We wish to inform you about how we handle your personal data and your rights under the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). The responsibility for the data processing lies with the organisation SEVEN PRINCIPLES AG (hereinafter referred to as “we” or “us”).
The person responsible for the processing of your personal data is
SEVEN PRINCIPLES AG
Dr. Michael Pesch
Ettore-Bugatti-Strasse 6-14
51149 Cologne
Phone: 0221 92 00 7-0
Mail: info@7p-group.com
You can reach our data protection officer using the following contact details:
Data protection officer
SEVEN PRINCIPLES AG
Ettore-Bugatti-Strasse 6-14
51149 Cologne
E-mail: datenschutz@7p-group.com
“Personal data” means any information relating to a specific person. We process this data in compliance with the applicable data protection laws, in particular the GDPR and the BDSG. We may only process personal data if we have legal permission to do so.
We only process personal data with your consent in order to conclude a contract with you or to respond to your enquiry in the context of a potential business relationship, to fulfil legal obligations or to protect our legitimate interests, insofar as this does not affect your interests or fundamental rights and freedoms that require the protection of personal data.
Unless stated otherwise in the following information, we only store your data for as long as necessary to achieve the purpose of the processing or to fulfil our contractual or legal obligations. Statutory obligations to retain data may result from commercial or tax regulations. We keep personal data contained in our accounting records for ten years and personal data contained in business letters and contracts for six years after the end of the calendar year in which we collected the data. Furthermore, we keep data in connection with consents that require proof as well as complaints and claims for the duration of the statutory limitation periods. Data stored for advertising purposes is deleted when you object to processing for this purpose.
If you wish to exercise your rights in accordance with Articles 15 to 22 of the GDPR, we process the personal data provided by you in order to implement these rights and to provide proof of this. We only process the data stored for the provision of information and preparation for this purpose and for the purposes of monitoring data protection and otherwise restrict processing in accordance with Article 18 of the GDPR.
These processing operations are based on the legal basis of Article 6 para. 1 letter c of the GDPR in conjunction with Articles 15 to 22 of the GDPR and Section 34 para. 2 of the BDSG.
The General Data Protection Regulation (GDPR) guarantees every data subject certain rights in relation to their personal data. These include:
The data subject also has the right to complain to a supervisory authority if they believe that the processing of their personal data violates the GDPR.
The supervisory authority responsible for us is: The State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia
We process your personal data as far as this is required to fulfil the following purposes:
The legal basis for the processing of your personal data for the above-mentioned purposes is/are
If personal data is not collected directly from the data subject, the controller is obliged to inform the data subject about the sources of this data.
If personal data is not collected directly from the data subject, the controller is obliged to inform the data subject of the categories of the data concerned.
The information about the “legitimate interests” of the controller or the third party that are pursued by processing personal data refers to Art. 6 para. 1 sentence 1 lit. f GDPR.
We inform you about the duration for which the personal data is stored or, if this is not possible, the criteria for determining this duration.
The data subject may be required to provide personal data on a legal or contractual basis or for the conclusion of a contract. There may also be a legal obligation to provide the data.
The non-provision of the personal data could lead to the following consequences:
Article 4 para. 9 of the General Data Protection Regulation (GDPR) defines the term “recipient” as the “natural or legal person, public authority, agency or any other body to which the personal data are disclosed, whether a third party or not”.
1. Project-specific customers
2. Service provider ((order data))
3. within the affiliated group
4. audeoSoft GmbH
The transfer of personal data to an “international organisation” (within the meaning of Art. 4 No. 26 GDPR) or to controllers, contract processors or other recipients in a country outside of the European Union (EU) and the European Economic Area (EEA) involves particular data protection risks from the point of view of the data subject.
We transfer personal data to the following recipients outside of the European Union (EU) and the European Economic Area (EEA):
The transfer of personal data to a country outside the European Union (EU) and the European Economic Area (EEA) or to an international organisation is permissible if the European Commission has determined that the respective country, territory or one or more specific sectors within that country or the respective international organisation guarantees an appropriate level of protection.
We transfer personal data to the following recipients outside of the European Union (EU) and the European Economic Area (EEA) for which an adequacy decision exists: