Imprint / Data Protection SCISYS DE
Please click on the particular section for reading the whole information.
SCISYS Deutschland GmbH
Phone.: +49 (0)234 / 9258-0
Fax: +49 (0)234 / 9258-190
Prof. Dr. Klaus-G. Meng (Chair)
Dr. Karl-Willi Pieper
Dr. Horst Wulf
Commercial register of the local court (Amtsgericht)
Bochum HRB 13694
VAT identification number
WEEE-Reg.-No. DE 74530735
Part 1: General Data Protection Info (GDPR)
Data protection information
(as of 22 March 2018, Version: No. 01)
Download PDF version
Information on data protection concerning our data processing according to Article (Art.) 13, 14 and 21 of the General Data Protection Regulation (GDPR)
We take data protection seriously and herewith inform you how we will process your data and what your claims and rights are in accordance with data protection regulations. Valid as of 25 May 2018
1. Authority responsible for data processing and contact data
Responsible authority in terms of data protection law:
SCISYS Deutschland GmbH
Phone: +49 0234 92580
Fax: +49 0234 9258190
E-mail: info@ scisys.de
Contact data of our data protection officer:
SCISYS Deutschland GmbH
Data protection officer
E-mail: datenschutz@ scisys.de
2. Purposes and legal basis for our processing your data
We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) as well as other applicable data protection regulations (details will follow). Which individual data are processed and how they are used primarily depends on the services requested and or agreed upon. For further details or additions for the purpose of data processing, you may refer to the respective contract documents, forms, a declaration of consent and/or other information provided to you (e.g. when using our website or our general terms and conditions). Furthermore, this data protection information may be updated from time to time. Please, refer to our website www.scisys.de.
2.1 Purposes for the fulfilment of a contract or of precontractual measures (Art. 6 section 1 b GDPR)
Personal data are being processed to implement our contracts with you and to execute your orders as well as to take measures and to carry out activities in the scope of precontractual relations, e.g. with interested parties. Processing such data particularly is required to be able to render services in accordance with your orders and requests and this includes the necessary services, measures and activities. This mainly includes the contract-related communication with you, the traceability of transactions, orders and other agreements as well as quality control based on appropriate documentation, goodwill processes, measures to control and optimize business processes as well as to exercise due diligence, steering and control by affiliated companies, (e.g. parent company); statistic evaluations for corporate management, cost recording and controlling, reporting, internal and external communication, emergency management, settlement and fiscal evaluation of operational performances, risk management, assertion of legal claims and defence in legal disputes; safeguarding IT security, (a. o. by way of system and/or plausibility tests) and the general safety, a. o. building and facility safety, assurance and enforcements of domiciliary rights (e.g. by way of access controls), assurance of integrity, authenticity and availability of data, prevention and investigation of criminal offences; control by supervisory boards or supervisory bodies (e.g. audit department).
2.2 Purposes in the scope of a legitimate interest of ourselves or of third parties (Art. 6 section 1 f GDPR)
In addition to the actual performance of the contact and/or preliminary contract, we we will process your data where appropriate and if necessary in order to safeguard legitimate interests of ourselves or of third parties, particularly for the purposes:
- of advertising or market and opinion research insofar as you have not objected to the use of your data;
- of collecting information as well as exchanging data with credit agencies insofar as this exceeds our economic risk;
- of reviewing and optimizing the processes of requirement analysis;
- of further developing services and products as well as existing systems and processes;
- of disclosing personal data in the scope of a due diligence during company sales negotiations;
- for an alignment with European and international anti-terror lists insofar as legal obligations are exceeded;
- of enriching our data, a. o. by using or researching publicly accessible data;
- of statistic evaluations or market analysis;
- of bench marking;
- of asserting legal claims and defence in case of legal disputes which are not directly attributable to the contractual relationship;
- of a limited storage of data when deleting the same is not possible or only possible with a disproportionately high effort because of the particular kind of storage;
- of developing scoring systems or automatic decision making processes;
- of avoiding and resolving criminal offences unless exclusively for the compliance with legal provisions;
- of building and plant security (e.g. by access controls and video surveillance), when exceeding the general due diligence obligations;
- of internal and external investigations, security checks;
- of possible overhearing or recording of telephone conversations for quality control and training purposes;
- of obtaining and maintaining certificates of private-law or official nature;
- of assuring and exercising the domiciliary right by appropriate measures such as video surveillance for the protection of our customers and employees as well as the preservation of evidence in case of offences and their avoidance.
2.3 Purposes in the scope of your agreement (Art. 6 section 1 a GDPR)
Processing your personal data for certain purpose (e.g. the use of your e-mail address for marketing purposes) may be carried out based on your agreement. Normally, you may revoke your permission any time. This also applies to the revocation of declarations of consent given to us before the GDPR came into effect, this means before 25 May 2018. You will be separately informed about the purposes and about the consequences of a revocation or a non-issuance of a declaration of consent in a corresponding text.
Basically, the revocation of a declaration of consent will take effect in the future only. Processing carried out before the revocation are not concerned and remain legitimate.
2.4 Purposes to meet legal requirements (Art. 6 section 1 c GDPR) or for the public benefit (Art. 6 section 1 e GDPR)
Like anyone who participates in the economic process, we also have to comply with a lot of legal obligations. Primarily, these are legal requirements (e.g. trade and tax laws) but also supervisory or other official regulations (e.g. customs regulations, import and export regulations). The purposes of processing also may include identity and age verification, fraud and money laundering prevention, the prevention, combat and investigation of terrorist financing and of offences endangering assets, data comparisons with European and international counter-terrorism lists, compliance with tax-law control and reporting obligations as well as the storage of data for the purposes of data protection and of data security as well as audits by tax and other authorities. Moreover, the disclosure of personal data may become necessary in the framework of official/judicial measures for the purposes of evidence collection, law enforcement or the enforcement of claims under civil law.
3. Data categories processed by us unless we directly receive data from your end and their origin
Insofar as this is necessary for rendering our services, we will process permissibly received personal data from other companies or other third parties (e.g. credit agencies, address databases). Furthermore, we process personal data which we permissibly take, receive or acquire from publicly accessible sources (such as commercial and association register, civil register, record of debtors, land registers, press, Internet, and other media) and which we may process.
Categories of relevant personal data may particularly be:
- Personal data (name, date of birth, place of birth, nationality, marital status, profession/trade and similar data)
- Contact data (address, e-mail address, phone number and similar data)
- Address data (registration data and similar data)
- Payment / cover confirmation with bank and credit Cards
- Information on financial situation (credit-history data including scoring, i.e. data required to evaluate an economic risk)
- Customer history
- Data concerning your use of the telemedia offered by us (e.g. time of your opening our websites, apps or newsletters, our pages/links clicked and/or entries and comparable data)
- Video data
- Client and supplier data we obtain in the scope of our services rendered
4. Recipients or categories of recipients of your data
In our company, those internal departments and/or organisational units will receive your data who need them so that we are able to comply with our contractual and legal duties or to handle and implement our legitimate interest. Your data will exclusively be transferred to external units
- in connection with contract processing;
- for the purposes of complying with legal requirements according to which we are obliged to information, report or transfer of data or when the data transfer is of public interest (refer to item 2.4);
- insofar as external service providers process data on our account as processor or function assuming unit (e.g. external computer centres, support/mainte4nance of EDP/IT applications, archiving, document processing. call centre services, compliance services, controlling, data screening for anti-money-laundering purposes, data validation and/or plausibility check, data destruction, purchase / procurement, customer management, letter shops, marketing, media technology, research, risk controlling, settlement, telephony, website management, auditing services, credit institutes, printing shops or companies for data removal, courier services, logistics;
- on the basis of our legitimate interest or the legitimate interest of a third party in the scope of the purposes stated in item 2.2 (e.g. to authorities, credit agencies, debt collection, lawyers, courts, experts, group enterprises and bodies and supervisory bodies);
- when you enabled us to transfer data to third parties.
Beyond that, we will not pass your data to third parties. Insofar as we engage service providers in the scope of order processing, your data will be subject to the same safety standards as in our company. In other cases, the recipients may only use the data for the purposes which they were transferred for.
5. Duration of retention of your data
We process and store your data for the duration of our business relationship. This also includes the initiation of a contract (pre-contractual relationship) and the implementation of a contract.
Moreover, we are subject to several retention and documentation obligations which, among others, result from the German Commercial Code (HGB) and the German Fiscal Code (AO) as well as the International Accounting Standards (IFRS). The periods for retention and/or documentation stated there, amount to up to ten years after the termination of the business relationship and/or the pre-contractual legal relationship.
Furthermore, particular legal provisions may require a longer retention period, as for example the maintenance of pieces of evidence in the scope of statutory limitation periods. According to §§ 195 ff. of the German Civil Code (BGB), the regular statutory limitation period is three years; however, even limitation periods of up to 30 years may apply.
When data are no longer required for complying with contractual or judicial obligations and rights, they will be deleted at regular intervals unless their - limited - further processing is required for complying with the purposes for a predominantly legitimate interest stated in item 2.2. Such a predominantly legitimate interest for example also exists when a deletion is not possible or only possible a disproportionate expense because of the kind of storage and a processing for other purposes by suitable technical and organisation measures is impossible.
6. Processing of your data in a third country or by an international organisation
A data transfer to units in states outside the European Union (EU) and/or the European Economic Area (EEA) (so-called third countries) will take place when this should be required to execute an order/contract from or with you, when this is prescribed by law (e.g. tax-law reporting obligations), when it is in the legitimate interest of our company or of a third party, or when you gave your consent to our doing so.
In this case, the processing of your data in a third country can also take place in connection with the appointment of service providers in the scope of order processing. Insofar as for the respective country no resolution of the EU Commission concerning the appropriate data protection level in that country should exist, we will warrant in accordance with the EU Data Protection Guidelines and on the basis of appropriate contracts that your rights and freedoms are suitably protected and granted. Upon request, we will provide you with respective detail information.
Information on suitable or appropriate warranties and on the possibility to obtain a copy of them, may be requested from the company's data protection officer.
7. Your data protection rights
Under certain conditions, you may assert your data protection rights towards our Company
- You are entitled to be informed by us about your data stored by use according to the provisions of Art. 15 GDPR (if necessary, with restrictions as per § 34 BDSG).
- Upon your request we will correct the data stored about you as per Art. 16 GDPR when they are incorrect or faulty.
- If you wish, we will delete your data according to the principles of Art. 17 GDPR unless other statutory requirements (e.g. legal retention obligations or restrictions as per § 35 GDPR) or a predominant interest of our company (e.g. for the defence of our rights and claims) exist.
- Considering the prerequisites of Art. 18 GDPR, you may request from us to limit the processing of your data.
- Furthermore, you can appeal against the processing of your data in accordance with Art. 21 GDPR and we have to stop the processing of your data. This right of appeal however only applies under quite special circumstances of your personal situation and rights of our company could be opposed to your right of appeal.
- According to the provisions of Art. 20 GDPR you also are entitled to receive your data in a structured, common and machine-readable format or to transfer them to a third party.
- Moreover, you are entitled to revoke a given consent to the processing of personal data any time with us taking effect for the future (refer to item 2.3).
- Furthermore, you have a right of appeal with a data protection supervisory authority (Art. 77 GDPR). However, we recommend to always direct any complaint to our data protection officer first.
If possible, your requests for exercising your rights should be directed to the above stated address or directly to our data protection officer.
8. Extent of your obligations to provide us your data
You only have to provide those data that are required for starting and performing business relations or far a precontractual relationship with us or that we are legally obliged to collect. Generally, we will not be in a position to conclude or execute a contract without these data. This may later on also refer to data that are required in the scope of our business relations. If we ask you for data going beyond that scope, you will be separately informed on the voluntary nation of your information.
9. Existence of an automated decision-making in an individual case (including profiling)
We do not use any purely automated decisions procedures as per Article 22 GDPR. Should we nevertheless use such a procedure in future in individual cases, we will separately inform you accordingly, if this is prescribed by law.
Possibly we partly process your data with the objective to evaluate certain personal aspects (profiling).
In order to purposefully be able to inform you about products and to advise you, we may use evaluation tools. These tools allow a needs-based product design, communication and advertising including market research and opinion polling.
We do not use own scoring procedures to assess your financial standing and creditworthiness. Where applicable, we use so-called "score values" we receive from credit agencies to assess your financial standing and creditworthiness. Such score values assist us for example in assessing the creditworthiness as well as making decisions in the scope of project and product transactions and those values influence our risk management.
Information on nationality as well as particular categories of personal data as per Art. 9 GDPR are not processed.
Information on your right of objection Art. 21 GDPR
When there are reasons resulting from your particular situation, you always are entitled to object to the processing of your data on the basis of Art. 6 Section 1 f GDPR (Data processing on the basis of balancing of interests) or on the basis of Art. 6 section e GDPR (Data processing in public interest) This will also apply to a profiling in terms of Art. 4 No. 4 GDPR based on this provision.
If you file an objection, we will no longer process your personal data, unless we can prove compelling reasons for processing which outweigh your interests, rights and liberties or which serve the assertion, execution or defence of legal claims.
Where appropriate, we will process your personal data also to conduct direct advertising. If you do not want to receive any advertising, you always will be entitled to object to receiving advertising; the same also applies to profiling when it is connected to such direct advertising. We will respect this objection for the future.
We will no longer process your data for the purposes of direct advertising when you object to a procession for these purposes.
Your objection may be filed without complying with a certain form and should preferably addressed to:
SCISYS Deutschland GmbH
Part 2: Supplementary DATA PROTECTION Info (Website)
SCISYS Deutschland GmbH Commitment to Data Privacy Protection
Protecting the security and privacy of your personal data is important to us; therefore, we conduct our business in compliance with applicable laws on data privacy protection and data security. We hope the policy outlined below will help you understand what data we may collect, how we uses and safeguards that data and with whom we may share it.
Through its Web sites, we will not collect any personal data about you (e.g. your name, address, telephone number or e-mail address), unless you voluntarily choose to provide us with it (e.g. by registration, survey), respectively, provide your consent, or unless otherwise permitted by applicable laws and regulations for the protection of your personal data.
Purpose of Use
When you do provide us with personal data, we usually use it to respond to your inquiry, process your order or provide you access to specific information or offers. Also, to support our customer relationship with you:
- we may store and process personal data and share internal SCISYS to better understand your business needs and how we can improve our products and services; or
- we (or a third party on our behalf) may use personal data to contact you about a SCISYS offer in support of your business needs or to conduct online surveys to understand better our customers' needs.
If you choose not to have your personal data used to support our customer relationship (especially direct marketing or market research), we will respect your choice. We do not sell or otherwise market your personal data to third parties.
SCISYS Deutschland GmbH will collect, use or disclose personal data supplied by you online only for the purposes disclosed to you, unless the disclosure:
- is a use of the personal data for any additional purpose that is directly related to the original purpose for which the personal data was collected,
- is necessary to prepare, negotiate and perform a contract with you,
- is required by law or the competent governmental or judicial authorities,
- is necessary to establish or preserve a legal claim or defence,
- is necessary to prevent fraud or other illegal activities, such as wilful attacks on SCISYS’ information technology systems.
Communications or Utilisation Data
Through your use of telecommunications services to access our Web site, your communications data (e.g. Internet protocol address) or utilisation data (e.g. information on the beginning, end and extent of each access, and information on the telecommunications services you accessed) are technically generated and could conceivably relate to personal data. To the extent that there is a compelling necessity, the collection, processing and use of your communications or utilisation data will occur and will be performed in accordance with the applicable data privacy protection legal framework.
Non-Personal Data Collected Automatically
When you access our Web sites, we may automatically (i.e., not by registration) collect non-personal data (e.g. type of Internet browser and operating system used, domain name of the Web site from which you came, number of visits, average time spent on the site, pages viewed). We may use this data to monitor the attractiveness of our Web sites and improve their performance or content.
"Cookies" - Information Stored Automatically on Your Computer
When you view one of our Web sites, we may store some data on your computer in the form of a "cookie" to automatically recognise your PC next time you visit. Cookies can help us in many ways, for example, by allowing us to tailor a Web site to better match your interests or to store your password to save you having to re-enter it each time. If you do not wish to receive cookies, please configure your Internet browser to erase all cookies from your computer's hard drive, block all cookies or to receive a warning before a cookie is stored.
SCISYS Deutschland GmbH will not knowingly collect personal data from children without insisting that they seek prior parental consent if required by applicable law. We will only use or disclose personal data about a child to the extent permitted by law, to seek parental consent pursuant to local law and regulations or to protect a child. The definition of "child" or "children" should take into account applicable laws as well as national and regional cultural customs.
To protect your personal data against accidental or unlawful destruction, loss or alteration and against unauthorised disclosure or access, SCISYS Deutschland GmbH uses technical and organisational security measures.
Links to Other Web Sites
SCISYS Web sites contain links to other Web sites. SCISYS Deutschland GmbH is not responsible for the privacy practices or the content of other Web sites.
Questions and Comments
SCISYS Deutschland GmbH will respond to reasonable requests to review your personal data and to correct, amend or delete any inaccuracies. If you have any questions or comments about the SCISYS Data Privacy Protection Policy (e.g. to review and update your personal data), please contact our webmaster.
As the Internet matures, so will our Data Privacy Protection Policy. We will post changes to our Data Privacy Protection Policy on this page. Please check this page regularly to keep up-to-date.
(as of April 2018)
If the User while using the SCISYS Web Site acts as business customer, i.e. that it is not acting for purposes which are outside its trade, business or profession, or that it acts as administration customer, § 312e para. 1 sentence 1 no. 1 - 3 of the German Civil Code does not apply.
SCISYS offers on the SCISYS Web Site specific information and software, as well as - as the case may be - related documentation, for viewing or downloading.
SCISYS may stop the operation of the SCISYS Web Site in full or in part at any time. Due to the nature of the internet and computer systems, SCISYS cannot accept any liability for the continuous availability of the SCISYS Web Site.
3. Registration, Password
Some pages of the SCISYS Web Site may be password protected. In the interest of safety and security of the business transactions, only registered Users may access said pages. SCISYS reserves the right to deny registration to any User. SCISYS particularly reserves the right to determine certain sites, which were previously freely accessible, subject to registration. SCISYS is entitled, at any time and without obligation to give reasons, to deny the User the right to access the password-protected area by blocking its User Data (as de-fined below), in particular if the User
- uses a false identity for the purpose of misleading others;
- did not use the SCISYS Web Site for a longer period.
For registration the User shall give accurate information and, where such information changes over time, shall inform SCISYS thereof (to the extent possible: online) without undue delay. The User shall ensure, that its e-mail address, as supplied to SCISYS, will be current and an address at which the User can be contacted.
Upon registration the User will be provided with an access code, comprising a User ID and a password ("User Data"). On first access the User shall change the password received from SCISYS into a password known only to the User. The User Data allows the User to view or change its data or, as the case may be, to withdraw its consent to data processing.
The User shall ensure that the User Data will not be accessible by third parties and is liable for all transactions and other activities carried out under its User Data. At the end of each online session, the User shall log-off from the password protected websites. If and to the extent the User becomes aware that third parties are misusing its User Data the User shall inform SCISYS thereof without undue delay in writing, or, as the case may be, by e-mail.
After receipt of the notice under paragraph 3.4, SCISYS shall deny access to the password-protected area under such User Data. Access will only be possible again upon the User's application to SCISYS or upon new registration.
The User may at any time demand the deletion of its registration in writing, provided that the deletion will not violate the proper performance of contractual relationships. In such event SCISYS will delete all user data and other stored personally identifiable data of the User as soon as these data are not needed anymore.
4. Rights of Use to Information, Software and Documentation
SCISYS grants the User a non-exclusive and non-transferable right to use the information, the software and documentation made available to the User on the SCISYS Web Site to the extent agreed, or in the event of no such agreement to the extent of the purpose intended by SCISYS in making same available.
Information, software and documentation may not be distributed by the User to any third party at any time nor may it be rented or in any other way made available. Unless such is allowed by mandatory law, the User shall not modify the software or documentation nor shall it disassemble, reverse engineer or de-compile the soft-ware or separate any part thereof. The User may make one backup copy of the software where necessary to secure further use.
The information, software and documentation are protected by copyright laws as well as international copy-right treaties as well as other laws and conventions related to intellectual property. The User shall observe such laws and in particular shall not remove any alphanumeric code, marks or copyright notices neither from the information nor from the software or documentation.
§§ 69a et seq. of the German Copyright Law shall not be affected hereby.
5. Intellectual Property
Notwithstanding the particular provisions in § 4 of these conditions, information, brand names and other contents of the SCISYS Web Site may not be changed, copied, reproduced, sold, rented, used, supplemented or otherwise used in any other way without the prior written permission of SCISYS.
Except for the rights of use and other rights expressly granted herein, no other rights shall be granted to the User nor shall any duty be implied to grant rights to, such as, but not limited to, company's name or to intellectual property rights such as patents, brands or utility models.
6. Duties of the User
While using the SCISYS Web Site the User shall not
- Pharm other persons, in particular minors, or infringe their personal rights;
- breach public morality in its manner of use;
- violate any intellectual property right or any other proprietary right;
- upload any contents containing a virus, so-called Trojan Horse, or any other program that could damage data;
- transmit, store or upload hyperlinks or contents to which the User is not entitled, in particular in cases where such hyperlinks or contents are in breach of confidentiality obligations or illegal; or
- distribute advertising or unsolicited e-mails (so-called "spam") or incorrect warnings of viruses, defects or similar material and the User shall not solicit or request the participation in any lottery, snowball system, chain letter, pyramid game or similar action.
The SCISYS Web Site may contain hyperlinks to the Web pages of third parties. SCISYS accepts no liability for the contents of such Web pages and does not make representations about or endorse such Web pages or their contents as its own, as SCISYS does not control the information on such Web pages and is not responsible for the contents and information given thereon. The use of such Web pages shall be at the sole risk of the User.
8. Liability for defects of title or quality
Insofar as any information, software or documentation is made available at no cost, any liability for defects as to quality or title of the information, software and documentation especially in relation to the correctness or absence of defects or the absence of claims or third party rights or in relation to completeness and/or fitness for purpose are excluded except for cases involving wilful misconduct or fraud as well as personal injury or death.
The information may contain general descriptions related to the technical possibilities of individual products which may not be available in certain cases (e.g. due to product changes). The required performance of the product shall therefore be mutually agreed in each case at the time of purchase.
9. Other Liability, Viruses
The liability of SCISYS for defects in relation to quality and title shall be determined in accordance with the provisions of § 8 of these conditions. Any further liability of SCISYS is excluded unless required by law, e.g. in cases of wilful misconduct, gross negligence, personal injury or death, failure to achieve guaranteed characteristics, fraudulent concealment of a defect or in case of breach of fundamental contractual obligations. The damages in case of breach of fundamental contractual obligations is limited to the contract-typical, foreseeable damage if there is no wilful misconduct or gross negligence.
Although SCISYS makes every endeavour to keep the SCISYS Web Site free from viruses, SCISYS cannot make any guarantee that it is virus-free. The User shall, for its own protection, take the necessary steps to ensure appropriate security measures and shall utilise a virus scanner before downloading any information, software or documentation. The User shall use all reasonable steps to ensure security measures and utilise a virus scanner to ensure that no viruses are uploaded onto the SCISYS Web Site.
§§ 9.1 and 9.2 do not intend nor imply any changes to the burden of proof to the User's disadvantage.
10. Export Controls
The export of certain information, software and documentation may, e.g. due to its nature or intended pur-pose or destination, be subject to authorisation. The User shall strictly conform with the export regulations for information, software and documentation, in particular with those of the EU as well as the individual EU member states and the USA. SCISYS shall label information, software and documentation in relation to German, EU and U.S. export control lists.
The User shall particularly check and verify that
- the information, software and documentation shall not be used for any purpose related to armaments, nuclear energy, weaponry or other military use;
- no undertaking or person listed in the U.S. Denied Persons List (DPL) shall receive goods, software or technology originating in the U.S.;
- no undertaking or person named in the U.S. Warning List, U.S. Entity List or U.S. Specially Designated National List shall receive goods originating in the U.S. without permission; and
- the early warning advice notices of the respective German authorities shall be observed. Access to software, documentation and information on the SCISYS Web Site shall only take place if such conforms with the above tests and guarantees. Where the User does not comply with the above, SCISYS shall not be obliged to perform.
Upon request SCISYS shall inform the User of the relevant contact points for further information.
11. Data Privacy Protection
12. Supplementary Agreements, Place of Jurisdiction, Applicable Law
Any supplementary agreement requires the written form.
The place of jurisdiction shall be Munich if the User is a merchant in terms of the German Commercial Code (Handelsgesetzbuch).