and the BDSG. We may only process personal data if we have legal permission to do so.

We only process personal data with your consent in order to conclude a contract with you or to respond to your enquiry in the context of a potential business relationship, to fulfil legal obligations or to protect our legitimate interests, insofar as this does not affect your interests or fundamental rights and freedoms that require the protection of personal data.

 

Storage period of the personal data

Unless stated otherwise in the following information, we only store your data for as long as necessary to achieve the purpose of the processing or to fulfil our contractual or legal obligations. Statutory obligations to retain data may result from commercial or tax regulations. We keep personal data contained in our accounting records for ten years and personal data contained in business letters and contracts for six years after the end of the calendar year in which we collected the data. Furthermore, we keep data in connection with consents that require proof as well as complaints and claims for the duration of the statutory limitation periods. Data stored  for advertising purposes is deleted when you object to processing for this purpose.

 

Processing in the exercising of your rights

If you wish to exercise your rights in accordance with Articles 15 to 22 of the GDPR, we process the personal data provided by you in order to implement these rights and to provide proof of this. We only process the data stored for the provision of information and preparation for this purpose and for the purposes of monitoring data protection and otherwise restrict processing in accordance with Article 18 of the GDPR.

These processing operations are based on the legal basis of Article 6 para. 1 letter c of the GDPR in conjunction with Articles 15 to 22 of the GDPR and Section 34 para. 2 of the BDSG.

 

Rights of the data subject

The General Data Protection Regulation (GDPR) guarantees every data subject certain rights in relation to their personal data. These include:

  1. The right of access: each data subject has the right to obtain confirmation from us as to whether personal data is processed and to access this data as well as to further information and copies of this data.
  2. The right to rectification: each data subject has the right to demand the rectification of inaccurate personal data without undue delay.
  3. The right to erasure (“right to be forgotten”): each data subject has the right to demand the erasure of their personal data without undue delay.
  4. The right to restriction of processing: each data subject has the right to demand the restriction of the processing of their personal data.
  5. The right to data portability: each data subject has the right to receive the personal data concerning them, which they have provided to us, in a structured, commonly used and machine-readable format.
  6. Right to object: each data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6 para. 1 GDPR. If we process personal data concerning the data subject for the purpose of direct marketing, the data subject may object to this processing in accordance with Art. 21 para. 2 and para. 3 GDPR.

The data subject also has the right to complain to a supervisory authority if they believe that the processing of their personal data violates the GDPR.

The supervisory authority responsible for us is: The State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia

 

Information on the processing of personal data

 

Purpose of the processing

We process your personal data as far as this is required to fulfil the following purposes:

  1. Establishment, execution and termination of service contracts
  2. Planning, management and control of the company
  3. Inclusion of the data in a pool of candidates for recruitment for future projects

 

Legal basis

The legal basis for the processing of your personal data for the above-mentioned purposes is/are

  1. Contract fulfilment (Art. 6 para. 1 lit. b GDPR)
  2. Legitimate interest (Art. 6 para. 1 lit. f GDPR)
  3. Consent (Art. 6 para. 1 lit. a GDPR, Art. 7 GDPR)

 

Sources of the personal data

If personal data is not collected directly from the data subject, the controller is obliged to inform the data subject about the sources of this data.

  1. Contract data
  2. Collected from the data subject
  3. Applications from external candidates are sometimes sent via partners or intermediaries (“partners” for short).

 

Categories of personal data

If personal data is not collected directly from the data subject, the controller is obliged to inform the data subject of the categories of the data concerned.

  1. First name
  2. Surname
  3. Skills
  4. Availability
  5. Location
  6. Personnel number
  7. Organisational unit
  8. Role
  9. Profile overview
  10. Focal points and areas of responsibility
  11. Education and training
  12. Projects

 

Legitimate interests

The information about the “legitimate interests” of the controller or the third party that are pursued by processing personal data refers to Art. 6 para. 1 sentence 1 lit. f GDPR.

  1. To provide the projects of SEVEN PRINCIPLES AG with the necessary knowledge and skills.

 

Storage period

We inform you about the duration for which the personal data is stored or, if this is not possible, the criteria for determining this duration.

  1. Deletion at the end of the requirement (e.g. for ongoing customer relationships, court cases, etc.)
  2. Deletion at the end of the statutory retention period
  3. Withdrawal of consent

 

Possible consequences of non-provision

The data subject may be required to provide personal data on a legal or contractual basis or for the conclusion of a contract. There may also be a legal obligation to provide the data.

The non-provision of the personal data could lead to the following consequences:

  1. The contract cannot be concluded

 

Data recipient

 

Recipients of the personal data outside of the organisation

Article 4 para. 9 of the General Data Protection Regulation (GDPR) defines the term “recipient” as the “natural or legal person, public authority, agency or any other body to which the personal data are disclosed, whether a third party or not”.

1. Project-specific customers
2. Service provider ((order data))
3. within the affiliated group
4. audeoSoft GmbH

 

Transfer of the data to a third country or international organisation

The transfer of personal data to an “international organisation” (within the meaning of Art. 4 No. 26 GDPR) or to controllers, contract processors or other recipients in a country outside of the European Union (EU) and the European Economic Area (EEA) involves particular data protection risks from the point of view of the data subject.

We transfer personal data to the following recipients outside of the European Union (EU) and the European Economic Area (EEA):

  1. Data transfer to a third country or to an international organisation is not carried out and is not planned.

 

Adequacy decision of the EU Commission

The transfer of personal data to a country outside the European Union (EU) and the European Economic Area (EEA) or to an international organisation is permissible if the European Commission has determined that the respective country, territory or one or more specific sectors within that country or the respective international organisation guarantees an appropriate level of protection.

We transfer personal data to the following recipients outside of the European Union (EU) and the European Economic Area (EEA) for which an adequacy decision exists:

  1. Data transfer to a third country or to an international organisation for which an adequacy decision by the EU Commission exists is not carried out and is not planned.