Privacy information for customers, suppliers, business partners & their employees

pursuant to Art. 13, 14 GDPR

Introduction

As part of our business relationship or contact on behalf of your employer, personal data may be exchanged. The following information provides an overview of how we process your personal data in the context of our business relationship and which rights you have under data protection law.

We process personal data (for example name, address or contract information) in accordance with the GDPR, the Federal Data Protection Act (BDSG) and other applicable national data protection rules.

Controller

WolkenWerk GmbH

Alt Langenhain 8 65719 Hofheim am Taunus

Phone: 06192 / 9333360 E-Mail: info@wolkenwerk.de

Legal representative: Tobias Klonk

Processing activities and purposes

WolkenWerk stores and processes your personal data for the following activities:

• Invoicing and dunning in cooperation with the tax advisor
• Responding to inquiries
• Customer relationship management (CRM)
• Creditworthiness checks
• Ticket system for support requests
• Merchandise management / ERP
• Data protection documentation
• E-mail archiving according to GoBD
• Guest Wi-Fi logging
• Use of groupware systems (email, calendar, contacts)
• Sending newsletters and marketing emails
• Conducting videoconferences
• IT operations: telephone system

Legal basis for processing

The legal bases for processing are, depending on the processing activity:

• Art. 6(1)(b) GDPR for the performance of contracts
• Art. 6(1)(c) GDPR for compliance with legal obligations (e.g. bookkeeping requirements)
• Art. 6(1)(f) GDPR for the protection of legitimate interests of the controller or a third party (e.g. contract administration, defense of legal claims)
• Art. 6(1)(a) GDPR where you have given consent (e.g. for certain marketing communications)

Categories of personal data processed

The categories of personal data processed depend on the purpose. They typically include:

• Master data (name, address, gender)
• Contact data (telephone, e‑mail address, postal address)
• Creditworthiness data (scoring values, payment history)
• Qualification and professional information (occupational activity, certificates)
• Contract data (details about ordered products or services, payment information)
• Image and video data (text, audio and video data from web meetings or recordings)
• Meeting metadata (participant IP addresses, device/hardware information)
• Connection data (incoming/outgoing numbers, country, start/end time, IP addresses)
• Business contact and communication records including logs and history

Origin of personal data

Most personal data are collected directly from you, e.g. when concluding contracts or via forms. Creditworthiness data may be obtained from credit agencies following an inquiry.

Recipients and authorized parties

Your personal data may be disclosed, where necessary, to:

• Internal staff and departments that require the data for the processing purpose
• Professionals and financial service providers (e.g. tax advisors, auditors, banks, credit agencies)
• Processors acting on our behalf (e.g. data centers, IT service providers, disposal companies)

Transfers to countries outside the EEA will only occur where necessary for contract performance, with your consent, or where legally permitted. In such cases we ensure appropriate safeguards (e.g. standard contractual clauses) are in place.

Storage period

We retain personal data as long as necessary for the processing purpose. Typical retention periods include:

• Tax and commercial records: 10 years plus an additional buffer of 2 years (12 years total)
• Contract documents: 3 years after the end of the contract where applicable
• Data processed based on consent or legitimate interest: until consent is withdrawn or an objection is raised, or until the end of the business relationship

Retention may be extended if data is needed for legal proceedings or if statutory retention obligations change.

Your rights as a data subject

You have the rights under the GDPR: right of access, rectification, erasure, restriction of processing, data portability and objection to processing. You may also withdraw consent at any time. In addition, you have the right to lodge a complaint with a supervisory authority.

Contact details of the supervisory authority:

Hessian Data Protection and Freedom of Information Officer

PO Box 31 63 65021 Wiesbaden

Gustav-Stresemann-Ring 1 65189 Wiesbaden

Phone: 0611 1408-0

E‑Mail: poststelle@datenschutz.hessen.de