Critical zero-day-gap in Log4j (CVE-2021-44228) compromises numerous servers and apps. We have checked our software and services for this - our products PAVE and DYVE are NOT affected. Our customers' data is safe!

Security
Login
+49 (0) 89 330 37 82-0 anfrage@pmgnet.de

Privacy Policy (Online Platform)

This data protection notice informs you about the type, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online platform PAVE and DYVE (hereinafter referred to as “online platform”). With regard to the terms used, such as “personal data” or their “processing”, we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

 

Person responsible:

Company: PMG Projektraum Management GmbH

Managing directors: Mike Riegler, Stefan Finkenzeller

Street no.: Kühbachstraße 7

Postcode, City, Country: 81543 Munich, Germany

E-mail: info@pmgnet.de

Website: https://pmgnet.de

 

Contact details of our data protection officer:

DEUDAT GmbH

Zehntenhofstraße 5b

D-65201 Wiesbaden

Telephone: +49 611 950008-40

E-mail: pmg@deudat.de

 

Hosting / Cookies:

Our online platform is hosted on our own servers in several, redundant, external data centres, which are located exclusively in Germany and are within the scope of the EU General Data Protection Regulation. All data centres are certified according to the international security standard ISO 27001 and have no direct access to the data of the online platform.

The use of the data centres is for the purpose of fulfilling the contract with our potential and existing customers or their sub-service providers (Article 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online platform by a professional provider (Article 6 para. 1 lit. f GDPR).

The use of cookies (load balancing, technical session, comfort function) on the online platform is exclusively necessary for technical functionality and described in detail in the security concept. The data from cookies are not used for other purposes.

 

1. Purposes and legal bases of processing:

We process your personal data in accordance with the provisions of the European Data Protection Regulation (EU-DSGVO) and the German Federal Data Protection Act (BDSG), insofar as this is necessary for the establishment, implementation or performance of a contract or for the implementation of pre-contractual measures. Insofar as the provision of personal data is required for the initiation or implementation of a contractual relationship or in the context of the implementation of pre-contractual measures, processing is lawful pursuant to Article 6 (1) lit. b GDPR.

In case you have given us express consent to process personal data for specific purposes (e.g. transfer to third parties, evaluation for marketing purposes or advertising), the lawfulness of this processing is given on the basis of your consent in accordance with Article 6 para. 1 lit. a GDPR. Consent given can be revoked at any time with future effect (see section 9 of this data protection information).

If necessary and legally permissible, we process your data beyond the actual contractual purposes for the fulfilment of legal obligations according to Article 6 para. 1 lit. c GDPR. In addition, processing may be carried out to protect the legitimate interests of us or third parties in accordance with Article  6 (1) (f) GDPR. If necessary, we will inform you separately, stating the legitimate interest, as far as this is required by law.

 

2. Categories of personal data:

We only process data that is related to the establishment of the contract or the pre-contractual measures. This can be general data about you or persons in your company (name, address, contact details, etc.) as well as other data that you provide to us in the context of the establishment of the contract.

 

3. Source of the data:

We process personal data that we receive in the course of fulfilling the contract or that users of the online platform store on our platform in order to fulfil their contractual obligations.

 

4. Recipients of the data:

We disclose your personal data within our company to those areas and persons who need this data to fulfil contractual and legal obligations or to implement our legitimate interest.

Your personal data is processed on our behalf on the basis of order processing contracts in accordance with Article 28 GDPR. In these cases, we ensure that the processing of personal data is carried out in accordance with the provisions of the GDPR.

Otherwise, data is only forwarded to recipients outside the company if this is permitted or required by law, if the transfer is necessary for the processing and thus the fulfilment of the contract or, at your request, for the implementation of pre-contractual measures, if we have your consent or if we are authorised to provide information.

Under these conditions, recipients of personal data may be, for example:

  • public authorities and institutions (e.g. public prosecutor’s office, police, supervisory authorities, tax office) if there is a legal or official obligation,
  • recipients to whom the disclosure is directly necessary to establishing or fulfilling a contract.

 

5. Transfer to a third country:

A transfer to a third country is neither intended nor does this take place.

 

6. Duration of data storage:

As far as necessary, we process and store your personal data for the duration of our business relationship (project duration) or for the fulfilment of contractual purposes. This included, among other things, the initiation and execution of a contract. In addition, we are subject to various storage and documentation obligations, which result, among other things, from the German Commercial Code (HGB) and the German Fiscal Code (AO) The periods prescribed there for storage or documentation are two to ten years. Finally, the storage period also depends on the statutory limitation periods, which, for example, according to §§ 195 ff. of the German Civil Code (BGB), are usually three years, but in certain cases can be up to thirty years.

 

7. Your rights:

Every data subject has the right to information under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to notification under Article 19 GDPR and the right to data portability under Article 20 GDPR.

In addition, you have the right to lodge a complaint with a data protection supervisory authority pursuant to Article 77 GDPR if in your opinion the processing of your personal data is not lawful. The right of appeal is without prejudice to any other administrative or judicial remedy.

If the processing of data is based on your consent, you are entitled to revoke your consent to the use of your personal data at any time in accordance with Article 7 GDPR. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected. Please also note that we may have to retain certain data for a certain period of time in order to comply with legal requirements (see section 8 of this data protection information).

You are welcome to contact us to protect your rights.

 

8. Necessity of the provision of personal data:

As a rule, the provision of personal data for the purpose of establishing, implementing, or fulfilling a contract or for the performance of pre-contractual measures is neither required by law nor by contract. You are therefore not obliged to provide personal data. Please note, however, that these are usually required for the decision on the conclusion of a contract, the performance of a contract or for pre-contractual measures. If you do not provide us with personal data, we may not be able to make a decision within the scope of contractual measures. We recommend that you only provide personal data that is required for the conclusion of a contract, the fulfillment of a contract or for pre-contractual measures.

 

Status: 03/2023