Privacy Policy
HPI Data Privacy Information for Business Partners
lorem ipsum amet ex libris nunca sunt trahunt
Hasso-Plattner-Institut für Digital Engineering gGmbH (hereinafter: HPI) takes the protection of personal data very seriously. We would like to inform you as our sales partners, suppliers, service providers, cooperation partners and other business partners as to the personal data we collect from you and your employees and what we do with it. We will further inform you about your data protection rights and the persons responsible for answering your questions.
1 OUR PRIVACY POLICY
1.1 Contact
The responsible body within the meaning of the General Data Protection Regulation (GDPR) is:
- Hasso-Plattner-Institut für Digital Engineering GmbH
- Prof. Dr. Helmert Str. 2-3
- 14482 Potsdam
- Tel.: +49 (0) 331 5509 - 0
- Email: hpi-info@hpi.de
As the responsible body, we implement all legally required measures to protect your personal data. If you have any questions about this data protection declaration, or about the processing of your personal data, please contact our company data protection officer:
- Dipl.-Inf. Bernhard Rabe
- HPI Data Protection Officer (TÜV®)
- Tel.: +49 (0) 331 5509 - 236
- Email: datenschutz@hpi.de
This data protection declaration always applies when we process your personal data (i.e., collect, save, use, transmit or delete your personal data).
1.2 What does the privacy policy apply to?
This data protection declaration always applies when we process your personal data (i.e., collect, save, use, transmit or delete your personal data).
1.3 What personal data do we collect from you?
Within the scope of cooperation with business partners, HPI processes personal data for the following purposes:
- communication about products, services and projects;
- planning, execution and administration of the business relationship between HPI and the business partner, e.g. to process orders for products and services, to collect payments, for accounting, billing and debt collection purposes and to carry out deliveries, maintenance activities or repairs;
- to carry out marketing campaigns and market analyses;
- maintaining and protecting the security of our services and our websites, preventing and detecting security risks and criminal or malicious acts;
- compliance with legal requirements (e.g., tax and commercial retention requirements), existing compliance screening obligations (to prevent white-collar crime or money laundering), and HPI policies and standards; and
- settlement of legal disputes, enforcement of existing contracts and assertion, exercise and defence of legal claims.
For the above mentioned purposes HPI processes the following categories of personal data, if applicable:
- contact information, such as first and last name, business address, business phone number, business mobile phone number, business fax number and business email;
- payment data, i.e. information required for the processing of payment transactions or fraud prevention;
- other information whose processing is required in the context of a project or the handling of a contractual relationship with HPI or which is voluntarily provided by our contact persons, such as orders placed, inquiries made or project details;
- information that is collected from publicly available sources, information databases or from information files; and
- if required in the context of compliance screenings: information on relevant court proceedings and other legal disputes in which the business partner is involved.
The processing of personal data is necessary to achieve the above-mentioned purposes, in particular to carry out the business relationship with the business partner.
1.4 Legal basis
Unless expressly stated otherwise, the legal basis for data processing is Article 6 paragraph 1 sentence 1 lit. b) and f) GDPR or your expressly granted consent in accordance with Article 6 paragraph 1 sentence 1 lit. a) GDPR.
1.5 Who will get your data?
Within HPI, only those people will get access to your data who need it to protect our legitimate interests or to fulfill our contractual or legal obligations. We may only pass on information about you if this is permitted by legal provisions or contractual agreements with you or if you have given your prior consent to do so. A legal obligation to pass on your personal data to external bodies, for example in the case of tax offices, administration of justice or law enforcement agencies (police, public prosecutor, courts) is honored. We do not sell your personal information to any third parties!
1.6 Why and how do we use your data?
Insofar as a contractual relationship between us (e.g., a sales contract) is to be established and its contents elaborated or amended, we use your data to fulfill our contractual obligations. To carry out our contractual relationship, we need your address, your telephone number and, if applicable, your email address.
Insofar as photo, film, or audio recordings are made of you and published or if your personal data (e.g., anniversaries or birthdays) are published, we obtain prior consent for collection and / or further processing.
If the transmission of personal data to an external service provider is necessary for the provision of a service or answering an inquiry, we ensure by means of technical and organizational measures the legal compliance of the provisions of data protection law.
HPI also obliges the external service providers to comply with the relevant statutory data protection regulations, to treat the personal data confidentially and to delete it as soon as it is no longer required.
Insofar as photo, film, or audio recordings are made of you and published or if your personal data (e.g., anniversaries or birthdays) are published, we obtain prior consent for collection and / or further processing.
If the transmission of personal data to an external service provider is necessary for the provision of a service or answering an inquiry, we ensure by means of technical and organizational measures the legal compliance of the provisions of data protection law.
HPI also obliges the external service providers to comply with the relevant statutory data protection regulations, to treat the personal data confidentially and to delete it as soon as it is no longer required.
2 WHAT ARE YOUR RIGHTS?
You are granted various rights when it comes to the processing of your personal data based on Articles 15 to 21 GDPR. To exercise your rights, please contact our data protection officer mentioned above.
2.1 Your right to withdraw
If the processing of your personal data is based on your prior consent, you are entitled to withdraw this consent at any time with effect for the future. The processing of personal data will remain lawful until the date of receipt of your cancellation notice.
2.2 Your right to information and correction
You can request information about your personal data that we have processed. Should your data no longer be valid or applicable, you can request a correction. If your data should be incomplete, you can request its completion. If we have passed on your data to third parties, we will inform these third parties about the correction, insofar as this is required by law.
2.3 Your right to deletion of your personal data
You are entitled to request the deletion of your personal data if:
- your personal data is no longer required for the purposes for which it was collected,
- you have withdrawn your consent and there is no other legal basis,
- you object to the processing and there are no overriding legitimate grounds to justify processing,
- your personal data has been processed unlawfully, or
- your personal data must be deleted in order to comply with the legal requirements.
2.4 Your right to restrict the processing of your personal data
You have the right to request that the processing of your personal data berestricted if:
- the accuracy of your personal data is contested by you until we can prove the accuracy of the data,
- the processing is not lawful,
- your data is no longer required for the purposes of processing, but you need it to assert, exercise or defend yourself against legal claims, or
- you have raised an objection, as long as it is not yet been determined whether your interests prevail.
2.5 Your right to object
We may process your data on the basis of legitimate interests or in the public interest. In these cases, you have the right to object to the processing of your data. In the event of an objection, we will then only continue processing your personal data if the compelling legitimate reasons for the processing of this data demonstrably outweigh your interest in non-processing.
2.6 Your complaint right
If you are dissatisfied with our response to your request in individual cases, you are entitled to lodge a complaint with the HPI data protection officer and the responsible supervisory authority. The responsible supervisory authority is the “Landesbeauftragte für den Datenschutz und für das Recht auf Akteneinsicht Brandenburg” (state representative for data protection and for the right to inspect files in Brandenburg), Stahnsdorfer Damm 77, 14532 Kleinmachnow.
2.7 Your right to data transferability
You have the right to receive your personal data from us in a transferable and conventional format.
2.8 How long do we store your data?
All personal data will only be stored for as long as is necessary for the stated purpose. If the data is no longer required for the fulfillment of contractual or legal obligations, it will be deleted unless further storage is necessary. The need for further storage arises, for example, for compliance with tax and commercial law retention periods or for obtaining evidence for legal disputes within the statutory limitation periods. According to civil law, limitation periods can be between three and thirty years.