Skip to content

Privacy Policy

We take the protection of your personal data very seriously and treat your personal data confidentially and in accordance with the statutory data protection regulations. This data protection declaration informs you about the details.

1. Responsible Processor

Goldfish IT Solutions GmbH, Berliner Straße 43, 35614 Aßlar, Germany is responsible for the processing of your personal data within the meaning of the European Union General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). You can find the full details of Goldfish IT Solutions GmbH in the legal notice. Information on the competent supervisory authority can be found at the end of this data protection notice.

E-mail: info@goldfish.team
Website: https://goldfish.team

2. Data Protection Officer of the Responsible Processors

gds – Gesellschaft für Datenschutz Mittelhessen mbH (Data Protection Society of Central Hesse)
Henning Welz
Auf der Appeling 8
35043 Marburg
+49 6421 80413-10
welz@gdsm.de

3. Processing processes:

3.1. Data protection in the context of the implementation of pre-contractual measures or for the fulfilment of a contract

Relevant personal data we process are:

  • Personal master data (name, address and other contact data)
  • Communication data (for example, telephone, e-mail)
  • Contract master data (contractual relationship, product or contractual interest)
  • Customer history
  • Contract billing and payment data
  • Planning and control data
  • Activity data

We process your data for the purpose of processing an enquiry from you or a contractual relationship with you (provision of goods and services).

The processing of your personal data takes place:

  • for the fulfilment of a contract with you or for the implementation of pre-contractual measures that take place at the request of the data subject (Art. 6 para. 1 lit. b DSGVO)
  • for the fulfilment of processing within a legitimate interest (Art. 6 para. 1 lit. f DSGVO)
  • If the scope of the processing goes beyond this, we will ask you for consent (Art. 6 para. 1 lit. a DSGVO)

We only process personal data that we receive from you directly or from another person (for example a colleague) as part of your enquiry or a contractual relationship with you.

In addition, where necessary, we process personal data that we legitimately receive from third parties (for example, from courts, authorities, agencies or insurance companies).

Your data will be transferred to specialist departments within our company as well as within our group of companies or within affiliated companies, in individual cases to distributors or affiliated companies in third countries.

Furthermore, data may be transferred outside our company to customers, suppliers, distributors, authorities, banks, service providers such as service data centres and remote maintenance.

If data is transferred to third countries, the transfer is either permitted by a condition of Art. 49 (1) and (2) EU GDPR based on your informed consent or based on a contract / a pre-contractual measure at the request of the data subject, or we have guarantees for the processing of your data in the third countries in accordance with data protection (Art. 46 (2) & (3) GDPR).

The data is stored at least for the duration of the business relationship (for example, your enquiry / for the duration of the contractual relationship). In most cases, we are bound by the legally prescribed retention periods. After expiry of this maximum storage period, your data will be deleted if there is no other important reason to the contrary.

3.2. Data protection in the context of access restrictions

If access restrictions apply due to an infection situation or similar reasons, we will process data, including data of special categories of you, if applicable.

Relevant personal data that we process are:

  • Personal master data (name, address and other contact data)
  • Communication data (for example, telephone, e-mail)
  • Health data
  • Residence data
  • Social contact data

We process your data within the framework of the applicable laws and regulations. These are primarily the Infection Protection Act and the ordinances based on it.

The processing therefore takes place either

  • for the implementation of protective measures (Art. 9 para. 2 lit. i DSGVO)

We only process personal data that we receive from you in the course of your visit.

In the course of processing, your data will be transferred to specialist departments within our company and possibly within our group of companies.

If necessary, the data will be transferred to the health authority within the framework of the legal provisions.

After completion, the data is stored for the period stipulated in the respective legal regulation.

3.3. Data protection in the context of video surveillance

Our grounds with their entrances as well as the exterior of the buildings on them are monitored with the help of video cameras.

Relevant personal data that we process are:

  • Image data
  • Video data
  • Date
  • Time
  • Behavioural data

We process this data in the legitimate interest of protecting the grounds and buildings. The aim is to protect against vandalism as well as burglary and related crimes. If we evaluate the recordings and identify the persons concerned, they are notified immediately.

Processing therefore takes place on the basis of

  • 6 para. 1 lit. f DSGVO

We only process personal data that we receive from you in the course of your visit.

In the course of processing, your data will be transferred to specialist departments within our company and possibly within our group of companies.

The data is stored for 72 hours. If further clarification is required during the evaluation, the data is stored until the purpose of the recording has been fulfilled.

3.4. Data protection within the framework of information security management

The responsible processor operates an ISMS (Information Security Management System) with the aim of protecting the company’s information adequately and in accordance with its protection needs. For this purpose, personal data is also collected in order to provide the required evidence of activity, as well as to detect and counter threats.

Relevant personal data that we process are:

  • Image data
  • Video data
  • Date
  • Time
  • Behavioural data
  • Activity data
  • Data on the use of IT-based systems
  • IP addresses
  • Names

We process this data out of a legitimate interest in protecting information. The protection goals of confidentiality, availability and integrity are to be maintained. These coincide with the requirements of data protection.

Processing therefore takes place on the basis of

  • 6 para. 1 lit. c in conjunction with Art. 25 & 32 DSGVO insofar as the protection of personal information is concerned.
  • 6 para. 1 lit. f DSGVO insofar as it concerns the protection of non-personal information.

We only process personal data that we receive from you in the course of your work.

In the course of processing, your data will be transferred to specialist departments within our company and possibly within our group of companies.

Storage is for the duration of the purpose, i.e. verifiability within the ISMS, but for a maximum of 3 years.

3.5. Data protection in the context of remote maintenance

Relevant personal data we process are:

  • Personal master data (name, address and other contact data)
  • Recording of the sessions with all contents

We process your data for the purpose of handling the contractual relationship with you (provision of services, in this case: remote maintenance) and on the basis of an agreement pursuant to Art. 28 (3) DSGVO.

The processing of your personal data takes place:

  • for the fulfilment of a contract with you (Art. 6 para. 1 lit. b DSGVO)
  • If the scope of the processing goes beyond this, we will ask you for consent (Art. 6 para. 1 lit. a DSGVO)

We only process personal data that we receive directly through them in the context of remote maintenance.

Your data will be transferred to specialist departments within our company as part of the processing. Furthermore, data may be transferred outside our company to service providers such as service data centres and remote maintenance operators.

If data is transferred to third countries, the transfer is either permitted by a condition of Art. 49 (1) and (2) EU GDPR based on your informed consent or based on a contract / a pre-contractual measure at the request of the data subject, or we have guarantees for the processing of your data in the third countries in accordance with data protection (Art. 46 (2) & (3) GDPR).

The data will be stored for the period necessary for reasons of proof and for a maximum of 3 months. After expiry of this maximum storage period, your data will be deleted if there is no other important reason to the contrary.

3.6. Data protection within the framework of the customer portal

Relevant personal data that we process are:

  • Personal master data (name, e-mail address)
  • Authentication data
  • Usage data

We process your data for the purpose of handling the contractual relationship with you (provision of services, here: use of the customer portal).

The processing of your personal data takes place:

  • for the fulfilment of a contract with you (Art. 6 para. 1 lit. b DSGVO)
  • If the scope of the processing goes beyond this, we will ask you for consent (Art. 6 para. 1 lit. a DSGVO)

We only process personal data that we receive directly from you in the course of using the customer portal.

Your data will be transferred to specialist departments within our company as part of the processing. Furthermore, data may be transmitted to bodies outside our company, such as service data centres and remote maintenance operators.

If data is transferred to third countries, the transfer is either permitted by a condition of Art. 49 (1) and (2) EU GDPR based on your informed consent or based on a contract / a pre-contractual measure at the request of the data subject, or we have guarantees for the processing of your data in the third countries in accordance with data protection (Art. 46 (2) & (3) GDPR).

They are stored for the duration of the validity of your account in the customer portal; after deletion of this account, they are anonymised.

3.7. Data protection within the framework of our social media channels

Relevant personal data we process are:

  • User name
  • Number of visits to the respective channel
  • Activities on the respective channel
  • Cumulative and anonymous data for statistical evaluations
  • Log data, to ensure the security or the IT systems

We process your data as part of your visit to our social media channels in the form of cumulative statistics in order to further develop and optimise these channels.

  • The processing is carried out on the basis of legitimate interest (Art. 6 para. 1 lit. f DSGVO).

We only process personal data that we receive directly from you during your visit; we receive the anonymised statistical data from the provider of the respective social media platform.

Your data will be transferred to specialist departments within our company as part of the processing.

The storage takes place until the purpose of the processing has been achieved. In some cases, we are bound by the legally prescribed retention periods. After expiry of this maximum storage period, your data will be deleted if there is no other important reason to the contrary.

3.8. Data protection in the context of communication via MS teams

Relevant personal data we process are:

  • User name
  • Number of visits
  • Activities
  • Chat content
  • File access
  • Log data, to ensure the security or the IT systems

We process your data as part of the MS Teams communication to provide content as well as in the form of cumulative statistics to further develop and optimise this communication.

  • The processing is carried out on the basis of legitimate interest (Art. 6 para. 1 lit. f DSGVO).

We only process personal data that we receive directly from you in the course of your use; we receive the anonymised statistical data from Microsoft.

Your data will be transferred to specialist departments within our company as part of the processing.

The storage takes place until the purpose of the processing has been achieved. In some cases, we are bound by the legally prescribed retention periods. After expiry of this maximum storage period, your data will be deleted if there is no other important reason to the contrary.

3.9. Data protection in the context of marketing

Relevant personal data that we process are:

  • Personal master data (name, address and other contact data)
  • Communication data (for example, telephone, e-mail)
  • Information (from third parties, for example credit agencies, or from public directories)
  • Log data, to ensure the security or the IT systems

We process your data in the context of existing customer relationships, if we wish to inform you about similar goods or services or if we have received your consent to do so.

  • The processing is therefore carried out either on the basis of legitimate interest (Art. 6 para. 1 lit. f DSGVO),
  • for the performance of a contract with you or for the implementation of pre-contractual measures, which are carried out at the request of the data subject (Art. 6 para. 1 lit. b DSGVO) or
  • on the basis of your consent (Art. 6 para. 1 lit. a DSGVO).

In any case, the processing of your personal data will be carried out in accordance with the provisions of Section 7 (3) of the German Unfair Competition Act (UWG).

We only process personal data that we receive directly from you as part of your enquiry or a contractual relationship with you.

Your data will be transferred to specialist departments within our company as well as within our group of companies or within affiliated companies, in individual cases to group subsidiaries, distributors or affiliated companies in third countries as part of the processing.

Furthermore, data may be transferred outside our company to service providers such as service data centres and marketing agencies.

If data is transferred to third countries, the transfer is either permitted by a condition of Art. 49 (1) and (2) EU GDPR based on your informed consent or based on a contract / a pre-contractual measure at the request of the data subject, or we have guarantees for the processing of your data in the third countries in accordance with data protection (Art. 46 (2) & (3) GDPR).

The data is stored at least for the duration of the business relationship (for example, your enquiry / for the duration of the contractual relationship). In most cases, we are bound by the legally prescribed retention periods. After expiry of this maximum storage period, your data will be deleted if there is no other important reason to the contrary.

3.10. Data protection within the scope of the newsletter dispatch

Relevant personal data we process are:

  • First and last name
  • E-mail address
  • Statistical data on the use of the newsletter
  • Log data, to ensure the security or the IT systems

We process your data within the scope of contract fulfilment, if you have subscribed to a newsletter with us and within the scope of legitimate interest regarding statistical evaluations.

  • The processing is therefore carried out either on the basis of legitimate interest (Art. 6 para. 1 lit. f DSGVO),
  • for the performance of a contract with you or for the implementation of pre-contractual measures, which are carried out at the request of the data subject (Art. 6 para. 1 lit. b DSGVO) or

In any case, the processing of your personal data will be carried out in accordance with the provisions of Section 7 (3) of the German Unfair Competition Act (UWG).

We only process personal data that we receive directly from you as part of your enquiry or a contractual relationship with you.

Your data will be transferred to specialist departments within our company as well as within our group of companies or within affiliated companies, in individual cases to group subsidiaries, distributors or affiliated companies in third countries as part of the processing.

Furthermore, data may be transferred outside our company to service providers such as service data centres and marketing agencies.

If data is transferred to third countries, the transfer is either permitted by a condition of Art. 49 (1) and (2) EU GDPR based on your informed consent or based on a contract / a pre-contractual measure at the request of the data subject, or we have guarantees for the processing of your data in the third countries in accordance with data protection (Art. 46 (2) & (3) GDPR).

The data is stored for the duration of the newsletter subscription. If you unsubscribe, all data related to the processing will be deleted or anonymised.

3.11. Data protection in the context of online events

Relevant personal data that we process are:

  • Personal master data (name, address and other contact data)
  • Communication data (for example, telephone, e-mail)
  • Log data, to ensure the security or the IT systems
  • Participation data
  • Registration data

We process your data in the context of existing and prospective customer relationships when we give you the opportunity to register for an online event.

The processing is therefore carried out either on the basis of legitimate interest (Art. 6 para. 1 lit. f DSGVO) or

  • for the performance of a contract with you or for the implementation of pre-contractual measures, which are carried out at the request of the data subject (Art. 6 para. 1 lit. b DSGVO) or
  • on the basis of your consent (Art. 6 para. 1 lit. a DSGVO).

We only process personal data that we receive directly from you as part of your registration or a contractual relationship with you.

Your data will be transferred to specialist departments within our company as part of the processing.

Furthermore, data may be transferred outside our company to service providers such as service data centres.

If data is transferred to third countries, the transfer is either permitted by a condition of Art. 49 (1) and (2) EU GDPR based on your informed consent or based on a contract / a pre-contractual measure at the request of the data subject, or we have guarantees for the processing of your data in the third countries in accordance with data protection (Art. 46 (2) & (3) GDPR).

The data is stored at least until the purpose is fulfilled (participation in the online event) or, in the case of consent, until the purpose of the consent expires. After expiry of this maximum storage period, your data will be deleted if there is no other important reason to the contrary.

3.12. Data protection during your visit to us

Relevant personal data we process are:

  • Personal master data (name, address, company affiliation)
  • The start and end time of the visit
  • The purpose of the visit
  • The person visited

We process your data in the context of existing or prospective customer relationships. In addition, we process your data based on the requirements of information security management.

The processing is therefore carried out either on the basis of legitimate interest (Art. 6 para. 1 lit. f DSGVO) or

  • for the fulfilment of a contract with you or for the implementation of pre-contractual measures, which take place at the request of the data subject (Art. 6 para. 1 lit. b DSGVO).

We only process personal data that we receive directly from you in the course of your visit.

Your data will be transferred to specialist departments within our company as part of the processing.

Furthermore, data may be transferred outside our company to service providers such as service data centres.

If data is transferred to third countries, the transfer is either permitted by a condition of Art. 49 (1) and (2) EU GDPR based on your informed consent or based on a contract / a pre-contractual measure at the request of the data subject, or we have guarantees for the processing of your data in the third countries in accordance with data protection (Art. 46 (2) & (3) GDPR).

The data will be stored for a further 3 months after the purpose has been fulfilled. After this maximum storage period has expired, your data will be deleted unless there is another important reason for not doing so.

3.13. Data protection in the context of correspondence

We would like to point out that the data transmission during communication by e-mail security gaps and the transmission is usually only encrypted during transport. If you do not want this, more powerful encryption methods must be used.

Relevant personal data that we process are:

  • Personal master data (name, address and other contact data)
  • Communication data (for example, telephone, e-mail)

Furthermore, all data that are the content of the communication, which can be the following, among others:

  • Contract master data (contractual relationship, product or contractual interest)
  • Customer history
  • Contract billing and payment data
  • Planning and control data

We process your data within the framework of the legal basis in the correspondence. This can be, for example, an enquiry, an order, project reference or similar.

The processing therefore takes place either

  • on the basis of legitimate interest (Art. 6 para. 1 lit. f DSGVO),
  • for the performance of a contract with you or for the implementation of pre-contractual measures, which are carried out at the request of the data subject (Art. 6 para. 1 lit. b DSGVO) or
  • on the basis of your (possibly implied) consent (Art. 6 para. 1 lit. a DSGVO).

We only process personal data that we receive in the course of correspondence.

Your data will be transferred to specialist departments within our company as well as within our group of companies or within affiliated companies, in individual cases to distributors or affiliated companies in third countries.

Furthermore, data may be transferred outside our company to service providers such as service data centres and marketing agencies.

If data is transferred to third countries, the transfer is either permitted by a condition of Art. 49 (1) and (2) EU GDPR based on your informed consent or based on a contract / a pre-contractual measure at the request of the data subject, or we have guarantees for the processing of your data in the third countries in accordance with data protection (Art. 46 (2) & (3) GDPR).

The data is stored at least for the duration of the business relationship (for example, your enquiry / for the duration of the contractual relationship). In most cases, we are bound by the legally prescribed retention periods. After expiry of this maximum storage period, your data will be deleted if there is no other important reason to the contrary.

3.14. Data protection in the context of job applications

We process all data that you provide to us as part of an application.

Relevant personal data that we process are:

  • Personal master data (name, address and other contact data)
  • Communication data (for example, telephone, e-mail)
  • Qualification data
  • Curriculum vitae data
  • If applicable, special categories of personal data (religion, trade union membership)
  • Other data contained in your application
  • Dates

We process your data as part of the application process in preparation for your contractual relationship with us.

The processing therefore takes place either

  • for the implementation of pre-contractual measures, which are carried out at the request of the data subject (Art. 6 para. 1 lit. b DSGVO in conjunction with Art. 88 DSGVO in conjunction with § 26 BDSG)

We only process personal data that we receive as part of your application.

In the course of processing, your data will be transferred to specialist departments within our company and possibly within our group of companies.

When you use WhatsApp Business to send us your application request, WhatsApp Business processes a wide variety of data from you, including data that is not related to the actual message. We have no influence on this processing and it is initiated solely by your decision to use WhatsApp Business. For more details, please refer to the WhatsApp Business privacy information at  https://www.whatsapp.com/legal/privacy-policy-eea.

After completion of the application process, the data is stored either for the duration of your employment contract or, in the event of an unsuccessful application, for 6 months after rejection. If we would like to store your data for longer, we will ask you for consent. After this maximum storage period has expired, your data will be deleted. The metadata of the application will be stored for a further 3 years.

4. Rights of the data subjects

The following rights arise for you from the processing of your personal data by the responsible processor:

  • The right of access (if we process personal data about you, we will provide you with information about the exact circumstances on request)
  • The right to erasure of data (in certain circumstances, which may need to be clarified).
  • The right to be forgotten (if data has been transmitted, we must request the recipient to delete it)
  • The right to data portability (if you wish, we must transfer the data to a third party in a machine-readable form)
  • The right to rectify the category of data (if it is not correct)
  • The right to object to the processing activity (in certain circumstances, which may need to be clarified).
  • The right to rectification if the data is incorrect.
  • The right to complain to the supervisory authority. (Complaints are accepted by the supervisory authority responsible for you within the framework of the so-called “one-stop-shop” principle. This is either the supervisory authority of your country or, in the Federal Republic of Germany, of your federal state. You can find a list by federal state here: https://www.datenschutz-wiki.de/Aufsichtsbehörden_und_Landesdatenschutzbeauftragte

5. Reasons for providing

Within the scope of our business relationship, you only have to provide us with the personal data that is necessary for the processing of the legal transaction. In case of non-provision, a business relationship is not possible.

6. Other

There is no automated decision-making. Likewise, we do not process your data with the aim of evaluating certain personal aspects (profiling).

EN
DE EN