1. Home
  2. Privacy Statement

Introduction

Thank you for your interest in our association. Data protection is particularly important for the board members and employees of the PACTware Consortium e.V. The use of the web pages of the PACTware Consortium e.V. is generally possible without submitting personal data. However, if a Data Subject wishes to use special services provided by our association via our website, it may become necessary to process personal data. If it is necessary to process personal data and there is no legal basis for such processing, we generally obtain the consent of the Data Subject.

The processing of personal data, such as the name, address, email address, or telephone number of a Data Subject, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to the PACTware Consortium e.V. With this data protection declaration, PACTware Consortium e.V. wants to inform the public about the type, scope, and purpose of the personal data that we collect, use, and process. This data protection declaration also informs Data Subjects about rights to which they are entitled.

As the Data Controller, the PACTware Consortium e.V. has implemented numerous technical and organizational measures to ensure that personal data processed via this website is protected as completely as possible. However, internet-based data transfers may always have security vulnerabilities and absolute protection cannot be guaranteed. For this reason, each Data Subject is welcome to transmit personal data to us in alternative ways, such as by phone.

To top

Definitions

The PACTware Consortium e.V. privacy statement is based on the terms used by the European legislator and regulator when adopting the General Data Protection Regulation (GDPR). Our privacy statement is intended to be easy to read and understand for the public, as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.

In this privacy statement, we use the following terms, among others:

 

A) Personal data

Personal data is any information relating to an identified or identifiable natural person (hereinafter referred to as the "Data Subject"). An identifiable person is a natural person who, directly or indirectly, is assigned to an identifier such as a name, identification number, location data, an online identifier, or one or more specific characteristics that make it possible to identify the expression of physical, physiological, genetic, mental, economic, cultural, or social identity of this natural person.

B) Data Subject

The Data Subject is any identified or identifiable natural person whose personal data is processed by the Data Controller.

C) Processing

Processing is any operation or series of operations performed with or without the help of automated procedures in connection with personal data such as collection, recording, organization, storage, adaptation or modification, reading, querying, usage, disclosure by transmission, distribution, or any other form of provision, matching or linking, restriction, deletion, or destruction.

D) Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of restricting its future processing.

E) Profiling

Profiling is any type of automated processing of personal data that involves the use of personal information to assess certain personal aspects relating to a natural person, in particular the analysis or prediction of aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or change of location of that natural person.

F) Pseudonymization

Pseudonymization is the processing of personal data in a way that means the personal data can no longer be assigned to a specific Data Subject without the use of additional information, provided that this additional information is stored separately and subject to technical and organizational measures that ensure the personal data cannot be assigned to an identified or identifiable natural person.

G) Responsible Party or Data Controller

The Responsible Party or Data Controller is the natural or legal person, authority, institution, or other entity that alone or together with others determines the purposes and means of processing of personal data. Where the purposes and means of such processing are prescribed by European Union law or the law of Member States, the Responsible Party or the specific criteria for designating a Responsible Party may be prescribed by European Union law or the law of Member States.

H) Contract Processor

A Contract Processor is a natural or legal person, authority, institution, or other entity that processes personal data on behalf of the Responsible Party.

I) Recipient

A Recipient is a natural or legal person, authority, institution, or other entity that discloses personal information, whether or not it is a Third Party. However, authorities that may receive personal data as part of a specific investigation mandate shall not be considered Recipients under European Union law or the law of Member States.

J) Third Party

A Third Party is a natural or legal person, authority, institution, or other entity other than the Data Subject, the Responsible Party, the Contract Processor, and parties authorized to process personal data under the direct responsibility of the Responsible Party or Contract Processor.

K) Consent

Consent is any declaration of intent voluntarily made by the Data Subject for a specific case in an informed and unambiguous manner in the form of a declaration or other clear confirmatory act by which the Data Subject indicates that they agree to the processing of personal data relating the Data Subject.

To top

Name and Address of the Data Controller

To top

The responsible within the meaning of the Basic Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:

PACTware Consortium e.V.,
represented by the executive committee
Holger Sack, Michael Kessler,  Patrick Schmitt, Markus Unland
Panoramastraße 16
76327 Pfinztal / Germany

Phone: +49 (0)7240-94309-61
Fax: 07240-94309-63
E-Mail: info@pactware.com
Website: www.pactware.com

Collection of General Data and Information

The website of the PACTware Consortium e.V. collects a range of general data and information each time the website is accessed by a Data Subject or an automated system. This general data and information is stored in the log files of the server. Data and information collected includes (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the internet page from which an accessing system reaches our internet page ("referrer"), (4) the sub-web pages that are accessed on our internet page via an accessing system, (5) the date and time the internet site is accessed, (6) an internet protocol address (IP address), (7) the internet Service Provider for the accessing system, and (8) other similar data and information used to protect against threats to our information technology systems.

When using this general data and information, the PACTware Consortium e.V. draws no conclusions about the Data Subject. This information is required for (1) delivering the content of our website correctly, (2) optimizing the content of our website and the advertising for our website, (3) ensuring the long-term functionality of our information technology systems and the technology of our website, and (4) providing law enforcement authorities with the information necessary for prosecution in the event of a cyber attack. This anonymous data and information is therefore evaluated by the PACTware Consortium e.V. statistically and with the additional aim of increasing the data protection and data security within our company to ensure an optimal level of protection for personal data processed by us. The anonymous data in the server log files is stored separately from all personal data submitted by a Data Subject.

To top

Contact Options via the Website

Due to legal regulations, the website of PACTware Consortium e.V. contains information that allows quick electronic contact with our company as well as direct communication with us, which includes a general address for electronic mail (email address). If a Data Subject contacts the Data Controller by email or via a contact form, personal data transmitted by the Data Subject will be automatically saved. Such personal data transmitted voluntarily by a Data Subject to the Data Controller will be stored for the purpose of processing or contacting the Data Subject. This personal data will not be passed on to Third Parties.

To top

Routine Deletion and Locking of Personal Data

The Data Controller processes and stores personal data from a Data Subject only for the period necessary to fulfill the purpose for which the information was saved, or if this is prescribed by the European legislator and regulator, or by another legislator in laws or regulations that apply to the Data Controller.If the purpose for which the information was saved no longer applies or if a storage period prescribed by the European legislator or another competent legislator expires, personal data is routinely locked or deleted in accordance with statutory regulations.

To top

Rights of the Data Subject

A) Right of Confirmation

The European legislator and regulator grants any Data Subject the right to request the Data Controller to confirm whether or not personal data relating to the Data Subject is being processed. If a Data Subject wishes to exercise this right of confirmation, they may contact an employee of the Data Controller at any time.

B) Right to Information

The European legislator and regulator grants any Data Subject whose personal data is being processed the right to obtain at any time and free of charge information from the Data Controller about the personal data stored about their person, and a copy of that information. Furthermore, the European legislator and regulator must provide the Data Subject with the following information:

  • Processing purpose
  • Categories of personal data that are processed
  • The Recipients or categories of Recipients to whom the personal data has been disclosed or is being disclosed, in particular Recipients in third countries or international organizations
  • If possible, the planned duration for which the personal data will be retained or, if not possible, the criteria for determining this duration
  • The existence of a right to correct or delete personal data concerning them or to restrict the processing of such data by the Responsible Party, or a right to object to such processing
  • The existence of a right of appeal to a supervisory authority
  • If the personal data was not collected from the Data Subject: all available information about the origin of the data
  • The existence of an automated decision-making process, including profiling in accordance with Article 22, Paragraphs 1 and 4 of the GDPR and—at least in these cases—meaningful information relating to the logic involved, and the scope and intended impact of such processing on the Data Subject

The Data Subject is entitled to information on whether personal data has been transferred to a third country or to an international organization. If this is the case, the Data Subject is also entitled to information about the appropriate guarantees in connection with the transmission.

If a Data Subject wishes to exercise this right of access, they may contact an employee of the Data Controller at any time.

C) Right to Correction

The European legislator and regulator grants any Data Subject whose personal data is being processed the right to demand the immediate correction of incorrect personal data relating to the Data Subject. Furthermore, the Data Subject has the right to request the completion of incomplete personal data—including via a supplementary declaration—taking into account the purposes of processing.

If a Data Subject wishes to exercise this right of amendment, they may contact an employee of the Data Controller at any time.

D) Right to Deletion (Right to Be Forgotten)

The European legislator and regulator grants any Data Subject whose personal data is being processed the right to demand that the Responsible Party deletes personal data relating to the Data Subject immediately, provided that one of the following is true and that processing is not necessary:

  • Personal data was collected for such purposes or processed in other ways for which it is no longer necessary.
  • The Data Subject revokes consent for processing in accordance with Article 6, Paragraph 1, Item a of the GDPR and Article 9, Paragraph 2, Item a of the GDPR, and there is no other legal basis for processing.
  • The Data Subject submits an objection to processing in accordance with Article 21, Paragraph 1 of the GDPR, and there are no legitimate superseding reasons for processing, or the Data Subject submits an objection in accordance with Article 21, Paragraph 2 of the GDPR.
  • The personal data was processed illegally.
  • Personal data must be deleted to fulfill a legal obligation under European Union law or the law of the Member States to which the Responsible Party is subject.
  • Personal data was collected in relation to the offer of information society services in accordance with Article 8, Paragraph 1 of the GDPR.

If one of the above reasons applies and a Data Subject wishes to have personal data stored by the PACTware Consortium e.V. deleted, they can contact an employee of the Data Controller at any time. The PACTware Consortium e.V. employee will arrange for the deletion request to be fulfilled immediately.

If the personal data was made public by the PACTware Consortium e.V. and if our company is responsible for deleting personal data in accordance with Article 17, Paragraph 1 of the GDPR, the PACTware Consortium e.V. will take the appropriate measures, including technical measures, taking into account the available technology and implementation costs, to inform other Data Controllers which process the published personal data that the Data Subject has requested the deletion of all links to this personal data, or the deletion of copies or reproductions of this personal data by these other Data Controllers, provided that the processing is not necessary. The PACTware Consortium e.V. employee will arrange the necessary measures in individual cases.

E) Right to Restrict Processing

The European legislator and regulator grants any Data Subject whose personal data is being processed the right to demand that the Responsible Party restricts the processing of such data if one of the following conditions is met:

  • The accuracy of the personal data is disputed by the Data Subject and for a period of time that enables the Responsible Party to check the accuracy of the personal data.
  • The processing is illegal, the Data Subject declines deletion of the personal data and instead requests that the usage of the personal data be restricted.
  • The Responsible Party no longer needs the personal data for processing purposes, but the Data Subject requires it to assert, exercise, or defend legal claims.
  • The Data Subject has objected to the processing in accordance with Article 21, Paragraph 1 of the GDPR, and it is not yet clear whether the justified reasons of the Responsible Party outweigh those of the Data Subject.

If one of the above conditions applies and a Data Subject would like to request that personal data stored by the PACTware Consortium e.V. be restricted, they can contact an employee of the Data Controller at any time. The PACTware Consortium e.V. employee will arrange the processing restriction.

F) Right to Data Portability

The European legislator and regulator grants any Data Subject whose personal data is being processed the right to obtain in a structured, common, and machine-readable format personal data relating to the Data Subject that has been provided by the Data Subject to the Responsible Party. The Data Subject also has the right to transmit this data to another Responsible Party without hindrance by the Responsible Party to whom the personal data was provided, provided that the processing is carried out with consent in accordance with Article 6, Paragraph 1, Item a of the GDPR or Article 9, Paragraph 2, Item a of the GDPR, or with a contract in accordance with Article 6, Paragraph 1, Item b of the GDPR and processing is carried out using automated procedures, provided that processing is not necessary for the performance of a task which is in the public interest or the exercise of public authority that has been entrusted to the Responsible Party.

When exercising their right to data portability, the Data Subject also has the right in accordance with Article 20, Paragraph 1 of the GDPR to ensure that personal data is transmitted directly from one Responsible Party to another, provided that this is technically feasible and that this does not affect the rights and freedoms of other persons.

The Data Subject can contact an employee of the PACTware Consortium e.V. at any time to assert their right to data portability.

G) Right of Objection

The European legislator and regulator grants any Data Subject whose personal data is being processed the right to object to the processing of personal data relating to the Data Subject at any time for reasons related to the specific situation of the Data Subject on the basis of Article 6, Paragraph 1, Items e or f of the GDPR. This also applies to profiling based on these provisions.

The PACTware Consortium e.V. no longer processes personal data in the event of an objection, unless we can provide compelling reasons for the processing that outweigh the interests, rights, and freedoms of the Data Subject, or the processing serves to assert, exercise, or defend legal claims.

If the PACTware Consortium e.V. processes personal data to conduct direct advertising campaigns, the Data Subject has the right to object at any time against the processing of personal data for the purpose of such advertising. This also applies to profiling, provided it is related to such advertising. If the Data Subject objects to the PACTware Consortium e.V. processing their data for purposes of a direct advertising campaign, the PACTware Consortium e.V. will no longer process the personal data for these purposes.

In addition, the Data Subject has the right, for reasons arising from their particular situation, to object to the processing of their personal data undertaken by the PACTware Consortium e.V. for scientific or historical research purposes or for statistical purposes in accordance with Article 89, Paragraph 1 of the GDPR, unless such processing is necessary to fulfill a task in the public interest.

To exercise the right to objection, the Data Subject may directly contact the board of directors of the PACTware Consortium e.V. or another employee. The Data Subject is also free to exercise their right of objection in connection with the use of information society services, notwithstanding Directive 2002/58/EC, with automated procedures using technical specifications.

H) Automated Decisions in Individual Cases Including Profiling

The European legislator and regulator grants any Data Subject whose personal data is being processed the right not to be subject to a decision based solely on automated processing—including profiling—that has legal effects or affects them in a similar manner provided that the decision (1) is not necessary for the conclusion or fulfillment of a contract between the Data Subject and the Responsible Party, or (2) is permitted by European Union law or the laws of the Member States to which the Responsible Party is subject, and that this law contains appropriate measures to protect the rights and freedoms and the legitimate interests of the Data Subject, or (3) takes place with the express consent of the Data Subject.

If the decision (1) is necessary for the conclusion or fulfillment of a contract between the Data Subject and the Responsible Party, or (2) is made with the express consent of the Data Subject, the PACTware Consortium e.V. will take the appropriate measures to protect the rights and freedoms and the legitimate interests of the Data Subject, including at least the right to have a person intervene on behalf of the Responsible Party to present their position and to challenge the decision.

If the Data Subject wishes to assert rights with regard to automated decisions, they may contact an employee of the Data Controller at any time.

I) Right to Revoke Consent under Data Protection Law

The European legislator and regulator grants any Data Subject whose personal data is being processed the right to revoke consent to the processing of personal data at any time.If the Data Subject wishes to assert their right to revoke consent, they may contact an employee of the Data Controller at any time.

To top

Usage Privacy Policy and Usage by YouTube

The Data Controller has integrated components of YouTube on this website. YouTube is an internet video portal that allows video publishers to post video clips and for other users to view, rate and comment on these videos for free. YouTube allows the publication of all kinds of videos. As a result, entire film and TV programs, as well as music videos, trailers, and user-made videos can be accessed via the internet portal.

YouTube's operating company is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.

Each time a user accesses one of the individual pages of this website, which is operated by the Data Controller and into which a YouTube component (YouTube video) has been integrated, the internet browser on the Data Subject's information technology system is automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. For more information about YouTube, visit www.youtube.com/yt/about/. As part of this technical process, YouTube and Google will receive information regarding the specific subpage of our website being visited by the Data Subject.

If the Data Subject is logged into YouTube at the same time, YouTube will recognize which specific subpage of our website is being visited by the Data Subject when the subpage containing a YouTube video is accessed. This information is collected by YouTube and Google and is assigned to the respective YouTube account of the Data Subject.

YouTube and Google receive information via the YouTube component that the Data Subject has visited our website whenever the Data Subject is simultaneously logged into YouTube when accessing our website, regardless of whether or not the Data Subject clicks on a YouTube video. If the Data Subject does not wish to transmit such information to YouTube and Google, they may prevent transmission by logging out of their YouTube account before accessing our website.The data protection regulations published by YouTube can be found at https://policies.google.com/privacy and provide information about the collection, processing, and use of personal data by YouTube and Google.

To top

Legal Basis for Processing

Article 6, Paragraph 1, Item a of the GDPR serves as the legal basis for our company's processing operations, for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract of which the Data Subject is a party, such as in the case of processing operations necessary for the supply of goods or the provision of any other service or return service, processing shall be based on Article 6, Paragraph 1, Item b of the GDPR. The same shall apply for processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of inquiries concerning our products or services. If our company is subject to a legal obligation for which processing of personal data is required, such as for the fulfillment of tax obligations, processing is based on Article 6, Paragraph 1, Item c of the GDPR. In rare cases, the processing of personal data may be necessary to protect vital interests of the Data Subject or of another natural person. This would be the case, for example, if a visitor to our facility was injured and it was necessary to pass their name, age, health insurance data, or other vital information on to a doctor, hospital, or other third party. In this case, processing would be based on Article 6, Paragraph 1, Item d of the GDPR. Ultimately, processing operations may be handled based on Article 6, Paragraph 1, Item f of the GDPR. Processing operations not covered by any of the aforementioned legal bases are based on this legal basis if processing is necessary to safeguard the legitimate interest of our company or a third party, unless these are outweighed by the interests, fundamental rights, and fundamental freedoms of the Data Subject. We are permitted to carry out such processing operations in particular, because they have been specifically mentioned by the European legislator. In this respect, the European legislator considers that a legitimate interest can be assumed if the Data Subject is a customer of the Responsible Party (Recital 47, Sentence 2 of the GDPR).

To top

Legitimate Interests in Processing Pursued by the Responsible Party or a Third Party

If the processing of personal data is based on Article 6, Paragraph 1, Item f of the GDPR, our legitimate interest is to conduct our business for the benefit of all our employees and shareholders.

To top

Duration for which the Personal Data Is Stored

The criterion for the duration of the storage of personal data is the respective legal retention period. After expiration of this period, the relevant data will be routinely deleted, provided that it is no longer required for fulfilling or initiating contracts.

To top

Legal or Contractual Provisions for the Provision of Personal Data; Necessity for the Conclusion of the Contract; Obligation of the Data Subject to Provide Personal Data; Possible Consequences of Non-Provision

We will inform you if the provision of personal data is in part required by law (e.g., tax regulations) or is resulting from contractual regulations (e.g., information about the contractual partner). It may sometimes be necessary for a contract to be concluded that requires a Data Subject to provide us with personal data, which must subsequently be processed by us. For example, the Data Subject is obliged to provide us with personal data when our company enters into a contract with them. Failure to provide the personal data would result in the contract with the Data Subject not being concluded. Before providing personal data, the Data Subject must contact one of our employees. Our employee will inform the Data Subject on a case-by-case basis whether the provision of personal data is required by law or by contract, whether there is an obligation to provide the personal data and what consequences non-provision of the personal data would have.

To top

Automated decision-making

As a responsible company, we do not require automatic decision-making or profiling.

This data protection declaration was prepared using the Privacy Policy Generator from DGD Deutsche Gesellschaft für Datenschutz GmbH, acting as External Data Protection Officer Hof, in cooperation with Lawyer for Data Protection Law Christian Solmecke.

To top